How I fixed the Exchange Activesync failed to create account errorTips


Last Updated:

  1. Technocrat

    Technocrat Member This Topic's Starter

    Joined:
    Jun 28, 2010
    Messages:
    21
    Likes Received:
    3
    The problem I had was when trying to sync my Evo 4g to Exchange 2010. I continually got the message "Failed to create the account. Please try again later". After searching on this site and trying everything on every thread, I was about to throw my hands up and send it back when I found the solution. This solution appears to not be posted on this site, so I figured I would help out others that might run into the problem in the future.

    I have done this now 2 or 3 times for other users that have had this issue and it has corrected it. I don't claim this solution will work for everyone, it simply what I did to correct for my users. I would suggest trying what other threads have as solutions before trying this one.

    The problem I had seems to be with security rights. For some reason I did not have the correct permission in AD even though I was a Domain Admin. As it turns out everyone in my OU didn't either. I would have to investigate it more to find what security right was missing.

    The only way to fix this issue is by having access to Active Directory on a server with Exchange plugins.

    • Go Active Directory Users & Computers (Enable Advanced Features if needed)
    • Open the properties of the user that is having the issue
    • Click on the Security Tab
    • Click the Advanced button
    • In the Default Permissions tab check the box at the bottom for "Include inheritable permissions from this object's parent"
    • Wait for AD to propagate (5-10 minutes)
    • Try again

    So that's it. Hopefully this helps someone at some point fix their issue.
     

    Advertisement
    demiblys likes this.
  2. A.Nonymous

    A.Nonymous Well-Known Member

    Joined:
    Jun 7, 2010
    Messages:
    7,061
    Likes Received:
    965
    Which permission isn't propagating that needs to?
     
  3. Technocrat

    Technocrat Member This Topic's Starter

    Joined:
    Jun 28, 2010
    Messages:
    21
    Likes Received:
    3
    As I said in my post I am unsure which right it is. When you check the box (at least for me) it added a number of new rights to my object. I would have to remove each one and add them one at a time attempting to find which one was missing. Since my phone is now working I am in no hurry to try and find which one it is.

    I have found this:
    HTC Desire - Android 2.1,Exchange ActiveSync - Vodafone eForum
    Showing the same issue and the same fix.
     
  4. A.Nonymous

    A.Nonymous Well-Known Member

    Joined:
    Jun 7, 2010
    Messages:
    7,061
    Likes Received:
    965
    My concern as an Exchange admin would be that I would be granting my users too many permissions that they don't need. Knowing exactly which permission it is that's needed would be extremely valuable information.
     
  5. wilekoyote

    wilekoyote New Member

    Joined:
    Jul 2, 2010
    Messages:
    1
    Likes Received:
    0
    The problem is with forms based authentication on the server. I am assuming you have Exchange 2003. If you do, have your admin do the following:

    Disable the forms-based authentication for the Exchange virtual directory
    To create a secondary virtual directory for Exchange that is based on steps 1 through 7 of the following procedure, make sure that forms-based authentication is disabled for the Exchange virtual directory before you make the copy. Before you follow these steps, disable forms-based authentication in Exchange System Manager. Then restart Internet Information Services (IIS). To do this, follow these steps:
    Open Exchange Manager.
    Expand Administrative Groups, expand the first administrative group, and then expand Servers.
    Expand the server container for the Exchange Server 2003 server that you will be configuring, expand Protocols, and then expand HTTP.
    Under the HTTP container, right-click the Exchange Virtual Server container, and then click Properties.
    Click the Settings tab, clear the Enable Forms Based Authentication check box, and then click OK.
    Close Exchange Manager.
    Click Start, click Run, type IISRESET/NOFORCE, and then press ENTER to restart Internet Information Services (IIS).
    Create a secondary virtual directory for Exchange server
    You must use Internet IIS Manager to create this virtual directory for Exchange ActiveSync and Outlook Mobile Access to work. If you are using Windows Server 2003, follow these steps:
    Start Internet Information Services (IIS) Manager.
    Locate the Exchange virtual directory. The default location is as follows:
    Web Sites\Default Web Site\Exchange
    Right-click the Exchange virtual directory, click All Tasks, and then click Save Configuration to a File.
    In the File name box, type a name. For example, type ExchangeVDir. Click OK.
    Right-click the root of this Web site. Typically, this is Default Web Site. Click New, and then click Virtual Directory (from file).
    In the Import Configuration dialog box, click Browse, locate the file that you created in step 4, click Open, and then click Read File.
    Under Select a configuration to import , click Exchange, and then click OK.

