Add an administrator account to a group .......................... 36 Specify an email address for the BlackBerry Administration Service .................. 37 Permit an administrator to log in to the BlackBerry Administration Service using a messaging server account ....37 Assign a BlackBerry device to an administrator account ....................38 Using an IT policy to manage BlackBerry Enterprise Solution security ..........
Page 4
Delete an IT policy ................................57 Configuring security options ......................58 Encrypting data that the BlackBerry Enterprise Server and a BlackBerry device send to each other ........58 Algorithms that the BlackBerry Enterprise Solution uses to encrypt data ..............58 Change the symmetric key encryption algorithm that the BlackBerry Enterprise Solution uses ........
Page 5
Adding a user account to the BlackBerry Enterprise Server ....................85 Add a user account ..............................85 Create a user account that is not in the contact list in the BlackBerry Configuration Database ........86 Export a list of user accounts ............................87 Importing a list of user accounts to a BlackBerry Enterprise Server ................
Page 6
Use the BlackBerry Administration Service to find the time and reason for the last automatic failover event ....109 Fail over the BlackBerry Enterprise Server manually using the BlackBerry Administration Service ........109 Fail over the BlackBerry Enterprise Server manually using the BlackBerry Configuration Panel ........110 Configuring high availability for BlackBerry Enterprise Server components ........
Page 7
................................133 Start the BlackBerry Enterprise Server instances ...................... 134 Reacting if the BlackBerry Configuration Database that you configured for transactional replication stops responding ..134 Return to the BlackBerry Configuration Database when you configured transactional replication ........135 Configuring a new mirror BlackBerry Configuration Database ..................
Page 8
Share the Research In Motion folder that contains the BlackBerry Java Application ..........176 Configure the standalone application loader tool to install the BlackBerry Java Application in automated mode ..177 Install the BlackBerry Java Application using the standalone application loader tool ..........177 Installing BlackBerry Java Applications using a web browser on BlackBerry devices ............
Page 9
Configuring how the BlackBerry MDS Connection Service connects to BlackBerry devices ..........201 Specify the maximum amount of data that a BlackBerry MDS Connection Service can send to BlackBerry devices ..201 Specify the pending content timeout limit for a BlackBerry MDS Connection Service ..........202 Permit Java applications to use scalable socket connections with a BlackBerry MDS Connection Service ....
Page 10
Map a contact list field in an email application to a contact list field on a BlackBerry device ........214 Map a contact information field in an email application to contact list fields on BlackBerry devices ......215 Map a contact list field in an email application to a contact list field on a BlackBerry device ........215 Configuring BlackBerry devices to enroll certificates over the wireless network ......
Page 11
Prerequisites: Distributing a certificate using the BlackBerry Desktop Manager ............252 Distribute a certificate using the BlackBerry Desktop Manager ................. 252 Configure PEAP configuration settings in the Wi-Fi profile on a BlackBerry device ............. 253 Configuring EAP-TLS authentication ..........................254 Configure EAP-TLS authentication data for BlackBerry devices using a Wi-Fi profile ..........
Page 12
Preparing a device for redistribution to a new user ......................274 Use the BlackBerry Administration Service to delete user data and assign the device to a new user ......274 Use the BlackBerry Administration Service to delete device data and disable the device before assigning the device to a new user ..............................
Page 13
Change how to install, update, or remove BlackBerry Java Applications ..............294 Change how to install or update the BlackBerry Device Software ................296 Change how the BlackBerry Enterprise Server sends standard application settings to BlackBerry devices ....297 Managing the distribution settings for a specific job ......................298 Specify the start time and priority for a job ........................
Page 14
Turn off organizer data synchronization for a specific user account ................330 Changing how organizer data synchronizes ........................331 Change the direction of organizer data synchronization for all user accounts on a BlackBerry Enterprise Server ..331 Change the direction of organizer data synchronization for a specific user account ........... 331 Change how the BlackBerry Administration Service resolves conflicts during organizer data synchronization for all user accounts on a BlackBerry Enterprise Server ......................
Page 15
Prevent a user from searching for remote email messages using a device ..............342 Managing email messages that contain HTML and rich content ..................343 View whether a user turned on support for email messages that contain HTML and rich content for a BlackBerry device ..................................343 Turn off support for rich text formatting and inline images in email messages for users on a BlackBerry Enterprise Server ..................................
Page 16
Change the maximum file size of attachments that users can download ..............367 Managing calendars ........................369 Configuring the BlackBerry Enterprise Server to use Microsoft Exchange Web Services or MAPI and CDO libraries ... 369 Prerequisites: Configuring the BlackBerry Enterprise Server to use Microsoft Exchange Web Services ....... 369 Turn off client throttling in Microsoft Exchange 2010 ....................
Page 17
Prevent users from sending specific file types to instant messaging contacts using the BlackBerry Client for IBM Lotus Sametime ............................... 388 Specifying the maximum size of file types that users can send using the BlackBerry Client for IBM Lotus Sametime .. 388 Prevent users from sending instant messaging conversations in email messages ............389 Prevent users from saving instant messaging conversations ..................
Page 18
Change the port number that BlackBerry Enterprise Server components use to connect to the BlackBerry Configuration Database ..............................421 Change the port number that the syslog tools use to monitor BlackBerry Enterprise Server events ........422 BlackBerry Controller and BlackBerry Enterprise Server Component Monitoring ......423 How the BlackBerry Controller monitors the BlackBerry Enterprise Server components ...........
Page 19
A user did not accept a notification about an instant message on a computer and the notification disappeared ..476 A user receives a 301 error when the user logs in to an instant messaging application on a BlackBerry device ... 476 Troubleshooting: BlackBerry Web Desktop Manager .......................
Overview: BlackBerry Enterprise Server The BlackBerry Enterprise Server is designed to be a secure, centralized link between an organization's wireless network, communications software, applications, and BlackBerry smartphones. The BlackBerry Enterprise Server integrates with your organization's existing infrastructure to provide smartphone users with mobile access to your organization's resources.
Getting started in your BlackBerry Enterprise Server environment The following table lists the tasks that administrators typically perform after installing a BlackBerry Enterprise Server, and the chapter or section in the BlackBerry Enterprise Server Administration Guide that contains the information required to complete the task.
Page 23
IT policies or create new IT policies. • Section: Using an IT policy to manage BlackBerry Enterprise Solution security Add user accounts to the BlackBerry Enterprise Server. Configuring user accounts • Section: Adding a user account to the BlackBerry Enterprise Server Create groups.
Page 24
Configure BlackBerry Enterprise Server high availability. Configuring BlackBerry Enterprise Server high availability Optional tasks Task Chapter Update BlackBerry Device Software on BlackBerry devices. Visit www.blackberry.com/go/serverdocs to see the BlackBerry Device Software Update Guide. Make the BlackBerry Web Desktop Manager available to Making the BlackBerry Web Desktop Manager available to users and configure the BlackBerry Web Desktop Manager.
Page 25
Use the BlackBerry Monitoring Service to troubleshoot Visit www.blackberry.com/go/serverdocs to see the issues and monitor the health of a BlackBerry Enterprise BlackBerry Enterprise Server Monitoring Guide. Server. Change how the BlackBerry Enterprise Server creates log BlackBerry Enterprise Server log files...
Click Log in. Related information Best practice: Running the BlackBerry Enterprise Server, The web browser displays an HTTP 404 or HTTP 504 error message when it tries to connect to a BlackBerry Administration Service instance, There is a problem with this website's...
Log in to the BlackBerry Administration Service for the first time Possible solution Add the web address for the BlackBerry Administration Service to the list of trusted web sites in Windows Internet Explorer, and install the certificate for the BlackBerry Administration Service in the certificate store of your computer.
Page 28
Administration Guide Log in to the BlackBerry Administration Service for the first time 2. Click I Understand the Risks. 3. Click Add Exception. 4. Click Confirm Security Exception. 5. Close and reopen the browser.
You can also assign roles to groups and add administrator accounts to groups. This allows you to specify administrative role permissions at a group level instead of at an individual level. If the group contains BlackBerry device users, the roles are also assigned to the users and the users become administrators.
