Quite possibly the most frustrating thing I've encountered in a while. I had to rework some of my ActiveSync test code to work with Exchange.

I spent long hours trying to figure out why my request was being denied, and the only error you get is "BAD REQUEST".

Quite the trouble to diagnose. After trying a lot of things to narrow down the scope of the problem, I ended up putting a reverse proxy server in the middle to sniff packets, so I could Wireshark-capture unencrypted data sent from WindowsMail during the provisioning process.

WindowsMail <--> [Reverse Proxy] <--> Exchange

That didn't quite help though. I verified EVERYTHING, including crawling through the WBXML binary data by hand (libwbxml's conversion process is to be questioned), crawling through the MS-ASHTTP binary query by hand. This protocol is a HUGE pain in the ass.

I also suspected unwanted HTTP headers were the problem, but they weren't. I had written a small script to manually submit an HTTP request, changing the plain data to rule everything irrelevant out.

The problem turned out to be an inconsistency between Exchange and the MS-ASHTTP specification: if you have a device ID longer than 16 characters, your request will be rejected. I actually did suspect my device ID early on, but the specification said that it was completely valid...

You're not quite out of the woods yet when the bad requests go away, but at least after that point you will get a status code to tell you what else is wrong.