RE: 1st BES Install - can't login to Administration Service
I am waiting - AD/LADP auth to BAS is extremely buggy imo. I managed to get it
working once by entering seemingly incorrect values for LDAP server and port.
However, I made the mistake of rebooting the server which caused it to break
again! I no longer have a BES5 trial license to play around with it (it
expired) so I'm quite content, for now, to just wait for a service pack to come
along.
Good luck, anyway, and if you manage to sort it out please let us know how!
Richard
From: bounce-8670155-8066...@lyris.sunbelt-software.com
[mailto:bounce-8670155-8066...@lyris.sunbelt-software.com] On Behalf Of Sean
Rector
Sent: 28 September 2009 19:31
To: MS-Exchange Admin Issues
Subject: 1st BES Install - can't login to Administration Service
BES 5.0 - on Windows Server 2003 Std. When I try to log in using the admin
account I specified in the setup process returns The username, password, or
domain is not correct. Please correct the entry. I'm using Active Directory
for the login method - which I specified and verified in the setup wizard.
When I check the DC (Server 2008 R2), I see the following Event ID:
Log Name: Security
Source:Microsoft-Windows-Security-Auditing
Date: 9/28/2009 2:26:17 PM
Event ID: 4768
Task Category: Kerberos Authentication Service
Level: Information
Keywords: Audit Failure
User: N/A
Computer: VOA-NOR-DC01.vaopera.net
Description:
A Kerberos authentication ticket (TGT) was requested.
Account Information:
Account Name: sean.rector.adm
Supplied Realm Name:VAOPERA.NET
User ID:NULL SID
Service Information:
Service Name: krbtgt/VAOPERA.NET
Service ID: NULL SID
Network Information:
Client Address: 10.0.0.45
Client Port:3420
Additional Information:
Ticket Options: 0x0
Result Code:0xe
Ticket Encryption Type: 0x
Pre-Authentication Type: -
Certificate Information:
Certificate Issuer Name:
Certificate Serial Number:
Certificate Thumbprint:
Certificate information is only provided if a certificate was used for
pre-authentication.
Pre-authentication types, ticket options, encryption types and result codes are
defined in RFC 4120.
Event Xml:
Event xmlns=http://schemas.microsoft.com/win/2004/08/events/event;
System
Provider Name=Microsoft-Windows-Security-Auditing
Guid={54849625-5478-4994-A5BA-3E3B0328C30D} /
EventID4768/EventID
Version0/Version
Level0/Level
Task14339/Task
Opcode0/Opcode
Keywords0x8010/Keywords
TimeCreated SystemTime=2009-09-28T18:26:17.831284900Z /
EventRecordID7226755/EventRecordID
Correlation /
Execution ProcessID=940 ThreadID=1680 /
ChannelSecurity/Channel
ComputerVOA-NOR-DC01.vaopera.net/Computer
Security /
/System
EventData
Data Name=TargetUserNamesean.rector.adm/Data
Data Name=TargetDomainNameVAOPERA.NET/Data
Data Name=TargetSidS-1-0-0/Data
Data Name=ServiceNamekrbtgt/VAOPERA.NET/Data
Data Name=ServiceSidS-1-0-0/Data
Data Name=TicketOptions0x0/Data
Data Name=Status0xe/Data
Data Name=TicketEncryptionType0x/Data
Data Name=PreAuthType-/Data
Data Name=IpAddress10.0.0.45/Data
Data Name=IpPort3420/Data
Data Name=CertIssuerName
/Data
Data Name=CertSerialNumber
/Data
Data Name=CertThumbprint
/Data
/EventData
/Event
Your help is appreciated!
Sean Rector, MCSE
Information Technology Manager
Virginia Opera Association
E-Mail: sean.rec...@vaopera.orgmailto:sean.rec...@vaopera.org
Phone:(757) 213-4548 (direct line)
{*} {+}
RE: 1st BES Install - can't login to Administration Service
Ok...re-installed BES. I'm able to login using the BAS Admin login I created during the install. Thanks for your assistance, John. I don't know if this is MR2 - it's the demo download at this point as we're within 60 days of buying the software. New (perhaps not really new) problem - it appears that LDAP lookups are not happening. If I try to log in to the Web Desktop, no matter which user I try in my organization, the login does not authenticate. I'm not sure which log to look in to see if there are errors, but on the DC (WS2k8R2), I am seeing Kerberos-Key-Distribution-Center error 14 messages. Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Monday, September 28, 2009 4:19 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Are you running MR2? I believe there was an similar issue from MR1 but I can't recall if it was both auth methods or just LDAP.. Just a guess, but possibly reinstall BAS... Last ditch effort try resetting the local pwd..Backup your DB up first... http://supportforums.blackberry.com/rim/board/message?board.id=bes5message.id=844query.id=3326021#M844 Log into the BES server itself Open SQL administrator Go to the BESMgmt database Expand tables Open the dbo.BASUsers table If you have not created any other admin users, and chances are you did not if you are reading this, the last user listed will be the system admin user Scroll right to the LoginPassword collumn Paste this hash into that field - 431d615b2de61fb1 - this will change your BAS login to berry Now log in with that password and go to Manage Users and click on search to populate you list Click on the System Administrator user and select edit user Click on the wrench to the right of the user and type in your new password, then click the green check mark tot he right MOST IMPORTANT - click SAVE ALL at the bottom Now you are all set to log out and back in with your new secure password Out of curiosity, your LDAP cfg is fine/validates on the BES cfg tool? Do you have any users activated on this server? If so, can they log into the BAS interface via ldap? Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Monday, September 28, 2009 12:01 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Yes. Right on both questions... Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Monday, September 28, 2009 2:59 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service But you mentioned you are using the AD login in your OP? So have you selected BAS from the drop down and tried that local acct? Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Monday, September 28, 2009 11:50 AM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Yes...and it won't accept that - with nothing noted in the BAS AS log. Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Monday, September 28, 2009 2:42 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Did you create the local admin pwd? In BES 5.0, the svc account model for interactive and management logon has changedby default, unless you are upgrading and had set the permissions there, the svc account has no BAS rights. Do you remember the local Admin pwd? It prompted you for it during the install. Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Monday, September 28, 2009 11:31 AM To: MS-Exchange Admin Issues Subject: 1st BES Install - can't login to Administration Service BES 5.0 - on Windows Server 2003 Std. When I try to log in using the admin account I specified in the setup process returns The username, password, or domain is not correct. Please correct the entry. I'm using Active Directory for the login method - which I specified and verified in the setup wizard. When I check the DC (Server 2008 R2), I see the following Event ID: Log Name: Security Source:Microsoft-Windows-Security-Auditing Date: 9/28/2009 2:26:17 PM Event ID: 4768 Task Category: Kerberos Authentication Service Level: Information Keywords: Audit Failure User: N/A Computer: VOA-NOR-DC01.vaopera.net Description: A Kerberos authentication ticket (TGT) was requested. Account Information: Account Name: sean.rector.adm Supplied Realm Name:VAOPERA.NET User ID:NULL SID Service Information: Service Name: krbtgt/VAOPERA.NET Service ID: NULL SID Network Information: Client Address: 10.0.0.45 Client Port:3420 Additional Information: Ticket Options: 0x0 Result Code:0xe Ticket Encryption Type:
RE: uuh... iPhone + EAS + wipe + remove partnership = ?
