[System.Net.WebException]: The remote server returned an error: (500) Internal Server Error.Followed by:
X-ExceptionDiagnostics: Microsoft.Exchange.AirSync.AirSyncPermanentException —> Microsoovision,ResolveRecipients,ValidateCert ft.Exchange.Data.Directory.ADOperationException: Active Directory operation failed on AD2.GLOBAL.LOCAL. This error is not retriable. Additional information: Access is denied.%0d%0 aActive directory response: 00000005: SecErr: DSID-03152610, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0%0a —> System.DirectoryServices.Protocols.DirectoryOperationException: The user has insufficient access rights.%0d%0a at System.DirectoryServices.Protocols.LdapConnectionAlso same error was visible during different actions done by users via OWA/ECP, especially when they tried to remove their devices:
Active Directory operation failed on This error is not retiable. Additional informaiton: Active Directory response: 00000005: SecErr:DSID-03152485, problem 4003 (INSUFF_ACCESS_RIGHTS)Generally such errors typically fixed by checking the box “Allow inheritable permissions …”. However this has not solved the problem for us. After going back and forth and trying different solution the culprit was found in Active Directory. The simple fix is to give Exchange Servers group proper permissions for msExchActiveSyncDevices objects. What is important here is to make sure it's correct object because there is also msExchActiveSyncDevice (without s) higher in the list which makes it the first choice (as it did for us – and it doesn't fix the issue). First you need to enable Advanced Features view in Active Directory Users and Computers. Start Active Directory Users and Computers. Click View, and then click to enable Advanced Features. Right-click the object where you want to change the Exchange Server permissions, and then click Properties. And then you can change it for the user in question, and if it works deploy it as a solution in the root of your domain. On the Security tab, click Advanced. Click Add, type Exchange Servers, and then click OK. In the Apply to box, click Descendant msExchActiveSyncDevices objects. Under Permissions, click to enable Modify Permissions. Click OK three times. After applying the fix Microsoft Remote Connectivity Analyzer gave the Green Light!
This post was last modified on March 20, 2016 12:24
Today, I made the decision to upgrade my test environment and update the version of…
Have you ever looked at your Active Directory and wondered, "Why do I still have…
Active Directory replication is a critical process that ensures the consistent and up-to-date state of…
Hey there! Today, I wanted to introduce you to one of the small but excellent…
Active Directory (AD) is crucial in managing identities and resources within an organization. Ensuring its…
In today's digital age, the ability to create compelling and informative HTML reports and documents…