You are currently offline, waiting for your internet to reconnect

You cannot synchronize a mailbox by using an Exchange ActiveSync device in an Exchange Server 2010 environment

Consider the following scenario:
  • You have a user account that belongs to the InetOrgPersonobject class in a Microsoft Exchange Server 2010 environment.
  • You use the account to access a mailbox by using a Microsoft Exchange ActiveSync device.
  • You try to synchronize the mailbox on the device to an Exchange Mailbox server.
In this scenario, the synchronization process fails. Additionally, the following event is logged in the Application log on the Exchange Server 2010 Client Access server:

Source: MSExchange ActiveSync
Event ID: 1053
Exchange ActiveSync doesn't have sufficient permissions to create the "CN=UserName,OU=OUName,DC=Domain,DC=com" container under Active Directory user "Active Directory operation failed on This error is not retriable. Additional information: Access is denied. 
Active directory response: 00000005: SecErr: DSID-03151E04, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0".
Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type "msExchangeActiveSyncDevices" and doesn't have any deny permissions that block such operations.

This issue occurs because the InetOrgPerson object does not have necessary permissions to perform the synchronization process.
To resolve this issue, install Exchange Server 2010 Service Pack 3 (SP3) on the Exchange Server 2010 servers. For more information about Exchange Server 2010 SP3, click the following article number to view the article in the Microsoft Knowledge Base: 
2808208 Description of Exchange Server 2010 Service Pack 3
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
More information
For more information about event ID 1053, go to the following ldap389 website:For more information about how to create an InetOrgPerson user account, go to the following Microsoft website:For more information about how to use the Enable-Mailbox cmdlet to mailbox-enable an Active Directory InetOrgPerson object, go to the following Microsoft website: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

Article ID: 2552121 - Last Review: 02/12/2013 17:29:00 - Revision: 1.0

Microsoft Exchange Server 2010 Enterprise, Microsoft Exchange Server 2010 Standard

  • kbqfe kbfix kbsurveynew kbexpertiseinter KB2552121
> /html>html>ne; " src="">html>king = 1; var varCustomerTracking = 1; var Route = "76500"; var Ctrl = ""; document.write(" var Route = "76500"; var Ctrl = ""; document.write(" c.gif?DI=4050&did=1&t=">