Add an administrator account to a group......................Specify an email address for the BlackBerry Administration Service............... Permit an administrator to log in to the BlackBerry Administration Service using a messaging server account................................Assign a BlackBerry device to an administrator account..................
Page 4
Delete an IT policy............................5 Configuring security options..........................Encrypting data that the BlackBerry Enterprise Server and a BlackBerry device send to each other....Algorithms that the BlackBerry Enterprise Solution uses to encrypt data..........Change the symmetric key encryption algorithm that the BlackBerry Enterprise Solution uses....
Page 5
Adding a user account to the BlackBerry Enterprise Server................Add a user account............................ Create a user account that is not in the contact list in the BlackBerry Configuration Database....Export a list of user accounts........................Importing a list of user accounts to a BlackBerry Enterprise Server............
Page 6
Configure the BlackBerry Enterprise Server to fail over automatically............Monitoring the BlackBerry Enterprise Server for an automatic failover event..........Use the BlackBerry Administration Service to find the time and reason for the last automatic failover event................................Fail over the BlackBerry Enterprise Server manually using the BlackBerry Administration Service....
Page 7
Monitor the high availability status or job deployment status using the BlackBerry Administration Service............................... 105 Remove a BlackBerry MDS Connection Service instance from a pool.............. 106 Remove a BlackBerry Collaboration Service instance from a pool..............106 Remove a BlackBerry Attachment Service instance from a pool..............107 Remove a BlackBerry Router instance from a pool..................
Page 8
Stopping a job that is running........................... 137 Stop a job that is running.......................... 138 View the users that have a BlackBerry Java Application installed on their BlackBerry devices......138 View how the BlackBerry Administration Service resolved software configuration conflicts for a user account................................
Page 9
Add a certificate for the BlackBerry MDS Connection Service..............163 Export the BlackBerry MDS Connection Service certificate to make it available to push applications..163 Import the BlackBerry MDS Connection Service certificate to the key store of a push application..164...
Page 10
Create an email message filter that applies to all user accounts on a BlackBerry Enterprise Server..177 Turn on an email message filter that applies to all user accounts on a BlackBerry Enterprise Server..178 Create an email message filter that applies to a specific user account............. 178 Turn on an email message filter that applies to a specific user account...........
Page 11
Map a contact information field in an email application to contact list fields on BlackBerry devices..183 Map a contact list field in an email application to a contact list field on a BlackBerry device....183 Map a contact information field in an email application to contact list fields on BlackBerry devices..184 Map a contact list field in an email application to a contact list field on a BlackBerry device....
Page 12
Prerequisites: Distributing a certificate using the BlackBerry Desktop Manager........215 Distribute a certificate using the BlackBerry Desktop Manager..............215 Configure PEAP configuration settings in the Wi-Fi profile on a BlackBerry device........216 Configuring EAP-TLS authentication......................... 217 Configure EAP-TLS authentication data for BlackBerry devices using a Wi-Fi profile....... 217 Configure EAP-TLS configuration settings in the Wi-Fi profile on a BlackBerry device......
Page 13
Preparing a device for redistribution to a new user..................233 Use the BlackBerry Administration Service to delete user data and assign the device to a new user..233 Use the BlackBerry Administration Service to delete user data and remove the BlackBerry Device Software before assigning the device to a new user.................
Page 14
Update the contact list manually....................... 246 Resend service books to a BlackBerry device.................... 246 26 Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices............................248 Managing the default distribution settings for jobs..................248 Change default settings for a job schedule....................
Page 15
267 Configuring the Microsoft Active Directory account to delegate access........... 267 Configuring the BlackBerry MDS Connection Service when the messaging server is located in a remote Microsoft Active Directory domain....................270 Turn on Integrated Windows authentication so that users can access resources on your organization's network..............................
Page 16
Turn off email message forwarding to a user account................286 Turn off synchronization for email messages sent from a BlackBerry device........... 286 Turn off email message forwarding when a user connects a BlackBerry device to a computer....287 Managing the incoming message queue......................287 Delete email messages for user accounts from the incoming message queue.........
Page 17
Turn off support for rich text formatting and inline images in email messages using an IT policy rule..291 Synchronizing folders on the BlackBerry device....................292 Control which published public contact folders a user can synchronize to a BlackBerry device....292 Control which personal contact subfolders a user can synchronize to a BlackBerry device..... 293 Control which personal mail folders a user can synchronize with a BlackBerry device......
Page 18
Configure the BlackBerry Messaging Agent instances to use a web address for a specific Microsoft Autodiscover service..........................314 Configure the BlackBerry Messaging Agent instances to use a specific web address for a client access server for Microsoft Exchange........................315 Configuring the BlackBerry Messaging Agent instances to look up the user's status using only Microsoft Exchange Web Services......................
Page 19
Prevent users from sending specific file types to instant messaging contacts using the BlackBerry Client for IBM Lotus Sametime........................327 Specifying the maximum size of file types that users can send using the BlackBerry Client for IBM Lotus Sametime............................327 Prevent users from sending instant messaging conversations in email messages........
Page 20
Change the port number that BlackBerry Enterprise Server components use to connect to the BlackBerry Configuration Database............................ 356 Change the port number that the syslog tools use to monitor BlackBerry Enterprise Server events....356 33 BlackBerry Controller and BlackBerry Enterprise Server Component Monitoring........... 358 How the BlackBerry Controller monitors the BlackBerry Enterprise Server components........
Page 21
A user did not accept a notification about an instant message on a computer and the notification disappeared............................... 404 A user receives a 301 error when the user logs in to an instant messaging application on a BlackBerry device................................ 404 Troubleshooting: BlackBerry Web Desktop Manager..................
Page 22
A BlackBerry device cannot connect to a Wi-Fi network................406 A BlackBerry device cannot open a VPN connection................. 414 A BlackBerry device cannot connect to the mobile network using UMA or GAN........414 Verify whether a BlackBerry device can resolve an IP address..............415 Look up a computer name to resolve an IP address..................
You can manage the BlackBerry Enterprise Server, devices, and user accounts using the BlackBerry Administration Service, a web application that is accessible from any computer that can access the computer that hosts the BlackBerry Administration Service. You can use the BlackBerry Administration Service to manage a BlackBerry Domain, which consists of one or more BlackBerry Enterprise Server instances and remote components that use a single BlackBerry Configuration Database.
The following table lists the tasks that administrators typically perform after installing a BlackBerry® Enterprise Server, and the chapter or section in the BlackBerry Enterprise Server Administration Guide that contains the information required to complete the task. Some of the tasks might not be required in your organization's environment.
Page 25
Administration Guide Getting started in your BlackBerry Enterprise Server environment Task Chapter If necessary, change the default messaging settings for Setting up the messaging environment your organization's environment. Managing your messaging environment and attachment support Prepare to distribute BlackBerry Java® Applications.
Page 26
Use the BlackBerry Monitoring Service to troubleshoot Visit www.blackberry.com/go/serverdocs to see the issues and monitor the health of a BlackBerry Enterprise BlackBerry Enterprise Server Monitoring Guide. Server. Change how the BlackBerry Enterprise Server creates BlackBerry Enterprise Server log files...
Best practice: Running the BlackBerry Enterprise Server, 62 The web browser displays an HTTP 404 or HTTP 504 error message when it tries to connect to a BlackBerry Administration Service instance, There is a problem with this website's security certificate Description The browser displays this error message when you try to navigate to the BlackBerry®...
11. Click Install certificate. The Certificate Import Wizard opens. 12. Complete the instructions in the Certificate Import Wizard. If you are trying to log in to the BlackBerry Administration Service or BlackBerry Monitoring Service using a computer that runs Windows Vista®, perform the following actions in the Certificate Import Wizard.
You can also assign roles to groups and add administrator accounts to groups. This allows you to specify administrative role permissions at a group level instead of at an individual level. If the group contains BlackBerry device users, the roles are also assigned to the users and the users become administrators.
Page 30
Delete a user-defined IT policy template Edit a user-defined IT policy template Import an IT policy template Resend data to devices Create a software configuration View a software configuration Edit a software configuration Delete a software configuration View BlackBerry Administration Service software management...
Page 31
Server only User only Permission name Security role Helpdesk Helpdesk role role role role role Edit BlackBerry Administration Service software management Create an application View an application Edit an application Delete an application Create an administrator user Specify an activation password...
Page 32
Delete an instance Edit license keys View license keys Manually fail a job Clear instance statistics View push rules for the BlackBerry MDS Connection Service View pull rules for the BlackBerry MDS Connection Service Send message (across Group) Create a role...
BlackBerry® Administration Service, BlackBerry Monitoring Service, and BlackBerry® Web Desktop Manager. For example, you can create a role that has all permissions turned off by default and you can customize the role by turning on specific permissions. You can also create a role that is based on a preconfigured role and customize the role that you create.
After you finish: Assign the role to an administrator account or group. Create an administrator account You create an account for administrators to enable them to log in to the BlackBerry® Administration Service and manage the BlackBerry® Enterprise Server. You create an administrator account and assign the account to one or more administrator roles.
Note: If you add a role to a group, all accounts in the group become administrator accounts and have all of the permissions that are assigned to that role, even if the accounts are user accounts for BlackBerry® device users.
Permit an administrator to log in to the BlackBerry Administration Service using a messaging server account You can permit an administrator to log in to the BlackBerry® Administration Service using a user name and password for the messaging server. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User.
By default, if you do not assign an IT policy to the user account or group, the BlackBerry Enterprise Server sends the Default IT policy. If you delete an IT policy that you assigned to the user account or group, the BlackBerry Enterprise Server automatically re-assigns the Default IT policy to the user account and resends the Default IT policy to the device.
Administration Guide Preconfigured IT policies Preconfigured IT policies The BlackBerry® Enterprise Server includes the following preconfigured IT policies that you can change to create IT policies that meet the requirements of your organization. Preconfigured IT policy Description Default This policy includes all the standard IT policy rules that are set on the BlackBerry Enterprise Server.
Administration Guide Preconfigured IT policies Preconfigured IT policy Description technology on devices, turns on strong content protection, turns off USB mass storage, requires devices to encrypt external file systems, and prevents devices from downloading third-party applications. Default values for preconfigured IT policies You can configure additional IT policy rules in the preconfigured IT policies or change any of the following values: IT policy rule Default IT...
Page 40
Administration Guide Preconfigured IT policies IT policy rule Default IT Individual- Basic Medium Medium Advanced Advanced policy Liable Password Password Password Security IT Security Device IT Security IT Security IT Security policy with No 3rd policy policy policy with No 3rd Party Party Application...
Page 41
Administration Guide Preconfigured IT policies IT policy rule Default IT Individual- Basic Medium Medium Advanced Advanced policy Liable Password Password Password Security IT Security Device IT Security IT Security IT Security policy with No 3rd policy policy policy with No 3rd Party Party Application...
CAUTION: For you to import IT policy data successfully, the IT policy data file must contain all of the IT policies that are assigned to user accounts and groups in the BlackBerry Domain that you are importing IT policy data to.
Administration Guide Change the value for an IT policy rule In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy. Click Manage IT policies. In the Manage IT policies section, click Import IT policy list. In the IT policy import section, specify the following information: •...
BlackBerry® Web Desktop Manager apply the configuration changes immediately. By default, the BlackBerry Enterprise Server is designed to resend an IT policy to the device within a short period of time after you update the IT policy using the BlackBerry Administration Service. You can also resend an IT policy to a specific device manually.
BlackBerry® Enterprise Server applies the Default IT policy to the user account. If you assign an IT policy to a group that a user account is a member of, the BlackBerry Enterprise Server applies the group IT policy to the user account.
Option 1: Applying one IT policy to each user account You can configure the BlackBerry® Enterprise Server to apply only one IT policy to a user account when a user account is a member of multiple groups that have different IT policies. In this scenario, the BlackBerry Enterprise Server applies the IT policy that you ranked the highest in the BlackBerry Administration Service.
IT policies You can change the method that the BlackBerry® Enterprise Server uses to determine what IT policy to apply to a user account when a user account belongs to multiple groups that have different IT policies. If you change the method used to resolve conflicting IT policies, the next IT policy reconciliation process that occurs might have a significant impact on the performance of your organization's BlackBerry Enterprise Server environment.
The BlackBerry® Enterprise Server can apply multiple IT policies to a user account if the user account is a member of multiple groups that have different IT policies. Since you can assign IT policies to user accounts, groups, or the BlackBerry Domain, the BlackBerry Administration Service uses predefined rules to apply an IT policy to a user account.
Page 49
IT policies You can change the method that the BlackBerry® Enterprise Server uses to determine what IT policy to apply to a user account when a user account belongs to multiple groups that have different IT policies. If you change the method used to resolve conflicting IT policies, the next IT policy reconciliation process that occurs might have a significant impact on the performance of your organization's BlackBerry Enterprise Server environment.
If you change the Disable users with unapplied IT policy option to True, by default, the BlackBerry Enterprise Server sends the IT policy to the BlackBerry devices every 30 minutes until the BlackBerry devices apply the IT policy or the time limit expires.
Creating new IT policy rules to control third-party applications In the Disable user time limit (hours) field, type the time (in hours) that can occur before the PINs for BlackBerry devices that you did not apply an IT policy to are deactivated on the BlackBerry® Enterprise Server.
If you export all IT policy data to a data file, you must create an encryption password for the data file that you can use to protect the data file. You can import the data file at a later time to another BlackBerry® Domain.
