BES user cannot enterprise activate - The private contact folders will not be displayed.

We have 4 Exchange servers in a DAG filover with one Blackberry Enterprise Server. The BES was on version 5.0.2 working for 6 or so months with not a problem. We then added a user one day and the user is unable to active via Enterprise Activation. This seems to happen for most new users or existing requiring activation after receiving a new handset.

Exact error: A general BlackBerry Mail Store Service error was encountered while attempting to retrieve the user's private contact folders. The private contact folders will not be displayed.

We have looked at the BES work around which is to change the contact folders - we do not have this option, the other option was to update to the latest service packs - which we have done, we are now on Version 5.0.3 MR4. Same issue still exists.

Has anyone had this issue or found a work around?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Make sure the user is not a member of an admin group. Just make them a standard user, not admin or even a power user

Reset the activation code after and try again.
I've seen it before with our bes, but it was with a user from our office in Germany.
We also tried using the fix from the blackberry website,  but could not do anything with the redirection settings.
In our case we restarted the Blackberry Mail Store Service on the bes server and were able to get in to do what we needed to do.
We did do it after hours, because restarting any blackberry enterprise server service can cause issues.
CountCAuthor Commented:
Strangely we moved the user to another mailbox store on the same exchange server (where they previously resided) and we are able to activate them.

As for the second user, they are not an admin and have never been activated nor moved from their mailbox database.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

How about a power user?

I have seen this happen on a Blackberry Enterprise Server if the user has an outlook profile in a different language. For example the error occured when we added a user that had a profile in Slovenian so the mail Contacts folder was named Kontakti instead of Contacts and the blackberry server somehow couldn't find the folder.
The solution was to create a contacts folder in the user mailbox named Contacts and then on the Blackberry server choose the right contacts folder for synchronization in the user's account properties.

hope this hepls

best regards
CountCAuthor Commented:
Users are not power users either, just domain users.
CountCAuthor Commented:
It is not the actual activation itself but when we add the user to the BES before we activate we receive the above error message, which appears to stop the activation. We then try the activation (all methods listed in the article) and the operation eventually times out. Even connected directly to the BES itself via a USB cable.
Rob KnightConsultantCommented:

Can you check the BES service account (default BESADMIN) Exchange permissions on the message stores and/or servers - it sounds as if there is a permissioning error on at least one message store?

In terms of topology, is there anything between the BES and the Exchange Servers which may affect it communication (load balancer, firewall, router etc?)


CountCAuthor Commented:
We have just deployed an express version in another domain, migrating also to exchange 2010 and I can see the same issue fresh out of the box. I will look at the permissions relating to exchange now.

The only firewall in place would be the Windows firewall which would have been turned on since day one, not in the last few weeks on the original install.
CountCAuthor Commented:
We have sorted this out, turns out the following command needs to be run from the exchange shell to allow access to the database on top of the bes user having the required AD rights to the bes users mailboxes.

Command: “Get-MailboxDatabase | Add-ADPermission -User "username of bes service account" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin”

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CountCAuthor Commented:
This exact command had to be run and was not previously suggested or led to.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
BlackBerry Programming

From novice to tech pro — start learning today.