Common Active Sync Errors

One thing has been a thorn in my side since the smart phone revolution exploded on to the scene a few years back. That problem would be the smart phone sync setup for connecting to an exchange server. After going through the setup for Microsoft Exchange and getting your SSL certificate installed. Then configuring the rest of IIS you can still run into many problems getting your smart-phones to sync. A good first line check is to use this website to test your IIS and SSL config: this site will give you the quick fixes for improperly setup IIS servers. Even after that however you may get one of many errors that will be cryptic in nature to even the most hardened support personnel. Below are a few of the more common errors and some fixes that might aid you on your way.
85002007 No server found, Insure the proper server name has been entered.

85010002 Access was denied to mailbox. Check your server user-name and password. Verify credentials entered correctly and that the account has OWA and mobile Active sync rights in Active Directory.

85010004 forbidden HTTP communication or protocol was used. Make sure SSL protocol option box is checked. Also, see Microsoft KB Article 817379 for information on configuring the Exchange virtual directory.

85010014 Synchronization failed due to an error on the server. Try again. Enable Integrated Windows Authentication on the Exchange virtual root. Configure the Exchange virtual directory to not require SSL unless phone is set for it.

80072EE7 The server name could not be resolved. Check DNS and data access on the phone. Verify MX record is correct for mail server with your DNS host.

80072F05 The SSL certificate date that was received from the server indicates that the certificate has expired. Verify the TIME AND DATE on the phone and server are both correct. Also that the Certificate on the server has not in fact expired.

86000108 ActiveSync encountered a problem on the server. Usually from no Cert being on the phone from the server. If windows mobile 5 then copy the self-signed or live cert to the phone. If mobile 6 you will need a real live cert from a top level authority installed on the Microsoft Exchange server. Certificates can be purchased from GoDaddy or Verisign or companies like them.

80072F0D The SSL security certificate on the server is invalid. This is usually due to an intermediate certificate requirement from a non top level domain authority. Some cert sellers used to send 2 certs to implement on an exchange server. One the main cert and the other was the intermediate cert that pointed to a top level domain authority. Both had to be installed properly before the Windows Mobile phone would work. GoDaddy has a FAQ on setting this up. It is very hard to diagnose if it is installed correctly. Sometimes it is easier to remove both certs and follow that doc to re-implement them, after hours of course as it will effect your outlook 2007 and up users.

Hopefully with these few tips and a lot of determination you can have your exchange server playing nice with your user’s smart-phones in no time!