Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Problems with Blackberry Enterprise Server Express

Posted on 2011-02-21
11
1,887 Views
Last Modified: 2012-05-11
I am trying to setup a BES Express server for use with our Exchange 2010 Server.   I have installed in on a separate Windows 2003 server and it is currently running, can read AD and it will allow me to find and add users.   However I have not been able to do an Enterprise Activation on any of our Blackberries.  

I ran EWSTest.exe myemailaddress@myco.com and received several errors regarding our SSL certificate.   I would appreciate any help in getting this setup.

I have configured our DNS so it returns the IP of the CAS server if you query mail.myco.com but myco.com does not resolve to anything.   the AD domain is root-myco.internal  and obviously external access to email is through mail.myco.com ,  www.myco.com is hosted eternally

Is there anything else I need to setup?  Do I need to include any other names on the SSL certificate?

On the SSL certificate I set it up for mail.ddpsinc.com and myserver

Below is the output from EWSTest

default: Initializing EWS Proxy... successful
MyEmailAddress: Configuring User... failed
MyEmailAddress: Begin inner failure
MyEmailAddress:     Searching Active Directory for Autodiscover SCP... successful
MyEmailAddress:     Calling Autodiscover... failed
MyEmailAddress:     Begin inner failure
MyEmailAddress:         Trying Autodiscover Service: https://myserver.root-myco.internal/Autodiscover/Autodiscover.xml
MyEmailAddress:         SslPolicyError: RemoteCertificateNameMismatchWhile validating certificate...
[Subject]
  CN=mail.mycoinc.com, OU=Domain Control Validated, O=mail.mycoinc.com

[Issuer]
  SERIALNUMBER=12345678, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

[Serial Number]
  252455ad5852d8

[Not Before]
  1/21/2011 2:31:01 PM

[Not After]
  1/20/2012 1:41:05 PM

[Thumbprint]
 asdiyu45a65sdf7g+89sgh7dg+7adsf654ads+f7sadf

MyEmailAddress:         Exception from SCP:https://myserver.root-myco.internal/Autodiscover/Autodiscover.xml

System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.TlsStream.CallProcessAuthentication(Object state)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
   at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.ConnectStream.WriteHeaders(Boolean async)
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.GetResponse()
   at EWS.AutoDiscover.DiscoverTryScp(Service service, String url)

MyEmailAddress:         Trying Autodiscover Service: https://mycoinc.com/autodiscover/autodiscover.xml
MyEmailAddress:         Exception from SCP:https://mycoinc.com/autodiscover/autodiscover.xml

System.Net.WebException: The remote name could not be resolved: 'mycoinc.com'
   at System.Net.HttpWebRequest.GetRequestStream()
   at EWS.AutoDiscover.DiscoverTryScp(Service service, String url)

MyEmailAddress:         Trying Autodiscover Service: https://autodiscover.mycoinc.com/autodiscover/autodiscover.xml
MyEmailAddress:         Exception from SCP:https://autodiscover.mycoinc.com/autodiscover/autodiscover.xml

System.Net.WebException: The remote name could not be resolved: 'autodiscover.mycoinc.com'
   at System.Net.HttpWebRequest.GetRequestStream()
   at EWS.AutoDiscover.DiscoverTryScp(Service service, String url)

MyEmailAddress:         Cannot find CAS
MyEmailAddress:     End inner failure
MyEmailAddress:     Exception caught:

System.Exception: No CAS found
   at EWS.Service.SetUser(String smtpAddress)
   at EwsTest.Program.Main(String[] args)

MyEmailAddress: End inner failure
.  
0
Comment
Question by:qvfps
  • 8
  • 3
11 Comments
 
LVL 25

Expert Comment

by:Tony Johncock
ID: 34950552
Few things to confirm - are you using a UCC/SAN certificate? I notice your root-myco.internal and mycoinc.com both listed up there.

Does autodiscover work with Outlook?

Does Mycoinc.com resolve through your internal DNS ok?
0
 

Author Comment

by:qvfps
ID: 34953102
Autodiscover worked with Outlook.   mycoinc.com did not resolve to a valid IP address.  
0
 
LVL 25

Expert Comment

by:Tony Johncock
ID: 34953177
What do you get from www.testexchangeconnectivity.com for your external domain?

If you do an NSLOOKUP on other external domains, do you get a valid response?

If you use something like Google's public DNS (8.8.8.8) from within your network what do you get?

It would appear your internal DNS either isn't forwarding properly or your ISP doesn't have a copy of your external DNS entries.

