Page 1: Microsoft Exchange
BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 | Service Pack: 3 Administration Guide...
Page 2 Published: 2011-09-16 SWDT487521-1597421-0916011607-001...
Page 3: Table Of Contents
Add an administrator account to a group......................Specify an email address for the BlackBerry Administration Service............... Permit an administrator to log in to the BlackBerry Administration Service using a messaging server account................................Assign a BlackBerry device to an administrator account..................
Page 4 Delete an IT policy............................5 Configuring security options..........................Encrypting data that the BlackBerry Enterprise Server and a BlackBerry device send to each other....Algorithms that the BlackBerry Enterprise Solution uses to encrypt data..........Change the symmetric key encryption algorithm that the BlackBerry Enterprise Solution uses....
Page 5 Adding a user account to the BlackBerry Enterprise Server................Add a user account............................ Create a user account that is not in the contact list in the BlackBerry Configuration Database....Export a list of user accounts........................Importing a list of user accounts to a BlackBerry Enterprise Server............
Page 6 Configure the BlackBerry Enterprise Server to fail over automatically............Monitoring the BlackBerry Enterprise Server for an automatic failover event..........Use the BlackBerry Administration Service to find the time and reason for the last automatic failover event................................Fail over the BlackBerry Enterprise Server manually using the BlackBerry Administration Service....
Page 7 Monitor the high availability status or job deployment status using the BlackBerry Administration Service............................... 105 Remove a BlackBerry MDS Connection Service instance from a pool.............. 106 Remove a BlackBerry Collaboration Service instance from a pool..............106 Remove a BlackBerry Attachment Service instance from a pool..............107 Remove a BlackBerry Router instance from a pool..................
Page 8 Stopping a job that is running........................... 137 Stop a job that is running.......................... 138 View the users that have a BlackBerry Java Application installed on their BlackBerry devices......138 View how the BlackBerry Administration Service resolved software configuration conflicts for a user account................................
Page 9 Add a certificate for the BlackBerry MDS Connection Service..............163 Export the BlackBerry MDS Connection Service certificate to make it available to push applications..163 Import the BlackBerry MDS Connection Service certificate to the key store of a push application..164...
Page 10 Create an email message filter that applies to all user accounts on a BlackBerry Enterprise Server..177 Turn on an email message filter that applies to all user accounts on a BlackBerry Enterprise Server..178 Create an email message filter that applies to a specific user account............. 178 Turn on an email message filter that applies to a specific user account...........
Page 11 Map a contact information field in an email application to contact list fields on BlackBerry devices..183 Map a contact list field in an email application to a contact list field on a BlackBerry device....183 Map a contact information field in an email application to contact list fields on BlackBerry devices..184 Map a contact list field in an email application to a contact list field on a BlackBerry device....
Page 12 Prerequisites: Distributing a certificate using the BlackBerry Desktop Manager........215 Distribute a certificate using the BlackBerry Desktop Manager..............215 Configure PEAP configuration settings in the Wi-Fi profile on a BlackBerry device........216 Configuring EAP-TLS authentication......................... 217 Configure EAP-TLS authentication data for BlackBerry devices using a Wi-Fi profile....... 217 Configure EAP-TLS configuration settings in the Wi-Fi profile on a BlackBerry device......
Page 13 Preparing a device for redistribution to a new user..................233 Use the BlackBerry Administration Service to delete user data and assign the device to a new user..233 Use the BlackBerry Administration Service to delete user data and remove the BlackBerry Device Software before assigning the device to a new user.................
Page 14 Update the contact list manually....................... 246 Resend service books to a BlackBerry device.................... 246 26 Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices............................248 Managing the default distribution settings for jobs..................248 Change default settings for a job schedule....................
Page 15 267 Configuring the Microsoft Active Directory account to delegate access........... 267 Configuring the BlackBerry MDS Connection Service when the messaging server is located in a remote Microsoft Active Directory domain....................270 Turn on Integrated Windows authentication so that users can access resources on your organization's network..............................
Page 16 Turn off email message forwarding to a user account................286 Turn off synchronization for email messages sent from a BlackBerry device........... 286 Turn off email message forwarding when a user connects a BlackBerry device to a computer....287 Managing the incoming message queue......................287 Delete email messages for user accounts from the incoming message queue.........
Page 17 Turn off support for rich text formatting and inline images in email messages using an IT policy rule..291 Synchronizing folders on the BlackBerry device....................292 Control which published public contact folders a user can synchronize to a BlackBerry device....292 Control which personal contact subfolders a user can synchronize to a BlackBerry device..... 293 Control which personal mail folders a user can synchronize with a BlackBerry device......
Page 18 Configure the BlackBerry Messaging Agent instances to use a web address for a specific Microsoft Autodiscover service..........................314 Configure the BlackBerry Messaging Agent instances to use a specific web address for a client access server for Microsoft Exchange........................315 Configuring the BlackBerry Messaging Agent instances to look up the user's status using only Microsoft Exchange Web Services......................
Page 19 Prevent users from sending specific file types to instant messaging contacts using the BlackBerry Client for IBM Lotus Sametime........................327 Specifying the maximum size of file types that users can send using the BlackBerry Client for IBM Lotus Sametime............................327 Prevent users from sending instant messaging conversations in email messages........
Page 20 Change the port number that BlackBerry Enterprise Server components use to connect to the BlackBerry Configuration Database............................ 356 Change the port number that the syslog tools use to monitor BlackBerry Enterprise Server events....356 33 BlackBerry Controller and BlackBerry Enterprise Server Component Monitoring........... 358 How the BlackBerry Controller monitors the BlackBerry Enterprise Server components........
Page 21 A user did not accept a notification about an instant message on a computer and the notification disappeared............................... 404 A user receives a 301 error when the user logs in to an instant messaging application on a BlackBerry device................................ 404 Troubleshooting: BlackBerry Web Desktop Manager..................
Page 22 A BlackBerry device cannot connect to a Wi-Fi network................406 A BlackBerry device cannot open a VPN connection................. 414 A BlackBerry device cannot connect to the mobile network using UMA or GAN........414 Verify whether a BlackBerry device can resolve an IP address..............415 Look up a computer name to resolve an IP address..................
Page 23: Overview: Blackberry Enterprise Server
You can manage the BlackBerry Enterprise Server, devices, and user accounts using the BlackBerry Administration Service, a web application that is accessible from any computer that can access the computer that hosts the BlackBerry Administration Service. You can use the BlackBerry Administration Service to manage a BlackBerry Domain, which consists of one or more BlackBerry Enterprise Server instances and remote components that use a single BlackBerry Configuration Database.
Page 24: Getting Started In Your Blackberry Enterprise Server Environment
The following table lists the tasks that administrators typically perform after installing a BlackBerry® Enterprise Server, and the chapter or section in the BlackBerry Enterprise Server Administration Guide that contains the information required to complete the task. Some of the tasks might not be required in your organization's environment.
Page 25 Administration Guide Getting started in your BlackBerry Enterprise Server environment Task Chapter If necessary, change the default messaging settings for Setting up the messaging environment your organization's environment. Managing your messaging environment and attachment support Prepare to distribute BlackBerry Java® Applications.
Page 26 Use the BlackBerry Monitoring Service to troubleshoot Visit www.blackberry.com/go/serverdocs to see the issues and monitor the health of a BlackBerry Enterprise BlackBerry Enterprise Server Monitoring Guide. Server. Change how the BlackBerry Enterprise Server creates BlackBerry Enterprise Server log files...
Page 27: Log In To The Blackberry Administration Service For The First Time
Best practice: Running the BlackBerry Enterprise Server, 62 The web browser displays an HTTP 404 or HTTP 504 error message when it tries to connect to a BlackBerry Administration Service instance, There is a problem with this website's security certificate Description The browser displays this error message when you try to navigate to the BlackBerry®...
Page 28: This Connection Is Untrusted
11. Click Install certificate. The Certificate Import Wizard opens. 12. Complete the instructions in the Certificate Import Wizard. If you are trying to log in to the BlackBerry Administration Service or BlackBerry Monitoring Service using a computer that runs Windows Vista®, perform the following actions in the Certificate Import Wizard.
Page 29: Creating Administrator Accounts
You can also assign roles to groups and add administrator accounts to groups. This allows you to specify administrative role permissions at a group level instead of at an individual level. If the group contains BlackBerry device users, the roles are also assigned to the users and the users become administrators.
Page 30 Delete a user-defined IT policy template Edit a user-defined IT policy template Import an IT policy template Resend data to devices Create a software configuration View a software configuration Edit a software configuration Delete a software configuration View BlackBerry Administration Service software management...
Page 31 Server only User only Permission name Security role Helpdesk Helpdesk role role role role role Edit BlackBerry Administration Service software management Create an application View an application Edit an application Delete an application Create an administrator user Specify an activation password...
Page 32 Delete an instance Edit license keys View license keys Manually fail a job Clear instance statistics View push rules for the BlackBerry MDS Connection Service View pull rules for the BlackBerry MDS Connection Service Send message (across Group) Create a role...
Page 33: Creating Roles
BlackBerry® Administration Service, BlackBerry Monitoring Service, and BlackBerry® Web Desktop Manager. For example, you can create a role that has all permissions turned off by default and you can customize the role by turning on specific permissions. You can also create a role that is based on a preconfigured role and customize the role that you create.
Page 34: Create A Role Based On An Existing Role
After you finish: Assign the role to an administrator account or group. Create an administrator account You create an account for administrators to enable them to log in to the BlackBerry® Administration Service and manage the BlackBerry® Enterprise Server. You create an administrator account and assign the account to one or more administrator roles.
Page 35: Add An Administrator Account To A Group
Note: If you add a role to a group, all accounts in the group become administrator accounts and have all of the permissions that are assigned to that role, even if the accounts are user accounts for BlackBerry® device users.
Page 36: Permit An Administrator To Log In To The Blackberry Administration Service Using A Messaging Server Account
Permit an administrator to log in to the BlackBerry Administration Service using a messaging server account You can permit an administrator to log in to the BlackBerry® Administration Service using a user name and password for the messaging server. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User.
Page 37: Using An It Policy To Manage Blackberry Enterprise Solution Security
By default, if you do not assign an IT policy to the user account or group, the BlackBerry Enterprise Server sends the Default IT policy. If you delete an IT policy that you assigned to the user account or group, the BlackBerry Enterprise Server automatically re-assigns the Default IT policy to the user account and resends the Default IT policy to the device.
Page 38: Preconfigured It Policies
Administration Guide Preconfigured IT policies Preconfigured IT policies The BlackBerry® Enterprise Server includes the following preconfigured IT policies that you can change to create IT policies that meet the requirements of your organization. Preconfigured IT policy Description Default This policy includes all the standard IT policy rules that are set on the BlackBerry Enterprise Server.
Page 39: Default Values For Preconfigured It Policies
Administration Guide Preconfigured IT policies Preconfigured IT policy Description technology on devices, turns on strong content protection, turns off USB mass storage, requires devices to encrypt external file systems, and prevents devices from downloading third-party applications. Default values for preconfigured IT policies You can configure additional IT policy rules in the preconfigured IT policies or change any of the following values: IT policy rule Default IT...
Page 40 Administration Guide Preconfigured IT policies IT policy rule Default IT Individual- Basic Medium Medium Advanced Advanced policy Liable Password Password Password Security IT Security Device IT Security IT Security IT Security policy with No 3rd policy policy policy with No 3rd Party Party Application...
Page 41 Administration Guide Preconfigured IT policies IT policy rule Default IT Individual- Basic Medium Medium Advanced Advanced policy Liable Password Password Password Security IT Security Device IT Security IT Security IT Security policy with No 3rd policy policy policy with No 3rd Party Party Application...
Page 42: Creating And Importing It Policies
CAUTION: For you to import IT policy data successfully, the IT policy data file must contain all of the IT policies that are assigned to user accounts and groups in the BlackBerry Domain that you are importing IT policy data to.
Page 43: Import It Policy Rules From An It Policy Pack
Administration Guide Change the value for an IT policy rule In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy. Click Manage IT policies. In the Manage IT policies section, click Import IT policy list. In the IT policy import section, specify the following information: •...
Page 44: Assign An It Policy To A User Account
BlackBerry® Web Desktop Manager apply the configuration changes immediately. By default, the BlackBerry Enterprise Server is designed to resend an IT policy to the device within a short period of time after you update the IT policy using the BlackBerry Administration Service. You can also resend an IT policy to a specific device manually.
Page 45: Resend An It Policy To A Blackberry Device Automatically
BlackBerry® Enterprise Server applies the Default IT policy to the user account. If you assign an IT policy to a group that a user account is a member of, the BlackBerry Enterprise Server applies the group IT policy to the user account.
Page 46: Option 1: Applying One It Policy To Each User Account
Option 1: Applying one IT policy to each user account You can configure the BlackBerry® Enterprise Server to apply only one IT policy to a user account when a user account is a member of multiple groups that have different IT policies. In this scenario, the BlackBerry Enterprise Server applies the IT policy that you ranked the highest in the BlackBerry Administration Service.
Page 47: Option 2: Applying Multiple It Policies To Each User Account
IT policies You can change the method that the BlackBerry® Enterprise Server uses to determine what IT policy to apply to a user account when a user account belongs to multiple groups that have different IT policies. If you change the method used to resolve conflicting IT policies, the next IT policy reconciliation process that occurs might have a significant impact on the performance of your organization's BlackBerry Enterprise Server environment.
Page 48: User Account
The BlackBerry® Enterprise Server can apply multiple IT policies to a user account if the user account is a member of multiple groups that have different IT policies. Since you can assign IT policies to user accounts, groups, or the BlackBerry Domain, the BlackBerry Administration Service uses predefined rules to apply an IT policy to a user account.
Page 49 IT policies You can change the method that the BlackBerry® Enterprise Server uses to determine what IT policy to apply to a user account when a user account belongs to multiple groups that have different IT policies. If you change the method used to resolve conflicting IT policies, the next IT policy reconciliation process that occurs might have a significant impact on the performance of your organization's BlackBerry Enterprise Server environment.
Page 50: View The Resolved It Policy Rules That Are Assigned To A User Account
If you change the Disable users with unapplied IT policy option to True, by default, the BlackBerry Enterprise Server sends the IT policy to the BlackBerry devices every 30 minutes until the BlackBerry devices apply the IT policy or the time limit expires.
Page 51: Creating New It Policy Rules To Control Third-Party Applications
Creating new IT policy rules to control third-party applications In the Disable user time limit (hours) field, type the time (in hours) that can occur before the PINs for BlackBerry devices that you did not apply an IT policy to are deactivated on the BlackBerry® Enterprise Server.
Page 52: Export All It Policy Data To A Data File
If you export all IT policy data to a data file, you must create an encryption password for the data file that you can use to protect the data file. You can import the data file at a later time to another BlackBerry® Domain.
Page 53: Configuring Security Options
BlackBerry® Enterprise Solution uses BlackBerry transport layer encryption. BlackBerry transport layer encryption is designed to encrypt data from the time that a BlackBerry device user sends a message from the BlackBerry device to when the BlackBerry Enterprise Server receives the message, and from the time that the BlackBerry Enterprise Server sends a message to when the BlackBerry device receives the message.
Page 54: Managing Device Access To The Blackberry Enterprise Server
BlackBerry Enterprise Server previously. You can permit a user to override the Enterprise Service Policy so that a device can connect to the BlackBerry Enterprise Server even if you configure the allowed list with criteria that exclude that device.
Page 55: Configure The Enterprise Service Policy
BlackBerry Enterprise Server. To add a new BlackBerry device, on the Add new allowed PINs tab, in the New allowed PINs field, type the PIN for the BlackBerry device. Click the Add icon.
Page 56: Extending Messaging Security Using Pgp Encryption
BlackBerry® smartphones on the BlackBerry device and to transfer the PGP private key of the BlackBerry device user to the BlackBerry device. The BlackBerry device user can use the PGP private key to digitally sign, encrypt, and send PGP protected messages from the BlackBerry device. If a BlackBerry device user does not install the PGP Support Package for BlackBerry smartphones, the BlackBerry device displays an error message when the BlackBerry device user tries to open PGP protected messages.
Page 57 To require the BlackBerry device user to use S/MIME encryption when forwarding or replying to messages, you can configure the S/MIME Force Digital Signature IT policy rule and the S/MIME Force Encrypted Messages IT policy rule.
Page 58: Enterprise Server
True. • To permit BlackBerry device users that have email applications that do not support S/MIME to read the text of an S/MIME-protected message, in the Send S/MIME messages in clear-signed format drop-down list, click True.
Page 59: Enforcing Secure Messaging Using Classifications
S/MIME message protection or PGP message protection that applies to the email messages. If a user does not select a message classification, by default, the BlackBerry device applies the first classification in the message classification list on the BlackBerry device. You can change the order that the BlackBerry device lists the classifications in.
Page 60: Create A Message Classification Based On An Existing Message Classification
Enforcing secure messaging using classifications Create a message classification based on an existing message classification In the BlackBerry® Administration Service, on the BlackBerry solution management menu, expand Policy. Click Manage IT policies. In the list of IT policies, click an IT policy.
Page 61: Generating Organization-Specific Encryption Keys For Pin-Message Encryption
Internet, running applications that communicate with application servers and content servers, sending or receiving instant messages, or making calls using VoIP. You can turn off the BlackBerry services if you want to enhance security, save bandwidth on the wireless network, or conserve system resources on the computer.
Page 62: When A Blackberry Device Overwrites Data In The Blackberry Device Memory
The BlackBerry device user changes the time or time zone on the BlackBerry device. To change when the memory cleaner application runs, you can use IT policies or the BlackBerry device user can turn on or turn off the memory cleaner application in the Security options on the BlackBerry device.
Page 63: Best Practice: Configuring Additional Memory Cleaner Settings For Blackberry Devices
BlackBerry device. If you or the BlackBerry device user turns on the memory cleaner application, Java® based garbage collection process uses the memory cleaner application automatically. The garbage collection process overwrites data that the BlackBerry device no longer uses.
