none
Exchange 2010 sp1 ActiveSync not working for HTC Desire (Bravo) Anrdoid 2.1 with Telstra firmware (AUSTRALIA)

    Question

  • Hi

    Had my HTC Desire (which shows up as Bravo) ActiveSync all working fine with Exchange 2010.

    My phone is runing this firmware http://www.htc.com/au/SupportViewNews.aspx?dl_id=1027&news_id=751 which is meant to be updated for improved Exchange server support.

    It worked on this firmware until I updated our 2 CAS servers to Exchange 2010 sp1. (Have not updated the mailbox servers yet).

    OWA is fine and ActiveSync is still working fine with iPhones and iPads.

    HTC gets immediately Denied Access (shown in the IIS logs and also under the user mailbox, Phone and Voice features, ActiveSync in ECP).

    Our default policy applies to my mailbox, which is to allow all devices, not require password etc etc.

    I tried changing the default AcvtiveSync Access setting in ECP to Quarantine All Devices.

    It then quatantined the connecting iPhones and iPads, but still blocked the HTC at the user mailbox level (it never went to the Quarantined Devices at all).

    Seems like it no longer fully supports my device for some reason.

    I can access my mailbox via ActiveSync using https://www.testexchangeconnectivity.com/ so there is nothing wrong with the mailbox settings.

    On the HTC device, it accepts the mailbox credentials then comes up with "Failed to create the account. Please try again later." when trying to sync.

    This seems to be a generic error with the HTC though as does not really identify the issue.

    Regards

    Mark.

     

     

     

    Tuesday, August 31, 2010 7:38 AM

Answers

  • I think I found the fix. or at least for one of the androids that I have. I will test with more tomorrow. but i created a new policy and set it up just like the default policy. and then assigned the new policy to the user with the android and it now works. I wish I could say this was my fix but the same thing happened in 2007 with some other phones. I have about 7 more models to test tomorrow but so far with 2 different ones that are having  problems syncing this has worked

    on one I did have to set it to allowed at the individual. by useing the set-casmailbox command. but all others have worked after I removed the profile from the android and re-set it up.


    Mitch Roberson |MCITP:Enterprise Server Admin, Messaging 2007, 2010 |MCTS:OCS with Voice Achievement |MCT |MCSE 2000\2003 |MCSE Messaging 2000\2003
    Monday, September 13, 2010 1:59 AM
  • This is a known issue with certain versions of Android OS on phones available from different manufacturers and service providers. The only verified solution that we know of at this moment has come thru this community, as 'Mitch Roberson' has written below, I have marked that as an 'Answer' as well.

    Now, let me list some related details here for everyone's information.

    Phones are actually running into a provisioning issue against Exchange 2010 Server. This is evident from the IIS logs pastd below by some users and the logs we have seen in Microsoft Support. For example, you will see the following in IIS Log:

    2010-08-31 20:38:54 192.168.2.6 POST /Microsoft-Server-ActiveSync/default.eas Cmd=FolderSync&User=johndoe&DeviceId=validate&DeviceType=Android&
    Log=V120_Ssnf:T_LdapC13_LdapL16_RpcC35_RpcL63_Ers1_Cpo19453_Fet20015_Pk0_
    Error:DeviceNotProvisioned_As:BlockedP_Mbx:mail.contoso.local_Dc:dc01.contoso.local_Throttle0_Budget:(D)Conn%3a1%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f1%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f1%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5F7fd952bb-6275-4010-8c3e-bb47f4cea08f%2cNorm%5bResources%3a(Mdb)DB1(Health%3a-1%25%2cHistLoad%3a0)%2c(DC)dc01.contoso.local(Health%3a-1%25%2cHistLoad%3a0)%2c(DC)dc02.contoso.local(Health%3a-1%25%2cHistLoad%3a0)%2c%5d_ 443 contoso\johndoe 75.204.200.137 Android/0.3 449 0 64 20734

    You can see that the Android mobile device is sending a 'FolderSync' EAS command to server for user JohnDoe with the DeviceID = Validate and Type = Android, and is being blocked by Exchange as it is not responding properly to the provision command from server. This is implemented thru Default Throttling Policy and the error it geenrates is error code: 449 (which essentially means device provisioning has failed). Generally this happens when client does not respond properly to provisioning commands from server where server informs mobile device that there are certain EAS policies applied by the Exchange Server Administrator and device needs to acknowledge those for implementation. This happens mostly when the device does not support all or a subset of EAS policies being implemented by the Exchange Server Administrator.

    If you bring up the EMS command prompt and enter the following command, you will see the following output (similar to what we saw above in IIS Log):

    Output of “Get-ActiveSyncDeviceStatistics -mailbox:johndoe”: (truncated)

    RunspaceId                                    : f0323f7c-b3a6-4102-ab5b-d1df0464e318
    FirstSyncTime                                : 8/31/2010 8:38:34 PM
    DeviceType                                    : Android
    DeviceID                                       : validate
    DeviceUserAgent                            : Android/0.3
    DeviceModel                                  : Android
    DeviceEnableOutboundSMS             : False
    Identity                                         : contoso.local/Test/John Doe/ExchangeActiveSyncDevices/Android§validate
    Guid                                              : a5750d0c-189c-4ccc-9b22-e5c87845f5c0
    IsRemoteWipeSupported                 : False
    Status                                           : DeviceOk
    DeviceAccessState                     : Blocked
    DeviceAccessStateReason         : Policy
    DevicePolicyApplied                       : Corp
    DevicePolicyApplicationStatus  :NotApplied
    DeviceActiveSyncVersion               : 12.0
    NumberOfFoldersSynced                : 0

    We have seen this issue mostly with devices using Android 2.1, users who have been able to update their devices with Android 2.2 somehow, stopped running into this issue, without making any changes on the server side.

    I contacted HTC Support (on 9/28 via http://www.htc.com/us/support/e-mail) about this issue and they responded (like other users have reported here), please keep in mind this can change at any time in future, so please contact HTC Support directly for updates:

    "At this time we do not have any Android based device that will sync with an Exchange 2010 Server. We may provide future Android devices that do offer this. However, as there is currently no release information for any upcoming devices, we encourage you to continually visit HTC’s product page at http://www.htc.com/us"

    While working on this issue we also discovered that Android provided limited support for EAS policies and is working to continually improve it in their upcoming versions. For more information, please see related posts below. Again, this information is subject to change at any moment, so please refer to Android website (http://code.google.com/p/android/issues/list) for current info.

    1. http://code.google.com/p/android/issues/detail?id=9426 : "we only support the basic (EAS 2.5) features in Froyo. So if your server requires, for example, password history or expiration, or complex characters, then it won't be provisionable in Froyo. Our goal is to provide more policy support in future versions, but for now we support - password (PIN/alpha), minimum characters, max. fails to wipe, inactivity timeout, and remote wipe.”

    2. Exchange Device Password policy not enforced when "Allow non-provisionable devices" is selected: http://code.google.com/p/android/issues/detail?id=8601
    Fix for this issue is in the Android 2.2.1 Update, released recently (for Nexus One users, may not be available thru other service providers at this time, contact your service provider for any updates that they can provide for your device), Android now implements the policies it can rather than ignoring all policies and thus it can successfully sync with the server.

    Hope this helps!


    Sr. Program Manager, Product Quality, Exchange Client Access Server
    Tuesday, October 12, 2010 11:23 PM

All replies

  • Hi,

    AFAIK On HTC’s web site, the Droid Incredible is listed as supporting Microsoft Exchange, but no Exchange Server versions are mentioned . According to HTC, the Droid Incredible does not support Exchange 2010 yet. Until HTC updates the Incredible, you can use Exchange 2010′s device quarantine functionality and selectively activate particular devices.