    A dialog box will appear that states that the "virtual directory already exists."
    Select the Create a new virtual directory option. In the Alias box, type a name for the new virtual directory that you want Exchange ActiveSync and Outlook Mobile Access to use. For example, type exchange-oma. Click OK.
    Right-click the new virtual directory. In this example, click exchange-oma. Click Properties.
    Click the Directory Security tab.
    Under Authentication and access control, click Edit.
    Make sure that only the following authentication methods are enabled, and then click OK:
    Integrated Windows authentication
    Basic authentication
    On the Directory Security tab, under IP address and domain name restrictions, click Edit.
    Click the option for Denied access, click Add, click Single computer and type the IP address of the server that you are configuring, and then click OK twice.
    Under Secure communications, click Edit. Make sure that Require secure channel (SSL) is not enabled, and then click OK.
    Click OK, and then close the IIS Manager.
    Click Start, click Run, type regedit, and then click OK.
    Locate the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters
    Right-click Parameters, click to New, and then click String Value.
    Type ExchangeVDir, and then press ENTER. Right-click ExchangeVDir, and then click Modify.

    NoteExchangeVDir is case-sensitive. If you do not type ExchangeVDir exactly as it appears in this article, ActiveSync does not find the key when it locates the exchange-oma folder.
    In the Value data box, type the name of the new virtual directory that you created in step 8. For example, type /exchange-oma. Click OK.
    Quit Registry Editor.
    Restart the IIS Admin service. To do this, follow these steps:
    Click Start, click Run, type services.msc, and then click OK.
    In the list of services, right-click IIS Admin service, and then click Restart.
    If you want to reuse Forms-based Authentication on the Exchange server, follow these steps to re-enable Forms-based Authentication on the /Exchange virtual directory in Exchange System Manager.
    Open Exchange Manager.
    Expand Administrative Groups, expand the first administrative group, and then expand Servers.
    Expand the server container for the Exchange Server 2003 server that you will be configuring, expand Protocols, and then expand HTTP.
    Under the HTTP container, right-click the Exchange Virtual Server container, and then click Properties.
    Click the Settings tab, click to select the Enable Forms Based Authentication check box, and then click OK.
    Close Exchange Manager.
    Click Start, click Run, type IISRESET/NOFORCE, and then press ENTER to restart Internet Information Services (IIS).


    Note If the server is Microsoft Windows Small Business Server 2003 (SBS), the name of the Exchange OMA virtual directory must be exchange-oma.

    The integrated setup of Microsoft Windows Small Business Server 2003 creates the exchange-oma virtual directory in IIS. Additionally, it points the ExchangeVDir registry key to /exchange-oma during the initial installation. Other SBS wizards, such as the Configure E-mail and Internet Connection Wizard (CEICW) also expect the virtual directory name in IIS to be exchange-oma.
     
  6. A.Nonymous

    A.Nonymous Well-Known Member

    Joined:
    Jun 7, 2010
    Messages:
    7,061
    Likes Received:
    965
    The OP said he's got Exchange 2010, not 2003.
     
  7. Technocrat

    Technocrat Member This Topic's Starter

    Joined:
    Jun 28, 2010
    Messages:
    21
    Likes Received:
    3
    :confused: Though I understand where form based authentication could be an issue with the ability to login with activesync I fail to see what this has to do with what I posted.

    Again I changed nothing else on Exchange, I simply inherited the parent rights in the AD. It's obviously has to be a right that for some reason was not tied to my object yet was part of the parent rights.

    Though what you describe make some sense, I think it's a totally different issue.
     
  8. A.Nonymous

    A.Nonymous Well-Known Member

    Joined:
    Jun 7, 2010
    Messages:
    7,061
    Likes Received:
    965
    I agree. I'm still curious as to what right is missing though.
     
  9. Technocrat

    Technocrat Member This Topic's Starter

    Joined:
    Jun 28, 2010
    Messages:
    21
    Likes Received:
    3
    There is no way for me to easily do this to myself at this point. I do have one more user in the same OU that will get a Droid X at some point. When they do I will check on their permissions and see if I can't figure out which one it is.
     
  10. AlHos

    AlHos New Member

    Joined:
    Jul 23, 2010
    Messages:
    2
    Likes Received:
    0
    None of this worked for me as we use a self signed certificate on our survey and after support from HTC, I got this back:

    [FONT=&quot]If the certificate for the Exchange server is a selfsigned certificate this is the reason why it is not working as Android does not support installing root certificates at this point and as such can not verify the Exchange certificate. There are third party solutions available that ignore verifying certificates to get round this limitation, they are available from the Android Market.[/FONT]

    I therefore installed 'Exchange for Android 2.x' and I can access my Exchange emails etc. This is not a perfect solution I know but it does work.

    I have asked HTC if Android 2.2 on the HTC Desire will fix this and await an answer.
     
  11. Technocrat

    Technocrat Member This Topic's Starter

    Joined:
    Jun 28, 2010
    Messages:
    21
    Likes Received:
    3
    Ah...that's not true. We had a self assigned up until last week and all of our phones worked correctly. On our Evo's it just worked. On one of the other phones we had to go to the owa url, download the cert, and exchange worked correctly.
     
