nu.js" Simplified Technology Solutions, Inc - Social Business and Collaboration

SIMPLIFIED TECHNOLOGY SOLUTIONS, INC
Your Partner for Social Collaboration




Article
 

Exchange Security Update Nukes BlackBerry Enterprise Server

by Darren Duke

10/02/2007

Introduction

Over the past several months STS world headquarters has been pretty busy fixing Microsoft Exchange 2003 and 2000 server implementations. A recent security fix from Microsoft inadvertently prevented BlackBerry Enterprise Servers (BES) from sending emails from a user's smartphone. As we like to tell anyone that will listen, we really do believe in education. It also can stop the Motorola Good Messaging Server from sending emails too. Read on to find out how to fix this pesky little issue.

The Issue

To enhance security and prevent spoofing of email addresses, Microsoft changed the way "Send As" functionality in ActiveDirectory (AD) works. Specifically, a new version of store.exe file is installed, and this restricts BES-needed functionality. By revoking access to the "Send As" object to anyone other than the mail box owner, the BES send is caused to fail. Various errors are reported back to the device, including:

  • Access Denied
  • You do not have sufficient permission to perform this operation on this object. See the folder contact or your system administrator

There are several other types of messages outlined in an MS Knowledge Base article, but we haven't seen them. See Useful links at the end of this document for a link to it.

The Fix

You need to explicitly grant the BES Server user account (typically besadmin or besmgr) permission to send as the mail box owner:

  1. Go to Users and Computers in the ActiveDirectory management snap in.
  2. From the View menu make sure that Advanced Features is selected.
  3. Open the properties box for the user account for whom you are having issues.
  4. Go to the Security tab. Add the BES Server account user (besadmin, besmgr, etc) if it is not already present.
  5. Go to the Permissions tab and ensure a check mark is present in the Allow for the "Send As" permission for your BES Server account.
  6. Click OK
  7. Restart the Microsoft Exchange Information Store services.

If your organization utilizes AD policies, make sure these are updated, or the policy could overwrite the changes you just made at the next policy refresh.

Useful Links

http://support.microsoft.com/kb/912918

The Disclaimer

Simplified Technology Solutions, Inc provides you, the reader, with this information and you use it at your own risk. No warranty is provided or implied by following the instructions outlined in this document. Always make backups before you make any changes to files and/or settings. Should you require assistance in implementing this fix, contact us and we will schedule a visit by a technician qualified and experienced to carry out these steps.

Simplified Technology Solutions

Should your organization require resources to help with any aspect of you design, development, testing, training or implementation please don't hesitate to contact STS for a quote.

Learn how BlackBerry can empower you organization by contacting Lisa Duke at STS. Call 678 638 6688 today!



Recently Added

Notes on Linux? Read
Domino on VMware Whitepaper Read
Connections - It Just For Enterprise Any MoreRead

Recommendations