Solved

Trouble enterprise activating

Posted on 2009-05-08
33
622 Views
Last Modified: 2012-08-13
Hi, Sorry for my bad englsih, i'm a  Frech seppeking, I juste install a BES server and setup all related right according with the Pre-installation Tasks Steps.
1) Create an account on AD for example BES-Admin
2) I add this account on the local admin Group of the BES and exchange server
3) This account is delegate for our exchange server
4) The right is added Exchange first admin group
5) The local security Settings (log as service & allow log locally )

My fist problem is when I start BES Manager and use my BES-Admin account I have the message "Failed to open the default message store using the MAPI profile...."
The second problem is after creating a new user in the BES  when I try to use enterpise activation from a Blackberry I receive the message subject   RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2  however nothink hapen.

Please help me !
0
Comment
Question by:CalvinGE
  • 13
  • 13
  • 5
33 Comments
 
LVL 11

Expert Comment

by:g000se
ID: 24336450
0
 

Author Comment

by:CalvinGE
ID: 24337566
Hi, I really do all this security matter (and read the link) and Is still not working, I still have the same message "Failed to open the default message store using the MAPI profile...." the only solution to avoid this message is tu use  Run as and open Blackberry Manager as BEN-Admin account.
If I do this when I try enterprise activation from the BB device I get the message on the user mail box with the subjet "RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2" after this nothink happen.
I still need your help
0
 
LVL 11

Expert Comment

by:g000se
ID: 24339221
This user part of the administrators group on the network?
0
 

Author Comment

by:CalvinGE
ID: 24339272
Yes, is in domain Administrators Group and also in the admin group of the local machine (BES server)
0
 
LVL 11

Expert Comment

by:g000se
ID: 24339764
Pull the user from the admin group and see if that works.  It should work.
0
 
LVL 11

Expert Comment

by:g000se
ID: 24339767
and remove them from the Domain admin group too.
0
 
LVL 11

Expert Comment

by:g000se
ID: 24339836
I had a similar issue, Here is more info:  There is a security in place by MS that protects the admin accounts from sending emails from any BlackBerry.  Another link- http://www.experts-exchange.com/Programming/Wireless_Programming/Blackberry/Q_22043062.html
0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24342169
Hi, please post back with the details of which server you are installing BES on.  We need to know if BES is on the Exchange Server or a separate server etc.
0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24342515
Also you must install BES using the BESadmin account and you must only open the BlackBerry Manager when you are logged on as BESadmin.  The reason for this is that BES uses a MAPI profile to connect to Exchange and that profile must be the BESadmin account (i.e. If you logon as Administrator it tries to use the MAPI profile).

Note: Please ensure BESadmin is NOT a Domain Admin.  Also you must ensure your Blackberry SIM cards have been assigned a BlackBerry Enterprise plan (you cannot access BES with a standard data plan or BlackBerry Individual plan)
0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24342530
To correct the "Send As" issue I have outlined the steps below that I use to quickly resolve this error:

1. Stop the Blackberry Router service.

2. Open Active Directory and from the View menu select "Advanced Features". Then go to each user that will be added to the BES and open their properties, go to the security tab and add the user BESadmin and add the security permission "Send As".

3. Run the following script logged on as Administrator
Note: Only use this step if you have BlackBerry users that are members of Admin groups. Using best practice methods it is recommended that mobile user accounts aren't members of any administration groups.

dsacls "cn=adminsdholder,cn=system,dc=domainname,dc=c om " /G "DOMAINNAME\BESadmin:CA;Send As"

Example 1: dsacls "cn=adminsdholder,cn=system,dc=experts-exchange,dc=com " /G "EXPERTS_EXCHANGE\BESadmin:CA;Send As"

Example 2: dsacls "cn=adminsdholder,cn=system,dc=blackberryforums,dc =com,dc=au " /G "BLACKBERRYFORUMS\BESadmin:CA;Send As"

Example 3: dsacls "cn=adminsdholder,cn=system,dc=mobilenetwork,dc=lo cal" /G "MOBILENETWORK\BESadmin:CA;Send As"

NOTE: dsacls can be found in the Windows Server 2003 SP1 Support Tools pack: http://www.microsoft.com/downloads/details.aspx?FamilyId=6EC50B78-8BE1-4E81-B3BE-4E7AC4F0912D

