Configure BalckBerry mail with Exchange 2010

 

ON THE BLACKBERRY SERVER

TASK 1

1.      Click Start > Administrative Tools > Computer Management.

2.      In the left pane, expand System Tools and click Local Users and Groups.

3.      In the right pane, double-click Groups.

4.      Right-click Administrators and click Properties.

5.      In the Select Users, Contacts, Computers, or Groups window, select the BlackBerry Enterprise Server service account name.

6.      Click OK.

---

Task 2

To assign Local Security Policy permissions to the BlackBerry Enterprise Server service account, complete the following steps:

Note: This allows the BlackBerry Enterprise Server service account to access the local computer and to run the BlackBerry Enterprise Server software as a Windows® service.

1. Click Start > Administrative Tools > Local Security Policy.

If the computer is a domain controller, click Start > Administrative Tools > Domain Controller Security Policy.

2. In the Local Securities window, click Local Policies > User Rights Assignment.

3. Do one of the following:

• For Windows Server® 2000, double-click Log on Locally

• For Windows Server 2003, double-click Allow Log on Locally

4. Click Add User or Group.

5. Select the BlackBerry Enterprise Server service account name and click Add.

6. Click OK.

7. In the Local Security Settings window, double-click Log On As a Service.

8. Click Add User and select the BlackBerry Enterprise Server service account.

9. Click OK.

 

 

 

Microsoft Exchange 2010

Create a Windows account that has a Microsoft Exchange 2010 mailbox

You must create a Windows® account with a Microsoft® Exchange 2010 mailbox so that the Windows account can authenticate with the Microsoft® Exchange Server.

1.     On the computer that hosts Microsoft Exchange, log in using an administrator account that has the permission to create accounts.

2.     Open the Microsoft Exchange Management Console.

3.     Create an account and mailbox that you name BESAdmin.

4.     To permit the BlackBerry® Enterprise Server to check if a BlackBerry device user has permission to access a public folder, assign the Owner permission for all public folders to the administrator account.

• To verify that you created the Windows account, log in to a computer using the Windows account.

• Verify that the Windows account is not a member of the Domain Administrators group in Microsoft® Active Directory®.

• Verify that BlackBerry device users have Read permissions and Visible permissions to public folders.

• To permit BlackBerry device users to check the availability of meeting participants using BlackBerry® Device Software 4.5 or later, configure the Schedule+ Free/Busy information for the system public folder. For more information, visit http://technet.microsoft.com to read articles 629523 and 691129.

Configure Microsoft Exchange 2010 permissions for the Windows account

1.     On a computer that hosts the Microsoft® Exchange Management Shell, open the Microsoft Exchange Management Shell.

2.     Type Get-MailboxDatabase | Add-ADPermission -User "BESAdmin" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin.

3.     Type Add-RoleGroupMember "View-Only Organization Management" -Member "BESAdmin".

4.     Type Add-ADPermission -InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As -User "BESAdmin" -Identity "CN=Users,DC=<domain_1>,DC=<domain_2>,DC=<domain_3>" where <domain_1>, <domain_2>, and <domain_3> form the name of the domain. For example, if the domain name is www.example.com, type www for <domain_1>, example for <domain_2>, and com for <domain_3>.

If you create a new mailbox database for Microsoft Exchange, repeat step 2.

Turn off client throttling in Microsoft Exchange 2010

By default, Microsoft® Exchange 2010 uses client throttling policies to track the bandwidth that each Microsoft Exchange user consumes and enforce bandwidth limits, as necessary. The policies affect the performance of the BlackBerry® Enterprise Server negatively, so you should turn off client throttling for the Windows® account that has a Microsoft Exchange mailbox.

1.     On a computer that hosts the Microsoft Exchange Management Shell, open the Microsoft Exchange Management Shell.

2.     Type New-ThrottlingPolicy BESPolicy.

3.     Type Set-Mailbox "BESAdmin" -ThrottlingPolicy BESPolicy.

Increase the maximum number of connections to the Address Book service in Microsoft Exchange 2010

By default, Microsoft® Exchange 2010 limits the maximum number of connections from the BlackBerry® Enterprise Server to the Address Book service to 50. To permit the BlackBerry Enterprise Server to run, you must increase the number of permitted connections to a large value (for example, 100,000).

1.     On the computer that hosts the Microsoft Exchange CAS server, in <drive>:\Program Files\Microsoft\Exchange Server\V14\Bin, in a text editor, open the microsoft.exchange.addressbook.service.exe.config file.

