iPhone 3.1 breaks Exchange ActiveSync – The fix

Posted by on Sep 11, 2009 in Exchange, Exchange 2007

After yesterday’s announcement made by Apple with regards to the latest iTunes version 9 and iPhone OS 3.1, I decided to update both and take advantage of the new features. After updating iTunes to version 9, I docked my iPhone which then detected that an update was available in which it then proceeded and installed successfully. However! When I decided to look at my work Exchange ActiveSync Account I received the following popup as per the below screen shot.

“The account “” requires encryption which is not supported on this iPhone”


My iPhone is the 3G model which apparently does not support encryption, however the new 3GS does. So why did my original ActiveSync Policy (which is set to “Require encryption on the device”) always worked with my 3G iPhone prior to the 3.1 update. As per the following post by Daniel at ExchangeGeek , the iPhone 2/3G was set to bypass this setting and still sync with the iPhone. Okay, so 3.1 has now resolved this “bypass” issue, but where was the notice from Apple warning users and Exchange Administrators that this will be the case.

So here is the deal, if you want your non 3GS iPhone devices to continue to sync with your Exchange Server, your Exchange Administrators will need to create a separate Exchange ActiveSync Mailbox Policy and assign it to non 3GS mailboxes. So let’s begin the process.

Launch Exchange Management Console in 2007 and navigate to Organization Configuration / Client Access Node. Your ActiveSync Policies will be listed as follows.


I have 2 policies setup one being the Default and the other a custom policy that I have created specifically for Windows Mobile 6 devices which I have set as the default policy. This policy enforces device encryption so I will now proceed and create a new policy for my non 3GS iPhone users. On the right navigation pane under Actions, Client Access click on “New Exchange ActiveSync Mailbox Policy..” to invoke the wizard. Fill out the details and ensure you do not select “Require encryption on the device”.


Click New. You will receive the below confirmation message upon completion.


You will now need to navigate to your user’s mailboxes whom own a non 3GS device and assign the new policy that you have just created. To do so, navigate to Recipient Configuration / Mailbox and right click on the respective mailbox user and select properties.

Click on the Mailbox Features Tab, click on “Exchange ActiveSync” and then click on “Properties”


Browse for the new policy that we have just created and then click on OK.


Then click Apply and OK to close the properties of the mailbox.

On the iPhone itself, you should now be able to navigate to Settings / Mail, Contacts, Calendars in which you will notice that your Exchange ActiveSync Account is set to Inactive.


Click on the account and then turn on your sync items.


That’s it. Your non 3GS iPhone users are back in business and are able to sync just as they were prior to the 3.1 update.

Were you caught off guard with this update and do you have many users running non 3GS devices against your Exchange Server? Let me know if you were just as surprised as I was after the 3.1 update.