Não é possível sincronizar dispositivo mobile utilizando ActiveSync recebendo Access Denied (INSUFF_ACCESS_RIGHTS)

Objetivo

Este artigo possui o objetivo de auxiliar no sincornismo de uma mailbox apresentando erro 500 com o Exchange ActiveSync.

Teste

Você pode utilizar o Analisador de Conectividade Remota da Microsoft:

Remote Connectivity Analyzer
https://www.testexchangeconnectivity.com/

Neste caso o seguinte erro foi apresentado:

Tentando comando FolderSync na sessão do Exchange ActiveSync.
Falha ao testar o comando FolderSync.
Eu quero mais informações sobre este problema e como resolvê-lo

Detalhes Adicionais
O Exchange ActiveSync retornou uma resposta HTTP 500 (Erro Interno do Servidor)

Event Viewer

Nos logs de aplication do event viewer localizado os eventos 1008 e 1040:

Log Name:      Application
Source:        MSExchange ActiveSync
Date:          30/08/2013 15:38:00
Event ID:      1008
Task Category: Requests
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      SRVEXCH01.acme.local
Description:
An exception occurred and was handled by Exchange ActiveSync. This may have been caused by an outdated or corrupted Exchange ActiveSync device partnership. This can occur if a user tries to modify the same item from multiple computers. If this is the case, Exchange ActiveSync will re-create the partnership with the device. Items will be updated at the next synchronization.

Log Name:      Application
Source:        MSExchange ActiveSync
Date:          03/09/2013 15:39:00
Event ID:      1040
Task Category: Requests
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      SRVEXCH01.acme.local
Description:
The average of the most recent heartbeat intervals [494] for request [Sync] used by clients is less than or equal to [540].
Make sure that your firewall configuration is set to work correctly with Exchange ActiveSync and direct push technology. Specifically, make sure that your firewall is configured so that requests to Exchange ActiveSync do not expire before they have the opportunity to be processed.

Erro

Exception message: Active Directory operation failed on SRVDC.acme.local. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-032621E2, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

Solução

 1. Abrir o Active Directory Users and Computers

2. Clicar em "View" e habilitar:
     - Advanced features
     - Users, computers, groups and computers as containers

 

2. Navegar até o usuário

3. No objeto deletar o container ExchangeActiveSyncDevice

 

4. Replicar os Domain Controllers através do comando:
repadmin /syncall

5. Recriar a conta no dispositivo móvel

6. Realizar sincronismo

Artigos relacionados

Exchange ActiveSync Returned an HTTP 500 Error
http://technet.microsoft.com/en-us/library/dd439375(v=exchg.80).aspx

Rafael Mantovani | MVP
http://rafaelmantovani.net/
http://facebook.com/rafaelmantovani.net