Page 30
Administration Guide Creating administrator accounts Senior Junior Enterprise Server only User only Permission name Security role Helpdesk Helpdesk role role role role role Create a group Delete a group View a group (across Group) Edit a group (across Group) Create a user Delete a user View a user (across Group) Edit a user (across Group)
Page 31
Resend data to devices Create a software configuration View a software configuration Edit a software configuration Delete a software configuration View BlackBerry Administration Service software management Edit BlackBerry Administration Service software management Create an application View an application Edit an application...
Page 32
Administration Guide Creating administrator accounts Senior Junior Enterprise Server only User only Permission name Security role Helpdesk Helpdesk role role role role role Clear synchronization backup data Clear user statistics Export statistics Reset user field mapping Turn on redirection Turn off redirection Refresh available user list from company directory Add User from Company...
Page 33
Edit job distribution settings Delete an instance Edit license keys View license keys Manually fail a job Clear instance statistics View push rules for the BlackBerry MDS Connection Service View pull rules for the BlackBerry MDS Connection Service Send message (across Group)
You can create roles for administrator accounts so that administrators in your organization can perform specific tasks and view specific information in the BlackBerry Administration Service, BlackBerry Monitoring Service, and BlackBerry Web Desktop Manager. For example, you can create a role that has all permissions turned off by default and you can customize the role by turning on specific permissions.
Create an administrator account You can create an account for administrators so that they can log in to the BlackBerry Administration Service and manage the BlackBerry Enterprise Server. You create an administrator account and assign the account to one or more roles. The...
Note: If you add a role to a group, all accounts in the group become administrator accounts and have all of the permissions that are assigned to that role, even if the accounts are user accounts for BlackBerry device users.
BlackBerry Administration Service using a messaging server account You can permit an administrator to log in to the BlackBerry Administration Service using a user name and password for the messaging server. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User.
10. Click Save all. Assign a BlackBerry device to an administrator account You can assign a BlackBerry device to an administrator without creating a separate user account. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User. Click Manage users.
By default, if you do not assign an IT policy to the user account or group, the BlackBerry Enterprise Server sends the Default IT policy. If you delete an IT policy that you assigned to the user account or group, the BlackBerry Enterprise Server automatically re-assigns the Default IT policy to the user account and resends the Default IT policy to the device.
Using an IT policy to manage BlackBerry Enterprise Solution security To use an IT policy rule on a BlackBerry device, you must verify that the BlackBerry Device Software version supports the IT policy rule. For example, you cannot use the Disable Camera IT policy rule to control whether a BlackBerry device user can access the camera on the device if the BlackBerry Device Software version does not support the IT policy rule.
Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security Preconfigured IT policy Description Medium Security with No 3rd Party Similar to the Medium Password Security, this policy requires a complex Applications password that a user must change frequently, a security timeout, and a maximum password history.
Page 42
Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security IT policy rule Default IT Individual- Basic Medium Medium Advanced Advanced policy Liable Password Password Password Security IT Security Device IT Security IT Security IT Security policy with No 3rd...
Page 43
Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security IT policy rule Default IT Individual- Basic Medium Medium Advanced Advanced policy Liable Password Password Password Security IT Security Device IT Security IT Security IT Security policy with No 3rd...
Enterprise Upgrade Creating and importing IT policies Create an IT policy In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy. Click Create an IT policy. Type a name and description for the IT policy. Click Save.
CAUTION: For you to import IT policy data successfully, the IT policy data file must contain all of the IT policies that are assigned to user accounts and groups in the BlackBerry Domain that you are importing IT policy data to.
Preconfigured IT policies, Import IT policy rules from an IT policy pack You can import the IT policy rules that Research In Motion releases in an IT policy pack into your organization's BlackBerry Enterprise Server. Download the IT policy pack to your computer and extract the contents of the file.
Using an IT policy to manage BlackBerry Enterprise Solution security Assign an IT policy to a group In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Group. Click Manage groups. In the Manage groups section, click the group that you want to assign an IT policy to.
Manager apply the configuration changes immediately. By default, the BlackBerry Enterprise Server is designed to resend an IT policy to the device within a short period of time after you update the IT policy using the BlackBerry Administration Service. You can also resend an IT policy to a specific device manually.
You can assign IT policies directly to a user account or to a group. By default, if you do not assign an IT policy to a user account or a group that the user is a member of, the BlackBerry Enterprise Server applies the Default IT policy to the user account.
Option 1: Applying one IT policy to each user account You can configure the BlackBerry Enterprise Server to apply only one IT policy to a user account when a user account is a member of multiple groups that have different IT policies. In this scenario, the BlackBerry Enterprise Server applies the IT policy that you ranked the highest in the BlackBerry Administration Service.
Option 2: Applying multiple IT policies to each user account, Rank IT policies You must rank the IT policies that you create so that the BlackBerry Enterprise Server can resolve IT policy conflicts when a user account is a member of multiple groups that have different IT policies.
Page 52
Using an IT policy to manage BlackBerry Enterprise Solution security If you install BlackBerry Enterprise Server 5.0 SP2 or later, this is the default method for resolving IT policy conflicts. If you upgrade to BlackBerry Enterprise Server 5.0 SP2 or later from a previous version of the BlackBerry Enterprise Server, the default method for resolving IT policy conflicts is to assign one IT policy to each user account according to the rankings of the IT policies that you specify in the BlackBerry Administration Service.
Page 53
Option 2: Applying multiple IT policies to each user account, Rank IT policies You must rank the IT policies that you create so that the BlackBerry Enterprise Server can resolve IT policy conflicts when a user account is a member of multiple groups that have different IT policies.
If you change the Disable users with unapplied IT policy option to True, by default, the BlackBerry Enterprise Server sends the IT policy to the BlackBerry devices every 30 minutes until the BlackBerry devices apply the IT policy or the time limit...
If the time limit expires, the BlackBerry Enterprise Server deactivates the BlackBerry device PINs. The permitted range for this option is 0 hours to 8760 hours. If you specify 0 hours, BlackBerry devices deactivate when the IT policy cannot apply automatically.
If you export all IT policy data to a data file, you must create an encryption password for the data file that you can use to protect the data file. You can import the data file at a later time to another BlackBerry Domain.
Using an IT policy to manage BlackBerry Enterprise Solution security 10. Click Close. Delete an IT policy In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy. Click Manage IT policies. In the list of IT policies, click an IT policy.
BlackBerry Enterprise Solution uses BlackBerry transport layer encryption. BlackBerry transport layer encryption is designed to encrypt data from the time that a BlackBerry device user sends a message from the BlackBerry device to when the BlackBerry Enterprise Server receives the message, and from the time that the BlackBerry Enterprise Server sends a message to when the BlackBerry device receives the message.
BlackBerry Enterprise Solution to use. Click Save All. After you finish: Re-activate all of the BlackBerry devices that are located in the BlackBerry Domain so that users can send and receive email messages on their BlackBerry devices.
BlackBerry Enterprise Server. To add a new BlackBerry device, on the Add new allowed PINs tab, in the New allowed PINs field, type the PIN for the BlackBerry device. Click the Add icon.
To extend messaging security, you must instruct the BlackBerry device user to install the PGP Support Package for BlackBerry smartphones on the BlackBerry device and to transfer the PGP private key of the BlackBerry device user to the BlackBerry device. The BlackBerry device user can use the PGP private key to digitally sign, encrypt, and send PGP protected messages from the BlackBerry device.
Configure the BlackBerry Enterprise Solution to support PGP encryption Configure the PGP Universal Server Address IT policy rule in the IT policy that you assign to BlackBerry device users. Instruct users to install the PGP Support Package for BlackBerry smartphones on BlackBerry devices.
Page 63
True. • To permit BlackBerry device users that have email applications that do not support S/MIME to read the text of an S/MIME-protected message, in the Send S/MIME messages in clear-signed format drop-down list, click True.
Use PKCS #7 MIME type drop-down list, click True. Click Save all. To make sure that the changes take effect immediately, perform the following actions to restart the BlackBerry Messaging Agent: On the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain >...
S/MIME message protection or PGP message protection that applies to the email messages. If a user does not select a message classification, by default, the BlackBerry device applies the first classification in the message classification list on the BlackBerry device. You can change the order that the BlackBerry device lists the classifications in.
After you finish: If you create more than one message classification, order the message classifications in the list. By default, if a user does not select a message classification, the BlackBerry device applies the first message classification in the list.
PIN-message encryption By default, all BlackBerry devices store a common PIN encryption key that they use to protect PIN messages. To limit the number of devices that can decrypt PIN messages that BlackBerry device users in your organization send from their devices, you can generate a new PIN encryption key that is stored on and known only to devices in your organization.
