Archive for Blackberry enterprise server

How to move the BlackBerry Configuration Database to a new Microsoft SQL Server or instance

Environment

  • BlackBerry® Enterprise Server software version 2.1 through 4.1 for Microsoft® Exchange
  • BlackBerry® Enterprise Server software version 2.1 through 4.1 for IBM® Lotus® Domino®
  • Microsoft® SQL Server™ 2000 Service Pack 3
  • Microsoft® SQL Server™ 2005

    Procedure

    The BlackBerry Enterprise Server services must be stopped during the process described in this article.

    Important: Restarting certain BlackBerry Enterprise Server services will delay email message delivery to BlackBerry smartphones. For more information, see KB04789.

    To move the BlackBerry Configuration Database to a new Microsoft SQL Server or instance, complete the following tasks:

    Note: In a Microsoft Exchange environment, complete the tasks using the BlackBerry Enterprise Server service account unless otherwise stated.

    1. Back up the BlackBerry Configuration Database.
    2. Prepare the new Microsoft SQL Server.
    3. Restore the BlackBerry Configuration Database.
    4. Configure the BlackBerry Enterprise Server.

    Task 1 – Back up the BlackBerry Configuration Database

    To back up the BlackBerry Configuration Database, complete the steps for the appropriate environment.

    Microsoft SQL Server

    1. Open Enterprise Manager (Microsoft SQL Server 2000) or Microsoft® SQL Server Management Studio (Microsoft SQL Server 2005).
    2. Right-click the BlackBerry Configuration Database (for example, BESMgmt).
    3. Select Backup Database.
    4. Click Add to specify the Directory Name and File Name.
    5. Click OK to accept the settings.
    6. Click OK again to start the backup process.
    7. Close Enterprise Manager when the process is complete.

    Microsoft SQL Server Desktop Engine (MSDE)

    1. From a command prompt, type osql -E and press ENTER.Note: If you are logging in to a named instance of the Microsoft SQL Server, use the following command syntax to log in:

      osql -E -S <Microsoft_Server_name>\<instance_name>

    2. Type the following commands in the specified order:1> backup database <BlackBerry_Configuration_Database_name> to disk = “C:\<BlackBerry_Configuration_Database_name>.bak”2> go1> quit
    3. Close the command prompt.

    Task 2 – Prepare the new Microsoft SQL Server

    To prepare the Microsoft SQL Server, complete the following four steps:

    Step 1

    Depending on the environment, assign the appropriate permissions.

    Note: Complete this task using an account with administrator access to the new Microsoft SQL Server. Microsoft SQL Server 2005 requires the following server role permissions: System Administrator, Database Creator.

    Microsoft SQL Server

    1. Open Enterprise Manager (Microsoft SQL Server 2000) or Microsoft SQL Server Management Studio (Microsoft SQL Server 2005).
    2. Go to Microsoft Server Group > <Microsoft_Server_name> > Security.
    3. Right-click Logins and select New Login.
    4. From the General tab, click the double quotation marks ( “” ) button.
    5. From the Global Address List, select the name of the BlackBerry Enterprise Server service account.
    6. Click Add, then click OK.
    7. On the Server Roles tab, select Server Administrators and Database Creators.Note: In BlackBerry Enterprise Server software version 4.1, the System Administrator role is needed for role-based administration.
    8. Close Enterprise Manager (Microsoft SQL Server 2000) or Microsoft SQL Server Management Studio (Microsoft SQL Server 2005).

    MSDE

    1. Log in to the new Microsoft SQL Server.
    2. Right-click My Computer, and then click Manage.
    3. Expand Local Users and Groups.
    4. Select Groups, and then open the Administrators group.
    5. Click Add.
    6. Type the name of the BlackBerry Enterprise Server service account, and then click Check Name.
    7. Click OK, and then close the Computer Management window.

    Step 2

    Depending on the environment, turn on the correct server protocols.

    MSDE or Microsoft SQL Server 2000

    1. Click Start > Run, type svrnetcn and click OK. The Microsoft Server Network Configuration Utility opens.
    2. Make sure that TCP/IP and Named Pipes are both listed as protocols that have been turned on.
    3. Close the Microsoft Server Network Configuration Utility.
    4. If a protocol is turned on in step 2, restart the Microsoft SQL services.

    Microsoft SQL Server 2005 Express or Microsoft SQL Server 2005

    1. Click Start > Microsoft SQL Server 2005 > Configuration Tools > Microsoft Server Configuration Manager > Microsoft Server 2005 Network Configuration.
    2. Select the Microsoft SQL Server instance that will be used for the BlackBerry Configuration Database.
    3. If necessary, turn on the TCP/IP and Named Pipes protocols.
    4. If a protocol is turned on in the previous step, restart the Microsoft SQL services.

    Step 3

    Make sure the Microsoft Server Agent service is running.

    Note: This service does not exist in Microsoft SQL Server 2005 Express.

    1. Open the Windows® Control Panel, and then open Administrative Tools > Services.
    2. Verify that the Microsoft Server Agent service is started and that the Startup type is set to Automatic.
    3. Close the Services window.

    Step 4

    Update the BlackBerry Configuration Database schema.

    Important: If the BlackBerry Enterprise Server software was installed to create a blank BlackBerry Configuration Database on a new Microsoft SQL Server instance, do not perform the following task because the schema has already been updated.

    1. Download the installation package for the version of the BlackBerry Enterprise Server being used.
    2. Extract the contents of the installation package.
    3. Copy the Database folder to the new Microsoft SQL Server.
    4. Go to the Database folder and open the BESMgmt.cfg file in a text editor, such as Notepad.
    5. Locate the DB_NAME=BESMgmt line and make sure that the name specified matches the BlackBerry Configuration Database name.
    6. If you are using a named instance of Microsoft SQL Server, change the SERVER=local line to SERVER=<Microsoft_Server_Name>\ <instance_name> and close the file. Save the changes.
    7. From a command prompt, go to the Database directory.
    8. Type createdb.exe BESMgmt.cfg and press ENTER.
    9. After the command has finished executing, close the command prompt.

    Task 3 – Restore the BlackBerry Configuration Database

    Depending on the environment, use one of the methods below to restore the BlackBerry Configuration Database.

    BlackBerry Configuration Database on a Microsoft SQL Server with the same directory structure

    1. Copy the BlackBerry Configuration Database backup to the C:\ path of the new Microsoft SQL Server.
    2. From a command prompt, type osql -E and press ENTER.Note: When logging in to a named instance of the Microsoft SQL Server, use the following command:

      osql -E -S <SQL_Server_name>\<instance_name>

    3. Type the following commands in the specified order:1> restore database <BlackBerry_Configuration_Database_name> from disk = “c:\<BlackBerry_Configuration_Database_name>.bak” with recovery, replace2> go1> quit
    4. Close the command prompt.

    BlackBerry Configuration Database on a Microsoft SQL Server with a different directory structure

    1. Copy the BlackBerry Configuration Database backup to the C:\ path of the new Microsoft SQL Server.
    2. From a command prompt, type osql -E and press ENTER.Note: When logging in to a named instance of the Microsoft SQL Server, use the following command:

      osql -E -S <SQL_Server_name>\<instance_name>

    3. Type the following commands in the specified order:1> restore database <BlackBerry_Configuration_Database_name> from disk = “C:\<BlackBerry_Configuration_Database_name>.bak” with move “<BlackBerry_Configuration_Database_name>_data” to “<new_path>\MSSQL\Data\<BlackBerry_Configuration_Database_name>.mdf”, move “<BlackBerry_Configuration_Database_name>_log” to “<new_path>\MSSQL\Data\<BlackBerry_Configuration_Database_name>.ldf”2> go1> quit

      Note: To determine the logical file names <BlackBerry_Configuration_Database_name>_data and <BlackBerry_Configuration_Database_name>_log for the BlackBerry Configuration Database, complete the following steps:

      1. On the Microsoft SQL Server hosting the BlackBerry Configuration Database, open a command prompt and type the following command:
        OSQL -E or OSQL -E -S <SQL_Server_name>\<instance_name>
      2. Type the following commands in the specified order, pressing ENTER after each command:1>exec sp_helpdb <BlackBerry_Configuration_Database_Name>2> go
      3. The items circled in the following image are the two logical file names for the BlackBerry Configuration Database:
      4. Close the command prompt.

    Detach and re-attach the BlackBerry Configuration Database

    Depending on the environment, complete one of the procedures below.

    Microsoft SQL Server

    1. Open the Control Panel, and then open Administrative Tools > Services.
    2. Stop each service that has a name that begins with BlackBerry.
    3. Log in to the existing Microsoft SQL Server.
    4. Open Enterprise Manager.
    5. Right-click the BlackBerry Configuration Database name.
    6. Select All Tasks, and then click Detach Database.
    7. Close Enterprise Manager.
    8. Go to the Microsoft SQL Server Data directory and copy the MDF and LDF files.Note: The default path is C:\Program Files\Microsoft SQL Server\MSSQL\Data\ and the default filenames are BESMgmt.mdf and BESMgmt.ldf.
    9. Move the file copies to the new Microsoft SQL Server.
    10. Log in to the new Microsoft SQL Server.
    11. Open Enterprise Manager.
    12. Right-click the BlackBerry Configuration Database name.
    13. Select All Tasks, then click Detach Database.
    14. Move the files that were copied in step 8 to the Microsoft SQL Server Data directory. When prompted to overwrite the files, click Yes.
    15. In Enterprise Manager, right-click the Database folder, then click All Tasks.
    16. Select Attach Database.
    17. Select the MDF file to attach, then click OK.
    18. Close Enterprise Manager.

