BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 05-25-2010, 06:03 PM   #1 (permalink)
New Member
 
Join Date: May 2010
Model: 8130
PIN: N/A
Carrier: Sprint
Posts: 7
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Exchange 2010/2007 CoExistance Issues

Please Login to Remove!

Greetings,

I'm running a BESx server (Version: 5.0.1.13) on Server 2008 Std x64. The server has Microsoft Messaging API and Collaboration Data Objects 1.2.1 installed.

I have an Exchange organization that is in co-existence mode at the moment, consisting of these servers:

Exchange 2007:
EX01 (Holds MDB Storage Group)

Exchange 2010:
EX-CAS-1
EX-CAS-2
EX-MB-1 (DAG, holds Alpha Storage Group)
EX-MB-2 (DAG, holds Alpha Storage Group)
EX-HUB-1
EX-HUB-2

I've moved some test mailboxes over to the Exchange 2010 server, and I'm having trouble getting things working. I've adjusted permissions, assigned roles, and it even works sporadically. My phone, for instance, will sync properly for about 5 minutes after a reboot of the server, and then it stops. Users on the EX2007 platform are working normally.

Using IEMStest...

C:\Program Files (x86)\Research In Motion\BlackBerry Enterprise Server\Utility>IEMSTest.exe
BlackBerry Enterprise Server Utility - IEMSTest.exe (IExchangeManageStore), Version 1.0
Copyright (c) Research In Motion, Ltd. 1999. All rights reserved.
Opening Default Message Store Mailbox - BES Server

user lastname: Opening message store using
/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=username
/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=EX-CAS-1/cn=Microsoft Private MDB
user lastname: Mailbox opened successfully
user lastname: Root Folder opened successfully
user lastname: Folder created successfully
user lastname: Test folder deleted successfully
user lastname: MAPI test completed successfully
user lastname: CDO Server Name: EX-CAS-1
user lastname: CDO Mailbox DN: /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=username
Assertion failed: index < maxIndex, file f:\df8165\dsa\src\emsabp\root.c, line 1166



At this point, it crashes, and I get a popup window stating that "Test ability to manage Blackberry User's Configurations has stopped working". The detailed crash report follows:
Problem signature:
Problem Event Name: APPCRASH
Application Name: IEMSTest.exe
Application Version: 5.0.1.35
Application Timestamp: 4b21bd3b
Fault Module Name: msvcrt.dll
Fault Module Version: 7.0.6002.18005
Fault Module Timestamp: 49e0379e
Exception Code: 40000015
Exception Offset: 000641b5
OS Version: 6.0.6002.2.2.0.272.7
Locale ID: 1033
Additional Information 1: 5b15
Additional Information 2: 6c8101c360e5fbc492b42fa5c931d956
Additional Information 3: 20c0
Additional Information 4: 2b645b2ff28db32204980e3830492bc

I'm sure I'm missing something obvious. I just don't know what it could be. The fact that it works for a little while is what's throwing me off...
Offline  
Old 05-25-2010, 06:44 PM   #2 (permalink)
BlackBerry Elite
 
knottyrope's Avatar
 
Join Date: Jan 2008
Location: Massachusetts
Model: Z30
OS: 10.2.1
PIN: t of blood has been taken
Carrier: AT&T-US with I dee ten tee errors
Posts: 6,697
Post Thanks: 270
Thanked 286 Times in 270 Posts
Default

Whats the actual version of CDO.DLL and MAPI.DLL?
Running RU1 or higher on 2010?
Move the BESAdmin account to 2010 yet?
Apply throttle policy for BES admin?
__________________
irony : many old timer posters have de-evolved into the trolls they once fought
I am on http://supportforums.blackberry.com
BES 10 running sweet for my Z30, Z10 and Q10
Offline  
Old 05-25-2010, 07:06 PM   #3 (permalink)
New Member
 
Join Date: May 2010
Model: 8130
PIN: N/A
Carrier: Sprint
Posts: 7
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

C:\Program Files (x86)\ExchangeMapi\
CDO.DLL - 6.5.8165.0
EXMAPI32.DLL - 6.5.8165.0

It appears that there are also mapi32.dll's in c:\windows\system32 and c:\windows\syswow64:
mapi32.dll - 1.0.2536.0 (or 6.0.6000.16386)

Per this thread, this seems to be OK: (this site)/bes-admin-corner/190184-mapi32-dll-issue-server-2008-64-bit.html#post1387773

(Apparently I can't post links yet...)
  • All EX2010 servers are at RU1.
  • I did try moving the besserver mailbox to 2010, but it didn't make a difference, and it actually broke the 2007 users as well (it appears that any connectivity with 2010 seems to crash the CDO/MAPI object, perhaps?). Anyways, it's presently on the 2007 server.
  • I've set the RCAMaxConcurrency in the Default Throttling policy to null, but given that my test account is the only thing utilizing the connection, I would be surprised if I was hitting a concurrency limitation anyways.
Offline  
Old 05-26-2010, 08:22 PM   #4 (permalink)
New Member
 
Join Date: May 2010
Model: 8130
PIN: N/A
Carrier: Sprint
Posts: 7
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

I'm starting to think this isn't a co-existance issue at all, but rather a MAPI issue. After moving the BESServer mailbox to 2010, doing a 'check mailbox' from the MAPI window results in the same crash.

