02-26-2009, 04:39 AM
Join Date: Apr 2007
Post Thanks: 0
Thanked 0 Times in 0 Posts
| | New Install Not Sending this may help
Please Login to Remove!
Just thought I'd share this with you as I have seen this on the net so many times and I have just managed to fix this myself today so I thought I would share the knowledge with everyone.
If you have just installed a new install Of BES on Windows 2003 SP2 \ SP2 R2 Exchange 2003 and you are not able to send as an admin account or sometimes as a user account follow these steps which may help.
1. Run this query in AD Users and Computers
2. If this returns back any users that are not being able to send then they are part of what Microsoft calls a Protected Group. Protected groups will reset any overiding security permissions you push out to the entire domain every hour.
For Example - If you send out the Blackberry User that has "Send As" to the entire domain this will be over written every hour thus you will not be able to send once these permissions are pushed out by the DC again.
3. To get around this I have dug around the internet and found a fix. If you navigate in "AD Users and Computers" again to your domain then to an OU called "System" there is another OU in there called "AdminSDHolder" right click on this and select "Properties"
4. On the security tab click "Advanced" then click "Add" the select the user that runs your BES server eg. BESADMIN then click "OK" then in the Apply onto: drop down box select "User Objects" and then scroll all the way down to the bottom of the permissions and select the "SEND AS" permission in the allow column. Then click "OK" then click the "OK" box, the "OK" again.
5. Sync your domain and then this is the important bit, on your BES server stop the "Blackberry Router" server for a minimum of 20 minutes, I stopped ours for about 2 hours to be sure the permission cahce was refreshed.
6. Restart the service again after the alloted time and then try to send from your blackberry again.
Hope this helps.
Disclaimer : This worked for us as I know that the protected groups was the issue, this may not work for everyone else and you may need to retrace your steps to make sure all the correct BES permissions are in place.