     

    I hope this will help you.

    Regards.

    Shafaquat Ali.


    M.C.I.T.P Exchange 2007/2010, M.C.I.T.P Windows Server 2008, M.C.T.S OCS Server 2007 R2, URL: http://blog.WhatDoUC.net Phone: +923008210320
    • Proposed as answer by Shafaquat Ali Tuesday, August 31, 2010 7:53 AM
    • Unproposed as answer by MarkLH69 Tuesday, August 31, 2010 10:18 AM
    Tuesday, August 31, 2010 7:46 AM
  • No it doesn't help, because the HTC will not go in the Quarantine.

    It also will not go through even if I create specific rules to allow HTCBravo/AllModels or HTCBravo/HTCBravo

    It was working fine until sp1 was applied, so its only broken since the sp1 upgrade to Exchange 2010 CAS servers.

    I'm upgrading the backend mailbox servers to sp1 tonight, just in case thats somehow causing an upset.

    Any other ideas ?

    Tuesday, August 31, 2010 8:03 AM
  • Hi

    Had my HTC Desire (which shows up as Bravo) ActiveSync all working fine with Exchange 2010.

    My phone is runing this firmware http://www.htc.com/au/SupportViewNews.aspx?dl_id=1027&news_id=751 which is meant to be updated for improved Exchange server support.

    It worked on this firmware until I updated our 2 CAS servers to Exchange 2010 sp1. (Have not updated the mailbox servers yet).

    OWA is fine and ActiveSync is still working fine with iPhones and iPads.

    HTC gets immediately Denied Access (shown in the IIS logs and also under the user mailbox, Phone and Voice features, ActiveSync in ECP).

    Our default policy applies to my mailbox, which is to allow all devices, not require password etc etc.

    I tried changing the default AcvtiveSync Access setting in ECP to Quarantine All Devices.

    It then quatantined the connecting iPhones and iPads, but still blocked the HTC at the user mailbox level (it never went to the Quarantined Devices at all).

    Seems like it no longer fully supports my device for some reason.

    I can access my mailbox via ActiveSync using https://www.testexchangeconnectivity.com/ so there is nothing wrong with the mailbox settings.

    On the HTC device, it accepts the mailbox credentials then comes up with "Failed to create the account. Please try again later." when trying to sync.

    This seems to be a generic error with the HTC though as does not really identify the issue.

    Regards

    Mark.

    Tuesday, August 31, 2010 12:46 PM
  • Last night I updated our Exchange 2010 back end mailbox servers to sp1, but (as expected) this did not make any difference to my HTC Android issues.

    I've tried another HTC Android device which is running different firmware to mine, it has the same ActiveSync issues.

    They won't even go to Quarantine when that is set as the default, they just get immediately blocked out at the user mailbox level for some reason.

    If I choose the option to change that block from Access Denied to Allow Access, it says Pending Grant Access .. but when you Save the mailbox it ECP and then re-open it again the rule has changed itself back to block (Access Denied).

    iPhones and iPads are working fine and will go through Quarantine with the option to allow on an individual basis, if I configure that option as the default.

    Its starting to smell like an old "Microsoft v Google wars" issue (... a "bug" that will upset Google Android customers .. until it get fixed by an "update" ??).

    Regards

    Mark.

    Wednesday, September 01, 2010 12:48 AM
  • Mark I have seen this recently as well. however we were able to get this working by deleting the profile on the phone, and then removeing the phone from the users mailbox. once completed we re setup the sync and all are happy. If the block is still there when you try to reconnect it will fail.

    our problem was not on the same device you have but This sounds very similar to the problem we had. Let us know if that helps at all or if by chance you have already tried this.

     

    thanks.


    Mitch Roberson |MCITP:Enterprise Server Admin, Messaging 2007, 2010 |MCTS:OCS with Voice Achievement |MCT |MCSE 2000\2003 |MCSE Messaging 2000\2003
    Wednesday, September 01, 2010 2:46 AM
  • Thanks, thats interesting to know ..  but I've tried doing that that too and it still gets immediately blocked.

    Tried a new AD account and mailbox too, still blockedl.

    However, I have discovered that the Andriod 2.1 emulator works ok, though this shows up in Exchange as Android\Android (Make\Model).

    My phone shows up as htcbravo\htcbravo when it gets blocked, even though its running 2.1 update 1

    Found another guy with an Android phone running v2.2 (Froyo) and we can get that one to work .. it also shows up as Android\Android rather than the phone details.

    Its not the same phone though, its a Google Nexus.

    My telco, Telstra, has not released 2.2 yet for their phones, so I guess I either have to hack it to upgrade to generic 2.2 or wait and see.

    Still odd that it worked before sp1 and that the Quarantine feature of sp1 is not working for my phone.

    Regards

    Mark.

     

     

     

     

     

    Wednesday, September 01, 2010 5:53 AM
  • Hi Mark,

    I've heard of a whole host of issues with people using Activesync on Android phones, mainly due to differences in the implementation delivered on device. Apparently the error is the server is responding and asking for the device to acknowledge the Activesync policy, but the device doesn't acknowledge and keeps retrying it's previous command. HTC have apparently simply said "We don't support Exchange 2010".

    The best advice I ahve seen is to use Touchdown , a 3rd part Activesync application. As a reference you will see Motorola offer free licenses for some users to get round their broken Activesync implementation.

    Also - do not wait to upgrade your Hub Transport, UM (if you have them) and mailbox servers to SP1 if you've already done the Client Access Servers. They should *not* be on different versions; SP1 for Exchange 2010 has a lot more to it than an update rollup :-)

    Steve


    Steve Goodman
    Check out my Blog for more Exchange info or find me on Twitter

    Wednesday, September 01, 2010 9:41 AM
  • We have run into this issue as well at another client. we think we have a work around but need to confirm it.

    Do a get-activesyncdevice |fl

    Look for devices that are blocked you will find that the android is blocked. If you can run get-casmailbox for the user look to see if the phone is listed as blocked. If it is remove it. Then run the activesyncdevice command above. to see if it is still blocked.

    we then go into adsiedit and find the user then there active sync devices. and look for deviceaccessstate change that to a 1 and then power down the android phone and restart it. be sure you cleared the profile before and then restart the phone. It should connect at this point remember it will ask to apply the policy once it has the policy it will sync.

    We have found one that sync'd up to begin with then it failed and was listed as blocked again but we are still reviewing this.


    Mitch Roberson |MCITP:Enterprise Server Admin, Messaging 2007, 2010 |MCTS:OCS with Voice Achievement |MCT |MCSE 2000\2003 |MCSE Messaging 2000\2003
    Thursday, September 02, 2010 2:17 AM
  • Thanks for the updates.

    Mitch - I'm getting a better understanding of it all now, though still not able to sync.

    I removed all instances of the blocked device (have tested on a few mailboxes), but still get the same issue when trying to sync.

    If I make the ADSIEdit changes to the device object under the User in AD, that makes ECP show the device status as Access Granted. (So thats where this comes from).

    I then changed the msExchDeviceAccessState from 4 to 1 as suggested.

    It still will not sync, though it now does not reset the device to Blocked (it still says Access Granted in ADSIEdit and in ECP under the mailbox).

    I also tried changing the msExchDeviceAccessStateReason attribute from 5 to 1, since this is what the other (iPhone/iPad) devices are set to. No difference.

