Blackberry Recap

Back in 2010 I posted an article titled Droid Doesn’t in reference to the comparisons between Droid phones and the longstanding enterprise market leader, Blackberry. But if you have been following tech news lately, you will see that the RIM platform is slipping terribly compared to Apple’s iPhone and Google’s Andriod Platform.

I have been a long advocate for Blackberry because of the product was built from the ground up to be both a solid mobile phone, and an enterprise class messaging device. In many ways it is still a far superior product with regards to solid phone performance, and enterprise class messaging device, which includes excellent and consistent manageability, and secure messaging abilities.

However in the consumer driven markets, and the ever slow slippery slope of Bring Your Own Device to work policies, we have seen an in rush of competing products.

Products from Apple and Google are not built from a phone company with light computing power; but rather full on computer companies making mini-computers with phone functionally. Due to their experience as a computer company, they have brought to market excellent devices which server a significantly larger dual-purpose of phone and mobile computer. And the platform which Blackberry was built wasn’t computer friendly enough.

In the early years of 2009-2010 when iPhone and Andriod was introduced into the marketplace, it was easy for large enterprises to turn their noses up at those products for the lack of enterprise features and manageability. However in the years since, Microsoft Exchange with Active Sync, along with better active sync support from Google and Andriod, have brought these devices much closer to the standards we expect from an enterprise mobile device, offering security, and policy based control – perhaps best of all, remote wiping.

So today, with many of the reasons to reject the iPhone and Android products gone, these competing phone products are now on a more level playing field. However, that only applies to the enterprise and IT end of the equation. From the end-user prospective, the Blackberry is still a clunky, aged style device. Where the new devices, are more appealing, with thousands of more applications and are more social.

Unfortunately it appears that unless Research In Motion, the makers of Blackberry comes around quickly to adapt, they will disappear very soon. Their last attempts to change from their proprietary OS to the Andriod derived OS doesn’t appear to be working well enough to make them a market leader.

Troubleshooting and Resolving BlackBerry Activation Issues

blackberry activation

By Ahmed Datoo, VP marketing, Zenprise

Zenprise is partnering with BlackBerry Cool to address how to resolve some of the most common BlackBerry activation problems. Through a series of 10 articles, readers will learn how to identify key log file errors, tests and configurations critical to identifying the root cause of enterprise activation issues. Continue reading “Troubleshooting and Resolving BlackBerry Activation Issues”

Mixed 2003/2008 Domain Controllers: Account Compromised

While working with a Blackberry Enterprise Server install which recommends setting user AD account options to “this account supports Kerberos AES xxx encryption” this setting is not supported in a mixed 2003/2008 AD environment. Be sure to only select the “Kerberos DES encryption” per the BES setup instructions. AES encryption is not supported in Server 2003 DCs, and setting an account that way may result in errors authentication or changing passwords because your computer will try to use the most secure method, AES 256 which the account is marked as supporting, but depending on which DC it hits (2003 or 2008) it may or may not work. Which made isolating the issue a bit harder because it wouldn’t consistently work/not work.

 A couple of symptoms you’ll observe is:

  • Sys-tray pop-up that you account may be compromised
  • Sys-tray pop-up asking you to lock and unlock your computer, and after you complete it, it prompts you again
  • Event ID 14: While processing an AS request for target service, the account did not have a suitable key for generating a Kerberos ticket
  • Event ID 40960: The Security System detected an authentication error for the server…the failure code from the authentication protocol was “(0x80080341)”.
  • Event ID 6: Automatic certificate enrollment for USER failed (0,80072095) A directory service error has occurred.

Of course this issue is not isolated to Blackberry installations but typical out of the box configurations do not have AES selected, so this issue only arises when you’re in a mixed environment and change the setting… and in this case, BES was the case for change.

Blackberry Send-As / Exchange Permission Cache

The Send As permission is stored in Microsoft Active Directory and read by the Microsoft Exchange Server when the user attempts to send an email from the BlackBerry smartphone. Once the permission has been read by the Microsoft Exchange Server, the Microsoft Exchange Server will now cache the Send As permission (either Allow or Deny) for 2 hours, which if a Deny Send As permission for the user is in the Microsoft Exchange permission cache, it will still prevent the user from sending email from their BlackBerry smartphone.

If it has been confirmed that the Send As permission is applied to the user’s account in Active Directory Users and Computers and they still cannot send email from their BlackBerry smartphone, then the Microsoft Exchange permission cache must be cleared before they can send email again.

Restart the Microsoft Exchange System Attendant and Microsoft Exchange Information Store. Restarting these services purges the Microsoft Exchange permission cache and Microsoft Exchange will read the current Send As permission from Microsoft Active Directory when the next the user sends an email.

Important Note : Restarting the Microsoft Exchange System Attendant and Microsoft Exchange Information Store is not recommended by Research In Motion.

