Send As permissions not propagating to the exchange store?

After a new installation of BES 4.1.4 and going through all of the KB articles and how-to's on ensuring that the Send As permissions are created correctly, we still are unable to send an email as another user.  The rights are set-up correctly and I have trouble-shot this issue extensively with RIM, this is defiantly not a set-up issue on the BES server side, yet when attempting to send an email from a blackberry we still receive the red X when attempting to send emails from the blackberry device.

Although the issue that we are experiencing screams that this is a simple issue of send as not being set-up correctly, we have gone over it no less than 15 times and it is not a permissions issue from what I can tell.  As a test we created 2 test accounts that are not affected by any GPOs or   restrictions and the Send As does not allow the email to be sent through outlook, so this would appear to be an exchange issue, and not a blackberry issue.

Does anyone know of a reason that even with the correct permissions set through AD, users would still not be able to Send As other accounts?  

Relevant Event Logs :
ID : 20265
Source : BB Messaging Agent
{} MAPIMailbox::Send(ppMAPIMessage) - SubmitMessage (0x80070005) failed

(Again the send as permission ARE correct and this has even been verified by RIM)

ID : 20000
Source : MNGR
[ExchangeAdaptorDLL::Initialize] Failed to open default message store, result=0x8004011d.

(Not sure if this is tied to the same issue, but I can not find much information to go along with this error and it appears after attempting to send a message from a blackberry.)

Any ideas?
Who is Participating?
ALogvinConnect With a Mentor Commented:
I'm glad that you were able to focus your question down to an Exchange/AD issue, however several people (myself included) helped you reach this conclusion. You dont have to grant all of the assigned points, but we did spend our time to help you, and it would be a nice thing to do.
I've opened hundreds of cases with RIM. Trust me when i say this... they are only human, and can be wrong too. Based on the information I see here, your BES account does not have the correct permissions.

Here is the BEST way to test.

Log into your BES. Go to the following directory w/ Command Prompt:
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\Utility

There is an app there called IEMSTest.exe run this. It will pop up a prompt asking which MAPI profile you want to use... chose the one you created for your BES Account. Next it will show your address book.. pick a user who is failing to work.

It will run several tests, and spit out the results. This process has absolutely NOTHING to do with BES, it is a simply MAPI test to verify permissions. If it reports errors, i promise you this is a permissions issue.

If the users in question are members of any protected groups within Active Directory, such as Account Operators, Backup Operators, or Domain Admins, this behavior is expected and by design.

If this is the case, see the following for details and potential workarounds:
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

AzyreAuthor Commented:
They are not members of any groups, that has been checked multiple times, and we even went so far as to create 2 users from scratch outside of any OU's to attempt to get this to work.  The send as right is on the account, and I'm pretty knowledgeable on AD rights, the send as right is set up correctly and is viable on the user container (though that does;t mean that the right has actually been applied.  

I'll check that utility tomorrow, crazy how RIM never even told me to run it, they were attempting to dump me off on Microsoft, and I really didn't feel like getting in the middle of a finger pointing match.
AzyreAuthor Commented:
I ran that utility and it bombs with the following error.  It's similar to the MNGR error posted above.  an clue on how to alleviate the permission error it's spitting?  Google and RIM both don;t seem to have any relevant information for this one.

C:\Program Files\Research In Motion\BlackBerry Enterprise Server\Utility>iemstes
BlackBerry Enterprise Server Utility - IEMSTest.exe (IExchangeManageStore), Vers
ion 1.0
Copyright (c) Research In Motion, Ltd. 1999. All rights reserved.
OpenMsgStore() for this profile failed (8004011d)
Well that does prove it is a permissions issue at least. Now to figure out where to go from there ;)

I know you said the permissions were right. I dont want you to think im calling you out here, but all of the evidence does point to that being the case.

Lets check.
Open Exchange System Manager. Expand until you see your Exchange server, right-click on it and hit Properties.
Click on the Security tab, and look for your BES Admin account. Click on it, and make sure these 3 items are checked: Administer Information Store, Send As, Receive As. Now, click on the Advanced button, and verify that the "Allow inheritable permissions from parent to propagate to this object and all child objects" is checked.

My guess is that checkbox under Advanced isnt checked right. Also, verify that the service account that the services on your BES are starting as is your BES Admin account. I've logged into my BES server as my domain profile on accident once during an upgrade and screwed that up ;)
AzyreAuthor Commented:

All of those permission are there and set correctly.  The besadmin account has the send as permissions to the user's account, has exchange view administrator right set and they are propagating down to the mailbox level, and the the services are running as the besadmin account.  This has also been verified by RIM and another admin who is in my company so incorrect settings are pretty much ruled out.  It would appear that what is occurring is the fact that even though the right s appear to be set correctly, and even though the check marks are all in the correct location, the right are not being applied.  We have gone as far as restarting the mail store in an attempt to get the rights to actually take affect as they appear to be set correctly, but are still not actually being applied.  And again this is being tested currently with 2 test users created from scratch so it's not an issue of exchange stripping the send as permissions from the accounts either.  I really just feel like I'm running into a brick wall on this and don;t really know where to take the troubleshooting from here short of giving the ol' M$ a call...
Ok. Log into your BES, and open up the Manager.

Now, open up your log directory, and open up the MNGR log. Do you see something like this:

[30145] (08/10 15:02:33):{0x908} Starting BlackBerry Manager - Version
[30146] (08/10 15:02:33):{0x908} Initializing the MailboxManager with profile BlackBerryServer
[40206] (08/10 15:02:33):{0x908} MailboxManager::SubsystemInitialize - Using MAPI profile 'BlackBerryServer'
[20137] (08/10 15:02:33):{0x908} MailboxManager::SubsystemInitialize - g_pSession->OpenMsgStore (0x8004011d)
[10160] (08/10 15:02:34):{0x908} A failure was encountered trying to initialize the BlackBerry Manager.

Maybe it is something wrong w/ the MAPI profile on your BES. That could be it too. If you see the above messages, delete your mapi profile and recreate it.
AzyreAuthor Commented:
Doesn't seem to be the issue either.

[30000] (10/14 11:25:56.995):{0x1F20} BlackBerry Manager Version starting...
[30000] (10/14 11:25:57.010):{0x1F20} Mailstore Connector initialized.
AzyreAuthor Commented:
I'm going to close this question to remove the blackberry piece as this doesn't work through Exchange, and isn't a RIM issue, but a rights not propagating correctly issue.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.