询问者
Unable to edit/delete/create Active Sync Policies

-
Hi,
we do have a Exchange 2010 SP3 RU21 System running on Server 2008 R2 since many years. Since years we do have 3 Active Sync policies which globally allow our devices. Now we wanted to enable the Active Sync Quarantine. For this we deleted the Device Rules and changed the global Setting to "Quarantine". (BTW: The devices which should be allowed were already set to "Individual")
After about 30 seconds all changes we made are gone and the original setting is again there.
We tried the following:
- Change the Settings in /ecp
- Change the Settings in Powershell
- Change the Settings in ADSIEdit (CN=RuleName,CN=Mobile Mailbox Settings,CN=ForPe01,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local
- Tried to create new AS Policies (they will be deleted automatically)
There is no corresponding Eventlog when the setting is set or reversed to its default.
Any ideas whats causing this and how to fix this?
Domain Controllers are Windows Server 2012 R2 Fully Patched
Thanks!
Peter Forster
Gscheidwaschl
Blog
Note: Posts are provided "AS IS" without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
问题
全部回复
-
Hi Peter,
Could you provide the detailed steps you have done? How did you change the global setting?
Try to remove device rules via the following command, did you get any error?
Get-ActiveSyncDeviceAccessRule RuleName| Remove-ActiveSyncDeviceAccessRule
Moreover, you can also refer to the following article and check if provides any hints:
Preventing New ActiveSync Device Types from Connecting to Exchange Server 2010
Creating ActiveSync Device Access Rules in Exchange Server 2010
Best Regards,
Niko Cheng
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.
Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams. -
Hi,
correct - we have tried it with:
Get-ActiveSyncDeviceAccessRule RuleName| Remove-ActiveSyncDeviceAccessRule and with
Get-ActiveSyncDeviceAccessRule | Remove-ActiveSyncDeviceAccessRuleThe global Setting was done with:
Set-ActiveSyncOrganizationSettings -DefaultAccessLevel Quarantine -AdminMailRecipients recipient@customer.com -UserMailInsert "You are not allowed to use this mobile phone without approval"
Peter Forster
Gscheidwaschl
Blog
Note: Posts are provided "AS IS" without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
-
Hi Peter,
Can you do any other changes on this server ? Such as modify the specific property of a test mailbox, will the change be reverted back ?
Best Regards,
Niko Cheng
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.
Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams. -
Hi,
changes on mailboxes are working fine. Also I just tried to edit for instance the organization Transportsettings which works fine.
Peter Forster
Gscheidwaschl
Blog
Note: Posts are provided "AS IS" without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.