Windows 10 latest July Build 1607 v10.0.14393 ActiveSync Sync Issue


#1

Update 3/11/2016
The MobileIron development team have identified the issue and have included the fix in the next version of Sentry which is Sentry 8.5 and is due to be released in a week or two.

The issue was found to be due to incompatibility for the new windows version with how sentry strips/replaces the ActiveSync policy.

Windows client needs the following two xml keys added to an empty policy sent by Sentry.

MinDevicePasswordComplexCharacters>1</MinDevicePasswordComplexCharacters
AllowBluetooth>2</AllowBluetooth

Whereas, currently we only send MaxEmailHTMLBodyTruncationSize

With the added keys the policy is accepted and the client is able to configure and sync mail.

Update 26/10/2016

MobileIron Engineering have also been able to replicate this issue with Windows surface device by setting Default Active Sync Policy Behavior as Remove AS Server policy in MIFS->Services->Sentry->Preferences and engineering is investigating the same.

However we have a temporary workaround which you can try to
Change Default Active Sync Policy Behavior as Apply AS Server Policy in MIFS->Services->Sentry->Preferences to sync the mails properly

I have asked MobileIron Support:
Won’t allowing the ActiveSync policy to apply from the Exchange Server to the device conflict with the Security Policy in the Core Server if we do this?

How does this affect iOS and Android devices if we allow the ActiveSync Policy through to the device

Original Issue
Windows 10/1607 v10.0.14393 ActiveSync Sync Issue

The old build Windows 10/1511 build v10.0.10586 OS has no ActiveSync sync issues or errors

It looks like from our testing that your Windows 10 Surface Pro 3 has the latest Windows 10 pro anniversary update which is causing the issue and this update has a lot of issues reported online and everyone is highly suggesting not to update to it

  • Windows 10 Professional, Version 1607 (Updated Jul '16)

  • Windows 10 build 1607 v10.0.14393

Our Windows 10 Surface Pro 3 which is fully patched is running the 2nd of 3 available build versions of Windows 10 Pro which works fine

  • Windows 10 Professional, Version 1511 (Updated Apr '16)

  • Windows 10 build 1511 v10.0.10586

There are reports that this is the same issue for Windows 10 Mobile same version but Microsoft just released an updated version 10.0.14393.189 (15th September 2016) but isn’t released to public yet, only INSIDER PREVIEW.

Just tested with Windows 10 Insider Preview 10.0.14393.206 and issue is still present with:

  • Error Code: 0x86000c29 “The device doesn’t meet the security requirements set by your email administrator, to sync “email config name” you’ll need to update your settings”

“Attension Required”
“Something Went Wrong”
“Your device does not comply with the security policies set by your email administrator.”


#2

Update 26/10/2016

MobileIron Engineering have also been able to replicate this issue with Windows surface device by setting Default Active Sync Policy Behavior as Remove AS Server policy in MIFS->Services->Sentry->Preferences and engineering is investigating the same.

However we have a temporary workaround which you can try to
Change Default Active Sync Policy Behavior as Apply AS Server Policy in MIFS->Services->Sentry->Preferences to sync the mails properly

I have asked MobileIron Support:
Won’t allowing the ActiveSync policy to apply from the Exchange Server to the device conflict with the Security Policy in the Core Server if we do this?

How does this affect iOS and Android devices if we allow the ActiveSync Policy through to the device


#3

Update 3/11/2016
The MobileIron development team have identified the issue and have included the fix in the next version of Sentry which is Sentry 8.5 and is due to be released in a week or two.

The issue was found to be due to incompatibility for the new windows version with how sentry strips/replaces the ActiveSync policy.

Windows client needs the following two xml keys added to an empty policy sent by Sentry.

MinDevicePasswordComplexCharacters>1</MinDevicePasswordComplexCharacters
AllowBluetooth>2</AllowBluetooth

Whereas, currently we only send MaxEmailHTMLBodyTruncationSize

With the added keys the policy is accepted and the client is able to configure and sync mail.