Internet, running applications that communicate with application servers and content servers, sending or receiving instant messages, or making calls using VoIP. You can turn off the BlackBerry services if you want to enhance security, save bandwidth on the wireless network, or conserve system resources on the computer.
The BlackBerry device user changes the time or time zone on the BlackBerry device. To change when the memory cleaner application runs, you can use IT policies or the BlackBerry device user can turn on or turn off the memory cleaner application in the Security options on the BlackBerry device.
Start the memory cleaner after a specific amount of time Set the Memory Cleaner Maximum Idle Time IT policy rule has elapsed. to the desired time (for example, 10 minutes). For more information, see the BlackBerry Enterprise Server Policy Reference Guide and S/MIME Support Package User Guide Supplement.
BlackBerry Mail Store Service, BlackBerry Policy Service, and BlackBerry Synchronization Service to manual. To avoid errors in the BlackBerry Enterprise Server, do not change the startup type for the BlackBerry Enterprise Server services. Do not change the account information...
Proxy servers typically do not permit network traffic between servers that are on the same side of the firewall, so you can configure certain BlackBerry Enterprise Server components to use a .pac file, or to access the Internet directly through a proxy server.
You can specify more than one proxy string in a proxy mapping rule for a web address. If the BlackBerry Enterprise Server component cannot access the web server using the first proxy string, it tries to access the web server using the subsequent proxy strings that you specify, until the component accesses the web server.
BlackBerry devices. Before you begin: If you want to configure the BlackBerry MDS Connection Service to authenticate to a proxy server on behalf of BlackBerry devices, turn on authentication support for the BlackBerry MDS Connection Service.
Depending on the operating system on the computer that hosts the BlackBerry Administration Service instance, you can use the Proxy Configuration Tool or the Network Shell Utility to manually select a proxy server for a BlackBerry Administration Service instance. You must configure manual proxy selection for all of the computers that host a BlackBerry Administration Service instance.
Page 76
If you want to configure the BlackBerry Administration Service to use the Web Proxy Autodiscovery Protocol to select a proxy server automatically, you must use the BlackBerry Enterprise Trait Tool. The Web Proxy Autodiscovery Protocol uses DHCP and DNS to find a PAC file. Perform this task on any computer that hosts a BlackBerry Administration Service instance.
BlackBerry Enterprise Trait Tool. You can specify the credentials for either the entire BlackBerry Domain or for individual BlackBerry Administration Service instances. The BlackBerry Administration Service tries the credentials that you specify for the BlackBerry Administration Service instance first and then tries the credentials that you specify for the BlackBerry Domain.
Page 78
BlackBerry Administration Service instance and <password> is the password for the computer. Delete credentials for HTTP basic authentication On the computer that hosts the BlackBerry Administration Service, at the command prompt, navigate to the folder that contains the TraitTool.exe file. Perform one of the following tasks:...
Enterprise Server instance that you want to use the BlackBerry MDS Connection Service. Click Add. Repeat steps 4 and 5 for each BlackBerry Enterprise Server instance that you want to have use the BlackBerry MDS Connection Service. Click Save all.
Configuring support for Unicode languages Configure support for Unicode languages You can make sure that the messaging application can display the Unicode messages that the BlackBerry device sends by configuring the BlackBerry Enterprise Server to support Unicode languages (for example, Japanese, Korean, or Simplified Chinese).
(for example, if email applications cannot display attachment file names or contact lists correctly), you can configure the BlackBerry Enterprise Server to select another character encoding to use to process Unicode messages. Before you begin: Configure support for Unicode languages.
To configure the BlackBerry Enterprise Server to select the most appropriate character encoding when it encodes email messages that use RTF or HTML, type 2. If the BlackBerry Enterprise Server cannot identify which character encoding to use, the BlackBerry Enterprise Server encodes email messages that use RTF or HTML in UTF-8.
Page 83
Visit http://support.microsoft.com/kb/923537/en-us to download and install the required hotfix on the computer that will host the BlackBerry Enterprise Server. On the BlackBerry Enterprise Server, on the Start menu, click Run. Type regedit. Click OK. Perform one of the following actions: •...
You can create user groups and assign user accounts to user groups based on custom criteria, such as user location, organizational group, or BlackBerry device model. User accounts that are part of a user group can exist on multiple BlackBerry Enterprise Server instances in the BlackBerry Domain.
Assigning BlackBerry devices to users, Add a user account You can add a user account to the BlackBerry Enterprise Server, assign a BlackBerry device to a user account and activate the BlackBerry device. The user account must exist on your organization's messaging server.
You can create a user account for a user even if the did not yet synchronize the contact information for the user account to the BlackBerry Configuration Database. If the BlackBerry Mail Store Service did not synchronize the contact information and you create a user account, the BlackBerry Administration Service does not display the user account in the search results.
Export a list of user accounts You can export a list of user accounts from a BlackBerry Enterprise Server to a .csv file. The .csv file contains information about the user accounts, such as the user ID, display name, PIN and email address. You can import the list of user accounts to another BlackBerry Enterprise Server.
Page 88
Configuring user accounts incorrectly formatted in the .csv file), the BlackBerry Administration Service continues to process the remaining actions that are listed in the file and displays an error message for the action that the BlackBerry Administration Service could not process.
Page 89
"jbuac@example.com","JBUAC0011,"Admins","specify", "asdf","24" Import multiple user accounts from a .csv file You can import a list of user accounts from a .csv file to a BlackBerry Enterprise Server so that you can manage the user accounts. Before you begin: Create a .csv file.
Page 90
Administration Guide Configuring user accounts Click Import new users. In the Import users from a list section, click Browse. Navigate to the .csv file that contains the user accounts that you want to import. Click Continue. Perform the appropriate actions for the user accounts.
BlackBerry device. You can synchronize messages for a new user or for a user whose PIN changed when they received a replacement BlackBerry device. When the BlackBerry Enterprise Server synchronizes messages onto a BlackBerry device, it applies the message filter rules and redirection settings that are specific to the user account.
In the Prepopulation by message count field, type 0. Click Save all. Assigning BlackBerry devices to user accounts To assign BlackBerry devices to user accounts and activate the BlackBerry devices, you can use any of the following methods: Method Description...
Wi-Fi network. If you add a user account that was previously located on another BlackBerry Enterprise Server in a different BlackBerry Domain, or the user previously used the BlackBerry Desktop Redirector, you must assign a BlackBerry device to the user account using the BlackBerry Administration Service.
To activate a BlackBerry device over the wireless network, you assign an activation password to a user account. The user receives the activation password in an email message and associates the BlackBerry device with the email account by typing the password on the BlackBerry device.
Page 95
Assigning BlackBerry devices to users Activation passwords The BlackBerry Enterprise Server activates a BlackBerry device over the wireless network using the wireless activation authentication protocol and an activation password that is specific to the user account associated with the BlackBerry device. Item...
Page 96
You can customize the type of activation password and the number of characters the password can contain that you send to BlackBerry devices in a BlackBerry Domain. You can also change the length of time that the activation password exists before it expires.
When users complete the activation process, the BlackBerry Enterprise Server sends email messages and organizer data to the BlackBerry devices through the BlackBerry Router. If a connection to the BlackBerry Router is interrupted, the data transfer continues over the wireless network.
(also known as a Mail User Agent). As an SMTP client, the BlackBerry Router communicates with an SMTP server, that sends an ETP message to the user. The ETP message is the email message that the BlackBerry Router sends to the user’s mailbox during the activation process.
Page 99
• To restrict the BlackBerry Router so that it acts only as a gateway for BlackBerry device activations over the enterprise Wi-Fi network, on a computer that does not host a BlackBerry Enterprise Server, install a BlackBerry Router whose only purpose is to provide a connection to Wi-Fi enabled BlackBerry devices over the enterprise Wi-Fi network.
Page 100
If you want to activate a Wi-Fi enabled BlackBerry device using the enterprise Wi-Fi network, you can instruct a BlackBerry user to perform the following task on the BlackBerry device. If you want to reactivate a BlackBerry device, you must create a new activation password for the BlackBerry device.
Check the health of a BlackBerry Enterprise Server If you configured BlackBerry Enterprise Server high availability, you can check the health of a BlackBerry Enterprise Server instance to verify that it is running as expected. In the BlackBerry Administration Service, in the Servers and components menu, expand High availability.
