Connect WP8 via Exchange Active Sync does not work

I would like to connect a WP8 HTC 8X to our corporate environment, but we are not successful!!!

We connect via EAS with the policy that the device should have a strong password and device encryption. In Exchange 2010 we have switched off the option: "allow any unprovisional devices". From security we want to control that devices who connect comply with our secpol.

WP8 does not connect and we get a generic error 86000C29 and nothing in the log files.

 

We don't want to deploy certificates first as this would require an MDM solution. EAS should be the easy way to deploy BYOD devices.

 

Bart

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

It sounds as if your corporate beast is not quite so much of a beast as mine!

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

I wouldn't count on it.  I heard back from my MS tech specialist and apparently this is a bug and the product team is working on it.

I however am an admin for a corporate beast and prefer to give my users a choice so Ill be pushing to have an option to allow devices without an SD card the ability to sync with a custom policy.  We have seen growing demand for WP in our environment and don't like to say no to our users when it doesn't really make sense.  

so is this really the bug / issue: an sd card encryption setting?  im not so sure  my 1st gen Focus has a slot and also didnt work although i cant sayi pushed the IT bounds with it trying to get it to work  however now that the 920 is out i am going to push  

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

I'm having the same error with my Lumia 920. My corporate IT has shrugged their shoulders and said "Well, the iPhone syncs and that's what we get the most requests for. If Microsoft can't get their systems to work together, that's not our problem." It is frustrating to own the latest and greatest of Windows Phone and not be able to connect to a system that the iPhone 3GS and up is working with.
It would be helpful if there was some way to even know which security policies the phone couldn't enforce. All that my company says it requires is:
  • "A device unlock password/pin is required... Although a numeric only password is allowed, it can't be a simple password meaning all the same or sequential numbers."
  • Maximum device inactivity lockout of two minutes
  • Device must support encryption - All storage on the device must be encrypted.
  • Allow only two weeks of data to be synchronized to the device.
  • Device must support remote wipe

As far as I can tell, the Lumia should support all of these. However, without being able to see the back-end and exact policies required, I can only guess. It seems probably to me that they have "Encrypt SD card contents" turned on, which may be part of what's causing the issue based on some other comments I've seen.

Any help from Microsoft is appreciated!

 

**Edit**

One other note I forgot to mention: Somehow the Viperal Tasks app and Tasks by Telerik are somehow able to sync with my Exchange Tasks, even though calendar/email/contacts cannot be set up in the native phone side.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

+100

pretty detailed account. i agree. why is it easier to connect an iphone?

to emphasize again, our organization is 20,000+ employees. IT influences what people buy considerably. This is opportunity lost.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Any update on this?  I too am having the 86000C29 error w/my HTC 8x and am really needing mobile access to my corporate e-mail.

 

I need to know if this will be resolved quickly so I can return my phone w/in the 14 day period if necessary & get another android handset.

 

Thanks!

 

-Roy

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

I don't think it is because of the policy requiring encryption on SD card, 
We have NOKIA 920 device and I changed the policy so that it requires only encryption on device but not on SD card , and still our phone ends up into "access denied" status in  EAS .
I even changed the policy to ..not to require for any encryption  on device nor on SD card .. it did not help . 
This is a funny situation here ... We been having a hard time for over a year now to convince have been asking our users here not to buy Iphone and wait for WP8 , but I guess we have to to give up :|



Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Also having this issue with my Nokia Lumia 920. It tells me to try syncing again "to apply these policies". When I sync, I get the same message. Does anyone know how to enable encryption manually?

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Using the OWA site for my Exchange mail (aka. mail.companyname.com), I went to Settings > Mobile Devices > and then selected my phone (labeled as simply WP8). I selected it, turned on logging, reran the sync attempt, then retrieved the log after it failed out.

I can't post everything it gave me because of confidentiality of my device and my company's server information, but here is what it spit out that's worthy of note:

Reported twice in the log (probably attempts twice before failing):
RequestBody :
<?xml version="1.0" encoding="utf-8" ?>
<Settings xmlns="Settings:">
    <UserInformation>
        <Get/>
    </UserInformation>
</Settings>

AccessState :
Blocked

AccessStateReason :
Policy

...