    MSDE

    1. Open the Control Panel, and then open Administrative Tools > Services.
    2. Stop each service that has a name that begins with BlackBerry.
    3. Log in to the existing MSDE Server.
    4. From a command prompt, type osql -E and press ENTER.Note: When logging in to a named instance of the Microsoft SQL Server, use the following command:

      osql -E -S <SQL_Server_name>\<instance_name>

    5. Type the following commands in the specified order:1> exec sp_detach_db @dbname = “<BlackBerry_Configuration_Database_name>2> go1> quit
    6. Go to the Microsoft SQL Server Data directory and copy the MDF and LDF files.Note: The default path is C:\Program Files\Microsoft SQL Server\MSSQL\Data\ and the default filenames are BESMgmt.mdf and BESMgmt.ldf.
    7. Move the files that were copied in step 6 to the new Microsoft SQL Server.
    8. Log in to the new MSDE Server.
    9. From a command prompt, type osql -E and press ENTER.Note: When logging in to a named instance of Microsoft SQL Server, use the following command:

      osql -E -S <SQL_Server_name>\<instance_name>

    10. Type the following commands in the specified order:1> exec sp_detach_db @dbname = “<BlackBerry_Configuration_Database_name>2> go2> quit
    11. Move the files that were copied in step 6 into the Microsoft SQL Server Data directory. When prompted to overwrite the files, click Yes.
    12. From a command prompt, type osql -E and press ENTER.Note: If you are logging in to a named instance of Microsoft SQL Server, use the following command syntax to log in:

      osql -E -S <SQL_Server_name>\<instance_name>

    13. Type the following commands in the specified order:1> exec sp_attach_db @dbname = “<BlackBerry_Configuration_Database_name>“,2> @filename1 = “C:\Program Files\Microsoft SQL Server\MSSQL\Data\<BlackBerry_Configuration_Database_name>.mdf”,3> @filename2 = “C:\Program Files\Microsoft SQL Server\MSSQL\Data\<BlackBerry_Configuration_Database_name>.ldf”

      4> go

      1> quit

    14. Close the command prompt.

    Task 4 – Configure the BlackBerry Enterprise Server

    To configure the BlackBerry Enterprise Server to connect to the new BlackBerry Configuration Database, complete the following steps:

    1. On the BlackBerry Enterprise Server, click Start > Programs > BlackBerry Enterprise Server > BlackBerry Server Configuration.
    2. On the Database Connectivity tab, select Change Database.
    3. In the Change Database Wizard, specify the new Microsoft SQL Server name and the existing BlackBerry Configuration Database name.
    4. Continue with the wizard. Make sure that the Start Services check box is selected, and then click Finish.
    5. Open Administrative Tools > Services and make sure all the BlackBerry Enterprise Server services started successfully.Note: The BlackBerry Database Consistency Service may be disabled. This is normal behavior.
    6. Open BlackBerry Manager and make sure that the correct database is set up by completing the following:For BlackBerry Enterprise Server software version 4.0
      1. Right-click BlackBerry Manager, select Properties.
      2. Select the Properties tab and verify that the Microsoft SQL Server information and BlackBerry Configuration Database name are correct.

      For BlackBerry Enterprise Server software version 4.1

      1. Go to Tools > Options > Database and verify that the Microsoft SQL Server information and BlackBerry Configuration Database name are correct.
      2. Verify all the BlackBerry smartphone user accounts appear on BlackBerry Manager.
    7. If you have a remote BlackBerry Manager, make sure to check the settings from step 6.
    8. Test email message flow from the BlackBerry smartphone.

    For BlackBerry Enterprise Server software version 4.1, install the database notification system.

    1. Copy the RimEsp.dll file to the C:\Program Files\Microsoft SQL Server\MSSQL\Binn folder on the new Microsoft SQL Server.
    2. In Microsoft Query Analyzer, go to the Database\DBInstallScripts\SQLServer\4.1 folder on the installation media.
    3. Open the NotifyInstall.sql file and replace <_databasename> with the name of the BlackBerry Configuration Database.
    4. Run the script.
    5. Confirm that the Microsoft Query Analyzer displays the following message:

      Function dbo.xp_RIM_xxxx registered.


    Additional Info

    When moving from an MSDE server instance to a full Microsoft SQL Server instance on a separate computer, see KB04039 for information on how to increase the mail agent limitation on the BlackBerry Enterprise Server.