Even with the BESServer mailbox moved to 2010, doing an IEMSTest, I can successfully validate users that are on the 2007 server. However, validating users that are on the 2010 servers results in that crash as well.

So...
All servers fully updated
BESServer mailbox moved to 2010
RCAMaxConcurrency in Default Throttling policy now applies since BESServer is moved to 2010
Still crashing.
Offline  
Old 05-26-2010, 09:38 PM   #5 (permalink)
BlackBerry Elite
 
knottyrope's Avatar
 
Join Date: Jan 2008
Location: Massachusetts
Model: Z30
OS: 10.2.1
PIN: t of blood has been taken
Carrier: AT&T-US with I dee ten tee errors
Posts: 6,697
Post Thanks: 270
Thanked 286 Times in 270 Posts
Default

maybe its an LDAP issue or maybe a daomin level issue.

Whats your domain level now?
Are you running SQL or MSDE?
Whate is BES pointing to for LDAP?
__________________
irony : many old timer posters have de-evolved into the trolls they once fought
I am on http://supportforums.blackberry.com
BES 10 running sweet for my Z30, Z10 and Q10
Offline  
Old 05-27-2010, 12:52 PM   #6 (permalink)
New Member
 
Join Date: May 2010
Model: 8130
PIN: N/A
Carrier: Sprint
Posts: 7
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

The domain level is Server 2008.
I'm running MSDE
Where would I check the LDAP source?

Note that I am seeing a lot of this in the event log, and I've followed the KB article KB18396 to resolve it, to no effect:
{user@domain.com}-CDOCalendar::ProcessWindowsTimezoneInfo- No Index value present

Wondering if that coincides with the crash at all, since it was also complaining about an index value. I'm strongly beginning to suspect that things are crashing somewhere during calendar sync, and that my synchronization is dying entirely when it hits "agent x: will not restart - reached the maximum of 10 restarts per 24 hours." after crashing 10 times.

Restarting the controller service restores synchronization for a little while (presumably, for 10 crashes).
Offline  
Old 05-27-2010, 01:28 PM   #7 (permalink)
BlackBerry Elite
 
knottyrope's Avatar
 
Join Date: Jan 2008
Location: Massachusetts
Model: Z30
OS: 10.2.1
PIN: t of blood has been taken
Carrier: AT&T-US with I dee ten tee errors
Posts: 6,697
Post Thanks: 270
Thanked 286 Times in 270 Posts
Default

Take a peek at this KB
View Document
__________________
irony : many old timer posters have de-evolved into the trolls they once fought
I am on http://supportforums.blackberry.com
BES 10 running sweet for my Z30, Z10 and Q10
Offline  
Old 05-27-2010, 03:11 PM   #8 (permalink)
New Member
 
Join Date: May 2010
Model: 8130
PIN: N/A
Carrier: Sprint
Posts: 7
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

My MAGT log doesn't seem to contain '001e6602' anywhere.
Offline  
Old 05-27-2010, 04:25 PM   #9 (permalink)
BlackBerry Elite
 
knottyrope's Avatar
 
Join Date: Jan 2008
Location: Massachusetts
Model: Z30
OS: 10.2.1
PIN: t of blood has been taken
Carrier: AT&T-US with I dee ten tee errors
Posts: 6,697
Post Thanks: 270
Thanked 286 Times in 270 Posts
Default

This will show where it is in the registry. Make sure the 001e6602 entries point to a valid GC, it might be pointing to something that cant figure out where it needs to go.

View Document
__________________
irony : many old timer posters have de-evolved into the trolls they once fought
I am on http://supportforums.blackberry.com
BES 10 running sweet for my Z30, Z10 and Q10
Offline  
Old 05-27-2010, 07:18 PM   #10 (permalink)
New Member
 
Join Date: May 2010
Model: 8130
PIN: N/A
Carrier: Sprint
Posts: 7
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

They point to a valid GC that I can ping and communicate with via IPV4.
Offline  
Old 06-05-2010, 07:37 PM   #11 (permalink)
New Member
 
Join Date: Jun 2010
Model: Curve
PIN: N/A
Carrier: Verizon
Posts: 3
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

I'm having a very similar issue with my IEMSTest.exe and Ive only noticed issues when I have ActiveDirectory restrictions set against the Global Address List or the OAB...do you have any special permissions / split GAL going on?

