Home | Site Map | Cisco How ToNet How To | Wireless |Search | Forums | Services | Donations | Careers | About Us | Contact Us|

Exchange 2010 sp1 ActiveSync not working for HTC

Tablet, Smart Phone, other Internet devices

Exchange 2010 sp1 ActiveSync not working for HTC

Postby blin » Wed Mar 23, 2011 2:31 pm

Hi

Had my HTC Desire (which shows up as Bravo) ActiveSync all working fine with Exchange 2010.

My phone is runing this firmware http://www.htc.com/au/SupportViewNews.a ... ews_id=751 which is meant to be updated for improved Exchange server support.

It worked on this firmware until I updated our 2 CAS servers to Exchange 2010 sp1. (Have not updated the mailbox servers yet).

OWA is fine and ActiveSync is still working fine with iPhones and iPads.

HTC gets immediately Denied Access (shown in the IIS logs and also under the user mailbox, Phone and Voice features, ActiveSync in ECP).

Our default policy applies to my mailbox, which is to allow all devices, not require password etc etc.

I tried changing the default AcvtiveSync Access setting in ECP to Quarantine All Devices.

It then quatantined the connecting iPhones and iPads, but still blocked the HTC at the user mailbox level (it never went to the Quarantined Devices at all).

Seems like it no longer fully supports my device for some reason.

I can access my mailbox via ActiveSync using https://www.testexchangeconnectivity.com/ so there is nothing wrong with the mailbox settings.

On the HTC device, it accepts the mailbox credentials then comes up with "Failed to create the account. Please try again later." when trying to sync.

This seems to be a generic error with the HTC though as does not really identify the issue.

Regards

Mark.
How to Configure and Troubleshoot Cisco
http://www.howtocisco.com

Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com
blin
Site Admin
 
Posts: 3642
Joined: Wed Dec 31, 1969 7:00 pm
Location: Chicago, USA

Re: Exchange 2010 sp1 ActiveSync not working for HTC

Postby blin » Wed Mar 23, 2011 2:32 pm

I think I found the fix. or at least for one of the androids that I have. I will test with more tomorrow. but i created a new policy and set it up just like the default policy. and then assigned the new policy to the user with the android and it now works. I wish I could say this was my fix but the same thing happened in 2007 with some other phones. I have about 7 more models to test tomorrow but so far with 2 different ones that are having problems syncing this has worked

on one I did have to set it to allowed at the individual. by useing the set-casmailbox command. but all others have worked after I removed the profile from the android and re-set it up.


--------------------------------------------------------------------------------
How to Configure and Troubleshoot Cisco
http://www.howtocisco.com

Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com
blin
Site Admin
 
Posts: 3642
Joined: Wed Dec 31, 1969 7:00 pm
Location: Chicago, USA

Re: Exchange 2010 sp1 ActiveSync not working for HTC

Postby blin » Wed Mar 23, 2011 2:33 pm

This is a known issue with certain versions of Android OS on phones available from different manufacturers and service providers. The only verified solution that we know of at this moment has come thru this community, as 'Mitch Roberson' has written below, I have marked that as an 'Answer' as well.

Now, let me list some related details here for everyone's information.

Phones are actually running into a provisioning issue against Exchange 2010 Server. This is evident from the IIS logs pastd below by some users and the logs we have seen in Microsoft Support. For example, you will see the following in IIS Log:

2010-08-31 20:38:54 192.168.2.6 POST /Microsoft-Server-ActiveSync/default.eas Cmd=FolderSync&User=johndoe&DeviceId=validate&DeviceType=Android&
Log=V120_Ssnf:T_LdapC13_LdapL16_RpcC35_RpcL63_Ers1_Cpo19453_Fet20015_Pk0_
Error:DeviceNotProvisioned_As:BlockedP_Mbx:mail.contoso.local_Dc:dc01.contoso.local_Throttle0_Budget:(D)Conn%3a1%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f1%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f1%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5F7fd952bb-6275-4010-8c3e-bb47f4cea08f%2cNorm%5bResources%3a(Mdb)DB1(Health%3a-1%25%2cHistLoad%3a0)%2c(DC)dc01.contoso.local(Health%3a-1%25%2cHistLoad%3a0)%2c(DC)dc02.contoso.local(Health%3a-1%25%2cHistLoad%3a0)%2c%5d_ 443 contoso\johndoe 75.204.200.137 Android/0.3 449 0 64 20734

You can see that the Android mobile device is sending a 'FolderSync' EAS command to server for user JohnDoe with the DeviceID = Validate and Type = Android, and is being blocked by Exchange as it is not responding properly to the provision command from server. This is implemented thru Default Throttling Policy and the error it geenrates is error code: 449 (which essentially means device provisioning has failed). Generally this happens when client does not respond properly to provisioning commands from server where server informs mobile device that there are certain EAS policies applied by the Exchange Server Administrator and device needs to acknowledge those for implementation. This happens mostly when the device does not support all or a subset of EAS policies being implemented by the Exchange Server Administrator.

