Solved

Problems with Blackberry Enterprise Server Express

Posted on 2011-02-21
11
1,866 Views
Last Modified: 2012-05-11
I am trying to setup a BES Express server for use with our Exchange 2010 Server.   I have installed in on a separate Windows 2003 server and it is currently running, can read AD and it will allow me to find and add users.   However I have not been able to do an Enterprise Activation on any of our Blackberries.  

I ran EWSTest.exe myemailaddress@myco.com and received several errors regarding our SSL certificate.   I would appreciate any help in getting this setup.

I have configured our DNS so it returns the IP of the CAS server if you query mail.myco.com but myco.com does not resolve to anything.   the AD domain is root-myco.internal  and obviously external access to email is through mail.myco.com ,  www.myco.com is hosted eternally

Is there anything else I need to setup?  Do I need to include any other names on the SSL certificate?

On the SSL certificate I set it up for mail.ddpsinc.com and myserver

Below is the output from EWSTest

default: Initializing EWS Proxy... successful
MyEmailAddress: Configuring User... failed
MyEmailAddress: Begin inner failure
MyEmailAddress:     Searching Active Directory for Autodiscover SCP... successful
MyEmailAddress:     Calling Autodiscover... failed
MyEmailAddress:     Begin inner failure
MyEmailAddress:         Trying Autodiscover Service: https://myserver.root-myco.internal/Autodiscover/Autodiscover.xml
MyEmailAddress:         SslPolicyError: RemoteCertificateNameMismatchWhile validating certificate...
[Subject]
  CN=mail.mycoinc.com, OU=Domain Control Validated, O=mail.mycoinc.com

[Issuer]
  SERIALNUMBER=12345678, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

[Serial Number]
  252455ad5852d8

[Not Before]
  1/21/2011 2:31:01 PM

[Not After]
  1/20/2012 1:41:05 PM

[Thumbprint]
 asdiyu45a65sdf7g+89sgh7dg+7adsf654ads+f7sadf

MyEmailAddress:         Exception from SCP:https://myserver.root-myco.internal/Autodiscover/Autodiscover.xml

System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.TlsStream.CallProcessAuthentication(Object state)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
   at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.ConnectStream.WriteHeaders(Boolean async)
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.GetResponse()
   at EWS.AutoDiscover.DiscoverTryScp(Service service, String url)

MyEmailAddress:         Trying Autodiscover Service: https://mycoinc.com/autodiscover/autodiscover.xml
MyEmailAddress:         Exception from SCP:https://mycoinc.com/autodiscover/autodiscover.xml

System.Net.WebException: The remote name could not be resolved: 'mycoinc.com'
   at System.Net.HttpWebRequest.GetRequestStream()
   at EWS.AutoDiscover.DiscoverTryScp(Service service, String url)

MyEmailAddress:         Trying Autodiscover Service: https://autodiscover.mycoinc.com/autodiscover/autodiscover.xml
MyEmailAddress:         Exception from SCP:https://autodiscover.mycoinc.com/autodiscover/autodiscover.xml

System.Net.WebException: The remote name could not be resolved: 'autodiscover.mycoinc.com'
   at System.Net.HttpWebRequest.GetRequestStream()
   at EWS.AutoDiscover.DiscoverTryScp(Service service, String url)

MyEmailAddress:         Cannot find CAS
MyEmailAddress:     End inner failure
MyEmailAddress:     Exception caught:

System.Exception: No CAS found
   at EWS.Service.SetUser(String smtpAddress)
   at EwsTest.Program.Main(String[] args)

MyEmailAddress: End inner failure
.  
0
Comment
Question by:qvfps
  • 8
  • 3
11 Comments
 
LVL 25

Expert Comment

by:Tony1044
Comment Utility
Few things to confirm - are you using a UCC/SAN certificate? I notice your root-myco.internal and mycoinc.com both listed up there.

Does autodiscover work with Outlook?

Does Mycoinc.com resolve through your internal DNS ok?
0
 

Author Comment

by:qvfps
Comment Utility
Autodiscover worked with Outlook.   mycoinc.com did not resolve to a valid IP address.  
0
 
LVL 25

Expert Comment

by:Tony1044
Comment Utility
What do you get from www.testexchangeconnectivity.com for your external domain?

If you do an NSLOOKUP on other external domains, do you get a valid response?

If you use something like Google's public DNS (8.8.8.8) from within your network what do you get?

It would appear your internal DNS either isn't forwarding properly or your ISP doesn't have a copy of your external DNS entries.