Page 64: Configuring The Blackberry Enterprise Server Environment
Configuring certain BlackBerry Enterprise Server components to use proxy servers You can configure the BlackBerry® MDS Connection Service and the BlackBerry Collaboration Service to use proxy servers to access web addresses on the Internet and your organization's intranet. You should use a proxy method that is consistent with the proxy method that other applications and servers in your organization use to access web content.
Page 65: Configure A Blackberry Enterprise Server Component To Use A .Pac File
You can specify more than one proxy string in a proxy mapping rule for a web address. If the BlackBerry® Enterprise Server component cannot access the web server using the first proxy string, it tries to access the web server using...
Page 66: Configure A Blackberry Enterprise Server Component To Authenticate To A Proxy Server On Behalf Of Blackberry Devices
BlackBerry devices. Before you begin: If you want to configure the BlackBerry MDS Connection Service to authenticate to a proxy server on behalf of BlackBerry devices, turn on authentication support for the BlackBerry MDS Connection Service.
Page 67: Configuring The Blackberry Administration Service To Use A Proxy Server
Depending on the operating system on the computer that hosts the BlackBerry® Administration Service instance, you can use the Proxy Configuration Tool or the Network Shell Utility to manually select a proxy server for a BlackBerry Administration Service instance. You must configure manual proxy selection for all of the computers that host a BlackBerry Administration Service instance.
Page 68 BlackBerry® Enterprise Trait Tool. The Web Proxy Autodiscovery Protocol uses DHCP and DNS to find a PAC file. Perform this task on any computer that hosts a BlackBerry Administration Service instance.
Page 69: Configuring The Blackberry Administration Service To Authenticate With A Proxy Server
BlackBerry Enterprise Trait Tool. You can specify the credentials for either the entire BlackBerry Domain or for individual BlackBerry Administration Service instances. The BlackBerry Administration Service tries the credentials that you specify for the BlackBerry Administration Service instance first and then tries the credentials that you specify for the BlackBerry Domain.
Page 70 <password> is the password for the computer. Delete credentials for HTTP basic authentication On the computer that hosts the BlackBerry® Administration Service, at the command prompt, navigate to the folder that contains the TraitTool.exe file. Perform one of the following tasks:...
Page 71: Configuring Multiple Blackberry Enterprise Server Instances To Use The Same Blackberry Enterprise Server Component
Enterprise Server instance that you want to use the BlackBerry MDS Connection Service. Click Add. Repeat steps 4 and 5 for each BlackBerry Enterprise Server instance that you want to have use the BlackBerry MDS Connection Service. Click Save all.
Page 72: Configuring Support For Unicode Languages
On the Supported Dispatcher instances tab, in the Available Dispatcher instances list, click the BlackBerry Enterprise Server instance that you want to use the BlackBerry Collaboration Service. Click Add. Repeat steps 4 and 5 for each BlackBerry Enterprise Server instance that you want to use the BlackBerry Collaboration Service. Click Save all.
Page 73: Change The Character Encoding That The Blackberry Enterprise Server Uses To Send Unicode Messages
Unicode messages. If email applications cannot correctly display Unicode messages that devices send (for example, if email applications cannot display attachment file names or contact lists correctly), you can configure the BlackBerry Enterprise Server to select another character encoding to use to process Unicode messages.
Page 74: Configure Support For Unicode Text In Calendars On Blackberry Devices In A Microsoft Exchange Environment
Administration Guide Configuring support for Unicode languages Configure support for Unicode text in calendars on BlackBerry devices in a Microsoft Exchange environment You must complete this task for all Microsoft® Exchange versions to ensure calendar items use the correct Unicode characters in fields such as subject, location, or notes.
Page 75: Configuring User Accounts
You can create user groups and assign user accounts to user groups based on custom criteria, such as user location, organizational group, or BlackBerry® device model. User accounts that are part of a user group can exist on multiple BlackBerry® Enterprise Server instances in the BlackBerry Domain.
Page 76: Adding A User Account To The Blackberry Enterprise Server
Adding a user account to the BlackBerry Enterprise Server If you add a user account to the BlackBerry® Enterprise Server, you are not required to locate the Microsoft® Exchange mailbox for the BlackBerry device that the user account is associated with or the routing group that the BlackBerry Enterprise Server is located in.
Page 77: Create A User Account That Is Not In The Contact List In The Blackberry Configuration Database
Configuration Database You can create a user account for a user even if the BlackBerry® Mail Store Service did not yet synchronize the contact information for the user account to the BlackBerry Configuration Database. If the BlackBerry Mail Store Service did not synchronize the contact information and you create a user account, the BlackBerry Administration Service does not display the user account in the search results.
Page 78: Importing A List Of User Accounts To A Blackberry Enterprise Server
Importing a list of user accounts to a BlackBerry Enterprise Server You can add multiple user accounts to a BlackBerry® Enterprise Server by importing a .csv file that contains a list of user accounts and the required information to activate the user accounts on a BlackBerry Enterprise Server.
Page 79 "jbuac@example.com","JBUAC0011,"Admins","specify", "asdf","24" Import multiple user accounts from a .csv file You can import a list of user accounts from a .csv file to a BlackBerry® Enterprise Server so that you can manage the user accounts. Before you begin: Create a .csv file.
Page 80 Create multiple user accounts by importing the user accounts from a .csv file You can import a list of user accounts from a .csv file and add them to a BlackBerry® Enterprise Server. The user accounts must exist on your organizations messaging server.
Page 81: Assigning Blackberry Devices To Users
By default, the BlackBerry® Enterprise Server synchronizes the headers of 200 email messages from the previous 5 days to a BlackBerry device when you activate it. If you change the BlackBerry Enterprise Server settings so that it synchronizes the headers and body of messages to a BlackBerry device when you activate it, the BlackBerry Enterprise Server can synchronize up to 3000 messages from the previous 30 days.
Page 82: Assigning Blackberry Devices To User Accounts
Administration Guide Assigning BlackBerry devices to user accounts Click Save all. Assigning BlackBerry devices to user accounts To assign BlackBerry® devices to user accounts and activate the BlackBerry devices, you can use any of the following methods: Method Description BlackBerry Administration Service...
Page 83: Option 2: Activating A Blackberry Device Over The Wireless Network
Option 2: Activating a BlackBerry device over the wireless network To activate a BlackBerry® device over the wireless network, you assign an activation password to a user account. The user receives the activation password in an email message and associates the BlackBerry device with the email account by typing the password on the BlackBerry device.
Page 84 Assigning BlackBerry devices to user accounts Activation passwords The BlackBerry® Enterprise Server activates a BlackBerry device over the wireless network using the wireless activation authentication protocol and an activation password that is specific to the user account associated with the BlackBerry device.
Page 85 You can customize the type of activation password and the number of characters the password can contain that you send to BlackBerry® devices in a BlackBerry Domain. You can also change the length of time that the activation password exists before it expires.
Page 86: Option 3: Activating Blackberry Devices Over The Lan
When users complete the activation process, the BlackBerry® Enterprise Server sends email messages and organizer data to the BlackBerry devices through the BlackBerry Router. If a connection to the BlackBerry Router is interrupted, the data transfer continues over the wireless network.
Page 87: Option 5: Activating Blackberry Devices Over An Enterprise Wi-Fi Network
To activate BlackBerry devices over the enterprise Wi-Fi network, you must configure the BlackBerry Router as an SMTP client (also known as a Mail User Agent). As an SMTP client, the BlackBerry Router communicates with an SMTP server, that sends an ETP message to the user. The ETP message is the email message that the BlackBerry Router sends to the user’s mailbox during the activation process.
Page 88 To specify how the BlackBerry Router locates the SMTP server, in the Activation Gateway Settings section, select one of the following options: • To permit the BlackBerry Router to determine which SMTP server it uses for ETP traffic based on the mail exchange record of the host domain, select Use MX Lookup to obtain SMTP server.
Page 89 Administration Guide Assigning BlackBerry devices to user accounts • To view the activation status, in the BlackBerry Administration Service, on the Wireless > View activations page, search for the user account. Confirm that the activation is successful. Related topics Restarting BlackBerry Enterprise Server components, 330...
Page 90: Configuring Blackberry Enterprise Server High Availability
The failover status specifies whether the BlackBerry Enterprise Server instance is a primary instance or standby instance and whether the BlackBerry Enterprise Server instance is running as expected. The BlackBerry Administration Service receives this information in real time from the BlackBerry Enterprise Server instance so that the failover status is always up-to-date.
Page 91: Defining When Failover Occurs
Administration Guide How the BlackBerry Enterprise Server uses health parameters • The values for the health parameters that you define as part of the failover threshold for the primary BlackBerry Enterprise Server indicates whether a service or component is unhealthy. •...
Page 92 BlackBerry Enterprise Server only. In this scenario, you configure the standby BlackBerry Enterprise Server to promote itself when it can provide most of the BlackBerry services that your organization requires. The primary BlackBerry Enterprise Server demotes itself when it cannot provide most of the BlackBerry services that your organization considers essential.
Page 93: Changing The Promotion Threshold And Failover Threshold
Each primary and standby BlackBerry® Enterprise Server instance has a failover threshold and a promotion threshold. The BlackBerry Enterprise Server uses the failover threshold when it is an primary instance to determine when it needs to demote itself, and it uses the promotion threshold when it is a standby instance to determine whether it can promote itself to become the primary instance.
Page 94 Access to web content and This health parameter indicates whether the BlackBerry MDS Connection application content Service can provide users with access to content from BlackBerry Java® Applications and content that is located on your organization's intranet or the Internet.
Page 95: Changing When Automatic Failover Occurs By Customizing The Health Parameters For User Accounts And Messaging Servers
For example, if your organization requires that all users can access email messages from BlackBerry devices at all times and that the BlackBerry Enterprise Server is connected to all of the messaging servers at all times, you can change the value of the Connection to the messaging server(s) health parameter to 100%.
Page 96: Prerequisites: Configuring The Blackberry Enterprise Server Pair To Fail Over Automatically
Example: Changing the percentage of the User accounts health parameter If you want to change the percentage of the User accounts health parameter to 80% for a BlackBerry Enterprise Server pair and the primary BlackBerry Enterprise Server instance is named server03, you can type traittool.exe -host server03 -trait UserHealthPercentage -set 80.
Page 97: Monitoring The Blackberry Enterprise Server For An Automatic Failover Event
When an automatic failover event occurs, the primary BlackBerry Enterprise Server and standby BlackBerry Enterprise Server write the time and reason at logging level 5 (Verbose) in the log files for the BlackBerry Dispatcher, BlackBerry Controller, and BlackBerry Messaging Agent. The BlackBerry Controller and BlackBerry Dispatcher instances for the primary BlackBerry Enterprise Server and standby BlackBerry Enterprise Server create SNMP alerts using the BlackBerry Enterprise Server Alert Tool.
Page 98: Fail Over The Blackberry Enterprise Server Manually Using The Blackberry Configuration Panel
Fail over the BlackBerry Enterprise Server manually using the BlackBerry Configuration Panel You can use the BlackBerry® Configuration Panel to force the primary BlackBerry® Enterprise Server to perform a failover process if it is not running as expected or if it requires maintenance.
Page 99: Configuring High Availability For Blackberry Enterprise Server Components
BlackBerry Enterprise Server promotes the connection to the next instance in the pool list to an active connection. If you configured central push servers, the BlackBerry MDS Connection Service pool should include at least two BlackBerry MDS Connection Service instances that you also configure as central push servers.
Page 100: Configure The Blackberry Mds Connection Service And Blackberry Collaboration Service To Fail Over Automatically
BlackBerry Enterprise Server. By default, the BlackBerry Collaboration Service instance at the top of the pool list is the instance that the BlackBerry Enterprise Server assigns the active connection to. If the instance with the active connection stops responding, the BlackBerry Collaboration Service tries to connect to the next instance in the pool list.
Page 101: Create A Blackberry Attachment Service Pool For High Availability
On the Supported Attachment Server Instances tab, in the Name drop-down list, click the instance that you want to add. In the Results Query Period(s) field, type the number of seconds that you want the BlackBerry Enterprise Server to wait for a response before it sends the request to another BlackBerry Attachment Service instance.
Page 102: You Cannot Determine The Blackberry Attachment Connector That The Blackberry Enterprise Server Or The Blackberry Mds Connection Service Uses
Click the Add icon. 10. Repeat steps 5 to 9 for each BlackBerry Attachment Service instance that you want to add to the pool. 11. Click Save all. 12. Repeat steps 2 to 11 for each BlackBerry Enterprise Server instance that you want to use a BlackBerry Attachment Service pool.
Page 103: Create A Blackberry Router Pool For High Availability
• If you are changing a BlackBerry Enterprise Server instance, on the Instance tab, click Restart instance. • If you are changing a BlackBerry Enterprise Server pair, click on one of the instances. On the Instance tab, click Restart instance. Repeat this step for the other instance.
Page 104: Permit A Blackberry Enterprise Server To Connect To A Remote Blackberry Router
Permit a BlackBerry Enterprise Server to connect to a remote BlackBerry Router If you installed a BlackBerry® Router on a computer that is separate from the computer that hosts a BlackBerry® Enterprise Server, you must permit the BlackBerry Dispatcher that you installed with the BlackBerry Enterprise Server to connect to the BlackBerry Router.
Page 105: Configure The Blackberry Administration Service Instances In A Pool To Communicate Across Network Subnets
BlackBerry Administration Service pool is the FQDN of the computer that you perform the installation on. If you want to configure high availability using DNS round robin after the installation process completes, you must change the name of the BlackBerry Administration Service pool to the name of a record in the DNS server that represents...
Page 106: Change The Name Of The Blackberry Administration Service Pool
Change the name of the BlackBerry Administration Service pool Before you begin: If you want to configure high availability for the BlackBerry® Administration Service by creating a BlackBerry Administration Service pool using DNS round robin, create the DNS record that represents the BlackBerry Administration Service instances in the pool.
Page 107: Monitoring The High Availability Status Or Job Deployment Status Using The Blackberry Administration Service
• If you want to fail over the BlackBerry Collaboration Service and your organization's environment includes Microsoft Office Communications Server 2007, click the Supported Microsoft Office Communications Server 2007 instances tab. • If you want to fail over the BlackBerry MDS Connection Service, click the Supported MDS Connection Service instances tab. Click Manual Failover.
Page 108: Remove A Blackberry Mds Connection Service Instance From A Pool
Remove a BlackBerry MDS Connection Service instance from a pool You can remove a BlackBerry® MDS Connection Service instance from a pool if your organization no longer requires it or to troubleshoot an issue. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology >...
Page 109: Remove A Blackberry Attachment Service Instance From A Pool
Remove a BlackBerry Router instance from a pool You can remove a BlackBerry® Router instance from a pool if it is no longer required or to troubleshoot an issue. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology >...
Page 110: Configuring Blackberry Configuration Database High Availability
• Verify that the Microsoft SQL Server Agent uses a domain user account with the local administrative permissions set to the same permissions as the Windows® account that runs the BlackBerry® Enterprise Server services. • Verify that the domain user account has permissons on both database servers so that each Microsoft SQL Server Agent can access the shared replication folder.
Page 111: Configuring Database Mirroring
Administration Guide Configuring database mirroring Configuring database mirroring You can use Microsoft® SQL Server® 2005 or 2008 database mirroring to configure the BlackBerry® Configuration Database for high availability. The BlackBerry Configuration Database only supports high safety with automatic failover (synchronous) operating mode for database mirroring.
Page 112: Start The Blackberry Enterprise Server Instances
Administration Service adds a registry key to all of the computers that host BlackBerry® Enterprise Server components in the BlackBerry Domain and the registry key includes the name of the Microsoft® SQL Server® that hosts the mirror database. The BlackBerry Administration Service also adds the name of the Microsoft SQL Server that hosts the mirror database to the BlackBerry Configuration Database.
Page 113: Resend The Database Mirroring Parameters To Blackberry Enterprise Server Components
If the computers that host BlackBerry® Enterprise Server components were not running or connected to the network when you configured the BlackBerry® Enterprise Solution to support database mirroring, or if you do not know if all of the components were configured to support database mirroring, you should resend the database mirroring parameters to the components.
Page 114: Configuring The Blackberry Configuration Database For One-Way Transactional Replication In An Environment That Includes Microsoft Sql Server 2005 Or 2008
Create the replicated BlackBerry Configuration Database from a backup Before you begin: Back up the BlackBerry® Configuration Database with the Backup type option set to Full. Copy the backup file from the database server that hosts the BlackBerry® Configuration Database to the database server that will host the replicated BlackBerry Configuration Database.
Page 115: Permit Access To The Blackberry Configuration Database Instances
Microsoft SQL Server 2005 or 2008 11. Click OK. Permit access to the BlackBerry Configuration Database instances In the Microsoft® SQL Server® Management Studio, connect to the database server that hosts the BlackBerry® Configuration Database. Right-click the BlackBerry Configuration Database. Click Properties.
Page 116: Increase The Maximum Data Size For Transactional Replication
Right-click Local Subscriptions. Click New Subscription. In the list of publishers, select the name of the database server that hosts the BlackBerry Configuration Database. In the list of databases and publications, select the publication for the BlackBerry Configuration Database. Click Next.
Page 117: Start The Blackberry Enterprise Server Instances
Start the BlackBerry Enterprise Server instances After you configure the database, permit all BlackBerry® Enterprise Server instances to connect to the principal BlackBerry Configuration Database. On the computers that host the BlackBerry Enterprise Server components, in the Windows® Services, start all of the BlackBerry Enterprise Server services in the following order: •...
Page 118: Return To The Blackberry Configuration Database When You Configured Transactional Replication
BlackBerry Configuration Database, the mirror BlackBerry Configuration Database becomes the new principal BlackBerry Configuration Database. If you configure a new mirror BlackBerry Configuration Database, you must resend the database mirroring parameters to the BlackBerry Enterprise Server components so that they can use the new mirror BlackBerry Configuration Database.
Page 119: Sending Software And Blackberry Java Applications To Blackberry Devices
To send BlackBerry Java Applications to devices, you must first add the applications to the application repository. You can use the application repository to store and manage all versions of the BlackBerry Java Applications that you want to install on, update on, or remove from devices.
Page 120: Developing Blackberry Java Applications For Blackberry Devices
Applications to install them on BlackBerry devices using a user’s computer or over the wireless network. Application developers can use the BlackBerry JDE or the BlackBerry Java Plug-in for Eclipse to generate .cod files that contain the compiled application code for a BlackBerry Java Application. BlackBerry devices execute .cod files to run BlackBerry Java Applications.
Page 121: Specify A Shared Network Folder For Blackberry Java Applications
Service must access the shared network folder to install BlackBerry Java Applications on BlackBerry devices. Do not add application files to the shared network folder or make changes to the files that the BlackBerry Administration Service stores in the shared network folder.