    I replicated the DCs within the site, just in case it was looking at a different one each time.

    The IIS log on the CAS server still says "Error:DeviceNotProvisioned_As:BlockedP_Mbx:"

    Full copy of the attempt in IIS Log :

    2010-09-02 08:42:58 172.30.1.82 OPTIONS /Microsoft-Server-ActiveSync/default.eas User=mheywood&DeviceId=HTCAnd3977898f&DeviceType=htcbravo&Log=V25_LdapC3_LdapL16_Mbx:LEOPARD-2010.internal.bunnings.com.au_Dc:WHITEGHOST.internal.bunnings.com.au_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f0%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f0%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Feb9138ad-06db-4fd9-8c60-d14f6c960c5b%2cNorm_ 443 internal\mheywood 172.30.1.183 Android-EAS/0.1 200 0 0 234
    2010-09-02 08:43:00 172.30.1.82 OPTIONS /Microsoft-Server-ActiveSync/default.eas User=mheywood&DeviceId=HTCAnd3977898f&DeviceType=htcbravo&Log=V25_LdapC1_LdapL16_Mbx:LEOPARD-2010.internal.bunnings.com.au_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f0%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f0%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Feb9138ad-06db-4fd9-8c60-d14f6c960c5b%2cNorm_ 443 internal\mheywood 172.30.1.183 Android-EAS/0.1 200 0 0 187
    2010-09-02 08:43:21 172.30.1.82 POST /Microsoft-Server-ActiveSync/default.eas Cmd=FolderSync&User=mheywood&DeviceId=HTCAnd3977898f&DeviceType=htcbravo&Log=V121_LdapC1_RpcC16_RpcL62_Ers1_Cpo19937_Fet20021_Pk0_Error:DeviceNotProvisioned_As:BlockedP_Mbx:LEOPARD-2010.internal.bunnings.com.au_Throttle0_Budget:(D)Conn%3a1%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f1%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f1%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Feb9138ad-06db-4fd9-8c60-d14f6c960c5b%2cNorm%5bResources%3a(Mdb)Exec+DAG+Testing(Health%3a-1%25%2cHistLoad%3a0)%2c%5d_ 443 internal\mheywood 172.30.1.183 Android-EAS/0.1 449 0 0 20239
    2010-09-02 08:43:23 172.30.1.82 OPTIONS /Microsoft-Server-ActiveSync/default.eas User=mheywood&DeviceId=HTCAnd3977898f&DeviceType=htcbravo&Log=V25_LdapC1_LdapL15_Mbx:LEOPARD-2010.internal.bunnings.com.au_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f1%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f1%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Feb9138ad-06db-4fd9-8c60-d14f6c960c5b%2cNorm_ 443 internal\mheywood 172.30.1.184 Android-EAS/0.1 200 0 0 171
    2010-09-02 08:43:35 172.30.1.82 POST /Microsoft-Server-ActiveSync/default.eas User=bjenkins&DeviceId=Appl88030G6TA4T&DeviceType=iPhone&Cmd=Sync&Log=V140_Fc1_Fid:21_Ty:Em_Filt2_St:S_Sk:2039725811_Sst14_Sslc12_BR1_BPR0_LdapC2_LdapL16_RpcC35_RpcL47_Ers1_Pk541807278_S1_As:AllowedI_Mbx:LEOPARD-2010.internal.bunnings.com.au_Dc:WHITEGHOST.internal.bunnings.com.au_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f0%25%2cCAS%3a%24null%2f%24null%2f0%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f0%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Feb9138ad-06db-4fd9-8c60-d14f6c960c5b%2cNorm_ 443 internal\bjenkins 172.30.1.183 Apple-iPhone3C1/801.306 200 0 0 312
    2010-09-02 08:43:44 172.30.1.82 POST /Microsoft-Server-ActiveSync/default.eas Cmd=FolderSync&User=mheywood&DeviceId=HTCAnd3977898f&DeviceType=htcbravo&Log=V121_LdapC1_LdapL16_RpcC16_RpcL63_Ers1_Cpo19921_Fet20005_Pk0_Error:DeviceNotProvisioned_As:BlockedP_Mbx:LEOPARD-2010.internal.bunnings.com.au_Throttle0_Budget:(D)Conn%3a1%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f1%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f1%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Feb9138ad-06db-4fd9-8c60-d14f6c960c5b%2cNorm%5bResources%3a(Mdb)Exec+DAG+Testing(Health%3a-1%25%2cHistLoad%3a0)%2c%5d_ 443 internal\mheywood 172.30.1.184 Android-EAS/0.1 449 0 0 20193
    2010-09-02 08:43:46 172.30.1.82 POST /Microsoft-Server-ActiveSync/default.eas User=bjenkins&DeviceId=Appl88030G6TA4T&DeviceType=iPhone&Cmd=Ping&Log=V140_Fid:15_Sk:833444396_Sst37_SsCmt37_BR1_BPR0_LdapC1_RpcC50_RpcL63_Hb600_Erq1_Pk541807278_S3_Error:PingCollisionDetected_Mbx:LEOPARD-2010.internal.bunnings.com.au_Throttle0_Budget:(D)Conn%3a1%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f0%25%2cCAS%3a%24null%2f%24null%2f3%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f2%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Feb9138ad-06db-4fd9-8c60-d14f6c960c5b%2cNorm%5bResources%3a(Mdb)Exec+DAG+Testing(Health%3a-1%25%2cHistLoad%3a0)%2c%5d%3bGC%3a1%2f0%2f0%3b_ 443 internal\bjenkins 172.30.1.183 Apple-iPhone3C1/801.306 200 0 0 117785
    2010-09-02 08:43:46 172.30.1.82 OPTIONS /Microsoft-Server-ActiveSync/default.eas User=mheywood&DeviceId=HTCAnd3977898f&DeviceType=htcbravo&Log=V25_LdapC1_Mbx:LEOPARD-2010.internal.bunnings.com.au_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f1%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f1%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Feb9138ad-06db-4fd9-8c60-d14f6c960c5b%2cNorm_ 443 internal\mheywood 172.30.1.184 Android-EAS/0.1 200 0 0 187

    -------------------------------------------------------------------------------------------------

    Steve - what I don't get it why it was working 100% until we installed E2k10sp1.

    I have to say I've never seen such a premature release of a Service Pack from MS .. I know they had to release it early: http://msexchangeteam.com/archive/2010/09/01/456094.aspx

    -------------------------------------------------------------------------------------------------

    Anyway, we are officially a Blackberry shop .. so its not a huge issue for us, just disapointing.

    We're trying to get the company to move to EAS devices so it doesn't help our cause.

    Hopefully when Telstra release 2.2 (Froyo) to my HTC it will work again.

    If not I can always flash it to a generic Android firmware I guess.

    I'm happy to test anything you guys come up with in the meantime.

    Might see if I can score a copy of Touchdown too.

    Thanks for you time and efforts so far.

    Regards

    Mark.

     

     

     

    Thursday, September 02, 2010 8:54 AM
  • I installed the 30-day trial of Touchdown and it then shows the phones as Android/Android and it does sync successfully.

