Solved

Blackberry with exchange 2007 - permissions

Posted on 2009-05-06
42
1,794 Views
Last Modified: 2012-06-27
Hi

Can anyone shed some light on why i am getting this error please? I am trying to check the permissions to get my blackberry server working that is sitting on a seperate win 2003 server.

[PS] C:\Windows\System32>get-mailboxserver mail1 | add-exchangeadministrator BES
Admin -role ViewOnlyAdmin
Add-ExchangeAdministrator : The input object cannot be bound to any parameters
for the command either because the command does not take pipeline input or the
input and its properties do not match any of the parameters that take pipeline
input.
At line:1 char:52
+ get-mailboxserver mail1 | add-exchangeadministrator  <<<< BESAdmin -role View
OnlyAdmin

thanks
0
Comment
Question by:smd333
  • 20
  • 15
  • 6
  • +1
42 Comments
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24316951
Hi, first ensure that you have created a new user with a mailbox called BESadmin and within Exchange Management Console select "Organization Configuration" and on the left select "Add Exchange Administrator".  Add the BESadmin as an Exchange Admin-View Administrator role.  Then run the following command from the Exchange Management Shell:


get-mailboxserver mail1 | add-adpermission -user BESadmin -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

Open in new window

0
 

Author Comment

by:smd333
ID: 24317069
Thanks very much. From what i can tell that has worked however my phones still have not checked in.  This error is in my eventlog quite a lot.

event ID - 20406
Source - Blackberry controller

The description for Event ID ( 20406 ) in Source ( BlackBerry Controller ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: 'SERVER2' agent 1: will not restart - reached the maximum of 10 restarts per 24 hours.
0
 
LVL 7

Expert Comment

by:flaphead_com
ID: 24317098
this is what i have done before

1) Grant the BES Service Account Local Computer Permissions on the BES Server
2) Grant the BES Service Account View Only Admin rights
3) Grant the BES Service Account Send and Receive-As Permissions
4) Mailbox enable the BES Service Account
Using the Exchange Management Console, mailbox enable the BES Service Account
5) Using Active Directory Users and Computer grant the BES service account Send-As right

Let me know how u get on
2)

Add-ExchangeAdministrator -Identity '<ServiceAccountLocation> -Role 'ViewOnlyAdmin'
 

3)

get-mailboxserver <Servername> | add-adpermission -user '<ServiceAccountLocation> -accessrights ExtendedRight -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin
 

5)

Add-ADPermission "<Full OU>" -user "<BES Service Account>"  -InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As

Open in new window

0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24317099
You need to ensure that the Blackberry Software was installed using the BESadmin account.  Also when you open Blackberry Manager you MUST logon as BESadmin as it based on MAPI profiles.
0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24317109
Also please review my install guide below to ensure you followed all the installation steps correctly:

http://www.blackberryforums.com.au/forums/microsoft-exchange/687-exchange-2007-bes-install-guide.html
0
 

Author Comment

by:smd333
ID: 24317191
Thanks chaps. I have double checked the permissions once again and i am sure they look good now.

Should i reinstall BPS as the BESAdmin user? The system was working for a long time until we upgraded exchange 2003 to 2007 and updated the domain controller from 2003 to 2008. I am guessing i should have mentioned this before, sorry.

Should i do a total uninstall and then a install or just rerun the install as the BESAdmin user?

Will read through your guide. I have read a few guides but when i hit a problem then i hit a bit of a wall.
0
 
LVL 1

Expert Comment

by:Rich_Stoddart
ID: 24317274
This may be a simple thing, but make sure the version of the BES software you are using is up to date and compatable with Exchange 2007. We had to update our BES at * University, when the BB users were migrated. and Then there was a feature missing issue.
0
 
LVL 7

Expert Comment

by:flaphead_com
ID: 24317314
what errors are you seeing?

Is it on the 2003 or 2007 servers?

