Access Denied Error in Exchange Control Panel

If you’ve got a user who gets an Access Denied error similiar to the one below when they click on Options in Outlook Web Access (OWA), they may not have the MyBaseOptions role. Typically this happens because the user has lost their Role Assignment Policy. You can check this with the following PowerShell command, substituting the name of the mailbox you want to check: Get-Mailbox bdesmond | fl *role* If you don’t get results similiar to the following (e.g. the result is blank), you need to assign the policy to the user. RoleAssignmentPolicy : Default Role Assignment Policy To assign … Continue reading Access Denied Error in Exchange Control Panel

Troubleshooting BlackBerry Enterprise Server Integration

I thought I’d compile a list of issues that I’ve seen and fixed with regard to BlackBerry Enterprise Server (BES) integration with Exchange and Active Directory. Most of these issues don’t seem to be really well documented on Google but BES will break in strange ways when it hits them. I specifically have seen half-duplex calendaring (e.g. users get their appointments on the device but can’t make updates) with a bunch of these. Exchange 2010 Address Book Service (DoMT) max connections set to default. This one is documented in BES’ Exchange 2010 guide. You need to tweak MaxSessionsPerUser in the … Continue reading Troubleshooting BlackBerry Enterprise Server Integration

OCS Mac Messenger Certificate Trust Errors with DigiCert

If you’re getting an error from Mac Messenger about the digital certificate file being invalid when trying to sign-in to OCS, you may need to tweak the root config on your OCS servers. The good news is the fine folks over at DigiCert have compiled some simple steps that outline how to do this. You’ll need to reboot after you do them. Warning: The steps outlined above will immediately render the OCS services inoperable and will require a reboot to straighten things out. DO NOT do this during production hours! filler

Speaking at TEC 2010 Los Angeles

I’ve got three sessions this year at TEC. TEC is by far the best IT conference I’ve attended (and I’ve been to many). You’ve even still got five days to convince your boss and get a discount on the registration fee! My sessions this year are: Inside Kerberos – I’ve got plans to talk about the mechanics of the key Kerberos message sequences that you’ll run in to with Active Directory. Kerberos is one of those things you rarely have to configure in AD as it “just works”, but, when it doesn’t it really helps to understand what’s going on. … Continue reading Speaking at TEC 2010 Los Angeles