  12. AlHos

    AlHos New Member

    Joined:
    Jul 23, 2010
    Messages:
    2
    Likes Received:
    0
    Well that is what HTC sent me!? I wish you could fix this on my HTC Desire as the app is not really a long term solution and it is driving me nuts!
     
  13. Technocrat

    Technocrat Member This Topic's Starter

    Joined:
    Jun 28, 2010
    Messages:
    21
    Likes Received:
    3
  14. mbutler101

    mbutler101 New Member

    Joined:
    Sep 14, 2010
    Messages:
    1
    Likes Received:
    0
    I gotta had it to you Technocrat, you nailed it for me. I was pulling my hair out on this one for a while and your solution resolved the issue. My Verizon Droid X would not sync with Exchange using the Corporate Sync and another employees Sprint EVO would not sync either using Active Sync. Checking that one box to include inheritable permissions resolved the issue immediately for both of us. We are running Exchange 2010. THANK YOU!
     
  15. Technocrat

    Technocrat Member This Topic's Starter

    Joined:
    Jun 28, 2010
    Messages:
    21
    Likes Received:
    3
    I know what it was like. I was almost going to return the phone.

    Glad it helped one person. :)
     
  16. Creagan

    Creagan New Member

    Joined:
    Sep 24, 2010
    Messages:
    1
    Likes Received:
    0
    @Technocrat

    I REALLY do not like to register for site when I dont need to, but this time is an exception.

    I would like to award you at least one million kudos points for advising ticking that little tick-box!

    HTC Desire Android 2.2 fully updated working like it should!

    Thank you, thank you, thank you.
     
  17. Technocrat

    Technocrat Member This Topic's Starter

    Joined:
    Jun 28, 2010
    Messages:
    21
    Likes Received:
    3
  18. Salonge

    Salonge New Member

    Joined:
    Oct 1, 2010
    Messages:
    1
    Likes Received:
    0
    I am having the same issue and I checked and there is a virtual server set up. I am using Exchange 2003 and I am ready to take this back because I have to get emails through this phone. Can you help?
     
  19. gunhoe86

    gunhoe86 New Member

    Joined:
    Oct 11, 2010
    Messages:
    1
    Likes Received:
    0
    I had my IT guys make this modification to my account, it worked! Using a SSL cert signed by GoDaddy, not sure which version of exchange we're using. EVO4, Froyo 2.2.

    Thanks OP!
     
  20. goinovr

    goinovr New Member

    Joined:
    Dec 6, 2010
    Messages:
    2
    Likes Received:
    0
    I reported your thread for being awesome. I hope that's ok. This saved me with 9 androids to program and possibly 70 more incoming.

    The only reason I signed up here was to say thanks Technocrat!
     
  21. BWB8771

    BWB8771 Active Member

    Joined:
    Jan 11, 2011
    Messages:
    28
    Likes Received:
    5
    I'm on Small Biz server and there is no "Security" tab in Properties when I right click on the user (me).

    And I'm not so keen to try the solution suggested by WileKoyote...

    Phooey.
     
  22. Maxa

    Maxa Member

    Joined:
    Jan 13, 2011
    Messages:
    7
    Likes Received:
    0
    You need to go to "Administrative Tools" > "Active directory Users and Computers"
    then in there you have to tick "View" > "Advanced Features"

    You can NOT do this trough "Server Management" > "Users"!!


    And by the way, there is a very nice way to check the line here, to see that the active sync really work: https://www.testexchangeconnectivity.com/Default.aspx
    (if you have more problems after the fix in first post) :)

    regards
    /Max
     
  23. onegreenparker

    onegreenparker New Member

    Joined:
    Feb 2, 2011
    Messages:
    1
    Likes Received:
    0
  24. Jlutsky

    Jlutsky New Member

    Joined:
    Feb 8, 2011
    Messages:
    2
    Likes Received:
    0
    I am sure that this is what I need to do to solve my problem, but I have no idea how to access the places you mention in the steps you outline. Can you help me? I am the "administrator" on my home computer which I am trying to sync with, but I don't know where these items are on the computer. I am somewhat technical, but obviously not technical enough. Please advise and thanks so much. I can't wait to get this fixed!
     
  25. woffle99

    woffle99 New Member

    Joined:
    Mar 3, 2011
    Messages:
    1
    Likes Received:
    0
    Just wanted to say thanks for posting this - it was beginning to do my head in! Just to add though, I found the account (my one in fact, and I'm the enterprise admin) and ticked the box, but it initially made no difference. Had a ponder and then looked at the same setting for the OU my account was in and saw that the box wasn't ticked there either. Ticked it and then 60 seconds later I could finish the setup and my Desire started syncing.
     

Share This Page

Loading...