I normally run this to make 200% sure the permissions are on ALL the 2007 servers

get-mailboxserver  | add-adpermission -user '<ServiceAccountLocation> -accessrights -ExtendedRight -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin
 
0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24317326
Once the permissions are set on Exchange 2007 you should restart the BES.  Also log onto the BES as BESadmin and perform the following:

1. Go to "Start > Program Files > BlackBerry Enterprise Server > Edit MAPI Profile" and ensure it is configured for BESadmin and the correct mail server.
2. Go to "Start > Program Files > BlackBerry Enterprise Server > BlackBerry Server Configuration > Blackberry Server Tab > Edit MAPI Profile" Edit MAPI Profile" and ensure it is configured for BESadmin and the correct mail server.

If you didnt install the BES using the BESadmin account you should perform the installation again using the BESadmin (over the top is fine).

Also on Exchange 2007 you MUST ensure a public folder is configured with an offline address book (OAB).
0
 

Author Comment

by:smd333
ID: 24317355
I have run all the permission commands as per your previous post.

My BES server is a windows 2003 server. My exchange 2007 server sits on a 2008 box.

Main error i seem to be getting is the event ID 20406. I had had a quick look at the logs but can't really see much unless you can let me know which actual log you want to get info from?
0
 
LVL 7

Expert Comment

by:flaphead_com
ID: 24317363
what is the full event id?

Can any users use BES? event the 2003 ones?
0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24317418
Re: event ID 20406

If you moved the BESadmin account to Exchange 2007 you need to perform the Edit MAPI profile steps above and then restart the BES.  Also this error can indicate you dont have publics folders and a OAB that is assigned to your mail stores.
0
 

Author Comment

by:smd333
ID: 24317444
event ID - 20406
Source - Blackberry controller

The description for Event ID ( 20406 ) in Source ( BlackBerry Controller ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: 'SERVER2' agent 1: will not restart - reached the maximum of 10 restarts per 24 hours.

No users can currently use BES.

Currently trying a reinstall which is taking a long time and i think it has hung. I will try a reboot.

How can i get hold of the latest version / build to ensure it is compatable with exchange 2007?

Install log stops after these last few lines

[30000] (05/06 18:17:20.204):{0x1490} SQL being executed:
 if object_id('dbo.xp_RIM_update_srv') is not null
    exec sp_dropextendedproc 'dbo.xp_RIM_update_srv'
[30000] (05/06 18:17:20.204):{0x1490} SQL executed successfully
[30000] (05/06 18:17:20.204):{0x1490} SQL being executed:
 -------------------------------------------------------------------------------------------------------
[30000] (05/06 18:17:20.204):{0x1490} SQL executed successfully
0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24317448
P.S. You need to look at the MAGT log located in \Program Files\Research In Motion\BlackBerry Enterprise Server\Logs. At a guess you should find an error like "Service failed to start, generating error 5305".

http://www.blackberry.com/btsc/dynamickc.do?externalId=KB01018&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=KB01018

0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24317469
Your version of BlackBerry Professional does support Exchange 2007 and as an FYI no updates are available (BPS will have no future updates).
0
 
LVL 7

Expert Comment

by:flaphead_com
ID: 24317474
what version of BES are you using?

I assume the BES service account is a member of the local admin on the BES server?

and you have run this? as it is the error you first reported

Add-ExchangeAdministrator BESAdmin -Role 'ViewOnlyAdmin'
0
 
LVL 7

Expert Comment

by:flaphead_com
ID: 24317492
that would explain a few things .. you should be using atleast BlackBerry Enterprise Server 4.1 Service Pack 6.
0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24317527
BlackBerry Professional (BPS) works with Exchange 2007 and unfortunately SP6 cannot be installed on BPS.
0
 
LVL 7

Expert Comment

by:flaphead_com
ID: 24317538
0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24317668
At this stage I would do the following:

Note: Make sure Exchange 2007 has a public folder enabled with an OAB.

1. Uninstall BlackBerry Professional (the database will not be deleted)
2. Delete the BESadmin account
3. Delete the BESadmin profile from the BES (i.e from Documents and Settings)
4. Create a new BESadmin account
5. Set the BESadmin account as an Admin View Only Administrator
6. Run the get-mailboxserver <mail_server_name> | add-adpermission ... command.
7. If Exchange System Manager 2003 is on the BES uninstall it (assuming its on a separate server to Exchange)
8. Install Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1 on the BES
9. Set BESadmin as a local Administrator on the BES
10. On the BES server go to Administrative Tools and open "Local Security Policy" and then expand the "Local Policies" and "User Right Assignment". You need to add BESadmin to "Log on Locally" and log on as Service".
11. Log onto the BES as BESadmin and install BPS
12. When prompted point the installer to the existing database
0
 

Author Comment

by:smd333
ID: 24317687
This seems to be my version - Version:  4.1.3.14
As this has been running since 2007 i think i may have BES rather than BPS? Any comments on this? How long has BPS been out.