If you bring up the EMS command prompt and enter the following command, you will see the following output (similar to what we saw above in IIS Log):

Output of “Get-ActiveSyncDeviceStatistics -mailbox:johndoe”: (truncated)

RunspaceId : f0323f7c-b3a6-4102-ab5b-d1df0464e318
FirstSyncTime : 8/31/2010 8:38:34 PM
DeviceType : Android
DeviceID : validate
DeviceUserAgent : Android/0.3
DeviceModel : Android
DeviceEnableOutboundSMS : False
Identity : contoso.local/Test/John Doe/ExchangeActiveSyncDevices/Android§validate
Guid : a5750d0c-189c-4ccc-9b22-e5c87845f5c0
IsRemoteWipeSupported : False
Status : DeviceOk
DeviceAccessState : Blocked
DeviceAccessStateReason : Policy
DevicePolicyApplied : Corp
DevicePolicyApplicationStatus :NotApplied
DeviceActiveSyncVersion : 12.0
NumberOfFoldersSynced : 0

We have seen this issue mostly with devices using Android 2.1, users who have been able to update their devices with Android 2.2 somehow, stopped running into this issue, without making any changes on the server side.

I contacted HTC Support (on 9/28 via http://www.htc.com/us/support/e-mail) about this issue and they responded (like other users have reported here), please keep in mind this can change at any time in future, so please contact HTC Support directly for updates:

"At this time we do not have any Android based device that will sync with an Exchange 2010 Server. We may provide future Android devices that do offer this. However, as there is currently no release information for any upcoming devices, we encourage you to continually visit HTC’s product page at http://www.htc.com/us"

While working on this issue we also discovered that Android provided limited support for EAS policies and is working to continually improve it in their upcoming versions. For more information, please see related posts below. Again, this information is subject to change at any moment, so please refer to Android website (http://code.google.com/p/android/issues/list) for current info.

1. http://code.google.com/p/android/issues/detail?id=9426 : "we only support the basic (EAS 2.5) features in Froyo. So if your server requires, for example, password history or expiration, or complex characters, then it won't be provisionable in Froyo. Our goal is to provide more policy support in future versions, but for now we support - password (PIN/alpha), minimum characters, max. fails to wipe, inactivity timeout, and remote wipe.”

2. Exchange Device Password policy not enforced when "Allow non-provisionable devices" is selected: http://code.google.com/p/android/issues/detail?id=8601
Fix for this issue is in the Android 2.2.1 Update, released recently (for Nexus One users, may not be available thru other service providers at this time, contact your service provider for any updates that they can provide for your device), Android now implements the policies it can rather than ignoring all policies and thus it can successfully sync with the server.

Hope this helps!


--------------------------------------------------------------------------------
Sr. Program Manager, Product Quality, Exchange Client Access Server
How to Configure and Troubleshoot Cisco
http://www.howtocisco.com

Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com
blin
Site Admin
 
Posts: 3642
Joined: Wed Dec 31, 1969 7:00 pm
Location: Chicago, USA

Re: Exchange 2010 sp1 ActiveSync not working for HTC

Postby blin » Wed Mar 23, 2011 2:38 pm

In my case, I recently completed a weekend migration from Exchange 2003 SP2 to Exchange 2010 SP1. On the initial testing, the next business day, it was discovered the Android phones were all down and I was able to confirm the exact same results already documented throughout this thread. Fortunately, through reading all the comments, I was able to piece together what appears to be a working method.. at least for me.

I resolved my issues with the Android hansets by performing the following:

1) Remove the Android mobile devces affected from each users mailboxes.

2) Remove the Default (and any other ActiveSync) policy using EMC -- Remove-ActiveSyncMailboxPolicy -id <Default>

Note: this will set all user to no activesync policy (this is what we want temporarily)....

3) Setup the Andriod phones to sync and let them get past the initial syncronization.

4) Recreated the ActiveSync Policy and set it back to default - (this will reapply the policy to all mailboxes).

This method works greate for a small environment but obviously isn't a solution for larger shops (sorry).....

From what I can tell, the 'blocking' issue only appears to occur on the initial sync attempt from a Droid - though a permantent resolution appear to be either a hotfix from Microsoft (hint hint) and/or an Android update.
How to Configure and Troubleshoot Cisco
http://www.howtocisco.com

Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com
blin
Site Admin
 
Posts: 3642
Joined: Wed Dec 31, 1969 7:00 pm
Location: Chicago, USA

Re: Exchange 2010 sp1 ActiveSync not working for HTC

Postby blin » Wed Mar 23, 2011 2:40 pm

Today I founded sollution. It's not secure, but works. You just need to remove all ActiveSync policies.

To remove default policy write command in EPS: Remove-ActiveSyncMailboxPolicy -id <Default>
How to Configure and Troubleshoot Cisco
http://www.howtocisco.com

Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com
blin
Site Admin
 
Posts: 3642
Joined: Wed Dec 31, 1969 7:00 pm
Location: Chicago, USA

Re: Exchange 2010 sp1 ActiveSync not working for HTC

Postby guest » Wed Mar 23, 2011 3:14 pm

- Steps to reproduce the problem.
Exchange 2007 Activesync Policy that requires device password
4 Digit Pin as minimum
Configure Nexus One 2.2 device to connect
No prompt to turn on device password

- What happened.
Email, Calender and contacts syncs with no device password in place

- What you think the correct behavior should be.
When setting up an Exchange email account that requires a device password:
User should be prompted to create a device password to match at least the
policy requirements
If no device password is set then syncing should not occur
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 10191
Joined: Mon Nov 27, 2006 1:10 pm


Return to Do-It-Yourself

Your Ad Here

Who is online

Users browsing this forum: No registered users and 4 guests