Page 122: Add A Collaboration Client To The Application Repository
Click Publish application. Specify keywords for a BlackBerry Java Application You can specify keywords for a BlackBerry® Java® Application. You can use the keywords to search for the application in the application repository. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Software >...
Page 123: Standard Application Control Policies
BlackBerry Java Application on their BlackBerry devices. Change a standard application control policy When you add a BlackBerry® Java® Application to a software configuration, you must assign an application control policy to the BlackBerry Java Application. Based on the requirements of your organization's environment, you can change the default settings for the standard application control policies.
Page 124: Create Custom Application Control Policies For A Blackberry Java Application
Create custom application control policies for a BlackBerry Java Application After you add a BlackBerry® Java® Application to the application repository, you can configure the application to use the standard application control policies, or you can create custom application control policies for the application.
Page 125: It Policy Rules Take Precedence On The Device
IT policy rule settings override application control policy rule settings. For example, if you change the Allow Internal Connections IT policy rule to No for BlackBerry® devices, and if the devices have an application control policy set that allows a specific application to make internal connections, the application cannot make internal connections.
Page 126: Change The Standard Application Control Policy For Unlisted Applications That Are Optional
The BlackBerry® Administration Service includes two default application control policies for unlisted applications: one for unlisted applications that you permit on BlackBerry devices, and one for unlisted applications that you do not permit on BlackBerry devices. You can also create custom application control policies for unlisted applications that are optional.
Page 127: Configure The Priority Of Application Control Policies For Unlisted Applications
You can assign a software configuration to a group, multiple user accounts, or a single user account. After you assign a software configuration, you can change the settings in the software configuration to manage the BlackBerry Java Applications, BlackBerry Device Software, and standard application settings on BlackBerry devices. You can configure...
Page 128: Create A Software Configuration
In the Configuration information section, in the Name field, type a name for the software configuration. In the Disposition for unlisted applications drop-down list, perform one of the following actions: • To permit users to install applications that are not included in the software configuration on their BlackBerry devices, click Optional.
Page 129: Assign A Software Configuration To A Group
• To install the application on BlackBerry devices using a USB connection to the user's computer and the BlackBerry® Web Desktop Manager, click Wired. 11. Repeat steps 6 to 10 for each BlackBerry Java Application that you want to add to the software configuration. 12. Click Add to software configuration.
Page 130: Assign A Software Configuration To A User Account
If you do not want to install BlackBerry® Java® Applications on a BlackBerry device over the wireless network, and you do not want the user to install the BlackBerry Java Applications using the BlackBerry® Web Desktop Manager or BlackBerry®...
Page 131: View The Status Of A Job
Software, BlackBerry Java® applications, or application settings to BlackBerry devices. If you assign an IT policy to user accounts or change an existing IT policy, a job sends the IT policy changes to BlackBerry devices. You can view the status of a job to determine if it is ready to run, currently running, completed, or completed with task failures.
Page 132 An error occurred when the BlackBerry Policy Service tried to retrieve the data that it required to install the BlackBerry Java Application. You can verify that the BlackBerry Policy Service can access the network share that you use to store the application files.
Page 133 Device reported insufficient privileges to install module The BlackBerry device does not have the necessary permissions to install the BlackBerry Java Application. You can verify that the BlackBerry device is configured with the necessary permissions to install a BlackBerry Java Application. Resend the BlackBerry Java Application.
Page 134 You can verify that the application files are formatted properly and try to send the BlackBerry Java Application to the BlackBerry device again. If your second try at the installation is not successful, in the log files that you collected, locate the user account that experienced the issue. Trace the installation activity.
Page 135 0x08 insufficient storage: The BlackBerry device does not have enough memory available to update the BlackBerry Device Software. You can manage the BlackBerry device so that it has enough memory available to update the BlackBerry Device Software (for example, remove applications from the BlackBerry device that are no longer required).
Page 136 Administration Guide View the status of a job You can instruct the user to reset the BlackBerry device and you can send the BlackBerry Device Software update again. 0X10 service book flag disabled: A service book on the BlackBerry device does not permit you to send BlackBerry Device Software updates over the wireless network.
Page 137 Restarting BlackBerry Enterprise Server components, 330 Error messages: Standard application settings tasks To troubleshoot errors that display for a task when you change the standard application settings on a BlackBerry® device, you can try to determine the cause by collecting the following information: •...
Page 138 Error messages: IT policy tasks To troubleshoot errors that display for a task when you send an IT policy to a BlackBerry® device or update an IT policy on a BlackBerry device, you can try to determine the cause by collecting the following information: •...
Page 139: Stopping A Job That Is Running
IT policy command is not delivered to the BlackBerry device, the remaining commands in the group are not delivered to the BlackBerry device. You can try to resend the IT policy to the BlackBerry device. You can also try to resend the service books to the BlackBerry device.
Page 140: Stop A Job That Is Running
View the users that have a BlackBerry Java Application installed on their BlackBerry devices do not change the start time for the job, the BlackBerry Enterprise Server delivers the job on the following day using the default job schedule settings. When the job starts again, the BlackBerry Enterprise Server processes the remaining tasks in the job.
Page 141: View How The Blackberry Administration Service Resolved Software Configuration Conflicts For A User Account
After the BlackBerry Administration Service applies software configurations to a BlackBerry device, you can view how the BlackBerry Administration Service resolved any of the conflicting settings in the multiple software configurations.
Page 142: Reconciliation Rules: Blackberry Java Applications
Reconciliation rules for conflicting settings in software configurations as an asynchronous background activity. You can view the outcome of the reconciliation activities, reconciliation errors, and the applications, software, and settings that the BlackBerry Administration Service installed on or applied to a BlackBerry device.
Page 143 Multiple software configurations that contain the same The disposition specified for an application in a software BlackBerry Java Application are assigned to a user configuration that is assigned to a user account takes account or the groups the user belongs to. The...
Page 144 A software configuration is assigned to a user account If a BlackBerry Java Application in a software and it contains a BlackBerry Java Application that has a configuration has a dependency on another application, dependency on another BlackBerry Java Application.
Page 145: Reconciliation Rules: Blackberry Device Software
BlackBerry Device Software in a of BlackBerry Device Software is assigned to a group that software configuration that is assigned to a group. the user account belongs to.
Page 146: Reconciliation Rules: Application Control Policies
BlackBerry® Enterprise with BlackBerry devices that are running a BlackBerry® Server version 5.0 or later, and BlackBerry devices that Device Software version earlier than 5.0. are running BlackBerry Device Software version 5.0 or later.
Page 147: Reconciliation Rules: Application Control Policies For Unlisted Applications
Reconciliation rules for conflicting settings in software configurations Scenario Rule application control policies), the application control policy that you ranked highest in the BlackBerry® Administration Service is applied to the user's BlackBerry device. Reconciliation rules: Application control policies for unlisted applications...
Page 148: Alternative Methods For Installing Blackberry Java Applications On Blackberry Devices
Applications to install them on BlackBerry devices using a user’s computer or over the wireless network. Application developers can use the BlackBerry JDE or the BlackBerry Java Plug-in for Eclipse to generate .cod files that contain the compiled application code for a BlackBerry Java Application. BlackBerry devices execute .cod files to run BlackBerry Java Applications.
Page 149: Installing Blackberry Java Applications Using The Blackberry Desktop Software
Eclipse® to create an automated application installer. You can use the application installer to install the files for a BlackBerry Java Application (the .alx identifier file and the application's .cod files) on users’ computers. You can then instruct users to use the application loader tool in the BlackBerry® Desktop Software to install the BlackBerry Java Application on their BlackBerry devices.
Page 150: Prerequisites: Installing Blackberry Java Applications Using The Blackberry Desktop Software
Administration Guide Installing BlackBerry Java Applications using the BlackBerry Desktop Software • If you installed the BlackBerry® Desktop Software on users’ computers, they can use it to install the BlackBerry Java Applications. This method has the following disadvantages: • You must install the BlackBerry Desktop Software on users’ computers.
Page 151: Install The Blackberry Java Application Using The Blackberry Desktop Software
The BlackBerry Application Web Loader supports .cod files only. To install a MIDlet, convert the .jar file to a .cod file. For more information about how to compile .java and .jar file formats into the .cod file format, visit www.blackberry.com/developers...
Page 152: Enable The Blackberry Application Web Loader On A Web Server
• Research In Motion® USB drivers and a USB connection for the BlackBerry device Web server Configure the following MIME types on the web server to permit users to download and install BlackBerry Java Applications on BlackBerry devices: • .cod files: application/vnd.rim.cod •...
Page 153: Install The Blackberry Java Application Using The Blackberry Application Web Loader
BlackBerry Java Application. You must install the BlackBerry® Device Manager on users’ computers so that users can use this method to install BlackBerry Java Applications. The BlackBerry Device Manager manages the connection between the standalone application loader tool and the BlackBerry device.
Page 154: Prerequisites: Installing Blackberry Java Applications Using The Standalone Application Loader Tool
In <drive:>\Program Files\Common Files\Research In Motion\Shared\Applications\, create a folder with a unique name to contain the application files. Maintain the application’s file structure. Copy the .cod, .alx, and .dll files for the BlackBerry Java Application to the folder that you created.
Page 155: Share The Research In Motion Folder That Contains The Blackberry Java Application
Configure the standalone application loader tool to install the BlackBerry Java Application in automated mode Use automated mode if you do not want to give users the option to cancel the installation of the BlackBerry® Java® Application. Before you begin: Verify that BlackBerry® Device Manager version 4.1 or later is installed on the user’s computer.
Page 156: Installing Blackberry Java Applications Using A Web Browser On Blackberry Devices
BlackBerry devices to their computers. You can add the required files for the BlackBerry Java Application (a .jad file and the application .cod or .jar files) to a web server, and instruct users to navigate to the appropriate web address using a browser on their BlackBerry devices.
Page 157: Install The Blackberry Java Application On A Web Server
Installing BlackBerry Java Applications using a web browser on BlackBerry devices Install the BlackBerry Java Application on a web server Before you begin: Obtain the .jad and .cod files or .jar files for the BlackBerry® Java® Application from the application developer, vendor, or wireless service provider.
Page 158: Configuring How Users Access Enterprise Applications And Web Content
BlackBerry MDS Connection Service is the central push server. If two BlackBerry MDS Connection Service instances that are version 5.0 or later exist in a BlackBerry Domain, by default, both instances are central push servers. If more than two BlackBerry MDS Connection Service instances (that are version 5.0 or later) exist in a BlackBerry Domain, the first two instances that start are central push servers.
Page 159: Configuring How Blackberry Devices Authenticate To Content Servers
BlackBerry MDS Connection Service connections, authenticated BlackBerry devices prompt users to provide login information every 60 minutes. The BlackBerry devices prompt users only if the connection to the content server persists for more than 60 minutes.
Page 160: Configure The Blackberry Mds Connection Service To Authenticate Blackberry Devices To Content Servers That Use Kerberos
BlackBerry devices to content servers that use LTPA BlackBerry® devices that are running BlackBerry® Device Software version 3.8 or later manage how HTTP cookies are stored and used to authenticate to content servers that use LTPA authentication technology. For BlackBerry devices that use previous versions of the BlackBerry Device Software, you must permit the BlackBerry MDS Connection Service to manage HTTP cookie storage on BlackBerry devices.
Page 161: Configuring The Blackberry Mds Connection Service To Authenticate Devices To The Rsa Authentication Manager
If you configure the BlackBerry MDS Connection Service to require that users use RSA authentication to access web addresses or intranet addresses that you specify, you can choose to apply this option to specific user accounts or to all user accounts that are associated with a BlackBerry®...
Page 162: Configuring How The Blackberry Mds Connection Service Manages Requests For Web Content
Configuring how the BlackBerry MDS Connection Service manages requests for web content The BlackBerry® MDS Connection Service manages requests for web content from the BlackBerry® Browser and other applications on BlackBerry devices. You can configure how the BlackBerry MDS Connection Service manages these...
Page 163: Configure The Blackberry Mds Connection Service To Manage Http Cookie Storage
Configure the timeout limit for HTTP connections with web servers You can specify how long a BlackBerry® MDS Connection Service waits for a web server to send data to it before the BlackBerry MDS Connection Service closes the HTTP connection to the web server. The default timeout limit is 120,000 milliseconds (2 minutes).
Page 164: Configure The Maximum Number Of Times That The Blackberry Browser Accepts Http Redirections
Configure the maximum number of times that the BlackBerry Browser accepts HTTP redirections HTTP redirection occurs when the BlackBerry® Browser requests a web page from a web server and the web server redirects the request to a new web address for the page. The default limit is 5 redirections.
Page 165: Add A Certificate For The Blackberry Mds Connection Service
Export the BlackBerry MDS Connection Service certificate to make it available to push applications You must export the certificate for the BlackBerry® MDS Connection Service so that you can import it to the key store of a server-side push application.
Page 166: Import The Blackberry Mds Connection Service Certificate To The Key Store Of A Push Application
\Research In Motion\BlackBerry Enterprise Server\MDS\webserver\webserver.keystore -storepass <password>. Type the key store password. After you finish: Import the certificate for the BlackBerry MDS Connection Service to the key store of a push application. Import the BlackBerry MDS Connection Service certificate to the key store of a push application To permit a server-side push application to open trusted connections to the BlackBerry®...
Page 167: Configuring A Blackberry Mds Connection Service To Trust Web Servers
If you want to open trusted connections between web servers and the BlackBerry MDS Connection Service, you must import the certificate for the web server into the JRE™ certificates keystore file (JRE cacerts).
Page 168: Configuring Certificate Server Information For The Blackberry Mds Connection Service
To search for and retrieve certificates from an LDAP server, you can configure the BlackBerry MDS Connection Service to use LDAP or DSML. The BlackBerry MDS Connection Service searches each LDAP server using LDAP or DSML in the order that you specify. If you configure the BlackBerry MDS Connection Service to use both LDAP and DSML to search and retrieve certificates, the BlackBerry MDS Connection Service searches the servers using LDAP and then searches the servers using DSML.
Page 169: Ldap Server Settings
Configuring a BlackBerry MDS Connection Service to trust web servers If you change the LDAP port number or host server information, you must stop and restart the BlackBerry MDS Connection Service so that the BlackBerry MDS Connection Service can use the new port number or host server information immediately.
Page 170 This field specifies the user name if the LDAP server requires simple authentication. Configure the BlackBerry MDS Connection Service to use DSML to retrieve certificates In the BlackBerry® Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view. Click MDS Connection Service.
Page 171 Click Save all. After you finish: • To configure the BlackBerry MDS Connection Service to retrieve the status of certificates from an OCSP server or CRL server, you must configure the OCSP server and CRL server information. • Add the communication information that you configured for the DSML server to the BlackBerry MDS Connection Service configuration set.
Page 172: Configuration Set
Administration Guide Configuring a BlackBerry MDS Connection Service to trust web servers After you finish: Add the communication information that you configured for the OCSP server to the BlackBerry MDS Connection Service configuration set. Related topics Add communication information to a BlackBerry MDS Connection Service configuration set, 170...
Page 173 Configuring a BlackBerry MDS Connection Service to trust web servers that the BlackBerry MDS Connection Service requires to communicate with servers to a configuration set so that a BlackBerry MDS Connection Service instance can communicate with the servers after you assign the configuration set to the instance.
Page 174: Add A Retrieved Certificate For A Web Server To The Key Store
Add a retrieved certificate for a web server to the key store You can use the Java® keytool to add a certificate for a web server to the BlackBerry® MDS Connection Service key store. The certificate permits the BlackBerry MDS Connection Service to connect to the trusted web server.
Page 175: Configure Global Login Information For Intranet Site Access
Specify the pending content timeout limit for a BlackBerry MDS Connection Service You can specify how long a BlackBerry® MDS Connection Service waits for acknowledgment from a BlackBerry device before it deletes pending content for the BlackBerry device. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology >...
Page 176: Permit Java Applications To Use Scalable Socket Connections With A Blackberry Mds Connection Service
Click Save all. Specify the thread pool size of a BlackBerry MDS Connection Service You can specify the maximum number of threads that a BlackBerry® MDS Connection Service can process at the same time. Before you begin: Verify that your system memory can support the thread pool size that you want to specify.
Page 177: Prevent The Blackberry Mds Connection Service From Using Scalable Http
BlackBerry MDS Connection Service. When a BlackBerry MDS Connection Service uses scalable HTTP, it streams data to and from BlackBerry devices instead of storing and forwarding the data. If you want a BlackBerry MDS Connection Service to process data as it did in previous versions of the BlackBerry® Enterprise Server, you can prevent a BlackBerry MDS Connection Service from using scalable HTTP.
Page 178: Specify How Often A Blackberry Mds Connection Service Polls For Configuration Information
Specify how often a BlackBerry MDS Connection Service polls for configuration information You can specify how often a BlackBerry® MDS Connection Service polls the BlackBerry Configuration Database for changes to the administration settings for the BlackBerry MDS Connection Service and BlackBerry Collaboration Service.
Page 179: Setting Up The Messaging Environment
• To create an email message filter that does not deliver email messages that match the filter criteria to BlackBerry devices, select Do not forward email messages to the device. • To create an email message filter that forwards email messages that match the filter criteria to BlackBerry devices, select Forward email messages to the device.
Page 180: Turn On An Email Message Filter That Applies To All User Accounts On A Blackberry Enterprise Server
To move the email message filter higher or lower in the list, click the Up or Down icons. The BlackBerry® Enterprise Server applies email message filters in the order that they are listed in. Organize the email message filters from the least restrictive to the most restrictive.
Page 181: Turn On An Email Message Filter That Applies To A Specific User Account
BlackBerry Enterprise Server. To create a copy of existing email message filters, you can export the existing email message filters for a BlackBerry Enterprise Server as an .xml file. You can then import the .xml file so that you can use it with another instance of the BlackBerry Enterprise Server.
Page 182: Copying Existing Email Message Filters To User Accounts
Administration Guide Copying existing email message filters to user accounts In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Email. Click the instance that you want to change.
Page 183: Extension Plug-Ins For Processing Messages
