Error 85010013, 8600C2B, or 86000C29 when you try to synchronize a Windows Phone-based device to an Exchange server

Applies to: Exchange Server 2010 EnterpriseExchange Server 2010 Standard


When you connect to a server that is running Microsoft Exchange Server by using a Windows Phone-based device, synchronization fails. Additionally, you receive an error message that resembles one of the following:

Error message 1 requires that certain security policies be enforced before you can sync your information. Contact a support person or your service provider.

Last tried x minutes ago.

Error code: <ErrorCode>

Error message 2 requires that certain security policies be enforced. Try syncing again to apply the policies. If you keep seeing this message, contact a support person or your service provider.

Last tried x minutes ago.

Error code: <ErrorCode>

In these error messages, the placeholder <ErrorCode> represents one of the following error codes:
  • 0x85010013
  • 0x8600C2B
  • 86000C29


This issue occurs if an Exchange ActiveSync mailbox policy was implemented that uses parameters that the Windows Phone-based device cannot completely enforce.

The Exchange Client Access server responds to the device with an HTTP status of 449 when the device cannot enforce every parameter within the Exchange ActiveSync mailbox policy. Each successive synchronization attempt will fail with an HTTP status of 449 while the current Exchange ActiveSync policy is in place.


To resolve this issue, change an existing Exchange ActiveSync policy, or create a new Exchange ActiveSync policy, so that the policy applies to Windows Phone-based devices. To do this, take one of the following actions:
  • Change the existing Exchange ActiveSync policy to apply only to supported policy parameters.
  • Create a new Exchange ActiveSync policy that applies the supported policy parameters that Windows Phone devices can implement. Then, assign this policy to Windows Phone users.


To work around this issue on a Windows Phone 8-based device, enable the Allow Non-provisionable Devices parameter in your Exchange ActiveSync policy.

Important The Allow Non-provisionable Devices parameter lets devices synchronize. This is true even when policies that the device can enforce do not match the Exchange ActiveSync policy parameters that are configured on the server.

More Information

Exchange ActiveSync Mailbox Policies

The following tables detail the policies that are supported by Windows Phone devices.
Policy parameters that are supported by Windows Phone 7
Parameters Parameters Parameters
PasswordRequired AllowSimplePassword DisableIrDA
MinPasswordLength PasswordExpiration DisableDesktopSync
IdleTimeoutFrequencyValue PasswordHistory BlockRemoteDesktop
DeviceWipeThreshold DisableRemovableStorage BlockInternetSharing
Policy parameters that are supported by Windows Phone 8
Parameters Parameters
AllowSimpleDevicePassword MaxInactivityTimeDeviceLock
AlphanumericDevicePasswordRequired MinDevicePasswordComplexCharacters
DevicePasswordEnabled MinDevicePasswordLength
DevicePasswordExpiration RequireDeviceEncryption
DevicePasswordHistory RemoteWipe
IrmEnabled AllowNonProvisionableDevices

Note Additionally, the EAS policy parameter AllowStorageCard is supported when devices are managed by using Microsoft System Center Configuration Manager.

For information about how to change or create Exchange ActiveSync policies, go to the following Microsoft TechNet websites:
Common issues
Microsoft Support frequently receives support requests for issues about ActiveSync Mailbox policy enforcement. The most common cause of these issues is the presence of unsupported policy parameters. When the AllowNonProvisionableDevices parameter is set to False, policy parameters must be enforced for the device to be provisioned successfully, unless there is a valid reason for the policy parameter to be ignored.

Supported policy parameters are listed earlier in this article. When you troubleshoot issues about policies, the existing policies should be reviewed for the presence of an unsupported parameter that cannot be ignored. This includes both default and customized policies. A detailed list of policies and their enforcement is available on the following Microsoft Developer Network (MSDN) webpage:


The following example details an issue with the current version of Windows Phone 8.

When the policy parameter Require Encryption on Storage Card is enabled, Windows Phone 8 devices misreport the presence of an SD card, even if the device has no SD card slot. The policy enforcement occurs, provisioning fails, and the device cannot be synchronized.

According to MSDN topic (RequireStorageCardEncryption) about the policy parameter, if the policy parameter is present but the device does not support removable storage, the parameter should be ignored, and the device should be able to synchronize.

To work around this issue, use the methods that are mentioned in the "Resolution" and "Workaround" sections for the Windows Phone 8 devices.


For more information about policies that are supported by Windows Phone, go to the following TechNet website:

For more information about Windows Phone device management and policies that are supported by Windows Phone, go to the following TechNet website:

For more information about what to consider when you use Windows Phone 7 and Exchange Server, go to the following TechNet website:

The Troubleshoot ActiveSync with Exchange Server guided walkthrough helps troubleshoot the following issues:
  • Unable to create a profile on the device
  • Unable to connect to the server
  • Mail issues
  • Calendaring issues
  • Delays on device/CAS performance