Blackberry PRD-10459-003 - Enterprise Server For IBM Lotus Domino Administration Manual
  1. Manuals
  2. Brands
  3. Blackberry Manuals
  4. Software
  5. PRD-10459-003 - Enterprise Server For IBM Lotus...
  6. Administration manual
Blackberry PRD-10459-003 - Enterprise Server For IBM Lotus Domino Administration Manual

Blackberry PRD-10459-003 - Enterprise Server For IBM Lotus Domino Administration Manual

Enterprise server for ibm lotus domino version: 5.0 | service pack: 3
Hide thumbs
1
2
Table Of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
Table of Contents

Advertisement

Quick Links

Download this manual
BlackBerry Enterprise Server for
IBM Lotus Domino
Version: 5.0 | Service Pack: 3
Administration Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the PRD-10459-003 - Enterprise Server For IBM Lotus Domino and is the answer not in the manual?

Questions and answers

Related Manuals for Blackberry PRD-10459-003 - Enterprise Server For IBM Lotus Domino

Summary of Contents for Blackberry PRD-10459-003 - Enterprise Server For IBM Lotus Domino

  • Page 1 BlackBerry Enterprise Server for IBM Lotus Domino Version: 5.0 | Service Pack: 3 Administration Guide...
  • Page 2 Published: 2011-09-16 SWDT487521-1597421-0916011550-001...

  • Page 3: Table Of Contents

    Add an administrator account to a group......................Specify an email address for the BlackBerry Administration Service............... Permit an administrator to log in to the BlackBerry Administration Service using a messaging server account................................Assign a BlackBerry device to an administrator account..................
  • Page 4 Delete an IT policy............................5 Configuring security options..........................Encrypting data that the BlackBerry Enterprise Server and a BlackBerry device send to each other....Algorithms that the BlackBerry Enterprise Solution uses to encrypt data..........Change the symmetric key encryption algorithm that the BlackBerry Enterprise Solution uses....
  • Page 5 Adding a user account to the BlackBerry Enterprise Server................Add a user account............................ Create a user account that is not in the contact list in the BlackBerry Configuration Database....Export a list of user accounts........................Importing a list of user accounts to a BlackBerry Enterprise Server............
  • Page 6 Configure the BlackBerry Enterprise Server to fail over automatically............Monitoring the BlackBerry Enterprise Server for an automatic failover event..........Use the BlackBerry Administration Service to find the time and reason for the last automatic failover event................................Fail over the BlackBerry Enterprise Server manually using the BlackBerry Administration Service....
  • Page 7 Prepare the database server that hosts the replicated BlackBerry Configuration Database and configure the subscription......................... 113 Start the BlackBerry Enterprise Server instances..................114 Reacting if the BlackBerry Configuration Database that you configured for transactional replication stops responding................................ 114 Return to the BlackBerry Configuration Database when you configured transactional replication....115 Configuring a new mirror BlackBerry Configuration Database.................
  • Page 8 Stopping a job that is running........................... 136 Stop a job that is running.......................... 137 View the users that have a BlackBerry Java Application installed on their BlackBerry devices......137 View how the BlackBerry Administration Service resolved software configuration conflicts for a user account................................
  • Page 9 Export the BlackBerry MDS Connection Service certificate to make it available to push applications..162 Import the BlackBerry MDS Connection Service certificate to the key store of a push application..163 Permit push applications to select the transport protocol for PAP requests........... 163 Configuring a BlackBerry MDS Connection Service to trust web servers............
  • Page 10 Map a contact information field in an email application to contact list fields on BlackBerry devices..183 Map a contact list field in an email application to a contact list field on a BlackBerry device....183 Map a contact information field in an email application to contact list fields on BlackBerry devices..183...
  • Page 11 Map a contact list field in an email application to a contact list field on a BlackBerry device....184 16 Configuring BlackBerry devices to enroll certificates over the wireless network..........185 Configure the certificate information using IT policies..................185 Configure the BlackBerry MDS Connection Service to connect to the certificate authority......186 Add communication information to a BlackBerry MDS Connection Service configuration set....
  • Page 12 Prerequisites: Distributing a certificate using the BlackBerry Desktop Manager........214 Distribute a certificate using the BlackBerry Desktop Manager..............214 Configure PEAP configuration settings in the Wi-Fi profile on a BlackBerry device........215 Configuring EAP-TLS authentication......................... 216 Configure EAP-TLS authentication data for BlackBerry devices using a Wi-Fi profile....... 216 Configure EAP-TLS configuration settings in the Wi-Fi profile on a BlackBerry device......
  • Page 13 Preparing a device for redistribution to a new user..................233 Use the BlackBerry Administration Service to delete user data and assign the device to a new user..233 Use the BlackBerry Administration Service to delete user data and remove the BlackBerry Device Software before assigning the device to a new user.................
  • Page 14 Update the contact list manually....................... 246 Resend service books to a BlackBerry device.................... 246 26 Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices............................247 Managing the default distribution settings for jobs..................247 Change default settings for a job schedule....................
  • Page 15 266 Configuring the Microsoft Active Directory account to delegate access........... 266 Configuring the BlackBerry MDS Connection Service when the messaging server is located in a remote Microsoft Active Directory domain....................269 Turn on Integrated Windows authentication so that users can access resources on your organization's network..............................
  • Page 16 Turn off email message forwarding to a user account................285 Turn off synchronization for email messages sent from a BlackBerry device........... 285 Turn off email message forwarding when a user connects a BlackBerry device to a computer....285 Managing the incoming message queue......................286 Delete email messages for user accounts from the incoming message queue.........
  • Page 17 Turn off support for rich text formatting and inline images in email messages using an IT policy rule..290 Configuring IBM Lotus Notes links on devices....................290 Configure the BlackBerry Enterprise Server to support IBM Lotus Notes links to different IBM Lotus Domino domains............................291 Updating the map for IBM Lotus Domino server names and host names..........
  • Page 18 31 Managing instant messaging..........................321 Installing a collaboration client on BlackBerry devices..................321 Change the instant messaging server or pool that a BlackBerry Collaboration Service connects to....321 Change the transport protocol for a Microsoft instant messaging environment..........322 Specify the Windows domain name for users who log in to a collaboration client.......... 323 Managing instant messaging sessions......................
  • Page 19 Prevent users from sending specific file types to instant messaging contacts using the BlackBerry Client for IBM Lotus Sametime........................324 Specifying the maximum size of file types that users can send using the BlackBerry Client for IBM Lotus Sametime............................324 Prevent users from sending instant messaging conversations in email messages........
  • Page 20 BlackBerry MDS Connection Service log files....................361 Changing how the BlackBerry MDS Connection Service creates a log file..........361 Using BlackBerry MDS Connection Service log files to view information for proxied connections to BlackBerry devices............................. 364 BlackBerry Collaboration Service log files......................365 Change which activities the BlackBerry Collaboration Service writes to a log file........
  • Page 21 A user did not accept a notification about an instant message on a computer and the notification disappeared............................... 392 A user receives a 301 error when the user logs in to an instant messaging application on a BlackBerry device................................ 393 Troubleshooting: BlackBerry Web Desktop Manager..................
  • Page 22 38 Provide feedback.............................. 415 39 Legal notice............................... 416...

  • Page 23: Overview: Blackberry Enterprise Server

    You can manage the BlackBerry Enterprise Server, devices, and user accounts using the BlackBerry Administration Service, a web application that is accessible from any computer that can access the computer that hosts the BlackBerry Administration Service. You can use the BlackBerry Administration Service to manage a BlackBerry Domain, which consists of one or more BlackBerry Enterprise Server instances and remote components that use a single BlackBerry Configuration Database.

  • Page 24: Getting Started In Your Blackberry Enterprise Server Environment

    The following table lists the tasks that administrators typically perform after installing a BlackBerry® Enterprise Server, and the chapter or section in the BlackBerry Enterprise Server Administration Guide that contains the information required to complete the task. Some of the tasks might not be required in your organization's environment.
  • Page 25 Administration Guide Getting started in your BlackBerry Enterprise Server environment Task Chapter If necessary, change the default messaging settings for Setting up the messaging environment your organization's environment. Managing your messaging environment and attachment support Prepare to distribute BlackBerry Java® Applications.
  • Page 26 Use the BlackBerry Monitoring Service to troubleshoot Visit www.blackberry.com/go/serverdocs to see the issues and monitor the health of a BlackBerry Enterprise BlackBerry Enterprise Server Monitoring Guide. Server. Change how the BlackBerry Enterprise Server creates BlackBerry Enterprise Server log files...

  • Page 27: Log In To The Blackberry Administration Service For The First Time

    Best practice: Running the BlackBerry Enterprise Server, 63 The web browser displays an HTTP 404 or HTTP 504 error message when it tries to connect to a BlackBerry Administration Service instance, There is a problem with this website's security certificate Description The browser displays this error message when you try to navigate to the BlackBerry®...

  • Page 28: This Connection Is Untrusted

    11. Click Install certificate. The Certificate Import Wizard opens. 12. Complete the instructions in the Certificate Import Wizard. If you are trying to log in to the BlackBerry Administration Service or BlackBerry Monitoring Service using a computer that runs Windows Vista®, perform the following actions in the Certificate Import Wizard.

  • Page 29: Creating Administrator Accounts

    You can also assign roles to groups and add administrator accounts to groups. This allows you to specify administrative role permissions at a group level instead of at an individual level. If the group contains BlackBerry device users, the roles are also assigned to the users and the users become administrators.
  • Page 30 Delete a user-defined IT policy template Edit a user-defined IT policy template Import an IT policy template Resend data to devices Create a software configuration View a software configuration Edit a software configuration Delete a software configuration View BlackBerry Administration Service software management...
  • Page 31 Server only User only Permission name Security role Helpdesk Helpdesk role role role role role Edit BlackBerry Administration Service software management Create an application View an application Edit an application Delete an application Create an administrator user Specify an activation password...
  • Page 32 Delete an instance Edit license keys View license keys Manually fail a job Clear instance statistics View push rules for the BlackBerry MDS Connection Service View pull rules for the BlackBerry MDS Connection Service Send message (across Group) Create a role...

  • Page 33: Creating Roles

    BlackBerry® Administration Service, BlackBerry Monitoring Service, and BlackBerry® Web Desktop Manager. For example, you can create a role that has all permissions turned off by default and you can customize the role by turning on specific permissions. You can also create a role that is based on a preconfigured role and customize the role that you create.

  • Page 34: Create A Role Based On An Existing Role

    After you finish: Assign the role to an administrator account or group. Create an administrator account You create an account for administrators to enable them to log in to the BlackBerry® Administration Service and manage the BlackBerry® Enterprise Server. You create an administrator account and assign the account to one or more administrator roles.

  • Page 35: Add An Administrator Account To A Group

    Note: If you add a role to a group, all accounts in the group become administrator accounts and have all of the permissions that are assigned to that role, even if the accounts are user accounts for BlackBerry® device users.

  • Page 36: Permit An Administrator To Log In To The Blackberry Administration Service Using A Messaging Server Account

    Permit an administrator to log in to the BlackBerry Administration Service using a messaging server account You can permit an administrator to log in to the BlackBerry® Administration Service using a user name and password for the messaging server. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User.

  • Page 37: Using An It Policy To Manage Blackberry Enterprise Solution Security

    By default, if you do not assign an IT policy to the user account or group, the BlackBerry Enterprise Server sends the Default IT policy. If you delete an IT policy that you assigned to the user account or group, the BlackBerry Enterprise Server automatically re-assigns the Default IT policy to the user account and resends the Default IT policy to the device.

  • Page 38: Preconfigured It Policies

    Administration Guide Preconfigured IT policies Preconfigured IT policies The BlackBerry® Enterprise Server includes the following preconfigured IT policies that you can change to create IT policies that meet the requirements of your organization. Preconfigured IT policy Description Default This policy includes all the standard IT policy rules that are set on the BlackBerry Enterprise Server.

  • Page 39: Default Values For Preconfigured It Policies

    Administration Guide Preconfigured IT policies Preconfigured IT policy Description technology on devices, turns on strong content protection, turns off USB mass storage, requires devices to encrypt external file systems, and prevents devices from downloading third-party applications. Default values for preconfigured IT policies You can configure additional IT policy rules in the preconfigured IT policies or change any of the following values: IT policy rule Default IT...
  • Page 40 Administration Guide Preconfigured IT policies IT policy rule Default IT Individual- Basic Medium Medium Advanced Advanced policy Liable Password Password Password Security IT Security Device IT Security IT Security IT Security policy with No 3rd policy policy policy with No 3rd Party Party Application...
  • Page 41 Administration Guide Preconfigured IT policies IT policy rule Default IT Individual- Basic Medium Medium Advanced Advanced policy Liable Password Password Password Security IT Security Device IT Security IT Security IT Security policy with No 3rd policy policy policy with No 3rd Party Party Application...

  • Page 42: Creating And Importing It Policies

    CAUTION: For you to import IT policy data successfully, the IT policy data file must contain all of the IT policies that are assigned to user accounts and groups in the BlackBerry Domain that you are importing IT policy data to.

  • Page 43: Import It Policy Rules From An It Policy Pack

    Administration Guide Change the value for an IT policy rule In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy. Click Manage IT policies. In the Manage IT policies section, click Import IT policy list. In the IT policy import section, specify the following information: •...

  • Page 44: Assign An It Policy To A User Account

    BlackBerry® Web Desktop Manager apply the configuration changes immediately. By default, the BlackBerry Enterprise Server is designed to resend an IT policy to the device within a short period of time after you update the IT policy using the BlackBerry Administration Service. You can also resend an IT policy to a specific device manually.

  • Page 45: Resend An It Policy To A Blackberry Device Automatically

    BlackBerry® Enterprise Server applies the Default IT policy to the user account. If you assign an IT policy to a group that a user account is a member of, the BlackBerry Enterprise Server applies the group IT policy to the user account.

  • Page 46: Option 1: Applying One It Policy To Each User Account

    Option 1: Applying one IT policy to each user account You can configure the BlackBerry® Enterprise Server to apply only one IT policy to a user account when a user account is a member of multiple groups that have different IT policies. In this scenario, the BlackBerry Enterprise Server applies the IT policy that you ranked the highest in the BlackBerry Administration Service.

  • Page 47: Option 2: Applying Multiple It Policies To Each User Account

    IT policies You can change the method that the BlackBerry® Enterprise Server uses to determine what IT policy to apply to a user account when a user account belongs to multiple groups that have different IT policies. If you change the method used to resolve conflicting IT policies, the next IT policy reconciliation process that occurs might have a significant impact on the performance of your organization's BlackBerry Enterprise Server environment.

  • Page 48: User Account

    The BlackBerry® Enterprise Server can apply multiple IT policies to a user account if the user account is a member of multiple groups that have different IT policies. Since you can assign IT policies to user accounts, groups, or the BlackBerry Domain, the BlackBerry Administration Service uses predefined rules to apply an IT policy to a user account.
  • Page 49 IT policies You can change the method that the BlackBerry® Enterprise Server uses to determine what IT policy to apply to a user account when a user account belongs to multiple groups that have different IT policies. If you change the method used to resolve conflicting IT policies, the next IT policy reconciliation process that occurs might have a significant impact on the performance of your organization's BlackBerry Enterprise Server environment.

  • Page 50: View The Resolved It Policy Rules That Are Assigned To A User Account

    If you change the Disable users with unapplied IT policy option to True, by default, the BlackBerry Enterprise Server sends the IT policy to the BlackBerry devices every 30 minutes until the BlackBerry devices apply the IT policy or the time limit expires.

  • Page 51: Creating New It Policy Rules To Control Third-Party Applications

    Creating new IT policy rules to control third-party applications In the Disable user time limit (hours) field, type the time (in hours) that can occur before the PINs for BlackBerry devices that you did not apply an IT policy to are deactivated on the BlackBerry® Enterprise Server.

  • Page 52: Export All It Policy Data To A Data File

    If you export all IT policy data to a data file, you must create an encryption password for the data file that you can use to protect the data file. You can import the data file at a later time to another BlackBerry® Domain.

  • Page 53: Configuring Security Options

    BlackBerry® Enterprise Solution uses BlackBerry transport layer encryption. BlackBerry transport layer encryption is designed to encrypt data from the time that a BlackBerry device user sends a message from the BlackBerry device to when the BlackBerry Enterprise Server receives the message, and from the time that the BlackBerry Enterprise Server sends a message to when the BlackBerry device receives the message.

