Management

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 773 other subscribers

Social

  • LinkedIn
  • RSS Feed for Posts
  • Twitter
  • StumbleUpon

[Solved] Access Denied, when adding a mobile device to Office 365

This week I had a customer who received an error while connecting a mobile device to office 365.

The device continuously get blocked. Deleting the device, and reconnecting it again did not work.

The status was every time : Access Denied

After some disconnections, and re connections there was an error :
The mobile device XXXXXXXXX cannot be found

Solution 1

First you have to find the identity of the device:

Get-MobileDeviceStatistics -Mailbox username@domain.nl

Search for the Identity of the device in the listing

Use the value of this identity :

Remove-MobileDevice -Identity "EURPR03A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/Tenant.onmicrosoft.com/User/ExchangeActiveSyncDevices/REST§Outlook§3a7fef6794b90b835961xxxxxxxxxxxx"

In my case the error persists.

Solution 2

I’ve found this perfect solution :

https://practical365.com/exchange-server/unblock-mobile-device-exchange-server/

First find the ActiveSyncBlockedDeviceIDs of the device

C:\Scripts> Get-CASMailbox -Identity username@domain.nl | fl activesync*

ActiveSyncAllowedDeviceIDs : {}

ActiveSyncBlockedDeviceIDs : {6fd1e8fe4d5061c09b3a3437a6ef8862, 3a7fef6794b90b8359610a398d51be82}

ActiveSyncMailboxPolicy : CONNECT-Mobile-devices

ActiveSyncMailboxPolicyIsDefaulted : False

ActiveSyncDebugLogging : False

ActiveSyncEnabled : True

ActiveSyncSuppressReadReceipt : False

Remove the ActiveSyncBlockedDeviceIDs

C:\Scripts> Set-CASMailbox -Identity username@domain.nl -ActiveSyncBlockedDeviceIDs @{remove='6fd1e8fe4d5061c09b3a3437a6ef8862'}

Check the device again, and the ActiveSyncBlockedDeviceIDs is gone.

C:\Scripts> Get-CASMailbox -Identity username@domain.nl | fl activesync*

ActiveSyncAllowedDeviceIDs : {}

ActiveSyncBlockedDeviceIDs : {3a7fef6794b90b8359610a398d51be82}

ActiveSyncMailboxPolicy : CONNECT-Mobile-devices

ActiveSyncMailboxPolicyIsDefaulted : False

ActiveSyncDebugLogging : False

ActiveSyncEnabled : True

ActiveSyncSuppressReadReceipt : False

Also delete any other device

C:\Scripts> Set-CASMailbox -Identity username@domain.nl -ActiveSyncBlockedDeviceIDs @{remove='3a7fef6794b90b8359610a398d51be82'}

Check is again

C:\Scripts> Get-CASMailbox -Identity username@domain.nl | fl activesync*

ActiveSyncAllowedDeviceIDs : {}

ActiveSyncBlockedDeviceIDs : {}

ActiveSyncMailboxPolicy : CONNECT-Mobile-devices

ActiveSyncMailboxPolicyIsDefaulted : False

ActiveSyncDebugLogging : False

ActiveSyncEnabled : True

ActiveSyncSuppressReadReceipt : False

After reconnecting the device to office 365, you can check is again, and the ActiveSyncBlockedDeviceIDs is empty.

C:\Scripts> Get-CASMailbox -Identity username@domain.nl | fl activesync*

ActiveSyncAllowedDeviceIDs : {Q5F72FQH4P1E50FV00393J5R3K, 5HLNOG0DJL1RT3M076V6NL80TO, ae14fb52ae7b5462f8392e9aa33054c4}

ActiveSyncBlockedDeviceIDs : {}

ActiveSyncMailboxPolicy : CONNECT-Mobile-devices

ActiveSyncMailboxPolicyIsDefaulted : False

ActiveSyncDebugLogging : False

ActiveSyncEnabled : True

ActiveSyncSuppressReadReceipt : False

Blocking a device

When you want to block a device, use the ADD option:

This will block the device 3a7fef6794b90b8359610a398d51be82

C:\Scripts> Set-CASMailbox -Identity username@domain.nl -ActiveSyncBlockedDeviceIDs @{add='3a7fef6794b90b8359610a398d51be82'}
C:\Scripts> Get-CASMailbox -Identity username@domain.nl | fl activesync*

ActiveSyncAllowedDeviceIDs : {Q5F72FQH4P1E50FV00393J5R3K, 5HLNOG0DJL1RT3M076V6NL80TO, ae14fb52ae7b5462f8392e9aa33054c4}

ActiveSyncBlockedDeviceIDs : {3a7fef6794b90b8359610a398d51be82}

ActiveSyncMailboxPolicy : CONNECT-Mobile-devices

ActiveSyncMailboxPolicyIsDefaulted : False

ActiveSyncDebugLogging : False

ActiveSyncEnabled : True

ActiveSyncSuppressReadReceipt : False