That'd cause the failure above.
0
 

Author Comment

by:qvfps
Comment Utility
If I do a lookup of mail.myco.com it resolves to the intermal IP address of the Exchange server.  If I doa lookup of myco.com it doesnt resolve.  

What feature should I be testing on the the TestExchangeConnectivity?  I have web access enabled and working.  I have been using that for the past couple of days.
0
 
LVL 25

Accepted Solution

by:
Tony1044 earned 500 total points
Comment Utility
Ok let's step back a bit.

Is this a new install of Exchange as well as BES Express?

You have a GoDaddy certificate - is it a SAN (Subject Alternative Name), also known as a UC (Unified Communications) certificate?

You said that Outlook Anywhere works - does it work outside of your LAN?

Ditto OWA.

You are looking at testing things like the autodiscovery features on the testexchange site (it's a Microsoft site, by the way).

You said myco.com doesn't resolve - it needs to. The error you are seeing states, in part, but very specifically that it cannot locate the domain.

Did you try the external servers?

From CMD:
NSLOOKUP
Server 8.8.8.8
myco.com
Set type=mx
myco.com

If these fail, then you are either blocking DNS lookups, (easily checked - replace myco.com with google.com) or you don't have the extermal DNS registered.

Is the domain new within the last 48 hours?

I think, in this case, the error is what it said - there is a DNS issue and possibly, a certificate issue related to it.



0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:qvfps
Comment Utility
Sorry for not responding the past few days.  I have been running a migration and have not had the time to work on it.  Things have settled down and i will be looking into it again starting tomorrow.  
0
 

Author Comment

by:qvfps
Comment Utility
the way I am currently configured if you do a DNS lookup from outside our network on mail.myco.com you get the external ip address of our firewall.   From inside the network if you do a nslookkup from inside the network on mail.ddpsinc.com , ddpsinc.com, autodiscover.ddpsinc.comyou get the address of our mailserver.

I did another EWSTest and below is the output.  It is failing on Calendar Find Request?  Is there anything I need to configure on the Exchange server for this?

default: Initializing EWS Proxy... successful
tom.terwilliger: Configuring User... successful
tom.terwilliger: EWS calendar find request... failed
tom.terwilliger: Begin inner failure
tom.terwilliger:     SslPolicyError: RemoteCertificateNameMismatchWhile validating certificate...
[Subject]
  CN=mail.myco.com, OU=Domain Control Validated, O=mail.myco.com

[Issuer]
  SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

[Serial Number]
  908JMPA987ASD

[Not Before]
  1/21/2011 2:31:01 PM

[Not After]
  1/20/2012 1:41:05 PM

[Thumbprint]
  87DFSKJANDFS9807OIJNHAWEI0987ASDFKHAAU

tom.terwilliger:     Exception caught:

System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.TlsStream.CallProcessAuthentication(Object state)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
   at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.ConnectStream.WriteHeaders(Boolean async)
   --- End of inner exception stack trace ---
   at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
   at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at EWS.EWS.ExchangeServiceBinding.FindItem(FindItemType FindItem1)
   at EwsTest.Program.Main(String[] args)

tom.terwilliger: End inner failure
0
 

Author Comment

by:qvfps
Comment Utility
I ran through the installation process again to make sure I had all the permissions and settings correct.   with no change.  I then tried running iemstest and I get OpenMsgStore() for this profile failed (8004011d)
0
 

Author Comment

by:qvfps
Comment Utility
I have verified I am running the currnet version of MAPI on the BES Express server, I tried deleting the profile and recreating it. I rekeyed the security certificate and now when I do a EWSTest i the following lines

default: Initializing EWS Proxy... successful
tom.terwilliger: Configuring User... successful
tom.terwilliger: EWS calendar find request... successful

However I am still getting the following error when I do an IEMSTest and select the  BlackberryServer profile from the popup window.

OpenMsgStore() for this profile failed (8004011d)

Any suggestions would be appreciated.
0
 

Author Comment

by:qvfps
Comment Utility
The Blackberry services were not running under the BESAdmin account.   I changed the account the services were running under and afterwards I could not get the Mapi services to run.  I unistalled the CDO 1.2.1 and the blackberry services.  I then reinstalled both while logged in with the BESAdmin account and verified that the Blackberry services were running as BESAdmin.  

After that i managed to get the server running and start activating users.
0
 

Author Closing Comment

by:qvfps
Comment Utility
thanks for the  suggestions.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The purpose of this video is to demonstrate how to set up an account with Mailchimp. This will be demonstrated using a Windows 8 PC. Tools Used are: Mailchimp.com Go to Mailchimp.com : Enter an Email, Username, and Password. Click Create My Acco…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now