Administration Guide Configuring BlackBerry Enterprise Server high availability receives this information in real time from the BlackBerry Enterprise Server instance so that the failover status is always up- to-date. How the BlackBerry Enterprise Server uses health parameters The BlackBerry Enterprise Server uses health parameters to define the failover and promotion thresholds. The health parameters indicate if a BlackBerry Enterprise Server service or component is healthy or unhealthy.
Page 103
For failover to occur when the standby BlackBerry Enterprise Server can provide the same services that the primary BlackBerry Enterprise Server can provide when it is healthy, you can move the promotion threshold so that it is equal to the failover threshold.
BlackBerry Enterprise Server meets all of your organization’s requirements. In this scenario, you configure the standby BlackBerry Enterprise Server to promote itself when it can provide most or all of the BlackBerry services that your organization requires. The primary BlackBerry Enterprise Server does not demote itself as long as it can provide at least the BlackBerry services that your organization considers essential.
Page 105
Administration Guide Configuring BlackBerry Enterprise Server high availability Click the name of the BlackBerry Enterprise Server pair that you want to change the health parameters and thresholds for. Click Edit Automatic Failover settings. To change the order of the health parameters and thresholds, click the Up and Down icons.
For example, if your organization requires that all users can access email messages from BlackBerry devices at all times and that the BlackBerry Enterprise Server is connected to all of the messaging servers at all times, you can change the...
Page 107
Example: Changing the percentage of the User accounts health parameter If you want to change the percentage of the User accounts health parameter to 80% for a BlackBerry Enterprise Server pair and the primary BlackBerry Enterprise Server instance is named server03, you can type traittool.exe -host server03 -trait UserHealthPercentage -set 80.
Click Turn on automatic BlackBerry Enterprise Server failover. In the System status section, the value for the Automatic BlackBerry Enterprise Server failover mode field changes to True. After you finish: To turn off automatic failover, click Turn off automatic BlackBerry Enterprise Server failover.
When an automatic failover event occurs, the primary BlackBerry Enterprise Server and standby BlackBerry Enterprise Server write the time and reason at logging level 5 (Verbose) in the log files for the BlackBerry Dispatcher, BlackBerry Controller, and BlackBerry Messaging Agent. The BlackBerry Controller and BlackBerry Dispatcher instances for the primary BlackBerry Enterprise Server and standby BlackBerry Enterprise Server create SNMP alerts using the BlackBerry Enterprise Server Alert Tool.
BlackBerry Configuration Panel You can use the BlackBerry Configuration Panel to force the primary BlackBerry Enterprise Server to perform a failover process if it is not running as expected or if it requires maintenance. Before you begin: Verify that the standby BlackBerry Enterprise Server is running.
BlackBerry Enterprise Server by associating multiple BlackBerry MDS Connection Service instances with each BlackBerry Enterprise Server. If the BlackBerry MDS Connection Service instance with the active connection stops responding, the BlackBerry Enterprise Server promotes the connection to the next instance in the pool list to an active connection.
BlackBerry Collaboration Service pools for. Click Turn on automatic connections failover. In the System status section, the value of the BlackBerry Enterprise Server connection failover mode field changes to True. After you finish: To turn off automatic failover, click Turn off automatic connections failover.
BlackBerry Enterprise Server by associating multiple BlackBerry Collaboration Service instances with the BlackBerry Enterprise Server. By default, the BlackBerry Collaboration Service instance at the top of the pool list is the instance that the BlackBerry Enterprise Server assigns the active connection to. If the instance with the active connection stops responding, the BlackBerry Collaboration Service tries to connect to the next instance in the pool list.
To turn off support for an attachment file format, in the Extensions section, click the Delete icon that is located beside the file extension. Click the Add icon. 10. Repeat steps 5 to 9 for each BlackBerry Attachment Service instance that you want to add to the pool.
Configuring high availability for BlackBerry Enterprise Server components 11. Click Save all. 12. Repeat steps 2 to 11 for each BlackBerry Enterprise Server instance that you want to use a BlackBerry Attachment Service pool. The BlackBerry Administration Service writes the data about the BlackBerry Attachment Service pool to the BlackBerry Configuration Database.
Server determines which BlackBerry Router instance to connect to by trying to connect to the first BlackBerry Router instance in the pool list. If the BlackBerry Enterprise Server cannot connect to the first BlackBerry Router instance in the list, it tries to connect to each BlackBerry Router in sequence until a connection succeeds.
BlackBerry Router If you installed a BlackBerry Router on a computer that is separate from the computer that hosts a BlackBerry Enterprise Server, you must permit the BlackBerry Dispatcher that you installed with the BlackBerry Enterprise Server to connect to the BlackBerry Router.
For example, you can install the BlackBerry Administration Service on two of the computers in the pool and the BlackBerry Web Desktop Manager on two other computers in the pool.
Administration Service instances in the pool. You must also change the name of the BlackBerry Administration Service pool if you have changed the name of the corresponding DNS record in the DNS server. You can only configure one BlackBerry Administration Service pool in a BlackBerry Domain.
Change the name of the BlackBerry Administration Service pool Before you begin: If you want to configure high availability for the BlackBerry Administration Service by creating a BlackBerry Administration Service pool using DNS round robin, create the DNS record that represents the BlackBerry Administration Service instances in the pool.
BlackBerry Administration Service When you navigate to a BlackBerry Administration Service page that displays the high availability status or job deployment status, the BlackBerry Administration Service displays the high availability status of the BlackBerry Enterprise Server, BlackBerry Collaboration Service, or BlackBerry MDS Connection Service and the job deployment status that is stored in the BlackBerry Configuration Database.
Remove a BlackBerry MDS Connection Service instance from a pool You can remove a BlackBerry MDS Connection Service instance from a pool if your organization no longer requires it or to troubleshoot an issue. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology >...
Remove a BlackBerry Collaboration Service instance from a pool You can remove a BlackBerry Collaboration Service instance from a pool if your organization no longer requires it or to troubleshoot an issue. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology >...
Remove a BlackBerry Router instance from a pool You can remove a BlackBerry Router instance from a pool if it is no longer required or to troubleshoot an issue. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology >...
• Configure the database server that will host the mirror or replicated BlackBerry Configuration Database with the same permissions that you configured on the database server that hosts the prinicipal BlackBerry Configuration Database. •...
BlackBerry Enterprise Server instances. Configuring database mirroring You can use Microsoft SQL Server 2005 or 2008 database mirroring to configure the BlackBerry Configuration Database for high availability. The BlackBerry Configuration Database only supports high safety with automatic failover (synchronous) operating mode for database mirroring.
After you configure the database, permit all BlackBerry Enterprise Server instances to connect to the principal BlackBerry Configuration Database. On the computers that host the BlackBerry Enterprise Server components, in the Windows Services, start all of the BlackBerry Enterprise Server services in the following order: •...
Administration Service also adds the name of the Microsoft SQL Server that hosts the mirror database to the BlackBerry Configuration Database. CAUTION: If you click Save all more than once but you do not restart the BlackBerry Enterprise Server services or the computers that host the BlackBerry Enterprise Server components that the BlackBerry Administration Service specifies as Updated, you should restart the BlackBerry Enterprise Server services or restart the computers for all of the BlackBerry Enterprise Server components.
If the computers that host BlackBerry Enterprise Server components were not running or connected to the network when you configured the BlackBerry Enterprise Solution to support database mirroring, or if you do not know if all of the components were configured to support database mirroring, you should resend the database mirroring parameters to the components.
To maintain database integrity, you must prevent all services that use the BlackBerry Configuration Database from connecting to the databases while you configure replication. On the computers that host the BlackBerry Enterprise Server components, in the Windows Services, stop all of the BlackBerry Enterprise Server services in the following order: •...
Administration Guide Configuring BlackBerry Configuration Database high availability Copy the backup file from the database server that hosts the BlackBerry Configuration Database to the database server that will host the replicated BlackBerry Configuration Database. In the Microsoft SQL Server Management Studio, in the left pane, navigate to the database server that will host the replicated BlackBerry Configuration Database.
Click Transactional publication. Click Next. In the Objects to publish list, select Tables, Stored Procedures, Views, and User Defined Functions. If you installed the BlackBerry database notification system on the computer, expand Tables and clear the ServiceConfig table and the ServiceTable table. Click Next.
