PDA

View Full Version : Upgraded from Exch2003 to Exch 2010... now only 1/2 our BB's work!?!

pigbts
02-28-2012, 02:47 PM
hello,

hoping to get some help from this forum, as we are getting to our wits end. We just upgraded from EXCH2003 to EXCH2010. WE also went from BES 5.0.1 to BES Express 5.0.3. The install went fine, I used the Blackberry Transporter utilty to move the BES users to the new BES server. WE have used several guides found on this site to help us with this process.


---BES Server: Windows Server 2008 32 bit
---We installed the MAPI client 1.2.1 V 6.5.8244.0
---BES Express 5.0.3
---INstallation of BES was done under BESadmin account, which as full admin privs to BES server

-Ensured the "besadmin" account has send as permissions for all mailboxes ( carried over from previous )
-Ran the following scripts in Exchagne shell to create a BESADMIN throttling policy (after the installation of BES):
-rebooted BES multiple times
-deleted and re-created MAPI profile on BES server, logged in as BESAdmin


So after all this, we have about 12 out of our 49 Blackberry users who still cannot get email on their BB's. When we look in the event logs of the BES server, we see lots of errors like this:



{Woodyxxxxatxxxdotnet} MAPIMailbox::MAPIMailbox - OpenMsgStore (0x8004011d) failed, MailboxDN=/o=xxxx/ou=First Administrative Group/cn=Recipients/cn=Woodyxxxx, ServerDN=/o=xxxx/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=xxxxEXCHP01/cn=Microsoft Private MDB


User Woody XXXXX not started


30 user(s) failed to initialize
johnnyseadoo
02-28-2012, 02:54 PM
Does BESAdmin mailbox reside on 2010? See blackBerry KB22601
for more info
pigbts
02-28-2012, 02:56 PM
Thank you for the reply. Yes- all our mailboxes have been migrated to exch 2010
pigbts
02-28-2012, 03:17 PM
That was a very useful link you sent, the only thing we did not do on that list is the permissions changes. I did not change the besadmin's permissions because I assumed they were correct from the previous blackberry installation. I wonder if it is necessary to run these permissions on the new exchange managment shell?

Task 5

Assign the proper permissions to the BlackBerry Enterprise Server service account.

On a computer that hosts the Microsoft Exchange Management Shell, click Start > Microsoft Exchange Server 2010 > Exchange Management Shell.

1. Assign Receive-As to the BESAdmin account:
Get-MailboxDatabase | Add-ADPermission xxx8211;User xxx8220;BESAdminxxx8221; xxx8211;AccessRights ExtendedRight xxx8211;ExtendedRights Receive-As, ms-Exch-Store-Admin
2. Assign the View-Only role to the BESAdmin account:
Add-RoleGroupMember xxx8220;View-Only Organization Managementxxx8221; xxx8211;Member xxx8220;BESAdminxxx8221;
3. Assign the Send-As to the BESAdmin account that is in an OU or CN:
Add-ADPermission xxx8211;InheritedObjectType User xxx8211;InheritanceType Descendents xxx8211;ExtendedRights Send-As xxx8211;User xxx8220;BESAdminxxx8221; xxx8211;Identity xxx8220;OU=<organizational_unit>,DC=<domain_1>,DC=<domain_2>,DC=<domain_3>xxx8221;
Or
Add-ADPermission xxx8211;InheritedObjectType User xxx8211;InheritanceType Descendents xxx8211;ExtendedRights Send-As xxx8211;User xxx8220;BESAdminxxx8221; xxx8211;Identity xxx8220;CN=<common_name>,DC=<domain_1>,DC=<domain_2>,DC=<domain_3>xxx8221;

For example:
Add-ADPermission xxx8211;InheritedObjectType User xxx8211;InheritanceType Descendents xxx8211;ExtendedRights Send-As xxx8211;User xxx8220;BESAdminxxx8221; xxx8211;Identity xxx8220;CN=BES Admin Exch2K10,OU=TestOU,DC=SEN104,DC=EXAMPLE,DC=COM"
knottyrope
02-28-2012, 03:19 PM
sounds like DNS max attempts are hit
pigbts
02-28-2012, 04:15 PM
I actually think we may have resolved ths. We modified out BESADMIN throttling policy, but we also modified the default throttling policy in exch mgmt console. We did not know that we needed to modify the default throttling policy as well.
johnnyseadoo
02-29-2012, 09:33 AM
There is an ongoing issue where the Throttling Policy fails back to the Default one. Restarting Exchange after assigning the new Throttling policy is supposed to fix it
johnnyseadoo
02-29-2012, 09:49 AM
You would have to run the Send As, Receive As and Admin the Info store for every new Exchange server/Exchange database. The AD Send As command gives false errors sometimes and in your case is already set. The View Only Admin should already exist. It does not hurt anything if you re-run these commands.
Dbltee
06-20-2012, 04:19 PM
We just had this exact issue happen to us this past weekend. Throttling is causing your issue. You will need to contact me for the website since this is my first post and I am not permitted to do so yet.
Your issues are 1: Did you add additional stores and move users into them? You have to run a script after the addition of each new store.
2: Throttling. There is a powershell command to run that fixes this issue of only part of users connecting to the BES server.
3. Restarting your Exchange server first and then your BES server and you should be back in business.

We went from having only 14 users at a time working to all 30.
Dbltee
06-21-2012, 09:43 AM
Here's the article with the info in it. Article ID: KB02276