Users are getting an error "Could Not Create Exchange Provisioning Profile" when they have not logged into Secure Mail for a few hours.
Users can click OK and email will sync fine.

> Verify in SecureMail MDX policies on XenMobile web console if the exchange server URL is correct.
> Also the background network service gateway shouldn't have any spaces between FQDN and port.
eg -  exchangeserver.com:443

To resolve this issue disable the refresh interval on Exchange.

To disable the Refresh interval on Exchange, navigate to Exchange Management console > Exchange > Organization Configuration > Client Access > Properties and select the General tab and uncheck Refresh interval (hours).

In Exchange 2010



In Exchange 2013 & 2016



[PS] C:\>get-ActiveSyncMailboxPolicy | fl *DevicePolicyRefreshInterval

DevicePolicyRefreshInterval : 00:30:00

In future version of Exchange. Use the below cmdlet

[PS] C:\>get-MobileDeviceMailboxPolicy | fl *DevicePolicyRefreshInterval

DevicePolicyRefreshInterval : 00:30:00

[PS] C:\>Set-MobileDeviceMailboxPolicy Default -DevicePolicyRefreshInterval Unlimited
[PS] C:\>get-MobileDeviceMailboxPolicy | fl *DevicePolicyRefreshInterval
DevicePolicyRefreshInterval : Unlimited

If DevicePolicyRefreshInterval is set to some values, change it Unlimited with help of Exchange Administrators. Usually this option is selected when we want policies to be refreshed on devices regularly from exchange side. This option is not required as it creates a conflict with XMS Heartbeat Interval ,Secure Hub from the device does the Push Services Heartbeat Interval with the default frequency of 6 hours.

If the DevicePolicyRefreshInterval is set to Unlimited then Disable IRM for Secure Mail within the mdx policy

Problem Cause

• Refresh interval on Exchange was enabled.
• IRM enabled for SecureMail within the MDX policy
• Spaces between FQDN and port for background network service gateway in SecureMail MDX policy