Right-click Local Subscriptions. Click New Subscription. In the list of publishers, select the name of the database server that hosts the BlackBerry Configuration Database. In the list of databases and publications, select the publication for the BlackBerry Configuration Database. Click Next.
After you configure the database, permit all BlackBerry Enterprise Server instances to connect to the principal BlackBerry Configuration Database. On the computers that host the BlackBerry Enterprise Server components, in the Windows Services, start all of the BlackBerry Enterprise Server services in the following order: •...
To configure the BlackBerry Enterprise Server instances and components, you delete the pull subscription from the replicated database server, run a SQL query to update the numbering of the identity values in the replicated BlackBerry Configuration Database, and run the BlackBerry Enterprise Server setup application to permit each BlackBerry Enterprise Server instance and component to connect to the replicated BlackBerry Configuration Database.
To send BlackBerry Java Applications to devices, you must first add the applications to the application repository. You can use the application repository to store and manage all versions of the BlackBerry Java Applications that you want to install on, update on, or remove from devices.
BlackBerry Java Application. BlackBerry devices execute .cod files to run BlackBerry Java Applications. The BlackBerry JDE and the BlackBerry Java Plug-in for Eclipse also include tools to generate .jad files or .alx descriptor files that provide information about a BlackBerry Java Application that is used when the application is compiled.
Before you begin: Create a shared network folder on the network that hosts the BlackBerry Enterprise Server. This shared network folder must not be the same network share location that is used for BlackBerry Device Software, and it must not be located in <drive>:\Program Files\Common Files\Research In Motion .
Add a BlackBerry Java Application to the application repository To send a BlackBerry Java Application to BlackBerry devices, you must first add the BlackBerry Java Application bundle to the application repository. To send an updated version of a BlackBerry Java Application to BlackBerry devices, you must first add the updated bundle to the application repository.
Sending software and BlackBerry Java Applications to BlackBerry devices Specify keywords for a BlackBerry Java Application You can specify keywords for a BlackBerry Java Application. You can use the keywords to search for the application in the application repository. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Software >...
Change a standard application control policy When you add a BlackBerry Java Application to a software configuration, you must assign an application control policy to the BlackBerry Java Application. Based on the requirements of your organization's environment, you can change the default settings for the standard application control policies.
Page 142
If you add the BlackBerry Java Application to multiple software configurations and you assign different custom application control policies to the BlackBerry Java Application in the different software configurations, you must set the priority for the custom application control policies. This priority determines which custom application control policy the BlackBerry Policy Service applies if you assign multiple software configurations to a user account.
Application control policies for unlisted applications When you create a software configuration and assign it to user accounts so that you can send BlackBerry Device Software, BlackBerry Java Applications, and standard application settings to BlackBerry devices, you must configure whether the software configuration permits users to install and use applications that are not included in the software configuration (also known as unlisted applications).
The BlackBerry Administration Service includes two default application control policies for unlisted applications: one for unlisted applications that you permit on BlackBerry devices, and one for unlisted applications that you do not permit on BlackBerry devices. You can also create custom application control policies for unlisted applications that are optional.
• specify that a BlackBerry Java Application is not permitted • specify whether BlackBerry Java Applications that you do not include in the software configuration are permitted or not permitted • configure the access permissions for BlackBerry Java Applications that you do not include in the software configuration •...
Add a BlackBerry Java Application to a software configuration You must add a BlackBerry Java Application to a software configuration and assign the software configuration to user accounts to install the BlackBerry Java Application on BlackBerry devices over the wireless network. To upgrade an application, you must add the new version of the application to the appropriate software configuration.
To install the application on BlackBerry devices using a USB connection to the user's computer and the BlackBerry Web Desktop Manager, click Wired. 11. Repeat steps 6 to 10 for each BlackBerry Java Application that you want to add to the software configuration. 12. Click Add to software configuration.
Sending software and BlackBerry Java Applications to BlackBerry devices Assign a software configuration to multiple user accounts In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User. Click Manage users. Search for one or more user accounts.
BlackBerry device at a central computer If you do not want to install BlackBerry Java Applications on a BlackBerry device over the wireless network, and you do not want the user to install the BlackBerry Java Applications using the BlackBerry Web Desktop Manager or BlackBerry Desktop Software, you can install the BlackBerry Java Applications on a BlackBerry device by connecting the BlackBerry device to a central computer that can access the BlackBerry Administration Service.
BlackBerry devices. If you assign an IT policy to user accounts or change an existing IT policy, a job sends the IT policy changes to BlackBerry devices. You can view the status of a job to determine if it is ready to run, currently running, completed, or completed with task failures.
Page 151
An error occurred when the BlackBerry Policy Service tried to retrieve the data that it required to install the BlackBerry Java Application. You can verify that the BlackBerry Policy Service can access the network share that you use to store the application files. QueueModule failed, processing stopped An error occurred when the BlackBerry Policy Service tried to process the application modules and send the application modules to the BlackBerry device.
Page 152
You can verify that the application files are formatted properly and try to send the BlackBerry Java Application to the BlackBerry device again. If your second try at the installation is not successful, in the log files that you collected, locate the user account that experienced the issue.
Page 153
The BlackBerry Policy Service did not receive an acknowledgment message from a BlackBerry device that indicates that the BlackBerry Java Application was installed. You can verify that the BlackBerry device is turned on and is located in a wireless coverage area. Resend the BlackBerry Java Application.
Page 154
0x03 disallowed by IT policy: An IT policy rule in an IT policy that you assigned to the user account does not permit BlackBerry Device Software updates over the wireless network. You can verify that the IT policy rule settings in the IT policy that you assigned to the user account permits BlackBerry Device Software updates over the wireless network.
Page 155
0x02 reset required The user must reset the BlackBerry device to clear a code module condition. You can instruct the user to reset the BlackBerry device. The update application tries to perform the update for up to 72 hours. After 72 hours, the update application performs the update and the user no longer has the option to defer the update.
Page 156
Sending software and BlackBerry Java Applications to BlackBerry devices Error messages: Standard application settings tasks To troubleshoot errors that display for a task when you change the standard application settings on a BlackBerry device, you can try to determine the cause by collecting the following information: •...
Page 157
Error messages: IT policy tasks To troubleshoot errors that display for a task when you send an IT policy to a BlackBerry device or update an IT policy on a BlackBerry device, you can try to determine the cause by collecting the following information: •...
BlackBerry device, the remaining commands in the group are not delivered to the BlackBerry device. You can try to resend the IT policy to the BlackBerry device. You can also try to resend the service books to the BlackBerry device.
Managing the distribution settings for a specific job, View the users that have a BlackBerry Java Application installed on their BlackBerry devices In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Software > Applications. Click Manage applications. Search for an application.
Sending software and BlackBerry Java Applications to BlackBerry devices Click View users with application. Search for users that are associated with BlackBerry devices that you installed the BlackBerry Java Application on. View how the BlackBerry Administration Service resolved software configuration conflicts for a user account You can assign multiple software configurations to a user account or group.
If you assign multiple software configurations to user accounts or groups, the multiple software configurations might contain conflicting settings. For example, you might specify that a BlackBerry Java Application is required in a software configuration that you assign to a user account, but you might also specify that the same application is not permitted in a software configuration that you assign to a group that the user account belongs to.
2.0 of the application is installed on the BlackBerry device. The version of a BlackBerry Java Application that is in a software configuration that is assigned to a user account takes precedence over the version of a BlackBerry Java Application that is in a software configuration that is assigned to a group.
Page 163
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices Scenario Rule The BlackBerry Administration Service resolves the deployment method after resolving the disposition of an application. The deployment method specified for an application in a software configuration that is assigned to a...
BlackBerry Administration Service, is installed on the BlackBerry device. The BlackBerry Enterprise Server does not install a version of the BlackBerry Device Software if that version is ranked lower than the version of the BlackBerry Device Software that is currently installed on the...
The calendar initial view setting that is applied to the user's initial view setting is configured differently in each of the BlackBerry device is the lowest value that was specified in software configurations that are assigned to the groups. the multiple software configurations.
BlackBerry Enterprise BlackBerry devices that are running a BlackBerry Device Server version 5.0 or later, and BlackBerry devices that are Software version earlier than 5.0. running BlackBerry Device Software version 5.0 or later.
