Android – Failed to create the account please try again later

Recently we upgraded our Exchange server at the office to 2010. I have a handful of users using iPhones and Android devices to connect to the Exchange server. After the upgrade, I had a user which could not sync his account with his Android. After entering all the correct setting on the device it would kick the error;

Failed to create the account. Please try again later

I went online I found a handful of people were having luck ticking “Include inheritable permissions from this object’s parent” in Active Directory settings. In this particular case, this did not fix the issue.

After a bit of digging around I realized this user did not have permissions to create or delete ActiveSync objects on the exchange server. His account was a legacy account (has been around long before I took over this network) and for some reason this entry was missing.

Here is a normal user account with the permissions. The top one, with the “special” permission is the entry for ActiveSync.

 

This is what we see when we edit that entry.

On my legacy user, this entry was not there.

To fix the problem, we just need to create one.

Go Active Directory Users & Computers.

Open the properties of the user.

Click on the Security Tab. If you don’t see this tab, Enable Advanced Features in Active Directory Users and Computers (it is listed under “view”).

Click on the “Advanced” button.

On the permissions tab, click “Add”.

Select your Exchange Server group.

In the permissions window, select Allow for “Create msExchActiveSyncDevices object” and “Delete msExchActiveSyncDevices object”. then click OK.

This will create the needed entry. It will look like the one highlighted below.

Wait for Active Directory to propagate the changes to the Exchange server (or go to the exchange server and run “Gpupdate” from a DOS box).

Try to connect your Android to Exchange. This should fix the error.