Where do i get the service pack install to try?

can you talk me through the publics folders and a OAB please? I took a look and it seems to be there but it may not have all the correct info.

Here is some exciting info from the MAGT log

[20400] (05/06 18:43:17.935):{0x12A4} {DanielH@penso.co.uk} MAPIMailbox::MAPIMailbox(2) - OpenMsgStore (0x8004011d) failed, MailboxDN=/o=PAZE/ou=first administrative group/cn=Recipients/cn=hurcombe, ServerDN=/o=PAZE/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=MAIL1/cn=Microsoft Private MDB
[40720] (05/06 18:43:17.935):{0x12A4} MAPI call failed. Error 'The information store could not be opened.', LowLevelError 0, Component 'MAPI 1.0', Context 649
[20400] (05/06 18:43:17.967):{0x12AC} {DaveR@penso.co.uk} MAPIMailbox::MAPIMailbox(2) - OpenMsgStore (0x8004011d) failed, MailboxDN=/o=PAZE/ou=first administrative group/cn=Recipients/cn=roche, ServerDN=/o=PAZE/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=MAIL1/cn=Microsoft Private MDB
[40720] (05/06 18:43:17.967):{0x12AC} MAPI call failed. Error 'The information store could not be opened.', LowLevelError 0, Component 'MAPI 1.0', Context 649
[40205] (05/06 18:43:17.967):{0x12AC} MailboxManager::CloseMailboxSession - closing session
[20154] (05/06 18:43:18.046):{0x12A4} User Daniel Hurcombe not started
[20154] (05/06 18:43:18.046):{0x12AC} User Dave Roche not started
[30362] (05/06 18:43:18.173):{0x1290} This agent will handle 2 user(s)
[30000] (05/06 18:43:18.173):{0x1290} Optimize ThreadPools, total number of started users 0
[40413] (05/06 18:43:18.173):{0x1290} Before optimization: total number of worker threads 0, where 0 non-removable
[40417] (05/06 18:43:18.173):{0x1290} After optimization: total number of worker threads 0, where 0 non-removable
[40748] (05/06 18:43:18.173):{0x1290} License total: 5
[30050] (05/06 18:43:18.173):{0x1290} All handhelds started
[50079] (05/06 18:43:18.173):{0x1290} 2 user(s) failed to initialize
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24317709
As you have BlackBerry Enterprise (or Express) just install SP6 whilst logged on as BESadmin.
0
 

Author Comment

by:smd333
ID: 24317731
OK, where do i download service pack 6 from?

I have run the mapi commands as specified above and they both see my mailbox and exchange server however i still get an error when i open the blackberry manager complaining it can't open the infirmation store.
0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24317739
The error 0x8004011d error indicates that your Exchange 2007 server does not have a Public Folder and a OAB.
0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24317747
0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24317764
0
 

Author Comment

by:smd333
ID: 24318269
Please can i get a bit more assistance with the public folders. The link you sent doesn't explain it very well.

Should i still do a totally fresh install as suggested above?

Many thanks for all your input and help
0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24321659
Before you do anything you must setup a public folder.  
0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24322824
0
 

Author Comment

by:smd333
ID: 24323646
I deff have public folders and i have i have an offline address book that is being distributed. I am still totally stuck in a hole!
I have tried to activate the phone but it just sits there at the activating screen.
This is the error i get in the MAGT log