    If you receive an error that the BlackBerry Configuration Database is in use, complete the following steps:

    1. Remove all the BlackBerry smartphone user accounts from the BlackBerry Configuration Database by typing the following commands at a command prompt:

      OSQL -E1> use master2> alter database database_name set single_user with rollback immediate3> go1> use <database_name>2> go1> exit

    2. Detach the BlackBerry Configuration Database by typing the following commands at a command prompt:

      OSQL -E1> use master2> sp_detach_db @dbname = <database_name>3> go1> exit

    3. Attach the BlackBerry Configuration Database by typing the following commands at a command prompt:

      OSQL -E1> use master2> exec sp_attach_db @dbname = “<database_name>”,3> @filename1 = “C:\<Path_to_database_file>\<database_name>.mdf”,4> @filename2 = “C:\<Path_to_transaction_log_file>\<database_name>.ldf”5> go1> exit

Comments (1)

How to switch BlackBerry Enterprise Server service accounts

Environment

  • BlackBerry® Enterprise Server software version 4.0 or later for Microsoft® Exchange
  • Microsoft® SQL Server™
  • Microsoft® SQL Server Desktop Engine (MSDE)

    Procedure

    To change the BlackBerry Enterprise Server service account for BlackBerry Enterprise Server software versions 4.0 or later for Microsoft® Exchange, complete the following tasks:

    Summary of Tasks

    1. Create a new service account and mailbox.
    2. Set the local permissions.
    3. Assign the new service account to the Local Administrators group.
    4. Add the appropriate Microsoft Exchange Server permissions.
    5. Add the Send As permission in Microsoft® Active Directory® Users and Computers.
    6. Stop all BlackBerry Enterprise Server services.
    7. Configure BlackBerry Enterprise Server services to log in with the new service account.
    8. Export the Research In Motion® (RIM®) folder from the old service account.
    9. Import the Research In Motion folder to the new service account.
    10. If you have a Microsoft SQL Server, assign the Server roles.
    11. Edit the Messaging Application Programming Interface (MAPI) profile.
    12. Start all BlackBerry Enterprise Server services.

    Task 1

    Create a new BlackBerry Enterprise Server service account and mailbox. For detailed instructions, see the BlackBerry Enterprise Server for Microsoft Exchange: Installation Guide.
     

    For information on assigning permissions to the BlackBerry Enterprise Server administration account, see KB02276.


    Task 2

    Depending on where the BlackBerry Enterprise Server is installed, set the local permissions by completing one of the procedures below.

    On a member server

    If the BlackBerry Enterprise Server is installed on a member server, set the local permissions as follows:

    1. In the Microsoft® Windows® Control Panel, go to Administrative Tools > Local Security Policy.
    2. Expand Local Policies, and then select User Rights Assignment.
    3. Depending on the Windows environment, do one of the following:
      • In Microsoft Windows 2003, right-click Allow log on locally, click Properties, and click Add User or Group. Type the domain name of the new service account and then click OK.
      • In Microsoft Windows 2000, right-click Log on locally and click Properties. Select the Local Policy Setting check box next to the new service account name and then click OK.
    4. Also, specify the option Log on as a service.

    On a domain controller

    If the BlackBerry Enterprise Server is installed on a domain controller, set the local permissions as follows:

    Warning: There are performance issues associated with installing the BlackBerry Enterprise Server on a domain controller. This is not a recommended configuration.

    1. In the Microsoft Windows Control Panel, open Administrative Tools > Domain Controller Security Policy.
    2. Expand Local Policies and then select User Rights Assignment.
    3. Depending on the Windows environment, do one of the following:
      • In Microsoft Windows 2003, right-click Allow log on locally, click Properties, and click Add User or Group. Type the domain name of the new service account and then click OK.
      • In Microsoft Windows 2000, right-click Log on locally, and then click Properties. Select the Local Policy Setting check box next to the new service account name and then click OK.
    4. Also, specify the option Log on as a service.

    Task 3

    Depending on where the BlackBerry Enterprise Server is installed, add the new BlackBerry Enterprise Server service account to the Local Administrators group on the BlackBerry Enterprise Server by completing one of the procedures below.

    On a member server

    If the BlackBerry Enterprise Server is installed on a member server, add the new BlackBerry Enterprise Server service account to the Local Administrators group as follows:

    1. Open Administrative Tools > Computer Management, then expand System Tools.
    2. Select Local Users and Groups.
    3. Double-click Groups and then double-click Administrators. The Administrators Properties window appears.
    4. Click Add, type the new BlackBerry Enterprise Server service account name, and then click OK.
    5. Click OK again to close the Administrators Properties window.

    On a domain controller

    If the BlackBerry Enterprise Server is installed on a domain controller, add the new BlackBerry Enterprise Server service account to the Local Administrators group as follows:

    1. Open Administrative Tools > Active Directory Users and Computers, and then select the Builtin folder.
    2. Double-click Administrators, and then select the Members tab.
    3. Click Add, type the new BlackBerry Enterprise Server service account name and then click OK.
    4. Click OK again.

    Task 4

    Depending on the Microsoft Exchange environment, add the appropriate Microsoft Exchange Server permissions by completing one of the procedures below.