BlackBerry® Enterprise Solution uses BlackBerry transport layer encryption. BlackBerry transport layer encryption is designed to encrypt data from the time that a BlackBerry device user sends a message from the BlackBerry device to when the BlackBerry Enterprise Server receives the message, and from the time that the BlackBerry Enterprise Server sends a message to when the BlackBerry device receives the message.
BlackBerry Enterprise Server previously. You can permit a user to override the Enterprise Service Policy so that a device can connect to the BlackBerry Enterprise Server even if you configure the allowed list with criteria that exclude that device.
BlackBerry Enterprise Server. To add a new BlackBerry device, on the Add new allowed PINs tab, in the New allowed PINs field, type the PIN for the BlackBerry device. Click the Add icon.
BlackBerry® smartphones on the BlackBerry device and to transfer the PGP private key of the BlackBerry device user to the BlackBerry device. The BlackBerry device user can use the PGP private key to digitally sign, encrypt, and send PGP protected messages from the BlackBerry device. If a BlackBerry device user does not install the PGP Support Package for BlackBerry smartphones, the BlackBerry device displays an error message when the BlackBerry device user tries to open PGP protected messages.
Page 57
To require the BlackBerry device user to use S/MIME encryption when forwarding or replying to messages, you can configure the S/MIME Force Digital Signature IT policy rule and the S/MIME Force Encrypted Messages IT policy rule.
True. • To permit BlackBerry device users that have email applications that do not support S/MIME to read the text of an S/MIME-protected message, in the Send S/MIME messages in clear-signed format drop-down list, click True.
S/MIME message protection or PGP message protection that applies to the email messages. If a user does not select a message classification, by default, the BlackBerry device applies the first classification in the message classification list on the BlackBerry device. You can change the order that the BlackBerry device lists the classifications in.
Enforcing secure messaging using classifications Create a message classification based on an existing message classification In the BlackBerry® Administration Service, on the BlackBerry solution management menu, expand Policy. Click Manage IT policies. In the list of IT policies, click an IT policy.
Internet, running applications that communicate with application servers and content servers, sending or receiving instant messages, or making calls using VoIP. You can turn off the BlackBerry services if you want to enhance security, save bandwidth on the wireless network, or conserve system resources on the computer.
The BlackBerry device user changes the time or time zone on the BlackBerry device. To change when the memory cleaner application runs, you can use IT policies or the BlackBerry device user can turn on or turn off the memory cleaner application in the Security options on the BlackBerry device.
BlackBerry device. If you or the BlackBerry device user turns on the memory cleaner application, Java® based garbage collection process uses the memory cleaner application automatically. The garbage collection process overwrites data that the BlackBerry device no longer uses.
Configuring certain BlackBerry Enterprise Server components to use proxy servers You can configure the BlackBerry® MDS Connection Service and the BlackBerry Collaboration Service to use proxy servers to access web addresses on the Internet and your organization's intranet. You should use a proxy method that is consistent with the proxy method that other applications and servers in your organization use to access web content.
You can specify more than one proxy string in a proxy mapping rule for a web address. If the BlackBerry® Enterprise Server component cannot access the web server using the first proxy string, it tries to access the web server using...
BlackBerry devices. Before you begin: If you want to configure the BlackBerry MDS Connection Service to authenticate to a proxy server on behalf of BlackBerry devices, turn on authentication support for the BlackBerry MDS Connection Service.
Depending on the operating system on the computer that hosts the BlackBerry® Administration Service instance, you can use the Proxy Configuration Tool or the Network Shell Utility to manually select a proxy server for a BlackBerry Administration Service instance. You must configure manual proxy selection for all of the computers that host a BlackBerry Administration Service instance.
Page 68
BlackBerry® Enterprise Trait Tool. The Web Proxy Autodiscovery Protocol uses DHCP and DNS to find a PAC file. Perform this task on any computer that hosts a BlackBerry Administration Service instance.
BlackBerry Enterprise Trait Tool. You can specify the credentials for either the entire BlackBerry Domain or for individual BlackBerry Administration Service instances. The BlackBerry Administration Service tries the credentials that you specify for the BlackBerry Administration Service instance first and then tries the credentials that you specify for the BlackBerry Domain.
Page 70
<password> is the password for the computer. Delete credentials for HTTP basic authentication On the computer that hosts the BlackBerry® Administration Service, at the command prompt, navigate to the folder that contains the TraitTool.exe file. Perform one of the following tasks:...
Enterprise Server instance that you want to use the BlackBerry MDS Connection Service. Click Add. Repeat steps 4 and 5 for each BlackBerry Enterprise Server instance that you want to have use the BlackBerry MDS Connection Service. Click Save all.
On the Supported Dispatcher instances tab, in the Available Dispatcher instances list, click the BlackBerry Enterprise Server instance that you want to use the BlackBerry Collaboration Service. Click Add. Repeat steps 4 and 5 for each BlackBerry Enterprise Server instance that you want to use the BlackBerry Collaboration Service. Click Save all.
Unicode messages. If email applications cannot correctly display Unicode messages that devices send (for example, if email applications cannot display attachment file names or contact lists correctly), you can configure the BlackBerry Enterprise Server to select another character encoding to use to process Unicode messages.
Administration Guide Configuring support for Unicode languages Configure support for Unicode text in calendars on BlackBerry devices in a Microsoft Exchange environment You must complete this task for all Microsoft® Exchange versions to ensure calendar items use the correct Unicode characters in fields such as subject, location, or notes.
You can create user groups and assign user accounts to user groups based on custom criteria, such as user location, organizational group, or BlackBerry® device model. User accounts that are part of a user group can exist on multiple BlackBerry® Enterprise Server instances in the BlackBerry Domain.
Adding a user account to the BlackBerry Enterprise Server If you add a user account to the BlackBerry® Enterprise Server, you are not required to locate the Microsoft® Exchange mailbox for the BlackBerry device that the user account is associated with or the routing group that the BlackBerry Enterprise Server is located in.
Configuration Database You can create a user account for a user even if the BlackBerry® Mail Store Service did not yet synchronize the contact information for the user account to the BlackBerry Configuration Database. If the BlackBerry Mail Store Service did not synchronize the contact information and you create a user account, the BlackBerry Administration Service does not display the user account in the search results.
Importing a list of user accounts to a BlackBerry Enterprise Server You can add multiple user accounts to a BlackBerry® Enterprise Server by importing a .csv file that contains a list of user accounts and the required information to activate the user accounts on a BlackBerry Enterprise Server.
Page 79
"jbuac@example.com","JBUAC0011,"Admins","specify", "asdf","24" Import multiple user accounts from a .csv file You can import a list of user accounts from a .csv file to a BlackBerry® Enterprise Server so that you can manage the user accounts. Before you begin: Create a .csv file.
Page 80
Create multiple user accounts by importing the user accounts from a .csv file You can import a list of user accounts from a .csv file and add them to a BlackBerry® Enterprise Server. The user accounts must exist on your organizations messaging server.
By default, the BlackBerry® Enterprise Server synchronizes the headers of 200 email messages from the previous 5 days to a BlackBerry device when you activate it. If you change the BlackBerry Enterprise Server settings so that it synchronizes the headers and body of messages to a BlackBerry device when you activate it, the BlackBerry Enterprise Server can synchronize up to 3000 messages from the previous 30 days.
Administration Guide Assigning BlackBerry devices to user accounts Click Save all. Assigning BlackBerry devices to user accounts To assign BlackBerry® devices to user accounts and activate the BlackBerry devices, you can use any of the following methods: Method Description BlackBerry Administration Service...
Option 2: Activating a BlackBerry device over the wireless network To activate a BlackBerry® device over the wireless network, you assign an activation password to a user account. The user receives the activation password in an email message and associates the BlackBerry device with the email account by typing the password on the BlackBerry device.
Page 84
Assigning BlackBerry devices to user accounts Activation passwords The BlackBerry® Enterprise Server activates a BlackBerry device over the wireless network using the wireless activation authentication protocol and an activation password that is specific to the user account associated with the BlackBerry device.
Page 85
You can customize the type of activation password and the number of characters the password can contain that you send to BlackBerry® devices in a BlackBerry Domain. You can also change the length of time that the activation password exists before it expires.
When users complete the activation process, the BlackBerry® Enterprise Server sends email messages and organizer data to the BlackBerry devices through the BlackBerry Router. If a connection to the BlackBerry Router is interrupted, the data transfer continues over the wireless network.
To activate BlackBerry devices over the enterprise Wi-Fi network, you must configure the BlackBerry Router as an SMTP client (also known as a Mail User Agent). As an SMTP client, the BlackBerry Router communicates with an SMTP server, that sends an ETP message to the user. The ETP message is the email message that the BlackBerry Router sends to the user’s mailbox during the activation process.
Page 88
To specify how the BlackBerry Router locates the SMTP server, in the Activation Gateway Settings section, select one of the following options: • To permit the BlackBerry Router to determine which SMTP server it uses for ETP traffic based on the mail exchange record of the host domain, select Use MX Lookup to obtain SMTP server.
Page 89
Administration Guide Assigning BlackBerry devices to user accounts • To view the activation status, in the BlackBerry Administration Service, on the Wireless > View activations page, search for the user account. Confirm that the activation is successful. Related topics Restarting BlackBerry Enterprise Server components, 330...
The failover status specifies whether the BlackBerry Enterprise Server instance is a primary instance or standby instance and whether the BlackBerry Enterprise Server instance is running as expected. The BlackBerry Administration Service receives this information in real time from the BlackBerry Enterprise Server instance so that the failover status is always up-to-date.
Administration Guide How the BlackBerry Enterprise Server uses health parameters • The values for the health parameters that you define as part of the failover threshold for the primary BlackBerry Enterprise Server indicates whether a service or component is unhealthy. •...
Page 92
BlackBerry Enterprise Server only. In this scenario, you configure the standby BlackBerry Enterprise Server to promote itself when it can provide most of the BlackBerry services that your organization requires. The primary BlackBerry Enterprise Server demotes itself when it cannot provide most of the BlackBerry services that your organization considers essential.
Each primary and standby BlackBerry® Enterprise Server instance has a failover threshold and a promotion threshold. The BlackBerry Enterprise Server uses the failover threshold when it is an primary instance to determine when it needs to demote itself, and it uses the promotion threshold when it is a standby instance to determine whether it can promote itself to become the primary instance.
Page 94
Access to web content and This health parameter indicates whether the BlackBerry MDS Connection application content Service can provide users with access to content from BlackBerry Java® Applications and content that is located on your organization's intranet or the Internet.
For example, if your organization requires that all users can access email messages from BlackBerry devices at all times and that the BlackBerry Enterprise Server is connected to all of the messaging servers at all times, you can change the value of the Connection to the messaging server(s) health parameter to 100%.
Example: Changing the percentage of the User accounts health parameter If you want to change the percentage of the User accounts health parameter to 80% for a BlackBerry Enterprise Server pair and the primary BlackBerry Enterprise Server instance is named server03, you can type traittool.exe -host server03 -trait UserHealthPercentage -set 80.
When an automatic failover event occurs, the primary BlackBerry Enterprise Server and standby BlackBerry Enterprise Server write the time and reason at logging level 5 (Verbose) in the log files for the BlackBerry Dispatcher, BlackBerry Controller, and BlackBerry Messaging Agent. The BlackBerry Controller and BlackBerry Dispatcher instances for the primary BlackBerry Enterprise Server and standby BlackBerry Enterprise Server create SNMP alerts using the BlackBerry Enterprise Server Alert Tool.
Fail over the BlackBerry Enterprise Server manually using the BlackBerry Configuration Panel You can use the BlackBerry® Configuration Panel to force the primary BlackBerry® Enterprise Server to perform a failover process if it is not running as expected or if it requires maintenance.
BlackBerry Enterprise Server promotes the connection to the next instance in the pool list to an active connection. If you configured central push servers, the BlackBerry MDS Connection Service pool should include at least two BlackBerry MDS Connection Service instances that you also configure as central push servers.
BlackBerry Enterprise Server. By default, the BlackBerry Collaboration Service instance at the top of the pool list is the instance that the BlackBerry Enterprise Server assigns the active connection to. If the instance with the active connection stops responding, the BlackBerry Collaboration Service tries to connect to the next instance in the pool list.
On the Supported Attachment Server Instances tab, in the Name drop-down list, click the instance that you want to add. In the Results Query Period(s) field, type the number of seconds that you want the BlackBerry Enterprise Server to wait for a response before it sends the request to another BlackBerry Attachment Service instance.
Click the Add icon. 10. Repeat steps 5 to 9 for each BlackBerry Attachment Service instance that you want to add to the pool. 11. Click Save all. 12. Repeat steps 2 to 11 for each BlackBerry Enterprise Server instance that you want to use a BlackBerry Attachment Service pool.
• If you are changing a BlackBerry Enterprise Server instance, on the Instance tab, click Restart instance. • If you are changing a BlackBerry Enterprise Server pair, click on one of the instances. On the Instance tab, click Restart instance. Repeat this step for the other instance.
Permit a BlackBerry Enterprise Server to connect to a remote BlackBerry Router If you installed a BlackBerry® Router on a computer that is separate from the computer that hosts a BlackBerry® Enterprise Server, you must permit the BlackBerry Dispatcher that you installed with the BlackBerry Enterprise Server to connect to the BlackBerry Router.
BlackBerry Administration Service pool is the FQDN of the computer that you perform the installation on. If you want to configure high availability using DNS round robin after the installation process completes, you must change the name of the BlackBerry Administration Service pool to the name of a record in the DNS server that represents...