You can add extension plug-ins to a BlackBerry® Messaging Agent. The BlackBerry Messaging Agent uses extension plug-ins to process and make changes to email messages and attachments that the BlackBerry Messaging Agent sends to and receives from BlackBerry devices. For example, you can add an extension plug-in to modify the signature in email messages.
Page 184: Add An Extension Plug-In To A Blackberry Messaging Agent
Repeat steps 4 and 5 for each extension plug-in that you want to add. If necessary, click the Up and Down icons to set the order that the BlackBerry Messaging Agent uses the extension plug-ins to process email messages in.
Page 185: Mapping Contact Information Fields For Synchronization And Contact Lookups
You can map up to four fields that users define in the contact information on their computers to their BlackBerry devices. When users request a remote contact lookup from the contact list, the fields that you configure display on BlackBerry devices.
Page 186: Map A Contact Information Field In An Email Application To Contact List Fields On Blackberry Devices
Map a contact list field in an email application to a contact list field on a BlackBerry device You can map up to four contact list fields that users define in an email application to a BlackBerry® device. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User.
Page 187 Administration Guide Mapping contact information fields for synchronization and contact lookups Click Continue to user information edit. 10. Click Save all.
Page 188: Configuring Blackberry Devices To Enroll Certificates Over The Wireless Network
You can make the certificate enrollment process required so that devices automatically start the certificate enrollment process after the devices receive the updated IT policy from the BlackBerry Enterprise Server. If you do not make the certificate enrollment process required, you must instruct users to start the CA Profile Manager on the devices manually.
Page 189: Configure The Blackberry Mds Connection Service To Connect To The Certificate Authority
On the HTTP tab, in the Name field, type the certificate authority name. In the Service URL field, type the URL that the BlackBerry MDS Connection Service can use to send certificate requests to the certification authority using the following format: http:// <FQDN_of_CA_server>:<port_number>/* (for example, http://myca.mycompany.com:80/*).
Page 190: Add Communication Information To A Blackberry Mds Connection Service Configuration Set
DSML server, a CRL server, an OCSP server, or a certification authority. You must add the communication information that the BlackBerry MDS Connection Service requires to communicate with servers to a configuration set so that a BlackBerry MDS Connection Service instance can communicate with the servers after you assign the configuration set to the instance.
Page 191: Assign A Blackberry Mds Connection Service Configuration Set To A Blackberry Mds Connection Service Instance
You can assign a BlackBerry® MDS Connection Service configuration set to a BlackBerry MDS Connection Service instance so that BlackBerry device users can access documents on remote file systems from devices, the BlackBerry MDS Connection Service can search for certificates and check for the status of the certificates from LDAP servers, DSML servers, CRL servers, or OCSP servers, and the BlackBerry MDS Connection Service can send certificate requests to a certificate authority.
Page 192: Managing An Enrolled Certificate
BlackBerry Configuration Database when the certificate enrollment process starts for a new certificate. Also, if a certificate is expired or revoked, you or a BlackBerry device user can update the certificates on the device using the certificate synchronization tool in the BlackBerry® Desktop Software or by copying an updated certificate from a media card or smart card.
Page 193: Properties In The Rimpublic.properties File
Administration Guide Change the polling interval, logging, and pool size for the BlackBerry MDS Connection Service connection to the certificate authority Save and close the rimpublic.properties file. In the Windows® Services, restart the BlackBerry MDS Connection Service service. Related topics Restarting BlackBerry Enterprise Server components, 330 Properties in the rimpublic.properties file...
Page 194: Making The Blackberry Web Desktop Manager Available To Users
Desktop Manager on users' computers By default, when users open and log in to the BlackBerry® Web Desktop Manager for the first time, the browser prompts them to accept a client authentication certificate and install the required RIMWebComponents.cab file. The RIMWebComponents.cab file provides the BlackBerry®...
Page 195: Publish The Client Files For The Blackberry Web Desktop Manager In A Windows Gpo For Windows Vista
Manager in a Windows GPO for Windows Vista Before you begin: • Add the web address for the BlackBerry® Administration Service to the list of trusted web sites in the web browser. • Download and install the Microsoft® Group Policy Management Console with Service Pack 1. For more information about installing the service pack, see www.microsoft.com.
Page 196: Configure The Microsoft Activex Installer On Windows Vista
21. Click Show. 22. Click Add. 23. In the Enter the name of the item to be added field, type the web address for the BlackBerry Administration Service. 24. In the Enter the value of the item to be added field, type 2,2,1,0.
Page 197 Administration Guide Configure users' computers to install the client file for the BlackBerry Web Desktop Manager automatically VALUENAME "UseCoInstall" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END POLICY END CATEGORY [strings] EnableActiveXInstallFromAD="Allow user computers to install administrator-approved Microsoft ActiveX components." EnableActiveXInstallFromAD_Explain="Allow user computers to install administrator-approved Microsoft ActiveX components."...
Page 198: Make The Blackberry Web Desktop Manager Available To Users
The BlackBerry® Web Desktop Manager web address is https://<full_computer_name> /webdesktop/login. If you customized the BlackBerry Web Desktop Manager text colors or image and you want to display the changes on the login screen, you must direct users to https://<full_computer_name>/webdesktop/app? page=Login&service=page&orgId=0.
Page 199: Configuring The Blackberry Web Desktop Manager
BlackBerry device, deleting data from a device, or deactivating a device. You can also customize the UI of the BlackBerry Web Desktop Manager by changing the text colors or displaying a custom image, such as your organization's logo, to match the design of your organization's intranet.
Page 200: Configure The Domains For Backing Up Data Using The Blackberry Web Desktop Manager
Change the text colors in the BlackBerry Web Desktop Manager You can change the text colors in BlackBerry® Web Desktop Manager to match the colors that your organization uses for UIs. In the BlackBerry® Administration Service, on the Servers and components menu, expand BlackBerry Solution topology >...
Page 201: Blackberry Web Desktop Manager Text Colors
Manager You can display a custom image, such as your organization's logo, in the upper-right corner of the BlackBerry® Web Desktop Manager. The image file that you specify must be a .jpg or .gif file that is located on a trusted web site.
Page 202: Display The Domain Name On The Login Page Of The Blackberry Web Desktop Manager
You can specify the domain name that appears automatically in the Domain field when users browse to the BlackBerry® Web Desktop Manager login page. You can specify only one domain name. You can also provide the domain name to users when you send their login information to them.
Page 203: Creating And Configuring Wi-Fi Profiles And Vpn Profiles
Wi-Fi networks. You can manage the configuration settings for user accounts that are associated with a BlackBerry® Enterprise Server by creating Wi-Fi profiles. You can create and assign one or more Wi-Fi profiles to a user account or to a group using a process that is similar to the process you use to create an IT policy and assign it to a user account.
Page 204 If necessary, configure your organization’s enterprise Wi-Fi network to access the DHCP server. • If you do not use static IT addresses, use the DNS lookup tool on a Wi-Fi enabled BlackBerry device to verify that the BlackBerry device can access the DHCP server.
Page 205: Create A Wi-Fi Profile
Configure a Wi-Fi profile on a BlackBerry device You can instruct BlackBerry® device users to perform the following task if you want users to configure a Wi-Fi® profile for the Wi-Fi networks that you did not create a Wi-Fi profile for in the BlackBerry® Administration Service. By default, new Wi-Fi profiles appear at the end of the Wi-Fi profile list on the BlackBerry device.
Page 206: Assign A Wi-Fi Profile To A User Account
Click Save all. When you assign a Wi-Fi profile to a group that has at least one user account assigned to it, the BlackBerry Administration Service creates jobs to deliver the resulting objects to BlackBerry devices.
Page 207: Creating And Configuring Vpn Profiles
BlackBerry® Enterprise Server uses) on a BlackBerry device or using a VPN profile or IT policy. You can assign one or more VPN profiles to a user account or to a group. If a user account has a VPN profile, you can associate the VPN profile with the Wi-Fi profile for the user account.
Page 208: Configure A Vpn Profile
Click Save. When you assign a VPN profile to a group that has at least one user account assigned to it, the BlackBerry Administration Service creates jobs to deliver the resulting objects to BlackBerry devices.
Page 209: Associate A Vpn Profile With A Wi-Fi Profile
Associate a VPN profile with a Wi-Fi profile To permit a BlackBerry® device to connect to a Wi-Fi® network using a VPN session, you must associate a VPN profile with a Wi-Fi profile that you assigned to the user account.
Page 210: Importing Profile Information From A .Csv File
Consider the following guidelines: • Specify only one action that you want the BlackBerry® Enterprise Server to perform in each row of the file. • To assign more than one action to a user account, create multiple rows for the user account.
Page 211 Fields in the .csv file that contains profile information The following table describes the fields that you can configure in a .csv file. The BlackBerry® Administration Service uses the fields in the .csv file to update profile information that you assigned to user accounts.
Page 212: Import Profile Information From A .Csv File
Import profile information from a .csv file The BlackBerry® Administration Service processes actions in the order that they appear in the .csv file. If two actions that you listed in the file contradict each other, the action that appears closer to the end of the file is the action that the BlackBerry Administration Service processes.
Page 213: Configuring Encryption And Authentication Methods For Wi-Fi Enabled Blackberry Devices
WEP key numbering in the configuration settings of the Wi-Fi profile for the enterprise Wi-Fi network. For example, WEP key 1 on the BlackBerry device is WEP key 0 in the configuration settings, and WEP key 2 on the BlackBerry device is WEP key 1 in the configuration settings.
Page 214: Configuring Psk Encryption
For more information about configuration settings, see the BlackBerry Enterprise Server Policy Reference Guide. • Assign the Wi-Fi profile to the user accounts. • Resend the IT policy that you assign to the user accounts to Wi-Fi enabled BlackBerry devices. Related topics Creating and configuring Wi-Fi profiles, 201 Configuring PSK encryption The IEEE®...
Page 215: Configuring Leap Authentication
BlackBerry devices support LEAP authentication that uses a user name and password. You must distribute the user name and password using a Wi-Fi profile that you assign to user accounts. BlackBerry devices use a one-way function to encrypt passwords before they send the passwords to the authentication server.
Page 216: Configuring Peap Authentication
PEAP authentication require the root certificate for the certificate authority that issued the certificate. To distribute the root certificate to BlackBerry devices, you can use the certificate synchronization tool in the BlackBerry® Desktop Manager. You must configure a Wi-Fi profile to provide the user name and password for authentication.
Page 217: Prerequisites: Distributing A Certificate Using The Blackberry Desktop Manager
Distribute a certificate using the BlackBerry Desktop Manager If a BlackBerry® device requires the root certificate for the certificate authority, a client certificate, or both, you can distribute the certificates using BlackBerry® Desktop Manager. The BlackBerry device can add the certificates to the list of explicitly trusted certificate authority certificates or the list of client certificates.
Page 218: Configure Peap Configuration Settings In The Wi-Fi Profile On A Blackberry Device
12. Verify that the Allow inter-access point handover option is selected. 13. If necesssary, select the Prompt before connection check box. If you do not select the check box, the BlackBerry device connects to an available wireless access point automatically.
Page 219: Configuring Eap-Tls Authentication
To trust the authentication server certificate, BlackBerry devices must trust the certificate authority that issued the certificate. A certificate authority that the BlackBerry devices and the authentication server trust mutually must generate the certificate for the authentication server and the certificate for each BlackBerry device.
Page 220: Configure Eap-Tls Configuration Settings In The Wi-Fi Profile On A Blackberry Device
12. Verify that the Allow inter-access point handover option is selected. 13. If necessary, select the Prompt before connection check box. If you do not select the check box, the BlackBerry device connects to an available wireless access point automatically.
Page 221: Configure Eap-Ttls Authentication Data For Blackberry Devices Using A Wi-Fi Profile
EAP-TTLS authentication require the root certificate for the certificate authority that created the authentication server certificate. To distribute the root certificate to BlackBerry devices, you can use the certificate synchronization tool in BlackBerry® Desktop Manager or you can enroll the certificate over the wireless network.
Page 222: Configure Eap-Ttls Configuration Settings In The Wi-Fi Profile On A Blackberry Device
11. Verify that the Allow inter-access point handover option is selected. 12. If necesssary, select the Prompt before connection check box. If you do not select the check box, the BlackBerry device connects to an available wireless access point automatically.
Page 223: Configure Eap-Fast Authentication
Send EAP-FAST authentication data to a BlackBerry device using a Wi-Fi profile If BlackBerry® users in your organization's environment use BlackBerry® 7270 smartphones, you must configure user names and passwords using IT policy rules instead of configuration settings. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy > Wi- Fi configuration.
Page 224: Configure Eap-Fast Configuration Settings In The Wi-Fi Profile On Blackberry Devices
If your organization uses dynamic IP addresses, verify that the Automatically obtain IP address and DNS option is selected. If necesssary, select the Prompt before connection check box. If you do not select the check box, the BlackBerry device connects to an available wireless access point automatically.
Page 225: Configuring Software Tokens For Blackberry Devices
When users try to open a Wi-Fi or VPN connection that requires two-factor authentication on the BlackBerry devices, the BlackBerry devices prompt the users to type the software token PIN and submit the current tokencode for the connection type to create the passcode for two-factor authentication.
Page 226: Configure Blackberry Devices For Rsa Authentication
Configure RSA authentication over a Wi-Fi network using a software token You must add the serial number of the software token that the Wi-Fi® enabled BlackBerry® devices can use to a Wi- Fi profile so that RSA® authentication can occur over Wi-Fi connections.
Page 227: Configure Rsa Authentication Over A Vpn Network Using A Software Token
Configure RSA authentication over a VPN network using a software token You must add the serial number of the software token that the Wi-Fi® enabled BlackBerry® device can use to a VPN profile so that RSA® authentication can occur over VPN connections.
Page 228 Administration Guide Assign software tokens to a user account 11. Click Save all.
Page 229: Changing The Security Settings Of The Blackberry Administration Service And Blackberry Web Desktop Manager
SSL certificate to protect the HTTPS connection. You can import a self-signed SSL certificate or a trusted certificate that a certification authority signs after the installation process completes. If you configure a BlackBerry Administration Service pool, you must generate an SSL certificate that uses the name of the BlackBerry Administration Service pool.
Page 230: Configuring Microsoft Active Directory Authentication In An Environment That Includes A Resource Forest
BlackBerry Enterprise Server installation process, you provide the Windows domain, user name, and password for the Microsoft Active Directory account, and, if required, the names of the global catalog servers that the BlackBerry Administration Service can use. You can change the Windows domain, user name, and password for the Microsoft Active Directory account and global catalog servers after the installation process completes.
Page 231: Change The Information For Microsoft Active Directory Authentication
• To control which user accounts the BlackBerry Administration Service can authenticate with, type the distinguished name of the user container (for example, OU=sales,DC=example,DC=com). If you want the BlackBerry Administration Service to find all of the global catalog servers in the resource forest automatically, in the Global Catalog server discovery drop-down list, click Automatic.
Page 232: Configuring Single Sign-On Authentication For The Blackberry Administration Service And Blackberry Web Desktop Manager
Configure constrained delegation for the Microsoft Active Directory account to support single sign-on authentication Use the Windows Server® ADSI Edit tool to add the following SPNs for the BlackBerry® Administration Service pool to the Microsoft® Active Directory® account : • HTTP/<BAS_pool_FQDN> (for example, HTTP/BASconsole104.example.com) •...
Page 233: Blackberry Administration Service Web Addresses And Blackberry Web Desktop Manager Web Addresses That Support Blackberry Administration Service Single Sign-On
Instruct all administrators and device users to add the web addresses for the BlackBerry Administration Service and BlackBerry® Web Desktop Manager to the list of web sites in the local intranet zone and install the certificate for the BlackBerry Administration Service or BlackBerry Web Desktop Manager in the certificate store of their computers.
Page 234: Changing Password Settings For Blackberry Administration Service Authentication
Before you begin: Verify that you have database owner permissions for the BlackBerry Configuration Database. On all of the computers that host BlackBerry Administration Service instances, in the Windows® Services, stop the BlackBerry Administration Service services.
Page 235: Protecting And Redistributing Devices
Protecting and redistributing devices Protecting and redistributing devices Preparing a device for redistribution to a new user You can prepare a BlackBerry® device for redistribution to a new BlackBerry device user by performing one of the following actions: • use the security options on the device to permanently delete all user data •...
Page 236: Deleting Only Work Data From A Device
To help secure your organization's data on a personal BlackBerry® device, you can permit your organization to delete work data from a device when a user no longer works at your organization. You can use the BlackBerry Administration Service to require that a personal device remove only work data when the device receives the Delete only the organization data and remove device IT administrative command over the wireless network.
Page 237: Delete Only Work Data From A Device
Delete only work data from a device Before you begin: If you want to remove your organization's applications from the BlackBerry® device, create a software configuration that includes the applications and set the disposition of all work applications to Disallowed in the software configuration.
Page 238: Using It Administration Commands To Protect A Lost Or Stolen Device
The BlackBerry® Enterprise Server includes IT administration commands that you can send over the wireless network to protect sensitive data on a BlackBerry device. You can use the commands to lock the device, permanently delete work data, permanently delete user information and application data, and return the device settings to the default values.
Page 239: Protect A Stolen Device
Optionally, in the Removing users and devices section, in the Actions drop-down list, perform one of the following actions: • To delete a user account from the BlackBerry® Enterprise Server but retain the BlackBerry Enterprise Server information in the user's mailbox, click Delete the user.
Page 240: Protect A Lost Device
Using IT administration commands to protect a lost or stolen device Protect a lost device If a user misplaces a BlackBerry® device or if a device is stolen, you can protect the data on the device by locking the device or making it unavailable.
Page 241 Using IT administration commands to protect a lost or stolen device • To disable a user account from the BlackBerry Enterprise Server and remove the BlackBerry Enterprise Server information from the user's mailbox, click Disable the user and remove BlackBerry information from the user's messaging system.
Page 242: Managing Administrator Accounts
Switch the appropriate tabs to change the appropriate permissions. Click Save all. After you finish: Instruct administrators to log out of the BlackBerry Administration Service and log in again so that the changes can take effect immediately. Change the roles for an administrator account To reflect the changes to an administrator's responsibilities in your organization, you can add or remove one or more administrative roles for the administrator account.
Page 243: Delete An Administrator Account
Delete an administrator account You can delete an administrator account when you no longer require it in your organization's environment. Before you begin: If the administrator is also a BlackBerry® device user, remove the BlackBerry device from the administrator account.
Page 244: Managing Groups And User Accounts
You can either create user-specific groups and assign roles to those groups or use the default user groups that contain pre-existing roles. If you are managing a large number of groups (over 3000) using the BlackBerry Administration Service in a single domain, your organization's environment might experience a performance impact.
Page 245: Remove A User Account From A Group
