How I fixed the Exchange Activesync failed to create account error

Which permission isn't propagating that needs to?

My concern as an Exchange admin would be that I would be granting my users too many permissions that they don't need. Knowing exactly which permission it is that's needed would be extremely valuable information.

The problem is with forms based authentication on the server. I am assuming you have Exchange 2003. If you do, have your admin do the following:

Disable the forms-based authentication for the Exchange virtual directory
To create a secondary virtual directory for Exchange that is based on steps 1 through 7 of the following procedure, make sure that forms-based authentication is disabled for the Exchange virtual directory before you make the copy. Before you follow these steps, disable forms-based authentication in Exchange System Manager. Then restart Internet Information Services (IIS). To do this, follow these steps:
Open Exchange Manager.
Expand Administrative Groups, expand the first administrative group, and then expand Servers.
Expand the server container for the Exchange Server 2003 server that you will be configuring, expand Protocols, and then expand HTTP.
Under the HTTP container, right-click the Exchange Virtual Server container, and then click Properties.
Click the Settings tab, clear the Enable Forms Based Authentication check box, and then click OK.
Close Exchange Manager.
Click Start, click Run, type IISRESET/NOFORCE, and then press ENTER to restart Internet Information Services (IIS).
Create a secondary virtual directory for Exchange server
You must use Internet IIS Manager to create this virtual directory for Exchange ActiveSync and Outlook Mobile Access to work. If you are using Windows Server 2003, follow these steps:
Start Internet Information Services (IIS) Manager.
Locate the Exchange virtual directory. The default location is as follows:
Web Sites\Default Web Site\Exchange
Right-click the Exchange virtual directory, click All Tasks, and then click Save Configuration to a File.
In the File name box, type a name. For example, type ExchangeVDir. Click OK.
Right-click the root of this Web site. Typically, this is Default Web Site. Click New, and then click Virtual Directory (from file).
In the Import Configuration dialog box, click Browse, locate the file that you created in step 4, click Open, and then click Read File.
Under Select a configuration to import , click Exchange, and then click OK.

A dialog box will appear that states that the "virtual directory already exists."
Select the Create a new virtual directory option. In the Alias box, type a name for the new virtual directory that you want Exchange ActiveSync and Outlook Mobile Access to use. For example, type exchange-oma. Click OK.
Right-click the new virtual directory. In this example, click exchange-oma. Click Properties.
Click the Directory Security tab.
Under Authentication and access control, click Edit.
Make sure that only the following authentication methods are enabled, and then click OK:
Integrated Windows authentication
Basic authentication
On the Directory Security tab, under IP address and domain name restrictions, click Edit.
Click the option for Denied access, click Add, click Single computer and type the IP address of the server that you are configuring, and then click OK twice.
Under Secure communications, click Edit. Make sure that Require secure channel (SSL) is not enabled, and then click OK.
Click OK, and then close the IIS Manager.
Click Start, click Run, type regedit, and then click OK.
Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters
Right-click Parameters, click to New, and then click String Value.
Type ExchangeVDir, and then press ENTER. Right-click ExchangeVDir, and then click Modify.

NoteExchangeVDir is case-sensitive. If you do not type ExchangeVDir exactly as it appears in this article, ActiveSync does not find the key when it locates the exchange-oma folder.
In the Value data box, type the name of the new virtual directory that you created in step 8. For example, type /exchange-oma. Click OK.
Quit Registry Editor.
Restart the IIS Admin service. To do this, follow these steps:
Click Start, click Run, type services.msc, and then click OK.
In the list of services, right-click IIS Admin service, and then click Restart.
If you want to reuse Forms-based Authentication on the Exchange server, follow these steps to re-enable Forms-based Authentication on the /Exchange virtual directory in Exchange System Manager.
Open Exchange Manager.
Expand Administrative Groups, expand the first administrative group, and then expand Servers.
Expand the server container for the Exchange Server 2003 server that you will be configuring, expand Protocols, and then expand HTTP.
Under the HTTP container, right-click the Exchange Virtual Server container, and then click Properties.
Click the Settings tab, click to select the Enable Forms Based Authentication check box, and then click OK.
Close Exchange Manager.
Click Start, click Run, type IISRESET/NOFORCE, and then press ENTER to restart Internet Information Services (IIS).