I agree with everything except the server hard drive reformat and that little item about having the administrator shot. Just give me three steps toward the door... -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, September 28, 2009 8:51 PM To: MS-Exchange Admin Issues Subject: Re: uuh... iPhone + EAS + wipe + remove partnership = ? On Mon, Sep 28, 2009 at 9:26 PM, Kurt Buff kurt.b...@gmail.com wrote: Turn off ActiveSync? Turn off Activesync, delete the user account, uninstall iTunes, smash up the iPhone with a hammer, reformat the server hard drives, and have the Exchange administrator shot. It's all documented in Apple Support Article THX1138. ;-) -- Ben
Re: uuh... iPhone + EAS + wipe + remove partnership = ?
I suddenlyt feel like cutting a rug... On Tue, Sep 29, 2009 at 8:19 AM, Maglinger, Paul pmaglin...@scvl.comwrote: I agree with everything except the server hard drive reformat and that little item about having the administrator shot. Just give me three steps toward the door... -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, September 28, 2009 8:51 PM To: MS-Exchange Admin Issues Subject: Re: uuh... iPhone + EAS + wipe + remove partnership = ? On Mon, Sep 28, 2009 at 9:26 PM, Kurt Buff kurt.b...@gmail.com wrote: Turn off ActiveSync? Turn off Activesync, delete the user account, uninstall iTunes, smash up the iPhone with a hammer, reformat the server hard drives, and have the Exchange administrator shot. It's all documented in Apple Support Article THX1138. ;-) -- Ben
Piping files to Set-*
All, This is more of a Powershell question, but it's relating to an Exchange problem, so hopefully someone can help me. I've got a resource mailbox configured just right, and I'm going to be creating a few more in the next couple of weeks. Is there any way I can export the configuration of the existing mailbox and use it to set up the new mailboxes correctly, instead of manually entering all the various parameters into Set-MailboxCalendarSettings? Thanks Richard
Tren quarantined post in OAB System Folder.
Hi, i have just inherited an Exchange 2003 server and it has been showing errors in generating OAB. So following much google fu, I had found the attached page. http://forums.msexchange.org/m_1800436892/printable.htm 2nd bottom replay from scott.french suggest that it is a corrupt OAB file and to change the age limit on the folder. When I checked the post in the OAB4 folde rI discovered that there is one post and when opened it shows a list of atachemnts to big to fit on the OWA screen, all removed and replaced with tct files of the type REMOVED_BY_THE_EXCHANGE_EMAIL_SCANNING_SERVICE_008BC5E7_55E9F.txt?attach=1 Now this is what Trend puts in when it removes something. They are currently on Client Server Suite for SMB V3.6 with the Exchange module. I cannot delete this post and rebuilds fail. Anyone got any suggestions as to what to do to get rid of the post, and to ensure that trend doesnt snaffle it again. TIA Graeme -- Good news everyone, you have just received and e-mail from me! Joan Crawfordhttp://www.brainyquote.com/quotes/authors/j/joan_crawford.html - I, Joan Crawford, I believe in the dollar. Everything I earn, I spend.
RE: uuh... iPhone + EAS + wipe + remove partnership = ?
As your surmised, the iTunes sync of the phone backs up all data, including the configuration (with usernames and passwords). The overriding thought is that if you're wiping the device, it's because the device has been lost or stolen. In that case, the person who finds the device generally doesn't have access to the iTunes backup copy... Even if they did, say because the user's laptop was also stolen, it's a good idea just to leave the remote wipe for the device enabled indefinitely... Then if the unauthorized user ever do try to sync to Exchange again, the phone gets wiped again... In your case, where you intend to let individuals keep their device, or use a personal device, as you suggested you can either disable Activesync on the account or disable the account... Alternately, simply changing the password on the account would also keep the device from re-syncing... Depending on why the user is now being denied this service (leaving the company, or just not allowed Activesync any longer) would drive how you handled their access restriction.. From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Monday, September 28, 2009 7:20 PM To: MS-Exchange Admin Issues Subject: RE: uuh... iPhone + EAS + wipe + remove partnership = ? So scrounging around in the IIS logs I found a few lines from my iPhone with the following: DeviceType=iPhoneCmd=ProvisionLog=V So in my ignorance, I'm surmising that the iTunes 'sync' of the phone will maintain the EAS configuration, including credentials. I'm not familiar with iTunes and didn't expect this behavior Especially after wipe + device partnership deletion. I was expecting to have to go through the setup wizard again, but the restoration of the device put everything back into place. Is the only way to prevent it from resyncing with Exchange after a 'sync' with iTunes is to disable the EAS feature on the mailbox and/or disable the AD account? Sorry for the newbish questions. Too used to my BB environments. Thanks, JB From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Monday, September 28, 2009 3:39 PM To: MS-Exchange Admin Issues Subject: uuh... iPhone + EAS + wipe + remove partnership = ? iPhone3G running OS 3.1 EX 2007 SP1 RU9 I'm evaluating EAS with WinMo and iPhones WinMo was a slam dunk, I've used it for years, expected the same outcome as when I did our eval for use with EAS on EX2003SP2 years back. So going through the same motions on the iPhone...I've tested this and had it happen twice now... Issue the Perform a remote wipe to clear mobile device data cmd, acknowledged, and received according to EMC. About 5 minutes later I remove the mobile device partnership. All actions are successful... iPhone pukes itself back to Factory settings. I go back in to see what the user experience is(we are considering allowing personal devices), so I proceed to restore my photos, music, etc. That completes. I go into the Mail app where I have my corporate account and Gmail account setup. Gmail starts working just fine. For the EAS account, I see a folder list of my mailbox, but no data and I receive the Cannot sync.. blah blah error. Ok great! Now I download a few of the apps I had installed and sync them back over. I notice that some of my saved content in those apps reappears and my credentials for Facebook reappear and auto log me in? I never sync'd my apps, this was a fresh download from the App Store post wipe #2. Click back over to the mail app to see what details of my Corporate EAS account are there... and the dang thing starts syncing. Folders to to date as of 1 min ago? I jump over to the EMC and verify, yep device partnership is established. How can this be? I'm baffled and really tired, so it could be something blaring oblivious, I hope so, because this isn't a good thing. The other thing I noticed, post wipe, that the unlock pwd is still using complex requirements from EAS and doesn't revert back to the 4 digit numeric PIN The same steps above worked flawlessly on the WinMo. Anyone see this before? Any help would be much appreciated. Thanks, JB
RE: Piping files to Set-*
Do you need to set the RequestInPolicy, RequestOutOfPolicy, or ResourceDelegate properties? From: Sobey, Richard A [mailto:r.so...@imperial.ac.uk] Sent: Tuesday, September 29, 2009 9:24 AM To: MS-Exchange Admin Issues Subject: Piping files to Set-* All, This is more of a Powershell question, but it's relating to an Exchange problem, so hopefully someone can help me. I've got a resource mailbox configured just right, and I'm going to be creating a few more in the next couple of weeks. Is there any way I can export the configuration of the existing mailbox and use it to set up the new mailboxes correctly, instead of manually entering all the various parameters into Set-MailboxCalendarSettings? Thanks Richard ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. **
RE: uuh... iPhone + EAS + wipe + remove partnership = ?
