Exchange ActiveSync, ISA 2006 and Error 0x85010004

by Bharat Suneja

When publishing Exchange ActiveSync with ISA Server 2006, you get an error 0x85010004 on the device. The error:

Result:
Your account in Microsoft Exchange Server does not have permission to synchronize with your current settings. Contact your Exchange Server administrator.

Support code: 0x85010004

After hours of troubleshooting, deleting the ISA rule and recreating it, playing with the ISA web listener and Exchange’s ActiveSync virtual directory settings, it turns out the server fqdn had a typo in the Public Name tab of the ISA rule. ISA responds to a HTTP request if the host header matches the Public Name – akin to host headers in IIS when publishing multiple web sites using a single IP address.

About authentication settings on the web listener: The same web listener can be used for publishing OWA and ActiveSync. The Authentication settings for the listener can be set to HTML Form Authentication. At first look, this doesn’t seem too intuitive given Exchange Server 2003’s issues with Forms-Based Authentication and Exchange ActiveSync (KB 817379: Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003), but it works.

{ 1 comment… read it below or add one }

Anonymous June 3, 2009 at 2:53 am

Forms-Based Authentication works for ActiveSync in ISA 2006 because with ISA Server 2006, Form Authentication will fallback to use Basic. This was not true in ISA 2004 so with ISA 2004 you could not put OWA and ActiveSync on the same listener.

Reply

Leave a Comment

{ 1 trackback }

Previous post:

Next post: