[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1114
  • Last Modified:

Purge Blackberry user

I am having the send as problem with my blackberry users.

 I deleted one account on the bes server, in order to re-add him. when i try to re add the user, it says the license is in use already. however the user name doe snot show in the listing.

how can i purge the user or ref to the license so i can re add him?

 then fix my problem of not being able to send from our exchange accounts?
0
IT_MAN_STX
Asked:
IT_MAN_STX
  • 14
  • 13
1 Solution
 
Gary CutriData & Communications SpecialistCommented:
To purge a user:

Open the command prompt and type osql -E and then enter the following commands:

1>use BESMgmt
2>select DisplayName from UserConfig
3>go

A list of users will now be displayed, note down the user that can't be removed e.g. Gary Cutri (This example name has been added to the next step)

1>use BESMgmt
2>delete from UserConfig where DisplayName="Gary Cutri"
3>go
1>exit

To correct your Send As issues refer to my post in the link below:

http://www.blackberryforums.com.au/forums/microsoft-exchange/1178-unlisted-message-error-desktop-email-program-unable-submit-message.html#post2071
0
 
IT_MAN_STXAuthor Commented:
i am unable to execute that command from the command prompt.

i am entering :   osql space -E

i am trying the reboot now for my other users
0
 
Gary CutriData & Communications SpecialistCommented:
Is your BlackBerry Database on a different server?
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Gary CutriData & Communications SpecialistCommented:
Any updates?
0
 
IT_MAN_STXAuthor Commented:
The blackberry Database resides on a separate server.

 to date users are unable to receive or send mail at this point. the last tip i was given, said that the bes account needed to be removed from the admin group in order to allow the device to be able to send mail out. using the send as feature. this did not work.

any help would be great
0
 
Gary CutriData & Communications SpecialistCommented:
What version is your mail server (e.g. Exchange 2003 o 2007) and what server is BES installed on? (e.g. separate server or SBS etc)
0
 
IT_MAN_STXAuthor Commented:
I have exchange 2003, running on a server 2003 box. Service pack 2 is installed.

the BES server is also installed on the same server.
0
 
Gary CutriData & Communications SpecialistCommented:
Just to confirm did you do the following when you installed the BES software?

1. Create a new user called BESadmin and ensure you create a mailbox. Ensure this user is ONLY a member of "Domain users"

2. Make BESadmin a local Administrator of the server.

3. Go to Admin Tools on open "Local Security Policy" and expand the "Local Policies" and "User Right Assignment". You need to add BESadmin to "Log on Locally" and "log on as Service".

4. Open Exchange System Manager and right mouse click on "DOMAINNAME (Exchange)" and select Delegate Control. Follow the steps and add BESadmin as an Exchange View Only Administrator.

5. In Exchange manager expand the servers folder and right mouse click on your server and select properties. On the properties windows select BESadmin and add the permissions "Administer Mailbox Store, Receive As, Send As"

6. Open Active Directory and from the View menu select "Advanced Features". Then go to each user that will be added to the BES and open their properties, go to the security tab and add the user BESadmin and add the security permission "Send As".

7. Log on as BESadmin and install the BES software. Follow the prompts of the install and the server will be required to restart half way through the install. Restart the server and log back on as BESadmin and the install will continue.
0
 
IT_MAN_STXAuthor Commented:
I installed the BES server about a year ago, and everything was working fine.

 it was only after i applied the Microsoft updates, prior to the April 1st worm scare. After performing this update, is when i find myself in my current situation. Of your seven steps the only one i had to correct was removing the admin rights from the BES account and making it a domain user only.

all other steps have been completed.

0
 
Gary CutriData & Communications SpecialistCommented:
OK, so what we need to do is as follows:

a. Run the SQL commands above on the SQL server and purge the user.

b. Correct your Send As permissions:

1. Stop the Blackberry Router service.

2. Open Active Directory and from the View menu select "Advanced Features". Then go to each user that will be added to the BES and open their properties, go to the security tab and add the user BESadmin and add the security permission "Send As" (See additional info below).

3. Run the following script logged on as Administrator

dsacls "cn=adminsdholder,cn=system,dc=domainname,dc=c om " /G "DOMAINNAME\BESadmin:CA;Send As"

Example 1: dsacls "cn=adminsdholder,cn=system,dc=experts-exchange,dc=com " /G "EXPERTS_EXCHANGE\BESadmin:CA;Send As"

Example 2: dsacls "cn=adminsdholder,cn=system,dc=blackberryforums,dc =com,dc=au " /G "BLACKBERRYFORUMS\BESadmin:CA;Send As"

Example 3: dsacls "cn=adminsdholder,cn=system,dc=mobilenetwork,dc=lo cal" /G "MOBILENETWORK\BESadmin:CA;Send As"