2.     Change the value of the MaxSessionsPerUser key to 100000.

3.     Save and close the file.

4.     Restart the Address Book service.

 

In the Active Directory

1. On any computer within your domain, on the taskbar, click Start > Administrative Tools > Active Directory Users and Computers.
2. In the View menu, click Advanced Features.
3. Right-click the domain root.
4. Click Properties.
5. On the Security tab, click Advanced.
6. Click Add.
7. Type BESAdmin.
8. Click Check Name.
9. Click OK.
10. In the Apply Onto drop-down list, click (Descentant ) User Objects.
11. In the Allow column, select the Send As, Receive As and Allow to authenticate check boxs.
12. Click Apply.
13. Click Ok.

WSUS troubleshooting

1- Check computer location
-install adminpack to be able to run the below: http://www.microsoft.com/download/en/details.aspx?id=16770

-query the active directory

C:\>dsquery computer -name 1f-gm-90016
"CN=1F-GM-90016,OU=Mana,OU=Computers,OU=ABC,DC=ABC,DC=bh,DC=com"

this mean the computer location is in its correct OU, so it may recieves the updates.


if OK , then try:

2- Check which group policy applied on the respective OU.
Download http://www.microsoft.com/download/en/details.aspx?id=21895
if you got an error like that:
ignore Checkpoin N# 2 mark that computer for last review with (2)



3- Check the log file "locally" on computer.
c:\WINDOWS\WindowsUpdate.log

if OK ,& computer is still not recieving udates  you "the file can tell or after you run the html command" you  may try:

4- Resetting the Windows updates "steps i nE-mail sent to sayed"
Reset WSUS Client
1.    run "net stop wuauserv"
2.    run "net stop bits"
3.    Clear the contents of C:\Windows\SoftwareDistribution
4.    Clear the contents of C:\Windows\WindowsUpdate.log
5.    run "net start wuauserv"
6.    run "net start bits"
7.    run "wuauclt /detectnow /resetauthorization"

My DataDOmain Quick Commands

autosupport show report

==========  GENERAL INFO  ==========
GENERATED_ON=Sun Aug  5 08:40:00 AST 2012
VERSION=Data Domain OS 5.1.0.5-269447
SYSTEM_ID=1UR2352365
MODEL_NO=DD640
HOSTNAME=dd01.ABC.bh.com
LOCATION=ABC MAIN
ADMIN_EMAIL=ABCalerts@ABC.com.bh
UPTIME= 08:40:00 up 104 days, 19:26,  1 user,  load average: 2.10, 2.08, 2.08
Filesystem has been up  95 days, 13:17.

=======
Upgrading OS:
-----------

++Upgrade Steps:

1- Ensure there is no cleaning or backups running.

#filesys clean show

#iostat 2

2- Reboot the Data Domians prior to upgrade with command #system reboot

3- Ensure there is no current alerts

#alerts show current

4-  Start the upgrade

#system upgrade 5.1.1.0 (use the full file name with extension)

5- Data Domains will reboot after upgrade

6- File System will take some time to come back online.

7- Once File System is online, let us know so we can work on the replication.

My Avamar Commands ref.

To restart mcs + ems following the command:

1. login as user admin and loaded keys with

ssh-agent bash
ssh-add ~admin/.ssh/dpnid

2. following the command to stop mcs + ems service.

emserver.sh --stop

mcserver.sh --stop

3. make sure there is no mcs and ems process running, kill the process if still exist

ps -ef | grep mcserver

ps -ef | grep emserver

4. restart the mcs and ems service, use --ignore_lock only after you have looked around and you have determined that it is safe to break the lock

emserver.sh --start (--ignore_lock)

mcserver.sh --start (--ignore_lock)

======================



Getting an overview about your Avamar Box:

su – admin

ssh-agent bash

ssh-add /home/admin/.ssh/dpnid



status.dpn

capacity.sh

mccli server show-prop



======================
Expire Avamar Backup commands:
=======================

1st way#
----------

-          Please find below the steps to run the expire-snapups script to expire backups in a date range:

The expire-snapups command writes a script to stdout, which when run, changes backup expiration dates.

Synopsis:
expire-snapups [--after=DATE] [--before=DATE] [--days=NUM][--domain=DOMAIN] [--help] [--include_mc_backups][--replicate --dstserver=SERVER --dstid=USER@PATH--dstpassword=PASSWORD [--dstdomain=DOMAIN]] [CLIENT-PATH ...]

