{"id":611,"date":"2016-10-29T21:45:42","date_gmt":"2016-10-30T02:45:42","guid":{"rendered":"http:\/\/lisa.rushworth.us\/?p=611"},"modified":"2016-10-29T21:48:17","modified_gmt":"2016-10-30T02:48:17","slug":"really-wacky-exchange-activesync-error","status":"publish","type":"post","link":"https:\/\/www.rushworth.us\/lisa\/?p=611","title":{"rendered":"Really Wacky Exchange (ActiveSync) Error"},"content":{"rendered":"<p>My husband changed his Active Directory password. Routine enough &#8211; we&#8217;ve got 15k accounts at the office and require a password change every 90 days. That&#8217;s\u00a0150-200 people changing their password every day. They get themselves locked out a lot (mobile devices, cached workstation credentials, and a host of other unique places people manage to store their creds), but it&#8217;s trivial to unlock an individual user.<\/p>\n<p>*Except* &#8212; after the account was unlocked, his Windows 10 mail client updated properly and was interacting with the Exchange server.\u00a0Android, however, still wouldn&#8217;t accept his new password. If he typed the\u00a0<em>wrong<\/em> thing, it would say invalid password. But whenever he typed the\u00a0<em>right<\/em> thing, he got an error indicating the phone and tablet were unable to communicate with the server. Which was bogus &#8212; I could\u00a0<em>see<\/em> the communication coming across the reverse proxy server. With 200 codes &#8212; although you can have a very successful HTTP call deliver an application error message. But it wasn&#8217;t like he couldn&#8217;t COMMUNICATE with the server. He turned sync off on the phones to avoid getting locked out again, and in the process of troubleshooting ended up deleting all of his accounts hosted on our Exchange 2013 server.<\/p>\n<p>I looked through all of the\u00a0event logs,\u00a0Exchange logs &#8230; nothing interesting. In desperation, I enabled the individual user ActiveSync logging:<\/p>\n<p>Set-CASMailbox <em>mailNickName\u00a0<\/em>-ActiveSyncDebugLogging:$true<\/p>\n<p>Had him attempt to add the mailbox profile again, and dropped the log myself:<\/p>\n<p>Get-ActiveSyncDeviceStatistics -Mailbox <em>mailNickName\u00a0<\/em>-GetMailboxLog:$true -NotificationEmailAddress\u00a0<em>mysmtp@mydomain.ccTLD<\/em><\/p>\n<p>Bingo! An exception in the provisioning (Microsoft-Server-ActiveSync?Cmd=Provision) call &#8212; I see the phone information come across, the mobile device gets partially added to his account (no OS, phone number, carrier type information &#8230; but\u00a0if you go into OWA and remove the mobile device, an Android device gets added). Error:<\/p>\n<p>Command_WorkerThread_Exception :<br \/>\n&#8212; Exception start &#8212;<br \/>\nException type: System.IO.FileLoadException<br \/>\nException message: Could not load file or assembly &#8216;Microsoft.Exchange.Configuration.ObjectModel, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35&#8217; or one of its dependencies. The located assembly&#8217;s manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)<br \/>\nException level: 0<br \/>\nException stack trace: at Microsoft.Exchange.AirSync.DeviceInformationSetting.ProcessSet(XmlNode setNode)<br \/>\nat Microsoft.Exchange.AirSync.DeviceInformationSetting.Execute()<br \/>\nat Microsoft.Exchange.AirSync.ProvisionCommand.Microsoft.Exchange.AirSync.IProvisionCommandHost.ProcessDeviceInformationSettings(XmlNode inboundDeviceInformationNode, XmlNode provisionResponseNode)<br \/>\nat Microsoft.Exchange.AirSync.ProvisionCommandPhaseOne.Process(XmlNode provisionResponseNode)<br \/>\nat Microsoft.Exchange.AirSync.ProvisionCommand.ExecuteCommand()<br \/>\nat Microsoft.Exchange.AirSync.Command.WorkerThread()<br \/>\nInner exception follows&#8230;<br \/>\nException type: System.IO.FileLoadException<br \/>\nException message: The located assembly&#8217;s manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)<br \/>\nException level: 1<br \/>\nException stack trace:<br \/>\n&#8212; Exception end &#8212;<\/p>\n<p>Now\u00a0<strong>that<\/strong> is an error I&#8217;ve never seen before. As a programmer, I know what it means &#8230; you&#8217;ve basically got some components that don&#8217;t match another. But &#8230; huh? He changed his\u00a0<em>password<\/em>. Connected to the Exchange server directly (instead of remotely viewing logs &amp; files) and saw Windows Update had dropped files and a reboot was pending. Which &#8230; some files replaced, others staged for replacement pending a reboot. *That* is some components not matching others. Rebooted our box, and voila &#8230; registration goes through, mailbox sync started.<\/p>\n<p>I don&#8217;t know how many people allow auto-updates with a manual reboot on a production enterprise server (we manually patch and reboot during a scheduled maintenance window) where this\u00a0<em>could\u00a0<\/em>happen &#8230; but evidently Windows Update can get your Exchange server into a state where already configured clients are able to send and receive mail. But clients are unable to update passwords, and new clients cannot be configured.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>My husband changed his Active Directory password. Routine enough &#8211; we&#8217;ve got 15k accounts at the office and require a password change every 90 days. That&#8217;s\u00a0150-200 people changing their password every day. They get themselves locked out a lot (mobile devices, cached workstation credentials, and a host of other unique places people manage to store &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[30],"tags":[64,65,32,66],"class_list":["post-611","post","type-post","status-publish","format-standard","hentry","category-system-administration","tag-exchange","tag-exchange-2013","tag-technology","tag-windows-update"],"_links":{"self":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/611","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=611"}],"version-history":[{"count":2,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/611\/revisions"}],"predecessor-version":[{"id":613,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/611\/revisions\/613"}],"wp:attachment":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=611"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=611"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=611"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}