    Microsoft Exchange 2000 and 2003

    1. Open Exchange System Manager.
    2. Right-click the Microsoft Exchange administrative group name and then click Delegate Control.
    3. Click Next and then click Add to open the Delegate Control window.
    4. Click Browse to open the Select Users, Computers or Groups window and then select the new BlackBerry Enterprise Server service account.
    5. From the Role drop-down list, select Exchange View Only Administrator and then click OK.
    6. Click Next and then click Finish.
    7. Open Exchange System Manager, expand Administrative Groups > First Administrative Group, and select Servers.
    8. Right-click the Microsoft Exchange Server name, select Properties. Select the Security tab and click the Advanced button.
    9. Select the BlackBerry Enterprise Server service account name.  
      1. If you are not able to locate the BlackBerry Enterprise Server service account name, click Advanced, and then select the Allow inheritable permissions from parent to propagate to this object check box. 
      2. Click Apply and then click OK. You should now be able to find and click the BlackBerry Enterprise Server service account.
    10. Select the appropriate check boxes to allow permissions for Administer information store, Receive As, and Send As.
    11. Click Apply and then click OK.

    Microsoft Exchange 5.5

    In Exchange Administrator, turn on the Service Account Admin permission for the new service account in both the Site and Configuration containers. For more information on setting permissions, see the Microsoft Exchange 5.5 documentation.
    Microsoft Exchange 2007

    1. Open the Microsoft Exchange Shell by going to Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
    2. To set the Exchange View Only Administrator role, type the following command:add-exchangeadministrator BESAdmin -role ViewOnlyAdminWhere BESAdmin is the name of the BlackBerry Enterprise Server service account.
    3. To check the Exchange View-Only Administrator role, type the following command:get-exchangeadministrator | Format-ListThe service account should be displayed with a ViewOnlyAdmin role.
    4. To set the Send As, Receive As, and Administer Information Store permissions, type the following command:get-mailboxserver server_name | add-adpermission -user BESAdmin -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

      Where server_name is the name of the Microsoft Exchange Server 2007 or Microsoft Exchange Cluster and BESAdmin is the name of the BlackBerry Enterprise Server service account.

    5. To check the Send As, Receive As, and Administer Information Store permissions, type the following command in Exchange Management Shell:get-mailboxserver Exchange2007 | get-ADpermission -user BESAdmin | Format-ListWhere Exchange2007 is the name of the Microsoft Exchange Server 2007 or Microsoft Exchange Cluster and BESAdmin is the name of the BlackBerry Enterprise Server service account.

    Task 5

    In Active Directory Users and Computers, add the Send As permission by completing the following steps:

    To grant the Send As permission for a single account on all users in a Microsoft Active Directory domain or container, complete the following steps:

    1. Open Administrative Tools > Active Directory Users and Computers.
    2. From the View menu, select the Advanced Features option. If this option is not selected, the Security page will not be visible for domain and container objects.
    3. Right-click the appropriate domain or container, and then click Properties.
    4. Select the Security tab.
    5. If the BlackBerry Enterprise Server service account that requires the Send As permission is not listed, click Add, and then select the appropriate BlackBerry Enterprise Server service account. Click OK
    6. Select the BlackBerry Enterprise Server service account and then click Advanced.
    7. Under the Permissions tab select the BlackBerry Enterprise Server service account and then select Edit.
    8. Under the Object tab in the Applies Onto list, select User Objects.
    9. Select the Send As check box.
    10. Click Apply, and then click OK.
    11. Close the Properties window, and then close Active Directory Users and Computers.

    Note: For additional methods of assigning the Send As permission, search for article 912918 in the Microsoft Support Knowledge Base.


    Task 6

    Stop all BlackBerry Enterprise Server services by completing the following steps:

    1. Open Administrative Tools > Services.
    2. Right-click each BlackBerry Enterprise Server service and then click Stop for each service.

    Task 7

    Configure any BlackBerry services that use the old BlackBerry Enterprise Server service account to log in with the new BlackBerry Enterprise Server service account by completing the following steps:

    Important: Do not include the BlackBerry Attachment Service, BlackBerry® Mobile Data System services, Apache Tomcat™ service, or BlackBerry Instant Messaging Connector in this procedure. These services are always set to the local system.

    1. Open Administrative Tools > Services, double-click a BlackBerry Enterprise Server service that has a Log On account, and click the Log On tab.
    2. Select the This account option, and then type the new BlackBerry Enterprise Server service account name.
    3. In the Password and Confirm Password fields, type the BlackBerry Enterprise Server service account password.
    4. Click Apply, and then click OK.
    5. Repeat steps 1 to 4 for each of the remaining BlackBerry Enterprise Server services that have a Log On account.

    Task 8

    Export the Research In Motion folder from the old BlackBerry Enterprise Server service account.

    Note: To perform this task, you must be logged on using the account that was initially used to install the BlackBerry Enterprise Server software or service pack.

    Warning: The following procedure involves modifying the computer registry. This can cause substantial damage to the Microsoft Windows operating system. Document and back up the registry entries prior to implementing any changes.

    1. Log in to the old BlackBerry Enterprise Server service account.
    2. In the Registry Editor, go to HKEY_CURRENT_USER\Software\Research In Motion.
    3. Select the Research In Motion folder.
    4. Depending on the Windows environment, do one of the following:
      • For Windows Server 2003, select the File menu, and then click Export.
      • For Windows Server 2000, select the Registry menu, and then click Export Registry File.
    5. Choose a location to save the file, type a file name and click Save.
    6. Close the Registry Editor.

