Wednesday, June 12, 2013

Configuring Blackberry Enterprise Server 5 with Exchange 2013

This is an overview on the pre-requisites, considerations and changes required in migrate from BES from working with Exchange 2010 over to Exchange 2013 with CU1.  The following was tested on a Windows 2003 mixed mode domain and forest functional level where BES Express had already been installed and configured.

Update....when I wrote this article originally it was aimed at updating a current Blackberry server to work with Exchange 2013.   If you want to migrate your mailboxes over a period of time rather than moving them all at once, you should look to setting a separate BES server which points to the Exchange 2013 server whilst leaving your current BES server pointing to Exchange 2010.  In order to migrate the users from one independent database to another to you can the Blackberry Transporter Tool.  I found this tool to be excellent as it didn't require any interaction on the BB phones themselves;  As far as the end user was concerned, business as usual.  Check out this link with regard to the BB Transport Tool - http://docs.blackberry.com/en/admin/deliverables/7534/BB_ET_overview_554166_11.jsp .


System Requirements


Considerations
  • The migration is very much all or nothing for BB mailboxes.  The BES service account will only allow BES to serve devices where the user’s mailbox resides on the same mailbox server.  You cannot serve BB mailboxes on Exchange 2010 and Exchange 2013 at the same time.
  • If you wish to get BES Express serving two Exchange environments, such as 2010 and 2013, you could look to migrate users from one BES server to another using the BlackBerry Enterprise Transporter Tool.  This tool is excellent, allows you move user/BB devices from one BES server to another with no interaction required by the end user.
  • Timing your mailbox moves with the BES server changes and BESADMIN mailbox move is crucial. Out of hours will cause the least disruption and allow the most time for the mailbox moves to complete.


Migration Steps
  • Log onto the server as the BES service account, this typically BESADMIN.
  • If MAPI and CDO is not version 6.5.8309.0, uninstall from Add/Remove Programs, restart the server, Install the new version and restart the server once again.
  • Stop all the Blackberry services on your BES server.
  • Backup the current BlackberryAgent.exe, CalHelper.exe, CalHelperWS.exe and EWS.dll from \Program Files\Research In Motion\BlackBerry Enterprise Server\ and place to one side.
  • Update and overwrite BlackberryAgent.exe, CalHelper.exe, CalHelperWS.exe and EWS.dll from the BESUPDATE.zip from \\isls06\support\Server\Blackberry\Blackberry Enterprise Server Express 5.0.4 Update for Exchange 2013\BESUPDATE\
  • Open up regedit and navigate to key HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\.  Right click on Windows Messaging Subsystem and select New String Value.  Set the name as RPCHTTPProxyMap_BES and the string value as *=https:// .
  • Open up a CMD window as administrator.  Change your current directory to \Program Files\Research In Motion\BlackBerry Enterprise Server.  Type the below following command "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm" /tlb ews.dll and press enter.  Next type CalHelperWS /regserver and press enter.
  • Go to https:///ecp, click on recipients>migration and move the BESADMIN mailbox over to a database on the Exchange 2013 server.
  • Once the mailbox move has completed, log into the mailbox in OWA to initialise the mailbox.
  • Run Blackberry Server Configuration, click on Blackberry Server tab and then select Edit Mapi Profile. Update the server name to point towards your new Exchange 2013 server.
  • From the BES installation media, navigate to the Tools directory in a CMD window and run the following command TraitTool.exe -global -trait EWSEnable -set true
  • Move over the mailboxes which have Blackberry devices associated from Exchange 2010 to Exchange 2013.
  • Restart the BES server.


Troubleshooting

Your BES user devices should then be able to sync and send/receive email.  In order to help troubleshoot problems you should reference the Application log on the BES server which should let you know about Blackberry Messaging Agent issues.  You can also use a program called IEMSTEST.exe which can be found in the \Program Files\Research In Motion\BlackBerry Enterprise Server\Utility\ directory.  You can use this program to report whether Blackberry can successfully access a mailbox using the MAPI configuration you have in place.


Drop a post in you have any questions.


Ben Owens

45 comments:

  1. Hi Sam

    Wonderful article.

    However I am confused a bit.

