Solved

SBS 2003 and Blackberry Server e-mail no longer works after changing ISP and issued with new WAN IP

Posted on 2010-08-17
30
1,185 Views
Last Modified: 2012-05-10
On SBS 2003 server I am hosting Blackberry with a single user license.
Everything was working fine until the WAN IP changed after going to a new ISP service.
I changed MX record with company hosting domain name so e-mail would point to my Exchange server and this is fine but the single user with Blackberry device is no longer receiving e-mail.
Any ideas?  
0
Comment
Question by:stevenvel
  • 12
  • 12
  • 3
  • +2
30 Comments
 
LVL 3

Expert Comment

by:mchieff
ID: 33460960
I assume you have stopped and started all the Blackberry services and the server itself sop the problem probably lies with the ISP's firewall blocking the blackberry port (3101 by default).

Ask your ISP to allow this port through and you should be fine
0
 
LVL 4

Expert Comment

by:Nathan-B2B
ID: 33460999
In the BES console on the server, look at the last check in time for the phone.

Is it dated from the ISP changeover?

Try re-issuing an activation password and seeing if that helps.
0
 

Author Comment

by:stevenvel
ID: 33461384
Yes, have restarted BB services. Checked port 3101 and it appears to be blocked!!
Have contaced ISP, waiting for call back.
Have checked BES console and last check in time for the phone is the same date as ISP changevover!!
0
 
LVL 24

Expert Comment

by:bryon44035v3
ID: 33461582
it may be worth a call over to blackberry support, have them look into your SRP code - they may have disabled your RIM account because you have a new ip address.

you might be able to check the SRP yourself on the start menu, blackberry stuff, blackberry server setup... find the button for "validate SRP" and click it.  see if it says there's a problem

this is to prevent me from using your SRP code to illegally steal all your email for this blackberry user.  just to make hackers day a little bit longer.

note that telnetting to 3101 would quickly close the connection even though it's working ok - you won't get the standard 3-line hang that you would expect with most tcp ports
0
 
LVL 24

Expert Comment

by:bryon44035v3
ID: 33461597
also - port 3101 has nothing to do with the phone receiving email... only pushing email from the phone to the BES

your router/gateway/firewall might be smart enough to know "NAT requests for my specific outside ip address over to the BES" - rather than the typical $40 router that always does "NAT requests for whatever my outside ip addre is, over to the BES".  in that case you'll need to update the NAT rule in your router/gateway/firewall
0
 

Author Comment

by:stevenvel
ID: 33461835
bryon44035v3,
I checked SRP key and ID and they validate
0
 

Author Comment

by:stevenvel
ID: 33463205
Tried re-issueing activation password (set manually, not via e-mail) but this hasn't helped.
Will contact Blackberry support and see what they have to say.
0
 
LVL 2

Expert Comment

by:noisy_cricket
ID: 33463287
Did you change the A record (that the phone connects to) in the DNS to match the new IP?

from an outside computer, try running in a command prompt:

telnet domainname.com 3101


(domainname is the public FQDN of your server)

It should answer either blank or with some text.
0
 
LVL 24

Expert Comment

by:bryon44035v3
ID: 33465120
telnetting to a properly functioning blackberry server at port 3101 will not answer back at all - this is by design.  3101 has nothing to do with the phones receiving email

you might want to go back into your bb server setup, near the "validate srp" on another tab you'll find "test connection" for the RIM servers - make sure both come back as reachable - this will rule out any outbound connection problems
0
 
LVL 2

Expert Comment

by:noisy_cricket
ID: 33465937
doesnt the phone communicate with the server on this port?
isnt there anything listening in the serverend?
0
 
LVL 24

Expert Comment

by:bryon44035v3
ID: 33466126
nothing listens on the server except for special cases like direct push (phone to server) and attachments

the server talks to RIM (blackberry servers) by initiating a connection to RIM (avoiding firewalls)
the phone talks to RIM servers by initiating  aconnection to RIM (avoiding firewalls)

the phones don't usually talk directly to the company mail server, and the company mail server doesn't talk directly to the phones

if the person at the phone opens an attachment, that would go across port 3101 from the phone to the company mail server, but only for the attachment.
0
 
LVL 2

Expert Comment

by:noisy_cricket
ID: 33466378
shouldnt the rim listen on the port that the phone connects to then?
there must be a way to diagnose whether the connection to the RIM is working or not..?
0
 
LVL 24

Expert Comment

by:bryon44035v3
ID: 33466598
RIM does listen, but those servers are blackberry-owned servers, in blackberry's own datacenter, we have no control over them... it's all 3rd party/remote.

