• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1820
  • Last Modified:

Blackberry with exchange 2007 - permissions

Hi

Can anyone shed some light on why i am getting this error please? I am trying to check the permissions to get my blackberry server working that is sitting on a seperate win 2003 server.

[PS] C:\Windows\System32>get-mailboxserver mail1 | add-exchangeadministrator BES
Admin -role ViewOnlyAdmin
Add-ExchangeAdministrator : The input object cannot be bound to any parameters
for the command either because the command does not take pipeline input or the
input and its properties do not match any of the parameters that take pipeline
input.
At line:1 char:52
+ get-mailboxserver mail1 | add-exchangeadministrator  <<<< BESAdmin -role View
OnlyAdmin

thanks
0
smd333
Asked:
smd333
  • 20
  • 15
  • 6
  • +1
2 Solutions
 
Gary CutriData & Communications SpecialistCommented:
Hi, first ensure that you have created a new user with a mailbox called BESadmin and within Exchange Management Console select "Organization Configuration" and on the left select "Add Exchange Administrator".  Add the BESadmin as an Exchange Admin-View Administrator role.  Then run the following command from the Exchange Management Shell:


get-mailboxserver mail1 | add-adpermission -user BESadmin -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

Open in new window

0
 
smd333Author Commented:
Thanks very much. From what i can tell that has worked however my phones still have not checked in.  This error is in my eventlog quite a lot.

event ID - 20406
Source - Blackberry controller

The description for Event ID ( 20406 ) in Source ( BlackBerry Controller ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: 'SERVER2' agent 1: will not restart - reached the maximum of 10 restarts per 24 hours.
0
 
flaphead_comCommented:
this is what i have done before

1) Grant the BES Service Account Local Computer Permissions on the BES Server
2) Grant the BES Service Account View Only Admin rights
3) Grant the BES Service Account Send and Receive-As Permissions
4) Mailbox enable the BES Service Account
Using the Exchange Management Console, mailbox enable the BES Service Account
5) Using Active Directory Users and Computer grant the BES service account Send-As right

Let me know how u get on
2)
Add-ExchangeAdministrator -Identity '<ServiceAccountLocation> -Role 'ViewOnlyAdmin'
 
3)
get-mailboxserver <Servername> | add-adpermission -user '<ServiceAccountLocation> -accessrights ExtendedRight -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin
 
5)
Add-ADPermission "<Full OU>" -user "<BES Service Account>"  -InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As

Open in new window

0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Gary CutriData & Communications SpecialistCommented:
You need to ensure that the Blackberry Software was installed using the BESadmin account.  Also when you open Blackberry Manager you MUST logon as BESadmin as it based on MAPI profiles.
0
 
Gary CutriData & Communications SpecialistCommented:
Also please review my install guide below to ensure you followed all the installation steps correctly:

http://www.blackberryforums.com.au/forums/microsoft-exchange/687-exchange-2007-bes-install-guide.html
0
 
smd333Author Commented:
Thanks chaps. I have double checked the permissions once again and i am sure they look good now.

Should i reinstall BPS as the BESAdmin user? The system was working for a long time until we upgraded exchange 2003 to 2007 and updated the domain controller from 2003 to 2008. I am guessing i should have mentioned this before, sorry.

Should i do a total uninstall and then a install or just rerun the install as the BESAdmin user?

Will read through your guide. I have read a few guides but when i hit a problem then i hit a bit of a wall.
0
 
Rich_StoddartCommented:
This may be a simple thing, but make sure the version of the BES software you are using is up to date and compatable with Exchange 2007. We had to update our BES at * University, when the BB users were migrated. and Then there was a feature missing issue.
0
 
flaphead_comCommented:
what errors are you seeing?

Is it on the 2003 or 2007 servers?

