locked
Event ID: 1019 - "A blocked device" for iPhone on Exchange 2007 RRS feed

  • Question

  • We have recently added 4s iPhones to our Exchange 2007 Activesync and I keep getting Event ID: 1019.  We have had iPhones 3Gs working without any problems but the iPhone 4s is not able to sync properly.    We do not have an ISA and are using Exchange 2007 and not 2010.  When setting up the 4s phone it connects fine but when attempting to retrieve mail on the phone it says that mail cannot be retrieved and in the event logs of the Exchange server I get Event ID: 1019.  I also see in the Exchange mailbox for the user the new iphone partnership but i am not able to sync mail.  I have not found any answers to this issue with Exchange 2007.
    James
    Sunday, December 4, 2011 3:30 AM

Answers

  • Hi James,
    You can remove that value by running:
    set-CASMailbox USER -ActiveSyncAllowedDeviceIDs $null

    That value is only populated manually...someone did it and it's a good way to block a user from using EAS with a device not approved by the Company.
    In your case..that was a problem more than a solution :)
    Martina Miskovic - http://www.nic2012.com/
    • Marked as answer by Nonprofit Tuesday, December 6, 2011 6:05 PM
    Tuesday, December 6, 2011 3:02 PM

All replies

  • Can you post the complete and exact error you are getting?

    Also make sure you have the latest SP and rollups on Exchange and the latest iOS on the Apple devices:

    http://support.microsoft.com/kb/2563324

    Current issues with Microsoft Exchange ActiveSync and Third Party Devices

    Sunday, December 4, 2011 1:23 PM
  • Check the IIS logs and post relevant section.


    Sukh
    Sunday, December 4, 2011 5:41 PM
  • The 4s iPhones have IOS ver 5.0.1 (9A405) and our Exchange Server is 2007 with SP3 and all the updates included as well as the .Net Framework updates.

    Here is what I get from the Exchange Server Event Logs

    Event Type: Warning
    Event Source: MSExchange ActiveSync
    Event Category: Requests
    Event ID: 1019
    Date:  12/5/2011
    Time:  8:00:15 AM
    User:  N/A
    Computer: WOLVERINE
    Description:
    A blocked device of user [thebabyfold.org\user], device id = [ApplDNRGQ5VGDTD0],  is attempting to synchronize with Exchange ActiveSync.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


    James
    Monday, December 5, 2011 3:04 PM
  • 2011-12-05 00:03:53 W3SVC1 192.168.1.16 POST /Microsoft-Server-ActiveSync/default.eas User=user&DeviceId=ApplDNRGQ5VGDTD0&DeviceType=iPhone&Cmd=FolderSync&Log=V121_LdapC0_LdapL0_RpcC9_RpcL15_Ers1_Pk0_Error:DeviceIsBlockedForThisUser_ 443 domain.org\user 166.137.142.108 Apple-iPhone4C1/901.405 403 0 0

    Any ideas?

     

     


    James
    Monday, December 5, 2011 3:12 PM
  • Well this seems to be your error -

    Error:DeviceIsBlockedForThisUser

    Either the device is blocked or you may have some policy blocking see, or the policy is not being applied properly.


    Sukh
    Monday, December 5, 2011 3:17 PM
  • Would you happen to know how I unblock it in Exchange 2007?  I have not found any information anywhere where I can remove this blocked device and the policy setting.  Our Mailbox policy is not set to block anything or shows a place to block on unblock anything.

    TIA


    James
    • Edited by Nonprofit Monday, December 5, 2011 3:26 PM
    Monday, December 5, 2011 3:23 PM
  • See this  -http://www.msexchange.org/articles_tutorials/exchange-server-2007/mobility-client-access/mobility-client-access/mobile-messaging-exchange-server-2007-part2.html

    But it could be the policy isnt being applied.


    Sukh
    Monday, December 5, 2011 3:26 PM
  • The odd part is that the policy is being applied because in Manage Mobile Devices (OWA) it shows Device - iPhone, Last Sync Time - BLANK, Status - (OK First Sync on: Fri 12/2/2011 1:03 PM, Device ID: ApplDNRGQ5VGDTD0.  I also shows this in Mobile device of the Exchange Management Console.  It still seems like it is blocking the device but I am not sure where.  I can go back to the iPhone 3Gs and it works fine but not the 4s and they are both on IOS 5.0.1.
    James
    Monday, December 5, 2011 3:43 PM
  • Try creating a test AS policy that allows non-provisional devices and apply to this mailbox and see if it can then sync.

    Can you post your existing policy?