Page 167
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices Scenario Rule A software configuration that defines unlisted applications If unlisted applications are defined as disallowed in a as disallowed is assigned to a user account. A software software configuration that is assigned to a user account,...
BlackBerry Administration Service You can install and update BlackBerry Java Applications on BlackBerry devices without using the BlackBerry Administration Service. You can use any of the following tools or software to install, update, and manage BlackBerry Java Applications on BlackBerry devices: •...
BlackBerry Java Application. BlackBerry devices execute .cod files to run BlackBerry Java Applications. The BlackBerry JDE and the BlackBerry Java Plug-in for Eclipse also include tools to generate .jad files or .alx descriptor files that provide information about a BlackBerry Java Application that is used when the application is compiled.
Application developers can use the BlackBerry Java Development Environment or the for Eclipse to create an automated application installer. You can use the application installer to install the files for a BlackBerry Java Application (the .alx identifier file and the application's .cod files) on users’ computers. You can then instruct users to use the application loader tool in the BlackBerry Desktop Software to install the BlackBerry Java Application on their BlackBerry devices.
.alx files and .cod files: The .alx file is the application descriptor that provides information about the application and the location of the application's .cod files. A .cod file contains compiled and packaged application code. The application loader tool requires these files so that it can install the BlackBerry Java Application on BlackBerry devices. •...
BlackBerry devices. The users must connect their BlackBerry devices to their computers. The BlackBerry Application Web Loader supports .cod files only. To install a MIDlet, convert the .jar file to a .cod file. For more information about how to compile .java and .jar file formats into the .cod file format, visit www.blackberry.com/...
• Research In Motion USB drivers and a USB connection for the BlackBerry device Web server Configure the following MIME types on the web server to permit users to download and install BlackBerry Java Applications on BlackBerry devices: • .cod files: application/vnd.rim.cod •...
Connect the BlackBerry device to your computer. Using Microsoft Internet Explorer version 5.0 or later, browse to <web_address>. If the required version of the BlackBerry Application Web Loader is not installed on your computer, accept the installation prompt, and complete the instructions on the screen.
Alternative methods for installing BlackBerry Java Applications on BlackBerry devices You must install the BlackBerry Device Manager on users’ computers so that users can use this method to install BlackBerry Java Applications. The BlackBerry Device Manager manages the connection between the standalone application loader tool and the BlackBerry device.
<drive>:\Program Files\Common Files\Research In Motion\AppLoader . • Obtain the .alx and .cod files for the BlackBerry Java Application from the application developer, vendor, or wireless service provider. In <drive:>\Program Files\Common Files\Research In Motion\Shared\Applications\ , create a folder with a unique name to contain the application files.
BlackBerry Java Application in automated mode Use automated mode if you do not want to give users the option to cancel the installation of the BlackBerry Java Application. Before you begin: Verify that BlackBerry Device Manager version 4.1 or later is installed on the user’s computer.
BlackBerry devices to their computers. You can add the required files for the BlackBerry Java Application (a .jad file and the application .cod or .jar files) to a web server, and instruct users to navigate to the appropriate web address using a browser on their BlackBerry devices. Users can use the BlackBerry Browser or the wireless service provider’s WAP Browser.
.cod or .jar files: These files contain compiled and packaged application code. Install the BlackBerry Java Application on a web server Before you begin: Obtain the .jad and .cod files or .jar files for the BlackBerry Java Application from the application developer, vendor, or wireless service provider.
BlackBerry MDS Connection Service is the central push server. If two BlackBerry MDS Connection Service instances that are version 5.0 or later exist in a BlackBerry Domain, by default, both instances are central push servers. If more than two BlackBerry MDS Connection Service instances (that are version 5.0 or later) exist in a BlackBerry Domain, the first two instances that start are central push servers.
You can specify more than one BlackBerry MDS Connection Service in your organization's BlackBerry Domain as a central push server. By default, if one or two BlackBerry MDS Connection Service instances exist in the BlackBerry Domain, those instances are central push servers.
Administration Guide Configuring how users access enterprise applications and web content minutes. The BlackBerry devices prompt users only if the connection to the content server persists for more than 60 minutes. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology >...
BlackBerry devices to content servers that use LTPA BlackBerry devices that are running BlackBerry Device Software version 3.8 or later manage how HTTP cookies are stored and used to authenticate to content servers that use LTPA authentication technology. For BlackBerry devices that use previous versions of the BlackBerry Device Software, you must permit the BlackBerry MDS Connection Service to manage HTTP cookie storage on BlackBerry devices.
If required, remove the RSA Authentication Agent from the computer that hosts the BlackBerry MDS Connection Service. • If required, in the RSA Authentication Manager, delete the node secret data for the computer that hosts the BlackBerry MDS Connection Service. •...
Page 185
In the RSA Authentication Manager, create an Agent Host record for the BlackBerry Enterprise Server. The RSA Authentication Manager generates an sdconf.rec file. On the computer that hosts the BlackBerry MDS Connection Service, copy the sdconf.rec file that the RSA Authentication Manager generates to one of the following folders: •...
Configure the BlackBerry MDS Connection Service to manage HTTP cookie storage By default, the BlackBerry MDS Connection Service does not manage HTTP cookie storage for BlackBerry devices. If the BlackBerry device requires JavaScript support for its HTTP requests, the BlackBerry device processes cookies.
BlackBerry devices You can specify how long a BlackBerry MDS Connection Service waits for a BlackBerry device to send data to it before the BlackBerry MDS Connection Service closes the HTTP connection to the BlackBerry device. The default timeout limit is 120,000 milliseconds (2 minutes).
BlackBerry MDS Connection Service. You can use the Java keytool to create a self-signed certificate for the BlackBerry MDS Connection Service, or you can import a signed certificate from a trusted public certification authority. You can use the Java keytool to export the BlackBerry MDS Connection Service certificate from the key store, and import the certificate to the key stores that the Java push applications use.
Create a key store to store certificates for use with HTTPS connections You must create a key store to store the certificates that permit the BlackBerry MDS Connection Service to accept HTTPS connections from push applications. On the computer that hosts the BlackBerry MDS Connection Service, on the taskbar, click Start > Programs >...
Export the BlackBerry MDS Connection Service certificate to make it available to push applications You must export the certificate for the BlackBerry MDS Connection Service so that you can import it to the key store of a server-side push application.
PAP requests By default, when a push application sends a PAP request to the BlackBerry MDS Connection Service, the BlackBerry MDS Connection Service directs requests to an HTTPS port. Because some applications require an HTTP port, you may want to change this default setting.
Specify whether the BlackBerry MDS Connection Service requires trusted HTTPS connections from web servers In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view. Click MDS Connection Service. Click Edit component.
To search for and retrieve certificates from an LDAP server, you can configure the BlackBerry MDS Connection Service to use LDAP or DSML. The BlackBerry MDS Connection Service searches each LDAP server using LDAP or DSML in the order that you specify. If you configure the BlackBerry MDS Connection Service to use both LDAP and DSML to search and retrieve certificates, the BlackBerry MDS Connection Service searches the servers using LDAP and then searches the servers using DSML.
Page 194
BlackBerry devices. If you change the LDAP port number or host server information, you must stop and restart the BlackBerry MDS Connection Service so that the BlackBerry MDS Connection Service can use the new port number or host server information immediately.
Configure the BlackBerry MDS Connection Service to use DSML to retrieve certificates In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view. Click MDS Connection Service. On the DSML tab, click Edit component.
Page 196
Click Save all. After you finish: • To configure the BlackBerry MDS Connection Service to retrieve the status of certificates from an OCSP server or CRL server, you must configure the OCSP server and CRL server information. • Add the communication information that you configured for the DSML server to the BlackBerry MDS Connection Service configuration set.
Page 197
2. In the Settings section, change the OCSP server settings. 3. Click the Update icon. Click Save all. After you finish: Add the communication information that you configured for the OCSP server to the BlackBerry MDS Connection Service configuration set. Related information...
2. Click the Accept icon. Click Save all. After you finish: Add the communication information that you configured for the CRL server to the BlackBerry MDS Connection Service configuration set. Related information Add communication information to a BlackBerry MDS Connection Service configuration set,...
Page 199
To specify the communication method that the BlackBerry MDS Connection Service should try to connect to the server with first , click the Up and Down arrows. The BlackBerry MDS Connection Service resolves conflicts by applying communication methods in the order that you specify. The order of that you specify for LDAP, DSML, or file communication applies to each communication method separately.
