Exchange, SBS 2003, and Blackberry Enterprise Server
Last week I had a client who wanted the BES installed on his SBS 03 server. No big deal, I’ve done it before…
Anyway, I had some problems with the “SendAs” permissions being revoked. I wanted to detail some KB’s that helped me get everything straightened out. Hopefully it will be good for someone else!
First, here is the install guide from Blackberry: http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8067/645045/1382175/1404165/1382176/Getting_Started_Guide.pdf?nodeid=1382253&vernum=0
Here are the details on setting up the permissions for the Blackberry service account: http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB02276&sliceId=SAL_Public&dialogID=6316111&stateId=0%200%203804961
Here is a KB from BB regarding the SendAs getting revoked: http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB04707&sliceId=SAL_Public&dialogID=6306833&stateId=0%200%203804284
Here is a KB from Microsoft regarding the SendAs getting revoked: http://support.microsoft.com/kb/912918/en-us
Keep in mind that Blackberry is VERY picky about permissions!!! I can’t stress that enough. I thought well, I can do what I want to and make it work. No! FOLLOW THE INSTRUCTIONS and save yourself some headache. Also, keep in mind that permissions on the user account that you are syncing with (not the BES admin account) are important too. They cannot be domain admins or power users or administrators.
UPDATE
Ok, all that I did and all my googling solved the problem. I finally called BB tech support. Here is the solution that they gave:
Go to Active Directory Users and Computers
Go to View->Advanced
Expand your domain.
Expand System.
Right click on AdminSDHolder, and click properties
Go to the Security tab, and click the Advanced button
Click “Allow inheritable permissions from the parent to propogate to this object……”
Click Apply and OK.
Now go to the User account that you are trying to use with the Blackberry server.
Right click and click properties and choose Security and Click advanced and check “allow inheritable….”
Apply, Ok, Done! (Hopefully!!!)
Hopefully that saves someone else some pain!
All the best,
Luke