  • Page 54: Managing Device Access To The Blackberry Enterprise Server

    BlackBerry Enterprise Server previously. You can permit a user to override the Enterprise Service Policy so that a device can connect to the BlackBerry Enterprise Server even if you configure the allowed list with criteria that exclude that device.

  • Page 55: Configure The Enterprise Service Policy

    BlackBerry Enterprise Server. To add a new BlackBerry device, on the Add new allowed PINs tab, in the New allowed PINs field, type the PIN for the BlackBerry device. Click the Add icon.

  • Page 56: Extending Messaging Security Using Pgp Encryption

    BlackBerry® smartphones on the BlackBerry device and to transfer the PGP private key of the BlackBerry device user to the BlackBerry device. The BlackBerry device user can use the PGP private key to digitally sign, encrypt, and send PGP protected messages from the BlackBerry device. If a BlackBerry device user does not install the PGP Support Package for BlackBerry smartphones, the BlackBerry device displays an error message when the BlackBerry device user tries to open PGP protected messages.
  • Page 57 To require the BlackBerry device user to use S/MIME encryption when forwarding or replying to messages, you can configure the S/MIME Force Digital Signature IT policy rule and the S/MIME Force Encrypted Messages IT policy rule.

  • Page 58: Enterprise Server

    True. • To permit BlackBerry device users that have email applications that do not support S/MIME to read the text of an S/MIME-protected message, in the Send S/MIME messages in clear-signed format drop-down list, click True.

  • Page 59: Extending Messaging Security Using Ibm Lotus Notes Encryption

    To use Lotus Notes encryption on the BlackBerry device, the BlackBerry device user must import a copy of the Lotus Notes .id file into the user's message database using the BlackBerry Desktop Software or Lotus® iNotes®. If your organization's environment includes Lotus Domino version 8.5.1 or later and BlackBerry Enterprise Server version...

  • Page 60: Enforcing Secure Messaging Using Classifications

    S/MIME message protection or PGP message protection that applies to the email messages. If a user does not select a message classification, by default, the BlackBerry device applies the first classification in the message classification list on the BlackBerry device. You can change the order that the BlackBerry device lists the classifications in.

  • Page 61: Create A Message Classification Based On An Existing Message Classification

    (U) for a classification that is named Unclassified. In the Minimum Actions drop-down list, click an action that a BlackBerry device user can perform to encode the message. For example, to permit users to select all of the encoding types for the secure messaging packages that they install on their BlackBerry devices, click Signed.

  • Page 62: Delete A Message Classification

    Generating organization-specific encryption keys for PIN- message encryption By default, all BlackBerry® devices store a common PIN encryption key that they use to protect PIN messages. To limit the number of devices that can decrypt PIN messages that BlackBerry device users in your organization send from their devices, you can generate a new PIN encryption key that is stored on and known only to devices in your organization.

  • Page 63: Turn Off Blackberry Services That The Blackberry Mds Connection Service, Blackberry Collaboration Service, And Blackberry Mvs Provide

    Internet, running applications that communicate with application servers and content servers, sending or receiving instant messages, or making calls using VoIP. You can turn off the BlackBerry services if you want to enhance security, save bandwidth on the wireless network, or conserve system resources on the computer.

  • Page 64: Changing When A Blackberry Device Cleans The Blackberry Device Memory

    The BlackBerry device user changes the time or time zone on the BlackBerry device. To change when the memory cleaner application runs, you can use IT policies or the BlackBerry device user can turn on or turn off the memory cleaner application in the Security options on the BlackBerry device.

  • Page 65: Configuring The Blackberry Enterprise Server Environment

    BlackBerry Mail Store Service, BlackBerry Policy Service, and BlackBerry Synchronization Service to manual. To avoid errors in the BlackBerry Enterprise Server, do not change the startup type for the BlackBerry Enterprise Server services. Do not change the account...

  • Page 66: Configuring Certain Blackberry Enterprise Server Components To Use Proxy Servers

    Proxy servers typically do not permit network traffic between servers that are on the same side of the firewall, so you can configure certain BlackBerry® Enterprise Server components to use a .pac file, or to access the Internet directly through a proxy server. You can also configure multiple proxy servers to manage traffic to specific web addresses, and you can specify URLs that the BlackBerry Enterprise Server components can access without using a proxy server.

  • Page 67: Configure A Blackberry Enterprise Server Component To Use A Proxy Server

    You can specify more than one proxy string in a proxy mapping rule for a web address. If the BlackBerry® Enterprise Server component cannot access the web server using the first proxy string, it tries to access the web server using the subsequent proxy strings that you specify, until the component accesses the web server.

  • Page 68: Configuring The Blackberry Administration Service To Use A Proxy Server

    Depending on the operating system on the computer that hosts the BlackBerry® Administration Service instance, you can use the Proxy Configuration Tool or the Network Shell Utility to manually select a proxy server for a BlackBerry Administration Service instance. You must configure manual proxy selection for all of the computers that host a BlackBerry Administration Service instance.
  • Page 69 BlackBerry® Enterprise Trait Tool. The Web Proxy Autodiscovery Protocol uses DHCP and DNS to find a PAC file. Perform this task on any computer that hosts a BlackBerry Administration Service instance.

  • Page 70: Configuring The Blackberry Administration Service To Authenticate With A Proxy Server

    BlackBerry Enterprise Trait Tool. You can specify the credentials for either the entire BlackBerry Domain or for individual BlackBerry Administration Service instances. The BlackBerry Administration Service tries the credentials that you specify for the BlackBerry Administration Service instance first and then tries the credentials that you specify for the BlackBerry Domain.
  • Page 71 Configure the BlackBerry Administration Service to use HTTP basic authentication You use the BlackBerry® Enterprise Trait Tool to configure the BlackBerry Administration Service to use HTTP basic authentication to authenticate with a proxy server. HTTP basic authentication requires a user name and password for authentication.

  • Page 72: Configuring Multiple Blackberry Enterprise Server Instances To Use The Same Blackberry Enterprise Server Component

    Enterprise Server instance that you want to use the BlackBerry MDS Connection Service. Click Add. Repeat steps 4 and 5 for each BlackBerry Enterprise Server instance that you want to have use the BlackBerry MDS Connection Service. Click Save all.

  • Page 73: Configure Multiple Blackberry Enterprise Server Instances To Use The Same Blackberry Collaboration Service

    On the Supported Dispatcher instances tab, in the Available Dispatcher instances list, click the BlackBerry Enterprise Server instance that you want to use the BlackBerry Collaboration Service. Click Add. Repeat steps 4 and 5 for each BlackBerry Enterprise Server instance that you want to use the BlackBerry Collaboration Service. Click Save all.

  • Page 74: Configuring User Accounts

    You can create user groups and assign user accounts to user groups based on custom criteria, such as user location, organizational group, or BlackBerry® device model. User accounts that are part of a user group can exist on multiple BlackBerry® Enterprise Server instances in the BlackBerry Domain.

  • Page 75: Adding A User Account To The Blackberry Enterprise Server

    Assigning BlackBerry devices to users, 78 Add a user account You can add a user account to the BlackBerry® Enterprise Server, assign a BlackBerry device to a user account and activate the BlackBerry device. The user account must exist on your organization's messaging server.

  • Page 76: Create A User Account That Is Not In The Contact List In The Blackberry Configuration Database

    Configuration Database You can create a user account for a user even if the BlackBerry® Mail Store Service did not yet synchronize the contact information for the user account to the BlackBerry Configuration Database. If the BlackBerry Mail Store Service did not synchronize the contact information and you create a user account, the BlackBerry Administration Service does not display the user account in the search results.

  • Page 77: Export A List Of User Accounts

    Export a list of user accounts You can export a list of user accounts from a BlackBerry® Enterprise Server to a .csv file. The .csv file contains information about the user accounts, such as the user ID, display name, PIN and email address. You can import the list of user accounts to another BlackBerry Enterprise Server.
  • Page 78 Email Address The field specifies the email address for the user account. SRP ID This field specifies the SRP ID for the BlackBerry Enterprise Server that you want to add the user account to. Group Names This field specifies the names of groups that you want to add the user account to.
  • Page 79 "jbuac@example.com","JBUAC0011,"Admins","specify", "asdf","24" Import multiple user accounts from a .csv file You can import a list of user accounts from a .csv file to a BlackBerry® Enterprise Server so that you can manage the user accounts. Before you begin: Create a .csv file.

  • Page 80: Assigning Blackberry Devices To Users

    By default, the BlackBerry® Enterprise Server synchronizes the headers of 200 email messages from the previous 5 days to a BlackBerry device when you activate it. If you change the BlackBerry Enterprise Server settings so that it synchronizes the headers and body of messages to a BlackBerry device when you activate it, the BlackBerry Enterprise Server can synchronize up to 3000 messages from the previous 30 days.

  • Page 81: Assigning Blackberry Devices To User Accounts

    Administration Guide Assigning BlackBerry devices to user accounts Click Save all. Assigning BlackBerry devices to user accounts To assign BlackBerry® devices to user accounts and activate the BlackBerry devices, you can use any of the following methods: Method Description BlackBerry Administration Service...

  • Page 82: Option 2: Activating A Blackberry Device Over The Wireless Network

    Option 2: Activating a BlackBerry device over the wireless network To activate a BlackBerry® device over the wireless network, you assign an activation password to a user account. The user receives the activation password in an email message and associates the BlackBerry device with the email account by typing the password on the BlackBerry device.
  • Page 83 Assigning BlackBerry devices to user accounts Activation passwords The BlackBerry® Enterprise Server activates a BlackBerry device over the wireless network using the wireless activation authentication protocol and an activation password that is specific to the user account associated with the BlackBerry device.
  • Page 84 You can customize the type of activation password and the number of characters the password can contain that you send to BlackBerry® devices in a BlackBerry Domain. You can also change the length of time that the activation password exists before it expires.

  • Page 85: Option 3: Activating Blackberry Devices Over The Lan

    When users complete the activation process, the BlackBerry® Enterprise Server sends email messages and organizer data to the BlackBerry devices through the BlackBerry Router. If a connection to the BlackBerry Router is interrupted, the data transfer continues over the wireless network.

  • Page 86: Option 5: Activating Blackberry Devices Over An Enterprise Wi-Fi Network

    To activate BlackBerry devices over the enterprise Wi-Fi network, you must configure the BlackBerry Router as an SMTP client (also known as a Mail User Agent). As an SMTP client, the BlackBerry Router communicates with an SMTP server, that sends an ETP message to the user. The ETP message is the email message that the BlackBerry Router sends to the user’s mailbox during the activation process.
  • Page 87 To specify how the BlackBerry Router locates the SMTP server, in the Activation Gateway Settings section, select one of the following options: • To permit the BlackBerry Router to determine which SMTP server it uses for ETP traffic based on the mail exchange record of the host domain, select Use MX Lookup to obtain SMTP server.
  • Page 88 Administration Guide Assigning BlackBerry devices to user accounts • To view the activation status, in the BlackBerry Administration Service, on the Wireless > View activations page, search for the user account. Confirm that the activation is successful. Related topics Restarting BlackBerry Enterprise Server components, 327...

  • Page 89: Configuring Blackberry Enterprise Server High Availability

    The failover status specifies whether the BlackBerry Enterprise Server instance is a primary instance or standby instance and whether the BlackBerry Enterprise Server instance is running as expected. The BlackBerry Administration Service receives this information in real time from the BlackBerry Enterprise Server instance so that the failover status is always up-to-date.

  • Page 90: Defining When Failover Occurs

    Administration Guide How the BlackBerry Enterprise Server uses health parameters • The values for the health parameters that you define as part of the failover threshold for the primary BlackBerry Enterprise Server indicates whether a service or component is unhealthy. •...
  • Page 91 BlackBerry Enterprise Server only. In this scenario, you configure the standby BlackBerry Enterprise Server to promote itself when it can provide most of the BlackBerry services that your organization requires. The primary BlackBerry Enterprise Server demotes itself when it cannot provide most of the BlackBerry services that your organization considers essential.

  • Page 92: Changing The Promotion Threshold And Failover Threshold

    Each primary and standby BlackBerry® Enterprise Server instance has a failover threshold and a promotion threshold. The BlackBerry Enterprise Server uses the failover threshold when it is an primary instance to determine when it needs to demote itself, and it uses the promotion threshold when it is a standby instance to determine whether it can promote itself to become the primary instance.
  • Page 93 Access to web content and This health parameter indicates whether the BlackBerry MDS Connection application content Service can provide users with access to content from BlackBerry Java® Applications and content that is located on your organization's intranet or the Internet.

  • Page 94: Changing When Automatic Failover Occurs By Customizing The Health Parameters For User Accounts And Messaging Servers

    For example, if your organization requires that all users can access email messages from BlackBerry devices at all times and that the BlackBerry Enterprise Server is connected to all of the messaging servers at all times, you can change the value of the Connection to the messaging server(s) health parameter to 100%.

  • Page 95: Prerequisites: Configuring The Blackberry Enterprise Server Pair To Fail Over Automatically

    Example: Changing the percentage of the User accounts health parameter If you want to change the percentage of the User accounts health parameter to 80% for a BlackBerry Enterprise Server pair and the primary BlackBerry Enterprise Server instance is named CN=server03/OU=servers/O=rimnet, you can type traittool.exe -host CN=server03/OU=servers/O=rimnet -trait UserHealthPercentage -set 80.

  • Page 96: Monitoring The Blackberry Enterprise Server For An Automatic Failover Event

    When an automatic failover event occurs, the primary BlackBerry Enterprise Server and standby BlackBerry Enterprise Server write the time and reason at logging level 5 (Verbose) in the log files for the BlackBerry Dispatcher, BlackBerry Controller, and BlackBerry Messaging Agent. The BlackBerry Controller and BlackBerry Dispatcher instances for the primary BlackBerry Enterprise Server and standby BlackBerry Enterprise Server create SNMP alerts using the BlackBerry Enterprise Server Alert Tool.

  • Page 97: Fail Over The Blackberry Enterprise Server Manually Using The Blackberry Administration Service

    Fail over the BlackBerry Enterprise Server manually using the BlackBerry Administration Service You can use the BlackBerry® Administration Service to force a primary BlackBerry® Enterprise Server to perform a failover process if it is not running as expected or if it requires maintenance.

  • Page 98: Configuring High Availability For Blackberry Enterprise Server Components

    BlackBerry Enterprise Server promotes the connection to the next instance in the pool list to an active connection. If you configured central push servers, the BlackBerry MDS Connection Service pool should include at least two BlackBerry MDS Connection Service instances that you also configure as central push servers.

  • Page 99: Configure The Blackberry Mds Connection Service And Blackberry Collaboration Service To Fail Over Automatically

    BlackBerry Enterprise Server. By default, the BlackBerry Collaboration Service instance at the top of the pool list is the instance that the BlackBerry Enterprise Server assigns the active connection to. If the instance with the active connection stops responding, the BlackBerry Collaboration Service tries to connect to the next instance in the pool list.

  • Page 100: Create A Blackberry Attachment Service Pool For High Availability

    On the Supported Attachment Server Instances tab, in the Name drop-down list, click the instance that you want to add. In the Results Query Period(s) field, type the number of seconds that you want the BlackBerry Enterprise Server to wait for a response before it sends the request to another BlackBerry Attachment Service instance.

  • Page 101: You Cannot Determine The Blackberry Attachment Connector That The Blackberry Enterprise Server Or The Blackberry Mds Connection Service Uses

    Click the Add icon. 10. Repeat steps 5 to 9 for each BlackBerry Attachment Service instance that you want to add to the pool. 11. Click Save all. 12. Repeat steps 2 to 11 for each BlackBerry Enterprise Server instance that you want to use a BlackBerry Attachment Service pool.

  • Page 102: Create A Blackberry Router Pool For High Availability

    • If you are changing a BlackBerry Enterprise Server instance, on the Instance tab, click Restart instance. • If you are changing a BlackBerry Enterprise Server pair, click on one of the instances. On the Instance tab, click Restart instance. Repeat this step for the other instance.

  • Page 103: Permit A Blackberry Enterprise Server To Connect To A Remote Blackberry Router

    Permit a BlackBerry Enterprise Server to connect to a remote BlackBerry Router If you installed a BlackBerry® Router on a computer that is separate from the computer that hosts a BlackBerry® Enterprise Server, you must permit the BlackBerry Dispatcher that you installed with the BlackBerry Enterprise Server to connect to the BlackBerry Router.