BlackBerry Web Desktop Manager such as setting an activation password or locking their BlackBerry device. Remove a user account from a group In the BlackBerry® Administration Service, on the BlackBerry solution management menu, expand Group. Click Manage groups. Click the group name.
Page 246: Delete A Group
BlackBerry Enterprise Server recognizes the new mailbox location. If you move a user mailbox or change its display name on the messaging server, the BlackBerry Enterprise Server is designed to update the user account within 15 minutes of when the change occurs. If you move a hidden mailbox that does not appear in the contact list, you must update the user account that is associated with the BlackBerry Enterprise Server manually.
Page 247: Move A User Account From One Blackberry Enterprise Server To Another
In the BlackBerry Enterprise Server status list, click Disable as BlackBerry user. Perform one of the following actions: • To retain the BlackBerry Enterprise Server information in the user’s mailbox, click Yes - Disable as BlackBerry user. • To delete the BlackBerry Enterprise Server information from the user’s mailbox, click Yes - Disable as a BlackBerry user and remove the BlackBerry information from the user's mail system.
Page 248: Update A User Account Manually
You can update the contact list in the BlackBerry® Configuration Database so that you can include any organizational changes or updates in the contact list. The amount of time that the BlackBerry Mail Store Service requires to update the contact list depends on the contact list size.
Page 249 Administration Guide Managing user accounts In the search results, click the BlackBerry device PIN. In the Communications list, click Resend service books to a device.
Page 250: Managing The Delivery Of Blackberry Java Applications, Blackberry Device Software, And Device Settings To Blackberry Devices
The default value is 15 minutes. In the General section, in the Mark job as failed field, type the number of days that the BlackBerry Administration Service waits before it defines a job that was not delivered to BlackBerry devices as failed.
Page 251: Change How It Policies Are Sent To Blackberry Devices
Change how IT policies are sent to BlackBerry devices You can change the settings that the BlackBerry® Administration Service uses to send all IT policy settings and updates to BlackBerry devices. If you change the default settings for IT policy distribution, your organization's environment might experience a performance impact.
Page 252: Change How To Install, Update, Or Remove Blackberry Java Applications
Managing the default distribution settings for jobs If necessary, in the Total number of tasks per time window per BlackBerry Administration Service instance field, type the total number of IT policy tasks that you want the BlackBerry Enterprise Server to process during each processing interval.
Page 253: Change How To Install Or Update The Blackberry Device Software
The default value is 25. If necessary, in the Total number of tasks per time window per BlackBerry Administration Service instance field, type the total number of application tasks that you want the BlackBerry Enterprise Server to process during each processing interval.
Page 254: Change How The Blackberry Enterprise Server Sends Standard Application Settings To Blackberry Devices
BlackBerry Enterprise Server to process at the same time. The default value is 1000. On the Job throttling tab, to turn on throttling for all BlackBerry Device Software tasks in jobs, select Enabled to reduce load on system. If necessary, in the Default throttling for all BlackBerry Device Software tasks in each job in a time window...
Page 255: Managing The Distribution Settings For A Specific Job
When you create a software configuration and assign it to user accounts, change a software configuration that you assigned to user accounts, or assign or change an IT policy, the BlackBerry® Administration Service creates jobs to deliver the resulting objects or settings to BlackBerry devices. Before the BlackBerry Administration Service delivers a specific job, you can change the delivery schedule of the job, priority of the job, and how the job delivers IT policies, BlackBerry Java®...
Page 256: Specify The Start Time And Priority For A Job
Service. You can also change the priority of a job. By default, all jobs have a medium priority. If you change the priority of a job to low, the BlackBerry® Enterprise Server processes it after the jobs with a medium or high priority. The BlackBerry Enterprise Server processes jobs with a high priority before it processes jobs with a medium or low priority.
Page 257: Change How A Job Sends Blackberry Java Applications To Blackberry Devices
If necessary, in the Total number of tasks per time window per BlackBerry Administration Service instance field, type the total number of IT policy tasks in the job that you want the BlackBerry Enterprise Server to process during each processing interval.
Page 258: Change How A Job Sends The Blackberry Device Software To Blackberry Devices
If necessary, in the Total number of tasks per time window per BlackBerry Administration Service instance field, type the total number of application tasks in the job that you want the BlackBerry Enterprise Server to process during each processing interval.
Page 259 Click the Add icon. To turn on throttling for all BlackBerry Device Software tasks in jobs, in the Default throttling enablement for all BlackBerry Device Software tasks in each job in a time window section, click Enabled to reduce load on system.
Page 260: Change How A Job Sends Standard Application Settings To Blackberry Devices
BlackBerry devices. You can change how the BlackBerry Administration Service sends settings and updates in jobs to BlackBerry devices. If you change the default distribution settings for the standard application settings in BlackBerry Device Software configurations, your organization's environment might experience a performance impact.
Page 261: Managing Blackberry Java Applications On Blackberry Devices
If necessary, in the Total number of tasks per time window per BlackBerry Administration Service instance field, type the total number of tasks for standard application settings in the job that you want the BlackBerry Enterprise Server to process during each processing interval.
Page 262: Managing Software Configurations
• If you configured the software configuration to permit unlisted applications on BlackBerry devices, and you do not want to permit users to install the application on their BlackBerry devices, perform steps 7 to 12. Click Add applications to software configuration.
Page 263: Remove A Software Configuration From A User Account
If you remove a software configuration from a user account, the applications in the software configuration are removed from the BlackBerry® device associated with the user account. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User. Click Manage users.
Page 264: Managing How Users Access Enterprise Applications And Web Content
You can prevent BlackBerry® device users from accessing specific web servers using the BlackBerry® Browser or applications on BlackBerry devices. To specify the web servers that you want users to access, you can turn on pull authorization to restrict access to all types of web content and create pull rules to specify a list of web servers that you permit users to access.
Page 265: Create A Pull Rule
Restricting user access to content on web servers A web site that uses DNS load balancing returns a single IP address to the BlackBerry MDS Connection Service but might use multiple IP addresses to provide access to the web site. As a result, the BlackBerry MDS Connection Service might not be able to restrict BlackBerry devices from accessing the web site.
Page 266: Assign A Pull Rule To The Members Of A Group
The device user is not prompted to enter authentication credentials if they are not required by the web site. • To require that the BlackBerry MDS Connection Service authenticates a user using integrated Windows authentication, click Integrated. • To require that a user authenticates to the RSA Authentication Manager using RSA authentication, click RSA.
Page 267: Assign A Pull Rule To User Accounts
Restricting user access to media content in the BlackBerry Browser You can use standard definitions for MIME media types so that you can restrict the media types that the BlackBerry® MDS Connection Service can send to the BlackBerry® Browser and other applications on BlackBerry devices.
Page 268: Configure Download Limits For Media Content Types
BlackBerry device users can download to BlackBerry devices during each connection. Each request for data that the device makes to the BlackBerry MDS Connection Service is a connection. If you do not configure a limit for media content types, the default values apply.
Page 269: Configuring Integrated Windows Authentication So That Users Can Access Resources On Your Organization's Network
You must also configure two-way trust between the Microsoft Active Directory domain that the BlackBerry MDS Connection Service is running on and other Microsoft Active Directory domains in other forests that the BlackBerry MDS Connection Service must connect to. The S4U2proxy extension that the BlackBerry MDS Connection Service uses to retrieve the Kerberos™...
Page 270 For more information about configuring the Microsoft Active Directory account using setspn and Microsoft Active Directory, visit www.blackberry.com/btsc to read article KB22726. If a pool of application servers host a intranet site and the pool is running on Microsoft® IIS and is located behind a load-balancer, use setspn or ADSI to add the SPNs of the intranet site to the user account (also known as the identity) of the pool.
Page 271 Repeat steps 1 to 6 for each intranet site that you want to turn on integrated Windows authentication for. After you finish: • If required, configure BlackBerry® MDS Connection Service to use a Microsoft Active Directory account when the messaging server is in a remote Microsoft Active Directory domain. •...
Page 272: Configuring The Blackberry Mds Connection Service When The Messaging Server Is Located In A Remote Microsoft Active Directory Domain
Microsoft Active Directory domain If the computer that hosts the BlackBerry® MDS Connection Service is not located in the same Microsoft® Active Directory® domain as the global catalog server or messaging server and you want to configure support for Integrated Windows®...
Page 273: Turn On Integrated Windows Authentication So That Users Can Access Resources On Your Organization's Network
Configure the Microsoft® Active Directory® account to access resources on your organization's network. • If required, configure BlackBerry® MDS Connection Service to use a Microsoft Active Directory account when the messaging server is in a remote Microsoft Active Directory domain.
Page 274: Restricting The Push Application Content That Users Can Receive
Push initiators specify which server-side push applications are authenticated and permitted to send push requests to applications on BlackBerry® devices. For push initiators to work, you must turn on push authentication for the BlackBerry MDS Connection Service. You can configure several server-side push applications to use the same push...
Page 275: Turn On Push Authorization
If you turned on push authentication and created push initiators to specify which push applications can send push requests, you can create push rules to specify which users are permitted to receive authenticated push requests. The BlackBerry® MDS Connection Service can apply push rules only if you turn on push authorization for the BlackBerry MDS Connection Service.
Page 276: Create A Push Rule
Administration Guide Restricting the push application content that users can receive Create a push rule In the BlackBerry® Administration Service, in the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view. Click MDS Connection Service.
Page 277: Assign A Push Rule To User Accounts
Encrypt push requests that push applications send to BlackBerry devices You can configure a BlackBerry® MDS Connection Service to use SSL or TLS to encrypt the push requests that server- side push applications send to BlackBerry devices. By default, the BlackBerry MDS Connection Service does not encrypt the push requests that server-side push applications send.
Page 278: Specify Device Ports For Application-Reliable Push Requests
When a BlackBerry Java Application receives an application-reliable push request, it sends a delivery confirmation message to the BlackBerry MDS Connection Service, which sends the message to the server-side push application. You must specify the device port numbers that the BlackBerry Java Applications listen on for application-reliable push requests.
Page 279: Configure The Settings For Storing Push Requests In The Blackberry Configuration Database
Configure the maximum number of active connections that a BlackBerry MDS Connection Service can process You can configure the maximum number of push connections that a BlackBerry® MDS Connection Service can process at the same time. The BlackBerry MDS Connection Service queues the push connections that exceed this limit.
Page 280: Configure The Maximum Number Of Queued Connections That A Blackberry Mds Connection Service Can Process
The BlackBerry® MDS Connection Service queues push connections when the number of connections exceeds a limit that you specify. You can configure the maximum number of push connections that a BlackBerry MDS Connection Service can queue. The BlackBerry MDS Connection Service sends a "service unavailable" message to BlackBerry devices when the number of pending push connections in the queue exceeds the limit.
Page 281: Managing Organizer Data Synchronization
Delete organizer data for members of a user group from the BlackBerry Enterprise Server If the BlackBerry® Enterprise Server is not writing organizer data for members of a user group from their BlackBerry devices to the BlackBerry Configuration Database correctly, the organizer data on the BlackBerry Enterprise Server might be corrupted.
Page 282: Delete A User's Organizer Data From A Blackberry Enterprise Server
Delete a user's organizer data from a BlackBerry Enterprise Server If the BlackBerry® Enterprise Server writes a user’s organizer data from a BlackBerry device to the BlackBerry Configuration Database incorrectly, the organizer data on the BlackBerry Enterprise Server might become corrupt.
Page 283: Changing How Organizer Data Synchronizes
Click Edit component. For each type of organizer data, in the Synchronization type drop-down list, perform one of the following actions: • To synchronize data from the BlackBerry® Enterprise Server to the BlackBerry device only, click Server to Device. • To synchronize data from the BlackBerry device to the BlackBerry Enterprise Server only, click Device to Server.
Page 284: Change How The Blackberry Administration Service Resolves Conflicts During Organizer Data Synchronization For All User Accounts On A Blackberry Enterprise Server
Administration Guide Changing how organizer data synchronizes • To synchronize data from the BlackBerry device to the BlackBerry Enterprise Server only, click Device to Server. • To synchronize data from the BlackBerry device to the BlackBerry Enterprise Server and from the BlackBerry Enterprise Server to the BlackBerry device, click Bidirectional.
Page 285: Synchronizing Contact Pictures
By default, the BlackBerry® Synchronization Service synchronizes pictures that a user adds to contact entries in their contact list between the BlackBerry device and the email applications on their computer. A user can add, delete, and change pictures in the email applications on the computer or on the BlackBerry device.
Page 286: Managing Your Organization's Messaging Environment And Attachment Support
BlackBerry devices. You can also manage individual user accounts, provide support to users, control the size of the message queue, and control the load on the BlackBerry Messaging Agent to process forwarding requests. By default, email message forwarding is turned on when you add a user account to the BlackBerry Enterprise Server.
Page 287: Forward Email Messages From Inbox Subfolders To A Blackberry Device
• To forward email messages from the user's inbox and sent items folder, click Inbox and Sent Items only. • To select the folders that you want the BlackBerry Enterprise Server to forward messages from, click Selected folders. Click the folders that you want to forward messages from.
Page 288: Turn Off Email Message Forwarding To A User Account
If you do not want a user’s email application to receive a copy of email messages that the user sends from the BlackBerry® device, you can turn off synchronization for email messages that the user sends from the BlackBerry device.
Page 289: Turn Off Email Message Forwarding When A User Connects A Blackberry Device To A Computer
To manage network resources and control the number of email messages on a user's BlackBerry® device, you can turn off email message forwarding when a user's BlackBerry device is connected to the user's computer using a USB connection.
Page 290: Managing Wireless Message Reconciliation
Turn on reconciliation for email messages that are hard deleted Users can hard delete email messages in Microsoft® Outlook® and you can configure a BlackBerry® Enterprise Server to remove hard deleted messages from BlackBerry devices. If you turn on hard deletes reconciliation, the BlackBerry Messaging Agent also deletes email messages from devices when users archive or move email messages to personal folders in Microsoft Outlook.
Page 291: Managing Access To Remote Message Data
• In the Windows® Services, restart the BlackBerry Dispatcher. Repeat step 2 to step 6 for each BlackBerry Enterprise Server instance that you want to turn off the feature for. After you finish: To allow the user to check the availability of a potential meeting participant, in the Messaging Options section, change Free busy lookup turn on to True.
Page 292: Managing Email Messages That Contain Html And Rich Content
• If you are changing a BlackBerry Enterprise Server instance, in the Status list, click Restart instance. • If you are changing a BlackBerry Enterprise Server pair, in the Status list for one of the instances in the pair, click Restart instance. Repeat this step for the other instance in the pair.
Page 293: Blackberry Enterprise Server
You can change an IT policy rule to prevent the BlackBerry® Enterprise Server from sending email messages that contain HTML and rich content or inline images to users. If you turn off support for rich text formatting, the BlackBerry Enterprise Server sends all email messages in plain text format.
Page 294: Synchronizing Folders On The Blackberry Device
By default, a user can synchronize contacts from all of the published public contact folders on the messaging server with the contact lists on a BlackBerry® device. To help manage network resources, you can select the published public contact folders that a user can synchronize.
Page 295: Control Which Personal Contact Subfolders A User Can Synchronize To A Blackberry Device
In the Messaging configuration section, click Device configuration. On the Email tab, in the Redirection settings section, click Selected Folders. Select the folders that you want to permit the user to synchronize with the contact lists on the BlackBerry device. Click Continue to user information edit.
Page 296: Configuring Access To Documents On Remote File Systems
BlackBerry MDS Connection Service. For remote file systems that require authentication, you can provide the credentials to the BlackBerry MDS Connection Service so that users do not need to provide the credentials when they access the documents.
Page 297: Add Communication Information To A Blackberry Mds Connection Service Configuration Set
Administration Guide Configuring access to documents on remote file systems • In the User name field, type the name of the account that you want the BlackBerry MDS Connection Service to use to authenticate to the remote file system. • In the Authentication domain field, type the domain for the user account.
Page 298: Service Instance
You can assign a BlackBerry® MDS Connection Service configuration set to a BlackBerry MDS Connection Service instance so that BlackBerry device users can access documents on remote file systems from devices, the BlackBerry MDS Connection Service can search for certificates and check for the status of the certificates from LDAP servers, DSML servers, CRL servers, or OCSP servers, and the BlackBerry MDS Connection Service can send certificate requests to a certificate authority.
Page 299: Managing Signatures And Disclaimers In Email Messages
Add a disclaimer to email messages that users send from BlackBerry devices You can add a disclaimer to email messages that users send from their BlackBerry® devices. Users cannot change the disclaimers that you define. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry solution topology >...
Page 300: Add A Disclaimer To Email Messages That A User Sends From A Blackberry Device
You can add a disclaimer to all email messages that are sent by a user that is different from the disclaimer that you added for all users on a BlackBerry® Enterprise Server. A user cannot change the disclaimer that you define.
Page 301: Monitor Email Messages That Users Send From Blackberry Devices
To monitor the content of email messages that users send from their BlackBerry® devices, you can BCC specific email addresses on the email messages. You can BCC the email addresses of all of the users that you assign to a BlackBerry Messaging Agent.
Page 302: Sending Notification Messages To Users
Sending notification messages to users You can send a notification message to a user, to all of the users associated with a BlackBerry® Enterprise Server, or to all of the users in the BlackBerry Domain. You can send notifications as email messages or PIN messages. PIN messages are appropriate for informing users about messaging server outages because BlackBerry devices send and receive PIN messages directly, without using the messaging server.
Page 303: Send A Notification Message To A User
BlackBerry Attachment Service instances When a user sends a request to view an email message attachment on a BlackBerry® device, the BlackBerry device sends a request to the BlackBerry® Enterprise Server to convert the attachment. The BlackBerry Enterprise Server...
Page 304: Change How A Blackberry Attachment Connector Retries Sending Requests To A Blackberry Attachment Service
In the General section, in the Minimum wait for retry per request field, type the amount of time, in milliseconds, that the BlackBerry Attachment Connector waits before it resends a request that is not delivered to a BlackBerry Attachment Service.
Page 305: Change How A Blackberry Attachment Connector Restores A Lost Connection To A Blackberry Attachment Service
In the General section, in the Minimum wait to attempt restore of lost connection field, type the amount of time, in milliseconds, that the BlackBerry Attachment Connector waits before it tries to restore a lost connection to a BlackBerry Attachment Service.
