Connecting Android to Exchange 2010 "your microsoft exchange server account does not have permission to synchronize with your current settings." and then "failed to create the account please try again later"
Friday, December 17, 2010 5:54 PMHello,
I have a user who has an HTC Droid Eris with Verizon and we have Exchange 2010. We still have a coexisting Exchange 2003 SP2 server that I moved her mailbox from a few days ago. When she was on 2003, we had her phone getting mail at one point, however, several months later her calendar stopped syncing. Rather than continuing to spend more hours on it, I told her soon we were moving the Exchange 2010 and things will hopefully be more compatible by then.
That day has come where we moved to Exchange 2010, but the Droid situation hasn't improved. We have Iphones and other mobile devices working fine using Active Sync with email accounts that are on 2010.. but not the Droid. I moved her mailbox to the new 2010 server and attempted to setup her account in the phone using Active Sync. At first I received this message: "your microsoft exchange server account does not have permission to synchronize with your current settings." After a few more attempts, I got through to the point where it was asking me what to sync (mail, contacts, calendar). I leave all checked and hit Finish. It says it's processing and then after a minute I get this message: "failed to create the account please try again later". I even tried to sync just the mail, just the contacts and just the calendar and the result is the same. No errors in the logs related to active sync.
I did some research and found a promising article about Exchange permissions. Telling me to check a box to Allow inheritable permissions for the user on the Exchange Server AD object.
Problem is, it was already check for me.
I thought I would post my issue here to make sure I had all my Exchange / Active Sync ducks in a row before I break down Verizon's door.. or maybe blame the Droid software.
One part I'm a little unsure of is the certificates. We use a wildcard SSL cert on the server. The active sync virtual directory is set to require ssl.. But I turned that off and unchecked require SSL in the phone settings.. and turned it back on and checked the require SSL settings on the phone... both configuration yielded the same error messages I mentioned above. Do I need to install the SSL cert on the phone?
Does someone have this configuration working and can offer some advice?
Saturday, December 18, 2010 11:08 AM
Ah, Android and ActiveSync - an endless source of entertainment for the Exchange admin.
Are you enforcing policies like encryption, power-on-password, etc? Android aren't too happy about those - you could test with checking "Allow non-provisionable devices" to see if that works.
If all the other users are happily syncing their iPhones, etc your Exchange server is most likely good. You can verify this with ExRCA (www.testexchangeconnectivity.com) or have a go with my utility EAS MD (http://mobilitydojo.net/downloads). Both of these tools might provide an error message that might help you. (Run this with your user account first to, and then the specific user account that is having problems.)
You might also decide to give up on the supplied ActiveSync client and use TouchDown from Nitrodesk instead since that actually works quite nicely with Exchange 2010.
- Marked As Answer by spex5 Monday, December 20, 2010 8:36 PM
Monday, December 20, 2010 8:36 PM
Andreas. Thanks for your advice. "Allow non-provisionable devices" was checked. There are no policies or password setting enabled in the active sync settings on the Exchange server
an active sync test in testexchangeconnectivity.com came back all green. In your app, I ran the full sync test and I could see some of my mail items and it said successful.
It seems clear that I have active sync configured properly and that the problem is with Android.
I broke down and downloaded touchdown and it works perfectly so far. :)
Monday, June 06, 2011 2:12 PMI have an Exchange 2010 and we are using Android 2.x phones. I had to go in to Exchange 2010 EMS and run the Remove-ActiveSyncVirtualDirectory -Identity Default and then I had to go in to AD and uncheck Inheritable permissions under the users security tab and then check it back. It worked for me. I have a coexistence environment with 2003.
Thursday, November 24, 2011 12:12 PM
I had this today on a HTC Desire. After a quick check on the server I went back to the phone and noticed the SSL check box had been cleared. I ticked this again and it was fine.