Windows 8.1 Mail - Issue with exchange account

Yaayuh! · 14 Aug 2014 at 15:20

Hi All.

Annoying issue here. Finally managed to get passed the "need a microsoft account" on the mail app, to setup a domain exchange account on it. All was going fine until initial sync, i get the message: "This PC can't meet the security requirements for syncing..." PC.

This will be because there is an Active Sync security policy in place for the requirement of a passcode on the mobile device.

This seems to be getting in the way for 8.1 and i can't set a passcode for it, and neither do i want or need to because it's a domain user account that needs signing in!

Any way around this at all?

Ploppy2k3 · 14 Aug 2014 at 16:21

it really depends on what your Exchange admin has in place.

By the fact that you are instantly bounced would indicate that the "WindowsMail (DeviceType) is blocked as usually if its a password requirement or similar you are given the change to correct it rather than being bounced out.

Yaayuh! · 14 Aug 2014 at 16:58

Ploppy2k3 said:
it really depends on what your Exchange admin has in place.

By the fact that you are instantly bounced would indicate that the "WindowsMail (DeviceType) is blocked as usually if its a password requirement or similar you are given the change to correct it rather than being bounced out.

I'm the exchange admin.
All that's set is the requirement of a simple passcode. The Mail app states that the "PC" can't meet the security requirements, which suggests i'm going to have to disable our active sync security policy, which isn't going to happen.

Curses.

Ploppy2k3 · 14 Aug 2014 at 17:02

if requiring a password is the only thing required then I take you have a password?

if like my you dont want a password on your home PC but want to use Windows Mail then just create a different AtiveSync policy that requires nothing and assign it to yourself.

(breaking all company procedures in the process)

Yaayuh! · 15 Aug 2014 at 08:54

Ploppy2k3 said:
if requiring a password is the only thing required then I take you have a password?

if like my you dont want a password on your home PC but want to use Windows Mail then just create a different AtiveSync policy that requires nothing and assign it to yourself.

(breaking all company procedures in the process)

It has a password because it's a domain account.

I'll take a look at modifying the active stink policy but probably will just settle for Outlook instead.

Ploppy2k3 · 15 Aug 2014 at 09:29

check your activesync / mobiledevicepolicy against this one I use. this def allows Windowsmail etc

RunspaceId : c1f1537f-c2ed-471c-b519-48520bfa9ad1
AllowNonProvisionableDevices : True
AlphanumericPasswordRequired : False
AttachmentsEnabled : True
DeviceEncryptionEnabled : False
RequireStorageCardEncryption : False
PasswordEnabled : True
PasswordRecoveryEnabled : False
DevicePolicyRefreshInterval : Unlimited
AllowSimplePassword : True
MaxAttachmentSize : Unlimited
WSSAccessEnabled : True
UNCAccessEnabled : True
MinPasswordLength : 4
MaxInactivityTimeLock : 00:20:00
MaxPasswordFailedAttempts : 10
PasswordExpiration : Unlimited
PasswordHistory : 0
IsDefault : True
AllowApplePushNotifications : True
AllowMicrosoftPushNotifications : True
AllowGooglePushNotifications : True
AllowStorageCard : True
AllowCamera : True
RequireDeviceEncryption : False
AllowUnsignedApplications : True
AllowUnsignedInstallationPackages : True
AllowWiFi : True
AllowTextMessaging : True
AllowPOPIMAPEmail : True
AllowIrDA : True
RequireManualSyncWhenRoaming : False
AllowDesktopSync : True
AllowHTMLEmail : True
RequireSignedSMIMEMessages : False
RequireEncryptedSMIMEMessages : False
AllowSMIMESoftCerts : True
AllowBrowser : True
AllowConsumerEmail : True
AllowRemoteDesktop : True
AllowInternetSharing : True
AllowBluetooth : Allow
MaxCalendarAgeFilter : All
MaxEmailAgeFilter : All
RequireSignedSMIMEAlgorithm : SHA1
RequireEncryptionSMIMEAlgorithm : TripleDES
AllowSMIMEEncryptionAlgorithmNegotiation : AllowAnyAlgorithmNegotiation
MinPasswordComplexCharacters : 3
MaxEmailBodyTruncationSize : Unlimited
MaxEmailHTMLBodyTruncationSize : Unlimited
UnapprovedInROMApplicationList : {}
ApprovedApplicationList : {}
AllowExternalDeviceManagement : True
MobileOTAUpdateMode : MinorVersionUpdates
AllowMobileOTAUpdate : False
IrmEnabled : True
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)

Yaayuh! · 15 Aug 2014 at 11:47

Edit, actually, that wasn't the default, this is:

Maybe AllowNonProvisionableDevices?

RunspaceId : fcea0612-59ce-4120-a257-b5028f300a7a
AllowNonProvisionableDevices : False
AlphanumericDevicePasswordRequired : False
AttachmentsEnabled : True
DeviceEncryptionEnabled : False
RequireStorageCardEncryption : False
DevicePasswordEnabled : True
PasswordRecoveryEnabled : False
DevicePolicyRefreshInterval : unlimited
AllowSimpleDevicePassword : True
MaxAttachmentSize : unlimited
WSSAccessEnabled : True
UNCAccessEnabled : True
MinDevicePasswordLength : 4
MaxInactivityTimeDeviceLock : 00:15:00
MaxDevicePasswordFailedAttempts : unlimited
DevicePasswordExpiration : unlimited
DevicePasswordHistory : 0
IsDefaultPolicy : True
AllowStorageCard : True
AllowCamera : True
RequireDeviceEncryption : False
AllowUnsignedApplications : True
AllowUnsignedInstallationPackages : True
AllowWiFi : True
AllowTextMessaging : True
AllowPOPIMAPEmail : True
AllowIrDA : True
RequireManualSyncWhenRoaming : False
AllowDesktopSync : True
AllowHTMLEmail : True
RequireSignedSMIMEMessages : False
RequireEncryptedSMIMEMessages : False
AllowSMIMESoftCerts : True
AllowBrowser : True
AllowConsumerEmail : True
AllowRemoteDesktop : True
AllowInternetSharing : True
AllowBluetooth : Allow
MaxCalendarAgeFilter : OneMonth
MaxEmailAgeFilter : OneWeek
RequireSignedSMIMEAlgorithm : SHA1
RequireEncryptionSMIMEAlgorithm : TripleDES
AllowSMIMEEncryptionAlgorithmNegotiation : AllowAnyAlgorithmNegotiation
MinDevicePasswordComplexCharacters : 1
MaxEmailBodyTruncationSize : unlimited
MaxEmailHTMLBodyTruncationSize : unlimited
UnapprovedInROMApplicationList : {}
ApprovedApplicationList : {}
AllowExternalDeviceManagement : False
MobileOTAUpdateMode : MinorVersionUpdates
AllowMobileOTAUpdate : True

Yaayuh! · 15 Aug 2014 at 11:58

HUZZAH!!

It was indeed "Allow Non-Provisionable Devices"

Which in hindsight is quite obvious. Activesync can't deal with W8 Mail properly so basically says "Nope, not allowing it".

Ploppy2k3 · 15 Aug 2014 at 12:36

glad its sorted.

You would figure though that Win8 would have been "provisionable" wouldn't you!

Own goal to M$

Yaayuh! · 15 Aug 2014 at 14:29

Ploppy2k3 said:
glad its sorted.

You would figure though that Win8 would have been "provisionable" wouldn't you!

Own goal to M$

Indeed. It's rather frustrating really. Before this i had to ammend the local group policy to set the "Microsoft Account Required" to "Optional" so that it didn't ask me to set a new email address for the user.