A desperate admin. All settings of the ActiveSync profile are set correctly, but the sync doesn’t run. Other users’ mobile sync works. What’s wrong? The error recorded in the Event Log reports “Access is denied” and mentions something about the “msExchangeActiveSyncDevices” permission.
Source: MSExchange ActiveSync
Event ID: 1053
Description:
Exchange ActiveSync doesn't have sufficient permissions to create the "user's distinguished name" container under Active Directory user Active Directory operation failed on "domain controller". This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-03152492, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 ". Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type "msExchangeActiveSyncDevices" and doesn't have any deny permissions that block such operations. Details:%3 Detail's tab: "user's distinguished name" Active Directory operation failed on "domain controller". This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-03152492, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 Reason: The user’s object in Active Directory needs inheritable permissions from its parent object. Enable “Advanced Features” in the “View” menu in the Active Directory Users and Computers management console. Then open the user account’s properties, go to the Security tab, click Advanced, and ensure that the option “Include inheritable permissions from this object’s parent” is enabled. That’s all.
Leave a Reply