Change the name of the BlackBerry Administration Service pool Before you begin: If you want to configure high availability for the BlackBerry® Administration Service by creating a BlackBerry Administration Service pool using DNS round robin, create the DNS record that represents the BlackBerry Administration Service instances in the pool.
• If you want to fail over the BlackBerry Collaboration Service and your organization's environment includes Microsoft Office Communications Server 2007, click the Supported Microsoft Office Communications Server 2007 instances tab. • If you want to fail over the BlackBerry MDS Connection Service, click the Supported MDS Connection Service instances tab. Click Manual Failover.
Remove a BlackBerry MDS Connection Service instance from a pool You can remove a BlackBerry® MDS Connection Service instance from a pool if your organization no longer requires it or to troubleshoot an issue. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology >...
Remove a BlackBerry Router instance from a pool You can remove a BlackBerry® Router instance from a pool if it is no longer required or to troubleshoot an issue. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology >...
• Verify that the Microsoft SQL Server Agent uses a domain user account with the local administrative permissions set to the same permissions as the Windows® account that runs the BlackBerry® Enterprise Server services. • Verify that the domain user account has permissons on both database servers so that each Microsoft SQL Server Agent can access the shared replication folder.
Administration Guide Configuring database mirroring Configuring database mirroring You can use Microsoft® SQL Server® 2005 or 2008 database mirroring to configure the BlackBerry® Configuration Database for high availability. The BlackBerry Configuration Database only supports high safety with automatic failover (synchronous) operating mode for database mirroring.
Administration Service adds a registry key to all of the computers that host BlackBerry® Enterprise Server components in the BlackBerry Domain and the registry key includes the name of the Microsoft® SQL Server® that hosts the mirror database. The BlackBerry Administration Service also adds the name of the Microsoft SQL Server that hosts the mirror database to the BlackBerry Configuration Database.
If the computers that host BlackBerry® Enterprise Server components were not running or connected to the network when you configured the BlackBerry® Enterprise Solution to support database mirroring, or if you do not know if all of the components were configured to support database mirroring, you should resend the database mirroring parameters to the components.
Create the replicated BlackBerry Configuration Database from a backup Before you begin: Back up the BlackBerry® Configuration Database with the Backup type option set to Full. Copy the backup file from the database server that hosts the BlackBerry® Configuration Database to the database server that will host the replicated BlackBerry Configuration Database.
Microsoft SQL Server 2005 or 2008 11. Click OK. Permit access to the BlackBerry Configuration Database instances In the Microsoft® SQL Server® Management Studio, connect to the database server that hosts the BlackBerry® Configuration Database. Right-click the BlackBerry Configuration Database. Click Properties.
Right-click Local Subscriptions. Click New Subscription. In the list of publishers, select the name of the database server that hosts the BlackBerry Configuration Database. In the list of databases and publications, select the publication for the BlackBerry Configuration Database. Click Next.
Start the BlackBerry Enterprise Server instances After you configure the database, permit all BlackBerry® Enterprise Server instances to connect to the principal BlackBerry Configuration Database. On the computers that host the BlackBerry Enterprise Server components, in the Windows® Services, start all of the BlackBerry Enterprise Server services in the following order: •...
BlackBerry Configuration Database, the mirror BlackBerry Configuration Database becomes the new principal BlackBerry Configuration Database. If you configure a new mirror BlackBerry Configuration Database, you must resend the database mirroring parameters to the BlackBerry Enterprise Server components so that they can use the new mirror BlackBerry Configuration Database.
To send BlackBerry Java Applications to devices, you must first add the applications to the application repository. You can use the application repository to store and manage all versions of the BlackBerry Java Applications that you want to install on, update on, or remove from devices.
Applications to install them on BlackBerry devices using a user’s computer or over the wireless network. Application developers can use the BlackBerry JDE or the BlackBerry Java Plug-in for Eclipse to generate .cod files that contain the compiled application code for a BlackBerry Java Application. BlackBerry devices execute .cod files to run BlackBerry Java Applications.
Service must access the shared network folder to install BlackBerry Java Applications on BlackBerry devices. Do not add application files to the shared network folder or make changes to the files that the BlackBerry Administration Service stores in the shared network folder.
Click Publish application. Specify keywords for a BlackBerry Java Application You can specify keywords for a BlackBerry® Java® Application. You can use the keywords to search for the application in the application repository. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Software >...
BlackBerry Java Application on their BlackBerry devices. Change a standard application control policy When you add a BlackBerry® Java® Application to a software configuration, you must assign an application control policy to the BlackBerry Java Application. Based on the requirements of your organization's environment, you can change the default settings for the standard application control policies.
Create custom application control policies for a BlackBerry Java Application After you add a BlackBerry® Java® Application to the application repository, you can configure the application to use the standard application control policies, or you can create custom application control policies for the application.
IT policy rule settings override application control policy rule settings. For example, if you change the Allow Internal Connections IT policy rule to No for BlackBerry® devices, and if the devices have an application control policy set that allows a specific application to make internal connections, the application cannot make internal connections.
The BlackBerry® Administration Service includes two default application control policies for unlisted applications: one for unlisted applications that you permit on BlackBerry devices, and one for unlisted applications that you do not permit on BlackBerry devices. You can also create custom application control policies for unlisted applications that are optional.
You can assign a software configuration to a group, multiple user accounts, or a single user account. After you assign a software configuration, you can change the settings in the software configuration to manage the BlackBerry Java Applications, BlackBerry Device Software, and standard application settings on BlackBerry devices. You can configure...
In the Configuration information section, in the Name field, type a name for the software configuration. In the Disposition for unlisted applications drop-down list, perform one of the following actions: • To permit users to install applications that are not included in the software configuration on their BlackBerry devices, click Optional.
• To install the application on BlackBerry devices using a USB connection to the user's computer and the BlackBerry® Web Desktop Manager, click Wired. 11. Repeat steps 6 to 10 for each BlackBerry Java Application that you want to add to the software configuration. 12. Click Add to software configuration.
If you do not want to install BlackBerry® Java® Applications on a BlackBerry device over the wireless network, and you do not want the user to install the BlackBerry Java Applications using the BlackBerry® Web Desktop Manager or BlackBerry®...
Software, BlackBerry Java® applications, or application settings to BlackBerry devices. If you assign an IT policy to user accounts or change an existing IT policy, a job sends the IT policy changes to BlackBerry devices. You can view the status of a job to determine if it is ready to run, currently running, completed, or completed with task failures.
Page 132
An error occurred when the BlackBerry Policy Service tried to retrieve the data that it required to install the BlackBerry Java Application. You can verify that the BlackBerry Policy Service can access the network share that you use to store the application files.
Page 133
Device reported insufficient privileges to install module The BlackBerry device does not have the necessary permissions to install the BlackBerry Java Application. You can verify that the BlackBerry device is configured with the necessary permissions to install a BlackBerry Java Application. Resend the BlackBerry Java Application.
Page 134
You can verify that the application files are formatted properly and try to send the BlackBerry Java Application to the BlackBerry device again. If your second try at the installation is not successful, in the log files that you collected, locate the user account that experienced the issue. Trace the installation activity.
Page 135
0x08 insufficient storage: The BlackBerry device does not have enough memory available to update the BlackBerry Device Software. You can manage the BlackBerry device so that it has enough memory available to update the BlackBerry Device Software (for example, remove applications from the BlackBerry device that are no longer required).
Page 136
Administration Guide View the status of a job You can instruct the user to reset the BlackBerry device and you can send the BlackBerry Device Software update again. 0X10 service book flag disabled: A service book on the BlackBerry device does not permit you to send BlackBerry Device Software updates over the wireless network.
Page 137
Restarting BlackBerry Enterprise Server components, 330 Error messages: Standard application settings tasks To troubleshoot errors that display for a task when you change the standard application settings on a BlackBerry® device, you can try to determine the cause by collecting the following information: •...
Page 138
Error messages: IT policy tasks To troubleshoot errors that display for a task when you send an IT policy to a BlackBerry® device or update an IT policy on a BlackBerry device, you can try to determine the cause by collecting the following information: •...
IT policy command is not delivered to the BlackBerry device, the remaining commands in the group are not delivered to the BlackBerry device. You can try to resend the IT policy to the BlackBerry device. You can also try to resend the service books to the BlackBerry device.
View the users that have a BlackBerry Java Application installed on their BlackBerry devices do not change the start time for the job, the BlackBerry Enterprise Server delivers the job on the following day using the default job schedule settings. When the job starts again, the BlackBerry Enterprise Server processes the remaining tasks in the job.
After the BlackBerry Administration Service applies software configurations to a BlackBerry device, you can view how the BlackBerry Administration Service resolved any of the conflicting settings in the multiple software configurations.
Reconciliation rules for conflicting settings in software configurations as an asynchronous background activity. You can view the outcome of the reconciliation activities, reconciliation errors, and the applications, software, and settings that the BlackBerry Administration Service installed on or applied to a BlackBerry device.
Page 143
Multiple software configurations that contain the same The disposition specified for an application in a software BlackBerry Java Application are assigned to a user configuration that is assigned to a user account takes account or the groups the user belongs to. The...
Page 144
A software configuration is assigned to a user account If a BlackBerry Java Application in a software and it contains a BlackBerry Java Application that has a configuration has a dependency on another application, dependency on another BlackBerry Java Application.
BlackBerry Device Software in a of BlackBerry Device Software is assigned to a group that software configuration that is assigned to a group. the user account belongs to.
BlackBerry® Enterprise with BlackBerry devices that are running a BlackBerry® Server version 5.0 or later, and BlackBerry devices that Device Software version earlier than 5.0. are running BlackBerry Device Software version 5.0 or later.
Reconciliation rules for conflicting settings in software configurations Scenario Rule application control policies), the application control policy that you ranked highest in the BlackBerry® Administration Service is applied to the user's BlackBerry device. Reconciliation rules: Application control policies for unlisted applications...
Applications to install them on BlackBerry devices using a user’s computer or over the wireless network. Application developers can use the BlackBerry JDE or the BlackBerry Java Plug-in for Eclipse to generate .cod files that contain the compiled application code for a BlackBerry Java Application. BlackBerry devices execute .cod files to run BlackBerry Java Applications.
Eclipse® to create an automated application installer. You can use the application installer to install the files for a BlackBerry Java Application (the .alx identifier file and the application's .cod files) on users’ computers. You can then instruct users to use the application loader tool in the BlackBerry® Desktop Software to install the BlackBerry Java Application on their BlackBerry devices.
Administration Guide Installing BlackBerry Java Applications using the BlackBerry Desktop Software • If you installed the BlackBerry® Desktop Software on users’ computers, they can use it to install the BlackBerry Java Applications. This method has the following disadvantages: • You must install the BlackBerry Desktop Software on users’ computers.
The BlackBerry Application Web Loader supports .cod files only. To install a MIDlet, convert the .jar file to a .cod file. For more information about how to compile .java and .jar file formats into the .cod file format, visit www.blackberry.com/developers...
• Research In Motion® USB drivers and a USB connection for the BlackBerry device Web server Configure the following MIME types on the web server to permit users to download and install BlackBerry Java Applications on BlackBerry devices: • .cod files: application/vnd.rim.cod •...
BlackBerry Java Application. You must install the BlackBerry® Device Manager on users’ computers so that users can use this method to install BlackBerry Java Applications. The BlackBerry Device Manager manages the connection between the standalone application loader tool and the BlackBerry device.
In <drive:>\Program Files\Common Files\Research In Motion\Shared\Applications\, create a folder with a unique name to contain the application files. Maintain the application’s file structure. Copy the .cod, .alx, and .dll files for the BlackBerry Java Application to the folder that you created.
Configure the standalone application loader tool to install the BlackBerry Java Application in automated mode Use automated mode if you do not want to give users the option to cancel the installation of the BlackBerry® Java® Application. Before you begin: Verify that BlackBerry® Device Manager version 4.1 or later is installed on the user’s computer.
BlackBerry devices to their computers. You can add the required files for the BlackBerry Java Application (a .jad file and the application .cod or .jar files) to a web server, and instruct users to navigate to the appropriate web address using a browser on their BlackBerry devices.
Installing BlackBerry Java Applications using a web browser on BlackBerry devices Install the BlackBerry Java Application on a web server Before you begin: Obtain the .jad and .cod files or .jar files for the BlackBerry® Java® Application from the application developer, vendor, or wireless service provider.
BlackBerry MDS Connection Service is the central push server. If two BlackBerry MDS Connection Service instances that are version 5.0 or later exist in a BlackBerry Domain, by default, both instances are central push servers. If more than two BlackBerry MDS Connection Service instances (that are version 5.0 or later) exist in a BlackBerry Domain, the first two instances that start are central push servers.
BlackBerry MDS Connection Service connections, authenticated BlackBerry devices prompt users to provide login information every 60 minutes. The BlackBerry devices prompt users only if the connection to the content server persists for more than 60 minutes.
BlackBerry devices to content servers that use LTPA BlackBerry® devices that are running BlackBerry® Device Software version 3.8 or later manage how HTTP cookies are stored and used to authenticate to content servers that use LTPA authentication technology. For BlackBerry devices that use previous versions of the BlackBerry Device Software, you must permit the BlackBerry MDS Connection Service to manage HTTP cookie storage on BlackBerry devices.
If you configure the BlackBerry MDS Connection Service to require that users use RSA authentication to access web addresses or intranet addresses that you specify, you can choose to apply this option to specific user accounts or to all user accounts that are associated with a BlackBerry®...