[30041] (05/07 10:12:34.809):{0x1120} Starting handheld for Daniel Hurcombe
[40704] (05/07 10:12:34.809):{0x1120} MAPIMailbox::MAPIMailbox(2) ServerDN=/o=PAZE/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=MAIL1/cn=Microsoft Private MDB, MailboxDN=/o=PAZE/ou=first administrative group/cn=Recipients/cn=hurcombe
[30033] (05/07 10:12:34.809):{0x1120} ResolveName - g_pAddressBook->ResolveName( /o=PAZE/ou=first administrative group/cn=Recipients/cn=hurcombe ) (0x8004010f) failed
[30337] (05/07 10:12:34.809):{0x1120} MAPIMailbox::MAPIMailbox(2) - ResolveName[1] failed for DisplayName='/o=PAZE/ou=first administrative group/cn=Recipients/cn=hurcombe', trying method #2
[40327] (05/07 10:12:34.809):{0x1120} ResolveName: Found /o=PAZE/ou=first administrative group/cn=Recipients/cn=hurcombe in resolve failed cache
[30337] (05/07 10:12:34.809):{0x1120} MAPIMailbox::MAPIMailbox(2) - ResolveName[2] failed for DisplayName='hurcombe', trying method #3
[40327] (05/07 10:12:34.809):{0x1120} ResolveName: Found /o=PAZE/ou=first administrative group/cn=Recipients/cn=hurcombe in resolve failed cache
[30024] (05/07 10:12:34.809):{0x1120} MAPIMailbox::MAPIMailbox(2) - ResolveName[3] failed for DisplayName='Daniel Hurcombe', giving up
[20265] (05/07 10:12:34.809):{0x1120} {hurcombe} MAPIMailbox::~MAPIMailbox - DeleteAllDeviceSearches (0x00000000) failed
[20154] (05/07 10:12:34.809):{0x1120} User Daniel Hurcombe not started
[50079] (05/07 10:12:34.809):{0x1120} 2 user(s) failed to initialize
[40000] (05/07 10:13:34.308):{0x111C} [BIPP] Ping 26 sent
[40000] (05/07 10:13:34.308):{0x8D0} [BIPP] PingResponse 26 received
0
 

Author Comment

by:smd333
ID: 24323653
is there a command i can run to test my offline address book is working correctly?
0
 
LVL 26

Accepted Solution

by:
Gary Cutri earned 500 total points
ID: 24323655
Make sure you assign the OAB to the mailstores.
0
 

Author Comment

by:smd333
ID: 24323847
OK, i have finally assigned my offline address book to the mail store. I have rebooted the blackberry server and still have the exact same error messages.

[ExchangeAdaptorDLL::Initialize] Failed to open default message store, result=0x8004011d.

I am just about to restart the exchange services and see where i am after that but i am not optimistic... :-(
0
 

Author Comment

by:smd333
ID: 24324068
no change

However, i am not getting any mailbox opening error messages. The only thing i can think of is mapi32 versions

6.5.6944.0 - on my blackberry server
1.0.2536.0 - on my exchange 2007 server

What should i do...
0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24324231
Once you assign the OAB to the mail stores I have found it will not function correctly until exchange is restarted and then once it is back online restart the BES.
0
 

Author Comment

by:smd333
ID: 24324724
OK, i have restarted the exchange server and then rebooted my BES server. Tried to activate the phones but they are just sitting there...

