Error we get when trying to set-up a users replacement phones (Full Version)

All Forums >> [Microsoft Exchange 2010] >> Mobility



Message


benk016 -> Error we get when trying to set-up a users replacement phones (27.May2011 3:54:13 PM)

We recently had a complete exchange meltdown that took 12 hours on the phone with microsoft to resolve. Basically we completely deleted all of exchange out of active directory and setup everything from scratch. This is Exchange 2010 sp1. However, we've started running into the problem of users that either are old users that are adding a phone to use with activesync, or have got a new phone. The old phone works fine, but the new one fails getting mail from the server. When you set it up, it verifies and everything looks like it works. I can go into the users profile on exchange, and click manage mobile device, and if I delete the old phone I get the following error.

Summary: 1 item(s). 0 succeeded, 1 failed.
Elapsed time: 00:00:01


username\Apple-iPhone1C2/801.293
Failed

Error:
Active Directory operation failed on (Our Domain Controller servername). This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03151CB0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0


The user has insufficient access rights.
Click here for help... http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.141).aspx?v=14.1.218.11&t=exchgf1&e=ms.exch.err.Ex6AE46B

Exchange Management Shell command attempted:
Remove-ActiveSyncDevice -Identity '***.org/Planning Personnel/username/ExchangeActiveSyncDevices/iPhonežAppl859251U2Y7H'

Elapsed Time: 00:00:02


Does anyone have any Idea whats going on or how to resolve this? New users that we added after the re-install of exchange don't seem to have this problem.




benk016 -> RE: Error we get when trying to set-up a users replacement phones (31.May2011 9:16:50 AM)

Anyone at all have any ideas with this??




benk016 -> RE: Error we get when trying to set-up a users replacement phones (31.May2011 11:58:10 AM)

In the error log i also have this

An exception occurred and was handled by Exchange ActiveSync. This may have been caused by an outdated or corrupted Exchange ActiveSync device partnership. This can occur if a user tries to modify the same item from multiple computers. If this is the case, Exchange ActiveSync will re-create the partnership with the device. Items will be updated at the next synchronization. 

URL=/Microsoft-Server-ActiveSync/default.eas?User=ggarvin&DeviceId=Appl87114X0AEDG&DeviceType=iPhone&Cmd=FolderSync
--- Exception start ---
Exception type: Microsoft.Exchange.AirSync.AirSyncPermanentException
Exception message: Security settings couldn't be applied to the user device container 'CN=ExchangeActiveSyncDevices,CN=Gary Garvin,OU=Planning Personnel,DC=muskogeeonline,DC=org' in Active Directory. Delete the container if it's empty.
Exception level: 0
HttpStatusCode: 500
AirSyncStatusCode: 111
XmlResponse: 
This request does not contain a WBXML response.
Exception stack trace:    at Microsoft.Exchange.AirSync.ADDeviceManager.CreateActiveSyncDevice(GlobalInfo globalInfo, ExDateTime syncStorageCreationTime, Boolean retryIfFailed)
   at Microsoft.Exchange.AirSync.Command.UpdateADDevice(GlobalInfo globalInfo)
   at Microsoft.Exchange.AirSync.Command.CompleteDeviceAccessProcessing()
   at Microsoft.Exchange.AirSync.Command.WorkerThread()
Inner exception follows below:
Exception type: Microsoft.Exchange.Data.Directory.ADOperationException
Exception message: Active Directory operation failed on COMDC1.muskogeeonline.org. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

Exception level: 1
Exception stack trace:    at Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)
   at Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)
   at Microsoft.Exchange.Data.Directory.ADSession.SaveSecurityDescriptor(ADObject obj, RawSecurityDescriptor sd, Boolean modifyOwner)
   at Microsoft.Exchange.AirSync.ADDeviceManager.SetActiveSyncDeviceContainerPermissions(ActiveSyncDevices container)
   at Microsoft.Exchange.AirSync.ADDeviceManager.CreateActiveSyncDevice(GlobalInfo globalInfo, ExDateTime syncStorageCreationTime, Boolean retryIfFailed)
Inner exception follows below:
Exception type: System.DirectoryServices.Protocols.DirectoryOperationException
Exception message: The user has insufficient access rights.
Exception level: 2
Exception stack trace:    at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
   at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
   at Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, IAccountingObject budget, Nullable`1 clientSideSearchTimeout)
   at Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)
--- Exception end ---.




Page: [1]