    The differences are :

     HTC ActiveSync

     

    RunspaceId              : d0bec435-3f81-41ad-8294-c6958f1f3d8d

    FriendlyName            :

    DeviceId                : HTCAnd3977898f

    DeviceImei              :

    DeviceMobileOperator    :

    DeviceOS                :

    DeviceOSLanguage        :

    DeviceTelephoneNumber   :

    DeviceType              : htcbravo

    DeviceUserAgent         : Android-EAS/0.1

    DeviceModel             : htcbravo

    FirstSyncTime           : 9/2/2010 7:45:42 AM

    UserDisplayName         : internal.bunnings.com.au/Corporate/WA/ITS Store Windows Servers/

    DeviceAccessState       : Allowed

    DeviceAccessStateReason : Policy

    DeviceAccessControlRule :

    DeviceActiveSyncVersion : 12.1

    AdminDisplayName        :

    ExchangeVersion         : 0.10 (14.0.100.0)

    Name                    : htcbravo§HTCAnd3977898f

    DistinguishedName       : CN=htcbravo§HTCAnd3977898f,CN=ExchangeActiveSyncDevices,CN=Mark Heywood,OU=ITS Store Windows

                              Servers,OU=WA,OU=Corporate,DC=internal,DC=bunnings,DC=com,DC=au

    Identity                : internal.bunnings.com.au/Corporate/WA/ITS Store Windows Servers/Mark Heywood/ExchangeActiveSy

                              ncDevices/htcbravo§HTCAnd3977898f

    Guid                    : 790c2251-2455-4788-becb-d13a89ba6ea2

    ObjectCategory          : internal.bunnings.com.au/Configuration/Schema/ms-Exch-Active-Sync-Device

    ObjectClass             : {top, msExchActiveSyncDevice}

    WhenChanged             : 9/2/2010 4:28:21 PM

    WhenCreated             : 9/2/2010 3:45:42 PM

    WhenChangedUTC          : 9/2/2010 8:28:21 AM

    WhenCreatedUTC          : 9/2/2010 7:45:42 AM

    OrganizationId          :

    OriginatingServer       : blacktip.internal.bunnings.com.au

    IsValid                 : True

    ---------------------------------------------------

     Touchdown

     

    RunspaceId              : d0bec435-3f81-41ad-8294-c6958f1f3d8d

    FriendlyName            :

    DeviceId                : 333539313132303330343430323833

    DeviceImei              :

    DeviceMobileOperator    :

    DeviceOS                :

    DeviceOSLanguage        :

    DeviceTelephoneNumber   :

    DeviceType              : Android

    DeviceUserAgent         : TouchDown(MSRPC)/6.1.0007

    DeviceModel             : Android

    FirstSyncTime           : 9/2/2010 9:06:12 AM

    UserDisplayName         : internal.bunnings.com.au/Corporate/WA/ITS Store Windows Servers/

    DeviceAccessState       : Allowed

    DeviceAccessStateReason : Global

    DeviceAccessControlRule :

    DeviceActiveSyncVersion : 12.1

    AdminDisplayName        :

    ExchangeVersion         : 0.10 (14.0.100.0)

    Name                    : Android§333539313132303330343430323833

    DistinguishedName       : CN=Android§333539313132303330343430323833,CN=ExchangeActiveSyncDevices,CN=Mark Heywood,OU=ITS

                               Store Windows Servers,OU=WA,OU=Corporate,DC=internal,DC=bunnings,DC=com,DC=au

    Identity                : internal.bunnings.com.au/Corporate/WA/ITS Store Windows Servers/Mark Heywood/ExchangeActiveSy

                              ncDevices/Android§333539313132303330343430323833

    Guid                    : 2eb86e2d-303a-4663-ba32-f740591998e8

    ObjectCategory          : internal.bunnings.com.au/Configuration/Schema/ms-Exch-Active-Sync-Device

    ObjectClass             : {top, msExchActiveSyncDevice}

    WhenChanged             : 9/2/2010 5:06:43 PM

    WhenCreated             : 9/2/2010 5:06:12 PM

    WhenChangedUTC          : 9/2/2010 9:06:43 AM

    WhenCreatedUTC          : 9/2/2010 9:06:12 AM

    OrganizationId          :

    OriginatingServer       : blacktip.internal.bunnings.com.au

    IsValid                 : True

     

     

     

     

    Thursday, September 02, 2010 9:14 AM
  • and the IIS logs from a successful sync with Touchdown (well the start of them anyway)

