BES (Exchange) - User cannot send messages

Details
Category: BlackBerry Enterprise Server TechNotes

User cannot send messages because the Send As permission has been revoked

Environment

  • BlackBerry® Enterprise Server software versions 3.6 through 4.1
  • Microsoft® Exchange Server 2003 Service Packs 1 and 2
  • Microsoft Exchange Server 2000 Service Pack 3
Background

This article applies to Microsoft Exchange Server 2003 and 2000 within the following environments:
  • Microsoft Exchange Server 2003 Service Pack 1 using store build 7233.51 or later
  • Microsoft Exchange Server 2003 Service Pack 2 using store build 7650.23 or later
  • Microsoft Exchange Server 2000 Service Pack 3 using store build 6619.4 or later
Important: When you apply the hotfix described in Microsoft Support Knowledge Base article 895949 to Microsoft Exchange Server 2003 Service Pack 1 or Service Pack 2, or apply the hotfix to Microsoft Exchange Server 2000 Service Pack 3, see KB12827.

Problem

When a BlackBerry device user tries to send a message, a red X appears beside the message in the Messages list indicating it cannot be sent. The Message Status field displays one of the following errors:
  • Unlisted message error
  • Desktop email program unable to submit message.

 

Note: The Message Status field appears above the To field within the message.

 

Cause

When applying the hotfix described in Microsoft Support Knowledge Base article 895949 to Microsoft Exchange Server 2003 Service Pack 1 or Service Pack 2, or applying the hotfix to Microsoft Exchange Server 2000 Service Pack 3, the store.exe utility revokes the Send As permission for all Microsoft Exchange Server administration accounts that have been granted Administer Information Store permission at the mailbox store level.

Note: For additional causes and resolutions related to this problem, please see KB00274.

Resolution


Depending on whether you have applied the Microsoft hotfix, complete the appropriate resolution below.

Resolution 1


If you have not applied the Microsoft hotfix, check the permission requirements. For information on resolving the permission requirements, search for article 912918 in the Microsoft Support Knowledge Base.
Note: You do not need to restart any BlackBerry services.

Resolution 2


If you have applied the Microsoft hotfix, complete the steps below for the appropriate software version of the BlackBerry Enterprise Server.

BlackBerry Enterprise Server software version 4.0 through 4.1

  1. Check the permission requirements. For information on resolving the permission requirements, search for article 912918 in the Microsoft Support Knowledge Base.

  2. In Microsoft Windows® Control Panel, open Administrative Tools > Services.

  3. Right-click BlackBerry Router, click Stop, and wait for 20 minutes.

  4. Right-click BlackBerry Router, then click Start. This will clear the Microsoft Exchange Server permissions cache for the BlackBerry Enterprise Server administration account.
Note: The default time for which permissions are cached is controlled by the Mailbox Cache Age Limit registry entry. Therefore, the amount of time needed for clearing the permissions cache depends on the value that has been set for this registry entry. Microsoft recommends changing the default time of two hours (120 minutes) for clearing the permissions cache to 20 minutes. The value for the Mailbox Cache Age Limit registry entry may be different in other environments. Refer to this value to determine how long permissions are cached for the administration account. Make sure you wait the amount of time set in the Mailbox Cache Age Limit registry entry to allow the permissions cache to clear. For other options, search for article 912918 in the Microsoft Support Knowledge Base.
For more information about the Mailbox Cache Age Limit registry entry, search for article 327378 in the Microsoft Support Knowledge Base or search for the Mailbox Cache Age Limit registry entry in the Microsoft TechNet web site.

Important: Restarting certain BlackBerry Enterprise Server services will delay message delivery to BlackBerry devices. For 
more information, see KB04789.
Protected Accounts

If the Send As permission is revoked from a Microsoft Active Directory® user account because that user object shares a membership with a protected account, complete the following steps:
Note: For more information and a complete list of protected accounts, search for article 907434 in the Microsoft Support Knowledge Base.
  1. Remove the protected account membership from the Microsoft Active Directory user object.

  2. Assign the Send As permission to the user object again. For instructions, search for article 912918 in the Microsoft Support Knowledge Base.

  3. Wait for Microsoft Active Directory replication to occur, or force the replication.

  4. Do one of the following:

    • Remove the BlackBerry device user from the BlackBerry Enterprise Server, then wait 20 minutes. Add and activate the BlackBerry device user on the BlackBerry Enterprise Server again.

    • Depending on the software version of the BlackBerry Enterprise Server, stop the BlackBerry Router or the BlackBerry Enterprise Server, then wait 20 minutes. Start the BlackBerry Router or the BlackBerry Enterprise Server again. Important: Restarting certain BlackBerry Enterprise Server services will delay message delivery to BlackBerry devices. For more information, see KB04789.

Additional Information

It is possible to modify Active Directory permissions to allow BlackBerry device users who are members of protected groups to send messages from their BlackBerry devices without creating secondary email accounts. For instructions on modifying the permissions that are associated with the AdminSDHolder Active Directory object and have been changed by the recent Microsoft Exchange update, search for article 817433 in the Microsoft Support Knowledge Base.

Important: This procedure is not recommended by Microsoft or by Research In Motion.

2007 Daylight Saving Time (DST) patch and the Send As permission

With the new collaboration data object (CDO) update from Microsoft, each BlackBerry device user in the Active Directory must have the Send As permission enabled in the BlackBerry Enterprise Server administration account. If the Send As permission is not enabled in the administration account, the BlackBerry device user cannot send messages from the BlackBerry device.

When adding a new BlackBerry device user to the BlackBerry Enterprise Server, administrators should make sure that the Send As permission is enabled in the BlackBerry Enterprise Server administration account within Active Directory. When a new BlackBerry device user is added to the BlackBerry Enterprise Server, the BlackBerry device user must either inherit the Send As permission from a parent object in Active Directory (for example, through a group permission), or the BlackBerry device user must have this permission set automatically by the BlackBerry Enterprise Server. If this does not occur, use the SetSendAsPermission tool to set the permission.

To download the SetSendAsPermission tool, click here. For instructions on using the SetSendAsPermission tool, see KB12300.

 

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.

Ok
More information