If you need to give a service account access to all mailboxes on a specific Exchange 2007 server you can run the following command:
Get-mailboxserver <servername> | add-adpermission –user <service account> -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin
This should give the appropriate permissions to be able to get access for third party mobility products like Blackberry Enterprise Server against Exchange 2007. Not all versions of BES will work against Exchange 2007, but the newest version (BES 4.1 SP2 +) seems to work fine in my testing against Beta 2 all the way through RTM. You still need to install the Exhchange 2003 Management tool and then install SP2 on the BES server if it isn't already.
- Joel
Hello. Thanks for the cmdlet info. I thought it would help because it makes sense but i am still having a problem. I have a native 2007 exchange environment (no 2003, only 2007) and i have a machine that i install Exchange 2003 TOOLS on and then the BES. But i am getting a MAPI error on the BES saying that it failed to open the default message store. in the event log it gave an error id. I googled that and it had a reference to MAPI32.DLL versions and someone suggested that MAPI32.DLL should be the same on the BES and the mailbox server. On the mailbox server (exch2007) mapi32.dll is version 1 (which could be either exch2007's version but probably windwos 2003's version) but the BES it's 6.5 (exchange 2003's mapi).
Am i supposed to install Exchange 2003 TOOLS on the exchange 2007 mailbox server as well? Or, to make this simple. How did you get your BES running? I'm not sure if this is a permission issue or not. I can see down to the store level that the BES service account has send as/receive as/administor store permissions, i gave it permissions on the domain, and made it an exchange 2007 view only admin. I'm running out of ideas and RIM is totally useless on this one. Can you tell me what you did? Or provide me with some info on how to?
Thanks a million.
Are you running BES 4.1 SP2?
I had tried to get this to work with BES 4.0 and was unsucessful even after a lot of time spent working on it. When I used 4.0 I would get the same behavior that you are seeing.
Thanks for the reply!!
Yes i installed BES 4.1 SP2 and also the SP2+ hotfix on RIM's website. Do you have ESM running on ONLY your BES or do you have just ESM installed on the exchange 2007 mailbox server (dont even know if that would work)?
Also, im running exchange 2007 in a naitive environment so the only forest/domain prep that was done was with Exchange 2007.But when i installed ESM 2003 on the BES, the exchange install noted that the forest/domain hadnt been prepped and that some features may not be available. Do i possibly need to run 2003 Forrest prep as well? Even though i have never had and never will have any E2003 servers?
Thanks again! Ryan
Ryan,
I haven't tested it in a Exchange 2007 greenfield install, each time has always had at least an Exchange 2003 server at some point. So their might be some differences, but since the Exchange schema changes are additive you shouldn't need to prep the domain with Exchange 2003.
ESM only needs to be on the BES server not on the Exchange 2007. Just to be sure, your BES service account isn't a Domain or Enterprise admin is it? The services account also has a mailbox?
Hi,
Yes my service account has a mailbox and it's not a domain admin. I'm going to try uninstalling/re-installing BES as i made some security changes after the install. Do you know of any articles/forums/support groups on this topic. I cant' find anything! i feel like im the only one in the entire world looking into this topic. Google searches have been useless. Except for the original post in this thread.
Judging by the traffic logs on the site there are a whole bunch of people in the same boat you are. Unfortunately since RIM isn't supporting BES against Exchange 2007 there isn't too much information available other than what is in this thread.
A couple more things to consider.
You might want to recreate the MAPI profile that BES creates during the install. I have also seen (albiet a long time ago) where you need to delete the service account's windows profile and then recreate the mapi profile to get it to work.