Add a retrieved certificate for a web server to the key store You can use the Java keytool to add a certificate for a web server to the BlackBerry MDS Connection Service key store. The certificate permits the BlackBerry MDS Connection Service to connect to the trusted web server.
Configuring how users access enterprise applications and web content Configure global login information for intranet site access In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry solution topology > BlackBerry Domain > Component view. Click MDS Connection Service.
On the General tab, in the Socket connection settings section, in the Use scalable sockets options list, click Yes. Click Save all. Specify the thread pool size of a BlackBerry MDS Connection Service You can specify the maximum number of threads that a BlackBerry MDS Connection Service can process at the same time.
MDS Connection Service to use fewer system resources and to establish more socket connections at one time than previous versions of the BlackBerry MDS Connection Service. When a BlackBerry MDS Connection Service uses scalable HTTP, it streams data to and from BlackBerry devices instead of storing and forwarding the data. If you want a BlackBerry...
Administration Guide Configuring how users access enterprise applications and web content MDS Connection Service to process data as it did in previous versions of the BlackBerry Enterprise Server, you can prevent a BlackBerry MDS Connection Service from using scalable HTTP.
Specify how often a BlackBerry MDS Connection Service polls for configuration information You can specify how often a BlackBerry MDS Connection Service polls the BlackBerry Configuration Database for changes to the administration settings for the BlackBerry MDS Connection Service and BlackBerry Collaboration Service. The default interval is 5 minutes.
BlackBerry devices. Email message filters that you create and apply override the email message filters that users create using the BlackBerry Desktop Manager, the BlackBerry Web Desktop Manager, or their BlackBerry devices. You can specify the order that the BlackBerry Messaging Agent applies the email message filters in.
Perform one of the following tasks: • To create an email message filter that does not deliver email messages that match the filter criteria to BlackBerry devices, select Do not forward email messages to the device. •...
Perform one of the following tasks: • To create an email message filter that does not deliver email messages that match the filter criteria to BlackBerry devices, select Do not forward email messages to the device. •...
BlackBerry Enterprise Server. To create a copy of existing email message filters, you can export the existing email message filters for a BlackBerry Enterprise Server as an .xml file. You can then import the .xml file so that you can use it with another instance of the BlackBerry Enterprise Server.
.xml file so that you can use it with other user accounts. Export email message filters for a user account In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User. Click Manage users.
You can add extension plug-ins to a BlackBerry Messaging Agent. The BlackBerry Messaging Agent uses extension plug- ins to process and make changes to email messages and attachments that the BlackBerry Messaging Agent sends to and receives from BlackBerry devices. For example, you can add an extension plug-in to modify the signature in email messages.
Repeat steps 4 and 5 for each extension plug-in that you want to add. If necessary, click the Up and Down icons to set the order that the BlackBerry Messaging Agent uses the extension plug-ins to process email messages in.
The BlackBerry Messaging Agent uses a BlackBerry Enterprise Server extension process to load extension plug-ins to process email messages. If you do not add an extension plug-in to the BlackBerry Administration Service, and you install the extension plug-in application on the computer that hosts the BlackBerry Enterprise Server, the extension plug-in is loaded directly by the BlackBerry Messaging Agent instead of the extension process.
You can map up to four fields that users define in the contact information on their computers to their BlackBerry devices. When users request a remote contact lookup from the contact list, the fields that you configure display on BlackBerry devices.
On the Mappings for organizer data synchronization tab, in the Mappings for organizer data synchronization section, select the Turned on option. In the appropriate drop-down lists, select the fields on the BlackBerry device that you want to map the information to. Click Continue to user information edit.
Page 216
Turned on option. In the Other mappings section, in each User defined string drop-down list, select the contact field that you want to map to the BlackBerry device. Click Continue to user information edit. 10. Click Save all.
You can make the certificate enrollment process required so that devices automatically start the certificate enrollment process after the devices receive the updated IT policy from the BlackBerry Enterprise Server. If you do not make the certificate enrollment process required, you must instruct users to start the CA Profile Manager on the devices manually.
Configuring BlackBerry devices to enroll certificates over the wireless network If you configured the BlackBerry MDS Connection Service to retrieve the status of the certificates using an OCSP server or a CRL server and pull authorization is turned on, devices may not be able to enroll some certificates over the mobile network.
DSML server, a CRL server, an OCSP server, or a certification authority. You must add the communication information that the BlackBerry MDS Connection Service requires to communicate with servers to a configuration set so that a BlackBerry MDS Connection Service instance can communicate with the servers after you assign the configuration set to the instance.
To specify the communication method that the BlackBerry MDS Connection Service should try to connect to the server with first , click the Up and Down arrows. The BlackBerry MDS Connection Service resolves conflicts by applying communication methods in the order that you specify. The order of that you specify for LDAP, DSML, or file communication applies to each communication method separately.
BlackBerry device uses for Wi-Fi authentication. You can find the name of the certification authority profile in the Certificate Authority Profile Name IT policy rule.
BlackBerry Configuration Database when the certificate enrollment process starts for a new certificate. Also, if a certificate is expired or revoked, you or a BlackBerry device user can update the certificates on the device using the certificate synchronization tool in the BlackBerry Desktop Software or by copying an updated certificate from a media card or smart card.
If the certificate authority requires a certificate administrator to approve rval certificate requests, this property specifies the interval, in minutes, that the BlackBerry MDS Connection Service waits before it requests an update about pending certificate requests from the certificate authority. The default interval is 60 minutes.
BlackBerry Web Desktop Manager on users' computers By default, when users open and log in to the BlackBerry Web Desktop Manager for the first time, the browser prompts them to accept a client authentication certificate and install the required RIMWebComponents.cab file. The RIMWebComponents.cab file provides the BlackBerry Device Manager and USB drivers that users require to use the...
Alternatively, you can check the browser settings on users' computers and, if necessary, change them manually. In the BlackBerry Enterprise Server installation files, navigate to tools/RIMWebComponents . Copy the RIMWebComponents.msi file to a shared network folder. In Microsoft Active Directory Users and Computers, right-click the organizational unit that you want to assign the Windows GPO to.
Before you begin: • Add the web address for the BlackBerry Administration Service to the list of trusted web sites in the web browser. • Download and install the Microsoft Group Policy Management Console with Service Pack 1. For more information about installing the service pack, see www.microsoft.com.
22. Click Add. 23. In the Enter the name of the item to be added field, type the web address for the BlackBerry Administration Service. 24. In the Enter the value of the item to be added field, type 2,2,1,0.
Page 228
Administration Guide Making the BlackBerry Web Desktop Manager available to users CLASS MACHINE CATEGORY !!RegistrySettings KEYNAME "Software\Microsoft\Windows\CurrentVersion\Internet Settings" ;KEYNAME "Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" POLICY !!EnableActiveXInstallFromAD EXPLAIN !!EnableActiveXInstallFromAD_Explain VALUENAME "UseCoInstall" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END POLICY END CATEGORY [strings] EnableActiveXInstallFromAD="Allow user computers to install administrator-approved Microsoft ActiveX components."...
Manager available to users The BlackBerry Web Desktop Manager web address is https://<full_computer_name> /webdesktop/login. If you customized the BlackBerry Web Desktop Manager text colors or image and you want to display the changes on the login screen, you must direct users to https://<full_computer_name>/webdesktop/app?page=Login&service=page&orgId=0.
BlackBerry device, deleting data from a device, or deactivating a device. You can also customize the UI of the BlackBerry Web Desktop Manager by changing the text colors or displaying a custom image, such as your organization's logo, to match the design of your organization's intranet.
Permit users to activate devices using the BlackBerry Web Desktop Manager You can specify whether users can use the BlackBerry Web Desktop Manager to activate BlackBerry devices using a wired connection to a computer. In the BlackBerry Administration Service, in the Servers and components menu, expand BlackBerry Solution Topology >...
Administration Guide Configuring the BlackBerry Web Desktop Manager After you finish: To prevent users from backing up and restoring data from their BlackBerry devices, change Allow users to backup and restore data to No. Configure the domains for backing up data...
Font color 6 This text color specifies the hexadecimal color value of the #ffffff (white) text in the BlackBerry Web Desktop Manager headers, and the text in the tab links that point to web pages that the user is not currently visiting.