Page 306: Limitations For Supported Attachment File Formats
IBM® Lotus® Symphony™ only. The fonts that can be displayed in slides are dependent on the font types that are available on the BlackBerry Attachment Service. If a specific font is not available, the BlackBerry Attachment Service uses the most similar font type that is available.
Page 307: Changing How A Blackberry Attachment Service Converts Attachments
The BlackBerry Enterprise Server sends data to BlackBerry devices over the wireless network in packets that are no larger than 64 KB, and it can send an unlimited number of packets to BlackBerry devices.
Page 308: Blackberry Attachment Service Optimization Settings
BlackBerry Attachment Service optimization settings Setting Description Range Submit port This setting specifies the TCP/IP port number that a BlackBerry® Attachment — Service uses to listen for and receive attachment conversion requests in a predefined XML/binary protocol. The default value is 1900.
Page 309: Change The Maximum File Size For Attachments That Users Can Receive
Change the maximum file size for attachments that users can receive The BlackBerry® Attachment Service uses memory during the attachment conversion process. If users try to open large or complex attachments (for example, .pdf files or ASCII text files that are larger than 2 MB) or multiple attachments at the same time, you might want to limit the file size for attachments.
Page 310: Turn Off Support For An Attachment File Format For A Blackberry Attachment Service
BlackBerry Attachment Service instances. If your organization uses new common extensions for a file format that there is a distiller available for on a BlackBerry Attachment Service, you must add those extensions to the BlackBerry Attachment Connector. For example, if users send .rtf files as .wav files, you must verify that the BlackBerry Attachment Connector supports .wav files and that...
Page 311: Changing How The Blackberry Messaging Agent Reconciles Attachments To The Messaging Server
Data that a BlackBerry device and the messaging server send each other over the wireless network must be in packets that are no larger than 64 KB. If a BlackBerry device sends an attachment that is larger than a single packet, the BlackBerry device divides the attachment into multiple packets.
Page 312: Change The Maximum File Size For Attachments That Users Can Send
On BlackBerry® devices that are running specific versions of the BlackBerry® Device Software, users can download attachments in native formats (for example, .txt for a text file) to their BlackBerry devices. Users can open and make changes to the files that they download using an appropriate third-party application on their BlackBerry devices. A user might be able to open specific file formats using the media application on the BlackBerry device.
Page 313 Administration Guide Changing how the BlackBerry Messaging Agent reconciles attachments to the messaging server Click the instance that you want to change. Click Edit instance. On the Messaging tab, in the Messaging options section, in the Maximum single attachment download size (KB) field, type a number, in KB, that is between 0 and 10240 (10 MB).
Page 314: Managing Calendars
Microsoft Exchange Web Services and user accounts that use MAPI and CDO libraries. You can use the BlackBerry® Enterprise Trait Tool to configure the BlackBerry Enterprise Server to use only Microsoft Exchange Web Services or only MAPI and CDO libraries to manage calendars on devices. You can configure a specific BlackBerry Messaging Agent instance, a specific BlackBerry Enterprise Server, or all BlackBerry Enterprise Server instances that share one BlackBerry Configuration Database.
Page 315: Turn Off Client Throttling In Microsoft Exchange 2010
By default, Microsoft® Exchange 2010 uses client throttling policies to track the bandwidth that each Microsoft Exchange user consumes and enforce bandwidth limits as necessary. The policies affect the performance of the BlackBerry® Enterprise Server, so you should turn off client throttling for the Windows® account that has a Microsoft Exchange mailbox.
Page 316: Configure The Blackberry Enterprise Server To Use Mapi And Cdo Libraries
In the logs folder verify that the file named <server_name>_CALH_<agent_id>_<date>.txt appears. In the file name, <server_name> is the name of the BlackBerry Enterprise Server, <agent_id> is the ID of the BlackBerry Messaging Agent, and <date> is the date that you configured the BlackBerry Enterprise Server to use Microsoft Exchange Web Services.
Page 317: Configure The Blackberry Messaging Agent Instances To Use A Specific Web Address For A Client Access Server For Microsoft Exchange
At the command prompt, navigate to <extracted_folder>\tools. Perform one of the following actions: • To configure a specific BlackBerry Enterprise Server to use a specific web address for a client access server for Microsoft Exchange, type traittool -server <server_name> -trait EWSCASURL -set <web_address>, where <server_name>...
Page 318: Configuring The Blackberry Messaging Agent Instances To Look Up The User's Status Using Only Microsoft Exchange Web Services
Messaging Agent instances can determine the user's status using Microsoft Exchange Web Services unless the user is an external user or the user's email address is a distribution list. If the BlackBerry Messaging Agent instances cannot determine the user's status using Microsoft Exchange Web Services and Microsoft Exchange public folders that are in your organization's environment, the BlackBerry Messaging Agent instances can search the Microsoft Exchange public folders for the user's status.
Page 319: Correcting Calendar Synchronization Errors On Devices
You can use the BlackBerry® Enterprise Trait Tool to specify whether corrective calendar synchronization checks calendar entries for a specific user, users on a specific BlackBerry® Enterprise Server, or all users. The tool uses a hierarchy to determine what calendar entries to check. Settings at the user level override settings at the server level, settings at the server level override settings at the global level, and settings at the global level override the default settings.
Page 320: View The Current Settings For Corrective Calendar Synchronization
• To turn off corrective calendar synchronization for a specific user account, type traittool -user <smtp_address> -trait ExchangeSmartSyncEnable -set false. • To turn off corrective calendar synchronization for all user accounts that are associated with a BlackBerry Enterprise Server, type traittool -server <server_name> -trait ExchangeSmartSyncEnable -set false.
Page 321: Turn Off Automatic Error Correction In Corrective Calendar Synchronization
ExchangeSmartSyncSendUpdate -set true, where <level> is the SMTP address of a specific user account, the server name of a specific BlackBerry Enterprise Server for all user accounts that are associated with the specific BlackBerry Enterprise Server, or global for all user accounts.
Page 322: Configure When Corrective Calendar Synchronization Runs
To specify more than one value for when corrective calendar synchronization runs, after you extract the BlackBerry® Enterprise Server installation files to the computer, you can create a list of values that are separated by commas (,) at the command prompt.
Page 323: Logging Information For Corrective Calendar Synchronization
Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday, Weekdays, Weekends, or Daily. The default value is Daily. Press ENTER. Example: Configuring corrective calendar synchronization to run at 10:00 PM for all users on the BlackBerry Enterprise Server that is named SERVER01 traittool -server SERVER01 -trait ExchangeSmartSyncTriggerHour -set 22...
Page 324: Delete A Setting For Corrective Calendar Synchronization
<name> is the setting you want to delete. • To delete a setting for all user accounts that are associated with a BlackBerry Enterprise Server, type traittool -server <server_name> -trait <name> -erase, where <name> is the setting you want to delete.
Page 325: Improving The Flow Of Email Messages And Calendar Synchronization When The Blackberry Enterprise Server Runs On Windows Server 2008
BlackBerry Messaging Agent uses the MAPI32.dll library to create the temporary MAPI profiles. After you install BlackBerry Enterprise Server 4.1 SP7 or BlackBerry Enterprise Server 5.0 SP1 or later, if you are running Windows Server® 2008 and notice that the limit that Windows Server 2008 places on NSPI connections is impacting MAPI performance and the flow of email messages, you can change how the BlackBerry Messaging Agent creates temporary MAPI profiles for the CalHelper application.
Page 326: Managing Instant Messaging
Installing a collaboration client on BlackBerry devices For detailed information about the methods that you can use to install a collaboration client on BlackBerry® devices, see the "Add a collaboration client to the application repository" and "Alternative methods for installing BlackBerry Java Applications on devices"...
Page 327: Change The Transport Protocol For A Microsoft Instant Messaging Environment
Click Save all. Change the transport protocol for a Microsoft instant messaging environment In the BlackBerry® Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Collaboration. Expand the instant messaging environment.
Page 328: Specify The Windows Domain Name For Users Who Log In To A Collaboration Client
To control bandwidth and resource consumption in your organization's environment, you can specify the number of instant messaging sessions that can be open between the BlackBerry® Collaboration Service and the instant messaging server at the same time.
Page 329: Managing Instant Messaging Features
BlackBerry® device users can send to each other using the BlackBerry® Client for IBM® Lotus® Sametime®. The maximum file size that you specify for a file type must not exceed the maximum file size that you specified on the IBM® Lotus® Sametime® server.
Page 330: Prevent Users From Saving Instant Messaging Conversations
.txt files in the internal memory of their BlackBerry devices or on an external memory device. You can turn off this feature if you do not want users to save their instant messaging conversations on their BlackBerry devices.
Page 331 Administration Guide Managing instant messaging features <Detail Id="Manager" FieldName="Manager" Type="text/plain"/> <Detail Id="Department" FieldName="Department" Type="text/plain"/> <Detail Id="WorkAddress" FieldName="OfficeStreetAddress" Type="text/plain"/> <Detail Id="WorkZip" FieldName="OfficeZip" Type="text/plain"/> <Detail Id="WorkState" FieldName="OfficeState" Type="text/plain"/> <Detail Id="WorkCity" FieldName="OfficeCity" Type="text/plain"/> <Detail Id="HomeAddress" FieldName="StreetAddress" Type="text/plain"/> <Detail Id="HomeZip" FieldName="Zip" Type="text/plain"/> <Detail Id="HomeState" FieldName="State" Type="text/plain"/> <Detail Id="HomeCity"...
Page 332: Managing A Blackberry Domain
Managing a BlackBerry Domain Restarting BlackBerry Enterprise Server components When you complete certain tasks, you need to restart one or more BlackBerry® Enterprise Server components. You restart the BlackBerry Enterprise Server components using the BlackBerry Administration Service or Windows® services.
Page 333: Restart A Blackberry Enterprise Server Component Using The Blackberry Administration Service
On each computer that hosts the BlackBerry® Enterprise Server component, in the Windows® Services, restart the services for the component. If you want to restart all of the BlackBerry Enterprise Server components, you must restart the Windows Services in the following order: •...
Page 334: Use The Blackberry Enterprise Trait Tool
Administration Guide BlackBerry Enterprise Trait Tool traits The BlackBerry Enterprise Trait Tool file is located in the installation files for the BlackBerry Enterprise Server and is named TraitTool.exe. You must launch the TraitTool.exe file using a Windows® command prompt. Use the BlackBerry Enterprise Trait Tool Copy the BlackBerry®...
Page 335 This trait specifies the minimum version of the BlackBerry® Device Software that can receive 8 bytes of ACP data. The typical amount of ACP data that BlackBerry devices can receive is 4 bytes. The BlackBerry® Enterprise Server check-s the value of this trait to find out how many bytes of ACP data to send to devices.
Page 336 This trait specifies how the BlackBerry Messaging Agent modifies MAPI profile settings when you install the BlackBerry Enterprise Server. If you want the BlackBerry Messaging Agent to modify the MAPI profile settings that the BlackBerry Enterprise Server requires for BlackBerry Enterprise Server version 4.1 SP6 and earlier, set the trait to true (1).
Page 337 If you want the BlackBerry Enterprise Server to use only Microsoft Exchange Web Services to manage calendars on devices, change the value to true (1). If you want the BlackBerry Enterprise Server to use only MAPI and CDO libraries to manage calendars on devices, change the value to false (0).
Page 338 Microsoft Exchange Web Services or by searching for the information in the Microsoft Exchange public folders. You can configure this trait for a specific BlackBerry Messaging Agent, all BlackBerry Messaging Agent instances on a specific BlackBerry Enterprise Server, or all BlackBerry Messaging Agent instances on all BlackBerry Enterprise Server instances.
Page 339 The BlackBerry Enterprise Server checks for calendar errors on devices for all user accounts. If you don't want the BlackBerry Enterprise Server to check for calendar errors on devices, change the value to false (0) for a specific user account, all user accounts that are associated with a BlackBerry Enterprise Server, or all user accounts.
Page 340 BlackBerry Enterprise Server, or all user accounts. The default value is 0, the BlackBerry Enterprise Server checks for calendar synchronization errors on devices at 12:00 AM. For more information, see...
Page 341 Service to update the user directory in the BlackBerry Configuration Database, change the value to true (1). If you do not want the BlackBerry Mail Store Service to update the user directory in the BlackBerry Configuration Database, change the value to false (0).
Page 342 Junk folder. If you do not want the BlackBerry Enterprise Server to monitor the Junk folder for activation messages, change the value to false (0) and restart the BlackBerry Controller.
Page 343 Service to send applications using throttling in the same way that it throttles IT policies and service books, change the value to true (1). If you do not want the BlackBerry Policy Service to send applications using throttling in the same way that it throttles IT policies and service books, change the value to false (0).
Page 344 RouterAutoDiscoveryMethod This trait specifies the method that the BlackBerry Enterprise Server uses to update the list of BlackBerry Router instances in the BlackBerry Configuration Database. If you want the BlackBerry Enterprise Server to compile the list of BlackBerry Router instances automatically, change the value to true (1). If...
Page 345: Permit The Blackberry Messaging Agent To Write Statistics To Microsoft Exchange Mailboxes
Permit the BlackBerry Messaging Agent to write statistics to Microsoft Exchange mailboxes By default, to reduce the workload on the Microsoft® Exchange Server, the BlackBerry® Messaging Agent 5.0 SP2 or later does not write statistics to each user's Microsoft® Exchange mailbox when it processes email messages. If you want the BlackBerry Messaging Agent to function as it did in previous versions, you can permit the BlackBerry Messaging Agent to write statistics to each user's Microsoft Exchange mailbox.
Page 346: Managing Blackberry Cal Keys
Copy a BlackBerry CAL key to a text file You can copy a BlackBerry® CAL key to a text file and save it on a computer for reference if you want to transfer CAL keys to a different BlackBerry Enterprise Server or troubleshoot BlackBerry CAL key issues.
Page 347: Configuring The Blackberry Mail Store Service Instance That Updates The Contact List
Mail Store Service instance is updating the contact list already before it starts to update the contact list. You must verify that at least one BlackBerry Mail Store Service instance can update the contact list in the BlackBerry Configuration Database so that the BlackBerry Administration Service can access the latest contact list information when you create and manage user accounts.
Page 348: Configuring A Hosted Blackberry Services Environment
If you configure Hosted BlackBerry® services, you must make sure that the name of the organization that each BlackBerry device user belongs to is listed accurately and consistently in the entry for each user in Microsoft® Active Directory®. For example, if the organization’s name appears as an acronym in some entries but in expanded form in others, the BlackBerry®...
Page 349 In the Windows Services, restart the BlackBerry Controller. Related topics Configuring the BlackBerry Enterprise Server to use LDAP to retrieve email addresses and organizer data, 348 Restarting BlackBerry Enterprise Server components, 330 Configure the BlackBerry Enterprise Server to resolve email addresses using an LDAP field that is not the Company Name field On the computer that hosts the BlackBerry®...
Page 350: Subtree In Microsoft Active Directory
Microsoft® Active Directory® that you configured for multi-tenancy. When you configure the BlackBerry Enterprise Server to search within subtrees, the BlackBerry Enterprise Server searches the Microsoft Active Directory using the organizational unit information that is included in the distinguished name of the BlackBerry device users. Before you begin: •...
Page 351: Configure The Blackberry Enterprise Server To Connect To Microsoft Active Directory
(for example, example.com:3268). If the BlackBerry Enterprise Server must use a specific port to connect to Microsoft Active Directory and you did not specify the port number in the LDAPDomain string, perform the following actions: Create a DWORD value named LDAPport.
Page 352: Configure The Blackberry Enterprise Server To Retrieve Email Addresses And Organizer Data Using Ldap
Change the value to 1. To change the amount of time that the BlackBerry Enterprise Server waits for a response from Microsoft Active Directory before the connection times out (by default, 10 seconds), perform the following actions: Create a DWORD value named LDAPTimeout.
Page 353: Prevent The Blackberry Enterprise Server From Retrieving Contact Information For Specific Users
If you are required by your organization to prevent BlackBerry® device users from finding contact information for specific users, you can specify a list of users that you want to prevent BlackBerry device users from finding contact information for or you can filter users using an attribute in Microsoft® Active Directory®.
Page 354: Configuring Blackberry Policy Service Throttling
BlackBerry Policy Service when it performs the following actions: • sends IT policies and service books that you update to all BlackBerry devices that are associated with the BlackBerry Enterprise Server instance that the BlackBerry Policy Service runs on •...
Page 355: Configuring Blackberry Policy Service Throttling For It Policies And Service Books
If the BlackBerry® Policy Service detects that you updated an IT policy or service book in the BlackBerry Configuration Database, it schedules a task to create and deliver the IT policy or service book to BlackBerry device users that must receive the update.
Page 356: Configuring Blackberry Policy Service Throttling For Pin Encryption Keys
Example: Configuring the maximum number of IT policies or service books that a BlackBerry Policy Service can send If you want to configure the maximum number of IT policies or service books that a BlackBerry Policy Service can send to 500, type traittool -global -trait PolicyThrottlingMaxDomainJobs -set 500.
Page 357: Configuring Blackberry Policy Service Throttling For Application Polling
BlackBerry Policy Service when it sends applications to devices. If you do not configure throttling, the BlackBerry Policy Service tries to process tasks as fast as the server permits, which might result in an unexpected increase in CPU usage and database usage. If you configure throttling, the BlackBerry Policy Service sends applications to devices using the same method that it uses to throttle IT policies and service books.
Page 358: Configuration Database
Change the port number that the syslog tools use to monitor BlackBerry Enterprise Server events You can change the port number that the syslog tools listen on to monitor BlackBerry® Enterprise Server events. By default, the syslog tools listen to events for the BlackBerry Enterprise Server on port 514.
Page 359 Administration Guide Change the port number that the syslog tools use to monitor BlackBerry Enterprise Server events Restarting BlackBerry Enterprise Server components, 330 Syslog connection type and port number, 397...
Page 360: Blackberry Controller And Blackberry Enterprise Server Component Monitoring
Messaging Agent, the extension plug-ins for the BlackBerry Messaging Agent, and the BlackBerry Dispatcher so that the BlackBerry Controller can detect when to start, restart, or stop the services. The BlackBerry Controller can also restart other BlackBerry Enterprise Server services if they stop responding.
Page 361 The default value is 6. Health checks occur every ten minutes. If a health check does not receive a response from the thread that that the BlackBerry Controller monitors, the BlackBerry Enterprise Server tracks the missed health check in the BlackBerry Messaging Agent log file as the wait count.
Page 362: Change How The Blackberry Controller Restarts A Blackberry Enterprise Server Service
Change how the BlackBerry Controller restarts a BlackBerry Enterprise Server service By default, the BlackBerry® Controller restarts a BlackBerry® Enterprise Server service if it stops responding. On the computer that hosts the BlackBerry Enterprise Server component that you want to change, open the Registry Editor.
Page 363 Administration Guide How the BlackBerry Controller monitors the BlackBerry Enterprise Server components In the left pane, perform one of the following actions: • If you are running a 32-bit version of Windows®, navigate to HKEY_LOCAL_MACHINE\Software\Research In Motion. • If you are running a 64-bit version of Windows, navigate to HKEY_LOCAL_MACHINE\Software \WOW6432Node\Research In Motion.
Page 364 Administration Guide How the BlackBerry Controller monitors the BlackBerry Enterprise Server components Task Steps • To prevent the BlackBerry Controller from restarting the BlackBerry Router if the service stops responding, type 0. • To permit the BlackBerry Controller to restart the BlackBerry Router if the service stops responding, type 1.
Page 365: Blackberry Enterprise Server Alert Tool
Configuring notifications using the BlackBerry Enterprise Server Alert Tool You can use the BlackBerry® Enterprise Server Alert Tool to monitor the Windows Event Log™ and send users that you define as notification recipients a notification message when the tool records a critical, error, warning, or informational event.
