Samsung Galaxy Tab 7.3 ActiveSynce works, then quits
-
Monday, May 07, 2012 9:41 PM
I have an upper management user who bought a Samsung Galaxy Tab 7.3. I have had lots of Android based devices on my Exchange server for quite a while, with none of them having problems (my own included!). That is, until this beast showed up. I set up the connection and it worked pretty much until I installed Exchange 2010 SP2 Rollup 1. It is now throwing up the message "unable to open connection to server due to security error" when attempting to sync email. When I check ECP for the user and expand Phone & Voice Features, then click Edit, the device shows up twice and one of the two shows "Access Denied." This is how it was the last time I worked on the issue and what I had done is delete both entries, and then deleted the Exchange account off the Galaxy and added it back again. When I checked it again, it had two identical entries and worked for a while. Now it is back to one entry denied and failing to work. I have tried granting access, but it never goes to a state of Access Granted. I don't get any Application log entries for ActiveSync, so I have very little to go on.
Is there perhaps something I need to alter in the default ActiveSync policy to make this badly behaving device work? I have not modified the default ActiveSync policy, so it is out of the box.
SnoBoy
- Edited by SnoBoy Monday, May 07, 2012 9:42 PM
All Replies
-
Monday, May 07, 2012 9:49 PMModerator
Its probably the part of the AS policy that requires a device pasword. I tested with a bit with the tab and had the same issue.
The fix was to go into the security settings on the tablet and enter a device password. Can't tell you where that is now since I got rid of that tablet thing in about 2 days.
You may want to ask this in a forum for the device and maybe someone there can tell you where that setting is.
- Marked As Answer by SnoBoy Tuesday, May 08, 2012 2:59 PM
-
Monday, May 07, 2012 9:53 PM
Just checked and I don't require that in the default AS policy (although it is a good idea). This device doesn't have a default password and I will suggest that to him, but it doesn't appear that is the problem here. Good thought, though!
Amended! It is not required in my ActiveSunc policy, at least if you double-click the policy and click on the Password tab, Require Password is not checked. However, setting a PIN on the device allowed it to sync.
So either I am mistaken on where requiring a password is actually set (certainly not on the other tabs of the AS Policy!), or Exchange has a very devious way of hiding the setting, maybe accessible only from the PowerShell only?
Here is the output from EMS. I see nothing here that demands a password, please correct me if I am wrong!
get-activesyncmailboxpolicy -identity default
RunspaceId : d636e135-7819-4eb5-950d-ff5aab1bde26
AllowNonProvisionableDevices : True
AlphanumericDevicePasswordRequired : False
AttachmentsEnabled : True
DeviceEncryptionEnabled : False
RequireStorageCardEncryption : False
DevicePasswordEnabled : False
PasswordRecoveryEnabled : False
DevicePolicyRefreshInterval : unlimited
AllowSimpleDevicePassword : True
MaxAttachmentSize : 48.93 MB (51,302,400 bytes)
WSSAccessEnabled : True
UNCAccessEnabled : True
MinDevicePasswordLength : 4
MaxInactivityTimeDeviceLock : 00:15:00
MaxDevicePasswordFailedAttempts : 8
DevicePasswordExpiration : unlimited
DevicePasswordHistory : 0
IsDefaultPolicy : True
AllowStorageCard : True
AllowCamera : True
RequireDeviceEncryption : False
AllowUnsignedApplications : True
AllowUnsignedInstallationPackages : True
AllowWiFi : True
AllowTextMessaging : True
AllowPOPIMAPEmail : True
AllowIrDA : True
RequireManualSyncWhenRoaming : False
AllowDesktopSync : True
AllowHTMLEmail : True
RequireSignedSMIMEMessages : False
RequireEncryptedSMIMEMessages : False
AllowSMIMESoftCerts : True
AllowBrowser : True
AllowConsumerEmail : True
AllowRemoteDesktop : True
AllowInternetSharing : True
AllowBluetooth : Allow
MaxCalendarAgeFilter : All
MaxEmailAgeFilter : All
RequireSignedSMIMEAlgorithm : SHA1
RequireEncryptionSMIMEAlgorithm : TripleDES
AllowSMIMEEncryptionAlgorithmNegotiation : AllowAnyAlgorithmNegotiation
MinDevicePasswordComplexCharacters : 3
MaxEmailBodyTruncationSize : 50100
MaxEmailHTMLBodyTruncationSize : unlimited
UnapprovedInROMApplicationList : {}
ApprovedApplicationList : {}
AllowExternalDeviceManagement : False
MobileOTAUpdateMode : MinorVersionUpdates
AllowMobileOTAUpdate : False
IrmEnabled : False
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Default
Identity : Default
Guid : eec8e6b5-0631-4b6f-9cff-9efa8637da51
ObjectClass : {top, msExchRecipientTemplate, msExchMobileMailboxPolicy}
WhenChanged : 9/6/2010 11:35:18 AM
WhenCreated : 4/28/2008 4:45:53 PM
WhenChangedUTC : 9/6/2010 4:35:18 PM
WhenCreatedUTC : 4/28/2008 9:45:53 PM
OrganizationId :
IsValid : True
SnoBoy
-
Monday, May 07, 2012 11:03 PMAre these the only EAS devices the user has? If not, how many do they have?
Microsoft Premier Field Engineer, Exchange
MCSA 2000/2003
MCTS: Win Server 2008 AD, Configuration MCTS: Win Server 2008 Network Infrastructure, Configuration
MCITP: Enterprise Messaging Administrator 2010
Former Microsoft MVP, Exchange Server
NOTICE: My posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose. -
Monday, May 07, 2012 11:10 PMHe also has a Motorola Atrix smartphone (working fine), that also has two entries plus the MOTOBLUR in the AD under ECP. He has only one Galaxy Tab.
SnoBoy
- Edited by SnoBoy Monday, May 07, 2012 11:10 PM
-
Tuesday, May 08, 2012 7:40 AMModerator
Hi,
I recommend you try to check IIS log from Exchange Server to see more error informations.
Besides, we can check activesync log from OWA
Managing your Active Sync Device from Outlook Web Access in Exchange 2007 SP1
http://blogs.technet.com/b/exchange/archive/2007/05/30/3402915.aspx
Moreover, I recommend you to contact Samsung to get relevant help.
Xiu Zhang
TechNet Community Support
.png)
