BlackBerry Forums Support Community

BlackBerry Forums Support Community (http://www.blackberryforums.com/)
-   BES Admin Corner (http://www.blackberryforums.com/bes-admin-corner/)
-   -   BES Service Account and SQL Confusion (http://www.blackberryforums.com/bes-admin-corner/30519-bes-service-account-sql-confusion.html)

cwood 03-31-2006 12:20 PM

BES Service Account and SQL Confusion
 
I am migrating from Windows Server 2000 SP4, BES 4.0 Exchange 2000 to another Windows Server 2000 SP4, BES 4.0 Exchange 2000. I will use the same SRP and everything. I have read through many posts explaining the steps to do this and I appreciate all the information. When I first setup our BES I had no clue what I was doing but I managed to make it work. Now that I have had the BES for a little over a year I have learned a few things. I have had trouble with the BES MDS functionality such as pushing OTA applications and I get many SQL and Policy Settings related warnings in my App log. Everything, i.e. calendar synch, etc., seem to be working fine on all the handhelds and the policy’s are being applied. That being said, while I am migrating the BES I decided to double check everything I had set up the first time when I was more confused than I am now. I have noticed a few things that maybe someone can help me with.

1. I noticed in the installation directions that I need to create a service account under the Users folder in AD. Well, my BES has been running with the users in our OU Group Folder. I have not had problems with it being there but I have a few things that are confusing me about what I have had running and what I should have running.
a. Currently, my service account is a member of Administrators and Domain Users. I read on a post that if the service account is a member of the Domain Users in a clustered Exchange environment then the calendar will not synch properly. I am not in a clustered Exchange environment but this company grows everyday and I would like to prevent this from ever being an issue.
i. Dilemma: Currently BES is using the service account as it is now; I need to right a wrong, if it is wrong, by removing this user from our OU and moving it to the User folder. Question: If I delete the user from the OU and add it to the Users folder, will I have complete chaos with my current BES? And is it even necessary to do this since everything works?
ii. Dilemma2: I can’t remove Domain Users from the “Members of” for this service account because it says it is set as the primary. It will not let me change the primary to Administrator so I am stuck. Question: How do I fix this? And do I need to even be concerned if the answer to the first dilemma is to delete the account?
b. Next issue is the SQL privileges. We have a SQL server but I do not want to put the BES DB on this so I will install a local MSDE version which it has been currently running on. My first question is: The installation instructions tell me the BES will need permissions on the SQL database and the configuration database; what’s the difference? I thought I had the ldf and mdf files for the database and that was it. My second question is: The installation instructions tell me to go to the SQL Server Enterprise Manager and set permissions. I do not have that and will not even have the MSDE until I install the BES. Question: Can I issue rights when I install everything? I am assuming that the SQL permissions are for the Server running SQL server and then separate permissions for the configuration db but b/c I am using MSDE and can’t dig into SQL Server and see what it is talking about I am confused. The directions for MSDE 2000 also say to make modifications to the setup.ini file before installation. Well, I downloaded the BES installation package and I have no idea how to get into the exe file to modify anything before installation.

I know this is a long post but I feel like I will get better responses if I explain the situation as clearly as possible and much of this I know a little about but I have a difficult time figuring it all out if people assume I know more than I do about SQL and AD. Thank you in advance for your help.

MarkV 03-31-2006 12:40 PM

1. You should not have any problems with the BESADMIN in another OU than the default user group.

Dilemma 1: do not delete the user, but just simply move it to the user folder. No harm will be done.

Dilemma 2: why do you want it not te be a member of the domain users group? See first remark.

Dilemma b: the SQL DB and the configuration database are the same. Just another name for the same SQL or MSDE database.

last question: You can simply give the BESADMIN account SA (system administrator) permission on the SQL server instance.

I do not know of any setup.ini file which needs to be edited. You can savely ignore it, as I have done installations more then 50 times without doing it.

vlw 03-31-2006 04:29 PM

Putting the BESmgmt database on a production SQL is usually superior for Backup and Restore as well as remote management. What is the intent behind to moving from SQL to MDSE?

cwood 03-31-2006 05:50 PM

SQL vs MSDE
 
Thank you for your help on this.

To address the first response, it doesn't really matter to me if the service account is a member of the Domain Users, I had just read on a post here that the calendar would not synch if the service account was a member of the Domain Users in a clustered Exchange environment. I am not in a clustered environment now but I did want to plan for tomorrow while making this move, if I had something wrong.

For the second response, I am not moving from SQL to MSDE. I currently run on MSDE and everything is somewhat alright. However, I do have many warnings in my App log on the BES related to policy settings not being applied and they are usually accompanied by warnings about SQL connections. I don't have a clue if one is related to the other. That is why I am asking these questions. I am going over every little detail and when I see something that I might have done wrong the first time I check to see if it might be causing some of my current problems. Hopefully I will reduce the amount of time I spend chasing answers to all of these cryptic warnings by correcting any possible mistakes I made before.

Thanks again.


All times are GMT -5. The time now is 12:26 PM.

Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.