    1. Is this a cutover process? I assume you are Upgrading your existing BES server & moving blackberry users from 2010 to 2013. Correct?

    2. Can you clarify this sentence in your article? Not sure what you were trying to say

    "Move over the user Blackberry user mailboxes from Exchange 2010 to Exchange 201"

    Thanks

    ReplyDelete
  2. There is also a line that says can and cannot!!. Would you please clarify -->

    "You can cannot serve BB mailboxes on Exchange 2010 and Exchange 2013 at the same time"

    ReplyDelete
    Replies
    1. That means BES cannot operate on a mixed environment. If you want Exchange 2013 to run with BES you need to go all of the way and move all of your Blackberry users to one or the other.

      Delete
  3. Hi,

    Yes this was upgrading a current environment which already had BlackBerry and Exchange 2013 in place.

    After I had installed Exchange 2013 to run by it's side, this is how to migrate the BB users.

    In that sentence I meant move over the user mailboxes for users which have a BB device.

    Also in the other comment, I meant I had no success in serving BB devices where there are users mailboxes on a mixture of both a 2010 and 2013. I could only get BB devices to update where the BB server was pointing to that version. Hope that makes sense.

    ReplyDelete
  4. Ben,

    Thanks for updating this process with your own experience. I noticed that you replaced the "contact technical support to obtain the update" with a dropbox link. I'm guessing you did this because of the trouble that people have been having getting the update from RIM.

    The link is currently dead, and I'm sure hoping you can post the .zip file somewhere else for those of us who don't want to pay >$200 or invest any more hours trying to find the one support rep who understands what we are looking for.

    Thanks!

    ReplyDelete
    Replies
    1. Here is the link. I'll update the blog posting again too....

      Thanks for pointing it out.

      https://www.dropbox.com/s/3kwksere6jy262w/BESUPDATE.zip

      Delete
    2. Thank you very much!

      Delete
  5. Hello,

    I have the same issue and I got the files from BB with opening case but my Express is not working with Exhange 2013 CU1. If any one solve with these files can help me how can I solve my issue.

    Many thanks.

    My mail adrress is: [email protected]

    ReplyDelete
    Replies
    1. What files did BB provide? I updated the link....see above.

      Your BES user devices should then be able to sync and send/receive email. In order to help troubleshoot problems you should reference the Application log on the BES server which should let you know about Blackberry Messaging Agent issues. You can also use a program called IEMSTEST.exe which can be found in the \Program Files\Research In Motion\BlackBerry Enterprise Server\Utility\ directory. You can use this program to report whether Blackberry can successfully access a mailbox using the MAPI configuration you have in place.

      Delete
  6. Hello,

    Thank you for article.
    I have a problem. I can't check name. Blackberry edit mapi no accept cas server. But old (2010 exchange) old array name resolve. Help me pls.

    ReplyDelete
    Replies
    1. Hi, do you mean you can select check name with the old MAPI server name in and all looks okay? I would make sure you have the correct https://FQDN name in the registry key. I would also check that the user/mailbox you're using for Blackberry has been moved to Exchange 2013 and then try updating the mail settings again. I would also check you can connect to your mailbox using Outlook and see if the mail profile works with the check name option, this will take Blackberry out of the equation altogether. Does that work?

      Delete
    2. I'm having the same issue above and I have verified the reg key and the FQDN as well as verified that the mailbox works. I have tried using the Profile Config tool with a GUID representation of the exchange server and still not working. You have any ideas on what might be a good next step?

      Delete
  7. no need of handheldcleanup.exe -u after that ?

    ReplyDelete
    Replies
    1. I didn't have to use this command for this to work. Have you found it to give any benefit?

      Delete
  8. after following your process, server which store the users mailbox di not immediatly re-issue, and anyway it seems that on bes mail will stay on "failed" until BlackBerry controller service is restarted.

    to repopulate correctly and instantly the correct messaging server name, I'v performed handheldcleanup -u, and then restarted the "BlackBerry controller" service.

    ReplyDelete
    Replies
    1. I didn't have to do this myself but thanks for adding it on here.