Thanks Joe. I ran through the iPhone backup files(non-encrypted) and account, email alias, servername...all in clear text. Wasn't able to find the pwd, which I guess is good, this is an eval so we are looking at all potential exposure and attack vectors. I was expecting more of a WinMo experience with regard to the iPhone once connected via EAS. This makes solutions like Sybase and MobileIron much more attractive for using the iPhone in the Enterprise. ..and Ben, thanks for offering up to have me shot. Thanks, JB From: Joe Pochedley [mailto:joe.poched...@fivesgroup.com] Sent: Tuesday, September 29, 2009 8:34 AM To: MS-Exchange Admin Issues Subject: RE: uuh... iPhone + EAS + wipe + remove partnership = ? As your surmised, the iTunes sync of the phone backs up all data, including the configuration (with usernames and passwords). The overriding thought is that if you're wiping the device, it's because the device has been lost or stolen. In that case, the person who finds the device generally doesn't have access to the iTunes backup copy... Even if they did, say because the user's laptop was also stolen, it's a good idea just to leave the remote wipe for the device enabled indefinitely... Then if the unauthorized user ever do try to sync to Exchange again, the phone gets wiped again... In your case, where you intend to let individuals keep their device, or use a personal device, as you suggested you can either disable Activesync on the account or disable the account... Alternately, simply changing the password on the account would also keep the device from re-syncing... Depending on why the user is now being denied this service (leaving the company, or just not allowed Activesync any longer) would drive how you handled their access restriction.. From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Monday, September 28, 2009 7:20 PM To: MS-Exchange Admin Issues Subject: RE: uuh... iPhone + EAS + wipe + remove partnership = ? So scrounging around in the IIS logs I found a few lines from my iPhone with the following: DeviceType=iPhoneCmd=ProvisionLog=V So in my ignorance, I'm surmising that the iTunes 'sync' of the phone will maintain the EAS configuration, including credentials. I'm not familiar with iTunes and didn't expect this behavior Especially after wipe + device partnership deletion. I was expecting to have to go through the setup wizard again, but the restoration of the device put everything back into place. Is the only way to prevent it from resyncing with Exchange after a 'sync' with iTunes is to disable the EAS feature on the mailbox and/or disable the AD account? Sorry for the newbish questions. Too used to my BB environments. Thanks, JB From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Monday, September 28, 2009 3:39 PM To: MS-Exchange Admin Issues Subject: uuh... iPhone + EAS + wipe + remove partnership = ? iPhone3G running OS 3.1 EX 2007 SP1 RU9 I'm evaluating EAS with WinMo and iPhones WinMo was a slam dunk, I've used it for years, expected the same outcome as when I did our eval for use with EAS on EX2003SP2 years back. So going through the same motions on the iPhone...I've tested this and had it happen twice now... Issue the Perform a remote wipe to clear mobile device data cmd, acknowledged, and received according to EMC. About 5 minutes later I remove the mobile device partnership. All actions are successful... iPhone pukes itself back to Factory settings. I go back in to see what the user experience is(we are considering allowing personal devices), so I proceed to restore my photos, music, etc. That completes. I go into the Mail app where I have my corporate account and Gmail account setup. Gmail starts working just fine. For the EAS account, I see a folder list of my mailbox, but no data and I receive the Cannot sync.. blah blah error. Ok great! Now I download a few of the apps I had installed and sync them back over. I notice that some of my saved content in those apps reappears and my credentials for Facebook reappear and auto log me in? I never sync'd my apps, this was a fresh download from the App Store post wipe #2. Click back over to the mail app to see what details of my Corporate EAS account are there... and the dang thing starts syncing. Folders to to date as of 1 min ago? I jump over to the EMC and verify, yep device partnership is established. How can this be? I'm baffled and really tired, so it could be something blaring oblivious, I hope so, because this isn't a good thing. The other thing I noticed, post wipe, that the unlock pwd is still using complex requirements from EAS and doesn't revert back to the 4 digit numeric PIN The same steps above worked flawlessly on the WinMo. Anyone see this before? Any help would be much appreciated. Thanks, JB
Re: Piping files to Set-*
I'd think you could attempt to play with the -instance switch on the command. $Master = get-mailboxcalendarsettings Master Conference Room $Master.displayname = New Conference Room name Set-MailboxCalendarSettings -identity NewConferenceRoom -instance $Master I have not tested this, ended up writing a reusable script that grants same settings for all new conference rooms. Reference: http://technet.microsoft.com/en-us/library/aa996340.aspx On Tue, Sep 29, 2009 at 7:23 AM, Sobey, Richard A r.so...@imperial.ac.ukwrote: All, This is more of a Powershell question, but it’s relating to an Exchange problem, so hopefully someone can help me. I’ve got a resource mailbox configured just right, and I’m going to be creating a few more in the next couple of weeks. Is there any way I can export the configuration of the existing mailbox and use it to set up the new mailboxes correctly, instead of manually entering all the various parameters into Set-MailboxCalendarSettings? Thanks Richard
RE: 1st BES Install - can't login to Administration Service
Demo version will allow you to patch it, I would throw MR2 on it, lots of bug fixes from RTM - MR2. What happens with your LDAP configuration within the BlackBerry Server cfg tool - Admin Service - LDAP tab? Ldap://domain.com:3268 DC=domain,DC=com LDAP user credentials, when you hit verify does it come back and say LDAP settings are valid? As far as trying to logon to the Web Desktop manager, are the users you are trying with setup on the BES server? Have you logged in with the local admin and setup your account to be an administrator or activated or migrated your handheld to the server yet? Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Tuesday, September 29, 2009 4:08 AM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Ok...re-installed BES. I'm able to login using the BAS Admin login I created during the install. Thanks for your assistance, John. I don't know if this is MR2 - it's the demo download at this point as we're within 60 days of buying the software. New (perhaps not really new) problem - it appears that LDAP lookups are not happening. If I try to log in to the Web Desktop, no matter which user I try in my organization, the login does not authenticate. I'm not sure which log to look in to see if there are errors, but on the DC (WS2k8R2), I am seeing Kerberos-Key-Distribution-Center error 14 messages. Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Monday, September 28, 2009 4:19 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Are you running MR2? I believe there was an similar issue from MR1 but I can't recall if it was both auth methods or just LDAP.. Just a guess, but possibly reinstall BAS... Last ditch effort try resetting the local pwd..Backup your DB up first... http://supportforums.blackberry.com/rim/board/message?board.id=bes5message.id=844query.id=3326021#M844 Log into the BES server itself Open SQL administrator Go to the BESMgmt database Expand tables Open the dbo.BASUsers table If you have not created any other admin users, and chances are you did not if you are reading this, the last user listed will be the system admin user Scroll right to the LoginPassword collumn Paste this hash into that field - 431d615b2de61fb1 - this will change your BAS login to berry Now log in with that password and go to Manage Users and click on search to populate you list Click on the System Administrator user and select edit user Click on the wrench to the right of the user and type in your new password, then click the green check mark tot he right MOST IMPORTANT - click SAVE ALL at the bottom Now you are all set to log out and back in with your new secure password Out of curiosity, your LDAP cfg is fine/validates on the BES cfg tool? Do you have any users activated on this server? If so, can they log into the BAS interface via ldap? Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Monday, September 28, 2009 12:01 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Yes. Right on both questions... Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Monday, September 28, 2009 2:59 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service But you mentioned you are using the AD login in your OP? So have you selected BAS from the drop down and tried that local acct? Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Monday, September 28, 2009 11:50 AM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Yes...and it won't accept that - with nothing noted in the BAS AS log. Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Monday, September 28, 2009 2:42 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Did you create the local admin pwd? In BES 5.0, the svc account model for interactive and management logon has changedby default, unless you are upgrading and had set the permissions there, the svc account has no BAS rights. Do you remember the local Admin pwd? It prompted you for it during the install. Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Monday, September 28, 2009 11:31 AM To: MS-Exchange Admin Issues Subject: 1st BES Install - can't login to Administration Service BES 5.0 - on Windows Server 2003 Std. When I try to log in using the admin account I specified in the setup process returns The username, password, or domain is not correct. Please correct the entry. I'm using Active Directory for the login method - which I specified and verified in the setup wizard. When I check the DC (Server 2008 R2), I see the following Event ID: Log Name:
RE: Piping files to Set-*
It's not even that hard get-mailboxcalendarsettings template calendar | set-mailboxcalendarsettings -param1 value -param2 value etc. etc. From: Eric Woodford [ericwoodf...@gmail.com] Sent: Tuesday, September 29, 2009 12:46 PM To: MS-Exchange Admin Issues Subject: Re: Piping files to Set-* I'd think you could attempt to play with the -instance switch on the command. $Master = get-mailboxcalendarsettings Master Conference Room $Master.displayname = New Conference Room name Set-MailboxCalendarSettings -identity NewConferenceRoom -instance $Master I have not tested this, ended up writing a reusable script that grants same settings for all new conference rooms. Reference: http://technet.microsoft.com/en-us/library/aa996340.aspx On Tue, Sep 29, 2009 at 7:23 AM, Sobey, Richard A r.so...@imperial.ac.ukmailto:r.so...@imperial.ac.uk wrote: All, This is more of a Powershell question, but it’s relating to an Exchange problem, so hopefully someone can help me. I’ve got a resource mailbox configured just right, and I’m going to be creating a few more in the next couple of weeks. Is there any way I can export the configuration of the existing mailbox and use it to set up the new mailboxes correctly, instead of manually entering all the various parameters into Set-MailboxCalendarSettings? Thanks Richard
RE: Tren quarantined post in OAB System Folder.
if you exclude the folder from a/v scanning, the rebuild will probably succeed. here is a blog post i wrote on this general topic: http://theessentialexchange.com/blogs/michael/archive/2007/12/05/file-level-antivirus-for-exchange.aspx From: Graeme Carstairs [loonyto...@gmail.com] Sent: Tuesday, September 29, 2009 10:34 AM To: MS-Exchange Admin Issues Subject: Tren quarantined post in OAB System Folder. Hi, i have just inherited an Exchange 2003 server and it has been showing errors in generating OAB. So following much google fu, I had found the attached page. http://forums.msexchange.org/m_1800436892/printable.htm 2nd bottom replay from scott.french suggest that it is a corrupt OAB file and to change the age limit on the folder. When I checked the post in the OAB4 folde rI discovered that there is one post and when opened it shows a list of atachemnts to big to fit on the OWA screen, all removed and replaced with tct files of the type REMOVED_BY_THE_EXCHANGE_EMAIL_SCANNING_SERVICE_008BC5E7_55E9F.txt?attach=1 Now this is what Trend puts in when it removes something. They are currently on Client Server Suite for SMB V3.6 with the Exchange module. I cannot delete this post and rebuilds fail. Anyone got any suggestions as to what to do to get rid of the post, and to ensure that trend doesnt snaffle it again. TIA Graeme -- Good news everyone, you have just received and e-mail from me! Joan Crawfordhttp://www.brainyquote.com/quotes/authors/j/joan_crawford.html - I, Joan Crawford, I believe in the dollar. Everything I earn, I spend.
RE: Piping files to Set-*
I think I tried something like that once and couldn't get it to work. When I
checked it with get-command, it said none of the parameter sets accepted
pipeline input so I decided it probably wasn't going to be possible.
I ended up using a script like this (it's been scrubbed) to clone most of the
properties from one resource to another when we upgraded from E2k3. It's kind
of a kludge, and I'd probably do it differently if I had to do it again, but
FWIW:
It will either clone all the properties directly (uncomment the #iex), or build
a script you can tweak settings on or just do a search/replace on the mailbox
name before you run it.
I excluded Identity for obvious reasons, and the array properties. The array
properties could be added, but it would take some additional code. I didn't
need them at the time, so I just left then out.
$mbx = target mailbox
if ($mbx -match \s){$mbx = ' + $mbx + '}
$rsc_base = get-mailboxcalendarsettings source mailbox
$rsc_props = $rsc_base | Get-Member -MemberType Property
$cmds = @()
$rsc_props |%{
$setting = $($rsc_base.($_.name))
$excluded =
Identity,RequestInPolicy,RequestOutOfPolicy,ResourceDelegates
if ($excluded -notcontains $_.name.tostring()){
if ($setting.tostring() -eq False){$setting = '$False'}
if ($setting.tostring() -eq True){$setting = '$True'}
if ($setting.tostring() -match \s){$setting = ' + $setting + '}
}
$cmd_str = set-mailboxcalendarsettings $mbx - + $_.name + $setting
$cmds += $cmd_str
#iex $cmd_str
}
$cmds | Out-File set_resourcesettings.ps1
From: Michael B. Smith [mailto:mich...@owa.smithcons.com]
Sent: Tuesday, September 29, 2009 1:27 PM
To: MS-Exchange Admin Issues
Subject: RE: Piping files to Set-*
It's not even that hard
get-mailboxcalendarsettings template calendar | set-mailboxcalendarsettings
-param1 value -param2 value
etc. etc.
From: Eric Woodford [ericwoodf...@gmail.com]
Sent: Tuesday, September 29, 2009 12:46 PM
To: MS-Exchange Admin Issues
Subject: Re: Piping files to Set-*
I'd think you could attempt to play with the -instance switch on the command.
$Master = get-mailboxcalendarsettings Master Conference Room
$Master.displayname = New Conference Room name
Set-MailboxCalendarSettings -identity NewConferenceRoom -instance $Master
I have not tested this, ended up writing a reusable script that grants same
settings for all new conference rooms.
Reference: http://technet.microsoft.com/en-us/library/aa996340.aspx
On Tue, Sep 29, 2009 at 7:23 AM, Sobey, Richard A
r.so...@imperial.ac.ukmailto:r.so...@imperial.ac.uk wrote:
All,
This is more of a Powershell question, but it's relating to an Exchange
problem, so hopefully someone can help me.
I've got a resource mailbox configured just right, and I'm going to be creating
a few more in the next couple of weeks. Is there any way I can export the
configuration of the existing mailbox and use it to set up the new mailboxes
correctly, instead of manually entering all the various parameters into
Set-MailboxCalendarSettings?
Thanks
Richard
**
Note:
The information contained in this message may be privileged and confidential
and
protected from disclosure. If the reader of this message is not the intended
recipient, or an employee or agent responsible for delivering this message to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If you
have received this communication in error, please notify us immediately by
replying to the message and deleting it from your computer.