    2010-09-02 09:06:10 172.30.1.82 OPTIONS /Microsoft-Server-ActiveSync/default.eas User=internal%5Cmheywood&DeviceId=515357494950485148525248505651&DeviceType=Android&Log=V25_LdapC3_LdapL16_Pk0_Mbx:LEOPARD-2010.internal.bunnings.com.au_Dc:blacktip.internal.bunnings.com.au_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f0%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f0%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Feb9138ad-06db-4fd9-8c60-d14f6c960c5b%2cNorm_ 443 internal\mheywood 172.30.1.183 TouchDown(MSRPC)/6.1.0007 200 0 0 187
    2010-09-02 09:06:13 172.30.1.82 POST /Microsoft-Server-ActiveSync/default.eas Cmd=Provision&DeviceId=333539313132303330343430323833&DeviceType=Android&Log=V121_Ssnf:T_LdapC3_LdapL63_RpcC35_RpcL31_S1_As:DeviceDiscoveryD_Mbx:LEOPARD-2010.internal.bunnings.com.au_Dc:WHITEGHOST.internal.bunnings.com.au_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f0%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f0%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Feb9138ad-06db-4fd9-8c60-d14f6c960c5b%2cNorm_&Translated=T 443 internal\mheywood 172.30.1.184 TouchDown(MSRPC)/6.1.0007 200 0 0 203
    2010-09-02 09:06:13 172.30.1.82 POST /Microsoft-Server-ActiveSync/default.eas Cmd=Provision&DeviceId=333539313132303330343430323833&DeviceType=Android&Log=V121_LdapC1_RpcC15_RpcL32_Pk4202584081_Pa1_S1_As:DeviceDiscoveryD_Mbx:LEOPARD-2010.internal.bunnings.com.au_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f1%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f1%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Feb9138ad-06db-4fd9-8c60-d14f6c960c5b%2cNorm_&Translated=T 443 internal\mheywood 172.30.1.184 TouchDown(MSRPC)/6.1.0007 200 0 0 250
    2010-09-02 09:06:14 172.30.1.82 POST /Microsoft-Server-ActiveSync/default.eas Cmd=FolderSync&DeviceId=333539313132303330343430323833&DeviceType=Android&Log=V121_St:F_Srv:64a0c0d0s0e0r0A0sd_LdapC1_RpcC164_RpcL204_Pk1750627937_As:DeviceDiscoveryD_Mbx:LEOPARD-2010.internal.bunnings.com.au_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f1%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f1%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Feb9138ad-06db-4fd9-8c60-d14f6c960c5b%2cNorm_&Translated=T 443 internal\mheywood 172.30.1.183 TouchDown(MSRPC)/6.1.0007 200 0 0 500
    2010-09-02 09:06:18 172.30.1.82 POST /Microsoft-Server-ActiveSync/default.eas Cmd=Settings&DeviceId=333539313132303330343430323833&DeviceType=Android&Log=V121_LdapC2_LdapL15_RpcC15_RpcL47_Pk1750627937_UserInfo:Get_As:DeviceDiscoveryD_Mbx:LEOPARD-2010.internal.bunnings.com.au_Dc:WHITEGHOST.internal.bunnings.com.au_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f1%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f1%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Feb9138ad-06db-4fd9-8c60-d14f6c960c5b%2cNorm_&Translated=T 443 internal\mheywood 172.30.1.184 TouchDown(MSRPC)/6.1.0007 200 0 0 187
    2010-09-02 09:06:38 172.30.1.82 POST /Microsoft-Server-ActiveSync/default.eas Cmd=Ping&DeviceId=333539313132303330343430323833&DeviceType=Android&Log=V121_LdapC1_RpcC33_RpcL125_Hb480_Pk1750627937_S2_As:AllowedG_Mbx:LEOPARD-2010.internal.bunnings.com.au_Dc:WHITEGHOST.internal.bunnings.com.au_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f1%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f1%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Feb9138ad-06db-4fd9-8c60-d14f6c960c5b%2cNorm_&Translated=T 443 internal\mheywood 172.30.1.183 TouchDown(MSRPC)/6.1.0007 200 0 0 437
    2010-09-02 09:06:38 172.30.1.82 POST /Microsoft-Server-ActiveSync/default.eas Cmd=GetItemEstimate&DeviceId=333539313132303330343430323833&DeviceType=Android&Log=V121_Fc4_Pfs13_Pfs13_Pfs13_Pfs13_LdapC1_RpcC15_RpcL15_E4_Pk1750627937_S1_As:AllowedG_Mbx:LEOPARD-2010.internal.bunnings.com.au_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f2%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f1%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Feb9138ad-06db-4fd9-8c60-d14f6c960c5b%2cNorm_&Translated=T 443 internal\mheywood 172.30.1.184 TouchDown(MSRPC)/6.1.0007 200 0 0 218
    2010-09-02 09:06:39 172.30.1.82 POST /Microsoft-Server-ActiveSync/default.eas Cmd=Sync&DeviceId=333539313132303330343430323833&DeviceType=Android&Log=V121_Fc1_Fid:17_Ty:Em_Filt0_St:F_Sk:0_Sst1_LdapC1_RpcC31_RpcL78_Pk1750627937_S1_As:AllowedG_Mbx:LEOPARD-2010.internal.bunnings.com.au_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f2%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f1%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Feb9138ad-06db-4fd9-8c60-d14f6c960c5b%2cNorm_&Translated=T 443 internal\mheywood 172.30.1.184 TouchDown(MSRPC)/6.1.0007 200 0 0 234
    2010-09-02 09:06:39 172.30.1.82 POST /Microsoft-Server-ActiveSync/default.eas Cmd=Sync&DeviceId=333539313132303330343430323833&DeviceType=Android&Log=V121_Fc1_Fid:12_Ty:Ca_Filt0_St:F_Sk:0_Sst1_SsCmt8_LdapC1_LdapL15_RpcC49_RpcL329_Pk1750627937_S1_As:AllowedG_Mbx:LEOPARD-2010.internal.bunnings.com.au_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f2%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f1%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Feb9138ad-06db-4fd9-8c60-d14f6c960c5b%2cNorm_&Translated=T 443 internal\mheywood 172.30.1.184 TouchDown(MSRPC)/6.1.0007 200 0 0 641
    2010-09-02 09:06:40 172.30.1.82 POST /Microsoft-Server-ActiveSync/default.eas Cmd=Sync&DeviceId=333539313132303330343430323833&DeviceType=Android&Log=V121_Fc1_Fid:13_Ty:Co_Filt0_St:F_Sk:0_Sst1_LdapC1_RpcC27_RpcL78_Pk1750627937_S1_As:AllowedG_Mbx:LEOPARD-2010.internal.bunnings.com.au_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f3%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f2%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Feb9138ad-06db-4fd9-8c60-d14f6c960c5b%2cNorm_&Translated=T 443 internal\mheywood 172.30.1.184 TouchDown(MSRPC)/6.1.0007 200 0 0 312
    2010-09-02 09:06:40 172.30.1.82 POST /Microsoft-Server-ActiveSync/default.eas Cmd=Sync&DeviceId=333539313132303330343430323833&DeviceType=Android&Log=V121_Fc1_Fid:64_Ty:Ta_Filt0_St:F_Sk:0_Sst1_LdapC1_LdapL16_RpcC27_RpcL78_Pk1750627937_S1_As:AllowedG_Mbx:LEOPARD-2010.internal.bunnings.com.au_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f3%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f2%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Feb9138ad-06db-4fd9-8c60-d14f6c960c5b%2cNorm_&Translated=T 443 internal\mheywood 172.30.1.184 TouchDown(MSRPC)/6.1.0007 200 0 0 172
    2010-09-02 09:06:44 172.30.1.82 POST /Microsoft-Server-ActiveSync/default.eas Cmd=Sync&DeviceId=333539313132303330343430323833&DeviceType=Android&Log=V121_Fc1_Fid:13_Ty:Co_Filt0_St:F_Sk:0_Sst1_LdapC1_LdapL31_RpcC35_RpcL625_Pk1750627937_S1_As:AllowedG_Mbx:LEOPARD-2010.internal.bunnings.com.au_Throttle0_Budget:(A)Conn%3a1%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f4%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f2%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Feb9138ad-06db-4fd9-8c60-d14f6c960c5b%2cNorm_&Translated=T 443 internal\mheywood 172.30.1.184 TouchDown(MSRPC)/6.1.0007 200 0 0 891
    2010-09-02 09:06:44 172.30.1.82 POST /Microsoft-Server-ActiveSync/default.eas Cmd=Ping&DeviceId=333539313132303330343430323833&DeviceType=Android&Log=V121_Fid:12_Sk:1384186323_Sst8_Fid:13_Sk:1663434207_Fid:17_Sk:204307845_Fid:64_Sk:1638199718_LdapC1_RpcC52_RpcL688_Hb480_Pk1750627937_S2_As:AllowedG_Mbx:LEOPARD-2010.internal.bunnings.com.au_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f3%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f2%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Feb9138ad-06db-4fd9-8c60-d14f6c960c5b%2cNorm_&Translated=T 443 internal\mheywood 172.30.1.183 TouchDown(MSRPC)/6.1.0007 200 0 0 1047
    2010-09-02 09:06:44 172.30.1.82 POST /Microsoft-Server-ActiveSync/default.eas Cmd=GetItemEstimate&DeviceId=333539313132303330343430323833&DeviceType=Android&Log=V121_Fc1_Fid:13_Sk:103279117_Pfs1_LdapC1_RpcC26_RpcL31_Pk1750627937_S1_As:AllowedG_Mbx:LEOPARD-2010.internal.bunnings.com.au_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f6%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f4%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Feb9138ad-06db-4fd9-8c60-d14f6c960c5b%2cNorm_&Translated=T 443 internal\mheywood 172.30.1.184 TouchDown(MSRPC)/6.1.0007 200 0 0 172
    2010-09-02 09:06:44 172.30.1.82 POST /Microsoft-Server-ActiveSync/default.eas Cmd=Sync&DeviceId=333539313132303330343430323833&DeviceType=Android&Log=V121_Fc1_Fid:13_Ty:Co_Filt0_St:S_Sk:103279117_SsCmt2_Srv:20a0c0d0s0e0r0A0sd_BR1_BPR0_LdapC1_LdapL15_RpcC67_RpcL125_Pk1750627937_S1_As:AllowedG_Mbx:LEOPARD-2010.internal.bunnings.com.au_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f6%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f4%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Feb9138ad-06db-4fd9-8c60-d14f6c960c5b%2cNorm_&Translated=T 443 internal\mheywood 172.30.1.184 TouchDown(MSRPC)/6.1.0007 200 0 0 359

    Thursday, September 02, 2010 9:17 AM
  • When you made the above changes did it ever ask to apply policy on the android? When you run the get-activesyncdevice do you see any devices listed a Validate? if so are they listed as blocked?