      Delete
  9. Hi Ben!
    Let me know something. My company has 500 users working with BB in an EXC2010 environment. So if I wish to migrate the EXC to 2013 (there is a plan for it) and connect my current BES to this new version I have to migrate all my 500 users on the same time in order to keep them able to check their BBs email? The coexistence is really not possible?

    Regards
    Daniel

    ReplyDelete
    Replies
    1. Co existence with the same server isn't possible due to the service account only being able to serve one server in a one serve solution scenario.

      I have had to migrate from 2003 to 2010 recently and employed a second VM bb server with BB express.

      So two BB servers, one pointing at 2003 and the other pointing at 2010. Both using sperate service accounts with mailboxes on the applicable exchange server.

      Using the BB transporter tool you can move bb /devices from one bb dB/server another without the end user don't anything on their bb device. It's excellent.

      So the flow is, either move the user in questions bb device from one bb server to another before or after mailbox has been moved.

      Will hopefully stick a post on here about it.

      Delete
    2. Thank you so much Ben!

      Regards
      Daniel

      Delete
  10. Thanks a lot! I have been already move from Exchange 2010 to 2013, and move some users to a new BESX server, but i have the issue that users suddendly stop receiving emails, and then after a few hours... start working again. I put the 4 files that you mentioned, and restart the services, and everything is working perfect now! Thanks!!!!

    ReplyDelete
    Replies
    1. You're welcome. Thanks for the post, hopefully someone else will find it helpful.

      Delete
  11. Hi Ben
    I followed your procedure to install and configure a new BES 5.04 Express Server to work with Exchange 2013. I configured a new BesAdmin13 User Mailbox for this. Access the BesAdmin13 User Mailbox with Outlook works without problems. I installed Mapi version 6.5.8320.0
    But it seems that BES cannot contact my Exchange server. Test with iemstest.exe says “OpenMSGStore() for This profile failed (8004011d)”. I even tried to enter the server name from the Outlook profile (the long number value) but this doesn’t work either.
    Do you have any ideas?

    ReplyDelete
    Replies
    1. How are you getting on with this, any progress or change?

      IEMSTEST.exe is more for testing if you can send on behalf of other users etc. As you said, this is an issue with establishing a connection to the Exchange 2013 for the BES mailbox. Have you sent and received an email to this mailbox yet. SOmetimes that can affect whether it's active or not.

      I would look at your MAPI profile in Blackberry Configuration Manager before anything else and get that Check Name option working. Does it work at the moment?

      When you go to Blackberry Configuration Manager-> Blackberry Server tab, select Edit MAPI Profile, what is showing in there? Is this a fresh Exchange 2013 install or do you have an older Exchange system in place, if so, do you get the same error with legacy server name being used? Does it error using the GUID in the server name and actuall FQDN name in the server name box. You can drop me an email at [email protected]

      Delete
    2. Did you have success in the end Bruno?

      Delete
  12. Hi Ben, Followed your procedure, however, i have problems.

    1. When i do IEMStestw on my email address, i get EWS Calendar find request...failed.

    Also in the same test, CDO COM exception: Code = 800445ed, WCode = 43ed, Code meaning = IDispatch error #17389

    2. I can't sync any calendar

    3. Emails sometime arent sync'd to blackberrys

    4. Sometimes, BBs aren't able to send mail

    5. When i go to Blackberry Configuration Manager-> Blackberry Server tab, edit MAPI profile, i see the server'S GUID instead of the FQDN. But no error.

    Infos:

    - BES Express 5.0.4 bundle 38 w/update (the 4 files)
    - Exchange 2013 fully patched (did a migration from 2007)
    - MapiCDO on BES version 1.2.1 (6.5.8309.0)

    What am i doing wrong ? Do you have any clue?

    ReplyDelete
    Replies
    1. The details in the MAPI profile seem correct. You should have the GUID in the server name instead of the server name, so that's fine.

      When it comes to the errors in the IEMStest, i think you need to verify the permissions of your assigned BESADMIN user. I have right headaches with this. Basically your service account assigned to BB services etc shouldn't be a domain admin. Also check the user account you're running tests on has inheritable permission switched on. If it doesn't switch it on and try again. If it's not switched on, you need to look into why it's not - this is likely because the account is member of the domain protected security group. Also, check effective permissions and see if the BB sevice account has full access via the Exchange 2013 ECP for the mailbox your testing. Have a read of http://www.blackberry.com/btsc/KB02276 on BB service account and http://www.blackberry.com/btsc/KB12309 on mailbox permissions.

