Update 11/8/2022: We have now released November 2022 Security Updates for Exchange Server. Please install those (or newer) updates to address vulnerabilities mentioned in this post. Mitigations are n...
Updated Nov 08, 2022
Version 17.0
Blog Post
2 MIN READ
Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server
Is anyone else having issues adding ActiveSync Devices or connecting to ActiveSync after applying these mitigations? Specifically, a new user has this issue:
Source: MSExchange ActiveSync
Event ID: 1053
Task Category: Configuration
Description:
Exchange ActiveSync doesn't have sufficient permissions to create the "CN=MailboxName,OU=OrganizationalUnitName,DC=domain,DC=suffix" container under Active Directory user "Active Directory operation failed on DOMAINCONTROLLER.domain.suffix. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0".
Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type "msExchangeActiveSyncDevices" and doesn't have any deny permissions that block such operations.
As seen here: Event ID 1053 Exchange ActiveSync doesn't have sufficient permissions to create container - Exchange | Microsoft Learn
I'm wondering if the URLRewrite or the removal of the default Remote Powershell permissions would interfere with this. Thank you.