Blackberry Professional 4.1.4.17 on Exchange 2003
I have an Exchange 2003 server with Blackberry Professional loaded. We have two users on it. The one, was configured over a year ago, and his works fine sending and receiving. The new user we added can receive emails, but when she sends it gives her the notorious, dreaded Red X.
When first deployed she was a member of the Domain Admin group, by mistake, long story. I removed her from the group last week, and stopped the manager and connection service (not the Router service) for an hour... she never reported if it was working or not, so yesterday she text'd me to report that she has never been able to send. I double checked her group memberships, she is Domain Admin free... I then stopped the actual Router service (along with the manager and connection service) for 40 minutes... She still cannot send as of this morning.
The Blackberry account we have on the server is BPSadmin and she is a member of it with full mailbox access, same as the other user who can send.
At this point I am lost! Questions?
When first deployed she was a member of the Domain Admin group, by mistake, long story. I removed her from the group last week, and stopped the manager and connection service (not the Router service) for an hour... she never reported if it was working or not, so yesterday she text'd me to report that she has never been able to send. I double checked her group memberships, she is Domain Admin free... I then stopped the actual Router service (along with the manager and connection service) for 40 minutes... She still cannot send as of this morning.
The Blackberry account we have on the server is BPSadmin and she is a member of it with full mailbox access, same as the other user who can send.
At this point I am lost! Questions?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
In this case you won't need to stop the router service. Do PIN to PIN tests work and have you verified the handheld is properly provisioned for enterprise data service? If you look in options > advanced options, is enterprise activation listed? Also make sure the user isn't part of any other admin groups.
~ CFJ
~ CFJ
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This is one of those things that people way overcomplicate. It's not that hard with exchange 2003.
Create a new user called BESadmin and ensure you create a mailbox. Ensure this user is ONLY a member of "Domain users"
Make BESadmin a local Administrator of the BES server If BES server is a DC, DON'T Make it a domain admin, add it to the administrators group under the "Built-In" container.
Open Exchange System Manager and right mouse click on "DOMAINNAME (Exchange)" and select Delegate Control. Follow the steps and add BESadmin as an Exchange View Only Administrator.
Open Active Directory and from the View menu select "Advanced Features". Then go to each user that will be added to the BES and open their properties, go to the security tab and add the user BESadmin and add the security permission "Send As".
Easy peasy.
Create a new user called BESadmin and ensure you create a mailbox. Ensure this user is ONLY a member of "Domain users"
Make BESadmin a local Administrator of the BES server If BES server is a DC, DON'T Make it a domain admin, add it to the administrators group under the "Built-In" container.
Open Exchange System Manager and right mouse click on "DOMAINNAME (Exchange)" and select Delegate Control. Follow the steps and add BESadmin as an Exchange View Only Administrator.
Open Active Directory and from the View menu select "Advanced Features". Then go to each user that will be added to the BES and open their properties, go to the security tab and add the user BESadmin and add the security permission "Send As".
Easy peasy.
adam1115 - you haven't understood the question.
This has nothing to do with the besadmin account.
The problem is with the besadmin account being granted Send As permssions to a user who is or was a member of a protected domain account. Exchange will remove the send as permission.
Simon.
This has nothing to do with the besadmin account.
The problem is with the besadmin account being granted Send As permssions to a user who is or was a member of a protected domain account. Exchange will remove the send as permission.
Simon.
ASKER
I ran the DACLS and all... it listed a long list of changes "successfully"... I did this while the router was stopped... after I let it sit for 40 minutes... I realized that no messages have been forwarded in about 6 hours for either users... I can not remember what changes I tried earlier that would have screwed this whole thing up. Where should I start looking, changing, etc.
Thank you
Thank you
The first thing to do is check whether Send As has been removed from the user permissions.
Otherwise go back through the besadmin permissions and ensure they are still set correctly.
I have seen it stop working until all of the Blackberry services have been restarted, so I would suggest that you do that as well.
Simon.
Otherwise go back through the besadmin permissions and ensure they are still set correctly.
I have seen it stop working until all of the Blackberry services have been restarted, so I would suggest that you do that as well.
Simon.
ASKER
I know there has to be something stupid I am missing! I have double checked the permissions, stopped all the services for 30+ minutes, rebooted, slept a little and I still cannot seem to get either device to connect now!
Would it be advisable to maybe... uninstall Blackberry from the server... reboot. Wipe the handhelds clean... reboot them... and start over 100% fresh? Would I want to delete the BESADMIN accounts in hopes that the install will actually recreate them properly?
Any other ideas, comments, suggestion?? Anyone, Anyone, bueller, bueller!
sf
Would it be advisable to maybe... uninstall Blackberry from the server... reboot. Wipe the handhelds clean... reboot them... and start over 100% fresh? Would I want to delete the BESADMIN accounts in hopes that the install will actually recreate them properly?
Any other ideas, comments, suggestion?? Anyone, Anyone, bueller, bueller!
sf
Perhaps double check all sendas permissions as per:
https://www.blackberry.com/blackberrytraining/web/SendAs/Source/video/sendAs.html
Page 25 shows the inherited permissions check box I referenced earlier.
However at this point it sounds more serious.
https://www.blackberry.com/blackberrytraining/web/SendAs/Source/video/sendAs.html
Page 25 shows the inherited permissions check box I referenced earlier.
However at this point it sounds more serious.
ASKER
Let me know