**
RE: Piping files to Set-*
Then they fixed it for Exchange 2010, because the Identity parameter can come
from the pipe.
Sorry for not checking on 2007...
From: Campbell, Rob [rob_campb...@centraltechnology.net]
Sent: Tuesday, September 29, 2009 2:51 PM
To: MS-Exchange Admin Issues
Subject: RE: Piping files to Set-*
I think I tried something like that once and couldn’t get it to work. When I
checked it with get-command, it said none of the parameter sets accepted
pipeline input so I decided it probably wasn’t going to be possible.
I ended up using a script like this (it’s been scrubbed) to clone most of the
properties from one resource to another when we upgraded from E2k3. It’s kind
of a kludge, and I’d probably do it differently if I had to do it again, but
FWIW:
It will either clone all the properties directly (uncomment the #iex), or build
a script you can tweak settings on or just do a search/replace on the mailbox
name before you run it.
I excluded Identity for obvious reasons, and the array properties. The array
properties could be added, but it would take some additional code. I didn’t
need them at the time, so I just left then out.
$mbx = target mailbox
if ($mbx -match \s){$mbx = ' + $mbx + '}
$rsc_base = get-mailboxcalendarsettings source mailbox
$rsc_props = $rsc_base | Get-Member -MemberType Property
$cmds = @()
$rsc_props |%{
$setting = $($rsc_base.($_.name))
$excluded =
Identity,RequestInPolicy,RequestOutOfPolicy,ResourceDelegates
if ($excluded -notcontains $_.name.tostring()){
if ($setting.tostring() -eq False){$setting = '$False'}
if ($setting.tostring() -eq True){$setting = '$True'}
if ($setting.tostring() -match \s){$setting = ' + $setting + '}
}
$cmd_str = set-mailboxcalendarsettings $mbx - + $_.name + $setting
$cmds += $cmd_str
#iex $cmd_str
}
$cmds | Out-File set_resourcesettings.ps1
From: Michael B. Smith [mailto:mich...@owa.smithcons.com]
Sent: Tuesday, September 29, 2009 1:27 PM
To: MS-Exchange Admin Issues
Subject: RE: Piping files to Set-*
It's not even that hard
get-mailboxcalendarsettings template calendar | set-mailboxcalendarsettings
-param1 value -param2 value
etc. etc.
From: Eric Woodford [ericwoodf...@gmail.com]
Sent: Tuesday, September 29, 2009 12:46 PM
To: MS-Exchange Admin Issues
Subject: Re: Piping files to Set-*
I'd think you could attempt to play with the -instance switch on the command.
$Master = get-mailboxcalendarsettings Master Conference Room
$Master.displayname = New Conference Room name
Set-MailboxCalendarSettings -identity NewConferenceRoom -instance $Master
I have not tested this, ended up writing a reusable script that grants same
settings for all new conference rooms.
Reference: http://technet.microsoft.com/en-us/library/aa996340.aspx
On Tue, Sep 29, 2009 at 7:23 AM, Sobey, Richard A
r.so...@imperial.ac.ukmailto:r.so...@imperial.ac.uk wrote:
All,
This is more of a Powershell question, but it’s relating to an Exchange
problem, so hopefully someone can help me.
I’ve got a resource mailbox configured just right, and I’m going to be creating
a few more in the next couple of weeks. Is there any way I can export the
configuration of the existing mailbox and use it to set up the new mailboxes
correctly, instead of manually entering all the various parameters into
Set-MailboxCalendarSettings?
Thanks
Richard
**
Note:
The information contained in this message may be privileged and confidential and
protected from disclosure. If the reader of this message is not the intended
recipient, or an employee or agent responsible for delivering this message to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If you
have received this communication in error, please notify us immediately by
replying to the message and deleting it from your computer.
**
5.7.1 smtp;550 5.7.1 Requested action not taken: message refused
Hey all. In the last few days I've been unable to send email, from my Verizon PDA (Motorola (9Q with Windows Mobile 6 Standard) to one of the clients I administer. The client has Windows 2003 AD with Exchange 2003 fully patched. I can send email from my domain and Outlook client just not my cell phone which of course is the same email address as my Outlook client. - IMF is configured - No connection filtering - no firewall denys Any ideas?
RE: 1st BES Install - can't login to Administration Service
MR2 installed - I hadn't known it was available. LDAP configuration had been set to use port 389 - and settings verified - I changed it to 3268 and settings still verified. I haven't done anything regarding setting up any users yet. No handheld to test yet. Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Tuesday, September 29, 2009 12:52 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Demo version will allow you to patch it, I would throw MR2 on it, lots of bug fixes from RTM - MR2. What happens with your LDAP configuration within the BlackBerry Server cfg tool - Admin Service - LDAP tab? Ldap://domain.com:3268 DC=domain,DC=com LDAP user credentials, when you hit verify does it come back and say LDAP settings are valid? As far as trying to logon to the Web Desktop manager, are the users you are trying with setup on the BES server? Have you logged in with the local admin and setup your account to be an administrator or activated or migrated your handheld to the server yet? Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Tuesday, September 29, 2009 4:08 AM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Ok...re-installed BES. I'm able to login using the BAS Admin login I created during the install. Thanks for your assistance, John. I don't know if this is MR2 - it's the demo download at this point as we're within 60 days of buying the software. New (perhaps not really new) problem - it appears that LDAP lookups are not happening. If I try to log in to the Web Desktop, no matter which user I try in my organization, the login does not authenticate. I'm not sure which log to look in to see if there are errors, but on the DC (WS2k8R2), I am seeing Kerberos-Key-Distribution-Center error 14 messages. Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Monday, September 28, 2009 4:19 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Are you running MR2? I believe there was an similar issue from MR1 but I can't recall if it was both auth methods or just LDAP.. Just a guess, but possibly reinstall BAS... Last ditch effort try resetting the local pwd..Backup your DB up first... http://supportforums.blackberry.com/rim/board/message?board.id=bes5message.id=844query.id=3326021#M844 Log into the BES server itself Open SQL administrator Go to the BESMgmt database Expand tables Open the dbo.BASUsers table If you have not created any other admin users, and chances are you did not if you are reading this, the last user listed will be the system admin user Scroll right to the LoginPassword collumn Paste this hash into that field - 431d615b2de61fb1 - this will change your BAS login to berry Now log in with that password and go to Manage Users and click on search to populate you list Click on the System Administrator user and select edit user Click on the wrench to the right of the user and type in your new password, then click the green check mark tot he right MOST IMPORTANT - click SAVE ALL at the bottom Now you are all set to log out and back in with your new secure password Out of curiosity, your LDAP cfg is fine/validates on the BES cfg tool? Do you have any users activated on this server? If so, can they log into the BAS interface via ldap? Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Monday, September 28, 2009 12:01 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Yes. Right on both questions... Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Monday, September 28, 2009 2:59 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service But you mentioned you are using the AD login in your OP? So have you selected BAS from the drop down and tried that local acct? Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Monday, September 28, 2009 11:50 AM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Yes...and it won't accept that - with nothing noted in the BAS AS log. Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Monday, September 28, 2009 2:42 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Did you create the local admin pwd? In BES 5.0, the svc account model for interactive and management logon has changedby default, unless you are upgrading and had set the permissions there, the svc account has no BAS rights. Do you remember the local Admin pwd? It prompted you for it during the install. Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Monday, September 28, 2009 11:31 AM To: MS-Exchange Admin
RE: 1st BES Install - can't login to Administration Service
