Situation: when attempting to run Exchange ActiveSync on a smart phone, the Exchange Server may log this event.
Source: MSExchange ActiveSync
Event ID: 1053
Description: Exchange ActiveSync doesn’t have sufficient permissions to create the “CN=Bob Lin,CN=Users,DC=chicagotech,DC=net” container under Active Directory user “Active Directory operation failed on 2008dc2.chicagotech.net. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03152492, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type “msExchangeActiveSyncDevices” and doesn’t have any deny permissions that block such operations.
On the Android phone, you may receive can’t create user account message.
Resolution: Grant inherited permission to domain\Exchange Servers. To do that, please follow these steps:
1. Run Active Directory Users and Computers.
2. Click on View and Select Advanced Features
3. Select a mailbox that isn’t working with Active Sync, double click on the account.
4. Click the Security Tab and then the Advanced button.
5. Highlight Exchange Servers, and check the Include inheritable permissions from this object’s parent.
6. Click OK to save the settings.