That'd cause the failure above.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:qvfps
ID: 34953377
If I do a lookup of mail.myco.com it resolves to the intermal IP address of the Exchange server.  If I doa lookup of myco.com it doesnt resolve.  

What feature should I be testing on the the TestExchangeConnectivity?  I have web access enabled and working.  I have been using that for the past couple of days.
0
 
LVL 25

Accepted Solution

by:
Tony Johncock earned 500 total points
ID: 34953591
Ok let's step back a bit.

Is this a new install of Exchange as well as BES Express?

You have a GoDaddy certificate - is it a SAN (Subject Alternative Name), also known as a UC (Unified Communications) certificate?

You said that Outlook Anywhere works - does it work outside of your LAN?

Ditto OWA.

You are looking at testing things like the autodiscovery features on the testexchange site (it's a Microsoft site, by the way).

You said myco.com doesn't resolve - it needs to. The error you are seeing states, in part, but very specifically that it cannot locate the domain.

Did you try the external servers?

From CMD:
NSLOOKUP
Server 8.8.8.8
myco.com
Set type=mx
myco.com

If these fail, then you are either blocking DNS lookups, (easily checked - replace myco.com with google.com) or you don't have the extermal DNS registered.

Is the domain new within the last 48 hours?

I think, in this case, the error is what it said - there is a DNS issue and possibly, a certificate issue related to it.



0
 

Author Comment

by:qvfps
ID: 34984070
Sorry for not responding the past few days.  I have been running a migration and have not had the time to work on it.  Things have settled down and i will be looking into it again starting tomorrow.  
0
 

Author Comment

by:qvfps
ID: 34990024
the way I am currently configured if you do a DNS lookup from outside our network on mail.myco.com you get the external ip address of our firewall.   From inside the network if you do a nslookkup from inside the network on mail.ddpsinc.com , ddpsinc.com, autodiscover.ddpsinc.comyou get the address of our mailserver.

I did another EWSTest and below is the output.  It is failing on Calendar Find Request?  Is there anything I need to configure on the Exchange server for this?

default: Initializing EWS Proxy... successful
tom.terwilliger: Configuring User... successful
tom.terwilliger: EWS calendar find request... failed
tom.terwilliger: Begin inner failure
tom.terwilliger:     SslPolicyError: RemoteCertificateNameMismatchWhile validating certificate...
[Subject]
  CN=mail.myco.com, OU=Domain Control Validated, O=mail.myco.com

[Issuer]
  SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

[Serial Number]
  908JMPA987ASD

[Not Before]
  1/21/2011 2:31:01 PM

[Not After]
  1/20/2012 1:41:05 PM

[Thumbprint]
  87DFSKJANDFS9807OIJNHAWEI0987ASDFKHAAU

tom.terwilliger:     Exception caught:

System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.TlsStream.CallProcessAuthentication(Object state)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
   at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.ConnectStream.WriteHeaders(Boolean async)
   --- End of inner exception stack trace ---
   at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
   at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at EWS.EWS.ExchangeServiceBinding.FindItem(FindItemType FindItem1)
   at EwsTest.Program.Main(String[] args)

tom.terwilliger: End inner failure
0
 

Author Comment

by:qvfps
ID: 34990485
I ran through the installation process again to make sure I had all the permissions and settings correct.   with no change.  I then tried running iemstest and I get OpenMsgStore() for this profile failed (8004011d)
0
 

Author Comment

by:qvfps
ID: 35001993
I have verified I am running the currnet version of MAPI on the BES Express server, I tried deleting the profile and recreating it. I rekeyed the security certificate and now when I do a EWSTest i the following lines

default: Initializing EWS Proxy... successful
tom.terwilliger: Configuring User... successful
tom.terwilliger: EWS calendar find request... successful

However I am still getting the following error when I do an IEMSTest and select the  BlackberryServer profile from the popup window.

OpenMsgStore() for this profile failed (8004011d)

Any suggestions would be appreciated.
0
 

Author Comment

by:qvfps
ID: 35014579
The Blackberry services were not running under the BESAdmin account.   I changed the account the services were running under and afterwards I could not get the Mapi services to run.  I unistalled the CDO 1.2.1 and the blackberry services.  I then reinstalled both while logged in with the BESAdmin account and verified that the Blackberry services were running as BESAdmin.  

After that i managed to get the server running and start activating users.
0
 

Author Closing Comment

by:qvfps
ID: 35050374
thanks for the  suggestions.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question