Page 366 In the Email address field, type the recipient's email address. To send notification messages as popup messages on the contact's computer, in the Console field, type the name of the contact's computer. Click OK. Related topics Restarting BlackBerry Enterprise Server components, 330...
Page 367: Blackberry Enterprise Server Log Files
You can use the log files for PIN messages to monitor the time and frequency when users send PIN messages from BlackBerry® devices. The log files are named using the format PINLog_<yyyymmdd>. By default, logging for PIN messages is turned off.
Page 368: Log Files For Blackberry Enterprise Server Components
Turn off call logging You can use the log files for calls to monitor the time and frequency when users make calls from BlackBerry® devices. The log files are named using the format PhoneCallLog_<yyyymmdd>. By default, logging for calls is turned on.
Page 369: Changing How Blackberry Enterprise Server Components Create Log Files
Store the log files for BlackBerry Enterprise Server components in one folder You can store the log files for BlackBerry® Enterprise Server components in one folder instead of permitting the BlackBerry Enterprise Server to save the log files in folders that it creates daily and organizes by date.
Page 370: Change The Logging Level For A Blackberry Enterprise Server Component
Related topics Create an additional log file for a BlackBerry Enterprise Server component when the current log file reaches its maximum size, 369 Restarting BlackBerry Enterprise Server components, 330 Change the logging level for a BlackBerry Enterprise Server component You can select whether the information that you save to the log files is detailed or limited by changing the logging level for a BlackBerry®...
Page 371: Prevent A Blackberry Enterprise Server Component From Creating A Daily Log File
Change the identifier of the log file for a BlackBerry Enterprise Server component You can identify the log file for a BlackBerry® Enterprise Server component by the identifier that is included in the file name. For example, a log file that is named BBServer01_SYNC_01_20080120_001.txt uses the default component identifier SYNC to identify the BlackBerry Synchronization Service component.
Page 372 You can change the character encoding of the log files of a BlackBerry® Enterprise Server component so that the encoding supports the tools that you use to parse and examine the log files. You can specify a different character encoding for each BlackBerry Enterprise Server component.
Page 373: Component Identifiers For Log Files
Click Reset logging defaults. Click Save all. For the changes to take effect, perform any of the following actions to restart the BlackBerry® Enterprise Server services: • To restart services other than the BlackBerry Administration Service, on the Servers and components menu, locate and restart the services that you restored to default values.
Page 374: Blackberry Mds Connection Service Log Files
Changing how the BlackBerry MDS Connection Service creates a log file Change the logging level for BlackBerry MDS Connection Service log files You can change the logging level for the BlackBerry® MDS Connection Service log file, which includes the event log, UDP log files, and TCP log files.
Page 375: Log File
UDP log file messages The SNMP agent for the BlackBerry® Enterprise Server receives UDP log file messages from the same host and port number that the BlackBerry MDS Connection Service connects to when it sends UDP log messages.
Page 376 Change the activities that the BlackBerry MDS Connection Service writes to a log file The settings for the activities that the BlackBerry® MDS Connection Service writes to a log file apply to all log files, including the event log, UDP log files, and TCP log files.
Page 377: Blackberry Devices
Connection Service proxies in the BlackBerry MDS Connection Service log files. You can find the BlackBerry MDS Connection Service log files on the computer that hosts the BlackBerry Enterprise Server. You can identify BlackBerry MDS Connection Service log files by the component identifier MDAT in the log file name.
Page 378: Blackberry Collaboration Service Log Files
Change which activities the BlackBerry Collaboration Service writes to a log file In the BlackBerry® Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Collaboration. Expand a BlackBerry Collaboration Service, then click an instance.
Page 379 BlackBerry Collaboration Service log files Task Steps Trace how data packets travel inside the GME In the GME logging turned on drop-down list, click network layer from the BlackBerry Collaboration True. Service to the BlackBerry Dispatcher. Click Save all. Related topics...
Page 380: Blackberry Enterprise Solution Connection Types And Port Numbers
BlackBerry Enterprise Solution connection types and port numbers BlackBerry Enterprise Solution connection types and port numbers The BlackBerry® Enterprise Server components authenticate the port connections over a TCP/IP or UDP/IP connection that uses SSL or TLS. BlackBerry Administration Service connection types and...
Page 381 Administration Guide BlackBerry Administration Service connection types and port numbers Item Connection Default port UI where you can type number configure the connection incoming data connections from, and outgoing data HTTPS BlackBerry connections to, browsers Configuration Panel incoming data connections from, and outgoing data...
Page 382: Blackberry Attachment Service Connection Types And Port Numbers
Administration Guide BlackBerry Attachment Service connection types and port numbers Item Connection Default port UI where you can type number configure the connection 17600 to 17609 and 17800 to 17809 BlackBerry Attachment Service connection types and port numbers Item Connection...
Page 383: Blackberry Collaboration Service Connection Types And Port Numbers
Administration Guide BlackBerry Collaboration Service connection types and port numbers Item Connection Default port UI where you can configure type number the connection \BlackBerry Enterprise Server \Database\Port BlackBerry Collaboration Service connection types and port numbers Item Connection Default port UI where you can configure...
Page 384: Blackberry Configuration Database Connection Types And Port Numbers
Administration Guide BlackBerry Configuration Database connection types and port numbers Item Connection Default port UI where you can configure type number the connection \BlackBerry Enterprise Server \Database\Port outgoing syslog connections to the SNMP agent 4071 Windows registry • On a 32-bit version of...
Page 385: Blackberry Controller Connection Types And Port Numbers
Administration Guide BlackBerry Controller connection types and port numbers Item Connection Default port UI where you can configure type number the connection \BlackBerry • BlackBerry Policy Service Enterprise Server • BlackBerry Synchronization Service \Database\Port • On a 64-bit version of...
Page 386: Blackberry Dispatcher Connection Types And Port Numbers
Administration Guide BlackBerry Dispatcher connection types and port numbers Item Connection Default port UI where you can configure type number the connection Enterprise Server \Logging Info \Mailbox Agent \SysLogHost outgoing syslog connections to the BlackBerry port — Messaging Agent number...
Page 387 Administration Guide BlackBerry Dispatcher connection types and port numbers Item Connection Default port UI where you can configure type number the connection incoming data connections from, and outgoing data 3200 — connections to, one or more of the following BlackBerry® Enterprise Server components: •...
Page 388: Blackberry Messaging Agent Connection Types And Port Numbers
Administration Guide BlackBerry Messaging Agent connection types and port numbers Item Connection Default port UI where you can configure type number the connection \BlackBerrySNMPAg ent\Parameters \UDPPort • On a 64-bit version of Windows: HKEY_LOCAL_MACHI NE\SOFTWARE \WOW6432Node \Research In Motion \BlackBerrySNMPAg...
Page 389 Administration Guide BlackBerry Messaging Agent connection types and port numbers Item Connection Default port UI where you can configure type number the connection Enterprise Server \Agents \TcpPortDispatcher incoming data connections from, and outgoing data 1433 Windows registry connections to, the BlackBerry Configuration Database •...
Page 390: Blackberry Mds Connection Service Connection Types And Port Numbers
Administration Guide BlackBerry MDS Connection Service connection types and port numbers Item Connection Default port UI where you can configure type number the connection \WOW6432Node \Research In Motion \BlackBerry Enterprise Server \Agents\SysLogHost outgoing syslog connections to the SNMP agent 4071 Windows registry •...
Page 391 Administration Guide BlackBerry MDS Connection Service connection types and port numbers Item Connection Default port UI where you can configure type number the connection if access control for push applications is turned on, HTTPS 8443 BlackBerry Administration incoming connections for the HTTP listener port...
Page 392: Blackberry Monitoring Service Connection Types And Port Numbers
Administration Guide BlackBerry Monitoring Service connection types and port numbers Item Connection Default port UI where you can configure type number the connection \BlackBerrySNMPAg ent\Parameters \UDPPort incoming data connections for reliable pushes 7874 BlackBerry Administration Service BlackBerry Monitoring Service connection types and port...
Page 393: Blackberry Policy Service Connection Types And Port Numbers
Administration Guide BlackBerry Policy Service connection types and port numbers BlackBerry Policy Service connection types and port numbers Item Connection Default port UI where you can configure type number the connection incoming data connections from, and outgoing data 3200 —...
Page 394 Administration Guide BlackBerry Router connection types and port numbers Item Connection Default port UI where you can configure type number the connection Windows® registry • On a 32-bit version of Windows: HKEY_LOCAL_MACHI NE\SOFTWARE \Research In Motion \BlackBerryRouter \ServicePort • On a 64-bit version of...
Page 395 Administration Guide BlackBerry Router connection types and port numbers Item Connection Default port UI where you can configure type number the connection • On a 32-bit version of Windows: HKEY_LOCAL_MACHI NE\SOFTWARE \Research In Motion \BlackBerryRouter \DevicePort • On a 64-bit version of...
Page 396: Blackberry Synchronization Service Connection Types And Port Numbers
Administration Guide BlackBerry Synchronization Service connection types and port numbers BlackBerry Synchronization Service connection types and port numbers Item Connection Default port UI where you can configure type number the connection incoming data connections from, and outgoing data 3200 —...
Page 397: Ibm Lotus Sametime Connection Type And Port Number
TCP/IP 1533 IBM® Lotus® Sametime® connections to the BlackBerry® Collaboration Service Administration Tool Microsoft Exchange connection types and port numbers Item Connection Default port UI where you can configure...
Page 398: Microsoft Office Live Communications Server 2005 Connection Types And Port Numbers
5060 Microsoft Office Live connections to, the connector for the Microsoft Office Communications Server Live Communications Server BlackBerry Client for use with Microsoft Office Live Communications Server 2005 connection types and port numbers Item Connection Default port...
Page 399: Snmp Agent Connection Types And Port Numbers
Syslog connection type and port number Item Connection Default port UI where you can configure type number the connection listener port for the BlackBerry® Enterprise Server Windows® registry events • On a 32-bit version of Windows: HKEY_LOCAL_MACHI NE\SOFTWARE \Research In Motion...
Page 400 Syslog connection type and port number Item Connection Default port UI where you can configure type number the connection Enterprise Server \Logging Info \<component>\ (Default) • On a 64-bit version of Windows: HKEY_LOCAL_MACHI NE\SOFTWARE \WOW6432Node \Research In Motion \BlackBerry Enterprise Server \Logging Info \<component>\ (Default)
Page 401: Troubleshooting
BlackBerry Configuration Database. If necessary, restart the BlackBerry Configuration Database. Troubleshooting: BlackBerry Enterprise Server Performance A BlackBerry Enterprise Server that you installed remotely from the BlackBerry Configuration Database uses an unexpected amount of system resources and increases wireless network traffic Possible cause...
Page 402: Microsoft Sql Server Uses A Considerable Amount Of Disk Space
BlackBerry Enterprise Server instance. Press ENTER. To turn on the address book refresh feature for a BlackBerry Enterprise Server again, use the same command with a value of True. Microsoft SQL Server uses a considerable amount of disk space Possible cause Reorganizing or rebuilding an index in Microsoft®...
Page 403: You Cannot Create A User Account In The Blackberry Administration Service
Click Email. Click Refresh available user list from company directory. The background process to refresh the user list starts. The amount of time that the BlackBerry Administration Service requires to refresh the user list depends on the size of the directory.
Page 404: Text Does Not Appear Correctly In Unicode Email Messages
The IBM® Lotus® Sametime® API cannot retrieve phone numbers for instant messaging contacts from the IBM Lotus Sametime server. If the BlackBerry Enterprise Server is located in a network that does not permit direct HTTP connections to the IBM Lotus Sametime server, the BlackBerry Collaboration Service cannot retrieve the phone numbers from the IBM Lotus Sametime server instead of the IBM Lotus Sametime API.
Page 405 You must configure a proxy server that prevents your organization's BlackBerry Enterprise Server from receiving HTTP requests from external servers. If the BlackBerry Enterprise Server is located in an unrestricted network that permits direct HTTP connections to the IBM Lotus Sametime server, the BlackBerry Collaboration Service establishes an HTTP connection to the IBM Lotus Sametime server automatically to retrieve the phone numbers.
Page 406: Disappeared
If a user is logged in to Microsoft Office Communicator on both a computer and a BlackBerry device and the user does not accept a notification about an instant message on the computer before the notification disappears, the notification about the instant message disappears from the computer but remains on the BlackBerry device.
Page 407: Troubleshooting: Blackberry Web Desktop Manager
Service is configured to use HTTPS to connect to the Microsoft Office Communicator Web Access server. Troubleshooting: BlackBerry Web Desktop Manager Troubleshooting: Users cannot log in to the BlackBerry Web Desktop Manager Possible cause Possible solution You might have specified an incorrect URL for the Change the BlackBerry Configuration Database URL.
Page 408: Troubleshooting: Connections To The Wi-Fi Network
In the Wi-Fi field, verify that the name of the Wi-Fi network appears. If the name does not appear, resend the IT policy to the BlackBerry device, or instruct the user to configure a Wi-Fi profile on the BlackBerry device.
Page 409 • Use a wireless device, such as a computer, to ping the BlackBerry Router. The ping tests whether the BlackBerry Router is on the ACL of the access point. • If access point logs are available, view the logs to determine the error that occurred.
Page 410: Status Indicators
Options. In the Display Mode drop-down list, click Advanced. A user cannot see Wi-Fi connection settings on a Wi-Fi enabled BlackBerry device Possible cause The Wi-Fi® enabled BlackBerry® device is not configured to permit a user to make changes to the Wi-Fi configuration settings. Possible solution In the BlackBerry Administration Service, change the WLAN Allowed Handheld Changes configuration setting in the Wi-Fi profile to Yes.
Page 411 AP MAC Address This field specifies the MAC address of the wireless access point that the BlackBerry device is associated with. When the BlackBerry device displays a value for the AP MAC Address, the BlackBerry device is associated with the access point.
Page 412 Field Description Signal Level The field specifies the current signal strength of the BlackBerry device. The value is based on the signal percentage level, from none to excellent. Connection Data Rate This field specifies the data rate in Mbps. IEEE® 802.11b™ has a data rate of 11 Mbps, and IEEE®...
Page 413 VPN protects. The subnet mask and IP address provide information about the subnet that the BlackBerry device has connected to. Retry at If a BlackBerry cannot log in, this field specifies the next date and time that the BlackBerry device can try to log in. Session Lifetime...
Page 414 Field Description Connection Preference This field specifies how the BlackBerry device tries to connect to the mobile network provider’s voice and data services. Using the following settings, you or the user can configure how the BlackBerry device accesses the mobile network provider’s voice and data services:...
Page 415 BlackBerry device is idle. Status fields for BlackBerry Infrastructure connections The connection status indicators for the BlackBerry® Infrastructure appear on a BlackBerry device when a user makes a Wi-Fi® connection or tries to make a Wi-Fi connection. Field...
Page 416: A Blackberry Device Cannot Open A Vpn Connection
This field specifies the IP address of the server that performs authentication. Last Contact At This field specifies the last time that the BlackBerry device had contact with the BlackBerry Enterprise Server through the BlackBerry Infrastructure. A BlackBerry device cannot open a VPN connection...
Page 417: Verify Whether A Blackberry Device Can Resolve An Ip Address
On the menu, click Send ping. Look up a computer name to resolve an IP address Using a BlackBerry® device, a user can look up a computer name in the DNS server to resolve network or domain names and IP addresses.
Page 418: Troubleshooting: Blackberry Administration Service Pools
Possible cause If BlackBerry® Administration Service instances are located in different network segments that are separated by a firewall, the firewall can block the dynamic ports on the BlackBerry Administration Service. Possible solution...
Page 419: Troubleshooting: It Policies
IT policy packs, search the BlackBerry Technical Solution Center at www.blackberry.com/ support. For example, to find the IT policy pack that includes the IT policy rules for BlackBerry® Device Software 5.0, search for "IT policy rules for BlackBerry Device Software 5.0".
Page 420: Glossary
American National Standards Institute application programming interface ARFCN absolute radio frequency channel ASCII American Standard Code for Information Interchange blind carbon copy BlackBerry CAL A BlackBerry® Client Access License (BlackBerry CAL) limits how many users you can add to a BlackBerry® Enterprise Server.
Page 421 Connected Limited Device Configuration CMIME Compressed Multipurpose Internet Mail Extension content protection Content protection helps protect user data on a locked BlackBerry device by encrypting the user data using the content protection key and ECC private key. certificate revocation list certificate signing request...
Page 422 Extensible Authentication Protocol Transport Layer Security EAP-TTLS Extensible Authentication Protocol Tunneled Transport Layer Security Extensible Authentication Protocol Enterprise Service Policy The Enterprise Service Policy controls which BlackBerry devices can connect to a BlackBerry® Enterprise Server. Email Transfer Protocol FQDN fully qualified domain name...
Page 423 Gateways and routing components use this information to identify the type and source of the BlackBerry device data, and the appropriate destination service to route the data to.
Page 424 Administration Guide Glossary An IT policy consists of various IT policy rules that control the security features and behavior of BlackBerry smartphones, BlackBerry® PlayBook™ tablets, the BlackBerry® Desktop Software, and the BlackBerry® Web Desktop Manager. IT policy rule An IT policy rule permits you to customize and control the actions that BlackBerry smartphones, BlackBerry®...
Page 425 Administration Guide Glossary mobile country code messaging server A messaging server sends and processes messages and provides collaboration services, such as updating and communicating calendar and address book information. MIDP Mobile Information Device Profile MIME Multipurpose Internet Mail Extensions mirror database In database mirroring, a mirror database is a standby copy of a principal database.
Page 426 Administration Guide Glossary Protected Extensible Authentication Protocol personal information management personal identification number PKCS Public-Key Cryptography Standards Public Key Infrastructure principal database In database mirroring, a principal database is the database that starts the mirroring session. pre-shared key Record Management System remote procedure call Rich Text Format subject alternative name...
Page 427 Structured Query Language Server Routing Protocol SRP ID The SRP ID is a unique identifier for the BlackBerry® Enterprise Server that the BlackBerry Enterprise Server uses to identify itself to the BlackBerry® Infrastructure during SRP authentication. SSID service set identifier...
Page 428 Administration Guide Glossary unique identifier Unlicensed Mobile Access Universal Naming Convention Universal Serial Bus UCS Transformation Format UTF-8 8-bit UCS/Unicode Transformation Format UTF-16LE UCS Transformation Format 16 Little Endian virtual private network VoIP Voice over Internet Protocol Wireless Application Protocol Wired Equivalent Privacy witness In database mirroring, a witness is a Microsoft®...
Page 429: Provide Feedback
Administration Guide Provide feedback Provide feedback To provide feedback on this deliverable, visit www.blackberry.com/docsfeedback.
Page 430: Legal Notice
Legal notice Legal notice ©2011 Research In Motion Limited. All rights reserved. BlackBerry®, RIM®, Research In Motion®, and related trademarks, names, and logos are the property of Research In Motion Limited and are registered and/or used in the U.S. and countries around the world.
Page 431 Some airtime service providers might not offer Internet browsing functionality with a subscription to the BlackBerry® Internet Service. Check with your service provider for availability, roaming arrangements, service plans and features. Installation or use of Third Party Products and Services with RIM's products and services may require one or more patent, trademark, copyright, or other licenses in order to avoid infringement or violation of third party rights.
Page 432 RIM. Certain features outlined in this documentation require a minimum version of BlackBerry® Enterprise Server, BlackBerry® Desktop Software, and/or BlackBerry® Device Software.