     


    Mitch Roberson |MCITP:Enterprise Server Admin, Messaging 2007, 2010 |MCTS:OCS with Voice Achievement |MCT |MCSE 2000\2003 |MCSE Messaging 2000\2003
    Thursday, September 02, 2010 12:43 PM
  • OK we have one device that keeps getting put back in to blocked. we have confirmed the permission on the account and this does seem to be an android problem. We will continue to review and possibly get MS on the phone on this one.
    Mitch Roberson |MCITP:Enterprise Server Admin, Messaging 2007, 2010 |MCTS:OCS with Voice Achievement |MCT |MCSE 2000\2003 |MCSE Messaging 2000\2003
    Thursday, September 02, 2010 1:33 PM
  • So here is what we are seeing. This appears to fail during the validate.

    So here are the results, notice the bold between the Validate and the actual device:

    -------------------Validate-------------------------------------

    RunspaceId              : 9ccf63ba-20b4-4edb-ba9f-2d048a6c0b12

    FriendlyName            :

    DeviceId                : validate

    DeviceImei              :

    DeviceMobileOperator    :

    DeviceOS                :

    DeviceOSLanguage        :

    DeviceTelephoneNumber   :

    DeviceType              : Android

    DeviceUserAgent         : Android/0.3

    DeviceModel             : Android

    FirstSyncTime           : 9/1/2010 7:43:53 PM

    UserDisplayName         : domain.com/OU/OUC/Username

    DeviceAccessState       : Blocked

    DeviceAccessStateReason : Policy

    DeviceAccessControlRule : Android (DeviceModel)

    DeviceActiveSyncVersion : 12.0

     

    --------------------------------Device-------------------------------------------

    RunspaceId              : 9ccf63ba-20b4-4edb-ba9f-2d048a6c0b12

    FriendlyName            :

    DeviceId                : droid1265405060123

    DeviceImei              :

    DeviceMobileOperator    :

    DeviceOS                :

    DeviceOSLanguage        :

    DeviceTelephoneNumber   :

    DeviceType              : Android

    DeviceUserAgent         : Android/0.3

    DeviceModel             : Android

    FirstSyncTime           : 9/1/2010 9:29:39 PM

    UserDisplayName         : domain.com/OU/OUC/username

    DeviceAccessState       : Allowed

    DeviceAccessStateReason : DeviceRule

    DeviceAccessControlRule : Android (DeviceModel)

    DeviceActiveSyncVersion : 12.0

     


    Mitch Roberson |MCITP:Enterprise Server Admin, Messaging 2007, 2010 |MCTS:OCS with Voice Achievement |MCT |MCSE 2000\2003 |MCSE Messaging 2000\2003
    Thursday, September 02, 2010 2:10 PM
  • Well this is weird...

    Touchdown allows you to change the device name and if I set it to htcbravo then it will still sync ok (so its not just the naming).

    It shows up as Access Granted under the Mailbox in ECP when using Touchdown (as expected).

    However, it does not seem to create an AD object under my user account in AD (when viewed with ADSIEdit).

    I don't understand who there are 2 activesync devices under my mailbox in ECP, yet only one in AD.

    In ECP, both are now called htcbravo now and one is Denied (the HTC built in EAS .. this is a new object as I deleted the edited object from yesterday), and the other is Access Granted (the Touchdown one which has had the name changed to htcbravo).

    I'm not seeing anything as Validate in the GET-ACTIVESYNCDEVICE either.

    On a separate issue, Touchdown seems to have issues with my Calendar appointments. Can't see what its doing, as some are on time, some are 1 hr early and some are 2 hrs early. The only time zone setting is in the phone itself and this is correctly set to GMT +8 for me.

     

    Friday, September 03, 2010 4:22 AM
  • We are still working on this with Microsoft. we made some changes last night and will test this moring if our results are any better we will let you know.
    Mitch Roberson |MCITP:Enterprise Server Admin, Messaging 2007, 2010 |MCTS:OCS with Voice Achievement |MCT |MCSE 2000\2003 |MCSE Messaging 2000\2003
    Friday, September 03, 2010 12:35 PM
  • Hi Mitch,

    Any luck with this yet?

    We have a few HTC Legend and HTC Wildfire running Android 2.1 with the same issue.

    We have upgraded our HTC Desire to Android 2.2 and they do work.

    I have a case with HTC regarding this, but no luck there so far.

    // Erik

    Wednesday, September 08, 2010 6:16 AM
  • So its not just my telco firmware .. nice to know some other people have the same issues.

    I read somewhere on the Net I read that HTCs version of EAS (since HTC add the EAS client in v2.1) does not acknowledge the receipt of the EAS device policy that gets sent from E2k10 sp1. They said that this results in the blocking, regardless of what the actual policy settings are.

    Sounds reasonable to me and if so I can't see how MS are going to fix it .. would need to be an HTC update.

    Regards

    Mark.

     

    • Edited by MarkLH69 Wednesday, September 08, 2010 7:33 AM typo
    Wednesday, September 08, 2010 7:32 AM
  • Mark

     

    I have the same problem with the desire on exchange 2010 sp1 but only after upgrading the rom version from ROM Version: 1.16.841.1 to ROM Version: 1.25.841.5

    I have got around it by not using the HTC exchange sync I installed the base android 2.1 email app and it now syncs fine.

    Only problem is that email app doesn;t sync the calendar but I'm now waiting for android 2.2 to be released by Telstra to see if that fixes it.

    Here is the link to the android email app if any wants it

    http://forum.xda-developers.com/showthread.php?t=668043

     

     

     

    Thursday, September 09, 2010 1:02 AM
  • Thanks for that sprouley .. interesting that yours broke after installing the upgraded firmware (I had that installed already so could not tell).

    I've now installed the Android 2.1 Email App on my HTC and its working fine.

    As you say, it doesn't do Calendar at all, but does Email and Contacts.

    Since my Calendar appointments under Touchdown were mostly at the wrong times, I'm happy to use the Android App for now.

    Regards

    Mark.

    Thursday, September 09, 2010 3:46 AM
  • We're seeing the same with 2010 SP1 and Droid 2 firmware 2.2
    Thursday, September 09, 2010 3:34 PM
  • Everyone in here, I hope you are all contacting your carriers and letting them know of this issue after upgrading ROMs. As mentioned earlier there are known issues with how some companies are coding EAS on their devices and without your help notifying them it makes everyone's job a little harder. :)
    Microsoft Premier Field Engineer, Exchange
    MCSA 2000/2003, CCNA
    MCITP: Enterprise Messaging Administrator 2010
    Former Microsoft MVP, Exchange Server
    My posts are provided “AS IS” with no guarantees, no warranties, and they confer no rights.
    Thursday, September 09, 2010 3:55 PM
  • So far we have narrowed it down to motorola being the most problem device others are working fine with the same version of android. it does appear to be the ROM update.

    We have been on the phone with both MS and the carrier and everyone is passing it to the other. we know that droid does not have great support for active sync and seems to have half way supported it If anyone hears of a fix coming from a carrier or Motorola let us know.


    Mitch Roberson |MCITP:Enterprise Server Admin, Messaging 2007, 2010 |MCTS:OCS with Voice Achievement |MCT |MCSE 2000\2003 |MCSE Messaging 2000\2003
    Thursday, September 09, 2010 4:04 PM
  • I think I found the fix. or at least for one of the androids that I have. I will test with more tomorrow. but i created a new policy and set it up just like the default policy. and then assigned the new policy to the user with the android and it now works. I wish I could say this was my fix but the same thing happened in 2007 with some other phones. I have about 7 more models to test tomorrow but so far with 2 different ones that are having  problems syncing this has worked

    on one I did have to set it to allowed at the individual. by useing the set-casmailbox command. but all others have worked after I removed the profile from the android and re-set it up.