You can use “expire_snapups” script which will set the expiration date after x days so you can run it as the following for example:

Example:
# expire-snapups --before=20130201 --domain=/ --days=1 > expire-backups-out
This will set the expiration date for all backups under ”/” domain which are created before “Feb 1, 2013” for one day so the GC will recover them the following day.  Please note to load the dpn keys before running the script:

After creating a script with the desired backup deletion parameters, type the following to delete the backups from the Avamar server:
# /bin/sh -x ./expire-backups-out





Change the expiration date of these backups please follow the below steps to execute the expire-snapups output :
1)    Login to the utiliy node as user admin.
2)    Load the ssh-keys :
# ssh-agent bash
# ssh-add /home/admin/.ssh/dpnid
3)    /bin/sh -x ./expire-before-march
4)    /bin/sh –x ./expire-after-march 
 ---------------------------------------------------------------------------------------------------
2nd Way# 
-----------
1) Find a list of domains on the Target server
-mccli domain show --recursive=true --domain=/

2) Run delete snapups script against each domain to get a list of commands to delete backups before a certain day (20131023) these backups are belong  to all clients under this domain
The o/p will be appended to a file in our case delete-backups-out
-delete-snapups --before=20131023 --domain=/REPLICATE/ABCavmr01/172.16.1.150/VirtualMachines > delete-backups-out

3) Run the o/p file to delete the backups
-/bin/sh –x ./delete-backups-out

Please remove the file once it is done
-rm delete-backups-out

4) The last 2 steps have been repeated against the below domains in green

5) Run Garbage collection to free space
- Our recommendation is to leave the scheduled GC to run and decrease the utilization
- I have run manual GC to save some time and now capacity is 83.8 % and GC is still in progress
- I have increased the blackout window to be 6 hours to give more time for the gc to run and decrease space
- we can get this value back to default 3 hours after the utilization decreased

Note:
- I have stopped the replication from the source to prevent adding more data

After the GC finish run the below commands

- avmaint config --ava indexcacheallowed=1
- dpnctl start maint

Please run step 2 and 3 against the domains you want to delete and leave the scheduled GC to free space
You have to run the scripts before the GC start to take effect,  GC start at 8 AST
You can’t run the script while the server in read only mode (GC or CP running)

Here is a list of all the domain on the target

admin@ABCdravmr01:~/>: mccli domain show --recursive=true --domain=/
0,23000,CLI command completed successfully.
Name            Domain                            Contact Phone Email Location
--------------- --------------------------------- ------- ----- ----- ----------------------------------------
clients         /                                                     667be9cfc196f6ce999c415c0e9f939195df3def
MC_RETIRED      /                                                     bf5a0b9e203241fcd48885443ef68e0bc1c61938
REPLICATE       /                                                     7031d2a28a5a7e66ef9dd2ea0976b111f9961926
ABCavmr01       /REPLICATE                                            e9ea29a9ae1f8bb6fd173062aec3cd9b7d85d5ba
10.7.1.79       /REPLICATE/ABCavmr01
172.16.1.150    /REPLICATE/ABCavmr01
172.16.1.155    /REPLICATE/ABCavmr01
clients         /REPLICATE/ABCavmr01                                  8891c95079331fa504c9f2dacec74cf6e6fbffb2
MC_RETIRED      /REPLICATE/ABCavmr01                                  155a7c1f962f548d16bfcdc2ccb0ff3f01c5a29e
NDMP_DM2        /REPLICATE/ABCavmr01
Physical        /REPLICATE/ABCavmr01
proxy           /REPLICATE/ABCavmr01
VirtualMachines /REPLICATE/ABCavmr01/10.7.1.79
VM-Backup       /REPLICATE/ABCavmr01/10.7.1.79
Temp.Backup     /REPLICATE/ABCavmr01/172.16.1.150
VirtualMachines /REPLICATE/ABCavmr01/172.16.1.150
VM-Group1       /REPLICATE/ABCavmr01/172.16.1.150
VM-Group2       /REPLICATE/ABCavmr01/172.16.1.150
VM-Group3       /REPLICATE/ABCavmr01/172.16.1.150
VM-Group4       /REPLICATE/ABCavmr01/172.16.1.150
VM-Group5       /REPLICATE/ABCavmr01/172.16.1.150
VM-Group6       /REPLICATE/ABCavmr01/172.16.1.150
VM-Group7       /REPLICATE/ABCavmr01/172.16.1.150
VM-Group8       /REPLICATE/ABCavmr01/172.16.1.150
VirtualMachines /REPLICATE/ABCavmr01/172.16.1.155
proxy           /REPLICATE/ABCavmr01/clients