Kitkat causes ActiveSync headaches for Android users

Bring-Your-Own-Device (BYOD) is a great way for companies to enable their workforce with mobile devices cheaply, mostly because the employees pay for their own devices and data plans. The downside is when things go wrong and the blessed devices stop working for one reason or another. Sometimes software is to blame, as in the case of Android 4.4 "Kitkat", which doesn't want to connect to Exchange via ActiveSync. Cue calls to the help desk... Ah, the joys of a BYOD policy!

As you probably realize, many of the mobile device vendors who create tablets and smartphones running the Android operating system license it to connect to Exchange using ActiveSync (EAS).  And despite the differing implementations of email clients on the various Android devices, most of the time connections are easy and reliable, which is exactly how you’d like them to be.

The charmingly named KitKat release (aka Android 4.4) is due to appear soon and users will have the opportunity to upgrade over-the-air (OTA). Most people don’t give upgrades too much of a thought and click on the “Accept” or whatever other button will instruct the device to download and apply the new code when offered. It’s the same on other mobile platforms and the ease and facility of OTA updates usually contribute to keeping devices secure and performing by eliminating bugs and security holes.

All is well until you hit a problem, and that’s what seems to be happening for the souls who have applied KitKat to their devices and then find that they can’t connect to Exchange via EAS. The problem was originally reported on November 4 and although Google has marked the bug as “Closed” (fixed in a future release), its characterization as a “small” priority has been challenged by people who download Kitkat and then find that email and calendar synchronization is broken. Any attempt to connect the device via ActiveSync is declined by Exchange due to an authentication failure, possibly due to a change in the way that application credentials are stored. The problem affects all versions of Exchange, including Exchange Online in Office 365.

(Thought: would it be a "large" problem if Android couldn't connect to Gmail? Just thinking...)

New problem reports continue to flow into Google, which indicate that the bug fix has not yet been incorporated into the code available to end users. The problem has been encountered on many different Android devices from Nexus 4/5 to Motorola Moto X.

If your company operates a BYOD policy, it’s likely that some users will encounter this problem as KitKat updates are pushed out (for example, here’s the location for the Nexus 4 OTA update). For the moment, it is best to tell users to decline the update and keep devices running Android 4.3 until Google confirms that the problem has really been fixed and the OTA update packages are updated with the new code.

Update December 6: Paul Robichaux reports that the Kitkat problem might be fixed with Android 4.4.1. Then again, it might not. Or other problems might still be present. It's enough to make an administrator tear out what little of their hair remains after all the ActiveSync issues with iOS last year. The most proactive approach you can take is to block new mobile device operating systems with ActiveSync device access rules or use a mobile device management product to keep updates away until they have been validated, checked, clarified, and anything else needed to ensure that they won't compromise your Exchange servers. What a bloody mess!

Follow Tony @12Knocksinna

Discuss this Blog Entry 2

on Dec 26, 2013

If you’ve got an android running version 4.4 (KitKat), you may have run into the issue of it no longer syncing Exchange ActiveSync. This is an issue that is acknowledged by Google, but they don’t consider it an urgent issue. Well, Art here at Lanlogic wasn’t satisfied with that answer, and, after updating his Moto X to 4.4.2, decided to call Motorola support for assistance with this issue after scouring the internet for any sort of resolution and not finding anything.

After getting escalated to tier two support, he spoke with an engineer who had him do the following from the native email app:
1.Settings> Accounts> Corporate
2.Tap the three dots on the top right corner and select “sync now”
3.Swipe down from the top of the screen to show recent notifications
4.Find and tap on the security alert and select the option to activate now

Once he did so, his Exchange email started to sync. This also worked on his Nexus 7 so it’s safe to assume that this will work on any device running Android OS version 4.4.2.

on Aug 26, 2014

Thanks, Lanlogic. Your instructions worked perfectly.

Please or Register to post comments.

What's Tony Redmond's Exchange Unwashed Blog?

On-premises and cloud-based Microsoft Exchange Server and all the associated technology that runs alongside Microsoft's enterprise messaging server.


Tony Redmond

Tony Redmond is a senior contributing editor for Windows IT Pro. His latest books are Office 365 for Exchange Professionals (eBook, May 2015) and Microsoft Exchange Server 2013 Inside Out: Mailbox...
Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×