essentially it's just like this:

your outlook connecting to hotmail to get email
your phone connecting to hotmail to get email

we have no control over hotmail (or RIM in this case) - and the phone doesn't talk to outlook.  they sync with the help of the remote server (not our servers, hardware, firewalls, or anything)

diagnosing the RIM connection is done in the server setup dialog boxes i mentioned in http#a33465120
that verifies connectivity from our server to RIM's server

the phone can contact rim as long as the wireless carrier has provisioned the phone for "blackberry enterprise server", there's no indication that has changed in this case, so assumed to be good
0
 
LVL 3

Expert Comment

by:mchieff
ID: 33470541
You need port 3101 Out bound initiated and enabled for bidirectional traffic.
If this isn't working the phone won't be working.
Again,as this port isn't open and your configuration hasn't changed escalate it with your new ISP.
I have had this occur before.
0
 

Author Comment

by:stevenvel
ID: 33471065
Using the Blackberry Server Configuration Panel I have tested the network connection and it responds:
srp:au.blackberry.net (206.xx.26.xxx), port 3101 Successful.

I don't have the handheld device with me but when user tries to activate, he reports:

He is receiving e-mails from RIM (please see attached sample code).

The start of the message reads: This message is used to carry data between the BlackBerry handheld and an associated server. Please do not delete, move or respond to this message - it will be processed by the server.

Also, the user reported error with activation (displayed on handheld) . I don't have the exact wording but I think there were three possible errors mentioned. One was - reference to the e-mail address being incorrect, another had reference to the activation e-mail being blocked by security software and not sure about the third.

It appears that the attached code is automatically sent by RIM but instead of going to our local Blackberry Server or handheld device, it's being sent to the users outlook mailbox and thus the activation fails?

Any thoughts on this?

 
To: User

Subject: RIM_bca33a80-e9c0-11d1-99fe-00600899c6a2



This message is used to carry data between the BlackBerry handheld and an associated server. Please do not delete, move or respond to this message - it will be processed by the server.



BEGINETP 528

ARrfjY4AAAAAIBAIMjE2ZmM3ZjUgIHBhdWxqQGFsbGlhbmNlcmVsb2NhdGlvbnMuY29tLmF1

AJC4K5NQCU9UQUtFWUdFTgNAgICAg0MAAAAAARBK/O4QAYM2AUMCAShZveqFs+hUk6YS9dU0

KRJzZ9p0PV28oKGtwAF+fjvHEGfr76BTwDrmxqc1TyAc2fJ3gojgHO+6837gMD5zmFJICwEB

AkMCAOZ0ZqdFsh4nG3D6TreNJkMZNvMG0+KpE+EUVhvkQklHZ+EzjjwJLGbylfT+iASTMxwB

tRQKMHH15hSs+CwbqtThAwEHBAT//+4RBgQhb8f1BwEHCoIUZAEHAQT5sWhMEAEwBwT1x28h



AQQAAAADAgQAAAgAAwQAAAAfBAEBBQEFJQEBJw4EAA1oAQAABAAO4AEAAAkCAQAXCDUuMS4w

Ljk2Ewp2NS4wLjAuMzQ0FQQ5NzAwFBJSZXNlYXJjaCBJbiBNb3Rpb24WBAQAFQcdBAAAAAca



AgMBAAAEBQkIAQcgDwMFBgUEBAADAgYJBwkCCR8JWUVTIE9QVFVTLQEB

ENDETP -1092139930

Open in new window

0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 24

Expert Comment

by:bryon44035v3
ID: 33471979
right - when a phone starts the activation process, the phone causes rim to send the email to the users email address, ending up in their inbox.

USUALLY it is in their inbox for less than 2 seconds then disappears... it disappears because your BES server sees it, snatches it, and decodes all that stuff to make sure the phone is really the phone, then activation starts.

if that message is staying in the inbox, that could mean a few things:

1. your blackberry services are not started
2. your mapi profile needs to be reconfigured (open it from the start menu, change a character, check name, ok)
3. run the handheld cleanup tool from a command prompt:
"C:\Program Files\Research In Motion\Blackberry Enterprise Server\Utility\handheldcleanup -u"
choose either server or client profile at the next box
type the name of your bes server, hit enter
any weird errors come back?

if all else fails and the users are really feening by now, have them back up their phone, and do a wipe.  delete them from the bes server (not exchange obviously), re-add them, set activation password, and tell them to reactivate
0
 

Author Comment

by:stevenvel
ID: 33472069
bryon44035v3,
I ran the handhelcleanup and no errors.
What do I do next? Try to activate handhld again?
Do I need to go to setup and create an e-mail account with the wizard (I tnink there is alrady one there)?
0
 
