Sometimes, only one or a few devices are unable to receive email. They receive the message "Cannot Get Mail. Cannot connect to server." This does not affect all users, but a smaller subset of the deployment. Re-enrolling the device does not help.
- On Active Directory, go to User Details for the affected user. Click on Advanced. Enable "Include inheritable permissions from this object's parents" for their user objects in AD for the user.
- On the Exchange server, an exchange account is by default only allowed 10 linked devices. These "device partnerships" are found in the Outlook Web App -> Options -> Phone -> Mobile Phones. If this list is filled, remove some of the devices that are no longer used.
- ActiveSync has not been enabled for the specific mailbox. This can be verified via PowerShell:
Get-CASMailbox -Identitiy <Username> | Select-Object ActiveSyncEnabled