4. Wait 20 minutes and then restart the BlackBerry Router service.

5. Restart the BES server.


Additional Information

To globally apply Send As permissions to all user objects follow these steps:
1. Open Active Directory.
2. Select the "View" menu and ensure "Advanced Features" is checked.
3. Right mouse click on your domain name and select Properties
4. Select the Security tab
5. Press the Advanced button at the bottom on the security tab
6. Select "Add" and enter your Blackberry Service Account name (e.g. BESadmin) and select OK
7. When the permissions screen appears change "Apply onto:" to "User Objects"
8. In the permissions box scroll down and check the Allow box beside "Send As" and press OK
9. Press Apply and OK to exit
0
 

Author Comment

by:CalvinGE
ID: 24343336
OK Thanks for all this advices, I have done all:
First My config :
One Exchange server 2003 installed on a specific server
One BES server 4.5 installed on a specific server
Two PDC installed on a separate server
There is no users setup on the BES server expected myself (for try), my name was included in the Administrators group.

The steps I follow are:
Uninstall BES server and SQL & Reboot the server
Make sure all steps described by garycutry is done
Login as BES-Admin account on the BES server
Install again the BES server
Add my name again in the BES server and generate e-mail activation password  (I receive it)

Now I dont have any more the error when I open BlackBerry Manager however When I try to do enterprise activation:
I dont have any more the e-mail coming in my mailbox RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2
The blackberry device tries to activate again and again&.

Thank to help me&
0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24344684
Can you please connect the Blackberry device directly to the server via USB, then in BlackBerry Manager right mouse click the user and select Assign device.  Once you select your device it should start activating via cable.
0
 

Author Comment

by:CalvinGE
ID: 24344819
HI, This is impossible all servers are located in a datacenter and the only way to get it is with remote desktop, for us the only way is wireless activation.
0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24344849
Ok, assuming your device has a Blackberry Enterprise data plan assigned to the SIM you can do a test before activation.  What you need to do is go to the command prompt on the BES and navigate to \Program Files\Research In Motion\BlackBerry Enterprise Server\Utility and run IEMSTest.exe.  Once you run the app select the BlackBerryManager profile and then select the user you are trying to activate.  This will run a test on the users mailbox.  Also please ensure all the BlackBerry Services are running.
0
 

Author Comment

by:CalvinGE
ID: 24345000
I run the test and this is the replay :
E:\BESServer\BlackBerry Enterprise Server\Utility>iemstest.exe
BlackBerry Enterprise Server Utility - IEMSTest.exe (IExchangeManageStore), Vers
ion 1.0
Copyright (c) Research In Motion, Ltd. 1999. All rights reserved.
Opening Default Message Store Mailbox - BES-Admin.
Opening message store for Pascal-Rajower using /o=WoceaEXorg/ou=First Administra
tive Group/cn=Recipients/cn=Pascal-Rajower /o=WoceaEXorg/ou=First Administrative
 Group/cn=Configuration/cn=Servers/cn=WOCEA-EXGE01/cn=Microsoft Private MDB.
Pascal-Rajower's Mailbox opened successfully.
Root Folder opened successfully.
Folder created successfully.
Test folder deleted successfully.
Test completed successfully for Pascal-Rajower.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24345021
The permissions are correct so now we need to determine why the device isnt activating.  As a test go to Options > Advanced Options > Enterprise Activation and enter in a personal email address (e.g. hotmail address) and make up a password.  When you start the activation go to that account and see if the activation email arrives.  This is just a quick way to see if the activation email is being sent.  

If the email doesn't arrive it means the device isnt sending the email so you could have an issue with the plan.  If the email does arrive make sure you set a new activation password for the user and activate the device again, then make sure you spam filter isnt blocking the email.
0
 

Author Comment

by:CalvinGE
ID: 24345117
Yes it's work I try with my orange.fr  account
RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2
0
 

Author Comment

by:CalvinGE
ID: 24347362
If I try to activate the user wireless activation and at the same time I'm connected to his mail box I can see the RIM activation message coming verry quickly on the status bar.
0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24348845
The activation email should arrive in the users mailbox and then a few seconds later the BES should remove\collect the message.  Are you saying the email is staying in the users mailbox?
0
 

Author Comment

by:CalvinGE
ID: 24348924
No, I this process work,
a) in the BES server right click in the username and set activation password
b) From the device I use entrperise activation and enter the e-mail address and password
c) the BB devaice send the  "RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2" subject to the user mailbox with the encrypted key. beleve me this work fine, the BES server remove this E-mail correctly for processing

Untill thid point all is working ok after this noting more the BB device try to activate anfain and again, when I check the log I have
[30160] (05/10 14:53:56.531):{0xA88} {testmail@domain.com} GetDeviceId() did not return a PIN, PIN currently is not set for this user.
0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24348946
It is possible that the activation can fail if the user has email forwarding enabled.  Also if you have an antispam or antivirus system that edits the email in any way the activation can fail.  To bypass all of these possible issues can you please install Blackberry Desktop Manager on to the BlackBerry users machine? If this is possible then connect the device and open Desktop Manager and you can activate via cable.

