An ActiveSync session is being attempted with the server.
Errors were encountered while testing the Exchange ActiveSync session.
Attempting to send the OPTIONS command to the server.
The OPTIONS response was successfully received and is valid.
Headers received: Allow: OPTIONS,POST
Date: Mon, 15 Oct 2012 02:38:58 GMT
Attempting the FolderSync command on the Exchange ActiveSync session.
The test of the FolderSync command failed.
Exchange ActiveSync returned an HTTP 500 response.
If you open up Active Directory Users and Computers and locate one of your users that is not working, Double-Click into the account and click on the Security Tab (if this is not visible, Click on View --> Advanced Features from the Menu at the top of the screen then navigate back to your user).
Once on the security tab, click on the Advanced Button and make sure that the ‘Include Inheritable Permissions From This Object’s Parent’ is ticked. Click OK twice to close the user account.
In the user account properties click the advanced button.
In the advanced security window select "Include inheritable permissions from this object"
This will fix the problem for the account in question.
A Note for Administrator Accounts
If your account has administrative privilages in Active Directory you may find after inheriting permissions that your account may stop working again an hour later. This happens because Active Directory uses AdminSDHolder to define permissions the default protected security groups receive. Whilst you can change the inherited permissions, a process called SDPROP will run, by default every 60 minutes on the domain controller that holds the PDCe role. It will check the ACL of the protected groups and reset their inherited permissions and the users within the groups, with what has been defined by the AdminSDHolder object.
Microsoft’s recommendation and best practice is that if you are a domain administrator that you have 2 accounts. One for your everyday user which is restricted in the same way that every other user is and a second for your administration role.
The built in groups that are affected with Windows 2008 are:
Read-only Domain Controllers
The built in users that are affected with Windows 2008 are: