Microsoft Exchange ActiveSync Error 500

Problem

On a new deployment of Exchange 2013, Active Sync is not working

Symptoms

  1. Mobile device fails to connect to mailbox “Unable to connect to server”
  1. You see the following error in the HTTP Proxy log:

EAS_500-1

  1. Also, in the application event log on your Exchange server you see Event ID 1053

EAS_500-2

Cause

Inheritance is disabled on the user account

EAS_500

As per this Microsoft KB article:

“The first time that a user tries to synchronize an EAS device, the Microsoft Exchange Server tries to create a container of the type msExchActiveSyncDevices under the user object in Active Directory Domain Services (AD DS). The Exchange Server then tries to change permissions on the container.

By default, the Exchange Server group has rights to Create and Delete msExchActiveSyncDevices objects. However, the Exchange Server group does not have rights to change permissions on msExchActiveSyncDevices. Instead, the rights are inherited from the Owner Rights security principal. By default, the Owner Rights security principal has Full Control permissions.

If the permissions for the Owner Rights security principal are changed, the issue that is described in the “Symptoms” section can occur.”

In my case, my customer had a 3rd party Identity Management solution deployed to manage active directory user accounts, which had disabled inheritance.

Solution

Enable Inheritance on the properties of the user account

Leave a Reply

Your email address will not be published. Required fields are marked *