Also a BlackBerry Administrator can run the BES installer on their PC and select the Blackberry Manager option.  This way you can control the BES from your PC and perform cabled activations.
0
 

Author Comment

by:CalvinGE
ID: 24349035
garycutri,
I can't do this becose I'm not in the same location, I'm curently managing this server with RDP remotely.
Regarding the activation message the subjet line is "RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2"
the BEGINETP 510  and the ENDETP -1953398607  is formated propely with the correct body encryption key,   F.Y.I. I disable all anti-virus and anti spyware on the exchange server.
0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24349158
Can you please perform the following steps to ensure there are no MAPI issues?

1. Log in to the BES using the Blackberry Service account (e.g. BESadmin).
2. Stop the BlackBerry Enterprise Server services.
3. Open the Registry Editor and go to HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
4. In the Profiles folder, select the profile name that is used for the BlackBerry Enterprise Server and delete it. If multiple profiles exist, delete all of them (including the "CDO__o_Companyname..." entries).
5. Delete all sub-entries as well.
6. Close the Registry Editor.
7. Go to "Start > Program Files > BlackBerry Enterprise Server > Edit MAPI Profile" and configure it for the Blackberry Service Account (e.g. BESadmin)
8. Go to "Start > Program Files > BlackBerry Enterprise Server > BlackBerry Server Configuration > Blackberry Server Tab > Edit MAPI Profile" and configure it for the Blackberry Service Account (e.g. BESadmin)
9. Start the BlackBerry Enterprise Server services.

Let us know how you go and I will check back later tomorrow (its 3:30am here).  If you get stuck send me your contact details using the link below and we can do a WebEx session and get the issue resolved.

http://www.blackberryforums.com.au/forums/sendmessage.php
0
 

Author Comment

by:CalvinGE
ID: 24349253
Thx garycutri, sorry to make you slepping so late...
as you descible I do the profile removal and now I have again the message RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 reminig in my mailbox (is not dleted automatically anymore).
I send to you all my contacts infomations
Thx, see you tomorow
0
 

Author Comment

by:CalvinGE
ID: 24397145
Hi Gary,
The problem is now complety solved, this was due to a wron activation from Orange (local Swiss provider)  I was asking them 3 times before and the answer was "no problem all is activated correctly" finally I call directly Rim Blackberry enterprise solution is Switzerland and they trace and logs the activation process and finally fount the error, the BB was activated ony for push mail.
Thanks again for you greate support,
0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24397179
As mentioned above "Also you must ensure your Blackberry SIM cards have been assigned a BlackBerry Enterprise plan (you cannot access BES with a standard data plan or BlackBerry Individual plan)".
0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24397196
The final solution was provided in the beginning.
0
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24397892
We dont want the thread deleted as this question covers all possible causes and fixes for this type of issues.  The key point is "... you must ensure your Blackberry SIM cards have been assigned a BlackBerry Enterprise plan (you cannot access BES with a standard data plan or BlackBerry Individual plan)".  I hope you agree CalvinGE.
0
 

Author Comment

by:CalvinGE
ID: 24398727
Yes course, the main point is never trust your local operator, cross check by your self the fact the enteprise activation is done propely.
In fact I'm verry sory for Gary and the lost of time this ocure

Regards
0
 
LVL 26

Accepted Solution

by:
Gary Cutri earned 500 total points
ID: 24406156
As long as you got the issue sorted I am happy to spend as much time as required.
0
 

Author Closing Comment

by:CalvinGE
ID: 31579458
Gary do his best to be patient with me, I really appreciate this
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I felt secure communicating on the BBM... Till some time back!! It was probably the fact that the BBM messages do not travel over the internet was making me feel 'secure' about it, or was it the fact that BBM only works on a BlackBerry Devices a…
Last night I received a weird phone call, from a number I didn’t recognized.  I answered it and no one responded back so I hung up.   Didn’t look at my phone until my husband said “Your phone is doing something weird”.   I had what I’ll consider the…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now