Microsoft Exchange 2010

Exchange 2010, Active Directory and iPhone Sync

I don’t consider myself an Exchange guy and I while I have worked a lot with LDAP (OpenLDAP) in a service provider environment many moons ago, I don’t consider myself an Active Directory (AD) guy.

Ah! So here begins the plight… I found myself setting up an iPhone to sync email from an Exchange 2010 server.  From the iPhone interface everything appeared to pass, meaning there was a little check-mark appearing next to the setting I entered after pressing the “Done” button.

Instead of receiving email on the iPhone I received a pop-up message telling me the email could not be synced, the “session was disconnected from the server” (paraphrasing).

It was verified that the mailbox account I was having trouble with was setup exactly like that of another known working mailbox account.  So then the attention turned back to the iPhone settings, thinking something was different or incorrectly setup.  It was confirmed that both the working iPhone and the problematic iPhone were setup identically.  For reference both of the iPhone are syncing with the same Exchange server.

So there I was, what to make of that? (rhetorical)

I turned to the Internet for knowledge from those who have passed before me; and there I found answers.  Thanks Internet.

While the issue appears to be Exchange related it was not actually fixed through the Exchange management console, but rather it was fixed within AD.

  • Open “Active Directory Users and Computers”
  • On the menu bar click -> View
  • Make sure there is a check-mark next to “Advanced Features”.  If not, click it so there is.
  • Locate the user account (under Users or another object container)
  • Rick-click on the user -> click properties
  • Click on the Security tab -> Click on “Advanced”
  • At the bottom click-on the check-box “Include inherited permissions from this object’s parent”
  • Click “Ok”, Click “Ok”

At this point I return to the iPhone to see if email begins to flow in, and it did.

Evidently the issue was related to AD inheritance permissions.

It’s not clear to me just yet how this could have been avoided in the first place, although I am sure there is a way if I took the time to research and test.