    Mitch Roberson |MCITP:Enterprise Server Admin, Messaging 2007, 2010 |MCTS:OCS with Voice Achievement |MCT |MCSE 2000\2003 |MCSE Messaging 2000\2003
    Monday, September 13, 2010 1:59 AM
  • I was able to reproduce the problem using the Android 2.2 emulator from the SDK.  The 2.1 emulator worked with both RTM and SP1, but 2.2 only worked for RTM.  So A) something changed with the EAS code from Android 2.1 to 2.2 and B) something changed on the server from RTM to SP1. Using the workaround suggested by Mitch works for the 2.2 emulator, but does not work for Droid.  My temporary solution was to create an RTM CAS just for the phones with problems.

    Having an RTM CAS and SP1 Mailbox servers is a big no-no and will break things.  I happened to have some mailbox moves running when I installed RTM.  As soon as the mailboxreplication service started it immediately wanted to help and promptly failed all queued move requests.  Caveat emptor.  As soon as it was installed I removed all of the virtual directories except for ActiveSync and stopped/disabled all exchange services and have not had problems since.  You can use the default self-signed cert that was created during the install, but on the phone you will need to tick the option to accept all certificates.

    Regardless of who's at fault, I suspect Google will need to fix it on their end.     -Steve

    Thursday, September 16, 2010 2:14 PM
  • Hey Mitch you were right about the Androids, we ran into the same problem when we tested email routing through our new E2K10 SP1 CAS servers last week.  Even though the mailboxes for the devices were still on E2K7, several weren't syncing - they would just get stuck in a loop and never update.  We have a little over 100 Android devices in our environment so this is going to be a challenge to over come before we can leave mail routing through the E2K10 CAS servers. 

    Some of the devices that I know were failing for sure were: HTC EVO, HTC Incredible, and the Droid 2.  I called Microsoft and this is their official response:    "The Exchange Server is not denying the requests that are coming from the Android Mobile Devices. The problem is that the phone is not sending back a proper PROVISION command which is a confirmation that the Exchange ActiveSync Security Policy has been applied.  At this time, it is best to contact the device manufacturer and get the issue addressed with them." 

    I called HTC and their official response is:   "We don't officially support Exchange 2010 on any of our Android devices yet."

    If anyone hears of any carrier updates that address this issue please post them.  Thanks.

     

    Monday, September 27, 2010 2:37 PM
  • Guys

    That is an interesting read.

    Let me expand the horizon. I have a Nokia E71 using Nokia's active sync called Mail for Exchange. It worked fine prior to Exchange 2010 SP1 and now does not work. I have a single mail server which is also the Domain Controller.

    Previously I was able to connect my phone via a carrier, or directly via wireless if I was in the office.

    I will go through some the suggestions here and report back.

    Tuesday, September 28, 2010 8:42 AM
  • I created a new profile as suggested by Mitch and voila all synched OK. Thanks
    Tuesday, September 28, 2010 9:07 AM
  • This is a known issue with certain versions of Android OS on phones available from different manufacturers and service providers. The only verified solution that we know of at this moment has come thru this community, as 'Mitch Roberson' has written below, I have marked that as an 'Answer' as well.

    Now, let me list some related details here for everyone's information.

    Phones are actually running into a provisioning issue against Exchange 2010 Server. This is evident from the IIS logs pastd below by some users and the logs we have seen in Microsoft Support. For example, you will see the following in IIS Log:

    2010-08-31 20:38:54 192.168.2.6 POST /Microsoft-Server-ActiveSync/default.eas Cmd=FolderSync&User=johndoe&DeviceId=validate&DeviceType=Android&
    Log=V120_Ssnf:T_LdapC13_LdapL16_RpcC35_RpcL63_Ers1_Cpo19453_Fet20015_Pk0_
    Error:DeviceNotProvisioned_As:BlockedP_Mbx:mail.contoso.local_Dc:dc01.contoso.local_Throttle0_Budget:(D)Conn%3a1%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f1%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f1%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5F7fd952bb-6275-4010-8c3e-bb47f4cea08f%2cNorm%5bResources%3a(Mdb)DB1(Health%3a-1%25%2cHistLoad%3a0)%2c(DC)dc01.contoso.local(Health%3a-1%25%2cHistLoad%3a0)%2c(DC)dc02.contoso.local(Health%3a-1%25%2cHistLoad%3a0)%2c%5d_ 443 contoso\johndoe 75.204.200.137 Android/0.3 449 0 64 20734

    You can see that the Android mobile device is sending a 'FolderSync' EAS command to server for user JohnDoe with the DeviceID = Validate and Type = Android, and is being blocked by Exchange as it is not responding properly to the provision command from server. This is implemented thru Default Throttling Policy and the error it geenrates is error code: 449 (which essentially means device provisioning has failed). Generally this happens when client does not respond properly to provisioning commands from server where server informs mobile device that there are certain EAS policies applied by the Exchange Server Administrator and device needs to acknowledge those for implementation. This happens mostly when the device does not support all or a subset of EAS policies being implemented by the Exchange Server Administrator.

    If you bring up the EMS command prompt and enter the following command, you will see the following output (similar to what we saw above in IIS Log):

    Output of “Get-ActiveSyncDeviceStatistics -mailbox:johndoe”: (truncated)

    RunspaceId                                    : f0323f7c-b3a6-4102-ab5b-d1df0464e318
    FirstSyncTime                                : 8/31/2010 8:38:34 PM
    DeviceType                                    : Android
    DeviceID                                       : validate
    DeviceUserAgent                            : Android/0.3
    DeviceModel                                  : Android
    DeviceEnableOutboundSMS             : False
    Identity                                         : contoso.local/Test/John Doe/ExchangeActiveSyncDevices/Android§validate
    Guid                                              : a5750d0c-189c-4ccc-9b22-e5c87845f5c0
    IsRemoteWipeSupported                 : False
    Status                                           : DeviceOk
    DeviceAccessState                     : Blocked
    DeviceAccessStateReason         : Policy
    DevicePolicyApplied                       : Corp
    DevicePolicyApplicationStatus  :NotApplied
    DeviceActiveSyncVersion               : 12.0
    NumberOfFoldersSynced                : 0

    We have seen this issue mostly with devices using Android 2.1, users who have been able to update their devices with Android 2.2 somehow, stopped running into this issue, without making any changes on the server side.

    I contacted HTC Support (on 9/28 via http://www.htc.com/us/support/e-mail) about this issue and they responded (like other users have reported here), please keep in mind this can change at any time in future, so please contact HTC Support directly for updates:

    "At this time we do not have any Android based device that will sync with an Exchange 2010 Server. We may provide future Android devices that do offer this. However, as there is currently no release information for any upcoming devices, we encourage you to continually visit HTC’s product page at http://www.htc.com/us"

    While working on this issue we also discovered that Android provided limited support for EAS policies and is working to continually improve it in their upcoming versions. For more information, please see related posts below. Again, this information is subject to change at any moment, so please refer to Android website (http://code.google.com/p/android/issues/list) for current info.

