2012-09-24

Exchange ActiveSync doesn't have sufficient permissions


If you are having trouble configuring Exchange ActiveSync on your mobile device and Event Logs on Exchange Server report this error:
Exchange ActiveSync doesn't have sufficient permissions to create the "CN=Someone,OU=Users,DC=company,DC=domain,DC=com" container under Active Directory user "Active Directory operation failed on exchange.domain.com. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
".
Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type "msExchangeActiveSyncDevices" and doesn't have any deny permissions that block such operations.
You need to enable inheritance on the user having this problem:
Open Active Directory Users and Computers
Turn on Advanced Features under View
Open properties of the user you are trying to setup ActiveSync for
On Security tab select Advanced
Tick check-box next to "Allow inheritable permissions from the parent to propagate to this object and all child objects. Include these with entries explicitly defined here."
Click OK and OK again.

If after some time you notice that inheritable permissions are gone read here - http://www.pupils.lt/?p=524
Links:


No comments:

Post a Comment