ActiveSync device cannot retrieve mails but can send normally !!!

One of the strangest situations that Exchange admins may face after deployment of a Exchange server antivirus ( e.g. Forefront protection for Exchange 2010 ) is that no mails can be retrieved via ActiveSync devices even it is retrievable with either Outlook or OWA . The situation could get worse , as mails start to flow to ActiveSync device as soon as it is opened by Outlook client !!

This can sometimes be caused by the way antivirus software scans new emails. Some anti virus programs only scan new emails when they are accessed (either via Outlook, or OWA, but not by ActiveSync). The problem with this, is that the emails don’t get delivered to the user until they have been scanned. The easiest way to determine if this is the problem, is to open outlook, and see if you get emails straight away on your ActiveSync/mobile device. Then close outlook, and see if you still get new emails come in straight away. You might need to send a test email from another PC or different email provider to test this.

In order to overcome this issue , all you need is to enable Proactive Scanning ( disabled by default ) on you server , as follow :

• From Run , type RegEdit and hit enter

• Browse to HKEY_Local_Machine\System\CCS\Services\MSExchangeIS\VirusScan and modify ProactiveScanning DWORD value from 0 to 1

• The Proactive Scanning setting is now enabled, but it will not take effect until you restart the exchange services, or you set the ReloadNow key to “1″ ( preferred ) .

• Wait for a few seconds , then refresh the RegEdit view and notice that ReloadNow value was reverted to 0

Once these actions are done ActiveSync devices will be able to retrieve received emails normally

Bonus ( for Forefront protection for Exchange 2010 ) :

Select the Scan after engine update check box for the real-time scan. When you enable Proactive Scanning , the real-time scan job rescans previously scanned messages when they are accessed following an engine or definition update. Enabling this setting also automatically sets the ProactiveScanning registry value to 1. However, you may want to enable proactive scanning without rescanning messages after engine updates, since this may impact server performance. In this case, you should set the ProactiveScanning registry value to 1 without selecting the Scan after engine update check box.