Exchange 2007/2010 Active Sync 0x85010004 or 85010014

Are you using the administrator account to test with activesync? You shouldn’t be!

If you are getting these messages in Event Log: User “domainnameadministrator” cannot synchronize their mobile phone with their mailbox because  Exchange ActiveSync has been disabled for this user.

And on your Windows Mobile phone have error code 0x85010004

It’s probably because you’re trying to use the administrator account to test with! This is not supported under Exchange 2007/2010 as the administrator does not inherit permissions in AD which makes it hard to give it activesync rights. Use a user’s account instead!

If this is not the case, then try one of two things (I found this normally happens when migrating from 2003 -> 2007/2010 – never seen it with a fresh install)

  1. Remove and recreate ActiveSync Directory (use Exchange Powershell)
    Remove-ActiveSyncVirtualDirectory -Identity “Microsoft-Server-ActiveSync (Default Web Site)”New-ActiveSyncVirtualDirectory -Server “xxx” -WebSiteName “Default Web Site” -ExternalURL “http://www.xxx.com/Microsoft-Server-ActiveSync

    or for a single server deployment
    New-ActiveSyncVirtualDirectory -WebSiteName “Default Web Site” -ExternalURL “http://www.xxx.com/Microsoft-Server-ActiveSync

  2. Use the powershell to give the user ActiveSync rights
    Set-CASMailbox -Identity <username> -ActiveSyncEnabled $true

    Also, more specifically for error 85010014
    Make sure you check that the user does Inherit permissions from the parent. Load up ADU&C – Make Sure View -> Advanced Options is ticked – Find User – Properties – Security – Advanced – Tick Allow Inheritable Permissions from the Parent… Ok all the way back out.

Other than that, make sure you check the obvious. Are you using SSL on both the Exchange and device side, or are you turning it off? It must match up.

Leave a Reply

Your email address will not be published. Required fields are marked *