Blackberry Express: Upgrade from Blackberry Professional

I recently performed two BESX migrations in both test and production environments and here are some key takeaways:

  • There is no migration or upgrade method from Blackberry Professional
  • Make sure you have a good backup of both the file and database
  • Remove all phones from Professional
  • Uninstall Blackberry Pro
  • Use SQL Management Studio to delete the BESMgmt database completely
  • If you’re running SQL Express 2005, you’ll need to make sure you’re running SP-3, if not be sure to upgrade first
  • Reboot the server
  • Delete the “Research In Motion” registry keys under HKLM/Software and HKCU/Software
  • Download and follow the pre-installation checklist, paying special attention to all pre-reqs, including:

o   Besadmin account must be a domain user, but local admin on the exchange server

o   Send-as permission settings

o   AD account settings for DES/AES

  • Download and install the current version of BESX
  • Typically a reboot will be required, be sure to logon as a local admin
  • Complete the installation process
  • Once completed, it may take up to 30 minutes before the Administrator Website will work properly, until then you’ll get 404 errors – just hold tight. J

Also here are some less standard configurations but can cause a lot of trouble:

  • Double check to make sure you’re not running in Terminal Server “application mode” (if you are, be sure to remove TS, and run in remote admin mode only) (I recently found an exchange server running in application mode)
  • There can be problems connecting to the web console if you have a mixed 2003/2008 Domain Controller environment (With the forest set to 2003 functionality). See kb18186; however these problems do not exist in pure 2003 or pure 2008 domains.

BES Express Network Bug

There was a major bug discovered in BES Express but has since been fixed in very recent releases. Sherry installed BES-X around May 15, and by May 25 it was fixed… The bug causes random problems with registering blackberry phones. This problem only occurs on networks where there is a zero in any of the octets. In this case, Shasta Mosquito, is a network – so there was the problem. Updating the BES server to the latest release (or more specifically any release after 5.0.12) resolves this issue.

Blackberry Enterprise Server Express (BESx)

Last month Blackberry released a much anticipated Express version of BES which is targets for Small and Medium Businesses just like the ones Apex supports. This provides all of the key features most of our clients are looking for a absolutely no licensing cost. Here is my quick review/comparison of both BES & Express; along with why I prefer Blackberry over the competition.

Blackberry Enterprise Server Express

  • 100% FREE for both the license and CALS; does not require a SQL Standard license
  • Support Exchange Server 2003/ 2007 and SBS 2003/2008
  • Supports up to 75 users when installed on the Exchange Server
  • Supports up to 2,000 users when installed on a dedicated server
  • Requires ONLY the Standard Data Plan (BIS) from the cell provider, and does not require the more expensive enterprise data plan
  • The biggest feature difference between BES and BES-Express is that there is a limit to 35 policies, versus 450+ policies for management
  • Missing features that we don’t typically use is high availability (multiple BES servers) and advanced monitoring

Continue reading “Blackberry Enterprise Server Express (BESx)”

Blackberry Enterprise Server, error 0x8004011d

When launching the BES manager, you must be doing so from the BESAdmin user account, and not from any domain administrator account, otherwise you will receive an error about connecting to MAPI. If you see this error, back out and make sure you’re logged on as the BESAdmin (which is a local and domain user, non-admin). This is a “feature” of how Microsoft Exchange 2003/2007 operates, and is not a Blackberry ‘bug’….  You will also see the following error in the application event log: Failed to open default message store, result=0x8004011d

Happy troubleshooting

Blackberry Troubleshooting

I have been addressing more blackberry problems recently (and as a Blackberry user myself for several years), here is some common problems and tips for troubleshooting:

1)      Anytime there is a problem with e-mail on a Blackberry, have the user first check their internet service by surfing the internet. Most users will notice e-mail isn’t working before they notice any other data related service. Also note that text messaging uses the voice circuit, while e-mail and internet uses the data circuit. It is possible for one to work and not the other. This is a common problem is when a user roams out of the data coverage area for a length of time, and the blackberry sometimes has a problem detecting that it is back in data coverage.

2)      If the internet is not working, have them power cycle the device by removing the battery. Frequently the “soft power down” from within the phone is not enough to reset the antenna and redetect the data circuit.

3)      If the internet is still down, and they are in an area that usually works then have them contact their service provider.

4)      If they are using a Blackberry server, and you’ve confirmed that the internet is working, then check the exchange and blackberry services

5)      If they are using a IMAP for their e-mail, and you’ve confirmed that the internet is working, then you may need to re-register or “validate” the e-mail account (typically through a provider web portal). This happens when the mail server at the phone provider, which uses IMAP to connect to the users mail server and passes those messages along to the phone, looses connection for any length of time. (This can happen even if the mail server is 100% available – I have this problem with Sprint about 1-3 times per year).

Good luck!

Powered by

Up ↑