I recently had to pay for incident support to get my BES 4.1.6 SP7 back up and running and talking to my company’s 8 or 9 blackberry handhelds. Here are the steps I took:
1. Determine service account error by checking BES Log file
- c:Program FilesResearch in MotionLogsSERVERNAME_MAGT_01_DATE_0001.txt
- Saw error 5302
2. Export RIM registry key
- regedit
- HKCUSoftwareResearch in Motion Export key
3. Create new Blackberry Admin user account in AD “BESAdmin”
4. AD > DOMAIN.local properties > Security tab
- Add new user account “BESAdmin”
- set “Send As” permission
- verify inheritance to bbery user accounts
- force if neccessary (advanced security settings for individual user accounts > Allow inheritable permissions CHECKED)
5. Exchange System Manager set Delegate Control
- right click top level and Delegate Control
- Add new user account “BESAdmin” as “Exchange View Only Administrator”
- First Administrative Group > Right Click Properties > Security Tab > Change BESAdmin to add “Administer Information Store” , “Receive As” , & “Send As”
6. Local Security Settings (of blackberry server)
- Local Policies > User Rights Assignments
- add BESAdmin account to “Allow Log on Locally” and “Log on as a service”
7. Set new BESAdmin account as local administrator to BES server
- Computer Management > Users and Groups > Administrator Group
- Add domainBESAdmin
8. Log on as new account BESAdmin
9. Services.msc > Change “Log on As” to new BESAdmin for all Blackberry services (minus BB Attachment service – that stays as “Local System”)
10. Import HKCU RIM key exported in Step 2
11. Recreate MAPI profile (may need bbery services started to do this…)
- open “Blackberry Service Configuration”
- Server tab > Edit Mapi
- Enter information of Exchange Server, and new BESAdmin account
- Apply > OK > OK
- open “Blackberry Manager” and create MAPI profile again using same settings
12. Start BB services or restart server. Verify handheld communication with server.