Configuring how the BlackBerry MDS Connection Service manages requests for web content The BlackBerry® MDS Connection Service manages requests for web content from the BlackBerry® Browser and other applications on BlackBerry devices. You can configure how the BlackBerry MDS Connection Service manages these...
Configure the timeout limit for HTTP connections with web servers You can specify how long a BlackBerry® MDS Connection Service waits for a web server to send data to it before the BlackBerry MDS Connection Service closes the HTTP connection to the web server. The default timeout limit is 120,000 milliseconds (2 minutes).
Configure the maximum number of times that the BlackBerry Browser accepts HTTP redirections HTTP redirection occurs when the BlackBerry® Browser requests a web page from a web server and the web server redirects the request to a new web address for the page. The default limit is 5 redirections.
Export the BlackBerry MDS Connection Service certificate to make it available to push applications You must export the certificate for the BlackBerry® MDS Connection Service so that you can import it to the key store of a server-side push application.
\Research In Motion\BlackBerry Enterprise Server\MDS\webserver\webserver.keystore -storepass <password>. Type the key store password. After you finish: Import the certificate for the BlackBerry MDS Connection Service to the key store of a push application. Import the BlackBerry MDS Connection Service certificate to the key store of a push application To permit a server-side push application to open trusted connections to the BlackBerry®...
If you want to open trusted connections between web servers and the BlackBerry MDS Connection Service, you must import the certificate for the web server into the JRE™ certificates keystore file (JRE cacerts).
To search for and retrieve certificates from an LDAP server, you can configure the BlackBerry MDS Connection Service to use LDAP or DSML. The BlackBerry MDS Connection Service searches each LDAP server using LDAP or DSML in the order that you specify. If you configure the BlackBerry MDS Connection Service to use both LDAP and DSML to search and retrieve certificates, the BlackBerry MDS Connection Service searches the servers using LDAP and then searches the servers using DSML.
Configuring a BlackBerry MDS Connection Service to trust web servers If you change the LDAP port number or host server information, you must stop and restart the BlackBerry MDS Connection Service so that the BlackBerry MDS Connection Service can use the new port number or host server information immediately.
Page 170
This field specifies the user name if the LDAP server requires simple authentication. Configure the BlackBerry MDS Connection Service to use DSML to retrieve certificates In the BlackBerry® Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view. Click MDS Connection Service.
Page 171
Click Save all. After you finish: • To configure the BlackBerry MDS Connection Service to retrieve the status of certificates from an OCSP server or CRL server, you must configure the OCSP server and CRL server information. • Add the communication information that you configured for the DSML server to the BlackBerry MDS Connection Service configuration set.
Administration Guide Configuring a BlackBerry MDS Connection Service to trust web servers After you finish: Add the communication information that you configured for the OCSP server to the BlackBerry MDS Connection Service configuration set. Related topics Add communication information to a BlackBerry MDS Connection Service configuration set, 170...
Page 173
Configuring a BlackBerry MDS Connection Service to trust web servers that the BlackBerry MDS Connection Service requires to communicate with servers to a configuration set so that a BlackBerry MDS Connection Service instance can communicate with the servers after you assign the configuration set to the instance.
Add a retrieved certificate for a web server to the key store You can use the Java® keytool to add a certificate for a web server to the BlackBerry® MDS Connection Service key store. The certificate permits the BlackBerry MDS Connection Service to connect to the trusted web server.
Specify the pending content timeout limit for a BlackBerry MDS Connection Service You can specify how long a BlackBerry® MDS Connection Service waits for acknowledgment from a BlackBerry device before it deletes pending content for the BlackBerry device. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology >...
Click Save all. Specify the thread pool size of a BlackBerry MDS Connection Service You can specify the maximum number of threads that a BlackBerry® MDS Connection Service can process at the same time. Before you begin: Verify that your system memory can support the thread pool size that you want to specify.
BlackBerry MDS Connection Service. When a BlackBerry MDS Connection Service uses scalable HTTP, it streams data to and from BlackBerry devices instead of storing and forwarding the data. If you want a BlackBerry MDS Connection Service to process data as it did in previous versions of the BlackBerry® Enterprise Server, you can prevent a BlackBerry MDS Connection Service from using scalable HTTP.
Specify how often a BlackBerry MDS Connection Service polls for configuration information You can specify how often a BlackBerry® MDS Connection Service polls the BlackBerry Configuration Database for changes to the administration settings for the BlackBerry MDS Connection Service and BlackBerry Collaboration Service.
• To create an email message filter that does not deliver email messages that match the filter criteria to BlackBerry devices, select Do not forward email messages to the device. • To create an email message filter that forwards email messages that match the filter criteria to BlackBerry devices, select Forward email messages to the device.
To move the email message filter higher or lower in the list, click the Up or Down icons. The BlackBerry® Enterprise Server applies email message filters in the order that they are listed in. Organize the email message filters from the least restrictive to the most restrictive.
BlackBerry Enterprise Server. To create a copy of existing email message filters, you can export the existing email message filters for a BlackBerry Enterprise Server as an .xml file. You can then import the .xml file so that you can use it with another instance of the BlackBerry Enterprise Server.
Administration Guide Copying existing email message filters to user accounts In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Email. Click the instance that you want to change.
You can add extension plug-ins to a BlackBerry® Messaging Agent. The BlackBerry Messaging Agent uses extension plug-ins to process and make changes to email messages and attachments that the BlackBerry Messaging Agent sends to and receives from BlackBerry devices. For example, you can add an extension plug-in to modify the signature in email messages.
Repeat steps 4 and 5 for each extension plug-in that you want to add. If necessary, click the Up and Down icons to set the order that the BlackBerry Messaging Agent uses the extension plug-ins to process email messages in.
You can map up to four fields that users define in the contact information on their computers to their BlackBerry devices. When users request a remote contact lookup from the contact list, the fields that you configure display on BlackBerry devices.
Map a contact list field in an email application to a contact list field on a BlackBerry device You can map up to four contact list fields that users define in an email application to a BlackBerry® device. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User.
Page 187
Administration Guide Mapping contact information fields for synchronization and contact lookups Click Continue to user information edit. 10. Click Save all.
You can make the certificate enrollment process required so that devices automatically start the certificate enrollment process after the devices receive the updated IT policy from the BlackBerry Enterprise Server. If you do not make the certificate enrollment process required, you must instruct users to start the CA Profile Manager on the devices manually.
On the HTTP tab, in the Name field, type the certificate authority name. In the Service URL field, type the URL that the BlackBerry MDS Connection Service can use to send certificate requests to the certification authority using the following format: http:// <FQDN_of_CA_server>:<port_number>/* (for example, http://myca.mycompany.com:80/*).
DSML server, a CRL server, an OCSP server, or a certification authority. You must add the communication information that the BlackBerry MDS Connection Service requires to communicate with servers to a configuration set so that a BlackBerry MDS Connection Service instance can communicate with the servers after you assign the configuration set to the instance.
You can assign a BlackBerry® MDS Connection Service configuration set to a BlackBerry MDS Connection Service instance so that BlackBerry device users can access documents on remote file systems from devices, the BlackBerry MDS Connection Service can search for certificates and check for the status of the certificates from LDAP servers, DSML servers, CRL servers, or OCSP servers, and the BlackBerry MDS Connection Service can send certificate requests to a certificate authority.
BlackBerry Configuration Database when the certificate enrollment process starts for a new certificate. Also, if a certificate is expired or revoked, you or a BlackBerry device user can update the certificates on the device using the certificate synchronization tool in the BlackBerry® Desktop Software or by copying an updated certificate from a media card or smart card.
Administration Guide Change the polling interval, logging, and pool size for the BlackBerry MDS Connection Service connection to the certificate authority Save and close the rimpublic.properties file. In the Windows® Services, restart the BlackBerry MDS Connection Service service. Related topics Restarting BlackBerry Enterprise Server components, 330 Properties in the rimpublic.properties file...
Desktop Manager on users' computers By default, when users open and log in to the BlackBerry® Web Desktop Manager for the first time, the browser prompts them to accept a client authentication certificate and install the required RIMWebComponents.cab file. The RIMWebComponents.cab file provides the BlackBerry®...
Manager in a Windows GPO for Windows Vista Before you begin: • Add the web address for the BlackBerry® Administration Service to the list of trusted web sites in the web browser. • Download and install the Microsoft® Group Policy Management Console with Service Pack 1. For more information about installing the service pack, see www.microsoft.com.
21. Click Show. 22. Click Add. 23. In the Enter the name of the item to be added field, type the web address for the BlackBerry Administration Service. 24. In the Enter the value of the item to be added field, type 2,2,1,0.
Page 197
Administration Guide Configure users' computers to install the client file for the BlackBerry Web Desktop Manager automatically VALUENAME "UseCoInstall" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END POLICY END CATEGORY [strings] EnableActiveXInstallFromAD="Allow user computers to install administrator-approved Microsoft ActiveX components." EnableActiveXInstallFromAD_Explain="Allow user computers to install administrator-approved Microsoft ActiveX components."...
The BlackBerry® Web Desktop Manager web address is https://<full_computer_name> /webdesktop/login. If you customized the BlackBerry Web Desktop Manager text colors or image and you want to display the changes on the login screen, you must direct users to https://<full_computer_name>/webdesktop/app? page=Login&service=page&orgId=0.
BlackBerry device, deleting data from a device, or deactivating a device. You can also customize the UI of the BlackBerry Web Desktop Manager by changing the text colors or displaying a custom image, such as your organization's logo, to match the design of your organization's intranet.
Change the text colors in the BlackBerry Web Desktop Manager You can change the text colors in BlackBerry® Web Desktop Manager to match the colors that your organization uses for UIs. In the BlackBerry® Administration Service, on the Servers and components menu, expand BlackBerry Solution topology >...
Manager You can display a custom image, such as your organization's logo, in the upper-right corner of the BlackBerry® Web Desktop Manager. The image file that you specify must be a .jpg or .gif file that is located on a trusted web site.
You can specify the domain name that appears automatically in the Domain field when users browse to the BlackBerry® Web Desktop Manager login page. You can specify only one domain name. You can also provide the domain name to users when you send their login information to them.
Wi-Fi networks. You can manage the configuration settings for user accounts that are associated with a BlackBerry® Enterprise Server by creating Wi-Fi profiles. You can create and assign one or more Wi-Fi profiles to a user account or to a group using a process that is similar to the process you use to create an IT policy and assign it to a user account.
Page 204
If necessary, configure your organization’s enterprise Wi-Fi network to access the DHCP server. • If you do not use static IT addresses, use the DNS lookup tool on a Wi-Fi enabled BlackBerry device to verify that the BlackBerry device can access the DHCP server.
Configure a Wi-Fi profile on a BlackBerry device You can instruct BlackBerry® device users to perform the following task if you want users to configure a Wi-Fi® profile for the Wi-Fi networks that you did not create a Wi-Fi profile for in the BlackBerry® Administration Service. By default, new Wi-Fi profiles appear at the end of the Wi-Fi profile list on the BlackBerry device.
Click Save all. When you assign a Wi-Fi profile to a group that has at least one user account assigned to it, the BlackBerry Administration Service creates jobs to deliver the resulting objects to BlackBerry devices.
BlackBerry® Enterprise Server uses) on a BlackBerry device or using a VPN profile or IT policy. You can assign one or more VPN profiles to a user account or to a group. If a user account has a VPN profile, you can associate the VPN profile with the Wi-Fi profile for the user account.
Click Save. When you assign a VPN profile to a group that has at least one user account assigned to it, the BlackBerry Administration Service creates jobs to deliver the resulting objects to BlackBerry devices.
Associate a VPN profile with a Wi-Fi profile To permit a BlackBerry® device to connect to a Wi-Fi® network using a VPN session, you must associate a VPN profile with a Wi-Fi profile that you assigned to the user account.
Consider the following guidelines: • Specify only one action that you want the BlackBerry® Enterprise Server to perform in each row of the file. • To assign more than one action to a user account, create multiple rows for the user account.
Page 211
Fields in the .csv file that contains profile information The following table describes the fields that you can configure in a .csv file. The BlackBerry® Administration Service uses the fields in the .csv file to update profile information that you assigned to user accounts.
Import profile information from a .csv file The BlackBerry® Administration Service processes actions in the order that they appear in the .csv file. If two actions that you listed in the file contradict each other, the action that appears closer to the end of the file is the action that the BlackBerry Administration Service processes.
WEP key numbering in the configuration settings of the Wi-Fi profile for the enterprise Wi-Fi network. For example, WEP key 1 on the BlackBerry device is WEP key 0 in the configuration settings, and WEP key 2 on the BlackBerry device is WEP key 1 in the configuration settings.
For more information about configuration settings, see the BlackBerry Enterprise Server Policy Reference Guide. • Assign the Wi-Fi profile to the user accounts. • Resend the IT policy that you assign to the user accounts to Wi-Fi enabled BlackBerry devices. Related topics Creating and configuring Wi-Fi profiles, 201 Configuring PSK encryption The IEEE®...
BlackBerry devices support LEAP authentication that uses a user name and password. You must distribute the user name and password using a Wi-Fi profile that you assign to user accounts. BlackBerry devices use a one-way function to encrypt passwords before they send the passwords to the authentication server.
PEAP authentication require the root certificate for the certificate authority that issued the certificate. To distribute the root certificate to BlackBerry devices, you can use the certificate synchronization tool in the BlackBerry® Desktop Manager. You must configure a Wi-Fi profile to provide the user name and password for authentication.
