none
Exchange ActiveSync doesn't have sufficient permissions

    Question

  • In one of our cas servers getting the following error.

    Anybody have any idea why this error kindly share.

    Exchange ActiveSync doesn't have sufficient permissions to create the "CN=a,OU=b-Administrators,DC=comany,DC=domain,DC=domain " container under Active Directory user "Active Directory operation failed on SRVINFDCDR01.kfupm.edu.sa. This error is not retriable. Additional information: Access is denied.
    Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
    ".
    Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type "msExchangeActiveSyncDevices" and doesn't have any deny permissions that block such operations.

    Details:%3


    Ashraf
    Monday, September 26, 2011 4:57 AM

Answers

  • Are you trying to setup a new ActiveSync device?

    If so, please check the following in your active directory:

    • Open the Active Directory Users and Computers and go to “View” and select “Advanced Features
    • After that, find the user who is not able to use the ActiveSync, and double-click him, and go to “Security” tab then click “Advanced”…
    • Then just check the ckeck-box “Include inheritable permissions from this object’s parent” and click OK to close all the other windows…
    • After this, the user should be able to connect to the server using ActuveSync with no problems…

     

    Please let me know if this helped you

    Regards


    Saleh Ramadan
    • Proposed as answer by Saleh Ramadan Monday, September 26, 2011 6:58 AM
    • Marked as answer by P T Ashraf Monday, September 26, 2011 8:47 AM
    Monday, September 26, 2011 6:52 AM

All replies

  • Hi Ashraf,
    Check out the information in this thread http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/a536ff7b-90e1-4b8a-82d0-ae5111d5c607

    Martina Miskovic - http://www.nic2012.com/
    Monday, September 26, 2011 5:28 AM
  • Are you trying to setup a new ActiveSync device?

    If so, please check the following in your active directory:

    • Open the Active Directory Users and Computers and go to “View” and select “Advanced Features
    • After that, find the user who is not able to use the ActiveSync, and double-click him, and go to “Security” tab then click “Advanced”…
    • Then just check the ckeck-box “Include inheritable permissions from this object’s parent” and click OK to close all the other windows…
    • After this, the user should be able to connect to the server using ActuveSync with no problems…

     

    Please let me know if this helped you

    Regards


    Saleh Ramadan
    • Proposed as answer by Saleh Ramadan Monday, September 26, 2011 6:58 AM
    • Marked as answer by P T Ashraf Monday, September 26, 2011 8:47 AM
    Monday, September 26, 2011 6:52 AM
  • thankx

     


    Ashraf
    Monday, September 26, 2011 8:47 AM
  • Thanks very much for your post.  I have not been able to get my work iPhone to sink at all and this fixed it with just a few clicks.  Verizon and Apple were not able to help me with this and your were.  Thanks again.

    Thursday, December 01, 2011 5:07 PM
  • Thanks a lot mate..!!!!

    Zenon

    Tuesday, April 03, 2012 10:25 AM
  • Thank you so much.... This has really helpded me.
    Monday, May 14, 2012 9:30 AM
  • Thank you !
    Tuesday, August 28, 2012 11:44 PM
  • THANKS!
    Thursday, October 25, 2012 3:27 PM
  • Thanks, this fixed the problem for my end user.
    Tuesday, December 11, 2012 10:29 PM
  • Perfect, Thanks!!
    Thursday, January 17, 2013 6:32 PM
  • That works on most devices. But others I still get errors despite the fact that they have the inherited permissions. 
    Tuesday, May 28, 2013 3:34 PM
  • Fixed. Cheers
    Wednesday, July 10, 2013 11:13 PM
  • Great Thanks!!

    Pär

    Friday, July 12, 2013 5:53 AM
  • Thank you so much
    Tuesday, August 20, 2013 7:29 AM
  • Thanks. This is solved my problem.


    Mohammed Shah Newaj

    Wednesday, October 02, 2013 11:33 AM
  • After migration from 2007 to 2010 this problem appear. Finally this post, fix the problem with activesync on all mobile devices. You need to wait a little and everything goes fine.

    THANK YOU !

    Friday, November 29, 2013 12:52 AM
  • Hi,

    Thanks a lot for this resolution... it was indeed a great help

    Tuesday, February 25, 2014 7:01 AM
  •   Thank you Saleh, This helped me to save a lot of time. :)

    Thursday, March 13, 2014 8:20 AM
  • Some times you have to do this.

    • Start Active Directory Users and Computers.
    • Click View, and then click to enable Advanced Features.
    • Right-click the object where you want to change the Exchange Server permissions, and then click Properties.

      Note You can change permissions against a user, an organizational unit, or a domain.
    • On the Security tab, click Advanced.
    • Click Add, type Exchange Servers, and then click OK.
    • In the Apply to box, click Descendant msExchActiveSyncDevices objects.
    • Under Permissions, click to enable Modify Permissions.
    • Click OK three times.
    Monday, April 14, 2014 8:03 PM
  • Actually the steps you're talking about aren't in windows server 2008 ..
    Friday, September 25, 2015 7:07 PM
  • I have some users with this box unchecked and they're able to use ActiveSync without any erros. Why should check that box for that one user.

    Friday, September 25, 2015 7:22 PM
  • Are you trying to setup a new ActiveSync device?

    If so, please check the following in your active directory:

    • Open the Active Directory Users and Computers and go to “View” and select “Advanced Features
    • After that, find the user who is not able to use the ActiveSync, and double-click him, and go to “Security” tab then click “Advanced”…
    • Then just check the ckeck-box “Include inheritable permissions from this object’s parent” and click OK to close all the other windows…
    • After this, the user should be able to connect to the server using ActuveSync with no problems…

     

    Please let me know if this helped you

    Regards


    Saleh Ramadan
    Worked perfectly! thanks!

    TICProfesional

    Monday, October 26, 2015 11:03 AM
  • This is a solution to my problem as well.

    On my Android Marshmallow device, trying to create an Exchange account, it showed the following error.

    cannot connect to the server. (status: 111)

    Best regards, Maarten.


    Thursday, November 12, 2015 11:00 AM
  • Thanks, very full!!!
    Thursday, February 25, 2016 2:17 PM
  • Works for me!

    Thank you!

    Thursday, September 08, 2016 4:55 AM