     

    Monday, December 5, 2011 4:15 PM
  • I have created a new user policy called iPhone Test with all the defaults with exception of the non provisioned devices and I deleted the email profile on the phone and user and then re-added it.  When adding the Exchange account to the phone it works fine and the verifying completes normally but when I go back to mail (on iphone) and sync it says Cannot Get Mail - The connection to the server failed. 
    James
    Monday, December 5, 2011 5:03 PM
  • I assume the IIS logs show the same error?
    Sukh
    Monday, December 5, 2011 5:06 PM
  • I have created a new user policy called iPhone Test with all the defaults with exception of the non provisioned devices and I deleted the email profile on the phone and user and then re-added it.  When adding the Exchange account to the phone it works fine and the verifying completes normally but when I go back to mail (on iphone) and sync it says Cannot Get Mail - The connection to the server failed. 
    James


    and what is in the event logs on the server? Also, are you doing any reverse-proxying or filtering or do the devices connect directly to the Exchange Server?

     

    Monday, December 5, 2011 6:30 PM
  • Event Type: Warning
    Event Source: MSExchange ActiveSync
    Event Category: Requests
    Event ID: 1019
    Date:  12/5/2011
    Time:  2:05:22 PM
    User:  N/A
    Computer: WOLVERINE
    Description:
    A blocked device of user [domain\user], device id = [ApplDNRGQ5VGDTD0],  is attempting to synchronize with Exchange ActiveSync.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

     

    We are not doing reverse-proxying or filtering and the devices connect directly to Exchange.


    James
    Monday, December 5, 2011 8:08 PM
  • Event Type: Warning
    Event Source: MSExchange ActiveSync
    Event Category: Requests
    Event ID: 1019
    Date:  12/5/2011
    Time:  2:05:22 PM
    User:  N/A
    Computer: WOLVERINE
    Description:
    A blocked device of user [domain\user], device id = [ApplDNRGQ5VGDTD0],  is attempting to synchronize with Exchange ActiveSync.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

     

    We are not doing reverse-proxying or filtering and the devices connect directly to Exchange.


    James


    I would set the test policy to allow everything ( allow simple password, attachments etc...and not require anything - in other words - wide open) and apply to the mailbox and test. It may take a bit before its applied once you make that change. 

     

     

     

    Monday, December 5, 2011 8:49 PM
  • I have more info about this that maybe will help find a solution.  I have configured the same phone with a user that has never had an ActiveSync partnership and VIOLA it works!  When I attempt to go back to the original user then it does not work.  It almost sounds like a corruption in the Apple/Exchange partnership because I add/remove the phone and it still does not work.  I continue to get the blocked device of user.  Any other ideas?  Thanks for all your help with this.  I will try your notes above A_D.
    James
    Monday, December 5, 2011 10:11 PM
  • Hi,
    Does this user have a value configured for ActiveSyncAllowedDeviceIDs ?
    Check with: get-casmailbox USER | fl Name, ActiveSyncAllowedDeviceIDs

    If so, then that's the problem.

     


    Martina Miskovic - http://www.nic2012.com/
    Tuesday, December 6, 2011 12:03 AM
  • Hi
       Try to verify with:
       https://www.testexchangeconnectivity.com/
       This is similar case and user turn off WIFI.
        http://social.technet.microsoft.com/Forums/en-US/exchangesvrgeneral/thread/65516211-ab32-41e2-9066-30293b1bcc58
       Maybe it is helpful to you.

    Terence Yu

    TechNet Community Support

    Tuesday, December 6, 2011 2:24 AM
  • Martina when i run get-casmailbox USER | fl Name, ActiveSyncAllowedDeviceIDs I get:

     

    ActiveSyncAllowedDeviceIDs : {Appl86939DJCNR} which is probably the old 3Gs phone.  The odd part is that the user currently does not have a mobile device associated to it via the Exchange Management Console and I do not see anything in the OWA for a mobile device.  I seems like I will need to remove this assocation before I can add the new iPhone 4s.  Do you know how to remove this via the shell or any other way?


    James
    Tuesday, December 6, 2011 2:55 PM
  • Hi James,
    You can remove that value by running:
    set-CASMailbox USER -ActiveSyncAllowedDeviceIDs $null

    That value is only populated manually...someone did it and it's a good way to block a user from using EAS with a device not approved by the Company.
    In your case..that was a problem more than a solution :)
    Martina Miskovic - http://www.nic2012.com/
    • Marked as answer by Nonprofit Tuesday, December 6, 2011 6:05 PM
    Tuesday, December 6, 2011 3:02 PM
  • Martina this WORKED!!!! awesome and thanks for everyone's help.
    James
    Tuesday, December 6, 2011 6:09 PM
  • Super, thanks for the update!! :)
    Martina Miskovic - http://www.nic2012.com/
    Tuesday, December 6, 2011 6:10 PM
  • This worked for me to resolve the saem symptoms and event ID 1019.
    Friday, November 16, 2012 11:27 AM