Distribute a certificate using the BlackBerry Desktop Manager If a BlackBerry® device requires the root certificate for the certificate authority, a client certificate, or both, you can distribute the certificates using BlackBerry® Desktop Manager. The BlackBerry device can add the certificates to the list of explicitly trusted certificate authority certificates or the list of client certificates.
12. Verify that the Allow inter-access point handover option is selected. 13. If necesssary, select the Prompt before connection check box. If you do not select the check box, the BlackBerry device connects to an available wireless access point automatically.
To trust the authentication server certificate, BlackBerry devices must trust the certificate authority that issued the certificate. A certificate authority that the BlackBerry devices and the authentication server trust mutually must generate the certificate for the authentication server and the certificate for each BlackBerry device.
12. Verify that the Allow inter-access point handover option is selected. 13. If necessary, select the Prompt before connection check box. If you do not select the check box, the BlackBerry device connects to an available wireless access point automatically.
EAP-TTLS authentication require the root certificate for the certificate authority that created the authentication server certificate. To distribute the root certificate to BlackBerry devices, you can use the certificate synchronization tool in BlackBerry® Desktop Manager or you can enroll the certificate over the wireless network.
11. Verify that the Allow inter-access point handover option is selected. 12. If necesssary, select the Prompt before connection check box. If you do not select the check box, the BlackBerry device connects to an available wireless access point automatically.
Send EAP-FAST authentication data to a BlackBerry device using a Wi-Fi profile If BlackBerry® users in your organization's environment use BlackBerry® 7270 smartphones, you must configure user names and passwords using IT policy rules instead of configuration settings. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy > Wi- Fi configuration.
If your organization uses dynamic IP addresses, verify that the Automatically obtain IP address and DNS option is selected. If necesssary, select the Prompt before connection check box. If you do not select the check box, the BlackBerry device connects to an available wireless access point automatically.
When users try to open a Wi-Fi or VPN connection that requires two-factor authentication on the BlackBerry devices, the BlackBerry devices prompt the users to type the software token PIN and submit the current tokencode for the connection type to create the passcode for two-factor authentication.
Configure RSA authentication over a Wi-Fi network using a software token You must add the serial number of the software token that the Wi-Fi® enabled BlackBerry® devices can use to a Wi- Fi profile so that RSA® authentication can occur over Wi-Fi connections.
Configure RSA authentication over a VPN network using a software token You must add the serial number of the software token that the Wi-Fi® enabled BlackBerry® device can use to a VPN profile so that RSA® authentication can occur over VPN connections.
Page 228
Administration Guide Assign software tokens to a user account 11. Click Save all.
SSL certificate to protect the HTTPS connection. You can import a self-signed SSL certificate or a trusted certificate that a certification authority signs after the installation process completes. If you configure a BlackBerry Administration Service pool, you must generate an SSL certificate that uses the name of the BlackBerry Administration Service pool.
BlackBerry Enterprise Server installation process, you provide the Windows domain, user name, and password for the Microsoft Active Directory account, and, if required, the names of the global catalog servers that the BlackBerry Administration Service can use. You can change the Windows domain, user name, and password for the Microsoft Active Directory account and global catalog servers after the installation process completes.
• To control which user accounts the BlackBerry Administration Service can authenticate with, type the distinguished name of the user container (for example, OU=sales,DC=example,DC=com). If you want the BlackBerry Administration Service to find all of the global catalog servers in the resource forest automatically, in the Global Catalog server discovery drop-down list, click Automatic.
Configure constrained delegation for the Microsoft Active Directory account to support single sign-on authentication Use the Windows Server® ADSI Edit tool to add the following SPNs for the BlackBerry® Administration Service pool to the Microsoft® Active Directory® account : • HTTP/<BAS_pool_FQDN> (for example, HTTP/BASconsole104.example.com) •...
Instruct all administrators and device users to add the web addresses for the BlackBerry Administration Service and BlackBerry® Web Desktop Manager to the list of web sites in the local intranet zone and install the certificate for the BlackBerry Administration Service or BlackBerry Web Desktop Manager in the certificate store of their computers.
Before you begin: Verify that you have database owner permissions for the BlackBerry Configuration Database. On all of the computers that host BlackBerry Administration Service instances, in the Windows® Services, stop the BlackBerry Administration Service services.
Protecting and redistributing devices Protecting and redistributing devices Preparing a device for redistribution to a new user You can prepare a BlackBerry® device for redistribution to a new BlackBerry device user by performing one of the following actions: • use the security options on the device to permanently delete all user data •...
To help secure your organization's data on a personal BlackBerry® device, you can permit your organization to delete work data from a device when a user no longer works at your organization. You can use the BlackBerry Administration Service to require that a personal device remove only work data when the device receives the Delete only the organization data and remove device IT administrative command over the wireless network.
Delete only work data from a device Before you begin: If you want to remove your organization's applications from the BlackBerry® device, create a software configuration that includes the applications and set the disposition of all work applications to Disallowed in the software configuration.
The BlackBerry® Enterprise Server includes IT administration commands that you can send over the wireless network to protect sensitive data on a BlackBerry device. You can use the commands to lock the device, permanently delete work data, permanently delete user information and application data, and return the device settings to the default values.
Optionally, in the Removing users and devices section, in the Actions drop-down list, perform one of the following actions: • To delete a user account from the BlackBerry® Enterprise Server but retain the BlackBerry Enterprise Server information in the user's mailbox, click Delete the user.
Using IT administration commands to protect a lost or stolen device Protect a lost device If a user misplaces a BlackBerry® device or if a device is stolen, you can protect the data on the device by locking the device or making it unavailable.
Page 241
Using IT administration commands to protect a lost or stolen device • To disable a user account from the BlackBerry Enterprise Server and remove the BlackBerry Enterprise Server information from the user's mailbox, click Disable the user and remove BlackBerry information from the user's messaging system.
Switch the appropriate tabs to change the appropriate permissions. Click Save all. After you finish: Instruct administrators to log out of the BlackBerry Administration Service and log in again so that the changes can take effect immediately. Change the roles for an administrator account To reflect the changes to an administrator's responsibilities in your organization, you can add or remove one or more administrative roles for the administrator account.
Delete an administrator account You can delete an administrator account when you no longer require it in your organization's environment. Before you begin: If the administrator is also a BlackBerry® device user, remove the BlackBerry device from the administrator account.
You can either create user-specific groups and assign roles to those groups or use the default user groups that contain pre-existing roles. If you are managing a large number of groups (over 3000) using the BlackBerry Administration Service in a single domain, your organization's environment might experience a performance impact.
BlackBerry Web Desktop Manager such as setting an activation password or locking their BlackBerry device. Remove a user account from a group In the BlackBerry® Administration Service, on the BlackBerry solution management menu, expand Group. Click Manage groups. Click the group name.
BlackBerry Enterprise Server recognizes the new mailbox location. If you move a user mailbox or change its display name on the messaging server, the BlackBerry Enterprise Server is designed to update the user account within 15 minutes of when the change occurs. If you move a hidden mailbox that does not appear in the contact list, you must update the user account that is associated with the BlackBerry Enterprise Server manually.
In the BlackBerry Enterprise Server status list, click Disable as BlackBerry user. Perform one of the following actions: • To retain the BlackBerry Enterprise Server information in the user’s mailbox, click Yes - Disable as BlackBerry user. • To delete the BlackBerry Enterprise Server information from the user’s mailbox, click Yes - Disable as a BlackBerry user and remove the BlackBerry information from the user's mail system.
You can update the contact list in the BlackBerry® Configuration Database so that you can include any organizational changes or updates in the contact list. The amount of time that the BlackBerry Mail Store Service requires to update the contact list depends on the contact list size.
Page 249
Administration Guide Managing user accounts In the search results, click the BlackBerry device PIN. In the Communications list, click Resend service books to a device.
The default value is 15 minutes. In the General section, in the Mark job as failed field, type the number of days that the BlackBerry Administration Service waits before it defines a job that was not delivered to BlackBerry devices as failed.
Change how IT policies are sent to BlackBerry devices You can change the settings that the BlackBerry® Administration Service uses to send all IT policy settings and updates to BlackBerry devices. If you change the default settings for IT policy distribution, your organization's environment might experience a performance impact.
Managing the default distribution settings for jobs If necessary, in the Total number of tasks per time window per BlackBerry Administration Service instance field, type the total number of IT policy tasks that you want the BlackBerry Enterprise Server to process during each processing interval.
The default value is 25. If necessary, in the Total number of tasks per time window per BlackBerry Administration Service instance field, type the total number of application tasks that you want the BlackBerry Enterprise Server to process during each processing interval.
BlackBerry Enterprise Server to process at the same time. The default value is 1000. On the Job throttling tab, to turn on throttling for all BlackBerry Device Software tasks in jobs, select Enabled to reduce load on system. If necessary, in the Default throttling for all BlackBerry Device Software tasks in each job in a time window...
When you create a software configuration and assign it to user accounts, change a software configuration that you assigned to user accounts, or assign or change an IT policy, the BlackBerry® Administration Service creates jobs to deliver the resulting objects or settings to BlackBerry devices. Before the BlackBerry Administration Service delivers a specific job, you can change the delivery schedule of the job, priority of the job, and how the job delivers IT policies, BlackBerry Java®...
Service. You can also change the priority of a job. By default, all jobs have a medium priority. If you change the priority of a job to low, the BlackBerry® Enterprise Server processes it after the jobs with a medium or high priority. The BlackBerry Enterprise Server processes jobs with a high priority before it processes jobs with a medium or low priority.
If necessary, in the Total number of tasks per time window per BlackBerry Administration Service instance field, type the total number of IT policy tasks in the job that you want the BlackBerry Enterprise Server to process during each processing interval.
If necessary, in the Total number of tasks per time window per BlackBerry Administration Service instance field, type the total number of application tasks in the job that you want the BlackBerry Enterprise Server to process during each processing interval.
Page 259
Click the Add icon. To turn on throttling for all BlackBerry Device Software tasks in jobs, in the Default throttling enablement for all BlackBerry Device Software tasks in each job in a time window section, click Enabled to reduce load on system.
BlackBerry devices. You can change how the BlackBerry Administration Service sends settings and updates in jobs to BlackBerry devices. If you change the default distribution settings for the standard application settings in BlackBerry Device Software configurations, your organization's environment might experience a performance impact.
If necessary, in the Total number of tasks per time window per BlackBerry Administration Service instance field, type the total number of tasks for standard application settings in the job that you want the BlackBerry Enterprise Server to process during each processing interval.
• If you configured the software configuration to permit unlisted applications on BlackBerry devices, and you do not want to permit users to install the application on their BlackBerry devices, perform steps 7 to 12. Click Add applications to software configuration.
If you remove a software configuration from a user account, the applications in the software configuration are removed from the BlackBerry® device associated with the user account. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User. Click Manage users.
You can prevent BlackBerry® device users from accessing specific web servers using the BlackBerry® Browser or applications on BlackBerry devices. To specify the web servers that you want users to access, you can turn on pull authorization to restrict access to all types of web content and create pull rules to specify a list of web servers that you permit users to access.
Restricting user access to content on web servers A web site that uses DNS load balancing returns a single IP address to the BlackBerry MDS Connection Service but might use multiple IP addresses to provide access to the web site. As a result, the BlackBerry MDS Connection Service might not be able to restrict BlackBerry devices from accessing the web site.
The device user is not prompted to enter authentication credentials if they are not required by the web site. • To require that the BlackBerry MDS Connection Service authenticates a user using integrated Windows authentication, click Integrated. • To require that a user authenticates to the RSA Authentication Manager using RSA authentication, click RSA.
Restricting user access to media content in the BlackBerry Browser You can use standard definitions for MIME media types so that you can restrict the media types that the BlackBerry® MDS Connection Service can send to the BlackBerry® Browser and other applications on BlackBerry devices.
BlackBerry device users can download to BlackBerry devices during each connection. Each request for data that the device makes to the BlackBerry MDS Connection Service is a connection. If you do not configure a limit for media content types, the default values apply.
You must also configure two-way trust between the Microsoft Active Directory domain that the BlackBerry MDS Connection Service is running on and other Microsoft Active Directory domains in other forests that the BlackBerry MDS Connection Service must connect to. The S4U2proxy extension that the BlackBerry MDS Connection Service uses to retrieve the Kerberos™...
Page 270
For more information about configuring the Microsoft Active Directory account using setspn and Microsoft Active Directory, visit www.blackberry.com/btsc to read article KB22726. If a pool of application servers host a intranet site and the pool is running on Microsoft® IIS and is located behind a load-balancer, use setspn or ADSI to add the SPNs of the intranet site to the user account (also known as the identity) of the pool.
Page 271
Repeat steps 1 to 6 for each intranet site that you want to turn on integrated Windows authentication for. After you finish: • If required, configure BlackBerry® MDS Connection Service to use a Microsoft Active Directory account when the messaging server is in a remote Microsoft Active Directory domain. •...
Microsoft Active Directory domain If the computer that hosts the BlackBerry® MDS Connection Service is not located in the same Microsoft® Active Directory® domain as the global catalog server or messaging server and you want to configure support for Integrated Windows®...
Configure the Microsoft® Active Directory® account to access resources on your organization's network. • If required, configure BlackBerry® MDS Connection Service to use a Microsoft Active Directory account when the messaging server is in a remote Microsoft Active Directory domain.
