Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
ActiveSync users cannot synchronize an EAS device for the first time in an Exchange Server 2010 or Exchange Server 2013 environment
Article ID: 2579075 - View products that this article applies to.
A user cannot synchronize a Microsoft Exchange ActiveSync (EAS) device for the first time.
When this issue occurs, the following event is logged in the Application log in Event Viewer:
Source: MSExchange ActiveSync
This issue can occur if the Owner Rights security principal does not have Full Control permissions on the user account that is trying to synchronize the EAS device.
To work around this issue, assign the Exchange Servers group the right to change permissions against msExchActiveSyncDevices objects. To do this, follow these steps:
The first time that a user tries to synchronize an EAS device, the Microsoft Exchange Server tries to create a container of the type msExchActiveSyncDevices under the user object in Active Directory Domain Services (AD DS). The Exchange Server then tries to change permissions on the container.
By default, the Exchange Server group has rights to Create and Delete msExchActiveSyncDevices objects. However, the Exchange Server group does not have rights to change permissions on msExchActiveSyncDevices. Instead, the rights are inherited from the Owner Rights security principal. By default, the Owner Rights security principal has Full Control permissions.
If the permissions for the Owner Rights security principal are changed, the issue that is described in the "Symptoms" section can occur. For example, this issue can occur if the Owner Rights security principal has Read permissions on msExchActiveSyncDevices objects.
For more information about the Owner Rights security principal in AD DS, visit the following Microsoft TechNet website:
Article ID: 2579075 - Last Review: October 25, 2012 - Revision: 3.0