Again, reported twice in the log file.
RequestBody :
<?xml version="1.0" encoding="utf-8" ?>
<FolderSync xmlns="FolderHierarchy:">
    <SyncKey>0</SyncKey>
</FolderSync>

AccessState :
Blocked

AccessStateReason :
Policy

I'm not sure if this points any developer and/or admin in the right direction, but it appears that the GET UserInformation function and SYNCKEY FolderHierarchy function is blocked due to "policy". I'm not sure if the Phone is blocking access or if the ActiveSync Server is blocking this access

This is using my Nokia Lumia 920 with AT&T

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

I don't think it is because of the policy requiring encryption on SD card, 
We have NOKIA 920 device and I changed the policy so that it requires only encryption on device but not on SD card , and still our phone ends up into "access denied" status in  EAS .
I even changed the policy to ..not to require for any encryption  on device nor on SD card .. it did not help . 
This is a funny situation here ... We been having a hard time for over a year now to convince have been asking our users here not to buy Iphone and wait for WP8 , but I guess we have to to give up :|




Apparently its also can be if you restrict the length of time an item can be on the device.  Its a confirmed bug with the SD card encryption and item retention policy requirements.
peter

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Woah--thanks for detailing this--I had no idea I could generate this sort of trail.

Using my HTC 8x on Verizon I see much the same.  The conversation starts out with the phone introducing itself & requesting the server's provisioning policy:

RequestBody : 
<?xml version="1.0" encoding="utf-8" ?>
<Provision xmlns="Provision:">
<DeviceInformation xmlns="Settings:">
<Set>
<Model>HTC6990LVW</Model>
<IMEI>::redacted::</IMEI>
<FriendlyName>HTC6990LVW</FriendlyName>
<OS>Windows Phone 8.0.9905</OS>
<OSLanguage>English</OSLanguage>
<PhoneNumber>::redacted::</PhoneNumber>
<UserAgent>MSFT-WP/8.0.9905</UserAgent>
<EnableOutboundSMS>0</EnableOutboundSMS>
</Set>
</DeviceInformation>
<Policies>
<Policy>
<PolicyType>MS-EAS-Provisioning-WBXML</PolicyType>
</Policy>
</Policies>
</Provision>

The response comes back status 1, giving a policy key (a 10-digit number).

The phone then responds with a new request for the policy by the key:

RequestBody : 
<?xml version="1.0" encoding="utf-8" ?>
<Provision xmlns="Provision:">
<Policies>
<Policy>
<PolicyType>MS-EAS-Provisioning-WBXML</PolicyType>
<PolicyKey>::redacted::</PolicyKey>
<Status>2</Status>
</Policy>
</Policies>
</Provision>

Response comes back again status 1.

The phone then asks for user information like so:

RequestBody : 
<?xml version="1.0" encoding="utf-8" ?>
<Settings xmlns="Settings:">
<UserInformation>
<Get/>
</UserInformation>
</Settings>

To which the server responds with a status 142:

ResponseBody : 
<?xml version="1.0" encoding="utf-8" ?>
<Settings xmlns="Settings:">
<Status>142</Status>
</Settings>

From this page I gather 142 = "DeviceNotProvisioned".

Note that this is me confabulating--I don't really understand this stuff.

What I'd like to know is how I can get a human-readable copy of the applicable provisioning policy so I can try and interpret that.

My dim memory of my web dev work makes me wonder if there's something like a BrowserCaps config file on the server, which catalogs mobile os' & handsets & their capabilities (e.g., does this thing have an SD card?  can the os encrypt it?).  If there is, updating that might suffice to fix.  (Dare we hope?)

 My org is on ActiveSync v14.2.  I have heard tell of someone with a Lumia 920 successfully connecting, though that's second-hand.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

 
 

Question Info


Last updated February 24, 2018 Views 6,710 Applies to: