User cannot sync mobile phone with ActiveSync

Desperate admin. All settings of ActiveSync’s profile are set correctly but sync doesn’t run. Another users’ mobile sync run. What’s wrong? Error record in Event log reports problem “Access is denied” and some about “msExchangeActiveSyncDevices” permission

Source: MSExchange ActiveSync 
Event ID: 1053 
Description: 

Exchange ActiveSync doesn't have sufficient permissions to create the "user's distinguished name" container under Active Directory user Active Directory operation failed on "domain controller". This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-03152492, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 ". Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type "msExchangeActiveSyncDevices" and doesn't have any deny permissions that block such operations. Details:%3 Detail's tab: "user's distinguished name" Active Directory operation failed on "domain controller". This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-03152492, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 

Reason: user’s object in Active Directory need inheritable persmissions from object’s parent. Check “Advanced Features” in menu “View” in Active Directory Users and Computers management console. Than open properties of user account, go to tab “Security”, button “Advanced” and option “Include inheriitable permissions from this object’s parent” has to be selected. That’s all.

Leave a Comment

Your email address will not be published. Required fields are marked *