You cannot synchronize a mailbox by using an Exchange ActiveSync device in an Exchange Server 2010 environment

Article translations Article translations
Article ID: 2552121 - View products that this article applies to.
Expand all | Collapse all

Symptoms

Consider the following scenario:
  • You have a user account that belongs to the InetOrgPersonobject class in a Microsoft Exchange Server 2010 environment.
  • You use the account to access a mailbox by using a Microsoft Exchange ActiveSync device.
  • You try to synchronize the mailbox on the device to an Exchange Mailbox server.
In this scenario, the synchronization process fails. Additionally, the following event is logged in the Application log on the Exchange Server 2010 Client Access server:

Source: MSExchange ActiveSync
Event ID: 1053
Description:
Exchange ActiveSync doesn't have sufficient permissions to create the "CN=UserName,OU=OUName,DC=Domain,DC=com" container under Active Directory user "Active Directory operation failed on DCName.domain.com. This error is not retriable. Additional information: Access is denied. 
Active directory response: 00000005: SecErr: DSID-03151E04, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0".
Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type "msExchangeActiveSyncDevices" and doesn't have any deny permissions that block such operations.

Cause

This issue occurs because the InetOrgPerson object does not have necessary permissions to perform the synchronization process.

Resolution

To resolve this issue, install Exchange Server 2010 Service Pack 3 (SP3) on the Exchange Server 2010 servers. For more information about Exchange Server 2010 SP3, click the following article number to view the article in the Microsoft Knowledge Base: 
2808208 Description of Exchange Server 2010 Service Pack 3

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More information

For more information about event ID 1053, go to the following ldap389 website:
MSExchange ActiveSync event ID 1053
For more information about how to create an InetOrgPerson user account, go to the following Microsoft website:
How to create an InetOrgPerson user account
For more information about how to use the Enable-Mailbox cmdlet to mailbox-enable an Active Directory InetOrgPerson object, go to the following Microsoft website:
General information about the Enable-Mailbox cmdlet
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

Properties

Article ID: 2552121 - Last Review: February 12, 2013 - Revision: 1.0
Applies to
  • Microsoft Exchange Server 2010 Enterprise
  • Microsoft Exchange Server 2010 Standard
Keywords: 
kbqfe kbfix kbsurveynew kbexpertiseinter KB2552121

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com