Exchange Server‎ > ‎

Exchange ActiveSync Blocked Devices EventID: 1019


Exchange 2007 ActiveSync Blocked Devices

Event ID: 1019 - "A blocked device"


Symptoms:

The symptoms are isolated to specific users but, some devices do work. Confirmed this is not a device problem as other users can sync using this device.


When attempting to retrieve mail on a mobile device, it doesn't work and the error is along the lines of :

you don’t have permissions to connect to active sync.


The error in Touchdown management software will be similar to this example from an HTC running Android 3.2.0:


Server is Microsoft -IIS/7.0

ActiveSync was found

Active sunc version ………….

Trying active sync protocol 121 ….

HTTP 403 error: your account may not have permission to synchronize with the provided settings, please contact your administrator

Trying active sync protocol 2.5 ….

HTTP 403 error: your account may not have permission to synchronize with the provided settings, please contact your administrator


The resulting Application Log EventID: 1019 looks like this:

A blocked device of user [DOMAIN\USERNAME], device id = [HEX STRING],  is attempting to synchronize with Exchange ActiveSync.

Problem:

The device is blocked for the user. This is because the user has specific devices permitted; this prevents other devices from being used.

The attribute involved is: "ActiveSyncAllowedDeviceIDs"

In Exchange 2007 we can check this with:

get-casmailbox USER | fl Name, ActiveSyncAllowedDeviceIDs


The Answer:

To reset this value use:

set-CASMailbox USER -ActiveSyncAllowedDeviceIDs $null

or alternatively to set a restriction to a specific device; use:

Set-CASMailbox -Identity: "USER" -ActiveSyncAllowedDeviceIDs: "DEVICE IME / ID (hex string)"