We are migrating users from Exchange 2003 in Domain B to Exchange 2010 in Domain A and everything works as it should except ActiveSync. The user is staying in Domain B just the mailbox is moving to an Exchange 2010 server in Domain A. When I try to sync my iPhone it says Cannot Get Mail The connection to the server failed. When I try ExRCA I get the following ----------------------------------------------------------------------------------------------- An ActiveSync session is being attempted with the server. Errors were encountered while testing the Exchange ActiveSync session. Test Steps Attempting to send the OPTIONS command to the server. The OPTIONS response was successfully received and is valid. Additional Details Attempting the FolderSync command on the Exchange ActiveSync session. The test of the FolderSync command failed. Tell me more about this issue and how to resolve it Additional Details Exchange ActiveSync returned an HTTP 500 response. ----------------------------------------------------------------------------------------------- I know this is classic "Include inheritable permissions from this object's parent" but my problem is the box is ticked on the problem user and its not a member of any Admin Groups. When a user from Domain A connects via ActiveSync it works fine but any user that has been migrated from Domain B does not. Looking in the Security tab in ADUC the user from Domain B does not have the Exchange Groups (Organisation Management, Exchange Trusted Subsystem, Exchange Windows Permissions, and Exchange Enterprise Servers) but adding them manually does not fix the issue. It wont let me add Exchange Enterprise Servers but I have added the other with read access the same as a user that is working. What permissions am I missing?

What if you create a new account on Exch 2010 and test EAS? I assume 2010 is exposed for EAS? And you are sure about the admin membership? For the failed user check the IIS logs & see what that says? Are you publishing EAS?Sukh

Go over blog, covers AS issues I've encountered for 2003-2010 migrations. http://msexchangetips.blogspot.com/2012/04/exchange-2003-migration-to-exchange.htmlJames Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Hi, Are you using Linked Mailboxes? You don't mention how you enter the logon credentials, but make sure you use UPN from Source Domain.Martina Miskovic

Thanks for the replies guys. In the logs I'm getting the following error when I'm trying to connect. DeviceType=iPhone&Cmd=Search&Log=V140_LdapC3_LdapL63_RpcC14_RpcL15_Cpo18796_Fet20033_Pk0_S110_Error :ADObjectWithNoSecurityDescriptor_Mbx:EXCHANGESERVER.DOMAINA.COM_Dc:DC1.DOMAINA.com_Throttle0_Budget:(D)Conn%3a1%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f2%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f0%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5F4b87cdaa-cd50-4494-aad2-93e6fe37c17d%2cNorm%5bResources%3a(Mdb)Mailbox+Database+1328929854(Health%3a-1%25%2cHistLoad%3a0)%2c(DC)DC1.DOMAINB.COM(Health%3a-1%25%2cHistLoad%3a0)%2c%5d_ 443 DOMAINB\TestUser (PublicIP) Apple-iPhone3C1/902.206 200 0 64 20423 ActiveSync is working fine for users in Domain A so I'm thinking the users in Domain B are missing permissions as per Error:ADObjectWithNoSecurityDescriptor

Hi, Are you using Linked Mailboxes? You don't mention how you enter the logon credentials, but make sure you use UPN from Source Domain. Martina Miskovic I'm not using linked mailboxes as the two domains are in the same forest. The user credentials on the iPhone are entered for you. They ask for username and domain in seperate fields.

Hi Please have a look on below link http://technet.microsoft.com/en-us/library/dd439375(EXCHG.80).aspx It said "If the user is a member of certain protected groups such as Domain Administrators, it is normal for this box to be unchecked. If you are experiencing a problem with members of these protected groups you should check the permissions on the AdminSDHolder object." CheersZi Feng TechNet Community Support

Ok, so you are only moving the mailboxes to DomainB so there's no migration involved. Have you prepared DomainB for Exchange 2010? You need to if you'll have users there with Exchange 2010 Mailboxes.Martina Miskovic

Hi Please have a look on below link http://technet.microsoft.com/en-us/library/dd439375(EXCHG.80).aspx It said "If the user is a member of certain protected groups such as Domain Administrators, it is normal for this box to be unchecked. If you are experiencing a problem with members of these protected groups you should check the permissions on the AdminSDHolder object." Cheers Zi Feng TechNet Community Support I think this has something to do with it as the "Exchange Servers" group does not have any permissions for the user object. I have added them manually for the test user but this still does not work.

Ok, so you are only moving the mailboxes to DomainB so there's no migration involved. Have you prepared DomainB for Exchange 2010? You need to if you'll have users there with Exchange 2010 Mailboxes. Martina Miskovic I am moving the mailbox from an Exchange 2003 server in Domain B to an Exchange 2010 Server in Domain A with the user staying in Domain B. Do you still need to prepare a domain for Exchange 2010 if it doesn't have an Exchange 2010 Server within it?

Do you still need to prepare a domain for Exchange 2010 if it doesn't have an Exchange 2010 Server within it? Yes, absolutly since the domain will have Exchange 2010 Mailboxes.Martina Miskovic

If the prep doesnt work then check a test user in ADUC, go to the properties>Security>Advanced and check the permissoins for ExchangeTrustedSubsystem and see if it has msExchangeActiveSyncDevice & ...DevicesSukh

I found the answer with help from this thread an open call with Microsoft and trial and error. So I needed to set ExchangeTrustedSubsystem permissions as I had done but I had only applied them to the object and not the object and descendants. Adding the ExchangeTrustedSubsystem to the object and the descendants fixed the issue for me. Thanks for your help everyone.