    Task 9

    Import the Research In Motion folder to the new BlackBerry Enterprise Server service account by completing these steps:

    Warning: The following procedure involves modifying the computer registry. This can cause substantial damage to the Microsoft Windows operating system. Document and back up the registry entries prior to implementing any changes.

    1. Log out of the current service account and log in with the new BlackBerry Enterprise Server service account.
    2. Locate the registry file you saved from Task 8.
    3. Double-click the registry file and it will import to the correct location in the registry.
    4. Open the Registry Editor.
    5. Confirm that the HKEY_CURRENT_USER\Software\Research In Motion directory exists.
    6. Close the Registry Editor.

    Task 10

    If you have a Microsoft SQL Server, assign the Server roles by completing the following steps:

    Note: If you are using MSDE, skip Task 10 and go to Task 11.

    1. In the SQL Enterprise Manager, go to Microsoft SQL Servers/SQL Server Group/<SQL_server_name>.
    2. Expand the Microsoft SQL Server and expand security.
    3. Right-click Logins and click New Login.
    4. On the General tab, click the button next to the Name field, as shown below:
    5. Select the new service account name from the Names list, click Add, and click OK.
    6. From the Server Roles tab, select Server Administrators and Database Creators from the Server Role list.Note: If you are running BlackBerry Enterprise Server software version 4.1 or later, add the System Administrators role to add BlackBerry smartphone users in a role-based administration environment. For instructions, see the BlackBerry Enterprise Server for Microsoft Exchange: System Administration Guide.
    7. On the Database Access tab, select the check box for the BlackBerry Configuration Database (for example, BESMgmt).
    8. In the Database Roles for <BlackBerry_Configuration_Database_name> list, select the db_owner check box.

    Task 11

    Edit the MAPI profile by completing these steps:

    1. Make sure BlackBerry Manager is closed.
    2. Click Start > Programs > BlackBerry Enterprise Server > BlackBerry Server Configuration.
    3. On the BlackBerry Server tab, click Edit MAPI Profile.
    4. In the Mailbox field, type the new BlackBerry Enterprise Server service account mailbox name.
    5. Click Apply and then click OK.

    Task 12

    Start all BlackBerry Enterprise Server services by completing the following steps:

    1. In BlackBerry Manager, right-click the BlackBerry Enterprise Server name, and then select Service Control > Start Service for each of the following services in the following order:
      • BlackBerry Router
      • BlackBerry Dispatcher
      • BlackBerry Controller
      • all other BlackBerry Enterprise Server services
    2. After starting the services, close BlackBerry Manager.Note: BlackBerry Enterprise Server services can also be started in Administrative Tools > Services.

    Important: Restarting certain BlackBerry Enterprise Server services will delay email message delivery to BlackBerry smartphones. For more information, see KB04789.


    Additional Info

    Please note that if your organization uses a single domain or multiple domains that are trusted in an Exchange organization, one BlackBerry Enterprise Server service account account is sufficient to manage the BlackBerry Enterprise Server.

Leave a Comment

Assigning permissions for the BlackBerry Enterprise Server service account

  • BlackBerry® Enterprise Server software version 3.5 and later for Microsoft® Exchange
  • Microsoft® Exchange 2000, 2003 and 2007The following permissions can be assigned for the BlackBerry Enterprise Server service account:
    1. Local Administrator rights on the BlackBerry Enterprise Server
    2. Local Security Policy permissions for the BlackBerry Enterprise Server service account
    3. Microsoft Exchange permissions at the Administrative Group level
    4. Microsoft Exchange permissions at the Microsoft Exchange Server level
    5. Send As permission at the Domain level
    6. Database permissions for managing the BlackBerry Configuration Database

    To assign permissions, complete the following tasks.

    Note: The BlackBerry Enterprise Server service account should be a Domain User only, not a Domain Administrator. See KB04557 for more information.


    Task 1To assign Local Administrator rights to the BlackBerry Enterprise Server service account, complete the following steps:

    If installing BlackBerry Enterprise Server on a Domain Controller

    1. Go to Start > Programs > Administrative Tools > Active Directory Users and Computers.
    2. Select the Builtin folder.
    3. Double-click Administrators.
    4. On the Members tab, click Add.
    5. Select the BlackBerry Enterprise Server service account name (for example, BESAdmin), and then click Add.
    6. Click OK.
    7. Click OK again.

    If installing BlackBerry Enterprise Server on a Member Server

    1. Click Start > Administrative Tools > Computer Management.
    2. In the left pane, expand System Tools and click Local Users and Groups.
    3. In the right pane, double-click Groups.
    4. Right-click Administrators and click Properties.
    5. In the Select Users, Contacts, Computers, or Groups window, select the BlackBerry Enterprise Server service account name.
    6. Click OK.

