When you connect to a server that is running Microsoft Exchange Server by using a Windows Phone-based device, synchronization fails. Additionally, you receive an error message that resembles one of the following:
Error message 1Mail.Contoso.com requires that certain security policies be enforced before you can sync your information. Contact a support person or your service provider.
Last tried x minutes ago.
Error code: <ErrorCode>
Mail.Contoso.com requires that certain security policies be enforced. Try syncing again to apply the policies. If you keep seeing this message, contact a support person or your service provider.
Last tried x minutes ago.
Error code: <ErrorCode>
In these error messages, the placeholder <
ErrorCode> represents one of the following error codes:
- 0x85010013
- 0x8600C2B
- 86000C29
This issue occurs if an Exchange ActiveSync mailbox policy was implemented that uses parameters that the Windows Phone-based device cannot completely enforce.Â
The Exchange Client Access server responds to the device with an HTTP status of 449 when the device cannot enforce every parameter within the Exchange ActiveSync mailbox policy. Each successive synchronization attempt will fail with an HTTP status of 449 while the current Exchange ActiveSync policy is in place.
To resolve this issue, change an existing Exchange ActiveSync policy, or create a new Exchange ActiveSync policy, so that the policy applies to Windows Phone-based devices. To do this, take one of the following actions:
- Change the existing Exchange ActiveSync policy to apply only to supported policy parameters.
- Create a new Exchange ActiveSync policy that applies the supported policy parameters that Windows Phone devices can implement. Then, assign this policy to Windows Phone users.
To work around this issue on a Windows Phone 8-based device, enable the
Allow Non-provisionable Devices parameter in your Exchange ActiveSync policy.
Important The
Allow Non-provisionable Devices parameter lets devices synchronize. This is true even when policies that the device can enforce do not match the Exchange ActiveSync policy parameters that are configured on the server.
Exchange ActiveSync Mailbox Policies
The following tables detail the policies that are supported by Windows Phone devices.
Policy parameters that are supported by Windows Phone 7
Collapse this tableExpand this table
| PasswordRequired | AllowSimplePassword | DisableIrDA |
| MinPasswordLength | PasswordExpiration | DisableDesktopSync |
| IdleTimeoutFrequencyValue | PasswordHistory | BlockRemoteDesktop |
| DeviceWipeThreshold | DisableRemovableStorage | BlockInternetSharing |
Policy parameters that are supported by Windows Phone 8
Collapse this tableExpand this table
| AllowSimpleDevicePassword | MaxInactivityTimeDeviceLock |
| AlphanumericDevicePasswordRequired | MinDevicePasswordComplexCharacters |
| DevicePasswordEnabled | MinDevicePasswordLength |
| DevicePasswordExpiration | RequireDeviceEncryption |
| DevicePasswordHistory | RemoteWipe |
| IrmEnabled | AllowNonProvisionableDevices |
| MaxDevicePasswordFailedAttempts |
Additionally, the EAS policy parameter
AllowStorageCard is supported when devices are managed by using Microsoft System Center Configuration Manager. Â
For information about how to change or create Exchange ActiveSync policies, go to the following Microsoft TechNet websites:
Common issues
Microsoft Support frequently receives support requests for issues about ActiveSync Mailbox policy enforcement. The most common cause of these issues is the presence of unsupported policy parameters. When theÂ
AllowNonProvisionableDevices parameter is set to
False, policy parameters must be enforced for the device to be provisioned successfully, unless there is a valid reason for the policy parameter to be ignored.
Supported policy parameters are listed earlier in this article. When you troubleshoot issues about policies, the existing policies should be reviewed for the presence of an unsupported parameter that cannot be ignored. This includes both default and customized policies. A detailed list of policies and their enforcement is available on the following Microsoft Developer Network (MSDN) webpage:
The following example details an issue with the current version of Windows Phone 8, and will be addressed in a future update.
When the policy parameter
Require Encryption on Storage Card is enabled, Windows Phone 8 devices misreport the presence of an SD card, even if the device has no SD card slot. The policy enforcement occurs, provisioning fails, and the device cannot be synchronized.Â
According to MSDN topic 2.2.2.51Â (
RequireStorageCardEncryption
(http://msdn.microsoft.com/en-us/library/ee179036.aspx)
) about the policy parameter, if the policy parameter is present but the device does not support removable storage, the parameter should be ignored, and the device should be able to synchronize.
To work around this issue, use the methods that are mentioned in the "Resolution" and "Workaround" sections for the Windows Phone 8 devices.
For more information about policies that are supported by Windows Phone, go to the following TechNet website:
For more information about Windows Phone device management and policies that are supported by Windows Phone, go to the following TechNet website:
For more information about what to consider when you use Windows Phone 7 and Exchange Server, go to the following TechNet website:
Article ID: 2464593 - Last Review: May 21, 2013 - Revision: 8.0
Applies to
- Microsoft Exchange Server 2007 Enterprise Edition
- Microsoft Exchange Server 2007 Standard Edition
- Microsoft Exchange Server 2010 Enterprise
- Microsoft Exchange Server 2010 Standard
| kbsurveynew kbwp8 kbtshoot kbprb KB2464593 |