New Exchange 2007 server, BES can't access moved mailboxes but are OK for new MBs

Doesn't the BES account need the "receive as" permission as well?

Just because you can open the mailbox in Outlook using that account doesn't necessarily mean the account has all the rights it needs for BES to work.

This could also be an issue with Exchange not updating the pointer for the mailbox that tells the client/BES which Exchange server is hosting the mailbox.

You could try configuring an Outlook profile with a mailbox, then close Outlook, move the mailbox, and re-open Outlook.  It should still be able to find the mailbox without any issues or additional configuration.

Thank you for your quick response.

We do have the receive-as permissions, new accounts are also working fine.

We have opened the account we are testing with in Outlook various times as it's been moved between the working and non-working servers for testing.

The IEMSTest shows the new server when we try it, it "seems" to know to go to the new server but can't get there.  

Should also note that the new mailboxes are in the same storage group as the moved mailboxes.

Not that this is an acceptable solution necessarily, but...what if you remove the user from the BES server, then move their mailbox to the other Exchange server, then re-add them as a Blackberry user.  Does the BES server work then?

Hi,

When we did the move, we move the bes admin account first then all of the blackberry users. Also in  Exchange Management Console, if you click on a user then - Manage send as permission, is your bes admin account listed?

ianmellor:

The BES account is (and has been) on a 2007 server for a while.  We have about 20+ other exchange 2007 servers already working properly.

The send-as does show the Bes Account.

esmith69: - yes we have tried this, any moved account is not working and any new account is working.

Thanks for the help

When you view the moved mailboxes in Exchange Management Console on the Exchange 2007 server, do they show up with the type  "legacy mailbox"?  Or do they say "user mailbox"?

It shows as user mailbox

when you removed the moved mailbox from the BES server, did you choose the option to remove Blackberry-related information from the user's mailbox?  And did you also then purge the mailbox before attempting to re-add it?

I've seen several things that say you have to restart the blackberry services after moving mailboxes for BES to re-check where the mailbox is stored--but I think you mentioned you already tried that.

First, thanks for the help, we really appreciate it.

yes, that is the standard for us.  Delete, remove the BES permissions and then wait user to purge completely.

We have restarted at various points in the process with no luck.

I saw one article recommended making sure that the MAPI profile was updated for the BES admin account.  I think this is done via an option on the start menu under Blackberry Enterprise Server.

In your original post you said "when you move a mailbox to them, the blackberry server stops talking to them."  Can you expand on this and/or mention any error messages that are popping up?  I am assuming what you meant was that people with moved mailboxes are sent emails but the messages never show up on their Blackberry devices, or something like that.

But are there error messages or things in the event viewer on the BES server that you're seeing?  I know you mentioned the "OpenMsgStore failed (8004011d)" error when running IEMSTest...

We will try to update the mapi profile and I'll let you know.

There are no errors popping up when you move the mailbox, it moves just fine.  The user stops getting messages and can not send messages from their device and the IEMSTest fails.

We've tried moving the users with the 2007 GUI as well as powershell with no difference in behavor.

The event logs show 3 errors: 1. mapimailbox::MapiMailbox - OpenmsgStore (0x8004011d) failed and then lists the path to the mailbox 2. {USER Name Here} MAPIMailbox::~MAPIMailbox - DeleteAllDeviceSearches (0x00000000) failed and 3 User not started.

Have you tried adding the BESAdmin account (or whatever yours is called) as a view-only administrator in Exchange?

I am thinking this is probably an issue with permissions.

We are a bit perplexed on this.  Since new users work, why would a moved account not work?

To answer your question, yes we have it as view-only admin.  

Are your servers part of more than one domain?  More precisely, when you're moving mailboxes between Exchange servers, are the source and destination Exchange servers in the same domain?

yes and no

For 1 of the servers that is not working, both the 2003 server (where the accounts are now and working) and the 2007 server (where they do not work once moved) are in the same domain but the BES is in another domain (same forest).

The second server is the same way in it's own domain with the BES in another domain.

You've probably already seen this post on EE:  https://www.experts-exchange.com/questions/21933196/Blackberry-BES-Exchange-2000-2003-cross-domain-communications-problem.html

It has specific mention of that same MAPI error.  BB support told the user that that was a permissions issue or an issue with the trusts between domains.

Another question for you:  do you happen to have another Exchange 2003 server that you could try moving the mailbox to?  Or maybe you've already tried that and know that that's working?  That might help to narrow down the issue as well if it's something that only happens when moving to an Exchange 2007 server.

Here is an article about how to recreate the MAPI profile.  Not sure if you've tried doing this yet, but definitely worth a shot.

http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB10285&sliceId=SAL_Public&dialogID=125710679&stateId=0%200%2055063780

I can move the accounts to any other server in organization (over 20+ to select from) and it works.  I have tried other 2007 servers, no problems.  I have tried 2003 servers, no problems.  The problem is just these 2 new 2007 servers.  We followed all the same steps as we previously have.  

Thanks for the links, we have done the mapi and that did help.

I'll double check the view only but I"m pretty sure it's there.

One thing we just discovered was that if the account was created directly on an exchange 2007 server anywhere in our organization and transferred to one of the servers we are having issues with, it works perfectly.

If the account was created on an 2003 exchange server and moved to one of these two exchange 2007 servers they are failing but if moved to any of the existing 2007 servers they are fine.

i.e.
testuser created on 2003 exchange works fine
moved to problem 2007 server - stops working
moved to existing 2007 server - works fine

example 2
testuser create on 2007 server (any including the ones we have problems with)  - works fine
moved to other 2007 server, still works
moved to problem server - still works

What we have noticed when the account moves from 2003 to 2007, it keeps it's exchange Admin group of the 2003 server.  This has never been an issue in the past as we have moved over 20000 accounts between 2003 and 2007 and they all have kept that 2003 exchange admin group and still worked with the BES on the existing servers.  These are the first 2 servers that we have seen this with.

Did you say that following those steps to recreate the MAPI profile did or did not work?

they did not work.

You may want to read through this article.  It gives some very helpful information regarding Exchange 2007 coexisting with 2003.  It actually goes into detail about the administrative groups as well.

http://www.msexchange.org/tutorials/Implementing-Exchange-Server-2007-coexistence-Exchange-Server-2003.html

Here is an article related to the coexistence of systems management features:  http://msexchangeteam.com/archive/2006/10/09/429135.aspx

When you're moving the mailboxes between servers, are you using the Exchange Management Console (i.e. the 2007 server)?  I don't remember if it even lets you go onto an Exchange 2003 server and move the mailboxes to a 2007 server.  But according to MS this is the wrong way to do it--you have to do it FROM the 2007 server.

We have been using the 2007 tools.

We have had a co-existance of the 2 platforms for over a year now, we are trying to figure out why all of a sudden these are not working for us.

Glad to hear it's fixed, and thanks for posting your solution for the rest of us.

Hi on the "problem 2007 server" run the follow commands again from the Exchange Management Shell:

get-mailboxserver <mail_server_name> | add-exchangeadministrator BESAdmin role ViewOnlyAdmin

get-mailboxserver <mail_server_name> | add-adpermission -user BESadmin -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

More Info: http://www.blackberryforums.com.au/forums/microsoft-exchange/687-exchange-2007-bes-install-guide.html

Sorry it appears the commands get displayed incorrectly when posted.  Please refer to them in step 3 in the link I posted above.