      Delete
  13. Hi Ben,

    I have the same issue as with bruno, i have exchange 2007 with bes enterprise 4.1 in one site, we have migrated most of the users in our datacentre with two new exchange 2013 server in a dag. However when i install the BESX i got this error in my messaging agent log file.

    Thanks,

    ReplyDelete
  14. the error i am getting was below

    [CFG] Trait Settings: EnableLegacyProfileConfig is true
    [30054] (09/17 18:04:52.600):{0x18BC} Starting Message System
    [30055] (09/17 18:04:52.600):{0x18BC} Using MAPI profile BlackBerryServer
    [40206] (09/17 18:04:52.600):{0x18BC} MailboxManager::SubsystemInitialize - Using MAPI profile 'BlackBerryServer'
    [40113] (09/17 18:04:52.616):{0x18BC} MailboxManager::SetProfileProp - HrSetOneProp(BlackBerryServer_Agent1,0x66390003) Value=1
    [30032] (09/17 18:04:52.616):{0x18BC} MailboxManager::SetProfileProp - HrGetOneProp(BlackBerryServer_Agent1,0x66190003) (0x8004010f)
    [40113] (09/17 18:04:52.616):{0x18BC} MailboxManager::SetProfileProp - HrSetOneProp(BlackBerryServer_Agent1,0x66040003) Value=6
    [20137] (09/17 18:04:53.181):{0x18BC} MailboxManager::TestOpenMsgStore - OpenMsgStore (0x80040111)
    [30032] (09/17 18:04:53.181):{0x18BC} MailboxManager::SetProfileProp - HrGetOneProp(BlackBerryServer_Agent1,0x66190003) (0x8004010f)
    [40113] (09/17 18:04:53.181):{0x18BC} MailboxManager::SetProfileProp - HrSetOneProp(BlackBerryServer_Agent1,0x66040003) Value=32774
    [20137] (09/17 18:04:53.729):{0x18BC} MailboxManager::TestOpenMsgStore - OpenMsgStore (0x80040111)
    [30032] (09/17 18:04:53.729):{0x18BC} MailboxManager::SetProfileProp - HrGetOneProp(BlackBerryServer_Agent1,0x66190003) (0x8004010f)
    [40113] (09/17 18:04:53.729):{0x18BC} MailboxManager::SetProfileProp - HrSetOneProp(BlackBerryServer_Agent1,0x66040003) Value=6
    [20137] (09/17 18:04:54.278):{0x18BC} MailboxManager::TestOpenMsgStore - OpenMsgStore (0x80040111)
    [30032] (09/17 18:04:54.278):{0x18BC} MailboxManager::SetProfileProp - HrGetOneProp(BlackBerryServer_Agent1,0x66190003) (0x8004010f)
    [40113] (09/17 18:04:54.278):{0x18BC} MailboxManager::SetProfileProp -

    ReplyDelete
    Replies
    1. I'm sorry, I can't see an error that I can make out from there or decipher the fault I'm afraid. I've asked Bruno for an update on how he got on in the end.

      Delete
    2. [10277] (09/17 18:04:59.776):{0x18BC} BlackBerry Messaging Agent mbx02 Agent 1 failed to start. Error code 5305

      i have tried possible KB that relates to this error but that doesnt seem to help.

      Appreciate some thoughts.

      Delete
  15. Hi everybody
    At the moment I've got it running by installing Outlook on BES Server. But on my side at teh end I will only have four users on BES. I don't know how much users this configuration will support. What I have found some day searching on the web is this side. Let me know if this helps you: http://fiducheah.wordpress.com/2013/06/01/exchange-2013-and-blackberry-enterprise-server-integration/

    ReplyDelete
    Replies
    1. thanks Bruno, i will give it a shot installing outlook, which version you have installed.

      Delete
  16. Hi Bruno,

    After installing the office application, i still have this remaining error below. It is weird that i managed to completely install a BESX with exchange 2013 in a lab environment but it is unfortunate that it wont run with the production one.

    Any thoughts is appreciated?

    [10277] (09/17 18:04:59.776):{0x18BC} BlackBerry Messaging Agent mbx02 Agent 1 failed to start. Error code 5305

    ReplyDelete
  17. It looks like Mapi/CDO cannot co-exist with office.

    ReplyDelete
  18. Yes, that's right. After installing Outlook CDO is no longer active.
    After installing Outlook there were still some errors in iemstest but on my BlackBerry everything is working.

    ReplyDelete
  19. Is the BB information store service still running? it looks it wont start up from my bes server and indicates no messaging program associated.

    ReplyDelete
  20. Just made some test adding a second user on my BES server. The user can be configured and is running. But as soon as I reboot the server, one of the two users failed to initialize (STatus: failed to start). So it seems that with Outlook installed I can only have one user running.
    The conclusion is back to start and try again with Mapi CDO. But no idea how to get this running....

    ReplyDelete
  21. Hi Bruno, i got it running in my lab, but its one of a kind how i did it. The trick was involves different flavors of MAPI/CDO. I have use the May 2013 release for me to pass through the installation during the mapi creation, afterwards i have remove the May 2013 MAPI release and replaces it with the 8309 (latest MAPI release).

    Unfortunately i cant make my production system running, regardless of the several registry tweaks i have made.

    Let me know if you have yours running...

    ReplyDelete
  22. So after spending another whole morning on this problem (with double checking all point, removing and installing several different Mapi cdos) I'm still at the same point. A lot of errors in Event log (Message Agent can not be started; MailboxManager::TestOpenMsgStore - OpenMsgStore (0x80040111)) and the same error in IemsTest.
    The open questions are:

    - What kind of FrontEndPoolFQDN are you entering in the registry key; the owa.xxx.yy or the internal name like servername.internal.local?

    - What servername do you enter in the mapi profile (when I enter the exchange server name I receive an error that the name could not be resolved; entering the name of a GC Server, the servername ist resolved to the correct Exchange server name)

    - When I try to install the SSL certificate for the MS CAS Front End Pool on the BES I always recieve the OWA Login site but no IIS site.

    So for the moment I have no more ideas. Perhaps I should try to install 3 BES server for my 3 BB users, each one with Outlook installed... :(

    ReplyDelete
  23. i am also having the same connection issue. I also have the question about the FQDN. is this supposed to be the owa address or the internal exchange server address.

    ReplyDelete
    Replies
    1. This should be the CAS server address. Not the full path to OWA. So for example it should be *=https://mail.domain.com

      Nothing else, not *=https://mail.domain.com/ or *=https://mail.domain.com/OWA.

      In fact if you have a problem with connected to the mailbox, check you enter the MBX name of the 2013 server in question and then the username in the mail profile. If it fails, check the security rights on the services which are running and the general permissions for that user. Also ensure the regkey is in place and importantly that the CDO matches the version I specified in the article. Good luck.

      Delete
  24. This comment has been removed by the author.

    ReplyDelete
  25. I am also having similar issues here..We are in the process of migrating from Domino to Exchange for our existing BB users to work with Exchange 2013 we were advised to have a new BES 5.0.4 server installation. We are trying to follow the following link http://btsc.webapps.blackberry.com/btsc/viewdocument.do?externalId=KB33406&sliceId=2&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl but we have issues while enabling NTLM authentication for IISExternalaccess but ignored and tried to install the application. We are now getting stuck in Mapi Settings and is not able to get pass this stage as it is giving some MAPI client settings error. Can somebody please advise what could be the problem.

    ReplyDelete
  26. We have managed to install the application but now getting stuck with the activation. Can somebody please help us on how to populate HomeMTA attribute for the service account as per the below article?

    http://btsc.webapps.blackberry.com/btsc/viewdocument.do?externalId=KB24421&sliceId=2&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl

    If our values are as below, please advise what will be our HomeMTA attribute?

    CN=ACME-Executive,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=ACME,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ACME,DC=ho

    /o=ACME/ou=Exchange Administrative Group
    (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=EXCH-MB01

    ReplyDelete