  • Page 104: Configure The Blackberry Administration Service Instances In A Pool To Communicate Across Network Subnets

    BlackBerry Administration Service pool is the FQDN of the computer that you perform the installation on. If you want to configure high availability using DNS round robin after the installation process completes, you must change the name of the BlackBerry Administration Service pool to the name of a record in the DNS server that represents...

  • Page 105: Change The Name Of The Blackberry Administration Service Pool

    Change the name of the BlackBerry Administration Service pool Before you begin: If you want to configure high availability for the BlackBerry® Administration Service by creating a BlackBerry Administration Service pool using DNS round robin, create the DNS record that represents the BlackBerry Administration Service instances in the pool.

  • Page 106: Monitoring The High Availability Status Or Job Deployment Status Using The Blackberry Administration Service

    • If you want to fail over the BlackBerry Collaboration Service and your organization's environment includes Microsoft Office Communications Server 2007, click the Supported Microsoft Office Communications Server 2007 instances tab. • If you want to fail over the BlackBerry MDS Connection Service, click the Supported MDS Connection Service instances tab. Click Manual Failover.

  • Page 107: Remove A Blackberry Mds Connection Service Instance From A Pool

    Remove a BlackBerry MDS Connection Service instance from a pool You can remove a BlackBerry® MDS Connection Service instance from a pool if your organization no longer requires it or to troubleshoot an issue. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology >...

  • Page 108: Remove A Blackberry Attachment Service Instance From A Pool

    Remove a BlackBerry Router instance from a pool You can remove a BlackBerry® Router instance from a pool if it is no longer required or to troubleshoot an issue. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology >...

  • Page 109: Configuring Blackberry Configuration Database High Availability

    • Verify that the Microsoft SQL Server Agent uses a domain user account with the local administrative permissions set to the same permissions as the Windows® account that runs the BlackBerry® Enterprise Server services. • Verify that the domain user account has permissons on both database servers so that each Microsoft SQL Server Agent can access the shared replication folder.

  • Page 110: Configuring Database Mirroring

    Administration Guide Configuring database mirroring Configuring database mirroring You can use Microsoft® SQL Server® 2005 or 2008 database mirroring to configure the BlackBerry® Configuration Database for high availability. The BlackBerry Configuration Database only supports high safety with automatic failover (synchronous) operating mode for database mirroring.

  • Page 111: Start The Blackberry Enterprise Server Instances

    Administration Service adds a registry key to all of the computers that host BlackBerry® Enterprise Server components in the BlackBerry Domain and the registry key includes the name of the Microsoft® SQL Server® that hosts the mirror database. The BlackBerry Administration Service also adds the name of the Microsoft SQL Server that hosts the mirror database to the BlackBerry Configuration Database.

  • Page 112: Resend The Database Mirroring Parameters To Blackberry Enterprise Server Components

    If the computers that host BlackBerry® Enterprise Server components were not running or connected to the network when you configured the BlackBerry® Enterprise Solution to support database mirroring, or if you do not know if all of the components were configured to support database mirroring, you should resend the database mirroring parameters to the components.

  • Page 113: Configuring The Blackberry Configuration Database For One-Way Transactional Replication In An Environment That Includes Microsoft Sql Server 2005 Or 2008

    Create the replicated BlackBerry Configuration Database from a backup Before you begin: Back up the BlackBerry® Configuration Database with the Backup type option set to Full. Copy the backup file from the database server that hosts the BlackBerry® Configuration Database to the database server that will host the replicated BlackBerry Configuration Database.

  • Page 114: Permit Access To The Blackberry Configuration Database Instances

    Microsoft SQL Server 2005 or 2008 11. Click OK. Permit access to the BlackBerry Configuration Database instances In the Microsoft® SQL Server® Management Studio, connect to the database server that hosts the BlackBerry® Configuration Database. Right-click the BlackBerry Configuration Database. Click Properties.

  • Page 115: Increase The Maximum Data Size For Transactional Replication

    Right-click Local Subscriptions. Click New Subscription. In the list of publishers, select the name of the database server that hosts the BlackBerry Configuration Database. In the list of databases and publications, select the publication for the BlackBerry Configuration Database. Click Next.

  • Page 116: Start The Blackberry Enterprise Server Instances

    Start the BlackBerry Enterprise Server instances After you configure the database, permit all BlackBerry® Enterprise Server instances to connect to the principal BlackBerry Configuration Database. On the computers that host the BlackBerry Enterprise Server components, in the Windows® Services, start all of the BlackBerry Enterprise Server services in the following order: •...

  • Page 117: Return To The Blackberry Configuration Database When You Configured Transactional Replication

    BlackBerry Configuration Database, the mirror BlackBerry Configuration Database becomes the new principal BlackBerry Configuration Database. If you configure a new mirror BlackBerry Configuration Database, you must resend the database mirroring parameters to the BlackBerry Enterprise Server components so that they can use the new mirror BlackBerry Configuration Database.

  • Page 118: Sending Software And Blackberry Java Applications To Blackberry Devices

    To send BlackBerry Java Applications to devices, you must first add the applications to the application repository. You can use the application repository to store and manage all versions of the BlackBerry Java Applications that you want to install on, update on, or remove from devices.

  • Page 119: Developing Blackberry Java Applications For Blackberry Devices

    Applications to install them on BlackBerry devices using a user’s computer or over the wireless network. Application developers can use the BlackBerry JDE or the BlackBerry Java Plug-in for Eclipse to generate .cod files that contain the compiled application code for a BlackBerry Java Application. BlackBerry devices execute .cod files to run BlackBerry Java Applications.

  • Page 120: Specify A Shared Network Folder For Blackberry Java Applications

    Service must access the shared network folder to install BlackBerry Java Applications on BlackBerry devices. Do not add application files to the shared network folder or make changes to the files that the BlackBerry Administration Service stores in the shared network folder.

  • Page 121: Add A Collaboration Client To The Application Repository

    Click Publish application. Specify keywords for a BlackBerry Java Application You can specify keywords for a BlackBerry® Java® Application. You can use the keywords to search for the application in the application repository. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Software >...

  • Page 122: Standard Application Control Policies

    BlackBerry Java Application on their BlackBerry devices. Change a standard application control policy When you add a BlackBerry® Java® Application to a software configuration, you must assign an application control policy to the BlackBerry Java Application. Based on the requirements of your organization's environment, you can change the default settings for the standard application control policies.

  • Page 123: Create Custom Application Control Policies For A Blackberry Java Application

    Create custom application control policies for a BlackBerry Java Application After you add a BlackBerry® Java® Application to the application repository, you can configure the application to use the standard application control policies, or you can create custom application control policies for the application.

  • Page 124: It Policy Rules Take Precedence On The Device

    IT policy rule settings override application control policy rule settings. For example, if you change the Allow Internal Connections IT policy rule to No for BlackBerry® devices, and if the devices have an application control policy set that allows a specific application to make internal connections, the application cannot make internal connections.

  • Page 125: Change The Standard Application Control Policy For Unlisted Applications That Are Optional

    The BlackBerry® Administration Service includes two default application control policies for unlisted applications: one for unlisted applications that you permit on BlackBerry devices, and one for unlisted applications that you do not permit on BlackBerry devices. You can also create custom application control policies for unlisted applications that are optional.

  • Page 126: Configure The Priority Of Application Control Policies For Unlisted Applications

    You can assign a software configuration to a group, multiple user accounts, or a single user account. After you assign a software configuration, you can change the settings in the software configuration to manage the BlackBerry Java Applications, BlackBerry Device Software, and standard application settings on BlackBerry devices. You can configure...

  • Page 127: Create A Software Configuration

    In the Configuration information section, in the Name field, type a name for the software configuration. In the Disposition for unlisted applications drop-down list, perform one of the following actions: • To permit users to install applications that are not included in the software configuration on their BlackBerry devices, click Optional.

  • Page 128: Assign A Software Configuration To A Group

    • To install the application on BlackBerry devices using a USB connection to the user's computer and the BlackBerry® Web Desktop Manager, click Wired. 11. Repeat steps 6 to 10 for each BlackBerry Java Application that you want to add to the software configuration. 12. Click Add to software configuration.

  • Page 129: Assign A Software Configuration To A User Account

    If you do not want to install BlackBerry® Java® Applications on a BlackBerry device over the wireless network, and you do not want the user to install the BlackBerry Java Applications using the BlackBerry® Web Desktop Manager or BlackBerry®...

  • Page 130: View The Status Of A Job

    Software, BlackBerry Java® applications, or application settings to BlackBerry devices. If you assign an IT policy to user accounts or change an existing IT policy, a job sends the IT policy changes to BlackBerry devices. You can view the status of a job to determine if it is ready to run, currently running, completed, or completed with task failures.
  • Page 131 An error occurred when the BlackBerry Policy Service tried to retrieve the data that it required to install the BlackBerry Java Application. You can verify that the BlackBerry Policy Service can access the network share that you use to store the application files.
  • Page 132 Device reported insufficient privileges to install module The BlackBerry device does not have the necessary permissions to install the BlackBerry Java Application. You can verify that the BlackBerry device is configured with the necessary permissions to install a BlackBerry Java Application. Resend the BlackBerry Java Application.
  • Page 133 You can verify that the application files are formatted properly and try to send the BlackBerry Java Application to the BlackBerry device again. If your second try at the installation is not successful, in the log files that you collected, locate the user account that experienced the issue. Trace the installation activity.
  • Page 134 0x08 insufficient storage: The BlackBerry device does not have enough memory available to update the BlackBerry Device Software. You can manage the BlackBerry device so that it has enough memory available to update the BlackBerry Device Software (for example, remove applications from the BlackBerry device that are no longer required).
  • Page 135 Administration Guide View the status of a job You can instruct the user to reset the BlackBerry device and you can send the BlackBerry Device Software update again. 0X10 service book flag disabled: A service book on the BlackBerry device does not permit you to send BlackBerry Device Software updates over the wireless network.
  • Page 136 Restarting BlackBerry Enterprise Server components, 327 Error messages: Standard application settings tasks To troubleshoot errors that display for a task when you change the standard application settings on a BlackBerry® device, you can try to determine the cause by collecting the following information: •...
  • Page 137 Error messages: IT policy tasks To troubleshoot errors that display for a task when you send an IT policy to a BlackBerry® device or update an IT policy on a BlackBerry device, you can try to determine the cause by collecting the following information: •...

  • Page 138: Stopping A Job That Is Running

    IT policy command is not delivered to the BlackBerry device, the remaining commands in the group are not delivered to the BlackBerry device. You can try to resend the IT policy to the BlackBerry device. You can also try to resend the service books to the BlackBerry device.

  • Page 139: Stop A Job That Is Running

    View the users that have a BlackBerry Java Application installed on their BlackBerry devices do not change the start time for the job, the BlackBerry Enterprise Server delivers the job on the following day using the default job schedule settings. When the job starts again, the BlackBerry Enterprise Server processes the remaining tasks in the job.

  • Page 140: View How The Blackberry Administration Service Resolved Software Configuration Conflicts For A User Account

    After the BlackBerry Administration Service applies software configurations to a BlackBerry device, you can view how the BlackBerry Administration Service resolved any of the conflicting settings in the multiple software configurations.

  • Page 141: Reconciliation Rules: Blackberry Java Applications

    Reconciliation rules for conflicting settings in software configurations as an asynchronous background activity. You can view the outcome of the reconciliation activities, reconciliation errors, and the applications, software, and settings that the BlackBerry Administration Service installed on or applied to a BlackBerry device.
  • Page 142 Multiple software configurations that contain the same The disposition specified for an application in a software BlackBerry Java Application are assigned to a user configuration that is assigned to a user account takes account or the groups the user belongs to. The...
  • Page 143 A software configuration is assigned to a user account If a BlackBerry Java Application in a software and it contains a BlackBerry Java Application that has a configuration has a dependency on another application, dependency on another BlackBerry Java Application.

  • Page 144: Reconciliation Rules: Blackberry Device Software

    BlackBerry Device Software in a of BlackBerry Device Software is assigned to a group that software configuration that is assigned to a group. the user account belongs to.

  • Page 145: Reconciliation Rules: Application Control Policies

    BlackBerry® Enterprise with BlackBerry devices that are running a BlackBerry® Server version 5.0 or later, and BlackBerry devices that Device Software version earlier than 5.0. are running BlackBerry Device Software version 5.0 or later.

  • Page 146: Reconciliation Rules: Application Control Policies For Unlisted Applications

    Reconciliation rules for conflicting settings in software configurations Scenario Rule application control policies), the application control policy that you ranked highest in the BlackBerry® Administration Service is applied to the user's BlackBerry device. Reconciliation rules: Application control policies for unlisted applications...

  • Page 147: Alternative Methods For Installing Blackberry Java Applications On Blackberry Devices

    Applications to install them on BlackBerry devices using a user’s computer or over the wireless network. Application developers can use the BlackBerry JDE or the BlackBerry Java Plug-in for Eclipse to generate .cod files that contain the compiled application code for a BlackBerry Java Application. BlackBerry devices execute .cod files to run BlackBerry Java Applications.

  • Page 148: Installing Blackberry Java Applications Using The Blackberry Desktop Software

    Eclipse® to create an automated application installer. You can use the application installer to install the files for a BlackBerry Java Application (the .alx identifier file and the application's .cod files) on users’ computers. You can then instruct users to use the application loader tool in the BlackBerry® Desktop Software to install the BlackBerry Java Application on their BlackBerry devices.

  • Page 149: Prerequisites: Installing Blackberry Java Applications Using The Blackberry Desktop Software

    Administration Guide Installing BlackBerry Java Applications using the BlackBerry Desktop Software • If you installed the BlackBerry® Desktop Software on users’ computers, they can use it to install the BlackBerry Java Applications. This method has the following disadvantages: • You must install the BlackBerry Desktop Software on users’ computers.

  • Page 150: Install The Blackberry Java Application Using The Blackberry Desktop Software

    The BlackBerry Application Web Loader supports .cod files only. To install a MIDlet, convert the .jar file to a .cod file. For more information about how to compile .java and .jar file formats into the .cod file format, visit www.blackberry.com/developers...

  • Page 151: Enable The Blackberry Application Web Loader On A Web Server

    • Research In Motion® USB drivers and a USB connection for the BlackBerry device Web server Configure the following MIME types on the web server to permit users to download and install BlackBerry Java Applications on BlackBerry devices: • .cod files: application/vnd.rim.cod •...

  • Page 152: Install The Blackberry Java Application Using The Blackberry Application Web Loader

    BlackBerry Java Application. You must install the BlackBerry® Device Manager on users’ computers so that users can use this method to install BlackBerry Java Applications. The BlackBerry Device Manager manages the connection between the standalone application loader tool and the BlackBerry device.

  • Page 153: Prerequisites: Installing Blackberry Java Applications Using The Standalone Application Loader Tool

    In <drive:>\Program Files\Common Files\Research In Motion\Shared\Applications\, create a folder with a unique name to contain the application files. Maintain the application’s file structure. Copy the .cod, .alx, and .dll files for the BlackBerry Java Application to the folder that you created.

  • Page 154: Share The Research In Motion Folder That Contains The Blackberry Java Application

    Configure the standalone application loader tool to install the BlackBerry Java Application in automated mode Use automated mode if you do not want to give users the option to cancel the installation of the BlackBerry® Java® Application. Before you begin: Verify that BlackBerry® Device Manager version 4.1 or later is installed on the user’s computer.

  • Page 155: Installing Blackberry Java Applications Using A Web Browser On Blackberry Devices

    BlackBerry devices to their computers. You can add the required files for the BlackBerry Java Application (a .jad file and the application .cod or .jar files) to a web server, and instruct users to navigate to the appropriate web address using a browser on their BlackBerry devices.

  • Page 156: Install The Blackberry Java Application On A Web Server

    Installing BlackBerry Java Applications using a web browser on BlackBerry devices Install the BlackBerry Java Application on a web server Before you begin: Obtain the .jad and .cod files or .jar files for the BlackBerry® Java® Application from the application developer, vendor, or wireless service provider.

  • Page 157: Configuring How Users Access Enterprise Applications And Web Content

    BlackBerry MDS Connection Service is the central push server. If two BlackBerry MDS Connection Service instances that are version 5.0 or later exist in a BlackBerry Domain, by default, both instances are central push servers. If more than two BlackBerry MDS Connection Service instances (that are version 5.0 or later) exist in a BlackBerry Domain, the first two instances that start are central push servers.