Push initiators specify which server-side push applications are authenticated and permitted to send push requests to applications on BlackBerry® devices. For push initiators to work, you must turn on push authentication for the BlackBerry MDS Connection Service. You can configure several server-side push applications to use the same push...
If you turned on push authentication and created push initiators to specify which push applications can send push requests, you can create push rules to specify which users are permitted to receive authenticated push requests. The BlackBerry® MDS Connection Service can apply push rules only if you turn on push authorization for the BlackBerry MDS Connection Service.
Administration Guide Restricting the push application content that users can receive Create a push rule In the BlackBerry® Administration Service, in the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view. Click MDS Connection Service.
Encrypt push requests that push applications send to BlackBerry devices You can configure a BlackBerry® MDS Connection Service to use SSL or TLS to encrypt the push requests that server- side push applications send to BlackBerry devices. By default, the BlackBerry MDS Connection Service does not encrypt the push requests that server-side push applications send.
When a BlackBerry Java Application receives an application-reliable push request, it sends a delivery confirmation message to the BlackBerry MDS Connection Service, which sends the message to the server-side push application. You must specify the device port numbers that the BlackBerry Java Applications listen on for application-reliable push requests.
Configure the maximum number of active connections that a BlackBerry MDS Connection Service can process You can configure the maximum number of push connections that a BlackBerry® MDS Connection Service can process at the same time. The BlackBerry MDS Connection Service queues the push connections that exceed this limit.
The BlackBerry® MDS Connection Service queues push connections when the number of connections exceeds a limit that you specify. You can configure the maximum number of push connections that a BlackBerry MDS Connection Service can queue. The BlackBerry MDS Connection Service sends a "service unavailable" message to BlackBerry devices when the number of pending push connections in the queue exceeds the limit.
Delete organizer data for members of a user group from the BlackBerry Enterprise Server If the BlackBerry® Enterprise Server is not writing organizer data for members of a user group from their BlackBerry devices to the BlackBerry Configuration Database correctly, the organizer data on the BlackBerry Enterprise Server might be corrupted.
Delete a user's organizer data from a BlackBerry Enterprise Server If the BlackBerry® Enterprise Server writes a user’s organizer data from a BlackBerry device to the BlackBerry Configuration Database incorrectly, the organizer data on the BlackBerry Enterprise Server might become corrupt.
Click Edit component. For each type of organizer data, in the Synchronization type drop-down list, perform one of the following actions: • To synchronize data from the BlackBerry® Enterprise Server to the BlackBerry device only, click Server to Device. • To synchronize data from the BlackBerry device to the BlackBerry Enterprise Server only, click Device to Server.
Administration Guide Changing how organizer data synchronizes • To synchronize data from the BlackBerry device to the BlackBerry Enterprise Server only, click Device to Server. • To synchronize data from the BlackBerry device to the BlackBerry Enterprise Server and from the BlackBerry Enterprise Server to the BlackBerry device, click Bidirectional.
By default, the BlackBerry® Synchronization Service synchronizes pictures that a user adds to contact entries in their contact list between the BlackBerry device and the email applications on their computer. A user can add, delete, and change pictures in the email applications on the computer or on the BlackBerry device.
BlackBerry devices. You can also manage individual user accounts, provide support to users, control the size of the message queue, and control the load on the BlackBerry Messaging Agent to process forwarding requests. By default, email message forwarding is turned on when you add a user account to the BlackBerry Enterprise Server.
• To forward email messages from the user's inbox and sent items folder, click Inbox and Sent Items only. • To select the folders that you want the BlackBerry Enterprise Server to forward messages from, click Selected folders. Click the folders that you want to forward messages from.
If you do not want a user’s email application to receive a copy of email messages that the user sends from the BlackBerry® device, you can turn off synchronization for email messages that the user sends from the BlackBerry device.
To manage network resources and control the number of email messages on a user's BlackBerry® device, you can turn off email message forwarding when a user's BlackBerry device is connected to the user's computer using a USB connection.
Turn on reconciliation for email messages that are hard deleted Users can hard delete email messages in Microsoft® Outlook® and you can configure a BlackBerry® Enterprise Server to remove hard deleted messages from BlackBerry devices. If you turn on hard deletes reconciliation, the BlackBerry Messaging Agent also deletes email messages from devices when users archive or move email messages to personal folders in Microsoft Outlook.
• In the Windows® Services, restart the BlackBerry Dispatcher. Repeat step 2 to step 6 for each BlackBerry Enterprise Server instance that you want to turn off the feature for. After you finish: To allow the user to check the availability of a potential meeting participant, in the Messaging Options section, change Free busy lookup turn on to True.
• If you are changing a BlackBerry Enterprise Server instance, in the Status list, click Restart instance. • If you are changing a BlackBerry Enterprise Server pair, in the Status list for one of the instances in the pair, click Restart instance. Repeat this step for the other instance in the pair.
You can change an IT policy rule to prevent the BlackBerry® Enterprise Server from sending email messages that contain HTML and rich content or inline images to users. If you turn off support for rich text formatting, the BlackBerry Enterprise Server sends all email messages in plain text format.
By default, a user can synchronize contacts from all of the published public contact folders on the messaging server with the contact lists on a BlackBerry® device. To help manage network resources, you can select the published public contact folders that a user can synchronize.
In the Messaging configuration section, click Device configuration. On the Email tab, in the Redirection settings section, click Selected Folders. Select the folders that you want to permit the user to synchronize with the contact lists on the BlackBerry device. Click Continue to user information edit.
BlackBerry MDS Connection Service. For remote file systems that require authentication, you can provide the credentials to the BlackBerry MDS Connection Service so that users do not need to provide the credentials when they access the documents.
Administration Guide Configuring access to documents on remote file systems • In the User name field, type the name of the account that you want the BlackBerry MDS Connection Service to use to authenticate to the remote file system. • In the Authentication domain field, type the domain for the user account.
You can assign a BlackBerry® MDS Connection Service configuration set to a BlackBerry MDS Connection Service instance so that BlackBerry device users can access documents on remote file systems from devices, the BlackBerry MDS Connection Service can search for certificates and check for the status of the certificates from LDAP servers, DSML servers, CRL servers, or OCSP servers, and the BlackBerry MDS Connection Service can send certificate requests to a certificate authority.
Add a disclaimer to email messages that users send from BlackBerry devices You can add a disclaimer to email messages that users send from their BlackBerry® devices. Users cannot change the disclaimers that you define. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry solution topology >...
You can add a disclaimer to all email messages that are sent by a user that is different from the disclaimer that you added for all users on a BlackBerry® Enterprise Server. A user cannot change the disclaimer that you define.
To monitor the content of email messages that users send from their BlackBerry® devices, you can BCC specific email addresses on the email messages. You can BCC the email addresses of all of the users that you assign to a BlackBerry Messaging Agent.
Sending notification messages to users You can send a notification message to a user, to all of the users associated with a BlackBerry® Enterprise Server, or to all of the users in the BlackBerry Domain. You can send notifications as email messages or PIN messages. PIN messages are appropriate for informing users about messaging server outages because BlackBerry devices send and receive PIN messages directly, without using the messaging server.
BlackBerry Attachment Service instances When a user sends a request to view an email message attachment on a BlackBerry® device, the BlackBerry device sends a request to the BlackBerry® Enterprise Server to convert the attachment. The BlackBerry Enterprise Server...
In the General section, in the Minimum wait for retry per request field, type the amount of time, in milliseconds, that the BlackBerry Attachment Connector waits before it resends a request that is not delivered to a BlackBerry Attachment Service.
In the General section, in the Minimum wait to attempt restore of lost connection field, type the amount of time, in milliseconds, that the BlackBerry Attachment Connector waits before it tries to restore a lost connection to a BlackBerry Attachment Service.
IBM® Lotus® Symphony™ only. The fonts that can be displayed in slides are dependent on the font types that are available on the BlackBerry Attachment Service. If a specific font is not available, the BlackBerry Attachment Service uses the most similar font type that is available.
The BlackBerry Enterprise Server sends data to BlackBerry devices over the wireless network in packets that are no larger than 64 KB, and it can send an unlimited number of packets to BlackBerry devices.
BlackBerry Attachment Service optimization settings Setting Description Range Submit port This setting specifies the TCP/IP port number that a BlackBerry® Attachment — Service uses to listen for and receive attachment conversion requests in a predefined XML/binary protocol. The default value is 1900.
Change the maximum file size for attachments that users can receive The BlackBerry® Attachment Service uses memory during the attachment conversion process. If users try to open large or complex attachments (for example, .pdf files or ASCII text files that are larger than 2 MB) or multiple attachments at the same time, you might want to limit the file size for attachments.
BlackBerry Attachment Service instances. If your organization uses new common extensions for a file format that there is a distiller available for on a BlackBerry Attachment Service, you must add those extensions to the BlackBerry Attachment Connector. For example, if users send .rtf files as .wav files, you must verify that the BlackBerry Attachment Connector supports .wav files and that...
Data that a BlackBerry device and the messaging server send each other over the wireless network must be in packets that are no larger than 64 KB. If a BlackBerry device sends an attachment that is larger than a single packet, the BlackBerry device divides the attachment into multiple packets.
On BlackBerry® devices that are running specific versions of the BlackBerry® Device Software, users can download attachments in native formats (for example, .txt for a text file) to their BlackBerry devices. Users can open and make changes to the files that they download using an appropriate third-party application on their BlackBerry devices. A user might be able to open specific file formats using the media application on the BlackBerry device.
Page 313
Administration Guide Changing how the BlackBerry Messaging Agent reconciles attachments to the messaging server Click the instance that you want to change. Click Edit instance. On the Messaging tab, in the Messaging options section, in the Maximum single attachment download size (KB) field, type a number, in KB, that is between 0 and 10240 (10 MB).
Microsoft Exchange Web Services and user accounts that use MAPI and CDO libraries. You can use the BlackBerry® Enterprise Trait Tool to configure the BlackBerry Enterprise Server to use only Microsoft Exchange Web Services or only MAPI and CDO libraries to manage calendars on devices. You can configure a specific BlackBerry Messaging Agent instance, a specific BlackBerry Enterprise Server, or all BlackBerry Enterprise Server instances that share one BlackBerry Configuration Database.
By default, Microsoft® Exchange 2010 uses client throttling policies to track the bandwidth that each Microsoft Exchange user consumes and enforce bandwidth limits as necessary. The policies affect the performance of the BlackBerry® Enterprise Server, so you should turn off client throttling for the Windows® account that has a Microsoft Exchange mailbox.
In the logs folder verify that the file named <server_name>_CALH_<agent_id>_<date>.txt appears. In the file name, <server_name> is the name of the BlackBerry Enterprise Server, <agent_id> is the ID of the BlackBerry Messaging Agent, and <date> is the date that you configured the BlackBerry Enterprise Server to use Microsoft Exchange Web Services.
At the command prompt, navigate to <extracted_folder>\tools. Perform one of the following actions: • To configure a specific BlackBerry Enterprise Server to use a specific web address for a client access server for Microsoft Exchange, type traittool -server <server_name> -trait EWSCASURL -set <web_address>, where <server_name>...
Messaging Agent instances can determine the user's status using Microsoft Exchange Web Services unless the user is an external user or the user's email address is a distribution list. If the BlackBerry Messaging Agent instances cannot determine the user's status using Microsoft Exchange Web Services and Microsoft Exchange public folders that are in your organization's environment, the BlackBerry Messaging Agent instances can search the Microsoft Exchange public folders for the user's status.
You can use the BlackBerry® Enterprise Trait Tool to specify whether corrective calendar synchronization checks calendar entries for a specific user, users on a specific BlackBerry® Enterprise Server, or all users. The tool uses a hierarchy to determine what calendar entries to check. Settings at the user level override settings at the server level, settings at the server level override settings at the global level, and settings at the global level override the default settings.
• To turn off corrective calendar synchronization for a specific user account, type traittool -user <smtp_address> -trait ExchangeSmartSyncEnable -set false. • To turn off corrective calendar synchronization for all user accounts that are associated with a BlackBerry Enterprise Server, type traittool -server <server_name> -trait ExchangeSmartSyncEnable -set false.
ExchangeSmartSyncSendUpdate -set true, where <level> is the SMTP address of a specific user account, the server name of a specific BlackBerry Enterprise Server for all user accounts that are associated with the specific BlackBerry Enterprise Server, or global for all user accounts.
To specify more than one value for when corrective calendar synchronization runs, after you extract the BlackBerry® Enterprise Server installation files to the computer, you can create a list of values that are separated by commas (,) at the command prompt.
Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday, Weekdays, Weekends, or Daily. The default value is Daily. Press ENTER. Example: Configuring corrective calendar synchronization to run at 10:00 PM for all users on the BlackBerry Enterprise Server that is named SERVER01 traittool -server SERVER01 -trait ExchangeSmartSyncTriggerHour -set 22...
<name> is the setting you want to delete. • To delete a setting for all user accounts that are associated with a BlackBerry Enterprise Server, type traittool -server <server_name> -trait <name> -erase, where <name> is the setting you want to delete.
BlackBerry Messaging Agent uses the MAPI32.dll library to create the temporary MAPI profiles. After you install BlackBerry Enterprise Server 4.1 SP7 or BlackBerry Enterprise Server 5.0 SP1 or later, if you are running Windows Server® 2008 and notice that the limit that Windows Server 2008 places on NSPI connections is impacting MAPI performance and the flow of email messages, you can change how the BlackBerry Messaging Agent creates temporary MAPI profiles for the CalHelper application.