I normally run this to make 200% sure the permissions are on ALL the 2007 servers

get-mailboxserver  | add-adpermission -user '<ServiceAccountLocation> -accessrights -ExtendedRight -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin
 
0
 
Gary CutriData & Communications SpecialistCommented:
Once the permissions are set on Exchange 2007 you should restart the BES.  Also log onto the BES as BESadmin and perform the following:

1. Go to "Start > Program Files > BlackBerry Enterprise Server > Edit MAPI Profile" and ensure it is configured for BESadmin and the correct mail server.
2. Go to "Start > Program Files > BlackBerry Enterprise Server > BlackBerry Server Configuration > Blackberry Server Tab > Edit MAPI Profile" Edit MAPI Profile" and ensure it is configured for BESadmin and the correct mail server.

If you didnt install the BES using the BESadmin account you should perform the installation again using the BESadmin (over the top is fine).

Also on Exchange 2007 you MUST ensure a public folder is configured with an offline address book (OAB).
0
 
smd333Author Commented:
I have run all the permission commands as per your previous post.

My BES server is a windows 2003 server. My exchange 2007 server sits on a 2008 box.

Main error i seem to be getting is the event ID 20406. I had had a quick look at the logs but can't really see much unless you can let me know which actual log you want to get info from?
0
 
flaphead_comCommented:
what is the full event id?

Can any users use BES? event the 2003 ones?
0
 
Gary CutriData & Communications SpecialistCommented:
Re: event ID 20406

If you moved the BESadmin account to Exchange 2007 you need to perform the Edit MAPI profile steps above and then restart the BES.  Also this error can indicate you dont have publics folders and a OAB that is assigned to your mail stores.
0
 
smd333Author Commented:
event ID - 20406
Source - Blackberry controller

The description for Event ID ( 20406 ) in Source ( BlackBerry Controller ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: 'SERVER2' agent 1: will not restart - reached the maximum of 10 restarts per 24 hours.

No users can currently use BES.

Currently trying a reinstall which is taking a long time and i think it has hung. I will try a reboot.

How can i get hold of the latest version / build to ensure it is compatable with exchange 2007?

Install log stops after these last few lines

[30000] (05/06 18:17:20.204):{0x1490} SQL being executed:
 if object_id('dbo.xp_RIM_update_srv') is not null
    exec sp_dropextendedproc 'dbo.xp_RIM_update_srv'
[30000] (05/06 18:17:20.204):{0x1490} SQL executed successfully
[30000] (05/06 18:17:20.204):{0x1490} SQL being executed:
 -------------------------------------------------------------------------------------------------------
[30000] (05/06 18:17:20.204):{0x1490} SQL executed successfully
0
 
Gary CutriData & Communications SpecialistCommented:
P.S. You need to look at the MAGT log located in \Program Files\Research In Motion\BlackBerry Enterprise Server\Logs. At a guess you should find an error like "Service failed to start, generating error 5305".

http://www.blackberry.com/btsc/dynamickc.do?externalId=KB01018&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=KB01018

0
 
Gary CutriData & Communications SpecialistCommented:
Your version of BlackBerry Professional does support Exchange 2007 and as an FYI no updates are available (BPS will have no future updates).
0
 
flaphead_comCommented:
what version of BES are you using?

I assume the BES service account is a member of the local admin on the BES server?

and you have run this? as it is the error you first reported

Add-ExchangeAdministrator BESAdmin -Role 'ViewOnlyAdmin'
0
 
flaphead_comCommented:
that would explain a few things .. you should be using atleast BlackBerry Enterprise Server 4.1 Service Pack 6.
0
 
Gary CutriData & Communications SpecialistCommented:
BlackBerry Professional (BPS) works with Exchange 2007 and unfortunately SP6 cannot be installed on BPS.
0
 
Gary CutriData & Communications SpecialistCommented:
At this stage I would do the following:

Note: Make sure Exchange 2007 has a public folder enabled with an OAB.

1. Uninstall BlackBerry Professional (the database will not be deleted)
2. Delete the BESadmin account
3. Delete the BESadmin profile from the BES (i.e from Documents and Settings)
4. Create a new BESadmin account
5. Set the BESadmin account as an Admin View Only Administrator
6. Run the get-mailboxserver <mail_server_name> | add-adpermission ... command.
7. If Exchange System Manager 2003 is on the BES uninstall it (assuming its on a separate server to Exchange)
8. Install Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1 on the BES
9. Set BESadmin as a local Administrator on the BES
10. On the BES server go to Administrative Tools and open "Local Security Policy" and then expand the "Local Policies" and "User Right Assignment". You need to add BESadmin to "Log on Locally" and log on as Service".
11. Log onto the BES as BESadmin and install BPS
12. When prompted point the installer to the existing database
0
 
smd333Author Commented:
This seems to be my version - Version:  4.1.3.14
As this has been running since 2007 i think i may have BES rather than BPS? Any comments on this? How long has BPS been out.