  • Page 158: Configuring How Blackberry Devices Authenticate To Content Servers

    BlackBerry MDS Connection Service connections, authenticated BlackBerry devices prompt users to provide login information every 60 minutes. The BlackBerry devices prompt users only if the connection to the content server persists for more than 60 minutes.

  • Page 159: Configure The Blackberry Mds Connection Service To Authenticate Blackberry Devices To Content Servers That Use Kerberos

    BlackBerry devices to content servers that use LTPA BlackBerry® devices that are running BlackBerry® Device Software version 3.8 or later manage how HTTP cookies are stored and used to authenticate to content servers that use LTPA authentication technology. For BlackBerry devices that use previous versions of the BlackBerry Device Software, you must permit the BlackBerry MDS Connection Service to manage HTTP cookie storage on BlackBerry devices.

  • Page 160: Configuring The Blackberry Mds Connection Service To Authenticate Devices To The Rsa Authentication Manager

    If you configure the BlackBerry MDS Connection Service to require that users use RSA authentication to access web addresses or intranet addresses that you specify, you can choose to apply this option to specific user accounts or to all user accounts that are associated with a BlackBerry®...

  • Page 161: Configuring How The Blackberry Mds Connection Service Manages Requests For Web Content

    Configuring how the BlackBerry MDS Connection Service manages requests for web content The BlackBerry® MDS Connection Service manages requests for web content from the BlackBerry® Browser and other applications on BlackBerry devices. You can configure how the BlackBerry MDS Connection Service manages these...

  • Page 162: Configure The Blackberry Mds Connection Service To Manage Http Cookie Storage

    Configure the timeout limit for HTTP connections with web servers You can specify how long a BlackBerry® MDS Connection Service waits for a web server to send data to it before the BlackBerry MDS Connection Service closes the HTTP connection to the web server. The default timeout limit is 120,000 milliseconds (2 minutes).

  • Page 163: Configure The Maximum Number Of Times That The Blackberry Browser Accepts Http Redirections

    Configure the maximum number of times that the BlackBerry Browser accepts HTTP redirections HTTP redirection occurs when the BlackBerry® Browser requests a web page from a web server and the web server redirects the request to a new web address for the page. The default limit is 5 redirections.

  • Page 164: Add A Certificate For The Blackberry Mds Connection Service

    Export the BlackBerry MDS Connection Service certificate to make it available to push applications You must export the certificate for the BlackBerry® MDS Connection Service so that you can import it to the key store of a server-side push application.

  • Page 165: Import The Blackberry Mds Connection Service Certificate To The Key Store Of A Push Application

    \Research In Motion\BlackBerry Enterprise Server\MDS\webserver\webserver.keystore -storepass <password>. Type the key store password. After you finish: Import the certificate for the BlackBerry MDS Connection Service to the key store of a push application. Import the BlackBerry MDS Connection Service certificate to the key store of a push application To permit a server-side push application to open trusted connections to the BlackBerry®...

  • Page 166: Configuring A Blackberry Mds Connection Service To Trust Web Servers

    If you want to open trusted connections between web servers and the BlackBerry MDS Connection Service, you must import the certificate for the web server into the JRE™ certificates keystore file (JRE cacerts).

  • Page 167: Configuring Certificate Server Information For The Blackberry Mds Connection Service

    To search for and retrieve certificates from an LDAP server, you can configure the BlackBerry MDS Connection Service to use LDAP or DSML. The BlackBerry MDS Connection Service searches each LDAP server using LDAP or DSML in the order that you specify. If you configure the BlackBerry MDS Connection Service to use both LDAP and DSML to search and retrieve certificates, the BlackBerry MDS Connection Service searches the servers using LDAP and then searches the servers using DSML.

  • Page 168: Ldap Server Settings

    Configuring a BlackBerry MDS Connection Service to trust web servers If you change the LDAP port number or host server information, you must stop and restart the BlackBerry MDS Connection Service so that the BlackBerry MDS Connection Service can use the new port number or host server information immediately.
  • Page 169 This field specifies the user name if the LDAP server requires simple authentication. Configure the BlackBerry MDS Connection Service to use DSML to retrieve certificates In the BlackBerry® Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view. Click MDS Connection Service.
  • Page 170 Click Save all. After you finish: • To configure the BlackBerry MDS Connection Service to retrieve the status of certificates from an OCSP server or CRL server, you must configure the OCSP server and CRL server information. • Add the communication information that you configured for the DSML server to the BlackBerry MDS Connection Service configuration set.

  • Page 171: Configuration Set

    Administration Guide Configuring a BlackBerry MDS Connection Service to trust web servers After you finish: Add the communication information that you configured for the OCSP server to the BlackBerry MDS Connection Service configuration set. Related topics Add communication information to a BlackBerry MDS Connection Service configuration set, 169...
  • Page 172 Configuring a BlackBerry MDS Connection Service to trust web servers that the BlackBerry MDS Connection Service requires to communicate with servers to a configuration set so that a BlackBerry MDS Connection Service instance can communicate with the servers after you assign the configuration set to the instance.

  • Page 173: Add A Retrieved Certificate For A Web Server To The Key Store

    Add a retrieved certificate for a web server to the key store You can use the Java® keytool to add a certificate for a web server to the BlackBerry® MDS Connection Service key store. The certificate permits the BlackBerry MDS Connection Service to connect to the trusted web server.

  • Page 174: Configure Global Login Information For Intranet Site Access

    Specify the pending content timeout limit for a BlackBerry MDS Connection Service You can specify how long a BlackBerry® MDS Connection Service waits for acknowledgment from a BlackBerry device before it deletes pending content for the BlackBerry device. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology >...

  • Page 175: Permit Java Applications To Use Scalable Socket Connections With A Blackberry Mds Connection Service

    Click Save all. Specify the thread pool size of a BlackBerry MDS Connection Service You can specify the maximum number of threads that a BlackBerry® MDS Connection Service can process at the same time. Before you begin: Verify that your system memory can support the thread pool size that you want to specify.

  • Page 176: Prevent The Blackberry Mds Connection Service From Using Scalable Http

    BlackBerry MDS Connection Service. When a BlackBerry MDS Connection Service uses scalable HTTP, it streams data to and from BlackBerry devices instead of storing and forwarding the data. If you want a BlackBerry MDS Connection Service to process data as it did in previous versions of the BlackBerry® Enterprise Server, you can prevent a BlackBerry MDS Connection Service from using scalable HTTP.

  • Page 177: Specify How Often A Blackberry Mds Connection Service Polls For Configuration Information

    Specify how often a BlackBerry MDS Connection Service polls for configuration information You can specify how often a BlackBerry® MDS Connection Service polls the BlackBerry Configuration Database for changes to the administration settings for the BlackBerry MDS Connection Service and BlackBerry Collaboration Service.

  • Page 178: Setting Up The Messaging Environment

    • To create an email message filter that does not deliver email messages that match the filter criteria to BlackBerry devices, select Do not forward email messages to the device. • To create an email message filter that forwards email messages that match the filter criteria to BlackBerry devices, select Forward email messages to the device.

  • Page 179: Turn On An Email Message Filter That Applies To All User Accounts On A Blackberry Enterprise Server

    To move the email message filter higher or lower in the list, click the Up or Down icons. The BlackBerry® Enterprise Server applies email message filters in the order that they are listed in. Organize the email message filters from the least restrictive to the most restrictive.

  • Page 180: Turn On An Email Message Filter That Applies To A Specific User Account

    BlackBerry Enterprise Server. To create a copy of existing email message filters, you can export the existing email message filters for a BlackBerry Enterprise Server as an .xml file. You can then import the .xml file so that you can use it with another instance of the BlackBerry Enterprise Server.

  • Page 181: Copying Existing Email Message Filters To User Accounts

    Administration Guide Copying existing email message filters to user accounts In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Email. Click the instance that you want to change.

  • Page 182: Extension Plug-Ins For Processing Messages

    You can add extension plug-ins to a BlackBerry® Messaging Agent. The BlackBerry Messaging Agent uses extension plug-ins to process and make changes to email messages and attachments that the BlackBerry Messaging Agent sends to and receives from BlackBerry devices. For example, you can add an extension plug-in to modify the signature in email messages.

  • Page 183: Add An Extension Plug-In To A Blackberry Messaging Agent

    Repeat steps 4 and 5 for each extension plug-in that you want to add. If necessary, click the Up and Down icons to set the order that the BlackBerry Messaging Agent uses the extension plug-ins to process email messages in.

  • Page 184: Configure How A Blackberry Messaging Agent Deletes Email Messages From A Blackberry State Database

    To manage your organization's messaging environment, you can configure how a BlackBerry® Messaging Agent deletes email messages that users create and delete from the BlackBerry state database. If you change the database pruning settings for the BlackBerry state database, your organization's messaging environment might experience a performance impact.

  • Page 185: Map A Contact Information Field In An Email Application To Contact List Fields On Blackberry Devices

    Mapping contact information fields for synchronization and contact lookups You can map up to four fields that users define in the contact information on their computers to their BlackBerry devices. When users request a remote contact lookup from the IBM® Lotus Notes® address book, the fields that you configure display on BlackBerry devices.

  • Page 186: Map A Contact List Field In An Email Application To A Contact List Field On A Blackberry Device

    Map a contact list field in an email application to a contact list field on a BlackBerry device You can map up to four contact list fields that users define in an email application to a BlackBerry® device. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User.

  • Page 187: Configuring Blackberry Devices To Enroll Certificates Over The Wireless Network

    You can make the certificate enrollment process required so that devices automatically start the certificate enrollment process after the devices receive the updated IT policy from the BlackBerry Enterprise Server. If you do not make the certificate enrollment process required, you must instruct users to start the CA Profile Manager on the devices manually.

  • Page 188: Configure The Blackberry Mds Connection Service To Connect To The Certificate Authority

    On the HTTP tab, in the Name field, type the certificate authority name. In the Service URL field, type the URL that the BlackBerry MDS Connection Service can use to send certificate requests to the certification authority using the following format: http:// <FQDN_of_CA_server>:<port_number>/* (for example, http://myca.mycompany.com:80/*).

  • Page 189: Add Communication Information To A Blackberry Mds Connection Service Configuration Set

    DSML server, a CRL server, an OCSP server, or a certification authority. You must add the communication information that the BlackBerry MDS Connection Service requires to communicate with servers to a configuration set so that a BlackBerry MDS Connection Service instance can communicate with the servers after you assign the configuration set to the instance.

  • Page 190: Assign A Blackberry Mds Connection Service Configuration Set To A Blackberry Mds Connection Service Instance

    You can assign a BlackBerry® MDS Connection Service configuration set to a BlackBerry MDS Connection Service instance so that BlackBerry device users can access documents on remote file systems from devices, the BlackBerry MDS Connection Service can search for certificates and check for the status of the certificates from LDAP servers, DSML servers, CRL servers, or OCSP servers, and the BlackBerry MDS Connection Service can send certificate requests to a certificate authority.

  • Page 191: Managing An Enrolled Certificate

    BlackBerry Configuration Database when the certificate enrollment process starts for a new certificate. Also, if a certificate is expired or revoked, you or a BlackBerry device user can update the certificates on the device using the certificate synchronization tool in the BlackBerry® Desktop Software or by copying an updated certificate from a media card or smart card.

  • Page 192: Properties In The Rimpublic.properties File

    Administration Guide Change the polling interval, logging, and pool size for the BlackBerry MDS Connection Service connection to the certificate authority Save and close the rimpublic.properties file. In the Windows® Services, restart the BlackBerry MDS Connection Service service. Related topics Restarting BlackBerry Enterprise Server components, 327 Properties in the rimpublic.properties file...

  • Page 193: Making The Blackberry Web Desktop Manager Available To Users

    Desktop Manager on users' computers By default, when users open and log in to the BlackBerry® Web Desktop Manager for the first time, the browser prompts them to accept a client authentication certificate and install the required RIMWebComponents.cab file. The RIMWebComponents.cab file provides the BlackBerry®...

  • Page 194: Publish The Client Files For The Blackberry Web Desktop Manager In A Windows Gpo For Windows Vista

    Manager in a Windows GPO for Windows Vista Before you begin: • Add the web address for the BlackBerry® Administration Service to the list of trusted web sites in the web browser. • Download and install the Microsoft® Group Policy Management Console with Service Pack 1. For more information about installing the service pack, see www.microsoft.com.

  • Page 195: Configure The Microsoft Activex Installer On Windows Vista

    21. Click Show. 22. Click Add. 23. In the Enter the name of the item to be added field, type the web address for the BlackBerry Administration Service. 24. In the Enter the value of the item to be added field, type 2,2,1,0.
  • Page 196 Administration Guide Configure users' computers to install the client file for the BlackBerry Web Desktop Manager automatically VALUENAME "UseCoInstall" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END POLICY END CATEGORY [strings] EnableActiveXInstallFromAD="Allow user computers to install administrator-approved Microsoft ActiveX components." EnableActiveXInstallFromAD_Explain="Allow user computers to install administrator-approved Microsoft ActiveX components."...

  • Page 197: Make The Blackberry Web Desktop Manager Available To Users

    The BlackBerry® Web Desktop Manager web address is https://<full_computer_name> /webdesktop/login. If you customized the BlackBerry Web Desktop Manager text colors or image and you want to display the changes on the login screen, you must direct users to https://<full_computer_name>/webdesktop/app? page=Login&service=page&orgId=0.

  • Page 198: Configuring The Blackberry Web Desktop Manager

    BlackBerry device, deleting data from a device, or deactivating a device. You can also customize the UI of the BlackBerry Web Desktop Manager by changing the text colors or displaying a custom image, such as your organization's logo, to match the design of your organization's intranet.

  • Page 199: Configure The Domains For Backing Up Data Using The Blackberry Web Desktop Manager

    Change the text colors in the BlackBerry Web Desktop Manager You can change the text colors in BlackBerry® Web Desktop Manager to match the colors that your organization uses for UIs. In the BlackBerry® Administration Service, on the Servers and components menu, expand BlackBerry Solution topology >...

  • Page 200: Blackberry Web Desktop Manager Text Colors

    Manager You can display a custom image, such as your organization's logo, in the upper-right corner of the BlackBerry® Web Desktop Manager. The image file that you specify must be a .jpg or .gif file that is located on a trusted web site.

  • Page 201: Display The Domain Name On The Login Page Of The Blackberry Web Desktop Manager

    You can specify the domain name that appears automatically in the Domain field when users browse to the BlackBerry® Web Desktop Manager login page. You can specify only one domain name. You can also provide the domain name to users when you send their login information to them.

  • Page 202: Creating And Configuring Wi-Fi Profiles And Vpn Profiles

    Wi-Fi networks. You can manage the configuration settings for user accounts that are associated with a BlackBerry® Enterprise Server by creating Wi-Fi profiles. You can create and assign one or more Wi-Fi profiles to a user account or to a group using a process that is similar to the process you use to create an IT policy and assign it to a user account.
  • Page 203 If necessary, configure your organization’s enterprise Wi-Fi network to access the DHCP server. • If you do not use static IT addresses, use the DNS lookup tool on a Wi-Fi enabled BlackBerry device to verify that the BlackBerry device can access the DHCP server.

  • Page 204: Create A Wi-Fi Profile

    Configure a Wi-Fi profile on a BlackBerry device You can instruct BlackBerry® device users to perform the following task if you want users to configure a Wi-Fi® profile for the Wi-Fi networks that you did not create a Wi-Fi profile for in the BlackBerry® Administration Service. By default, new Wi-Fi profiles appear at the end of the Wi-Fi profile list on the BlackBerry device.

  • Page 205: Assign A Wi-Fi Profile To A User Account

    Click Save all. When you assign a Wi-Fi profile to a group that has at least one user account assigned to it, the BlackBerry Administration Service creates jobs to deliver the resulting objects to BlackBerry devices.

  • Page 206: Creating And Configuring Vpn Profiles

    BlackBerry® Enterprise Server uses) on a BlackBerry device or using a VPN profile or IT policy. You can assign one or more VPN profiles to a user account or to a group. If a user account has a VPN profile, you can associate the VPN profile with the Wi-Fi profile for the user account.

