Are you using the administrator account to test with activesync? You shouldn’t be!
If you are getting these messages in Event Log: User “domainnameadministrator” cannot synchronize their mobile phone with their mailbox because Exchange ActiveSync has been disabled for this user.
And on your Windows Mobile phone have error code 0x85010004
It’s probably because you’re trying to use the administrator account to test with! This is not supported under Exchange 2007/2010 as the administrator does not inherit permissions in AD which makes it hard to give it activesync rights. Use a user’s account instead!
If this is not the case, then try one of two things (I found this normally happens when migrating from 2003 -> 2007/2010 – never seen it with a fresh install)
- Remove and recreate ActiveSync Directory (use Exchange Powershell)
Remove-ActiveSyncVirtualDirectory -Identity “Microsoft-Server-ActiveSync (Default Web Site)”New-ActiveSyncVirtualDirectory -Server “xxx” -WebSiteName “Default Web Site” -ExternalURL “http://www.xxx.com/Microsoft-Server-ActiveSync”
or for a single server deployment
New-ActiveSyncVirtualDirectory -WebSiteName “Default Web Site” -ExternalURL “http://www.xxx.com/Microsoft-Server-ActiveSync“
- Use the powershell to give the user ActiveSync rights
Set-CASMailbox -Identity <username> -ActiveSyncEnabled $true
Also, more specifically for error 85010014
Make sure you check that the user does Inherit permissions from the parent. Load up ADU&C – Make Sure View -> Advanced Options is ticked – Find User – Properties – Security – Advanced – Tick Allow Inheritable Permissions from the Parent… Ok all the way back out.
Other than that, make sure you check the obvious. Are you using SSL on both the Exchange and device side, or are you turning it off? It must match up.