Latest info from the logs still seems to be the same

[30033] (05/07 13:03:40.226):{0x10A0} ResolveName - g_pAddressBook->ResolveName( /o=PAZE/ou=first administrative group/cn=Recipients/cn=hurcombe ) (0x8004010f) failed
[30337] (05/07 13:03:40.226):{0x10A0} MAPIMailbox::MAPIMailbox(2) - ResolveName[1] failed for DisplayName='/o=PAZE/ou=first administrative group/cn=Recipients/cn=hurcombe', trying method #2
[40327] (05/07 13:03:40.226):{0x10A0} ResolveName: Found /o=PAZE/ou=first administrative group/cn=Recipients/cn=hurcombe in resolve failed cache
[30337] (05/07 13:03:40.226):{0x10A0} MAPIMailbox::MAPIMailbox(2) - ResolveName[2] failed for DisplayName='hurcombe', trying method #3
[40327] (05/07 13:03:40.226):{0x10A0} ResolveName: Found /o=PAZE/ou=first administrative group/cn=Recipients/cn=hurcombe in resolve failed cache
[30033] (05/07 13:03:40.226):{0x1098} ResolveName - g_pAddressBook->ResolveName( /o=PAZE/ou=first administrative group/cn=Recipients/cn=roche ) (0x8004010f) failed
[30337] (05/07 13:03:40.226):{0x1098} MAPIMailbox::MAPIMailbox(2) - ResolveName[1] failed for DisplayName='/o=PAZE/ou=first administrative group/cn=Recipients/cn=roche', trying method #2
[40327] (05/07 13:03:40.226):{0x1098} ResolveName: Found /o=PAZE/ou=first administrative group/cn=Recipients/cn=roche in resolve failed cache
[30337] (05/07 13:03:40.226):{0x1098} MAPIMailbox::MAPIMailbox(2) - ResolveName[2] failed for DisplayName='roche', trying method #3
[40327] (05/07 13:03:40.226):{0x1098} ResolveName: Found /o=PAZE/ou=first administrative group/cn=Recipients/cn=roche in resolve failed cache
[30024] (05/07 13:03:40.242):{0x1098} MAPIMailbox::MAPIMailbox(2) - ResolveName[3] failed for DisplayName='Dave Roche', giving up
[30024] (05/07 13:03:40.242):{0x10A0} MAPIMailbox::MAPIMailbox(2) - ResolveName[3] failed for DisplayName='Daniel Hurcombe', giving up
[20265] (05/07 13:03:40.274):{0x1098} {roche} MAPIMailbox::~MAPIMailbox - DeleteAllDeviceSearches (0x00000000) failed
[20265] (05/07 13:03:40.274):{0x10A0} {hurcombe} MAPIMailbox::~MAPIMailbox - DeleteAllDeviceSearches (0x00000000) failed
[20154] (05/07 13:03:40.290):{0x10A0} User Daniel Hurcombe not started
[20154] (05/07 13:03:40.290):{0x1098} User Dave Roche not started
[30362] (05/07 13:03:40.641):{0x1094} This agent will handle 2 user(s)
[30000] (05/07 13:03:40.641):{0x1094} Optimize ThreadPools, total number of started users 0
[40413] (05/07 13:03:40.641):{0x1094} Before optimization: total number of worker threads 0, where 0 non-removable
[40417] (05/07 13:03:40.641):{0x1094} After optimization: total number of worker threads 0, where 0 non-removable
[40748] (05/07 13:03:40.641):{0x1094} License total: 5
[30050] (05/07 13:03:40.641):{0x1094} All handhelds started
[50079] (05/07 13:03:40.641):{0x1094} 2 user(s) failed to initialize
[30000] (05/07 13:03:40.673):{0x10AC} [DIAG] EVENT=Register_thread, THREADID=0x10AC, THREADNAME="TimerHealth"
0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24324750
0
 

Author Comment

by:smd333
ID: 24325129
OK, thanks Gary..

SQL Expert cap is now on... I have found the MailboxDN field in the BESAdmin database, UserConfig table. Erm... i have looked at the properties etc but can't work out what the next step is...

Any ideas anyone?

The Microsoft® SQL Server® administrator can manually update the MailboxDN field in the User Configuration table to include the correct Legacy Exchange Distinguished Name. The BlackBerry Enterprise Server is now able to start the BlackBerry smartphone user, resulting in the BlackBerry smartphone user being able to send and receive email messages.

Another great Blackberry tech document which assumes i am a SQL expert into the mix :-/

Appreciate your continued help and support with this.. It deserves 1000 points!!
0
 

Author Comment

by:smd333
ID: 24326589
the answear was to delete the users and then create them again... all working now... I can't believe it is finally working... was about to wipe the server and start again..

Thanks for the assistance
0
 
LVL 26

Assisted Solution

by:Gary Cutri
Gary Cutri earned 500 total points
ID: 24326608
Before you wipe another user try the Reload User option.
0
 

Author Closing Comment

by:smd333
ID: 31578556
thanks for your persistent support and help. Appreciated.
0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24326681
Great to see you got it all sorted.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
microsoft exchange 2010 3 37
exchange 2 35
change a Photo on Exchange 3 31
Uninstall Exchange 2013 error 1 10
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now