  • Page 207: Configure A Vpn Profile

    Click Save. When you assign a VPN profile to a group that has at least one user account assigned to it, the BlackBerry Administration Service creates jobs to deliver the resulting objects to BlackBerry devices.

  • Page 208: Associate A Vpn Profile With A Wi-Fi Profile

    Associate a VPN profile with a Wi-Fi profile To permit a BlackBerry® device to connect to a Wi-Fi® network using a VPN session, you must associate a VPN profile with a Wi-Fi profile that you assigned to the user account.

  • Page 209: Importing Profile Information From A .Csv File

    Consider the following guidelines: • Specify only one action that you want the BlackBerry® Enterprise Server to perform in each row of the file. • To assign more than one action to a user account, create multiple rows for the user account.
  • Page 210 Fields in the .csv file that contains profile information The following table describes the fields that you can configure in a .csv file. The BlackBerry® Administration Service uses the fields in the .csv file to update profile information that you assigned to user accounts.

  • Page 211: Import Profile Information From A .Csv File

    Import profile information from a .csv file The BlackBerry® Administration Service processes actions in the order that they appear in the .csv file. If two actions that you listed in the file contradict each other, the action that appears closer to the end of the file is the action that the BlackBerry Administration Service processes.

  • Page 212: Configuring Encryption And Authentication Methods For Wi-Fi Enabled Blackberry Devices

    WEP key numbering in the configuration settings of the Wi-Fi profile for the enterprise Wi-Fi network. For example, WEP key 1 on the BlackBerry device is WEP key 0 in the configuration settings, and WEP key 2 on the BlackBerry device is WEP key 1 in the configuration settings.

  • Page 213: Configuring Psk Encryption

    For more information about configuration settings, see the BlackBerry Enterprise Server Policy Reference Guide. • Assign the Wi-Fi profile to the user accounts. • Resend the IT policy that you assign to the user accounts to Wi-Fi enabled BlackBerry devices. Related topics Creating and configuring Wi-Fi profiles, 200 Configuring PSK encryption The IEEE®...

  • Page 214: Configuring Leap Authentication

    BlackBerry devices support LEAP authentication that uses a user name and password. You must distribute the user name and password using a Wi-Fi profile that you assign to user accounts. BlackBerry devices use a one-way function to encrypt passwords before they send the passwords to the authentication server.

  • Page 215: Configuring Peap Authentication

    PEAP authentication require the root certificate for the certificate authority that issued the certificate. To distribute the root certificate to BlackBerry devices, you can use the certificate synchronization tool in the BlackBerry® Desktop Manager. You must configure a Wi-Fi profile to provide the user name and password for authentication.

  • Page 216: Prerequisites: Distributing A Certificate Using The Blackberry Desktop Manager

    Distribute a certificate using the BlackBerry Desktop Manager If a BlackBerry® device requires the root certificate for the certificate authority, a client certificate, or both, you can distribute the certificates using BlackBerry® Desktop Manager. The BlackBerry device can add the certificates to the list of explicitly trusted certificate authority certificates or the list of client certificates.

  • Page 217: Configure Peap Configuration Settings In The Wi-Fi Profile On A Blackberry Device

    12. Verify that the Allow inter-access point handover option is selected. 13. If necesssary, select the Prompt before connection check box. If you do not select the check box, the BlackBerry device connects to an available wireless access point automatically.

  • Page 218: Configuring Eap-Tls Authentication

    To trust the authentication server certificate, BlackBerry devices must trust the certificate authority that issued the certificate. A certificate authority that the BlackBerry devices and the authentication server trust mutually must generate the certificate for the authentication server and the certificate for each BlackBerry device.

  • Page 219: Configure Eap-Tls Configuration Settings In The Wi-Fi Profile On A Blackberry Device

    12. Verify that the Allow inter-access point handover option is selected. 13. If necessary, select the Prompt before connection check box. If you do not select the check box, the BlackBerry device connects to an available wireless access point automatically.

  • Page 220: Configure Eap-Ttls Authentication Data For Blackberry Devices Using A Wi-Fi Profile

    EAP-TTLS authentication require the root certificate for the certificate authority that created the authentication server certificate. To distribute the root certificate to BlackBerry devices, you can use the certificate synchronization tool in BlackBerry® Desktop Manager or you can enroll the certificate over the wireless network.

  • Page 221: Configure Eap-Ttls Configuration Settings In The Wi-Fi Profile On A Blackberry Device

    11. Verify that the Allow inter-access point handover option is selected. 12. If necesssary, select the Prompt before connection check box. If you do not select the check box, the BlackBerry device connects to an available wireless access point automatically.

  • Page 222: Configure Eap-Fast Authentication

    Send EAP-FAST authentication data to a BlackBerry device using a Wi-Fi profile If BlackBerry® users in your organization's environment use BlackBerry® 7270 smartphones, you must configure user names and passwords using IT policy rules instead of configuration settings. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy > Wi- Fi configuration.

  • Page 223: Configure Eap-Fast Configuration Settings In The Wi-Fi Profile On Blackberry Devices

    If your organization uses dynamic IP addresses, verify that the Automatically obtain IP address and DNS option is selected. If necesssary, select the Prompt before connection check box. If you do not select the check box, the BlackBerry device connects to an available wireless access point automatically.

  • Page 224: Configuring Software Tokens For Blackberry Devices

    When users try to open a Wi-Fi or VPN connection that requires two-factor authentication on the BlackBerry devices, the BlackBerry devices prompt the users to type the software token PIN and submit the current tokencode for the connection type to create the passcode for two-factor authentication.

  • Page 225: Configure Blackberry Devices For Rsa Authentication

    Configure RSA authentication over a Wi-Fi network using a software token You must add the serial number of the software token that the Wi-Fi® enabled BlackBerry® devices can use to a Wi- Fi profile so that RSA® authentication can occur over Wi-Fi connections.

  • Page 226: Configure Rsa Authentication Over A Vpn Network Using A Software Token

    Configure RSA authentication over a VPN network using a software token You must add the serial number of the software token that the Wi-Fi® enabled BlackBerry® device can use to a VPN profile so that RSA® authentication can occur over VPN connections.
  • Page 227 Administration Guide Assign software tokens to a user account 11. Click Save all.

  • Page 228: Changing The Security Settings Of The Blackberry Administration Service And Blackberry Web Desktop Manager

    SSL certificate to protect the HTTPS connection. You can import a self-signed SSL certificate or a trusted certificate that a certification authority signs after the installation process completes. If you configure a BlackBerry Administration Service pool, you must generate an SSL certificate that uses the name of the BlackBerry Administration Service pool.

  • Page 229: Configuring Which Ibm Lotus Domino Server With Diiop The Blackberry Administration Service Uses

    BlackBerry Administration Service. If you want to configure high availability for the DIIOP task so that the BlackBerry Administration Service can connect to a different server running the DIIOP task automatically, you must configure a hardware or software load balancer that can manage the IBM Lotus Domino server connections for the BlackBerry Administration Service.

  • Page 230: Change The Information For Microsoft Active Directory Authentication

    • To control which user accounts the BlackBerry Administration Service can authenticate with, type the distinguished name of the user container (for example, OU=sales,DC=example,DC=com). If you want the BlackBerry Administration Service to find all of the global catalog servers in the resource forest automatically, in the Global Catalog server discovery drop-down list, click Automatic.

  • Page 231: Configuring Single Sign-On Authentication For The Blackberry Administration Service And Blackberry Web Desktop Manager

    Configure constrained delegation for the Microsoft Active Directory account to support single sign-on authentication Use the Windows Server® ADSI Edit tool to add the following SPNs for the BlackBerry® Administration Service pool to the Microsoft® Active Directory® account : • HTTP/<BAS_pool_FQDN> (for example, HTTP/BASconsole104.example.com) •...

  • Page 232: Turn On Single Sign-On Authentication For The Blackberry Administration Service

    Instruct all administrators and device users to add the web addresses for the BlackBerry Administration Service and BlackBerry® Web Desktop Manager to the list of web sites in the local intranet zone and install the certificate for the BlackBerry Administration Service or BlackBerry Web Desktop Manager in the certificate store of their computers.

  • Page 233: Changing Password Settings For Blackberry Administration Service Authentication

    Administration Service single sign-on and BlackBerry Web Desktop Manager users log in using IBM® Lotus Notes® user names and passwords. In this scenario, you can instruct administrators to log into the BlackBerry Administration Service console using the web address https://<BAS_pool_FQDN>/webconsole/login and instruct BlackBerry Web Desktop Manager users to log in to BlackBerry Web Desktop Manager using the web address https:// <BAS_pool_FQDN>/webdesktop/app.
  • Page 234 Administration Guide Regenerate the system credentials for the BlackBerry Administration Service On a computer that hosts a BlackBerry Administration Service instance, in the Windows Services, start the BlackBerry Administration Service services. On the computers that host the remaining BlackBerry Administration Service instances, in the Windows Services, start the BlackBerry Administration Service services.

  • Page 235: Protecting And Redistributing Devices

    Protecting and redistributing devices Protecting and redistributing devices Preparing a device for redistribution to a new user You can prepare a BlackBerry® device for redistribution to a new BlackBerry device user by performing one of the following actions: • use the security options on the device to permanently delete all user data •...

  • Page 236: Deleting Only Work Data From A Device

    To help secure your organization's data on a personal BlackBerry® device, you can permit your organization to delete work data from a device when a user no longer works at your organization. You can use the BlackBerry Administration Service to require that a personal device remove only work data when the device receives the Delete only the organization data and remove device IT administrative command over the wireless network.

  • Page 237: Delete Only Work Data From A Device

    Delete only work data from a device Before you begin: If you want to remove your organization's applications from the BlackBerry® device, create a software configuration that includes the applications and set the disposition of all work applications to Disallowed in the software configuration.

  • Page 238: Using It Administration Commands To Protect A Lost Or Stolen Device

    The BlackBerry® Enterprise Server includes IT administration commands that you can send over the wireless network to protect sensitive data on a BlackBerry device. You can use the commands to lock the device, permanently delete work data, permanently delete user information and application data, and return the device settings to the default values.

  • Page 239: Protect A Stolen Device

    Optionally, in the Removing users and devices section, in the Actions drop-down list, perform one of the following actions: • To delete a user account from the BlackBerry® Enterprise Server but retain the BlackBerry Enterprise Server information in the user's mailbox, click Delete the user.

  • Page 240: Protect A Lost Device

    Using IT administration commands to protect a lost or stolen device Protect a lost device If a user misplaces a BlackBerry® device or if a device is stolen, you can protect the data on the device by locking the device or making it unavailable.
  • Page 241 Using IT administration commands to protect a lost or stolen device • To disable a user account from the BlackBerry Enterprise Server and remove the BlackBerry Enterprise Server information from the user's mailbox, click Disable the user and remove the profile document and the state database.

  • Page 242: Managing Administrator Accounts

    Switch the appropriate tabs to change the appropriate permissions. Click Save all. After you finish: Instruct administrators to log out of the BlackBerry Administration Service and log in again so that the changes can take effect immediately. Change the roles for an administrator account To reflect the changes to an administrator's responsibilities in your organization, you can add or remove one or more administrative roles for the administrator account.

  • Page 243: Delete An Administrator Account

    Delete an administrator account You can delete an administrator account when you no longer require it in your organization's environment. Before you begin: If the administrator is also a BlackBerry® device user, remove the BlackBerry device from the administrator account.

  • Page 244: Managing Groups And User Accounts

    You can either create user-specific groups and assign roles to those groups or use the default user groups that contain pre-existing roles. If you are managing a large number of groups (over 3000) using the BlackBerry Administration Service in a single domain, your organization's environment might experience a performance impact.

  • Page 245: Remove A User Account From A Group

    BlackBerry Web Desktop Manager such as setting an activation password or locking their BlackBerry device. Remove a user account from a group In the BlackBerry® Administration Service, on the BlackBerry solution management menu, expand Group. Click Manage groups. Click the group name.

  • Page 246: Delete A Group

    When you delete a user account, you can retain the user account information in the BlackBerry Enterprise Server. You can activate the user account again, or the user can continue to use the BlackBerry device as a BlackBerry® Desktop Redirector. When you activate a user account that you retained, the user account will have the same settings it had before you deleted it.

  • Page 247: Delete A User Account From The Blackberry Enterprise Server

    Managing user accounts • Verify that the BlackBerry Enterprise Server that you are moving the user account from is part of the LocalDomainServer group and that you replicated the Lotus Domino directory to the messaging servers in your organization's environment.

  • Page 248: Update The Contact List Manually

    You can update the contact list in the BlackBerry® Configuration Database so that you can include any organizational changes or updates in the contact list. The amount of time that the BlackBerry Mail Store Service requires to update the contact list depends on the contact list size.

  • Page 249: Managing The Delivery Of Blackberry Java Applications, Blackberry Device Software, And Device Settings To Blackberry Devices

    The default value is 15 minutes. In the General section, in the Mark job as failed field, type the number of days that the BlackBerry Administration Service waits before it defines a job that was not delivered to BlackBerry devices as failed.

  • Page 250: Change How It Policies Are Sent To Blackberry Devices

    Change how IT policies are sent to BlackBerry devices You can change the settings that the BlackBerry® Administration Service uses to send all IT policy settings and updates to BlackBerry devices. If you change the default settings for IT policy distribution, your organization's environment might experience a performance impact.

  • Page 251: Change How To Install, Update, Or Remove Blackberry Java Applications

    Managing the default distribution settings for jobs If necessary, in the Total number of tasks per time window per BlackBerry Administration Service instance field, type the total number of IT policy tasks that you want the BlackBerry Enterprise Server to process during each processing interval.

  • Page 252: Change How To Install Or Update The Blackberry Device Software

    The default value is 25. If necessary, in the Total number of tasks per time window per BlackBerry Administration Service instance field, type the total number of application tasks that you want the BlackBerry Enterprise Server to process during each processing interval.

  • Page 253: Change How The Blackberry Enterprise Server Sends Standard Application Settings To Blackberry Devices

    BlackBerry Enterprise Server to process at the same time. The default value is 1000. On the Job throttling tab, to turn on throttling for all BlackBerry Device Software tasks in jobs, select Enabled to reduce load on system. If necessary, in the Default throttling for all BlackBerry Device Software tasks in each job in a time window...

  • Page 254: Managing The Distribution Settings For A Specific Job

    When you create a software configuration and assign it to user accounts, change a software configuration that you assigned to user accounts, or assign or change an IT policy, the BlackBerry® Administration Service creates jobs to deliver the resulting objects or settings to BlackBerry devices. Before the BlackBerry Administration Service delivers a specific job, you can change the delivery schedule of the job, priority of the job, and how the job delivers IT policies, BlackBerry Java®...

  • Page 255: Specify The Start Time And Priority For A Job

    Service. You can also change the priority of a job. By default, all jobs have a medium priority. If you change the priority of a job to low, the BlackBerry® Enterprise Server processes it after the jobs with a medium or high priority. The BlackBerry Enterprise Server processes jobs with a high priority before it processes jobs with a medium or low priority.

  • Page 256: Change How A Job Sends Blackberry Java Applications To Blackberry Devices

    If necessary, in the Total number of tasks per time window per BlackBerry Administration Service instance field, type the total number of IT policy tasks in the job that you want the BlackBerry Enterprise Server to process during each processing interval.

  • Page 257: Change How A Job Sends The Blackberry Device Software To Blackberry Devices

    If necessary, in the Total number of tasks per time window per BlackBerry Administration Service instance field, type the total number of application tasks in the job that you want the BlackBerry Enterprise Server to process during each processing interval.
  • Page 258 Click the Add icon. To turn on throttling for all BlackBerry Device Software tasks in jobs, in the Default throttling enablement for all BlackBerry Device Software tasks in each job in a time window section, click Enabled to reduce load on system.

  • Page 259: Change How A Job Sends Standard Application Settings To Blackberry Devices

    BlackBerry devices. You can change how the BlackBerry Administration Service sends settings and updates in jobs to BlackBerry devices. If you change the default distribution settings for the standard application settings in BlackBerry Device Software configurations, your organization's environment might experience a performance impact.

  • Page 260: Managing Blackberry Java Applications On Blackberry Devices

    If necessary, in the Total number of tasks per time window per BlackBerry Administration Service instance field, type the total number of tasks for standard application settings in the job that you want the BlackBerry Enterprise Server to process during each processing interval.