Blackberry PRD-10459-016 - Enterprise Server For MS Exchange Administration Manual

1 Overview: Blackberry Enterprise Server

2 Log in to the Blackberry Administration Service for the First Time

3 Creating Administrator Accounts

4 Using an IT Policy to Manage Blackberry Enterprise Solution Security

5 Configuring Security Options

6 Configuring the Blackberry Enterprise Server Environment

7 Configuring User Accounts

8 Assigning Blackberry Devices to Users

9 Configuring Blackberry Enterprise Server High Availability

10 Configuring High Availability for Blackberry Enterprise Server Components

11 Configuring Blackberry Configuration Database High Availability

12 Sending Software and Blackberry Java Applications to Blackberry Devices

13 Alternative Methods for Installing Blackberry Java Applications on Blackberry Devices

14 Configuring How Users Access Enterprise Applications and Web Content

15 Setting up the Messaging Environment

16 Configuring Blackberry Devices to Enroll Certificates over the Wireless Network

17 Making the Blackberry Web Desktop Manager Available to Users

18 Configuring the Blackberry Web Desktop Manager

19 Creating and Configuring Wi-Fi Profiles and VPN Profiles

Quick Links

Microsoft Exchange

Troubleshooting

Related Manuals for Blackberry PRD-10459-016 - Enterprise Server For MS Exchange

Summary of Contents for Blackberry PRD-10459-016 - Enterprise Server For MS Exchange