    Task 2

    To assign Local Security Policy permissions to the BlackBerry Enterprise Server service account, complete the following steps:

    Note: This allows the BlackBerry Enterprise Server service account to access the local computer and to run the BlackBerry Enterprise Server software as a Windows® service.

    1. Click Start > Administrative Tools > Local Security Policy.If the computer is a domain controller, click Start > Administrative ToolsDomain Controller Security Policy.
    2. In the Local Securities window, click Local Policies > User Rights Assignment.
    3. Do one of the following:
      • For Windows Server® 2000, double-click Log on Locally
      • For Windows Server 2003, double-click Allow Log on Locally
    4. Click Add User or Group.
    5. Select the BlackBerry Enterprise Server service account name and click Add.
    6. Click OK.
    7. In the Local Security Settings window, double-click Log On As a Service.
    8. Click Add User and select the BlackBerry Enterprise Server service account.
    9. Click OK.

    Task 3

    To assign Microsoft Exchange Server permissions at the Administrative Group level, complete the following steps for your environment:

    Note: This allows a system administrator to manage BlackBerry smartphone users and groups.

    On Microsoft Exchange 2000 or 2003

    1. Go to Start > Programs > Microsoft Exchange > System Manager.
    2. Select Administrative Groups.
    3. Right-click First Administrative Group and select Delegate Control.
    4. In the Exchange Administration Delegation Wizard, click Next, and then click Add.
    5. Click Browse and select the BlackBerry Enterprise Server service account.
    6. Click OK.
    7. In the Role drop-down list of the Delegate Control window, select Exchange View Only Administrator.
    8. Click OK to add the BlackBerry Enterprise Server service account to the Users and Groups list.
    9. Click Next, and then click Finish.

    On Microsoft Exchange 2007To set an Exchange View Only Administrator role:

    1. Go to Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
    2. In the command prompt window, type the following and then press ENTER:

    add-exchangeadministrator <BESAdmin> -role ViewOnlyAdmin

    where <BESAdmin> is the name of the BlackBerry Enterprise Server service account.

    To check an Exchange View Only Administrator role:

    1. Open Windows PowerShell, and then open a command prompt window.
    2. At the command prompt window, type the following and then press ENTER:

      get-exchangeadministrator | Format-List

    3. Verify that the BlackBerry Enterprise Server service account has the ViewOnlyAdmin role.

    Task 4

    To assign Microsoft Exchange Server permissions at the Microsoft Exchange Server level, complete the following steps:

    On Microsoft Exchange 2000 or 2003

    1. Go to Start > Programs > Microsoft Exchange > System Manager.
    2. Select Administrative Groups > First Administrative Group > Servers.
    3. Right-click the Microsoft Exchange Server name and select Properties.
    4. On the Security tab, select the BlackBerry Enterprise Server service account.
    5. Select the following permissions from the Permissions list:
      • Administer Information Store
      • Send As
      • Receive As
    6. Click the Advanced button.
    7. Verify that the option Select the Allow inheritable permissions from parent to propagate to this object and all child objects is checked.
    8. Click OK.
    9. Repeat the preceding steps for each Microsoft Exchange Server within the routing group that will host mailboxes for BlackBerry smartphone users with accounts on a BlackBerry Enterprise Server.

    On Microsoft Exchange 2007

    To set Send As, Receive As, and Administer Information Store permissions:

    1. Open Windows PowerShell, and then open a command prompt window.
    2. At the command prompt window, type the following line, and then press ENTER:get-mailboxserver Exchange2007 | add-adpermission -user <BESAdmin> -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Adminwhere:
      •  Exchange 2007 is the name of the Microsoft Exchange 2007 Server
      • <BESAdmin> is the name of the BlackBerry Enterprise Server service account

    To check the Send As, Receive As, and Administer Information Store permissions:

    1. Open Windows PowerShell, and then open a command prompt window.
    2. At a command prompt, type the following line, and then press ENTER:

     get-mailboxserver Exchange2007 | get-ADpermission -user BESAdmin | Format-List

    On Microsoft Exchange 5.5The BlackBerry Enterprise Server service account requires the Service Account Admin permissions on the Site container and Configuration container.


    Task 5

    To grant the Send As permission on a single account for all BlackBerry smartphone users in a Microsoft® Active Directory® domain or container, complete the following steps:

    1. Open Active Directory Users and Computers.
    2. From the View menu, select the Advanced Features option.Note: If Advanced Features is not selected, the Security page will not be visible for domain and container objects.
    3. Right-click the appropriate domain or container and click Properties.
    4. On the Security tab, click Advanced.
    5. If the BlackBerry Enterprise Server service account that requires the Send As permission is not listed, click Add and select the BlackBerry Enterprise Server service account name.
    6. Click OK.
    7. Double-click the BlackBerry Enterprise Server service account name.
    8. Select User Objects in the Applies Onto list.
    9. Select the Send As check box.
    10. Click Apply and then click OK.
    11. Close the Properties window and then close Active Directory Users and Computers.