Note If the server is Microsoft Windows Small Business Server 2003 (SBS), the name of the Exchange OMA virtual directory must be exchange-oma.

The integrated setup of Microsoft Windows Small Business Server 2003 creates the exchange-oma virtual directory in IIS. Additionally, it points the ExchangeVDir registry key to /exchange-oma during the initial installation. Other SBS wizards, such as the Configure E-mail and Internet Connection Wizard (CEICW) also expect the virtual directory name in IIS to be exchange-oma.

The OP said he's got Exchange 2010, not 2003.

I agree. I'm still curious as to what right is missing though.

None of this worked for me as we use a self signed certificate on our survey and after support from HTC, I got this back:

[FONT=&quot]If the certificate for the Exchange server is a selfsigned certificate this is the reason why it is not working as Android does not support installing root certificates at this point and as such can not verify the Exchange certificate. There are third party solutions available that ignore verifying certificates to get round this limitation, they are available from the Android Market.[/FONT]

I therefore installed 'Exchange for Android 2.x' and I can access my Exchange emails etc. This is not a perfect solution I know but it does work.

I have asked HTC if Android 2.2 on the HTC Desire will fix this and await an answer.
http://www.androidzoom.com/android_developer/nitrodesk-inc_fdr.html

Well that is what HTC sent me!? I wish you could fix this on my HTC Desire as the app is not really a long term solution and it is driving me nuts!

I gotta had it to you Technocrat, you nailed it for me. I was pulling my hair out on this one for a while and your solution resolved the issue. My Verizon Droid X would not sync with Exchange using the Corporate Sync and another employees Sprint EVO would not sync either using Active Sync. Checking that one box to include inheritable permissions resolved the issue immediately for both of us. We are running Exchange 2010. THANK YOU!

@Technocrat

I REALLY do not like to register for site when I dont need to, but this time is an exception.

I would like to award you at least one million kudos points for advising ticking that little tick-box!

HTC Desire Android 2.2 fully updated working like it should!

Thank you, thank you, thank you.

I am having the same issue and I checked and there is a virtual server set up. I am using Exchange 2003 and I am ready to take this back because I have to get emails through this phone. Can you help?

I had my IT guys make this modification to my account, it worked! Using a SSL cert signed by GoDaddy, not sure which version of exchange we're using. EVO4, Froyo 2.2.

Thanks OP!

I reported your thread for being awesome. I hope that's ok. This saved me with 9 androids to program and possibly 70 more incoming.

The only reason I signed up here was to say thanks Technocrat!

I'm on Small Biz server and there is no "Security" tab in Properties when I right click on the user (me).

And I'm not so keen to try the solution suggested by WileKoyote...

Phooey.

BWB8771 said:

I'm on Small Biz server and there is no "Security" tab in Properties when I right click on the user (me).

And I'm not so keen to try the solution suggested by WileKoyote...

Phooey.

Click to expand...

You need to go to "Administrative Tools" > "Active directory Users and Computers"
then in there you have to tick "View" > "Advanced Features"

You can NOT do this trough "Server Management" > "Users"!!


And by the way, there is a very nice way to check the line here, to see that the active sync really work: https://www.testexchangeconnectivity.com/Default.aspx
(if you have more problems after the fix in first post)

regards
/Max

My business had the same problem.

Background:

Migrated from Physical to Virtual server
ActiveSynch was working on old server
ActiveSynch not working on new server
Both Exchange servers run as front and back-end

wilekoyote's fix worked for us....

See Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003 Method 2

I am sure that this is what I need to do to solve my problem, but I have no idea how to access the places you mention in the steps you outline. Can you help me? I am the "administrator" on my home computer which I am trying to sync with, but I don't know where these items are on the computer. I am somewhat technical, but obviously not technical enough. Please advise and thanks so much. I can't wait to get this fixed!

Just wanted to say thanks for posting this - it was beginning to do my head in! Just to add though, I found the account (my one in fact, and I'm the enterprise admin) and ticked the box, but it initially made no difference. Had a ponder and then looked at the same setting for the OU my account was in and saw that the box wasn't ticked there either. Ticked it and then 60 seconds later I could finish the setup and my Desire started syncing.