Cool. Login with the local admin and add your user as an administrative user and/or activate your handheld on it. Log out and then test with LDAP and your user account. You have to be added as a user before you can login via LDAP. Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Tuesday, September 29, 2009 12:47 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service MR2 installed - I hadn't known it was available. LDAP configuration had been set to use port 389 - and settings verified - I changed it to 3268 and settings still verified. I haven't done anything regarding setting up any users yet. No handheld to test yet. Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Tuesday, September 29, 2009 12:52 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Demo version will allow you to patch it, I would throw MR2 on it, lots of bug fixes from RTM - MR2. What happens with your LDAP configuration within the BlackBerry Server cfg tool - Admin Service - LDAP tab? Ldap://domain.com:3268 DC=domain,DC=com LDAP user credentials, when you hit verify does it come back and say LDAP settings are valid? As far as trying to logon to the Web Desktop manager, are the users you are trying with setup on the BES server? Have you logged in with the local admin and setup your account to be an administrator or activated or migrated your handheld to the server yet? Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Tuesday, September 29, 2009 4:08 AM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Ok...re-installed BES. I'm able to login using the BAS Admin login I created during the install. Thanks for your assistance, John. I don't know if this is MR2 - it's the demo download at this point as we're within 60 days of buying the software. New (perhaps not really new) problem - it appears that LDAP lookups are not happening. If I try to log in to the Web Desktop, no matter which user I try in my organization, the login does not authenticate. I'm not sure which log to look in to see if there are errors, but on the DC (WS2k8R2), I am seeing Kerberos-Key-Distribution-Center error 14 messages. Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Monday, September 28, 2009 4:19 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Are you running MR2? I believe there was an similar issue from MR1 but I can't recall if it was both auth methods or just LDAP.. Just a guess, but possibly reinstall BAS... Last ditch effort try resetting the local pwd..Backup your DB up first... http://supportforums.blackberry.com/rim/board/message?board.id=bes5message.id=844query.id=3326021#M844 Log into the BES server itself Open SQL administrator Go to the BESMgmt database Expand tables Open the dbo.BASUsers table If you have not created any other admin users, and chances are you did not if you are reading this, the last user listed will be the system admin user Scroll right to the LoginPassword collumn Paste this hash into that field - 431d615b2de61fb1 - this will change your BAS login to berry Now log in with that password and go to Manage Users and click on search to populate you list Click on the System Administrator user and select edit user Click on the wrench to the right of the user and type in your new password, then click the green check mark tot he right MOST IMPORTANT - click SAVE ALL at the bottom Now you are all set to log out and back in with your new secure password Out of curiosity, your LDAP cfg is fine/validates on the BES cfg tool? Do you have any users activated on this server? If so, can they log into the BAS interface via ldap? Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Monday, September 28, 2009 12:01 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Yes. Right on both questions... Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Monday, September 28, 2009 2:59 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service But you mentioned you are using the AD login in your OP? So have you selected BAS from the drop down and tried that local acct? Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Monday, September 28, 2009 11:50 AM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Yes...and it won't accept that - with nothing noted in the BAS AS log. Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Monday, September 28, 2009 2:42 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service
RE: 1st BES Install - can't login to Administration Service
More info... The LDAP lookup for creating a messaging user seems to be working - it's finding people when I search for them. This is not the case for creating Admin Users. I'm getting The application has encountered a system error. Please report this error to the System Administrator. (EXCEPTION-java.lang.reflect.UndeclaredThrowableException) Sean Rector, MCSE From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Tuesday, September 29, 2009 3:47 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service MR2 installed - I hadn't known it was available. LDAP configuration had been set to use port 389 - and settings verified - I changed it to 3268 and settings still verified. I haven't done anything regarding setting up any users yet. No handheld to test yet. Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Tuesday, September 29, 2009 12:52 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Demo version will allow you to patch it, I would throw MR2 on it, lots of bug fixes from RTM - MR2. What happens with your LDAP configuration within the BlackBerry Server cfg tool - Admin Service - LDAP tab? Ldap://domain.com:3268 DC=domain,DC=com LDAP user credentials, when you hit verify does it come back and say LDAP settings are valid? As far as trying to logon to the Web Desktop manager, are the users you are trying with setup on the BES server? Have you logged in with the local admin and setup your account to be an administrator or activated or migrated your handheld to the server yet? Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Tuesday, September 29, 2009 4:08 AM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Ok...re-installed BES. I'm able to login using the BAS Admin login I created during the install. Thanks for your assistance, John. I don't know if this is MR2 - it's the demo download at this point as we're within 60 days of buying the software. New (perhaps not really new) problem - it appears that LDAP lookups are not happening. If I try to log in to the Web Desktop, no matter which user I try in my organization, the login does not authenticate. I'm not sure which log to look in to see if there are errors, but on the DC (WS2k8R2), I am seeing Kerberos-Key-Distribution-Center error 14 messages. Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Monday, September 28, 2009 4:19 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Are you running MR2? I believe there was an similar issue from MR1 but I can't recall if it was both auth methods or just LDAP.. Just a guess, but possibly reinstall BAS... Last ditch effort try resetting the local pwd..Backup your DB up first... http://supportforums.blackberry.com/rim/board/message?board.id=bes5message.id=844query.id=3326021#M844 Log into the BES server itself Open SQL administrator Go to the BESMgmt database Expand tables Open the dbo.BASUsers table If you have not created any other admin users, and chances are you did not if you are reading this, the last user listed will be the system admin user Scroll right to the LoginPassword collumn Paste this hash into that field - 431d615b2de61fb1 - this will change your BAS login to berry Now log in with that password and go to Manage Users and click on search to populate you list Click on the System Administrator user and select edit user Click on the wrench to the right of the user and type in your new password, then click the green check mark tot he right MOST IMPORTANT - click SAVE ALL at the bottom Now you are all set to log out and back in with your new secure password Out of curiosity, your LDAP cfg is fine/validates on the BES cfg tool? Do you have any users activated on this server? If so, can they log into the BAS interface via ldap? Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Monday, September 28, 2009 12:01 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Yes. Right on both questions... Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Monday, September 28, 2009 2:59 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service But you mentioned you are using the AD login in your OP? So have you selected BAS from the drop down and tried that local acct? Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Monday, September 28, 2009 11:50 AM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Yes...and it won't accept that - with nothing noted in the BAS AS log. Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Monday,
RE: 1st BES Install - can't login to Administration Service