Where do i get the service pack install to try?

can you talk me through the publics folders and a OAB please? I took a look and it seems to be there but it may not have all the correct info.

Here is some exciting info from the MAGT log

[20400] (05/06 18:43:17.935):{0x12A4} {DanielH@penso.co.uk} MAPIMailbox::MAPIMailbox(2) - OpenMsgStore (0x8004011d) failed, MailboxDN=/o=PAZE/ou=first administrative group/cn=Recipients/cn=hurcombe, ServerDN=/o=PAZE/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=MAIL1/cn=Microsoft Private MDB
[40720] (05/06 18:43:17.935):{0x12A4} MAPI call failed. Error 'The information store could not be opened.', LowLevelError 0, Component 'MAPI 1.0', Context 649
[20400] (05/06 18:43:17.967):{0x12AC} {DaveR@penso.co.uk} MAPIMailbox::MAPIMailbox(2) - OpenMsgStore (0x8004011d) failed, MailboxDN=/o=PAZE/ou=first administrative group/cn=Recipients/cn=roche, ServerDN=/o=PAZE/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=MAIL1/cn=Microsoft Private MDB
[40720] (05/06 18:43:17.967):{0x12AC} MAPI call failed. Error 'The information store could not be opened.', LowLevelError 0, Component 'MAPI 1.0', Context 649
[40205] (05/06 18:43:17.967):{0x12AC} MailboxManager::CloseMailboxSession - closing session
[20154] (05/06 18:43:18.046):{0x12A4} User Daniel Hurcombe not started
[20154] (05/06 18:43:18.046):{0x12AC} User Dave Roche not started
[30362] (05/06 18:43:18.173):{0x1290} This agent will handle 2 user(s)
[30000] (05/06 18:43:18.173):{0x1290} Optimize ThreadPools, total number of started users 0
[40413] (05/06 18:43:18.173):{0x1290} Before optimization: total number of worker threads 0, where 0 non-removable
[40417] (05/06 18:43:18.173):{0x1290} After optimization: total number of worker threads 0, where 0 non-removable
[40748] (05/06 18:43:18.173):{0x1290} License total: 5
[30050] (05/06 18:43:18.173):{0x1290} All handhelds started
[50079] (05/06 18:43:18.173):{0x1290} 2 user(s) failed to initialize
0
 
Gary CutriData & Communications SpecialistCommented:
As you have BlackBerry Enterprise (or Express) just install SP6 whilst logged on as BESadmin.
0
 
smd333Author Commented:
OK, where do i download service pack 6 from?

I have run the mapi commands as specified above and they both see my mailbox and exchange server however i still get an error when i open the blackberry manager complaining it can't open the infirmation store.
0
 
Gary CutriData & Communications SpecialistCommented:
The error 0x8004011d error indicates that your Exchange 2007 server does not have a Public Folder and a OAB.
0
 
Gary CutriData & Communications SpecialistCommented:
0
 
Gary CutriData & Communications SpecialistCommented:
0
 
smd333Author Commented:
Please can i get a bit more assistance with the public folders. The link you sent doesn't explain it very well.

Should i still do a totally fresh install as suggested above?