  • Page 261: Managing Software Configurations

    • If you configured the software configuration to permit unlisted applications on BlackBerry devices, and you do not want to permit users to install the application on their BlackBerry devices, perform steps 7 to 12. Click Add applications to software configuration.

  • Page 262: Remove A Software Configuration From A User Account

    If you remove a software configuration from a user account, the applications in the software configuration are removed from the BlackBerry® device associated with the user account. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User. Click Manage users.

  • Page 263: Managing How Users Access Enterprise Applications And Web Content

    You can prevent BlackBerry® device users from accessing specific web servers using the BlackBerry® Browser or applications on BlackBerry devices. To specify the web servers that you want users to access, you can turn on pull authorization to restrict access to all types of web content and create pull rules to specify a list of web servers that you permit users to access.

  • Page 264: Create A Pull Rule

    Restricting user access to content on web servers A web site that uses DNS load balancing returns a single IP address to the BlackBerry MDS Connection Service but might use multiple IP addresses to provide access to the web site. As a result, the BlackBerry MDS Connection Service might not be able to restrict BlackBerry devices from accessing the web site.

  • Page 265: Assign A Pull Rule To The Members Of A Group

    The device user is not prompted to enter authentication credentials if they are not required by the web site. • To require that the BlackBerry MDS Connection Service authenticates a user using integrated Windows authentication, click Integrated. • To require that a user authenticates to the RSA Authentication Manager using RSA authentication, click RSA.

  • Page 266: Assign A Pull Rule To User Accounts

    Restricting user access to media content in the BlackBerry Browser You can use standard definitions for MIME media types so that you can restrict the media types that the BlackBerry® MDS Connection Service can send to the BlackBerry® Browser and other applications on BlackBerry devices.

  • Page 267: Configure Download Limits For Media Content Types

    BlackBerry device users can download to BlackBerry devices during each connection. Each request for data that the device makes to the BlackBerry MDS Connection Service is a connection. If you do not configure a limit for media content types, the default values apply.

  • Page 268: Configuring Integrated Windows Authentication So That Users Can Access Resources On Your Organization's Network

    You must also configure two-way trust between the Microsoft Active Directory domain that the BlackBerry MDS Connection Service is running on and other Microsoft Active Directory domains in other forests that the BlackBerry MDS Connection Service must connect to. The S4U2proxy extension that the BlackBerry MDS Connection Service uses to retrieve the Kerberos™...
  • Page 269 For more information about configuring the Microsoft Active Directory account using setspn and Microsoft Active Directory, visit www.blackberry.com/btsc to read article KB22726. If a pool of application servers host a intranet site and the pool is running on Microsoft® IIS and is located behind a load-balancer, use setspn or ADSI to add the SPNs of the intranet site to the user account (also known as the identity) of the pool.
  • Page 270 Repeat steps 1 to 6 for each intranet site that you want to turn on integrated Windows authentication for. After you finish: • If required, configure BlackBerry® MDS Connection Service to use a Microsoft Active Directory account when the messaging server is in a remote Microsoft Active Directory domain. •...

  • Page 271: Configuring The Blackberry Mds Connection Service When The Messaging Server Is Located In A Remote Microsoft Active Directory Domain

    Microsoft Active Directory domain If the computer that hosts the BlackBerry® MDS Connection Service is not located in the same Microsoft® Active Directory® domain as the global catalog server or messaging server and you want to configure support for Integrated Windows®...

  • Page 272: Turn On Integrated Windows Authentication So That Users Can Access Resources On Your Organization's Network

    Administration Guide Configuring Integrated Windows authentication so that users can access resources on your organization's network After you finish: Turn on Integrated Windows authentication when BlackBerry device users access resources on your organization's network. Related topics Restarting BlackBerry Enterprise Server components, 327...

  • Page 273: Restricting The Push Application Content That Users Can Receive

    You can configure your organization's environment so that only specific server-side push applications can send push requests to BlackBerry devices. You can turn on push authentication to prevent a BlackBerry MDS Connection Service from sending push requests, and create push initiators that permit specific server-side applications to send push requests to BlackBerry devices.

  • Page 274: Create Push Initiators For Push Applications

    If you turned on push authentication and created push initiators to specify which push applications can send push requests, you can create push rules to specify which users are permitted to receive authenticated push requests. The BlackBerry® MDS Connection Service can apply push rules only if you turn on push authorization for the BlackBerry MDS Connection Service.

  • Page 275: Create A Push Rule

    Related topics Restrict push applications from sending data to BlackBerry devices, 271 Create a push rule In the BlackBerry® Administration Service, in the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view. Click MDS Connection Service.

  • Page 276: Assign A Push Rule To User Accounts

    Encrypt push requests that push applications send to BlackBerry devices You can configure a BlackBerry® MDS Connection Service to use SSL or TLS to encrypt the push requests that server- side push applications send to BlackBerry devices. By default, the BlackBerry MDS Connection Service does not encrypt the push requests that server-side push applications send.

  • Page 277: Managing Push Application Requests

    Managing push application requests The BlackBerry® MDS Connection Service receives push application requests from server-side push applications and sends the requests to applications on BlackBerry devices. You can control how the BlackBerry MDS Connection Service processes, stores, and sends push application requests.

  • Page 278: Configure The Settings For Storing Push Requests In The Blackberry Configuration Database

    Configure the maximum number of active connections that a BlackBerry MDS Connection Service can process You can configure the maximum number of push connections that a BlackBerry® MDS Connection Service can process at the same time. The BlackBerry MDS Connection Service queues the push connections that exceed this limit.

  • Page 279: Configure The Maximum Number Of Queued Connections That A Blackberry Mds Connection Service Can Process

    The BlackBerry® MDS Connection Service queues push connections when the number of connections exceeds a limit that you specify. You can configure the maximum number of push connections that a BlackBerry MDS Connection Service can queue. The BlackBerry MDS Connection Service sends a "service unavailable" message to BlackBerry devices when the number of pending push connections in the queue exceeds the limit.

  • Page 280: Managing Organizer Data Synchronization

    Delete organizer data for members of a user group from the BlackBerry Enterprise Server If the BlackBerry® Enterprise Server is not writing organizer data for members of a user group from their BlackBerry devices to the BlackBerry Configuration Database correctly, the organizer data on the BlackBerry Enterprise Server might be corrupted.

  • Page 281: Delete A User's Organizer Data From A Blackberry Enterprise Server

    Delete a user's organizer data from a BlackBerry Enterprise Server If the BlackBerry® Enterprise Server writes a user’s organizer data from a BlackBerry device to the BlackBerry Configuration Database incorrectly, the organizer data on the BlackBerry Enterprise Server might become corrupt.

  • Page 282: Changing How Organizer Data Synchronizes

    Click Edit component. For each type of organizer data, in the Synchronization type drop-down list, perform one of the following actions: • To synchronize data from the BlackBerry® Enterprise Server to the BlackBerry device only, click Server to Device. • To synchronize data from the BlackBerry device to the BlackBerry Enterprise Server only, click Device to Server.

  • Page 283: Change How The Blackberry Administration Service Resolves Conflicts During Organizer Data Synchronization For All User Accounts On A Blackberry Enterprise Server

    Administration Guide Changing how organizer data synchronizes • To synchronize data from the BlackBerry device to the BlackBerry Enterprise Server only, click Device to Server. • To synchronize data from the BlackBerry device to the BlackBerry Enterprise Server and from the BlackBerry Enterprise Server to the BlackBerry device, click Bidirectional.

  • Page 284: Specify The Location Of Organizer Data

    Specify the location that the BlackBerry Messaging Agent uses to find organizer data You can specify the location that the BlackBerry® Messaging Agent uses to find a BlackBerry user's address book or memo organizer data. Note: If the Location - Server and Location - Relative Path fields are not populated, the BlackBerry® Enterprise Server does not synchronize the user's address book and memo application to the user's BlackBerry device.

  • Page 285: Managing Your Organization's Messaging Environment And Attachment Support

    BlackBerry devices. You can also manage individual user accounts, provide support to users, control the size of the message queue, and control the load on the BlackBerry Messaging Agent to process forwarding requests. By default, email message forwarding is turned on when you add a user account to the BlackBerry Enterprise Server.

  • Page 286: Forward Email Messages From Inbox Subfolders To A Blackberry Device

    • To forward email messages from the user's inbox and sent items folder, click Inbox and Sent Items only. • To select the folders that you want the BlackBerry Enterprise Server to forward messages from, click Selected folders. Click the folders that you want to forward messages from.

  • Page 287: Turn Off Email Message Forwarding To A User Account

    To manage network resources and control the number of email messages on a user's BlackBerry® device, you can turn off email message forwarding when a user's BlackBerry device is connected to the user's computer using a USB connection.

  • Page 288: Managing The Incoming Message Queue

    When you delete pending email messages from the incoming message queue, the BlackBerry® Enterprise Server does not send the email messages to the user’s BlackBerry device. The email messages remain in the email application on the user’s computer.

  • Page 289: Turn Off Wireless Message Reconciliation For A Blackberry Enterprise Server

    • In the Windows® Services, restart the BlackBerry Dispatcher. Repeat step 2 to step 6 for each BlackBerry Enterprise Server instance that you want to turn off the feature for. After you finish: To allow the user to check the availability of a potential meeting participant, in the Messaging Options section, change Free busy lookup turn on to True.

  • Page 290: Prevent A User From Searching For Remote Email Messages Using A Device

    • If you are changing a BlackBerry Enterprise Server instance, in the Status list, click Restart instance. • If you are changing a BlackBerry Enterprise Server pair, in the Status list for one of the instances in the pair, click Restart instance. Repeat this step for the other instance in the pair.

  • Page 291: Blackberry Device

    • If you want to change a BlackBerry Enterprise Server instance, on the Instance information tab, click Restart instance. • If you want to change a BlackBerry Enterprise Server pair, click one of the instances, and on the Instance information tab, click Restart instance. Repeat this step for the other instance in the pair.

  • Page 292: Turn Off Support For Rich Text Formatting And Inline Images In Email Messages Using An It Policy Rule

    You can change an IT policy rule to prevent the BlackBerry® Enterprise Server from sending email messages that contain HTML and rich content or inline images to users. If you turn off support for rich text formatting, the BlackBerry Enterprise Server sends all email messages in plain text format.

  • Page 293: Configure The Blackberry Enterprise Server To Support Ibm Lotus Notes Links To Different Ibm Lotus Domino Domains

    Configuring IBM Lotus Notes links on devices for the servers. If the BlackBerry Messaging Agent processes an email message to send to a user and the email message contains links, the BlackBerry Messaging Agent searches the map to find the host name for the Lotus Domino server that stores the information that you link to and creates an HTTP link to display in the email message.

  • Page 294: Change How Often The Blackberry Messaging Agent Updates The Map For Ibm Lotus Domino Server Names And Host Names

    Change how often the BlackBerry Messaging Agent updates the map for IBM Lotus Domino server names and host names On the computer that hosts the BlackBerry® Messaging Agent, click Start > Run. Type regedit. Perform one of the following actions: •...

  • Page 295: Synchronizing Folders On The Blackberry Device

    By default, a user can synchronize contacts from all of the published public contact folders on the messaging server with the contact lists on a BlackBerry® device. To help manage network resources, you can select the published public contact folders that a user can synchronize.

  • Page 296: Control Which Personal Mail Folders A User Can Synchronize With A Blackberry Device

    In the Messaging configuration section, click Device configuration. On the Email tab, in the Redirection settings section, click Selected Folders. Select the folders that you want to permit the user to synchronize with the contact lists on the BlackBerry device. Click Continue to user information edit.

  • Page 297: Control Which Public Contact Databases A User Can Access From The Blackberry Device

    BlackBerry MDS Connection Service. For remote file systems that require authentication, you can provide the credentials to the BlackBerry MDS Connection Service so that users do not need to provide the credentials when they access the documents.

  • Page 298: Configure The Blackberry Mds Connection Service To Communicate With A Remote File System

    If the file system requires the BlackBerry MDS Connection Service to authenticate with the remote file system, perform the following actions: • In the User name field, type the name of the account that you want the BlackBerry MDS Connection Service to use to authenticate to the remote file system.

  • Page 299: Add Communication Information To A Blackberry Mds Connection Service Configuration Set

    DSML server, a CRL server, an OCSP server, or a certification authority. You must add the communication information that the BlackBerry MDS Connection Service requires to communicate with servers to a configuration set so that a BlackBerry MDS Connection Service instance can communicate with the servers after you assign the configuration set to the instance.

  • Page 300: Managing Signatures And Disclaimers In Email Messages

    You can assign a BlackBerry® MDS Connection Service configuration set to a BlackBerry MDS Connection Service instance so that BlackBerry device users can access documents on remote file systems from devices, the BlackBerry MDS Connection Service can search for certificates and check for the status of the certificates from LDAP servers, DSML servers, CRL servers, or OCSP servers, and the BlackBerry MDS Connection Service can send certificate requests to a certificate authority.

  • Page 301: Add A Disclaimer To Email Messages That Users Send From Blackberry Devices

    Add a disclaimer to email messages that users send from BlackBerry devices You can add a disclaimer to email messages that users send from their BlackBerry® devices. Users cannot change the disclaimers that you define. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry solution topology >...

  • Page 302: Specify Conflict Rules For Disclaimers

    To monitor the content of email messages that users send from their BlackBerry® devices, you can BCC specific email addresses on the email messages. You can BCC the email addresses of all of the users that you assign to a BlackBerry Messaging Agent.

  • Page 303: Sending Notification Messages To Users

    Sending notification messages to users You can send a notification message to a user, to all of the users associated with a BlackBerry® Enterprise Server, or to all of the users in the BlackBerry Domain. You can send notifications as email messages or PIN messages. PIN messages are appropriate for informing users about messaging server outages because BlackBerry devices send and receive PIN messages directly, without using the messaging server.

  • Page 304: Send A Notification Message To Group Members

    Click Send message. Automated notification messages If the BlackBerry® Enterprise Server cannot send email messages to BlackBerry devices, it sends a notification PIN message to the BlackBerry devices automatically, informing users about an issue with wireless email delivery. Change the subject for automated notification messages You can change the subject for automated notification messages that users receive on their BlackBerry®...

  • Page 305: Turn Off Automated Notification Messages

    BlackBerry Attachment Service instances When a user sends a request to view an email message attachment on a BlackBerry® device, the BlackBerry device sends a request to the BlackBerry® Enterprise Server to convert the attachment. The BlackBerry Enterprise Server...

  • Page 306: Service

    In the General section, in the Minimum wait for retry per request field, type the amount of time, in milliseconds, that the BlackBerry Attachment Connector waits before it resends a request that is not delivered to a BlackBerry Attachment Service.

  • Page 307: Attachment Service

    In the General section, in the Minimum wait to attempt restore of lost connection field, type the amount of time, in milliseconds, that the BlackBerry Attachment Connector waits before it tries to restore a lost connection to a BlackBerry Attachment Service.

  • Page 308: Limitations For Supported Attachment File Formats

    IBM® Lotus® Symphony™ only. The fonts that can be displayed in slides are dependent on the font types that are available on the BlackBerry Attachment Service. If a specific font is not available, the BlackBerry Attachment Service uses the most similar font type that is available.

  • Page 309: Changing How A Blackberry Attachment Service Converts Attachments

    The BlackBerry Enterprise Server sends data to BlackBerry devices over the wireless network in packets that are no larger than 64 KB, and it can send an unlimited number of packets to BlackBerry devices.

  • Page 310: Blackberry Attachment Service Optimization Settings

    BlackBerry Attachment Service optimization settings Setting Description Range Submit port This setting specifies the TCP/IP port number that a BlackBerry® Attachment — Service uses to listen for and receive attachment conversion requests in a predefined XML/binary protocol. The default value is 1900.

  • Page 311: Change The Maximum File Size For Attachments That Users Can Receive

    Change the maximum file size for attachments that users can receive The BlackBerry® Attachment Service uses memory during the attachment conversion process. If users try to open large or complex attachments (for example, .pdf files or ASCII text files that are larger than 2 MB) or multiple attachments at the same time, you might want to limit the file size for attachments.

  • Page 312: Turn Off Support For An Attachment File Format For A Blackberry Attachment Service

    BlackBerry Attachment Service instances. If your organization uses new common extensions for a file format that there is a distiller available for on a BlackBerry Attachment Service, you must add those extensions to the BlackBerry Attachment Connector. For example, if users send .rtf files as .wav files, you must verify that the BlackBerry Attachment Connector supports .wav files and that...

