Blackberry Server does not deliver email to devices and does not sync with Exchange Server IT policy.

We recently performed updates to our Exchange 2003 system late last week, following which our Blackberry Enterprise Server system stopped delivering messages to our employee's Blackberry devices. I am suspecting at least part of the issue is that in Blackberry Enterprise Server Management, the "Policy Status" is pending and the "Policy Time Sent" and the "Policy Time Received" fields are blank.

I am certainly a novice when it comes to troubleshooting Blackberry Enterprise Server. What do we need to do to get the IT policy to function correctly? Is there anything else we should be troubleshooting or checking?
Who is Participating?
OK. It sounds like the BES account can view things, but cant modify.

Here is the official RIM guide:

I would recommend you go through all the steps one at a time and verify. I've coppied the Exchange 2003 parts out of it for you below:

1. View only admin:
Click Start > Programs > Microsoft Exchange > System Manager.
Select Administrative Groups.
Right-click First Administrative Group and select Delegate Control.
In the Exchange Administration Delegation Wizard, click Next, and then click Add.
Click Browse and select the BlackBerry Enterprise Server service account.
Click OK.
In the Role drop-down list of the Delegate Control window, select Exchange View Only Administrator.
Click OK to add the BlackBerry Enterprise Server service account to the Users and Groups list.
Click Next, and then click Finish.

2.  Administer Send as Recieve as:
Go to Start > Programs > Microsoft Exchange > System Manager.
Select Administrative Groups > First Administrative Group > Servers.
Right-click the Microsoft Exchange Server name and select Properties.
On the Security tab, select the BlackBerry Enterprise Server service account.
Select the following permissions from the Permissions list:

Administer Information Store
Send As
Receive As
Click the Advanced button.
Verify that the option Select the Allow inheritable permissions from parent to propagate to this object and all child objects is checked.
Click OK.
Repeat the preceding steps for each Microsoft Exchange Server within the routing group that will host mailboxes for BlackBerry smartphone users with accounts on a BlackBerry Enterprise Server.

3. Send As:
To grant the Send As permission on a single account for all BlackBerry smartphone users in a Microsoft® Active Directory® domain or container, complete the following steps:

Open Active Directory Users and Computers.
From the View menu, select the Advanced Features option.
Note: If Advanced Features is not selected, the Security page will not be visible for domain and container objects.

Right-click the appropriate domain or container and click Properties.
On the Security tab, click Advanced.
If the BlackBerry Enterprise Server service account that requires the Send As permission is not listed, click Add and select the BlackBerry Enterprise Server service account name.
Click OK.
Double-click the BlackBerry Enterprise Server service account name.
Select User Objects in the Applies Onto list.
Select the Send As check box.
Click Apply and then click OK.
Close the Properties window and then close Active Directory Users and Computers.
The IT Policy not working could affect your e-mail delivery, but most likely the issue is a permissions one. The first place to look is always in your application event logs on the BES. Look for repeating events. Feel free to copy/paste a few here.

Which Exchange 2003 updates did you put on? A common problem is the "Send As" update that Microsoft made a while back.

Also check and make sure your cdo files are the same version on BES and Exchange.
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

rdracer58Author Commented:
A repeating event in the log files is that there will be a message "Starting handheld for *user*" then "MAPIMailbox::CreateSearchFolder - Open Entry (0x80070005) failed" and "*** MAPI ***  MailboxManager::CloseMailboxSession - closing session
[20154] (10/15 00:04:24):{0x14BC} User ** not started"

Any insights would be appreciated!
Yah, go to the link i gave you before, and verify your permissions are correct.

After you did that, test it:

Log into your BES. Go to the following directory w/ Command Prompt:
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\Utility

There is an app there called IEMSTest.exe run this. It will pop up a prompt asking which MAPI profile you want to use... chose the one you created for your BES Account. Next it will show your address book.. pick a user who is failing to work.

It will run several tests, and spit out the results. This process has absolutely NOTHING to do with BES, it is a simply MAPI test to verify permissions.
rdracer58Author Commented:
We tried verifying that the permissions were correct, however, (1) we're not experiencing the exact issue as described on the link you sent (blackberry uses cannot receive nor send email, as opposed to only a "Send As" error) and (2) when I ran the IEMSTest.exe, after selecting a user who is failing to work (although I could have picked any with a blackberry, as all are failing to work) and clicked "Ok", the test simply disappeared. Is it logging results in a file I should be aware of, and if so, where does it store the file? Is there anything else I should check?
You have to run it from a command prompt, you cant double-click.

True the issue isnt 100% the same as detailed in the link, having your permissions incorrect could easily account for the issue you are having exactly. I've helped a lot of people out w/ their BES servers... permissions are by far the biggest problem.

rdracer58Author Commented:
Sorry for my confusion--I will run the utility from the command prompt and will update with results once completed. My gut feeling is that it is indeed a permissions issue of some sort.
rdracer58Author Commented:
Alright, I ran IEMSTest.exe through the command prompt and received the following results for one of the many users who is experiencing the problem:

Opening Default Message store Mailbox - BESADMIN
Opening message stroe for Tom Kropp using /o=InScope/out=First Administrative Group/cn=Receipients/cn=tkropp /o=Inscope/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=HUMMER_H1/cn=Microsoft PrivateMDB.
Tom Kropp's Mailbox opened successfully.
Root Folder opened successfully.
Failed to create a folder in Tom Kropp's mailbox.

Any insights as to what this means would be appreciated! I am assuming it is a permissions issue since it could not create a folder in Tom Kropp's mailbox, however, I am unsure of which permission(s) I need to change.
rdracer58Author Commented:
I went through everything described in the previous post from Alogvin, and the Blackberry Enterprise Server service account did not have "Administer Information Store" permissions on the Exchange Server under the first Administrative group. All other permissions were correct.

Is there anything I need to do to ensure that the changes take effect, such as restart a service relating to the Blackberry Enterprise Server, etc.?
rdracer58Author Commented:
After correcting the "Administer Information Store" permissions, email service was eventually restored. Thank you VERY much for your help!!
I would restart your BES just for good measure.
rdracer58Author Commented:
Excellent. I will ensure that we restart the BES if for no other reason than just to ensure there are no other issues. Again, thanks much for all of your help--it is a relief to have our system working agian.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.