Many thanks for all your input and help
0
 
Gary CutriData & Communications SpecialistCommented:
Before you do anything you must setup a public folder.  
0
 
Gary CutriData & Communications SpecialistCommented:
0
 
smd333Author Commented:
I deff have public folders and i have i have an offline address book that is being distributed. I am still totally stuck in a hole!
I have tried to activate the phone but it just sits there at the activating screen.
This is the error i get in the MAGT log

[30041] (05/07 10:12:34.809):{0x1120} Starting handheld for Daniel Hurcombe
[40704] (05/07 10:12:34.809):{0x1120} MAPIMailbox::MAPIMailbox(2) ServerDN=/o=PAZE/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=MAIL1/cn=Microsoft Private MDB, MailboxDN=/o=PAZE/ou=first administrative group/cn=Recipients/cn=hurcombe
[30033] (05/07 10:12:34.809):{0x1120} ResolveName - g_pAddressBook->ResolveName( /o=PAZE/ou=first administrative group/cn=Recipients/cn=hurcombe ) (0x8004010f) failed
[30337] (05/07 10:12:34.809):{0x1120} MAPIMailbox::MAPIMailbox(2) - ResolveName[1] failed for DisplayName='/o=PAZE/ou=first administrative group/cn=Recipients/cn=hurcombe', trying method #2
[40327] (05/07 10:12:34.809):{0x1120} ResolveName: Found /o=PAZE/ou=first administrative group/cn=Recipients/cn=hurcombe in resolve failed cache
[30337] (05/07 10:12:34.809):{0x1120} MAPIMailbox::MAPIMailbox(2) - ResolveName[2] failed for DisplayName='hurcombe', trying method #3
[40327] (05/07 10:12:34.809):{0x1120} ResolveName: Found /o=PAZE/ou=first administrative group/cn=Recipients/cn=hurcombe in resolve failed cache
[30024] (05/07 10:12:34.809):{0x1120} MAPIMailbox::MAPIMailbox(2) - ResolveName[3] failed for DisplayName='Daniel Hurcombe', giving up
[20265] (05/07 10:12:34.809):{0x1120} {hurcombe} MAPIMailbox::~MAPIMailbox - DeleteAllDeviceSearches (0x00000000) failed
[20154] (05/07 10:12:34.809):{0x1120} User Daniel Hurcombe not started
[50079] (05/07 10:12:34.809):{0x1120} 2 user(s) failed to initialize
[40000] (05/07 10:13:34.308):{0x111C} [BIPP] Ping 26 sent
[40000] (05/07 10:13:34.308):{0x8D0} [BIPP] PingResponse 26 received
0
 
smd333Author Commented:
is there a command i can run to test my offline address book is working correctly?
0
 
Gary CutriData & Communications SpecialistCommented:
Make sure you assign the OAB to the mailstores.
0
 
smd333Author Commented:
OK, i have finally assigned my offline address book to the mail store. I have rebooted the blackberry server and still have the exact same error messages.

[ExchangeAdaptorDLL::Initialize] Failed to open default message store, result=0x8004011d.

I am just about to restart the exchange services and see where i am after that but i am not optimistic... :-(
0
 
smd333Author Commented:
no change

However, i am not getting any mailbox opening error messages. The only thing i can think of is mapi32 versions

6.5.6944.0 - on my blackberry server
1.0.2536.0 - on my exchange 2007 server

What should i do...
0
 
Gary CutriData & Communications SpecialistCommented:
Once you assign the OAB to the mail stores I have found it will not function correctly until exchange is restarted and then once it is back online restart the BES.
0
 
smd333Author Commented:
OK, i have restarted the exchange server and then rebooted my BES server. Tried to activate the phones but they are just sitting there...

