Problem : ActiveSync Permission Issues – 0x85010004

Problem : ActiveSync Permission Issues – 0x85010004


Really hitting a brick wall now and would appreciate some ideas on what to try next.

Current setup is Exchange 2007 (Separate Mailbox and CAS) using IIS 7 on Server 2008.
Using properly issued Cybertrust certificate.
Link from external goes through ISA 2006.

OWA works fine internally and externally no problems at all.

ActiveSync gives the following error when I try to sync:

“Your account in Microsoft Exchange Server does not have permission to synchronize with your current settings. Contact your Exchange Server administrator. 0x85010004”

Tried externally using a Dell x51v and internally using Microsofts emulator. Same error on both.

Things done:

1. Deleted and recreate the Exchange Activesync mailbox policy. Pointed the mailboxes manually to the policy. As a side not, what are the best settings for the ActiveSync mailbox policy ? I tend to leave it default, but this leaves the “require password” unticked.

2. Deleted and recreated the Virtual Directory in IIS. (via powershell commands)

3. Pointed all services to the proper certificate (Enable-exchangecertificate) – also making the internal and external URLs of Activesync match our certificate ie. (

4. Enabled ActiveSync on the test users mailbox, both in the console and via the powershell commands. Some people are indicating that even though it already is enabled, this proved a fix.

5. Disabled SSL – This gives the same 0x85010004 error.

6. Also tried the  Test-ActiveSyncConnectivity from Powershell. This gives the following error.

[System.Net.WebException]: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. Inner error [System.Security.Authentication.
AuthenticationException]: The remote certificate is invalid according to the validation procedure.
[System.Security.Authentication.AuthenticationException]: The remote certificate is invalid according to the validation procedure

Solution : ActiveSync Permission Issues – 0x85010004


Turned out to be the Authentication delegation rule on ISA, which is set differently on the OWA isa rule.