Installing a collaboration client on BlackBerry devices For detailed information about the methods that you can use to install a collaboration client on BlackBerry® devices, see the "Add a collaboration client to the application repository" and "Alternative methods for installing BlackBerry Java Applications on devices"...
Click Save all. Change the transport protocol for a Microsoft instant messaging environment In the BlackBerry® Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Collaboration. Expand the instant messaging environment.
To control bandwidth and resource consumption in your organization's environment, you can specify the number of instant messaging sessions that can be open between the BlackBerry® Collaboration Service and the instant messaging server at the same time.
BlackBerry® device users can send to each other using the BlackBerry® Client for IBM® Lotus® Sametime®. The maximum file size that you specify for a file type must not exceed the maximum file size that you specified on the IBM® Lotus® Sametime® server.
.txt files in the internal memory of their BlackBerry devices or on an external memory device. You can turn off this feature if you do not want users to save their instant messaging conversations on their BlackBerry devices.
Managing a BlackBerry Domain Restarting BlackBerry Enterprise Server components When you complete certain tasks, you need to restart one or more BlackBerry® Enterprise Server components. You restart the BlackBerry Enterprise Server components using the BlackBerry Administration Service or Windows® services.
On each computer that hosts the BlackBerry® Enterprise Server component, in the Windows® Services, restart the services for the component. If you want to restart all of the BlackBerry Enterprise Server components, you must restart the Windows Services in the following order: •...
Administration Guide BlackBerry Enterprise Trait Tool traits The BlackBerry Enterprise Trait Tool file is located in the installation files for the BlackBerry Enterprise Server and is named TraitTool.exe. You must launch the TraitTool.exe file using a Windows® command prompt. Use the BlackBerry Enterprise Trait Tool Copy the BlackBerry®...
Page 335
This trait specifies the minimum version of the BlackBerry® Device Software that can receive 8 bytes of ACP data. The typical amount of ACP data that BlackBerry devices can receive is 4 bytes. The BlackBerry® Enterprise Server check-s the value of this trait to find out how many bytes of ACP data to send to devices.
Page 336
This trait specifies how the BlackBerry Messaging Agent modifies MAPI profile settings when you install the BlackBerry Enterprise Server. If you want the BlackBerry Messaging Agent to modify the MAPI profile settings that the BlackBerry Enterprise Server requires for BlackBerry Enterprise Server version 4.1 SP6 and earlier, set the trait to true (1).
Page 337
If you want the BlackBerry Enterprise Server to use only Microsoft Exchange Web Services to manage calendars on devices, change the value to true (1). If you want the BlackBerry Enterprise Server to use only MAPI and CDO libraries to manage calendars on devices, change the value to false (0).
Page 338
Microsoft Exchange Web Services or by searching for the information in the Microsoft Exchange public folders. You can configure this trait for a specific BlackBerry Messaging Agent, all BlackBerry Messaging Agent instances on a specific BlackBerry Enterprise Server, or all BlackBerry Messaging Agent instances on all BlackBerry Enterprise Server instances.
Page 339
The BlackBerry Enterprise Server checks for calendar errors on devices for all user accounts. If you don't want the BlackBerry Enterprise Server to check for calendar errors on devices, change the value to false (0) for a specific user account, all user accounts that are associated with a BlackBerry Enterprise Server, or all user accounts.
Page 340
BlackBerry Enterprise Server, or all user accounts. The default value is 0, the BlackBerry Enterprise Server checks for calendar synchronization errors on devices at 12:00 AM. For more information, see...
Page 341
Service to update the user directory in the BlackBerry Configuration Database, change the value to true (1). If you do not want the BlackBerry Mail Store Service to update the user directory in the BlackBerry Configuration Database, change the value to false (0).
Page 342
Junk folder. If you do not want the BlackBerry Enterprise Server to monitor the Junk folder for activation messages, change the value to false (0) and restart the BlackBerry Controller.
Page 343
Service to send applications using throttling in the same way that it throttles IT policies and service books, change the value to true (1). If you do not want the BlackBerry Policy Service to send applications using throttling in the same way that it throttles IT policies and service books, change the value to false (0).
Page 344
RouterAutoDiscoveryMethod This trait specifies the method that the BlackBerry Enterprise Server uses to update the list of BlackBerry Router instances in the BlackBerry Configuration Database. If you want the BlackBerry Enterprise Server to compile the list of BlackBerry Router instances automatically, change the value to true (1). If...
Permit the BlackBerry Messaging Agent to write statistics to Microsoft Exchange mailboxes By default, to reduce the workload on the Microsoft® Exchange Server, the BlackBerry® Messaging Agent 5.0 SP2 or later does not write statistics to each user's Microsoft® Exchange mailbox when it processes email messages. If you want the BlackBerry Messaging Agent to function as it did in previous versions, you can permit the BlackBerry Messaging Agent to write statistics to each user's Microsoft Exchange mailbox.
Copy a BlackBerry CAL key to a text file You can copy a BlackBerry® CAL key to a text file and save it on a computer for reference if you want to transfer CAL keys to a different BlackBerry Enterprise Server or troubleshoot BlackBerry CAL key issues.
Mail Store Service instance is updating the contact list already before it starts to update the contact list. You must verify that at least one BlackBerry Mail Store Service instance can update the contact list in the BlackBerry Configuration Database so that the BlackBerry Administration Service can access the latest contact list information when you create and manage user accounts.
If you configure Hosted BlackBerry® services, you must make sure that the name of the organization that each BlackBerry device user belongs to is listed accurately and consistently in the entry for each user in Microsoft® Active Directory®. For example, if the organization’s name appears as an acronym in some entries but in expanded form in others, the BlackBerry®...
Page 349
In the Windows Services, restart the BlackBerry Controller. Related topics Configuring the BlackBerry Enterprise Server to use LDAP to retrieve email addresses and organizer data, 348 Restarting BlackBerry Enterprise Server components, 330 Configure the BlackBerry Enterprise Server to resolve email addresses using an LDAP field that is not the Company Name field On the computer that hosts the BlackBerry®...
Microsoft® Active Directory® that you configured for multi-tenancy. When you configure the BlackBerry Enterprise Server to search within subtrees, the BlackBerry Enterprise Server searches the Microsoft Active Directory using the organizational unit information that is included in the distinguished name of the BlackBerry device users. Before you begin: •...
(for example, example.com:3268). If the BlackBerry Enterprise Server must use a specific port to connect to Microsoft Active Directory and you did not specify the port number in the LDAPDomain string, perform the following actions: Create a DWORD value named LDAPport.
Change the value to 1. To change the amount of time that the BlackBerry Enterprise Server waits for a response from Microsoft Active Directory before the connection times out (by default, 10 seconds), perform the following actions: Create a DWORD value named LDAPTimeout.
If you are required by your organization to prevent BlackBerry® device users from finding contact information for specific users, you can specify a list of users that you want to prevent BlackBerry device users from finding contact information for or you can filter users using an attribute in Microsoft® Active Directory®.
BlackBerry Policy Service when it performs the following actions: • sends IT policies and service books that you update to all BlackBerry devices that are associated with the BlackBerry Enterprise Server instance that the BlackBerry Policy Service runs on •...
If the BlackBerry® Policy Service detects that you updated an IT policy or service book in the BlackBerry Configuration Database, it schedules a task to create and deliver the IT policy or service book to BlackBerry device users that must receive the update.
Example: Configuring the maximum number of IT policies or service books that a BlackBerry Policy Service can send If you want to configure the maximum number of IT policies or service books that a BlackBerry Policy Service can send to 500, type traittool -global -trait PolicyThrottlingMaxDomainJobs -set 500.
BlackBerry Policy Service when it sends applications to devices. If you do not configure throttling, the BlackBerry Policy Service tries to process tasks as fast as the server permits, which might result in an unexpected increase in CPU usage and database usage. If you configure throttling, the BlackBerry Policy Service sends applications to devices using the same method that it uses to throttle IT policies and service books.
Change the port number that the syslog tools use to monitor BlackBerry Enterprise Server events You can change the port number that the syslog tools listen on to monitor BlackBerry® Enterprise Server events. By default, the syslog tools listen to events for the BlackBerry Enterprise Server on port 514.
Page 359
Administration Guide Change the port number that the syslog tools use to monitor BlackBerry Enterprise Server events Restarting BlackBerry Enterprise Server components, 330 Syslog connection type and port number, 397...
Messaging Agent, the extension plug-ins for the BlackBerry Messaging Agent, and the BlackBerry Dispatcher so that the BlackBerry Controller can detect when to start, restart, or stop the services. The BlackBerry Controller can also restart other BlackBerry Enterprise Server services if they stop responding.
Page 361
The default value is 6. Health checks occur every ten minutes. If a health check does not receive a response from the thread that that the BlackBerry Controller monitors, the BlackBerry Enterprise Server tracks the missed health check in the BlackBerry Messaging Agent log file as the wait count.
Change how the BlackBerry Controller restarts a BlackBerry Enterprise Server service By default, the BlackBerry® Controller restarts a BlackBerry® Enterprise Server service if it stops responding. On the computer that hosts the BlackBerry Enterprise Server component that you want to change, open the Registry Editor.
Page 363
Administration Guide How the BlackBerry Controller monitors the BlackBerry Enterprise Server components In the left pane, perform one of the following actions: • If you are running a 32-bit version of Windows®, navigate to HKEY_LOCAL_MACHINE\Software\Research In Motion. • If you are running a 64-bit version of Windows, navigate to HKEY_LOCAL_MACHINE\Software \WOW6432Node\Research In Motion.
Page 364
Administration Guide How the BlackBerry Controller monitors the BlackBerry Enterprise Server components Task Steps • To prevent the BlackBerry Controller from restarting the BlackBerry Router if the service stops responding, type 0. • To permit the BlackBerry Controller to restart the BlackBerry Router if the service stops responding, type 1.
Configuring notifications using the BlackBerry Enterprise Server Alert Tool You can use the BlackBerry® Enterprise Server Alert Tool to monitor the Windows Event Log™ and send users that you define as notification recipients a notification message when the tool records a critical, error, warning, or informational event.
Page 366
In the Email address field, type the recipient's email address. To send notification messages as popup messages on the contact's computer, in the Console field, type the name of the contact's computer. Click OK. Related topics Restarting BlackBerry Enterprise Server components, 330...
You can use the log files for PIN messages to monitor the time and frequency when users send PIN messages from BlackBerry® devices. The log files are named using the format PINLog_<yyyymmdd>. By default, logging for PIN messages is turned off.
Turn off call logging You can use the log files for calls to monitor the time and frequency when users make calls from BlackBerry® devices. The log files are named using the format PhoneCallLog_<yyyymmdd>. By default, logging for calls is turned on.
Store the log files for BlackBerry Enterprise Server components in one folder You can store the log files for BlackBerry® Enterprise Server components in one folder instead of permitting the BlackBerry Enterprise Server to save the log files in folders that it creates daily and organizes by date.
Related topics Create an additional log file for a BlackBerry Enterprise Server component when the current log file reaches its maximum size, 369 Restarting BlackBerry Enterprise Server components, 330 Change the logging level for a BlackBerry Enterprise Server component You can select whether the information that you save to the log files is detailed or limited by changing the logging level for a BlackBerry®...
Change the identifier of the log file for a BlackBerry Enterprise Server component You can identify the log file for a BlackBerry® Enterprise Server component by the identifier that is included in the file name. For example, a log file that is named BBServer01_SYNC_01_20080120_001.txt uses the default component identifier SYNC to identify the BlackBerry Synchronization Service component.
Page 372
You can change the character encoding of the log files of a BlackBerry® Enterprise Server component so that the encoding supports the tools that you use to parse and examine the log files. You can specify a different character encoding for each BlackBerry Enterprise Server component.
Click Reset logging defaults. Click Save all. For the changes to take effect, perform any of the following actions to restart the BlackBerry® Enterprise Server services: • To restart services other than the BlackBerry Administration Service, on the Servers and components menu, locate and restart the services that you restored to default values.
Changing how the BlackBerry MDS Connection Service creates a log file Change the logging level for BlackBerry MDS Connection Service log files You can change the logging level for the BlackBerry® MDS Connection Service log file, which includes the event log, UDP log files, and TCP log files.
UDP log file messages The SNMP agent for the BlackBerry® Enterprise Server receives UDP log file messages from the same host and port number that the BlackBerry MDS Connection Service connects to when it sends UDP log messages.
Page 376
Change the activities that the BlackBerry MDS Connection Service writes to a log file The settings for the activities that the BlackBerry® MDS Connection Service writes to a log file apply to all log files, including the event log, UDP log files, and TCP log files.
Connection Service proxies in the BlackBerry MDS Connection Service log files. You can find the BlackBerry MDS Connection Service log files on the computer that hosts the BlackBerry Enterprise Server. You can identify BlackBerry MDS Connection Service log files by the component identifier MDAT in the log file name.
Change which activities the BlackBerry Collaboration Service writes to a log file In the BlackBerry® Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Collaboration. Expand a BlackBerry Collaboration Service, then click an instance.
Page 379
BlackBerry Collaboration Service log files Task Steps Trace how data packets travel inside the GME In the GME logging turned on drop-down list, click network layer from the BlackBerry Collaboration True. Service to the BlackBerry Dispatcher. Click Save all. Related topics...
BlackBerry Enterprise Solution connection types and port numbers BlackBerry Enterprise Solution connection types and port numbers The BlackBerry® Enterprise Server components authenticate the port connections over a TCP/IP or UDP/IP connection that uses SSL or TLS. BlackBerry Administration Service connection types and...
