Thursday, April 22, 2010

Activesync 0x85010014 after moving email mailbox from exchange 2007 to 2010

It's always fun when you run into a problem that only affects one or two users out of a hundred. You can only imagine my joy when I discovered that only my account wasn't working with Exchange Activesync after I moved my mailbox from the old Exchange 2007 server to the new Exchange 2010 one. By the way, I highly recommend using Microsoft's "Exchange Remote Connectivity Analyzer" for externally testing your setup. It's a great diagnostic aid during upgrades and such.
I tested my mailbox against an old windows mobile 6.1 PDA and got the 0x85010014 error, then I used Microsoft's analyzer above and drilled down to "Attempting FolderSync command on ActiveSync session" where it was failing. Then after much searching on the web, I found the clue at http://social.technet.microsoft.com/Forums/en/exchange2010/thread/0cb489da-c490-42ea-91fe-19b8e4de8571 which basically said that Inheritance was turned off on my AD account.
That's when i remembered that during the upgrade I had seen a warning that said some objects in AD had inheritance turned off. I had searched different OUs, etc at that time and hadn't managed to find it. So I opened up ADUC (Active Directory Users and Computers), set the view to Advanced under View so I could see the Security Tab on objects. I checked the "Include inheritable permissions from this object's parent" checkbox and then right afterward I was able to use ActiveSync again.


Updated: I've also found that an attribute flag gets set called "AdminCount" that can also cause that checkbox to reappear. To get rid of it, go under Attributes in the advanced view and clear the AdminCount attribute. You can use a powershell script to find all these affected users and groups here: http://www.shariqsheikh.com/blog/index.php/200908/use-powershell-to-look-up-admincount-from-adminsdholder-and-sdprop/


PS: If the account is a member of a priveleged group, you may find this checkbox unchecks itself after a while. http://msmvps.com/blogs/ulfbsimonweidner/archive/2005/05/29/49659.aspx

No comments: