I recently had to reload my domain controller and the reloaded server indicated that I ... Server Admins forum
Server reload issues
I recently had to reload my domain controller and the reloaded server indicated that I needed to rejoin my Blackberry server to the domain. Since I did this I cannot assign any devices to any users. I keep getting a message that the "user is not yet known to the Blackberry agent". I must have done something wrong or not done something when resetting the BESADmin account right? The problem is that I did not set up the initial account and now have no clue as to where to start! Any help would be greatly appreciated!
How is exchange or your mail software/client handling the reloaded DC?
Did you do a clean install or restore from a backup?
Server reload Issues
I had to recreate everything since we were unable to restore exchange from the backup.
*MOD - Move to the BES Admin thread please*
Try following the steps in this article here: http://www.blackberry.com/btsc/searc...200%2073359163
and also confirm you have the proper persmissions set for the account.
I would delete all the users from BES and there cached Data as this points to there old user data.
You can try this on 1 person and see if it works but, if you recreated all your users on the Domain and did nothing to BES, that would be a problem.
One thing I can see if BES using the old SID #'s for Exchange, BESAdmin, & the users. If you have not reinstalled BES and removed the old data that might be the problem.
Last edited by MWPatterson; 07-07-2008 at 03:00 PM.
SIDs causing problems
MWPatterson, I do believe that the SIDs are the problem since I get this message on the Domain controller this morning.
"The computer BLACKBERRY tried to connect to the server \\DC1 using the trust relationship established by the PSLTRINIDAD domain. However, the computer lost the correct security identifier (SID) when the domain was reconfigured. Reestablish the trust relationship. "
Does this mean that I need to reinstall BES and start over?
If so, can you point me to an installation guide so that I get it right?
Your help is so very much appreciated!
I would join the server to the domain.
Go on the BES Server and check what user the services start for the Blackberry service and change it to match the new BESAsmin account that you setup on the Domain. Restart all of the Black Berry Services.
Delete 1 user and then re-add them and check if that works.
If that don't then we need to look at reinstalling but, we need to make sure that you have your Licenses to re-add them later. There is a guide for installing it in the BES Admin forums, will look for it.
Last edited by MWPatterson; 07-07-2008 at 05:07 PM.
I would join the server to the domain. - Did that.
Go on the BES Server and check what user the services start for the Blackberry service and change it to match the new BESAsmin account that you setup on the Domain. Restart all of the Black Berry Services. - The services are using the BESAdmin account to start. I checked that and restarted all the services.
Delete 1 user and then re-add them and check if that works. - Did that
Everything seems to be ok but when trying to assign a device to a user still getting the message I started out with.
Have you assigned the BES Admin the rights on the specified users or did you do it on the domain level. The later is easier and future proofs your install as you can then add anyone and not have to set rights on them.
You might have to reinstall/upgrade BES to the latest version and this might fix it. It still sounds like a security problem, might be with the BES software itself that you have moved the system to a new domain. I would pull down the latest version and try that. Will mull over it on the way home from work and see what I can think of.
How do I assign the BESAdmin those rights on the domain level?
The is a doc for it on RIM's web site, will look for it, on the road today.
Ok here is the instructions for setting up the rights for BESAdmin Account.
http://www.blackberry.com/btsc/searc...=1 0 155328953
For Task 5 Select the domain instead of the user. This way anyone that is added or in AD will be able to use BES with out modification to there account. Be ware that anyone with Administrator or Domain Administrator will not be able to use it as AD removes any changed to the rights of there accounts like this when it replicates as a security measure. I would setup 2 accounts for any one that is an admin and nas a BB. Set them up an admin account an d a standard account that they use everyday. Then make sure that there everyday account is not an admin and add it to BES. This way they can send emails and not just recieve. Hope that this is not to much to understand. Any questions you can pm me.
Last edited by MWPatterson; 07-08-2008 at 03:28 PM.
Thanks so much for all of your help MWPatterson. I have tried all that you suggested to no avail.
I have finally given up and decided to reinstall BES. I'm doing that today so hopefully I will have everything back up by the end of today.
Once again thanks so much for taking the time to help!
Tags for this Thread