none
Unable to edit/delete/create Active Sync Policies

    問題

  • Hi,

    we do have a Exchange 2010 SP3 RU21 System running on Server 2008 R2 since many years. Since years we do have 3 Active Sync policies which globally allow our devices. Now we wanted to enable the Active Sync Quarantine. For this we deleted the Device Rules and changed the global Setting to "Quarantine". (BTW: The devices which should be allowed were already set to "Individual")

    After about 30 seconds all changes we made are gone and the original setting is again there.

    We tried the following:

    • Change the Settings in /ecp
    • Change the Settings in Powershell
    • Change the Settings in ADSIEdit (CN=RuleName,CN=Mobile Mailbox Settings,CN=ForPe01,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local
    • Tried to create new AS Policies (they will be deleted automatically)

    There is no corresponding Eventlog when the setting is set or reversed to its default.

    Any ideas whats causing this and how to fix this?

    Domain Controllers are Windows Server 2012 R2 Fully Patched 

    Thanks!


    Peter Forster

    Gscheidwaschl

    Blog

    Note: Posts are provided "AS IS" without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    2018年7月6日 上午 08:57

所有回覆

  • Hi Peter,

    Could you provide the detailed steps you have done? How did you change the global setting?

    Try to remove device rules via the following command, did you get any error?

    Get-ActiveSyncDeviceAccessRule RuleName| Remove-ActiveSyncDeviceAccessRule

    Moreover, you can also refer to the following article and check if provides any hints:

    Preventing New ActiveSync Device Types from Connecting to Exchange Server 2010

    Creating ActiveSync Device Access Rules in Exchange Server 2010


    Best Regards,
    Niko Cheng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    2018年7月9日 上午 09:17
    版主
  • Hi,

    correct - we have tried it with:

    Get-ActiveSyncDeviceAccessRule RuleName| Remove-ActiveSyncDeviceAccessRule and with
    Get-ActiveSyncDeviceAccessRule | Remove-ActiveSyncDeviceAccessRule

    The global Setting was done with:

    Set-ActiveSyncOrganizationSettings -DefaultAccessLevel Quarantine -AdminMailRecipients recipient@customer.com -UserMailInsert "You are not allowed to use this mobile phone without approval"


    Peter Forster

    Gscheidwaschl

    Blog

    Note: Posts are provided "AS IS" without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    2018年7月9日 上午 09:36
  • Hi Peter,

    Can you do any other changes on this server ? Such as modify the specific property of a test mailbox, will the change be reverted back ?


    Best Regards,
    Niko Cheng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    2018年7月11日 上午 09:29
    版主
  • Hi,

    changes on mailboxes are working fine. Also I just tried to edit for instance the organization Transportsettings which works fine.


    Peter Forster

    Gscheidwaschl

    Blog

    Note: Posts are provided "AS IS" without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    2018年7月11日 上午 11:44