none
Windows 10 Mail App No Longer Able To Enforce Security Policies (0x86000c2b) RRS feed

  • Question

  • Hi,

    Not sure if this is the right place to ask this, but I was told to post it here in my post on another forum:  http://answers.microsoft.com/en-us/windows/forum/apps_windows_10-outlook_mail/windows-10-mail-app-no-longer-able-to-enforce/4143f430-8056-44ad-a1af-691178ba66d3

    After following some guides to disable telemetry and stop data collection in Windows 10 by deleting two services, DiagTrack and dmwappushservice, I am now unable to add my University exchange account to the Windows 10 Mail and Calendar apps.  Whenever I try to add it, the "Enforce These Policies" dialog pops up.  After clicking accept, the app tells me that my device does not meet the security requirements set by my email administrator and gives error code 0x86000c2b.

    I know that the problem has to do with the deletion of these services because I performed a fresh install of Windows 10 in a virtual machine and tried adding the account to the Windows 10 Mail app there.  It worked fine, so I then removed the account and deleted the services.  Right after the services were deleted, adding the account would fail with the same error code (0x86000c2b).

    Is there some way I can get my account added to the Mail app?  I know that my device is capable of enforcing the security policies.  I just think that it might be trying to check something with these missing services to verify that it can.

    Thanks in advance for your help.

    Monday, September 28, 2015 3:55 PM

Answers

  • Hi,

    How did you delete these services? By using “sc delete” command?

    You can still restore them back in this case, Go to the node and open the “regedit” utility on another Windows 10 PC. Find the corresponding registry key by the service's native name (not the displayed name):

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<Service_name>

    In my case for dmwappushservice

    Export them as reg files and import them to problematic device, the restart, these services would be restored after log on.

    IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs.

    Regards,

    D. Wu


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Marked as answer by Culnaur Wednesday, September 30, 2015 3:25 PM
    Wednesday, September 30, 2015 6:32 AM
    Moderator

All replies

  • Kindly go through the following:

    [Forum FAQ]How to fix built-in Apps that cannot work correctly in Windows 10


    S.Sengupta, Windows Experience MVP

    Tuesday, September 29, 2015 1:33 AM
  • Hi,

    How did you delete these services? By using “sc delete” command?

    You can still restore them back in this case, Go to the node and open the “regedit” utility on another Windows 10 PC. Find the corresponding registry key by the service's native name (not the displayed name):

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<Service_name>

    In my case for dmwappushservice

    Export them as reg files and import them to problematic device, the restart, these services would be restored after log on.

    IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs.

    Regards,

    D. Wu


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Marked as answer by Culnaur Wednesday, September 30, 2015 3:25 PM
    Wednesday, September 30, 2015 6:32 AM
    Moderator
  • Thanks for the instructions on how to restore these services!

    I did use "sc delete" to remove them originally.  Using your guide, I restored them and properly disabled them instead of outright deleting them.  Now, whenever I want to add an Exchange account to the Mail App, I just have to temporarily re-enable the "dmwappushservice," add the account, and then disable the service.

    Thanks again!

    Wednesday, September 30, 2015 3:28 PM
  • Ok,


    I encountered the same issue configuring a new Surface 4 tablet with an Exchange Server. Error message :


    - This device doesn’t meet the security requirements set by your email administrator

    - Enable to Sync (0x86000c2b)


    Several days to search on Internet and to test some different settings.


    Finally, I checked ths status of the device request on the Exchange server by using "Exchange Message Tracking console" (In the user account concernened -> Phone functionalities) and I saw that the sync request was refused by the server.


    Why ? Because the parameter "Allow non-provisionable devices" was checked in the ActivSync Policy applied on the user.


    So I unchecked this parameter, the sync request became allowed and I managed to sync with the Surface Tablet !!

    Wednesday, May 25, 2016 3:17 PM
  • Ok,


    I encountered the same issue configuring a new Surface 4 tablet with an Exchange Server. Error message :


    - This device doesn’t meet the security requirements set by your email administrator

    - Enable to Sync (0x86000c2b)


    Several days to search on Internet and to test some different settings.


    Finally, I checked ths status of the device request on the Exchange server by using "Exchange Message Tracking console" (In the user account concernened -> Phone functionalities) and I saw that the sync request was refused by the server.


    Why ? Because the parameter "Allow non-provisionable devices" was checked in the ActivSync Policy applied on the user.


    So I unchecked this parameter, the sync request became allowed and I managed to sync with the Surface Tablet !!

    OK, so I tried creating a new ActiveSync policy just for my mailbox with the above and it worked great, thanks! But I didn't feel comfortable doing that because even though I am a Domain Admin, managing the mail server doesn't fall within my normal job duties, so I undid all my changes and resigned myself to it being broken. Until today, when I went through my Event Log and saw this error:

    MDM ConfigurationManager: Command failure status. Configuration Source ID: (0236833D-08DF-4601-B214-DB2170B80DC0), Enrollment Name: (EAS), Provider Name: (Policy), Command Type: (CmdType_Add), CSP URI: (./Vendor/MSFT/Policy/Config/DeviceLock), Result: (There are other standard users present who are not allowed to change their password.).

    This was a badly needed clue. Turns out, the problem was when I installed SQL Server 2016 Express, specifically the R services, with the presence of about 20 user accounts it creates which are not allowed to change their password. I disabled all 20 of these accounts, and Mail was able to sync, since there apparently were no longer any ActiveSync policy violations. I know Microsoft Outlook is more powerful, and runs without problems, but I prefer the Mail app because I am not a power-user when it comes to email, my needs are simple, and I like the simple and beautiful interface.

    • Proposed as answer by Paulat671 Wednesday, October 26, 2016 1:58 AM
    Thursday, August 4, 2016 7:34 PM