I've reinstalled BES about 3 times now as it randomly crashes..I'm quite sure it's an Exchange / Directory issue, but it's pissing me off to no end ... theres nothing I've been able to do "BES-wise" to make any difference..it only changes when I make ADSI changes.
Offline  
Old 06-05-2010, 08:17 PM   #12 (permalink)
New Member
 
Join Date: May 2010
Model: 8130
PIN: N/A
Carrier: Sprint
Posts: 7
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Yes, yes I do.

I can't post links yet, but if you google this string, what I've done is contained in the first result:
"DotNetPanel Hosted Exchange Solution - DNP Hosted Exchange Solution Pre-Deployment Tasks"
Offline  
Old 06-08-2010, 01:03 PM   #13 (permalink)
New Member
 
Join Date: Jun 2010
Model: Curve
PIN: N/A
Carrier: Verizon
Posts: 3
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

So basically your issue is something that I fought with for over two weeks in my organization..and I was able to finally resolve.

In short, the changes between Exchange 07 and 10 on the directory service are extremely drastic..and where as before that you could setup split gals and deny the authenticated users group from the GAL..now in Exch10, it'll break the mailbox.

So in my testing, I always got the

Recipients/cn=username Assertion failed: index < maxIndex

Error..so I decided to setup an outlook profile with my BESAdmin account, and lo-and behold, the GAL was empty.. So i believe the index < maxIndex is *****ing that the discovery of the address list is being returned as NULL..anytime I would click "Check name" outlook would crash

I tried everything from reinstalling BES, to going through LDAP to see what permissions are askewed.. basically, anytime I tried to use the BESAdmin account, it would crash..and I think with all the ADSI permission edits I made, I eventually borked my config.

So I finally created a new BESAdmin account, but instead of creating it through EMC or Shell, I created it through our hosted control panel (Which is similar to the dotnetpanel, but proprietary) which created a unique GAL for the new BESAdmin account..I then modified the GAL recipient filter to include all users, and not just users from the OU that the BESAdmin is in...after I confirmed via Outlook that I could open the GAL and discover users, I reinstalled BES (again) and everything went through fine..except messages weren't being delivered to the BB devices..I then went through the registry and found the 001e6602 entry..it was pointed to the Exchange CAS array and not the GC..so I changed the key to match the global catalogue and restarted..once it came back up, I had BB devices contacted and new messages were routing.

So make sure the following is in place:

1. That you have a default GAL
1a. That the authenticated users group can read, list, and open the address book
1b. That your All Hosted Groups (The security group you add all domain security groups to) is denied access to open the default GAL and denied the ability to read it

2. That you have an address list with the BESAdmin account included
2a. Make sure the BESAdmin user or a parent security group can open the address list

3. Make sure you have a default offline address book
3a. Make sure you allow read/open access from BESAdmin
3b. Make sure in Exchange Console that your Offline Address Book is set to either include the default global address list, or to include only a specific address list which has the BESAdmin account as a member.
Offline  
Old 06-09-2010, 11:46 AM   #14 (permalink)
New Member
 
Join Date: Jun 2010
Model: Curve
PIN: N/A
Carrier: Verizon
Posts: 3
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

BTW,

I reviewed the deployment guide for the CP..heres what I think you need to do..

Modifying Address Lists Containers

Please use ADSI Edit carefully. The best practice is to make full backup of AD (DC System State) before using ADSI Edit.

*
Open ADSI Edit.
*
Connect to Configuration naming context.
*
Navigate to Services > Microsoft Exchange > Your Organization > Address Lists Container
*
Remove the permissions for the Anonymous Logon, Everyone and Authenticated Users groups for the following containers:

- CN= All Address Lists container and all of the default sub containers in the All Address Lists container. These are All Contacts, All Groups, All Rooms, All Users and Public Folders.

- CN=All Global Address Lists and default CN=Default Global Address List sub container.

- CN= Offline Address Lists container and default CN=Default Offline Address Book sub container.

To be able to do it you will be needed to disable permissions inheritance (uncheck "Include inheritable permissions from this object's parent" in Security > Advanced tab) with copying existing permissions for CN= All Address Lists, CN=All Global Address Lists and CN= Offline Address Lists containers.


Open up ADSI edit, find the default address list..add back read and open address list permissions for the authenticated users group..this is required for Exchange 2010 lookup requests to work.

The way I got around all the BS was I allowed authenticated users group to read and open the address book (This is used when users hit "check name" in outlook, etc) and then I added a new security group which contained every user except my administrator account and my BESAdmin account...I then denied the new security group the ability to open the GAL...you'll want to do the same process to the Address list and the System Address List folder (The All mailboxes AL, etc)

This should allow outlook clients to resolve names and BES, while denying 'open-address-book' everyone but BESAdmin and administrator. The most useful feature when working with the permissions is the "Effective permissions" tab when you click "Advanced" on the security tab... if you make the recommended changes, then use the effective permissions tab to ensure that BESAdmin can read properties and open the address list, and that any individual user cannot.

So far my BES server has been working without hiccup for about a week..which is longer than it ever did before.

Last edited by ainesophaur : 06-09-2010 at 11:48 AM.
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.