Created the user account, but get The username, password, or domain is not correct. Please correct the entry. When I try to log into the Web Desktop Manager. Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Tuesday, September 29, 2009 3:53 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Cool. Login with the local admin and add your user as an administrative user and/or activate your handheld on it. Log out and then test with LDAP and your user account. You have to be added as a user before you can login via LDAP. Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Tuesday, September 29, 2009 12:47 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service MR2 installed - I hadn't known it was available. LDAP configuration had been set to use port 389 - and settings verified - I changed it to 3268 and settings still verified. I haven't done anything regarding setting up any users yet. No handheld to test yet. Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Tuesday, September 29, 2009 12:52 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Demo version will allow you to patch it, I would throw MR2 on it, lots of bug fixes from RTM - MR2. What happens with your LDAP configuration within the BlackBerry Server cfg tool - Admin Service - LDAP tab? Ldap://domain.com:3268 DC=domain,DC=com LDAP user credentials, when you hit verify does it come back and say LDAP settings are valid? As far as trying to logon to the Web Desktop manager, are the users you are trying with setup on the BES server? Have you logged in with the local admin and setup your account to be an administrator or activated or migrated your handheld to the server yet? Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Tuesday, September 29, 2009 4:08 AM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Ok...re-installed BES. I'm able to login using the BAS Admin login I created during the install. Thanks for your assistance, John. I don't know if this is MR2 - it's the demo download at this point as we're within 60 days of buying the software. New (perhaps not really new) problem - it appears that LDAP lookups are not happening. If I try to log in to the Web Desktop, no matter which user I try in my organization, the login does not authenticate. I'm not sure which log to look in to see if there are errors, but on the DC (WS2k8R2), I am seeing Kerberos-Key-Distribution-Center error 14 messages. Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Monday, September 28, 2009 4:19 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Are you running MR2? I believe there was an similar issue from MR1 but I can't recall if it was both auth methods or just LDAP.. Just a guess, but possibly reinstall BAS... Last ditch effort try resetting the local pwd..Backup your DB up first... http://supportforums.blackberry.com/rim/board/message?board.id=bes5message.id=844query.id=3326021#M844 Log into the BES server itself Open SQL administrator Go to the BESMgmt database Expand tables Open the dbo.BASUsers table If you have not created any other admin users, and chances are you did not if you are reading this, the last user listed will be the system admin user Scroll right to the LoginPassword collumn Paste this hash into that field - 431d615b2de61fb1 - this will change your BAS login to berry Now log in with that password and go to Manage Users and click on search to populate you list Click on the System Administrator user and select edit user Click on the wrench to the right of the user and type in your new password, then click the green check mark tot he right MOST IMPORTANT - click SAVE ALL at the bottom Now you are all set to log out and back in with your new secure password Out of curiosity, your LDAP cfg is fine/validates on the BES cfg tool? Do you have any users activated on this server? If so, can they log into the BAS interface via ldap? Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Monday, September 28, 2009 12:01 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Yes. Right on both questions... Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Monday, September 28, 2009 2:59 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service But you mentioned you are using the AD login in your OP? So have you selected BAS from the drop down and tried that local acct? Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Monday, September 28, 2009 11:50 AM To:
security ?
Is there any known problems with using a security group for delegates in outlook 2007 and Exchange 2003 sp2 and Bes 4.1.6 I created a exadmin group and put 3 people in that will have access to 10 peoples calendars. And I have seen strange calendar issues but I always contributed it to not doing calendaring correctly cause I gave them the do's and don'ts of calendaring and they were doing 9 of the 10 wrong and excessive mailbox size of over 3 + gig. Any thoughts thank you, David M. Ricci IS Manager The Health Wellness Institute 291 Promenade Street Providence, RI 02908 T: 401.228.1332 C: 401.256.4933 F: 401.228.1399 www.hwinstitute.com http://www.hwinstitute.com/ david.ri...@hwinstitute.com mailto:adam.co...@hwinstitute.com SERVICE. INNOVATION. RESULTS. This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or taking any action in reliance on the information contained in this e-mail is prohibited. If you have received this e-mail in error, please immediately notify our e-mail administrator at mailto:supp...@hwinstitute.com. .
Re: security ?
Do all three people receive the meeting requests? or have you granted them folder level permissions to these 10 calendars and they only review items from there? Anytime you have more than 1 recipient recieving meeting requests for someone you can have odd issues. Each copy of the meeting request will need to be processed identically, otherwise the last funciton processed on that meeting request will become law. - User + Blackberry - User + Delegate - Delegate + Delegate Disregard this if the meeting requests never leave the owner's mailbox and the delegates are not specified in the delegate wizard as recieving the meeting requests. Just from my observations of this over the last few years... On Tue, Sep 29, 2009 at 1:14 PM, David.Ricci david.ri...@hwinstitute.comwrote: Is there any known problems with using a security group for delegates in outlook 2007 and Exchange 2003 sp2 and Bes 4.1.6 I created a exadmin group and put 3 people in that will have access to 10 peoples calendars. And I have seen strange calendar issues but I always contributed it to not doing calendaring correctly cause I gave them the do’s and don’ts of calendaring and they were doing 9 of the 10 wrong and excessive mailbox size of over 3 + gig. Any thoughts thank you, David M. Ricci IS Manager The Health Wellness Institute 291 Promenade Street Providence, RI 02908 T: 401.228.1332 C: 401.256.4933 F: 401.228.1399 www.hwinstitute.com david.ri...@hwinstitute.com adam.co...@hwinstitute.com *SERVICE. INNOVATION. RESULTS.* This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or taking any action in reliance on the information contained in this e-mail is prohibited. If you have received this e-mail in error, please immediately notify our e-mail administrator at supp...@hwinstitute.com. .
RE: 1st BES Install - can't login to Administration Service
K, was testing to make sure what I was going to suggest actually works. Kick up logging on BAS-AS Login with the local admin - expand BB Solution Top. - BB Domain - Component View - Logging - your instance_LOG - Logging Details Tab - Scroll to the bottom - Edit Instance - Change Log level for BAS - AS to DEBUG. Restart the BAS Service. Log back in with the account that won't work, search the logs @ install location ...\Research In Motion\BlackBerry Enterprise Server\Logs\20090929\servername_BBAS-AS_01_20090929.txt for the account name that fails, There should be corresponding info in the log to help sort this out. Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Tuesday, September 29, 2009 1:00 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Created the user account, but get The username, password, or domain is not correct. Please correct the entry. When I try to log into the Web Desktop Manager. Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Tuesday, September 29, 2009 3:53 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Cool. Login with the local admin and add your user as an administrative user and/or activate your handheld on it. Log out and then test with LDAP and your user account. You have to be added as a user before you can login via LDAP. Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Tuesday, September 29, 2009 12:47 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service MR2 installed - I hadn't known it was available. LDAP configuration had been set to use port 389 - and settings verified - I changed it to 3268 and settings still verified. I haven't done anything regarding setting up any users yet. No handheld to test yet. Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Tuesday, September 29, 2009 12:52 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Demo version will allow you to patch it, I would throw MR2 on it, lots of bug fixes from RTM - MR2. What happens with your LDAP configuration within the BlackBerry Server cfg tool - Admin Service - LDAP tab? Ldap://domain.com:3268 DC=domain,DC=com LDAP user credentials, when you hit verify does it come back and say LDAP settings are valid? As far as trying to logon to the Web Desktop manager, are the users you are trying with setup on the BES server? Have you logged in with the local admin and setup your account to be an administrator or activated or migrated your handheld to the server yet? Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Tuesday, September 29, 2009 4:08 AM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Ok...re-installed BES. I'm able to login using the BAS Admin login I created during the install. Thanks for your assistance, John. I don't know if this is MR2 - it's the demo download at this point as we're within 60 days of buying the software. New (perhaps not really new) problem - it appears that LDAP lookups are not happening. If I try to log in to the Web Desktop, no matter which user I try in my organization, the login does not authenticate. I'm not sure which log to look in to see if there are errors, but on the DC (WS2k8R2), I am seeing Kerberos-Key-Distribution-Center error 14 messages. Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Monday, September 28, 2009 4:19 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Are you running MR2? I believe there was an similar issue from MR1 but I can't recall if it was both auth methods or just LDAP.. Just a guess, but possibly reinstall BAS... Last ditch effort try resetting the local pwd..Backup your DB up first... http://supportforums.blackberry.com/rim/board/message?board.id=bes5message.id=844query.id=3326021#M844 Log into the BES server itself Open SQL administrator Go to the BESMgmt database Expand tables Open the dbo.BASUsers table If you have not created any other admin users, and chances are you did not if you are reading this, the last user listed will be the system admin user Scroll right to the LoginPassword collumn Paste this hash into that field - 431d615b2de61fb1 - this will change your BAS login to berry Now log in with that password and go to Manage Users and click on search to populate you list Click on the System Administrator user and select edit user Click on the wrench to the right of the user and type in your new password, then click the green check mark tot he right MOST IMPORTANT - click SAVE ALL at the bottom Now you are all set to log out and back in with your new secure password Out of curiosity, your LDAP
Public Folders
I am attempting to migrate my Exchange 2003 to a new server and I am having 2 main issues. 1. Copying the public folders over. 2. OWA on the new server. Part of the problem is that we run around the clock Sunday Midnight till Friday Midnight and no interruptions are allowed. I have limited allowed downtime at night, and then on week-ends. The issue with OWA is if I try it with an account on the old server, no problem, on the new server, I get the normal login screen, then it come back with 'Server Not Found'. With Public Folders, the instructions I have don't seem to work. Thanks for any help. Thank You ~Doug Rooney Sonoma Tilemakers IT Manager 7750 Bell Rd. Windsor Ca, 95492 (707) 837-8177 X211 (707) 837-9472 FAX i...@sonomatilemakers.com
RE: 1st BES Install - can't login to Administration Service
KDC has no support for encryption type (14) Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Tuesday, September 29, 2009 4:38 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service K, was testing to make sure what I was going to suggest actually works. Kick up logging on BAS-AS Login with the local admin - expand BB Solution Top. - BB Domain - Component View - Logging - your instance_LOG - Logging Details Tab - Scroll to the bottom - Edit Instance - Change Log level for BAS - AS to DEBUG. Restart the BAS Service. Log back in with the account that won't work, search the logs @ install location ...\Research In Motion\BlackBerry Enterprise Server\Logs\20090929\servername_BBAS-AS_01_20090929.txt for the account name that fails, There should be corresponding info in the log to help sort this out. Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Tuesday, September 29, 2009 1:00 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Created the user account, but get The username, password, or domain is not correct. Please correct the entry. When I try to log into the Web Desktop Manager. Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Tuesday, September 29, 2009 3:53 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Cool. Login with the local admin and add your user as an administrative user and/or activate your handheld on it. Log out and then test with LDAP and your user account. You have to be added as a user before you can login via LDAP. Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Tuesday, September 29, 2009 12:47 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service MR2 installed - I hadn't known it was available. LDAP configuration had been set to use port 389 - and settings verified - I changed it to 3268 and settings still verified. I haven't done anything regarding setting up any users yet. No handheld to test yet. Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Tuesday, September 29, 2009 12:52 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Demo version will allow you to patch it, I would throw MR2 on it, lots of bug fixes from RTM - MR2. What happens with your LDAP configuration within the BlackBerry Server cfg tool - Admin Service - LDAP tab? Ldap://domain.com:3268 DC=domain,DC=com LDAP user credentials, when you hit verify does it come back and say LDAP settings are valid? As far as trying to logon to the Web Desktop manager, are the users you are trying with setup on the BES server? Have you logged in with the local admin and setup your account to be an administrator or activated or migrated your handheld to the server yet? Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Tuesday, September 29, 2009 4:08 AM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Ok...re-installed BES. I'm able to login using the BAS Admin login I created during the install. Thanks for your assistance, John. I don't know if this is MR2 - it's the demo download at this point as we're within 60 days of buying the software. New (perhaps not really new) problem - it appears that LDAP lookups are not happening. If I try to log in to the Web Desktop, no matter which user I try in my organization, the login does not authenticate. I'm not sure which log to look in to see if there are errors, but on the DC (WS2k8R2), I am seeing Kerberos-Key-Distribution-Center error 14 messages. Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Monday, September 28, 2009 4:19 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Are you running MR2? I believe there was an similar issue from MR1 but I can't recall if it was both auth methods or just LDAP.. Just a guess, but possibly reinstall BAS... Last ditch effort try resetting the local pwd..Backup your DB up first... http://supportforums.blackberry.com/rim/board/message?board.id=bes5message.id=844query.id=3326021#M844 Log into the BES server itself Open SQL administrator Go to the BESMgmt database Expand tables Open the dbo.BASUsers table If you have not created any other admin users, and chances are you did not if you are reading this, the last user listed will be the system admin user Scroll right to the LoginPassword collumn Paste this hash into that field - 431d615b2de61fb1 - this will change your BAS login to berry Now log in with that password and go to Manage Users and click on search to populate you list Click on the System Administrator user and select edit user Click on the wrench
Re: Public Folders
On Tue, Sep 29, 2009 at 5:03 PM, Doug Rooney d...@sonomatilemakers.com wrote: I am attempting to migrate my Exchange 2003 to a new server ... Same software on both old and new servers? If so, make sure both have the same Service Pack, updates, hotfixes, etc. What version and Service Pack of Windows? What SP for Exchange? Part of the problem is that we run around the clock Sunday Midnight till Friday Midnight and no interruptions are allowed. Shouldn't be too big a deal. PF include replication by design, that's easy. Exchange does mailbox moves well enough. Individual mailboxes aren't available while they are being moved, but you can do it in small chunks -- one at a time, if you have to. Exchange and Outlook should find the new server automatically, as long as the old server is still around to give them a referral. The issue with OWA is if I try it with an account on the old server, no problem, on the new server, I get the normal login screen, then it come back with ‘Server Not Found’. Is that the browser saying Server Not Found, or something that the server is saying? If there's more detail in the error message, provide it. Anything in Event Viewer on the servers? Anything in the IIS logs? With Public Folders, the instructions I have don’t seem to work. Uh... some information might help. Like, for example, what the instructions you have say to do, and how they didn't work. :) We did this by creating a PF replica on the new server, waiting for replication, and then removing the original server from the replica set. I think there were a couple small but important details, but that was the gist of it. I can dig up my notes if you want. -- Ben
RE: 5.7.1 smtp;550 5.7.1 Requested action not taken: message refused
Are you getting an NDR, or is the client just not receiving the message? Is the message leaving your device? Is it hung at your server? \\Steve// From: Stephan Barr [mailto:stephanbarr.li...@gmail.com] Sent: Tuesday, September 29, 2009 3:30 PM To: MS-Exchange Admin Issues Subject: 5.7.1 smtp;550 5.7.1 Requested action not taken: message refused Hey all. In the last few days I've been unable to send email, from my Verizon PDA (Motorola (9Q with Windows Mobile 6 Standard) to one of the clients I administer. The client has Windows 2003 AD with Exchange 2003 fully patched. I can send email from my domain and Outlook client just not my cell phone which of course is the same email address as my Outlook client. . IMF is configured . No connection filtering . no firewall denys Any ideas?