LVL 24

Accepted Solution

by:
bryon44035v3 earned 500 total points
ID: 33472139
right - if it's already set for enterprise activation, you could try setting a new activation password for that user in the bes manager, then have him reactivate with the new password again.

if that fails, it makes sense to do a wipe-handheld then reactivate.  note that it will erase his phone, so he might want to do a backup.

alternatively you can connect his phone to the server directly with a usb cable and reactivate him that way too without doing a wipe
0
 

Author Comment

by:stevenvel
ID: 33472228
Thanks, just waiting for the user to activate and will let you know.
0
 

Author Comment

by:stevenvel
ID: 33539467
Sorry for pause.
Finally got user to try Desktop Software in hope to backup device. Software asked for password and gave 10 tries. User accidently entered wrong password 10th time and device automatically erased!!
Tried to activate again both from server (with usb cable) and direct from handheld but failed. User got e-mails from RIM once again in outlook client. Tried removing user and re-adding but got error - The number of users selected exceeds the number of availlable licenses.......
I can locate the device/PIN in BB Manager but I cannot see the user listed and therefore cannot set another activation password. I did another handheldcleanup (no errros).
I don't have anymore hair to pull out!
0
 
LVL 24

Expert Comment

by:bryon44035v3
ID: 33540737
after you delete a user from the bb manager, sometimes it takes 5-20 minutes for the bb manager to realize you let go of that user, and release the license.  you should be able to add the user back after 20 minutes without a problem.

when you delete a user from the bb manager, answer yes to both questions so it removes the hidden bb info from the users mailbox
0
 

Author Comment

by:stevenvel
ID: 33547589
bryon, thanks for staying with me in this.
I have waited for more than 5-20 min, actually waited for hours.
When I deleted user there was a question about removal from exchange and I answered no to this.
Now when I check under bb manager the user is not there. If I try to add again it spits out error saying I have exceeded available licenses. It appears the user is still in some configuartion file but I can't it and I can't activate because the BB e-mails with attachment ETP.dat are not being received/processed by the BB Server, instead they just sit in the outlook client?
0
 
LVL 24

Assisted Solution

by:bryon44035v3
bryon44035v3 earned 500 total points
ID: 33547838
yeah you need to get the blackberry properties removed from the users mailbox, saying no kind of set you back

since you deleted the user, have you restarted the server or at least the blackberry services?  restarting either should shake loose the license
0
 

Author Comment

by:stevenvel
ID: 33547915
Tried restarting all BB services but still can't see or add user.
Will try to reboot server ASAP.
0
 
LVL 24

Expert Comment

by:bryon44035v3
ID: 33547922
don't feel rushed, do the reboot whenever it makes sense

how many users are showing in your blackberry manager, and how many licenses do you have?
0
 

Author Comment

by:stevenvel
ID: 33548118
I have one license but no users showing.
If I try to add user I can see in AD pop up window.
0
 
LVL 24

Expert Comment

by:bryon44035v3
ID: 33548129
ok so your user is forever stuck in "pending delete".

please see the accepted answer here:
http://www.experts-exchange.com/Hardware/Handhelds_-_PDAs/Blackberry/Q_23735987.html

to manually remove the user from the database itself.

note that for the OSQL command, you'll need to run that on whatever machine holds your sql database (you chose this during installation of the bes server)
0
 

Author Comment

by:stevenvel
ID: 33555719
Tried OSQL command but got error. It metioned possible cause - remote connection not allowed.
I gave up on this and decided to try reboot.
Still not working after reboot but a few minutes later under BlackBerry Manger > User, I clicked on the clear tab.
I then tried to add user, this time, I got no error and user apeared with status synchronizing.
I left the server as is and contacted the user advising retry activation.
Next morning I received confirmation that e-mail is now operational !!
I am not certain what fixed the problem?
Was it the clear tab? The reboot? Both?
Anyway, thank you for all your help, it is much appreciated.
0
 
LVL 24

Expert Comment

by:bryon44035v3
ID: 33557229
well, the OSQL command was the right fix for that - it's odd that you got a connection error though.  being that you got a connection error, it could be that one of the sql services were stopped and the reboot restarted it.

of course if sql wasn't connectible, the osql command wouldn't have been the fix but the root problem would have been the blackberry manager software was unable to tell sql "hey delete this guy".  seems like getting sql to be connectible made it work.

hard to say for sure, but you threw a lot at it, so, just glad it works :)

0
 

Author Closing Comment

by:stevenvel
ID: 33557557
This one draged on a bit, I appreciate your patience and expert advice. I learned a fair bit from this experience.
Thanks
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now