    Note: For additional ways to assign the Send As permission, see article 912918 in the Microsoft Support Knowledge Base.


    Task 6

    To assign the required permissions for managing the BlackBerry Configuration Database, see Task 2 in KB03112.

    For additional information on the permissions that are required to manage the BlackBerry Configuration Database, see KB03633.


    Additional Information

    Microsoft Exchange 2007 is supported in BlackBerry Enterprise Server software version 4.1 Service Pack 3 and later.

    If the server is a Microsoft® SQL Server™, assign the Server roles by completing the following steps:

    Note: The following is not applicable to Microsoft SQL Server Desktop Engine (MSDE).

    1. In the SQL Enterprise Manager, go to Microsoft SQL Servers/SQL Server Group/<SQL_server_name>
    2. Expand the Microsoft SQL Server and expand security.
    3. Right-click Logins and click New Login.
    4. On the General tab, click the button next to the Name field.
    5. Select the new BlackBerry Enterprise Server service account name from the Names list.
    6. Click Add, and then OK.
    7. From the Server Roles tab, select Server Administrators and Database Creators from the Server Role list.

      Note: If you are running BlackBerry Enterprise Server software version 4.1 or later, add the System Administrators role to add BlackBerry smartphone users in a role-based administration environment. For instructions, see the BlackBerry Enterprise Server for Microsoft Exchange: System Administration Guide.

    8. On the Database Access tab, select the check box for the BlackBerry Configuration Database (for example, BESMgmt).
    9. In the Database Roles for <BlackBerry_Configuration_Database_name> list, select the db_owner check box.

    See KB04293 for information on switching service accounts for BlackBerry Enterprise Server software versions 4.0 and 4.1.

  • Original Post Click Here

    Comments (2)

    migrate the BlackBerry Enterprise Server from Exchange 2000 or Exchange 2003 to Exchange 2007

    Procedure

    To migrate the BlackBerry Enterprise Server from Microsoft Exchange Server 2000 or 2003 to Microsoft Exchange Server 2007, complete the following steps:

    1. Stop all BlackBerry Enterprise Server services.Important: Restarting certain BlackBerry Enterprise Server services will delay email message delivery to BlackBerry smartphones. For more information, see KB04789.
    2. Move the BlackBerry Enterprise Server service account. The default name for this account is BESAdmin.
    3. After migrating Microsoft Exchange Server 2000 or 2003, verify the Microsoft Exchange Server 2007 permissions for the BlackBerry Enterprise Server.
    4. Set the required permissions for the BlackBerry Enterprise Server in Microsoft Exchange 2007. For more information, see KB12483.Note: If Microsoft Exchange System Manager 2003 Service Pack 2 is installed on the BlackBerry Enterprise Server, skip to step 10.
    5. Remove Microsoft Exchange System Manager 2000.
    6. Perform a search for MAPI32.dll and cdo.dll.
    7. Rename any cdo.dll and MAPI32.dll files from the system32 folder and the program files\exchsrvr\bin folder to a .bak file extension.
    8. Download and install the latest Messaging Application Programming Interface (MAPI) and Collaboration Data Object (CDO) clients. For more information, see KB12697.
    9. Resolve the MAPI profile for the BESAdmin mailbox on the Microsoft Exchange Server 2007 by going to Start > Programs > BlackBerry Enterprise Server > Edit the MAPI.
    10. Restart the BlackBerry Enterprise Server.Important: Restarting the BlackBerry Enterprise Server will delay email message delivery to BlackBerry smartphones. For more information, see KB04789.

    Original post click here

    Comments (1)

    service account permissions in Microsoft Exchange Server 2007

    Procedure

    The following permissions are required for the BlackBerry Enterprise Server to function correctly in a Microsoft Exchange Server 2007 environment:

    • Exchange View Only Administrator role
    • Send As
    • Receive As
    • Administer Information Store

    Exchange View Only Administrator role

    1. Access the Microsoft Exchange Shell by going to Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
    2. To set the Exchange View Only Administrator role, type the following command:add-exchangeadministrator <service_account_name> -role ViewOnlyAdmin

      where <service_account_name> is the name of the BlackBerry Enterprise Server service account (for example, BESAdmin)

    3. To check the Exchange View-Only Administrator role, type the following command:get-exchangeadministrator | Format-List

      The service account should be displayed with a ViewOnlyAdmin role.


    Send As, Receive As, and Administer Information Store permissions

    1. Access the Microsoft Exchange Shell by going to Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
    2. To set the Send As, Receive As, and Administer Information Store permissions, type the following command:get-mailboxserver <server_name> | add-adpermission -user <service_account_name> -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

      where <server_name> is the name of the Microsoft Exchange Server 2007 or Microsoft Exchange cluster

    3. To check the Send As, Receive As, and Administer Information Store permissions, type the following command in Exchange Management Shell:get-mailboxserver <server_name> | get-ADpermission -user <service_account_name> | Format-List

    Original Post Click Here

    Comments (1)