November 11, 2008

Exchange, SBS 2003, and Blackberry Enterprise Server

Filed under: Blackberry,Exchange Server,PDA — Tags: , — lpopejoy @ 12:06 am

Last week I had a client who wanted the BES installed on his SBS 03 server.  No big deal, I’ve done it before…

Anyway, I had some problems with the “SendAs” permissions being revoked.  I wanted to detail some KB’s that helped me get everything straightened out.  Hopefully it will be good for someone else!

First, here is the install guide from Blackberry:  http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8067/645045/1382175/1404165/1382176/Getting_Started_Guide.pdf?nodeid=1382253&vernum=0

Here are the details on setting up the permissions for the Blackberry service account:  http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB02276&sliceId=SAL_Public&dialogID=6316111&stateId=0%200%203804961

Here is a KB from BB regarding the SendAs getting revoked:  http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB04707&sliceId=SAL_Public&dialogID=6306833&stateId=0%200%203804284

Here is a KB from Microsoft regarding the SendAs getting revoked:  http://support.microsoft.com/kb/912918/en-us

Keep in mind that Blackberry is VERY picky about permissions!!!  I can’t stress that enough.  I thought well, I can do what I want to and make it work.  No!  FOLLOW THE INSTRUCTIONS and save yourself some headache.  Also, keep in mind that permissions on the user account that you are syncing with (not the BES admin account) are important too.  They cannot be domain admins or power users or administrators.

UPDATE

Ok, all that I did and all my googling solved the problem.  I finally called BB tech support.  Here is the solution that they gave:

Go to Active Directory Users and Computers

Go to View->Advanced

Expand your domain.

Expand System.

Right click on AdminSDHolder, and click properties

Go to the Security tab, and click the Advanced button

Click “Allow inheritable permissions from the parent to propogate to this object……”

Click Apply and OK.

Now go to the User account that you are trying to use with the Blackberry server.

Right click and click properties and choose Security and Click advanced and check “allow inheritable….”

Apply, Ok, Done!  (Hopefully!!!)

Hopefully that saves someone else some pain!

All the best,

Luke

May 14, 2008

Palm / Windows Mobile / Exchange Active Sync

Filed under: Active Sync,Exchange Server,PDA — Tags: , — lpopejoy @ 6:34 pm

I just did my first Exchange Active Sync configuration.

Here’s the procedure:

1) Make sure you have a valid cert on your site. https://FQDN/exchange should NOT give you an cert errors. If you do insist on using a self-signed cert, it requires saving the cert to a XML file format, sticking that XML file into a CAB file, and then transferring and installing that CAB file on the mobile phone (Windows Mobile only). Use a cert from a recognized certificate authority. Here are some KB’s on it:

2) Make sure you have port 443 open on your router and directed to your Exchange FE server.

3) You will need to follow the following KB to get Exchange AS to work on Exchange server 2003 Standard and Enterprise: http://support.microsoft.com/kb/817379. Note that if you have SBS 2003, Microsoft has kindly already taken care of getting it to work. This site http://www.amset.info/exchange/mobile-85010014.asp also has some valuable content. Basically a reproduction of KB 817379, except he gives some additional steps that I used – but don’t know if I would have had to or not!

4) Finally, go to your mobile phone and setup ActiveSync to the FQDN of your Exchange server. This should be public DNS resolvable.

Finally, let me add that my synchronization of Windows Mobile was totally smooth. Getting the Treo 755 (Palm OS) to work was a bit of a challenge. However installing Exchange SP2 ultimately resolved that problem. To determine the Exchange Service pack level, go to Exchange System Manager and right click on your server. You should see the service pack level under the “General” tab of “Properties.”