Latest info from the logs still seems to be the same

[30033] (05/07 13:03:40.226):{0x10A0} ResolveName - g_pAddressBook->ResolveName( /o=PAZE/ou=first administrative group/cn=Recipients/cn=hurcombe ) (0x8004010f) failed
[30337] (05/07 13:03:40.226):{0x10A0} MAPIMailbox::MAPIMailbox(2) - ResolveName[1] failed for DisplayName='/o=PAZE/ou=first administrative group/cn=Recipients/cn=hurcombe', trying method #2
[40327] (05/07 13:03:40.226):{0x10A0} ResolveName: Found /o=PAZE/ou=first administrative group/cn=Recipients/cn=hurcombe in resolve failed cache
[30337] (05/07 13:03:40.226):{0x10A0} MAPIMailbox::MAPIMailbox(2) - ResolveName[2] failed for DisplayName='hurcombe', trying method #3
[40327] (05/07 13:03:40.226):{0x10A0} ResolveName: Found /o=PAZE/ou=first administrative group/cn=Recipients/cn=hurcombe in resolve failed cache
[30033] (05/07 13:03:40.226):{0x1098} ResolveName - g_pAddressBook->ResolveName( /o=PAZE/ou=first administrative group/cn=Recipients/cn=roche ) (0x8004010f) failed
[30337] (05/07 13:03:40.226):{0x1098} MAPIMailbox::MAPIMailbox(2) - ResolveName[1] failed for DisplayName='/o=PAZE/ou=first administrative group/cn=Recipients/cn=roche', trying method #2
[40327] (05/07 13:03:40.226):{0x1098} ResolveName: Found /o=PAZE/ou=first administrative group/cn=Recipients/cn=roche in resolve failed cache
[30337] (05/07 13:03:40.226):{0x1098} MAPIMailbox::MAPIMailbox(2) - ResolveName[2] failed for DisplayName='roche', trying method #3
[40327] (05/07 13:03:40.226):{0x1098} ResolveName: Found /o=PAZE/ou=first administrative group/cn=Recipients/cn=roche in resolve failed cache
[30024] (05/07 13:03:40.242):{0x1098} MAPIMailbox::MAPIMailbox(2) - ResolveName[3] failed for DisplayName='Dave Roche', giving up
[30024] (05/07 13:03:40.242):{0x10A0} MAPIMailbox::MAPIMailbox(2) - ResolveName[3] failed for DisplayName='Daniel Hurcombe', giving up
[20265] (05/07 13:03:40.274):{0x1098} {roche} MAPIMailbox::~MAPIMailbox - DeleteAllDeviceSearches (0x00000000) failed
[20265] (05/07 13:03:40.274):{0x10A0} {hurcombe} MAPIMailbox::~MAPIMailbox - DeleteAllDeviceSearches (0x00000000) failed
[20154] (05/07 13:03:40.290):{0x10A0} User Daniel Hurcombe not started
[20154] (05/07 13:03:40.290):{0x1098} User Dave Roche not started
[30362] (05/07 13:03:40.641):{0x1094} This agent will handle 2 user(s)
[30000] (05/07 13:03:40.641):{0x1094} Optimize ThreadPools, total number of started users 0
[40413] (05/07 13:03:40.641):{0x1094} Before optimization: total number of worker threads 0, where 0 non-removable
[40417] (05/07 13:03:40.641):{0x1094} After optimization: total number of worker threads 0, where 0 non-removable
[40748] (05/07 13:03:40.641):{0x1094} License total: 5
[30050] (05/07 13:03:40.641):{0x1094} All handhelds started
[50079] (05/07 13:03:40.641):{0x1094} 2 user(s) failed to initialize
[30000] (05/07 13:03:40.673):{0x10AC} [DIAG] EVENT=Register_thread, THREADID=0x10AC, THREADNAME="TimerHealth"
0
 
smd333Author Commented:
OK, thanks Gary..

SQL Expert cap is now on... I have found the MailboxDN field in the BESAdmin database, UserConfig table. Erm... i have looked at the properties etc but can't work out what the next step is...

Any ideas anyone?

The Microsoft® SQL Server® administrator can manually update the MailboxDN field in the User Configuration table to include the correct Legacy Exchange Distinguished Name. The BlackBerry Enterprise Server is now able to start the BlackBerry smartphone user, resulting in the BlackBerry smartphone user being able to send and receive email messages.

Another great Blackberry tech document which assumes i am a SQL expert into the mix :-/

Appreciate your continued help and support with this.. It deserves 1000 points!!
0
 
smd333Author Commented:
the answear was to delete the users and then create them again... all working now... I can't believe it is finally working... was about to wipe the server and start again..

Thanks for the assistance
0
 
Gary CutriData & Communications SpecialistCommented:
Before you wipe another user try the Reload User option.
0
 
smd333Author Commented:
thanks for your persistent support and help. Appreciated.
0
 
Gary CutriData & Communications SpecialistCommented:
Great to see you got it all sorted.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 20
  • 15
  • 6
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now