Android Phone Email Provisioning Errors with Exchange Active Sync

This problem came for me recently. Several employees where trying to setup Android phone email clients to check mail on an Exchange 2010 mail server. They would constantly get the following message: “Remote Security Administration, The Server requires that you allow it to remotely control some security features of your phone.”

Android Email Client Active Sync Error

There was a similar issue in Android with email account setups traced to some bug in the way Android handles Active Sync Policies.    This time around, we confirmed this to be the case with all versions of android from 2.2 through ICS using the stock client.

The Fix / Workaround:

To get around this issue, we removed the default Active sync policy on the accounts in question.   Not a great fix since you don’t get the ability to force pins and the like, but since the policy wasn’t applied correctly anyway, it was an easy choice.

Step 1 – In Exchange MMC, Create a blank A.S. policy.   MMC -> Organization Config -> Client Access -> Active Sync Policy Tab.     Create the new policy here and call it “Deleteme”     Highlight the policy and make it the default.

Step 2 – Since the GUI forces you to select a default policy, open up the Power shell.   Run the following command:

 Set-ActiveSyncMailboxPolicy “Deleteme” -IsDefaultPolicy $False

This forces the Deleteme policy to not be the default. The GUI should now show no default policy at all.

Step 3 – Assign the Deleteme policy to the mailbox for the user. MailBox Properties -> Mailbox Features -> Exchange ActiveSync (Click properties). Browse and select the Deleteme policy.

Step 4 – Go back to MMC -> Organization Config -> Client Access -> Active Sync Policy Tab and delete the Deleteme policy.

Now check the assigned Active sync policy on the mailbox and it should be blank.  

Have the user test the email account setup.    After I did this, all the mailboxes could be provisioned correctly and would no longer get that popup error.

I also found out that after any Service Pack or Rollup pack was applied to the Exchange Server, a Default Active Sync Policy was recreated.    I had to run through the same procedure again after the update to SP2 and to Rollup 4.

 

 

Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Solve : *
21 − 13 =