  • Page 313: Changing How The Blackberry Messaging Agent Reconciles Attachments To The Messaging Server

    Data that a BlackBerry device and the messaging server send each other over the wireless network must be in packets that are no larger than 64 KB. If a BlackBerry device sends an attachment that is larger than a single packet, the BlackBerry device divides the attachment into multiple packets.

  • Page 314: Change The Maximum File Size For Attachments That Users Can Send

    On BlackBerry® devices that are running specific versions of the BlackBerry® Device Software, users can download attachments in native formats (for example, .txt for a text file) to their BlackBerry devices. Users can open and make changes to the files that they download using an appropriate third-party application on their BlackBerry devices. A user might be able to open specific file formats using the media application on the BlackBerry device.
  • Page 315 Administration Guide Changing how the BlackBerry Messaging Agent reconciles attachments to the messaging server Click the instance that you want to change. Click Edit instance. On the Messaging tab, in the Messaging options section, in the Maximum single attachment download size (KB) field, type a number, in KB, that is between 0 and 10240 (10 MB).

  • Page 316: Managing Calendars

    You can use the BlackBerry® Enterprise Trait Tool to specify whether corrective calendar synchronization checks calendar entries for a specific user, users on a specific BlackBerry® Enterprise Server, or all users. The tool uses a hierarchy to determine what calendar entries to check. Settings at the user level override settings at the server level, settings at the server level override settings at the global level, and settings at the global level override the default settings.

  • Page 317: View The Current Settings For Corrective Calendar Synchronization

    • To turn on corrective calendar synchronization for a specific user account, type traittool -user <smtp_address> -trait DominoSmartSyncEnable -set true. • To turn on corrective calendar synchronization for all user accounts that are associated with a BlackBerry Enterprise Server, type traittool -server <server_name> -trait DominoSmartSyncEnable -set true.

  • Page 318: Permit Corrective Calendar Synchronization To Correct Errors Automatically

    DominoSmartSyncSendUpdate -set false, where <level> is the SMTP address of a specific user account, the server name of a specific BlackBerry Enterprise Server for all user accounts that are associated with the specific BlackBerry Enterprise Server, or global for all user accounts.

  • Page 319: Configure When Corrective Calendar Synchronization Runs

    To specify more than one value for when corrective calendar synchronization runs, after you extract the BlackBerry® Enterprise Server installation files to the computer, you can create a list of values that are separated by commas (,) at the command prompt.

  • Page 320: Configure Throttling For Corrective Calendar Synchronization

    Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday, Weekdays, Weekends, or Daily. The default value is Daily. Press ENTER. Example: Configuring corrective calendar synchronization to run at 10:00 PM for all users on the BlackBerry Enterprise Server that is named SERVER01 traittool -server SERVER01 -trait DominoSmartSyncTriggerHour -set 22...

  • Page 321: Logging Information For Corrective Calendar Synchronization

    If you do not specify any values, the default value is used. Copy the BlackBerry® Enterprise Server installation files to a computer that hosts a BlackBerry Enterprise Server instance.

  • Page 322: Start Corrective Calendar Synchronization Manually For A User Account

    <name> is the setting you want to delete. • To delete a setting for all user accounts that are associated with a BlackBerry Enterprise Server, type traittool -server <server_name> -trait <name> -erase, where <name> is the setting you want to delete.

  • Page 323: Managing Instant Messaging

    Installing a collaboration client on BlackBerry devices For detailed information about the methods that you can use to install a collaboration client on BlackBerry® devices, see the "Add a collaboration client to the application repository" and "Alternative methods for installing BlackBerry Java Applications on devices"...

  • Page 324: Change The Transport Protocol For A Microsoft Instant Messaging Environment

    Click Save all. Change the transport protocol for a Microsoft instant messaging environment In the BlackBerry® Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Collaboration. Expand the instant messaging environment.

  • Page 325: Specify The Windows Domain Name For Users Who Log In To A Collaboration Client

    To control bandwidth and resource consumption in your organization's environment, you can specify the number of instant messaging sessions that can be open between the BlackBerry® Collaboration Service and the instant messaging server at the same time.

  • Page 326: Managing Instant Messaging Features

    BlackBerry® device users can send to each other using the BlackBerry® Client for IBM® Lotus® Sametime®. The maximum file size that you specify for a file type must not exceed the maximum file size that you specified on the IBM® Lotus® Sametime® server.

  • Page 327: Prevent Users From Saving Instant Messaging Conversations

    .txt files in the internal memory of their BlackBerry devices or on an external memory device. You can turn off this feature if you do not want users to save their instant messaging conversations on their BlackBerry devices.
  • Page 328 Administration Guide Managing instant messaging features <Detail Id="Manager" FieldName="Manager" Type="text/plain"/> <Detail Id="Department" FieldName="Department" Type="text/plain"/> <Detail Id="WorkAddress" FieldName="OfficeStreetAddress" Type="text/plain"/> <Detail Id="WorkZip" FieldName="OfficeZip" Type="text/plain"/> <Detail Id="WorkState" FieldName="OfficeState" Type="text/plain"/> <Detail Id="WorkCity" FieldName="OfficeCity" Type="text/plain"/> <Detail Id="HomeAddress" FieldName="StreetAddress" Type="text/plain"/> <Detail Id="HomeZip" FieldName="Zip" Type="text/plain"/> <Detail Id="HomeState" FieldName="State" Type="text/plain"/> <Detail Id="HomeCity"...

  • Page 329: Managing A Blackberry Domain

    Managing a BlackBerry Domain Restarting BlackBerry Enterprise Server components When you complete certain tasks, you need to restart one or more BlackBerry® Enterprise Server components. You restart the BlackBerry Enterprise Server components using the BlackBerry Administration Service or Windows® services.

  • Page 330: Restart A Blackberry Enterprise Server Component Using The Blackberry Administration Service

    On each computer that hosts the BlackBerry® Enterprise Server component, in the Windows® Services, restart the services for the component. If you want to restart all of the BlackBerry Enterprise Server components, you must restart the Windows Services in the following order: •...

  • Page 331: Use The Blackberry Enterprise Trait Tool

    Administration Guide BlackBerry Enterprise Trait Tool traits The BlackBerry Enterprise Trait Tool file is located in the installation files for the BlackBerry Enterprise Server and is named TraitTool.exe. You must launch the TraitTool.exe file using a Windows® command prompt. Use the BlackBerry Enterprise Trait Tool Copy the BlackBerry®...
  • Page 332 This trait specifies the minimum version of the BlackBerry® Device Software that can receive 8 bytes of ACP data. The typical amount of ACP data that BlackBerry devices can receive is 4 bytes. The BlackBerry® Enterprise Server check-s the value of this trait to find out how many bytes of ACP data to send to devices.
  • Page 333 Messaging Agent to send confirmations automatically when the BlackBerry Messaging Agent delivers email messages, change the value to false (0). If you want to prevent the BlackBerry Messaging Agent from sending confirmations automatically when the BlackBerry Messaging Agent delivers email messages, change the value to true (1).
  • Page 334 BlackBerry Enterprise Trait Tool traits Trait Description BlackBerry Enterprise Server, or all user accounts. If you want the BlackBerry Enterprise Server to check for calendar errors on devices, change the value to true (1). The default value is false (0), the BlackBerry Enterprise Server does not check for calendar errors on devices.
  • Page 335 BlackBerry Enterprise Server, or all user accounts. The default value is 0, the BlackBerry Enterprise Server checks for calendar synchronization errors on devices at 12:00 AM. For more information, see...
  • Page 336 Service to update the user directory in the BlackBerry Configuration Database, change the value to true (1). If you do not want the BlackBerry Mail Store Service to update the user directory in the BlackBerry Configuration Database, change the value to false (0).
  • Page 337 Junk folder. If you do not want the BlackBerry Enterprise Server to monitor the Junk folder for activation messages, change the value to false (0) and restart the BlackBerry Controller.
  • Page 338 Service to send applications using throttling in the same way that it throttles IT policies and service books, change the value to true (1). If you do not want the BlackBerry Policy Service to send applications using throttling in the same way that it throttles IT policies and service books, change the value to false (0).
  • Page 339 BlackBerry Enterprise Trait Tool traits Trait Description PolicyThrottlingMaxBESJobs This trait specifies the maximum number of IT policies and service books that a BlackBerry Policy Service can send to devices each minute. The default value is 100. For more information, see Configure BlackBerry Policy Service throttling for IT policies and service books.

  • Page 340: Managing Blackberry Cal Keys

    Managing BlackBerry CAL keys BlackBerry® CAL keys control how many user accounts can exist on a BlackBerry® Enterprise Server at the same time. If you exceed the number of user accounts that can exist on a BlackBerry Enterprise Server, the BlackBerry...

  • Page 341: Add Or Delete A Blackberry Cal Key

    Copy a BlackBerry CAL key to a text file You can copy a BlackBerry® CAL key to a text file and save it on a computer for reference if you want to transfer CAL keys to a different BlackBerry Enterprise Server or troubleshoot BlackBerry CAL key issues.

  • Page 342: Configuring The Blackberry Mail Store Service Instance That Updates The Contact List

    Mail Store Service instance is updating the contact list already before it starts to update the contact list. You must verify that at least one BlackBerry Mail Store Service instance can update the contact list in the BlackBerry Configuration Database so that the BlackBerry Administration Service can access the latest contact list information when you create and manage user accounts.

  • Page 343: Configure How Users Search For Email Addresses In A Hosted Blackberry Services Environment

    BlackBerry Policy Service when it performs the following actions: • sends IT policies and service books that you update to all BlackBerry devices that are associated with the BlackBerry Enterprise Server instance that the BlackBerry Policy Service runs on •...

  • Page 344: View The Current Settings For Blackberry Policy Service Throttling

    If the BlackBerry® Policy Service detects that you updated an IT policy or service book in the BlackBerry Configuration Database, it schedules a task to create and deliver the IT policy or service book to BlackBerry device users that must receive the update.

  • Page 345: Configuring Blackberry Policy Service Throttling For Pin Encryption Keys

    Example: Configuring the maximum number of IT policies or service books that a BlackBerry Policy Service can send If you want to configure the maximum number of IT policies or service books that a BlackBerry Policy Service can send to 500, type traittool -global -trait PolicyThrottlingMaxDomainJobs -set 500.

  • Page 346: Configuring Blackberry Policy Service Throttling For Application Polling

    BlackBerry Policy Service when it sends applications to devices. If you do not configure throttling, the BlackBerry Policy Service tries to process tasks as fast as the server permits, which might result in an unexpected increase in CPU usage and database usage. If you configure throttling, the BlackBerry Policy Service sends applications to devices using the same method that it uses to throttle IT policies and service books.

  • Page 347: Configuration Database

    Example: Deleting a BlackBerry Policy Service throttling setting If you want to delete the maximum number of IT policies and service books that all BlackBerry Policy Service instances can send to BlackBerry devices each minute, type traittool -global -trait PolicyThrottlingMaxDomainJobs -erase.
  • Page 348 Administration Guide Change the port number that the syslog tools use to monitor BlackBerry Enterprise Server events • If you are running a 64-bit version of Windows, navigate to HKEY_LOCAL_MACHINE\Software \WOW6432Node\Research In Motion\BlackBerry Enterprise Server. In the Logging Info registry key, click a BlackBerry Enterprise Server component.

  • Page 349: Blackberry Controller And Blackberry Enterprise Server Component Monitoring

    Messaging Agent, the extension plug-ins for the BlackBerry Messaging Agent, and the BlackBerry Dispatcher so that the BlackBerry Controller can detect when to start, restart, or stop the services. The BlackBerry Controller can also restart other BlackBerry Enterprise Server services if they stop responding.
  • Page 350 The default value is 6. Health checks occur every ten minutes. If a health check does not receive a response from the thread that that the BlackBerry Controller monitors, the BlackBerry Enterprise Server tracks the missed health check in the...
  • Page 351 Administration Guide How the BlackBerry Controller monitors the BlackBerry Enterprise Server components Task Steps Example: [20148] (05/12 12:21:00):{0xC28} Thread: *** No Response *** Thread Id=0xB00, Handle=0x558, WaitCount=2 Prevent the BlackBerry Controller Create a DWORD value that is named WaitToRestartAgentOnHung. from restarting the BlackBerry Double-click the new DWORD value.

  • Page 352: Change How The Blackberry Controller Restarts A Blackberry Enterprise Server Service

    Server service By default, the BlackBerry® Controller restarts a BlackBerry® Enterprise Server service if it stops responding. On the computer that hosts the BlackBerry Enterprise Server component that you want to change, open the Registry Editor. In the left pane, perform one of the following actions: •...
  • Page 353 Administration Guide How the BlackBerry Controller monitors the BlackBerry Enterprise Server components Task Steps • To permit the BlackBerry Controller to restart the BlackBerry MDS Connection Service if the service stops responding, type 1. Change how the BlackBerry Click BlackBerryRouter.

  • Page 354: Blackberry Enterprise Server Alert Tool

    Configuring notifications using the BlackBerry Enterprise Server Alert Tool You can use the BlackBerry® Enterprise Server Alert Tool to monitor the Windows Event Log™ and send users that you define as notification recipients a notification message when the tool records a critical, error, warning, or informational event.
  • Page 355 Define a notification recipient You can specify a notification recipient for the BlackBerry® Enterprise Server Alert Tool so that the contact receives notification messages in email or popup messages that appear on the screen. You can send popup messages to the contact if the Messenger service for Windows®...

  • Page 356: Blackberry Enterprise Server Log Files

    You can use the log files for PIN messages to monitor the time and frequency when users send PIN messages from BlackBerry® devices. The log files are named using the format PINLog_<yyyymmdd>. By default, logging for PIN messages is turned off.

  • Page 357: Log Files For Blackberry Enterprise Server Components

    Turn off call logging You can use the log files for calls to monitor the time and frequency when users make calls from BlackBerry® devices. The log files are named using the format PhoneCallLog_<yyyymmdd>. By default, logging for calls is turned on.

  • Page 358: Changing How Blackberry Enterprise Server Components Create Log Files

    Store the log files for BlackBerry Enterprise Server components in one folder You can store the log files for BlackBerry® Enterprise Server components in one folder instead of permitting the BlackBerry Enterprise Server to save the log files in folders that it creates daily and organizes by date.

  • Page 359: Change The Logging Level For A Blackberry Enterprise Server Component

    Related topics Create an additional log file for a BlackBerry Enterprise Server component when the current log file reaches its maximum size, 358 Restarting BlackBerry Enterprise Server components, 327 Change the logging level for a BlackBerry Enterprise Server component You can select whether the information that you save to the log files is detailed or limited by changing the logging level for a BlackBerry®...

  • Page 360: Prevent A Blackberry Enterprise Server Component From Creating A Daily Log File

    Change the identifier of the log file for a BlackBerry Enterprise Server component You can identify the log file for a BlackBerry® Enterprise Server component by the identifier that is included in the file name. For example, a log file that is named BBServer01_SYNC_01_20080120_001.txt uses the default component identifier SYNC to identify the BlackBerry Synchronization Service component.
  • Page 361 You can change the character encoding of the log files of a BlackBerry® Enterprise Server component so that the encoding supports the tools that you use to parse and examine the log files. You can specify a different character encoding for each BlackBerry Enterprise Server component.

  • Page 362: Component Identifiers For Log Files

    Click Reset logging defaults. Click Save all. For the changes to take effect, perform any of the following actions to restart the BlackBerry® Enterprise Server services: • To restart services other than the BlackBerry Administration Service, on the Servers and components menu, locate and restart the services that you restored to default values.

  • Page 363: Blackberry Mds Connection Service Log Files

    Changing how the BlackBerry MDS Connection Service creates a log file Change the logging level for BlackBerry MDS Connection Service log files You can change the logging level for the BlackBerry® MDS Connection Service log file, which includes the event log, UDP log files, and TCP log files.

  • Page 364: Log File

    UDP log file messages The SNMP agent for the BlackBerry® Enterprise Server receives UDP log file messages from the same host and port number that the BlackBerry MDS Connection Service connects to when it sends UDP log messages.
  • Page 365 Change the activities that the BlackBerry MDS Connection Service writes to a log file The settings for the activities that the BlackBerry® MDS Connection Service writes to a log file apply to all log files, including the event log, UDP log files, and TCP log files.