    1. http://code.google.com/p/android/issues/detail?id=9426 : "we only support the basic (EAS 2.5) features in Froyo. So if your server requires, for example, password history or expiration, or complex characters, then it won't be provisionable in Froyo. Our goal is to provide more policy support in future versions, but for now we support - password (PIN/alpha), minimum characters, max. fails to wipe, inactivity timeout, and remote wipe.”

    2. Exchange Device Password policy not enforced when "Allow non-provisionable devices" is selected: http://code.google.com/p/android/issues/detail?id=8601
    Fix for this issue is in the Android 2.2.1 Update, released recently (for Nexus One users, may not be available thru other service providers at this time, contact your service provider for any updates that they can provide for your device), Android now implements the policies it can rather than ignoring all policies and thus it can successfully sync with the server.

    Hope this helps!


    Sr. Program Manager, Product Quality, Exchange Client Access Server
    Tuesday, October 12, 2010 11:23 PM
  • Hello Mitch,

     

    We are experiencing the same issue with our Android 2.2 devices.  I am interested in testing your solution but would like you to elaborate a bit.  Was this an EAS policy you created?  In what context did you run the get-casmailbox command?  Any info would be greatly appreciated.

     

    Thank you,

    Brian

     


    Brian Davis, MCP
    Wednesday, October 13, 2010 12:02 AM
  • Today I founded sollution. It's not secure, but works. You just need to remove all ActiveSync policies.

    To remove default policy write command in EPS: Remove-ActiveSyncMailboxPolicy -id <Default>

     

     

    Thursday, October 14, 2010 8:34 AM
  • Android is somewhat shady in it's Exchange support. Up to Android 2.1 it was the OEMs responsibility entirely to implement EAS. From 2.2 there is some basic support built-in to the OS, and from what I can tell on an HTC Desire it reports itself as being 12.1 (Exchange 2007 SPx) compliant.

    Exactly how the provisioning process works depends on what ASProtocolVersion the device reports. (Obviously if the device says it supports 12.1 Exchange will expect it to handle the provision correctly.)

    The "challenge" is that Exchange 2010 SP1 changes a couple of details in the provisioning process and will now expect the device to return some information about itself before sending out the policies.

    I have made a utility called EAS MD for testing ActiveSync that supports ASVersion 12.0, 12.1, 14.0 and 14.1. It will allow you to simulate a provisionable device as well as accept the security policies sent down. Check it out if you are interested: http://mobilitydojo.net/downloads

     

    Thursday, October 14, 2010 9:40 AM
  • Yay seems im in the same boat as rest of you :)

    well, as myself i have an htc desire 2.2 everything works.

    customer bought desires and they had fw 2.1 ... quess what did it supported ex 2010 sp1 or not :) and they upgraded their phones to 2.2 and got everything working.

    But now they have 2 sorts of phones legend and hero what have a fw version 2.1 and it doesnt support exchange 2010 sp1 :(

    even looked if mobile is blocked in exchange and found as it is, then i manually setted via shell that for that user that mobile is ALLOWED. and then tried again ... quess what phone says that unable to connect and create accound and from shell it doesnt show that phones are blocked... got that as weird and tried with another test user and automatically that phone was marked as blocked.

    even tried via EMC to add hero and legend to quarantine or allow all ... still nothing ... quess i must start doing some black magic with htc and exchange to marry them.

     

    Tuesday, October 19, 2010 4:20 PM
  • The Hero can probably just be "archived" - I don't think we're going to see any updates to those devices. The Legend however is slated for a 2.2 upgrade I believe.
    Tuesday, October 19, 2010 7:29 PM
  • Make it easy on yourself, download the standard Android 2.1 mail client that HTC chooses to remove.  It can be downloaded here: http://forum.xda-developers.com/showthread.php?t=668043

    Works just fine with Exchange 2010 SP1

    Jon

    Tuesday, October 19, 2010 11:01 PM
  • Telstra have finally released a rom for android 2.2 I have updated my desire and now it syncs fine using the HTC mail client including the calendar 

    get it from here http://www.htc.com/au/supportdownloadlist.aspx?p_id=312&act=sd&cat=all

     

    sprouley

     

    Tuesday, October 26, 2010 9:39 PM
  • In my case, I recently completed a weekend migration from Exchange 2003 SP2 to Exchange 2010 SP1.  On the initial testing, the next business day, it was discovered the Android phones were all down and I was able to confirm the exact same results already documented throughout this thread.  Fortunately, through reading all the comments, I was able to piece together what appears to be a working method.. at least for me.

    I resolved my issues with the Android hansets by performing the following:

    1) Remove the Android mobile devces affected from each users mailboxes.

    2) Remove the Default (and any other ActiveSync) policy using EMC  -- Remove-ActiveSyncMailboxPolicy -id <Default>

             Note: this will set all user to no activesync policy (this is what we want temporarily)....

    3) Setup the Andriod phones to sync and let them get past the initial syncronization.

    4) Recreated the ActiveSync Policy and set it back to default - (this will reapply the policy to all mailboxes).

    This method works greate for a small environment but obviously isn't a solution for larger shops (sorry).....

    From what I can tell, the 'blocking' issue only appears to occur on the initial sync attempt from a Droid - though a permantent resolution appear to be either a hotfix from Microsoft (hint hint) and/or an Android update.

    • Proposed as answer by mainesysadmin Tuesday, March 22, 2011 11:09 PM
    Wednesday, October 27, 2010 4:26 AM
  • I just went through this with a test user I migrated from our Exchange 2007 server to a 2010 SP1 server.  My HTC Incredible running Android 2.2 works fine, but his Motorola Droid (original) will not sync.  I tried the solution Thomas posted above, but as soon as I re-created the policy, this user's phone stopped syncing.  I re-deleted the policy, and the phone syncs again.

    So, what are the ramifications of not having an ActiveSync policy?


    Thursday, October 28, 2010 7:56 PM
  • As a quick update to my post above.  While this did work for a few phones, there were a few that is did not work for.  the only solution for those phones it seems  is to either run without an activesync policy or replace them.
    Wednesday, November 03, 2010 12:41 AM
  • This version from Gingerbread modified by Cyanogen works perfectly.

    http://forum.xda-developers.com/showthread.php?t=775007&highlight=activesync

    Monday, January 24, 2011 8:18 AM
  • This version from Gingerbread modified by Cyanogen works perfectly.

    http://forum.xda-developers.com/showthread.php?t=775007&highlight=activesync


    Yes, but it would of course not be a solution for an enterprise to have their users tweak their devices this way :)
    Monday, January 24, 2011 8:47 AM
  • Hi,

     

    I have a similar problem, but with Windows based HTC. My phone is HTC touch Pro 2, and ever since our company migrated from Exchange Server 2003 to Exchange Server 2010, SP1, my phone doesn't sync! Our administrator told me the new settings for SERVER ADDRESS are: "IP address/Microsoft-Server-ActiveSync" but the moment i put this information and press next, the part after the IP disappears i.e. "/Microsoft-Server-ActiveSync" is gone, so activesync doesn't work! One of microsoft guy i was in touch with suggested that "/Microsoft-Server-ActiveSync" is an internal reference to it won't work, he further suggested a few solutions but none works. Any idea what could be the problem, and a solution for this. Will appreciate an early response to this, and if anyone thinks that upgrading from WM 6.1 to WM 6.5 will solve this problem?

    Thanks,

    Sunny

    Friday, March 18, 2011 2:17 PM
  • I was just looking at the "downloads" for the Touch Pro 2, (my spouse has one) see if your carrier has a patch 

    http://www.htc.com/us/support/

     

    good luck 


    JLH
    Tuesday, March 29, 2011 8:55 PM