Page 381
Administration Guide BlackBerry Administration Service connection types and port numbers Item Connection Default port UI where you can type number configure the connection incoming data connections from, and outgoing data HTTPS BlackBerry connections to, browsers Configuration Panel incoming data connections from, and outgoing data...
Administration Guide BlackBerry Attachment Service connection types and port numbers Item Connection Default port UI where you can type number configure the connection 17600 to 17609 and 17800 to 17809 BlackBerry Attachment Service connection types and port numbers Item Connection...
Administration Guide BlackBerry Collaboration Service connection types and port numbers Item Connection Default port UI where you can configure type number the connection \BlackBerry Enterprise Server \Database\Port BlackBerry Collaboration Service connection types and port numbers Item Connection Default port UI where you can configure...
Administration Guide BlackBerry Configuration Database connection types and port numbers Item Connection Default port UI where you can configure type number the connection \BlackBerry Enterprise Server \Database\Port outgoing syslog connections to the SNMP agent 4071 Windows registry • On a 32-bit version of...
Administration Guide BlackBerry Controller connection types and port numbers Item Connection Default port UI where you can configure type number the connection \BlackBerry • BlackBerry Policy Service Enterprise Server • BlackBerry Synchronization Service \Database\Port • On a 64-bit version of...
Administration Guide BlackBerry Dispatcher connection types and port numbers Item Connection Default port UI where you can configure type number the connection Enterprise Server \Logging Info \Mailbox Agent \SysLogHost outgoing syslog connections to the BlackBerry port — Messaging Agent number...
Page 387
Administration Guide BlackBerry Dispatcher connection types and port numbers Item Connection Default port UI where you can configure type number the connection incoming data connections from, and outgoing data 3200 — connections to, one or more of the following BlackBerry® Enterprise Server components: •...
Administration Guide BlackBerry Messaging Agent connection types and port numbers Item Connection Default port UI where you can configure type number the connection \BlackBerrySNMPAg ent\Parameters \UDPPort • On a 64-bit version of Windows: HKEY_LOCAL_MACHI NE\SOFTWARE \WOW6432Node \Research In Motion \BlackBerrySNMPAg...
Page 389
Administration Guide BlackBerry Messaging Agent connection types and port numbers Item Connection Default port UI where you can configure type number the connection Enterprise Server \Agents \TcpPortDispatcher incoming data connections from, and outgoing data 1433 Windows registry connections to, the BlackBerry Configuration Database •...
Administration Guide BlackBerry MDS Connection Service connection types and port numbers Item Connection Default port UI where you can configure type number the connection \WOW6432Node \Research In Motion \BlackBerry Enterprise Server \Agents\SysLogHost outgoing syslog connections to the SNMP agent 4071 Windows registry •...
Page 391
Administration Guide BlackBerry MDS Connection Service connection types and port numbers Item Connection Default port UI where you can configure type number the connection if access control for push applications is turned on, HTTPS 8443 BlackBerry Administration incoming connections for the HTTP listener port...
Administration Guide BlackBerry Monitoring Service connection types and port numbers Item Connection Default port UI where you can configure type number the connection \BlackBerrySNMPAg ent\Parameters \UDPPort incoming data connections for reliable pushes 7874 BlackBerry Administration Service BlackBerry Monitoring Service connection types and port...
Administration Guide BlackBerry Policy Service connection types and port numbers BlackBerry Policy Service connection types and port numbers Item Connection Default port UI where you can configure type number the connection incoming data connections from, and outgoing data 3200 —...
Page 394
Administration Guide BlackBerry Router connection types and port numbers Item Connection Default port UI where you can configure type number the connection Windows® registry • On a 32-bit version of Windows: HKEY_LOCAL_MACHI NE\SOFTWARE \Research In Motion \BlackBerryRouter \ServicePort • On a 64-bit version of...
Page 395
Administration Guide BlackBerry Router connection types and port numbers Item Connection Default port UI where you can configure type number the connection • On a 32-bit version of Windows: HKEY_LOCAL_MACHI NE\SOFTWARE \Research In Motion \BlackBerryRouter \DevicePort • On a 64-bit version of...
Administration Guide BlackBerry Synchronization Service connection types and port numbers BlackBerry Synchronization Service connection types and port numbers Item Connection Default port UI where you can configure type number the connection incoming data connections from, and outgoing data 3200 —...
TCP/IP 1533 IBM® Lotus® Sametime® connections to the BlackBerry® Collaboration Service Administration Tool Microsoft Exchange connection types and port numbers Item Connection Default port UI where you can configure...
5060 Microsoft Office Live connections to, the connector for the Microsoft Office Communications Server Live Communications Server BlackBerry Client for use with Microsoft Office Live Communications Server 2005 connection types and port numbers Item Connection Default port...
Syslog connection type and port number Item Connection Default port UI where you can configure type number the connection listener port for the BlackBerry® Enterprise Server Windows® registry events • On a 32-bit version of Windows: HKEY_LOCAL_MACHI NE\SOFTWARE \Research In Motion...
Page 400
Syslog connection type and port number Item Connection Default port UI where you can configure type number the connection Enterprise Server \Logging Info \<component>\ (Default) • On a 64-bit version of Windows: HKEY_LOCAL_MACHI NE\SOFTWARE \WOW6432Node \Research In Motion \BlackBerry Enterprise Server \Logging Info \<component>\ (Default)
BlackBerry Configuration Database. If necessary, restart the BlackBerry Configuration Database. Troubleshooting: BlackBerry Enterprise Server Performance A BlackBerry Enterprise Server that you installed remotely from the BlackBerry Configuration Database uses an unexpected amount of system resources and increases wireless network traffic Possible cause...
BlackBerry Enterprise Server instance. Press ENTER. To turn on the address book refresh feature for a BlackBerry Enterprise Server again, use the same command with a value of True. Microsoft SQL Server uses a considerable amount of disk space Possible cause Reorganizing or rebuilding an index in Microsoft®...
Click Email. Click Refresh available user list from company directory. The background process to refresh the user list starts. The amount of time that the BlackBerry Administration Service requires to refresh the user list depends on the size of the directory.
The IBM® Lotus® Sametime® API cannot retrieve phone numbers for instant messaging contacts from the IBM Lotus Sametime server. If the BlackBerry Enterprise Server is located in a network that does not permit direct HTTP connections to the IBM Lotus Sametime server, the BlackBerry Collaboration Service cannot retrieve the phone numbers from the IBM Lotus Sametime server instead of the IBM Lotus Sametime API.
Page 405
You must configure a proxy server that prevents your organization's BlackBerry Enterprise Server from receiving HTTP requests from external servers. If the BlackBerry Enterprise Server is located in an unrestricted network that permits direct HTTP connections to the IBM Lotus Sametime server, the BlackBerry Collaboration Service establishes an HTTP connection to the IBM Lotus Sametime server automatically to retrieve the phone numbers.
If a user is logged in to Microsoft Office Communicator on both a computer and a BlackBerry device and the user does not accept a notification about an instant message on the computer before the notification disappears, the notification about the instant message disappears from the computer but remains on the BlackBerry device.
Service is configured to use HTTPS to connect to the Microsoft Office Communicator Web Access server. Troubleshooting: BlackBerry Web Desktop Manager Troubleshooting: Users cannot log in to the BlackBerry Web Desktop Manager Possible cause Possible solution You might have specified an incorrect URL for the Change the BlackBerry Configuration Database URL.
In the Wi-Fi field, verify that the name of the Wi-Fi network appears. If the name does not appear, resend the IT policy to the BlackBerry device, or instruct the user to configure a Wi-Fi profile on the BlackBerry device.
Page 409
• Use a wireless device, such as a computer, to ping the BlackBerry Router. The ping tests whether the BlackBerry Router is on the ACL of the access point. • If access point logs are available, view the logs to determine the error that occurred.
Options. In the Display Mode drop-down list, click Advanced. A user cannot see Wi-Fi connection settings on a Wi-Fi enabled BlackBerry device Possible cause The Wi-Fi® enabled BlackBerry® device is not configured to permit a user to make changes to the Wi-Fi configuration settings. Possible solution In the BlackBerry Administration Service, change the WLAN Allowed Handheld Changes configuration setting in the Wi-Fi profile to Yes.
Page 411
AP MAC Address This field specifies the MAC address of the wireless access point that the BlackBerry device is associated with. When the BlackBerry device displays a value for the AP MAC Address, the BlackBerry device is associated with the access point.
Page 412
Field Description Signal Level The field specifies the current signal strength of the BlackBerry device. The value is based on the signal percentage level, from none to excellent. Connection Data Rate This field specifies the data rate in Mbps. IEEE® 802.11b™ has a data rate of 11 Mbps, and IEEE®...
Page 413
VPN protects. The subnet mask and IP address provide information about the subnet that the BlackBerry device has connected to. Retry at If a BlackBerry cannot log in, this field specifies the next date and time that the BlackBerry device can try to log in. Session Lifetime...
Page 414
Field Description Connection Preference This field specifies how the BlackBerry device tries to connect to the mobile network provider’s voice and data services. Using the following settings, you or the user can configure how the BlackBerry device accesses the mobile network provider’s voice and data services:...
Page 415
BlackBerry device is idle. Status fields for BlackBerry Infrastructure connections The connection status indicators for the BlackBerry® Infrastructure appear on a BlackBerry device when a user makes a Wi-Fi® connection or tries to make a Wi-Fi connection. Field...
This field specifies the IP address of the server that performs authentication. Last Contact At This field specifies the last time that the BlackBerry device had contact with the BlackBerry Enterprise Server through the BlackBerry Infrastructure. A BlackBerry device cannot open a VPN connection...
On the menu, click Send ping. Look up a computer name to resolve an IP address Using a BlackBerry® device, a user can look up a computer name in the DNS server to resolve network or domain names and IP addresses.
Possible cause If BlackBerry® Administration Service instances are located in different network segments that are separated by a firewall, the firewall can block the dynamic ports on the BlackBerry Administration Service. Possible solution...
IT policy packs, search the BlackBerry Technical Solution Center at www.blackberry.com/ support. For example, to find the IT policy pack that includes the IT policy rules for BlackBerry® Device Software 5.0, search for "IT policy rules for BlackBerry Device Software 5.0".
American National Standards Institute application programming interface ARFCN absolute radio frequency channel ASCII American Standard Code for Information Interchange blind carbon copy BlackBerry CAL A BlackBerry® Client Access License (BlackBerry CAL) limits how many users you can add to a BlackBerry® Enterprise Server.
Page 421
Connected Limited Device Configuration CMIME Compressed Multipurpose Internet Mail Extension content protection Content protection helps protect user data on a locked BlackBerry device by encrypting the user data using the content protection key and ECC private key. certificate revocation list certificate signing request...
Page 422
Extensible Authentication Protocol Transport Layer Security EAP-TTLS Extensible Authentication Protocol Tunneled Transport Layer Security Extensible Authentication Protocol Enterprise Service Policy The Enterprise Service Policy controls which BlackBerry devices can connect to a BlackBerry® Enterprise Server. Email Transfer Protocol FQDN fully qualified domain name...
Page 423
Gateways and routing components use this information to identify the type and source of the BlackBerry device data, and the appropriate destination service to route the data to.
Page 424
Administration Guide Glossary An IT policy consists of various IT policy rules that control the security features and behavior of BlackBerry smartphones, BlackBerry® PlayBook™ tablets, the BlackBerry® Desktop Software, and the BlackBerry® Web Desktop Manager. IT policy rule An IT policy rule permits you to customize and control the actions that BlackBerry smartphones, BlackBerry®...
Page 425
Administration Guide Glossary mobile country code messaging server A messaging server sends and processes messages and provides collaboration services, such as updating and communicating calendar and address book information. MIDP Mobile Information Device Profile MIME Multipurpose Internet Mail Extensions mirror database In database mirroring, a mirror database is a standby copy of a principal database.
Page 426
Administration Guide Glossary Protected Extensible Authentication Protocol personal information management personal identification number PKCS Public-Key Cryptography Standards Public Key Infrastructure principal database In database mirroring, a principal database is the database that starts the mirroring session. pre-shared key Record Management System remote procedure call Rich Text Format subject alternative name...
Page 427
Structured Query Language Server Routing Protocol SRP ID The SRP ID is a unique identifier for the BlackBerry® Enterprise Server that the BlackBerry Enterprise Server uses to identify itself to the BlackBerry® Infrastructure during SRP authentication. SSID service set identifier...
Page 428
Administration Guide Glossary unique identifier Unlicensed Mobile Access Universal Naming Convention Universal Serial Bus UCS Transformation Format UTF-8 8-bit UCS/Unicode Transformation Format UTF-16LE UCS Transformation Format 16 Little Endian virtual private network VoIP Voice over Internet Protocol Wireless Application Protocol Wired Equivalent Privacy witness In database mirroring, a witness is a Microsoft®...
Page 431
Some airtime service providers might not offer Internet browsing functionality with a subscription to the BlackBerry® Internet Service. Check with your service provider for availability, roaming arrangements, service plans and features. Installation or use of Third Party Products and Services with RIM's products and services may require one or more patent, trademark, copyright, or other licenses in order to avoid infringement or violation of third party rights.
Page 432
RIM. Certain features outlined in this documentation require a minimum version of BlackBerry® Enterprise Server, BlackBerry® Desktop Software, and/or BlackBerry® Device Software.