  • Page 366: Blackberry Devices

    Connection Service proxies in the BlackBerry MDS Connection Service log files. You can find the BlackBerry MDS Connection Service log files on the computer that hosts the BlackBerry Enterprise Server. You can identify BlackBerry MDS Connection Service log files by the component identifier MDAT in the log file name.

  • Page 367: Blackberry Collaboration Service Log Files

    Change which activities the BlackBerry Collaboration Service writes to a log file In the BlackBerry® Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Collaboration. Expand a BlackBerry Collaboration Service, then click an instance.
  • Page 368 BlackBerry Collaboration Service log files Task Steps Trace how data packets travel inside the GME In the GME logging turned on drop-down list, click network layer from the BlackBerry Collaboration True. Service to the BlackBerry Dispatcher. Click Save all. Related topics...

  • Page 369: Blackberry Enterprise Solution Connection Types And Port Numbers

    BlackBerry Enterprise Solution connection types and port numbers BlackBerry Enterprise Solution connection types and port numbers The BlackBerry® Enterprise Server components authenticate the port connections over a TCP/IP or UDP/IP connection that uses SSL or TLS. BlackBerry Administration Service connection types and...
  • Page 370 Administration Guide BlackBerry Administration Service connection types and port numbers Item Connection Default port UI where you can type number configure the connection incoming data connections from, and outgoing data HTTPS BlackBerry connections to, browsers Configuration Panel incoming data connections from, and outgoing data...

  • Page 371: Blackberry Attachment Service Connection Types And Port Numbers

    Administration Guide BlackBerry Attachment Service connection types and port numbers Item Connection Default port UI where you can type number configure the connection 17600 to 17609 and 17800 to 17809 BlackBerry Attachment Service connection types and port numbers Item Connection...

  • Page 372: Blackberry Collaboration Service Connection Types And Port Numbers

    Administration Guide BlackBerry Collaboration Service connection types and port numbers Item Connection Default port UI where you can configure type number the connection \BlackBerry Enterprise Server \Database\Port BlackBerry Collaboration Service connection types and port numbers Item Connection Default port UI where you can configure...

  • Page 373: Blackberry Configuration Database Connection Types And Port Numbers

    Administration Guide BlackBerry Configuration Database connection types and port numbers Item Connection Default port UI where you can configure type number the connection \BlackBerry Enterprise Server \Database\Port outgoing syslog connections to the SNMP agent 4071 Windows registry • On a 32-bit version of...

  • Page 374: Blackberry Controller Connection Types And Port Numbers

    Administration Guide BlackBerry Controller connection types and port numbers Item Connection Default port UI where you can configure type number the connection \BlackBerry • BlackBerry Policy Service Enterprise Server • BlackBerry Synchronization Service \Database\Port • On a 64-bit version of...

  • Page 375: Blackberry Dispatcher Connection Types And Port Numbers

    Administration Guide BlackBerry Dispatcher connection types and port numbers Item Connection Default port UI where you can configure type number the connection Enterprise Server \Logging Info \Mailbox Agent \SysLogHost outgoing syslog connections to the BlackBerry port — Messaging Agent number...
  • Page 376 Administration Guide BlackBerry Dispatcher connection types and port numbers Item Connection Default port UI where you can configure type number the connection incoming data connections from, and outgoing data 3201 — connections to, one or more of the following BlackBerry® Enterprise Server components: •...

  • Page 377: Blackberry Messaging Agent Connection Types And Port Numbers

    Administration Guide BlackBerry Messaging Agent connection types and port numbers Item Connection Default port UI where you can configure type number the connection \BlackBerrySNMPAg ent\Parameters \UDPPort • On a 64-bit version of Windows: HKEY_LOCAL_MACHI NE\SOFTWARE \WOW6432Node \Research In Motion \BlackBerrySNMPAg...
  • Page 378 Administration Guide BlackBerry Messaging Agent connection types and port numbers Item Connection Default port UI where you can configure type number the connection Enterprise Server \Agents \TcpPortDispatcher incoming data connections from, and outgoing data 1433 Windows registry connections to, the BlackBerry Configuration Database •...
  • Page 379 Administration Guide BlackBerry Messaging Agent connection types and port numbers Item Connection Default port UI where you can configure type number the connection \WOW6432Node \Research In Motion \BlackBerry Enterprise Server \Agents\SysLogHost outgoing syslog connections to the SNMP agent 4071 Windows registry •...

  • Page 380: Blackberry Mds Connection Service Connection Types And Port Numbers

    Administration Guide BlackBerry MDS Connection Service connection types and port numbers BlackBerry MDS Connection Service connection types and port numbers Item Connection Default port UI where you can configure type number the connection if access control for push applications is turned on,...

  • Page 381: Blackberry Monitoring Service Connection Types And Port Numbers

    Administration Guide BlackBerry Monitoring Service connection types and port numbers Item Connection Default port UI where you can configure type number the connection • On a 64-bit version of Windows: HKEY_LOCAL_MACHI NE\SOFTWARE \WOW6432Node \Research In Motion \BlackBerrySNMPAg ent\Parameters \UDPPort incoming data connections for reliable pushes...

  • Page 382: Blackberry Policy Service Connection Types And Port Numbers

    Administration Guide BlackBerry Policy Service connection types and port numbers BlackBerry Policy Service connection types and port numbers Item Connection Default port UI where you can configure type number the connection incoming data connections from, and outgoing data 3200 —...
  • Page 383 Administration Guide BlackBerry Router connection types and port numbers Item Connection Default port UI where you can configure type number the connection Windows® registry • On a 32-bit version of Windows: HKEY_LOCAL_MACHI NE\SOFTWARE \Research In Motion \BlackBerryRouter \ServicePort • On a 64-bit version of...
  • Page 384 Administration Guide BlackBerry Router connection types and port numbers Item Connection Default port UI where you can configure type number the connection • On a 32-bit version of Windows: HKEY_LOCAL_MACHI NE\SOFTWARE \Research In Motion \BlackBerryRouter \DevicePort • On a 64-bit version of...

  • Page 385: Blackberry Synchronization Service Connection Types And Port Numbers

    Administration Guide BlackBerry Synchronization Service connection types and port numbers BlackBerry Synchronization Service connection types and port numbers Item Connection Default port UI where you can configure type number the connection incoming data connections from, and outgoing data 3200 —...

  • Page 386: Ibm Lotus Sametime Connection Type And Port Number

    5060 Microsoft Office Live connections to, the connector for the Microsoft Office Communications Server Live Communications Server BlackBerry Client for use with Microsoft Office Live Communications Server 2005 connection types and port numbers Item Connection Default port...

  • Page 387: Novell Groupwise Messenger Connection Type And Port Number

    UI where you can configure type number the connection incoming data connections from, and outgoing data 8300 Novell® GroupWise® connections to, the BlackBerry® Collaboration Service server that hosts the Novell GroupWise Messaging Agent SNMP agent connection types and port numbers Item Connection...

  • Page 388: Syslog Connection Type And Port Number

    Syslog connection type and port number Item Connection Default port UI where you can configure type number the connection listener port for the BlackBerry® Enterprise Server Windows® registry events • On a 32-bit version of Windows: HKEY_LOCAL_MACHI NE\SOFTWARE \Research In Motion...

  • Page 389: Troubleshooting

    BlackBerry Configuration Database. If necessary, restart the BlackBerry Configuration Database. Troubleshooting: BlackBerry Enterprise Server Performance A BlackBerry Enterprise Server that you installed remotely from the BlackBerry Configuration Database uses an unexpected amount of system resources and increases wireless network traffic Possible cause...

  • Page 390: Microsoft Sql Server Uses A Considerable Amount Of Disk Space

    BlackBerry Enterprise Server instance. Press ENTER. To turn on the address book refresh feature for a BlackBerry Enterprise Server again, use the same command with a value of True. Microsoft SQL Server uses a considerable amount of disk space Possible cause Reorganizing or rebuilding an index in Microsoft®...

  • Page 391: Troubleshooting: Using Ibm Lotus Notes Encryption

    After you configure the Notes Native Encryption Password Timeout IT policy rule to prevent the BlackBerry® device from storing the user's Notes .id password, the BlackBerry device does not prompt the user for the Notes .id password to decrypt messages that are encrypted using IBM® Lotus Notes® encryption.

  • Page 392: You Cannot Find A New User Account In The Directory Using The Blackberry Administration Service

    Click Email. Click Refresh available user list from company directory. The background process to refresh the user list starts. The amount of time that the BlackBerry Administration Service requires to refresh the user list depends on the size of the directory.

  • Page 393: Troubleshooting: Instant Messaging

    The IBM® Lotus® Sametime® API cannot retrieve phone numbers for instant messaging contacts from the IBM Lotus Sametime server. If the BlackBerry Enterprise Server is located in a network that does not permit direct HTTP connections to the IBM Lotus Sametime server, the BlackBerry Collaboration Service cannot retrieve the phone numbers from the IBM Lotus Sametime server instead of the IBM Lotus Sametime API.

  • Page 394: Disappeared

    If a user is logged in to Microsoft Office Communicator on both a computer and a BlackBerry device and the user does not accept a notification about an instant message on the computer before the notification disappears, the notification about the instant message disappears from the computer but remains on the BlackBerry device.

  • Page 395: Device

    Possible solution The user should look for notifications about instant messages on a BlackBerry device or on another computer where the user might also be logged in to Microsoft Office Communicator. If the user is logged in to Microsoft Office...

  • Page 396: Troubleshooting: Blackberry Web Desktop Manager

    In the Wi-Fi field, verify that the name of the Wi-Fi network appears. If the name does not appear, resend the IT policy to the BlackBerry device, or instruct the user to configure a Wi-Fi profile on the BlackBerry device.
  • Page 397 Wi-Fi profile. Resend the IT policy to the BlackBerry device. • On the BlackBerry device, run Set up Wi-Fi in the Setup Wizard again. The user account is not configured In the BlackBerry Administration Service, resolve any issues with the user correctly.
  • Page 398 Options. In the Display Mode drop-down list, click Advanced. A user cannot see Wi-Fi connection settings on a Wi-Fi enabled BlackBerry device Possible cause The Wi-Fi® enabled BlackBerry® device is not configured to permit a user to make changes to the Wi-Fi configuration settings. Possible solution...

  • Page 399: Status Indicators

    Wi-Fi profile to Yes. Resend the IT policy to the BlackBerry device. Status indicators The status indicators for Wi-Fi® diagnostic information on a BlackBerry device show the status of the BlackBerry® device connection to a Wi-Fi network. Indicator...
  • Page 400 When the BlackBerry device displays the link security method, the security on the Wi-Fi connection is turned on and active. Association This field shows the status of the BlackBerry device connection to the access point. The status indicators are the following icons: •...
  • Page 401 IP address of the router for the home network. DHCP This field specifies the status of the DHCP connection to the BlackBerry device. When a check mark displays, DHCP is complete. Primary DNS This field specifies the address of an optional computer that translates host names into IP addresses.
  • Page 402 VPN protects. The subnet mask and IP address provide information about the subnet that the BlackBerry device has connected to. Retry at If a BlackBerry cannot log in, this field specifies the next date and time that the BlackBerry device can try to log in. Session Lifetime...
  • Page 403 BlackBerry device is idle. Status fields for BlackBerry Infrastructure connections The connection status indicators for the BlackBerry® Infrastructure appear on a BlackBerry device when a user makes a Wi-Fi® connection or tries to make a Wi-Fi connection. Field...

  • Page 404: A Blackberry Device Cannot Open A Vpn Connection

    This field specifies the IP address of the server that performs authentication. Last Contact At This field specifies the last time that the BlackBerry device had contact with the BlackBerry Enterprise Server through the BlackBerry Infrastructure. A BlackBerry device cannot open a VPN connection...

  • Page 405: Verify Whether A Blackberry Device Can Resolve An Ip Address

    You can ping the IP address of another wireless device, the Wi-Fi gateway, a VPN concentrator, the UNC of the mobile network provider, or the BlackBerry Router. A user can ping network servers from a BlackBerry device to check the availability and responsiveness of network servers.

  • Page 406: Look Up A Computer Name To Resolve An Ip Address

    On the menu, click Send ping. Look up a computer name to resolve an IP address Using a BlackBerry® device, a user can look up a computer name in the DNS server to resolve network or domain names and IP addresses.

  • Page 407: Troubleshooting: Blackberry Monitoring Service Connections

    IT policy packs, search the BlackBerry Technical Solution Center at www.blackberry.com/ support. For example, to find the IT policy pack that includes the IT policy rules for BlackBerry® Device Software 5.0, search for "IT policy rules for BlackBerry Device Software 5.0".

  • Page 408: Glossary

    American National Standards Institute application programming interface ARFCN absolute radio frequency channel ASCII American Standard Code for Information Interchange blind carbon copy BlackBerry CAL A BlackBerry® Client Access License (BlackBerry CAL) limits how many users you can add to a BlackBerry® Enterprise Server.
  • Page 409 Connected Limited Device Configuration CMIME Compressed Multipurpose Internet Mail Extension content protection Content protection helps protect user data on a locked BlackBerry device by encrypting the user data using the content protection key and ECC private key. certificate revocation list certificate signing request...
  • Page 410 Extensible Authentication Protocol Transport Layer Security EAP-TTLS Extensible Authentication Protocol Tunneled Transport Layer Security Extensible Authentication Protocol Enterprise Service Policy The Enterprise Service Policy controls which BlackBerry devices can connect to a BlackBerry® Enterprise Server. Email Transfer Protocol FQDN fully qualified domain name...
  • Page 411 Gateways and routing components use this information to identify the type and source of the BlackBerry device data, and the appropriate destination service to route the data to.
  • Page 412 Administration Guide Glossary An IT policy consists of various IT policy rules that control the security features and behavior of BlackBerry smartphones, BlackBerry® PlayBook™ tablets, the BlackBerry® Desktop Software, and the BlackBerry® Web Desktop Manager. IT policy rule An IT policy rule permits you to customize and control the actions that BlackBerry smartphones, BlackBerry®...
  • Page 413 Administration Guide Glossary messaging server A messaging server sends and processes messages and provides collaboration services, such as updating and communicating calendar and address book information. MIDP Mobile Information Device Profile MIME Multipurpose Internet Mail Extensions mirror database In database mirroring, a mirror database is a standby copy of a principal database. mobile network code MTLS Mutual Transport Layer Security...
  • Page 414 Administration Guide Glossary personal information management personal identification number PKCS Public-Key Cryptography Standards Public Key Infrastructure principal database In database mirroring, a principal database is the database that starts the mirroring session. pre-shared key Record Management System Rich Text Format subject alternative name S/MIME Secure Multipurpose Internet Mail Extensions...
  • Page 415 Administration Guide Glossary Server Routing Protocol SRP ID The SRP ID is a unique identifier for the BlackBerry® Enterprise Server that the BlackBerry Enterprise Server uses to identify itself to the BlackBerry® Infrastructure during SRP authentication. SSID service set identifier...
  • Page 416 Administration Guide Glossary Universal Naming Convention Universal Serial Bus UCS Transformation Format UTF-8 8-bit UCS/Unicode Transformation Format UTF-16LE UCS Transformation Format 16 Little Endian virtual private network VoIP Voice over Internet Protocol Wireless Application Protocol Wired Equivalent Privacy witness In database mirroring, a witness is a Microsoft® SQL Server® instance that permits the mirror database to know when to promote itself.

  • Page 417: Provide Feedback

    Administration Guide Provide feedback Provide feedback To provide feedback on this deliverable, visit www.blackberry.com/docsfeedback.

  • Page 418: Legal Notice

    Legal notice Legal notice ©2011 Research In Motion Limited. All rights reserved. BlackBerry®, RIM®, Research In Motion®, and related trademarks, names, and logos are the property of Research In Motion Limited and are registered and/or used in the U.S. and countries around the world.
  • Page 419 Some airtime service providers might not offer Internet browsing functionality with a subscription to the BlackBerry® Internet Service. Check with your service provider for availability, roaming arrangements, service plans and features. Installation or use of Third Party Products and Services with RIM's products and services may require one or more patent, trademark, copyright, or other licenses in order to avoid infringement or violation of third party rights.
  • Page 420 RIM. Certain features outlined in this documentation require a minimum version of BlackBerry® Enterprise Server, BlackBerry® Desktop Software, and/or BlackBerry® Device Software.

Table of Contents