As always, getting an error message can have different causes. And when administering the “fix” you might not solve your problem. So I will offer up a couple of different solutions to problems that produce the 0×85010004 error message.

Sometimes you receive the 0×85010004 error message when you try to synchronize a Windows Mobile 5.0-based device in Exchange Server 2003.

You may have installed Microsoft Exchange Server 2003 Service Pack 2 (SP2) on a computer that was running Microsoft Windows 2000 Service Pack 4 (SP4). And you enabled the Enforce password on a device option in Exchange System Manager. This option is in the Device Security Settings dialog box under Mobile Device Properties. Then you tried to synchronize a device that was running Microsoft Windows Mobile 5.0 software for Pocket PCs. If that device had the Messaging and Security Feature Pack for Windows Mobile 5.0 installed you probably received the following error message: 0×85010004. The device probably also did not synchronize.

An additional error message may show up on your Windows Mobile-based device:

“Your Account does not have permissions to sync with your current settings. Contact your Microsoft Exchange administrator.  Error code: HTTP_403”

When this error happens the device security settings will not be enforced on Windows Mobile-based devices. The device security settings, set in the global settings of the Exchange server, will be bypassed even though the mobile device will still synchronize.

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described here. Only systems which are experiencing this specific problem should have the hotfix applied. Additional testing was still planned for this hotfix so if you are not severely affected by this problem it is recommended that you wait for the next software update that contains this hotfix.

Prerequisites for this hotfix include SP2 be installed for Exchange Server 2003. The following services will need to be restarted after you apply the hotfix:

• World Wide Publishing Service
• Simple Mail Transport Protocol (SMTP)
• Microsoft Exchange Routing Engine
• IIS Admin Service

Another 85010004 error code message may look like this:

HTTP_403 85010004 : A forbidden HTTP communication or protocol was used.
- OR -
Your account does not have permission to sync with your current settings. Contact your Microsoft Exchange administrator. Remove the item from the synchronization list.

In this case, you may have one of three possible scenarios:

1. The Microsoft-Server-ActiveSync virtual directory on your server is configured to require SSL and you are using a device without SSL.
2. The Exchange virtual directory on your mailbox server is configured to require SSL.
3. This error could occur if host headers are being used and the request goes to the wrong Web site.

Here are possible solutions:

1. On your Pocket PC 2003-based device, click Start, ActiveSync, Tools, Options, Server and check the box “This server uses an SSL connection”.
2. On your Smartphone 2003-based device, click Start, ActiveSync, Menu, Options, Server Settings, Connection and check the box “This server uses an SSL connection”.
3. Verify that host headers are configured correctly.

Here are some additional troubleshooting steps you can take:

1. Install the hotfix already mentioned above.
2. This issue can be caused if you have a Firewall and have not allowed a rule on the Firewall for Microsoft-Server-ActiveSync:

• Check if you have run the CEICW Wizard
• Open Server Management console, navigate to ‘To Do List’ and click ‘Connect to the internet’ in the right panel.
• Run the wizard to configure the networking settings for a SBS server. It automatically creates the ISA rules for internet access and site publishing. It’s strongly recommended to use the wizard to configure the SBS server. More info can be found in the article 825763 – How to configure Internet access in Windows Small Business Server 2003 – http://support.microsoft.com/?id=825763
  This can help in situations where you are unable to synchronize with Exchange server using Active Sync.  (http://support.microsoft.com/default.aspx?scid=kb;EN-US;924216)

1. Check the properties of Microsoft-Server-ActiveSync. The Directory Security properties for the IP Address and Domain Name Restrictions should be set to “GRANTED ACCESS” and not configured as ” DENIED ACCESS”.
   a. Open IIS.
   b. Expand Web Sites -> Default Web Site.
   c. Open the Properties page of Microsoft-Server-ActiveSync.
   d. In Directory Security tab, click Edit under “IP address and domain name restrictions”.
   e. Make sure that you configured as Granted access.
2. Check the following IIS settings:

• For Exchange/Exchange-OMA virtual directory:
  a. Open IIS Manager
  b. Open properties of virtual directory Exchange/Exchange-oma
  c. Select Directory Security tab
  d. Select Edit in Authentication and access control box. Make sure the authentication setting are as follows:
  - Authentication Methods
  - Enabled Basic authentication
  - Enabled Integrated Windows authentication
  - Disabled anonymous access
• For OMA virtual directory and Microsoft-Server-ActiveSync virtual directory:
  a. Open IIS Manager
  b. Open properties of OMA virtual directory and Microsoft-Server-ActiveSync virtual directory respectively.
  c. Select Directory Security tab
  d. Select Edit in Authentication and access control box. Make sure theauthentication settings are as follows:
  - Authentication Methods
  - Uncheck Enable anonymous access
  - Uncheck Integrated Windows authentication
  - Check Basic authentication