NOTE: dsacls can be found in the Windows Server 2003 SP1 Support Tools pack: http://www.microsoft.com/downloads/details.aspx?FamilyId=6EC50B78-8BE1-4E81-B3BE-4E7AC4F0912D

4. Wait 20 minutes and then restart the BlackBerry Router service.

5. Restart the BES server (this step can be skipped if you can Send correctly after the Router service starts).


Additional Information

To globally apply Send As permissions to all user objects follow these steps:
1. Open Active Directory.
2. Select the "View" menu and ensure "Advanced Features" is checked.
3. Right mouse click on your domain name and select Properties
4. Select the Security tab
5. Press the Advanced button at the bottom on the security tab
6. Select "Add" and enter your Blackberry Service Account name (e.g. BESadmin) and select OK
7. When the permissions screen appears change "Apply onto:" to "User Objects"
8. In the permissions box scroll down and check the Allow box beside "Send As" and press OK
9. Press Apply and OK to exit
0
 
IT_MAN_STXAuthor Commented:
I have done steps a , b, 1 & 2 , I am confused about the dsacls, because your post on the other website says to only perform this step if the users are admins, which they are not.

i ran this script anyway:

dsacls "cn=adminsdholder,cn=system,dc=experts-exchange,dc=com " /G "EXPERTS_EXCHANGE\BESadmin:CA;Send As"

i stopped the service and im waiting the 20 minutes, then i will restart service and reboot server.




0
 
Gary CutriData & Communications SpecialistCommented:
I removed the admin only comment as these steps above will correct the Send As issue for any account and we are covering all bases in one hit.
0
 
IT_MAN_STXAuthor Commented:
when running the Dscals on the server, i get the following error message.

The command failed to complete successfully.

dsacls "cn=adminsdholder,cn=system,dc=nike,dc=lo cal" /G "nike\BESadmin:CA;Send As"

is this the correct format? i tried to enter the domain name, and domain with the .com extenstions and no go.
0
 
Gary CutriData & Communications SpecialistCommented:
It depends on your domain name and BlackBerry service account name.  If it is actually nike.local then your command is correct (I assume the space in local was caused by posting here?), but if it is aust.nike.local then the command would be:

dsacls "cn=adminsdholder,cn=system,dc=aust,dc=nike,dc=local" /G "NIKE\BESadmin:CA;Send As"

Also is your BlackBerry Service account actually BESadmin?
0
 
IT_MAN_STXAuthor Commented:
i made some changes, and rebooted the server.

one of my users are back online now, we will see how long this lasts as i apply the fix to the others.

its the admin account feature connected to the user id's that are messing everything  up :) !!!!!!

wish me luck as i venture further into the  BB unknown


 thanks for your help
0
 
Gary CutriData & Communications SpecialistCommented:
Did you get the dsacls command to work?
0
 
IT_MAN_STXAuthor Commented:
No.....after the reboot the user came online.

i just removed an admin feature from another user, so i will try the command again and reboot.....

1. i have a .com for my domain name

2. And the BB service account, is besadmin

3. this is the code i want to use:

dsacls "cn=adminsdholder,cn=system,dc=domainname.com,dc=???l" /G "domainname.com\BESadmin:CA;Send As"

am i writing it out correctly?




0
 
Gary CutriData & Communications SpecialistCommented:
dsacls "cn=adminsdholder,cn=system,dc=domainname,dc=com" /G "DOMAIN\BESadmin:CA;Send As"
0
 
IT_MAN_STXAuthor Commented:
i got the script to work, but no go......

 one user is working fine, sending and receiving, and the other isn't, he can only receive not send.
0
 
Gary CutriData & Communications SpecialistCommented:
Once you run the script you have to stop the router service again for 20+ minutes
0
 
IT_MAN_STXAuthor Commented:
just ran script, waiting the 20 mins now.

its 2:28pm
0
 
IT_MAN_STXAuthor Commented:
seems to be working now,  

i had to exercise a little more patience in rebooting the systems and waiting for the system to cycle thru.

My users are back online now. it was the code that did the trick. thanks for your help, and patience in explaining, i really appreciate it
0
 
Gary CutriData & Communications SpecialistCommented:
Happy to help.
0
 
Gary CutriData & Communications SpecialistCommented:
Is everything still working OK?

0
 
IT_MAN_STXAuthor Commented:
yes everything is still working...the script did the trick.

a whole entire NY help desk couldn't figure it out,......... so i got props :)

thank you
0
 
Gary CutriData & Communications SpecialistCommented:
Great to hear.  Don't forget to close the question :)
0
 
IT_MAN_STXAuthor Commented:
the only thing i would add. is to be patient while the system cycles thru the changes.

Multiple reboots are often necessary to get the system going again.  but excellent help none the less

thank you
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 14
  • 13
Tackle projects and never again get stuck behind a technical roadblock.
Join Now