Web Desktop Manager You can display a custom image, such as your organization's logo, in the upper-right corner of the BlackBerry Web Desktop Manager. The image file that you specify must be a .jpg or .gif file that is located on a trusted web site.
Wi-Fi networks. You can manage the configuration settings for user accounts that are associated with a BlackBerry Enterprise Server by creating Wi-Fi profiles. You can create and assign one or more Wi-Fi profiles to a user account or to a group using a process that is similar to the process you use to create an IT policy and assign it to a user account.
Page 236
If necessary, configure your organization’s enterprise Wi-Fi network to access the DHCP server. • If you do not use static IT addresses, use the DNS lookup tool on a Wi-Fi enabled BlackBerry device to verify that the BlackBerry device can access the DHCP server.
Wi-Fi connection to the BlackBerry Infrastructure Create a Wi-Fi profile In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy > Wi-Fi configuration. Click Create Wi-Fi profile. In the Name field, type a name for the Wi-Fi profile.
Configure a Wi-Fi profile on a BlackBerry device You can instruct BlackBerry device users to perform the following task if you want users to configure a Wi-Fi profile for the Wi-Fi networks that you did not create a Wi-Fi profile for in the BlackBerry Administration Service. By default, new Wi-Fi profiles appear at the end of the Wi-Fi profile list on the BlackBerry device.
If required, in the Wi-Fi user specific settings section, specify the login information for the Wi-Fi profile. Click the Add icon. Click Save all. When you assign a Wi-Fi profile to a user account, the BlackBerry Administration Service creates a job to deliver the resulting object to the BlackBerry device. Configure a Wi-Fi profile In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy >...
Depending on your organization's security policy, you can save a user name and password to a BlackBerry device to prevent the BlackBerry device from prompting the user for the login information the first time (or each time) the BlackBerry device connects to the enterprise Wi-Fi network.
Click Save. When you assign a VPN profile to a group that has at least one user account assigned to it, the BlackBerry Administration Service creates jobs to deliver the resulting objects to BlackBerry devices.
Associate a VPN profile with a Wi-Fi profile To permit a BlackBerry device to connect to a Wi-Fi network using a VPN session, you must associate a VPN profile with a Wi-Fi profile that you assigned to the user account.
Consider the following guidelines: • Specify only one action that you want the BlackBerry Enterprise Server to perform in each row of the file. • To assign more than one action to a user account, create multiple rows for the user account.
• Add no more than 2000 actions to a file. • Assign a maximum of 32 profiles to BlackBerry devices that are running BlackBerry Device Software versions that are earlier than 4.5.0. • Assign a maximum of 64 profiles to BlackBerry devices that are running BlackBerry Device Software version 4.5.0 and later.
Page 245
Fields in the .csv file that contains profile information The following table describes the fields that you can configure in a .csv file. The BlackBerry Administration Service uses the fields in the .csv file to update profile information that you assigned to user accounts.
Import profile information from a .csv file The BlackBerry Administration Service processes actions in the order that they appear in the .csv file. If two actions that you listed in the file contradict each other, the action that appears closer to the end of the file is the action that the BlackBerry Administration Service processes.
WEP key numbering in the configuration settings of the Wi-Fi profile for the enterprise Wi-Fi network. For example, WEP key 1 on the BlackBerry device is WEP key 0 in the configuration settings, and WEP key 2 on the BlackBerry device is WEP key 1 in the configuration settings.
PSK encryption in small office and home environments where it is not feasible to configure server-based authentication. To configure PSK encryption, you must distribute a passphrase to Wi-Fi enabled BlackBerry devices that matches the key or passphrase for the wireless access points. You must distribute the passphrase using the Wi-Fi profiles that you assign to user accounts.
BlackBerry devices support LEAP authentication that uses a user name and password. You must distribute the user name and password using a Wi-Fi profile that you assign to user accounts. BlackBerry devices use a one-way function to encrypt passwords before they send the passwords to the authentication server.
Using the wireless access point, configure the LEAP settings to accept SSID association requests from users that have the credentials that you specify or to identify the authentication server that the Wi-Fi enabled BlackBerry devices use to verify user credentials. For more information, see the documentation for your organization's access points.
To distribute the root certificate to BlackBerry devices, you can use the certificate synchronization tool in the BlackBerry Desktop Manager. You must configure a Wi-Fi profile to provide the user name and password for authentication.
Distribute a certificate using the BlackBerry Desktop Manager If a BlackBerry device requires the root certificate for the certificate authority, a client certificate, or both, you can distribute the certificates using BlackBerry Desktop Manager. The BlackBerry device can add the certificates to the list of explicitly trusted certificate authority certificates or the list of client certificates.
The certificate synchronization tool was not installed when the user installed the BlackBerry Desktop Manager. Possible solution Instruct the user to re-install the BlackBerry Desktop Manager using the custom installation option. During the custom installation process, the user can install the certificate synchronization tool.
12. Verify that the Allow inter-access point handover option is selected. 13. If necesssary, select the Prompt before connection check box. If you do not select the check box, the BlackBerry device connects to an available wireless access point automatically.
Configure EAP-TLS authentication data for BlackBerry devices using a Wi-Fi profile If BlackBerry users in your organization's environment use BlackBerry 7270 smartphones, you must configure user names and passwords using IT policy rules instead of configuration settings. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy > Wi-Fi configuration.
12. Verify that the Allow inter-access point handover option is selected. 13. If necessary, select the Prompt before connection check box. If you do not select the check box, the BlackBerry device connects to an available wireless access point automatically.
BlackBerry devices and the authentication server trust mutually must generate the authentication server certificate. Each BlackBerry device stores a list of explicitly trusted certificate authority certificates. BlackBerry devices that use EAP- TTLS authentication require the root certificate for the certificate authority that created the authentication server certificate.
11. Verify that the Allow inter-access point handover option is selected. 12. If necesssary, select the Prompt before connection check box. If you do not select the check box, the BlackBerry device connects to an available wireless access point automatically.
TLS tunnel, EAP-FAST uses a .pac file. The .pac file that the BlackBerry devices and the authentication server share contains secret keys that are unique to the BlackBerry devices. The EAP-FAST master key on the authentication server generates the .pac file. EAP-FAST uses the .pac file to open the TLS tunnel and authenticates the user credentials through the TLS tunnel.
Send EAP-FAST authentication data to a BlackBerry device using a Wi-Fi profile If BlackBerry users in your organization's environment use BlackBerry 7270 smartphones, you must configure user names and passwords using IT policy rules instead of configuration settings. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy > Wi-Fi configuration.
If your organization uses dynamic IP addresses, verify that the Automatically obtain IP address and DNS option is selected. If necesssary, select the Prompt before connection check box. If you do not select the check box, the BlackBerry device connects to an available wireless access point automatically.
2 and layer 3 Wi-Fi authentication on Wi-Fi enabled BlackBerry devices. When you configure a software token for users, BlackBerry devices are designed to use the passcode to authenticate the users to the Wi-Fi network and VPNs automatically using the PEAPv1, EAP-GTC, and EAP-TTLS or EAP-GTC authentication methods.
Authentication Manager, even though the RSA Authentication Manager is designed to accommodate time differences of up to three minutes. Instruct users to use one of the following methods to synchronize the date, time, and time zone settings on the BlackBerry devices with the RSA Authentication Manager: •...
Configure RSA authentication over a VPN network using a software token You must add the serial number of the software token that the Wi-Fi enabled BlackBerry device can use to a VPN profile so that RSA authentication can occur over VPN connections.
Assign software tokens to a user account You must assign the software tokens that BlackBerry device users can use to authenticate to a Wi-Fi network or VPN network to the user accounts. Depending on the number of software token records that are available to you, you can assign up to three software tokens to each user account.
SSL certificate to protect the HTTPS connection. You can import a self-signed SSL certificate or a trusted certificate that a certification authority signs after the installation process completes. If you configure a BlackBerry Administration Service pool, you must generate an SSL certificate that uses the name of the BlackBerry Administration Service pool.
\web.keystore"). When the keytool prompts you for the first name and last name, type the pool name of the BlackBerry Administration Service. You can find the pool name in the Administration Service – High Availability tab. If you want to use a trusted certificate, using the keytool, import the root certificate of the certification authority (for example, keytool -import -alias <ca_alias_name>...
BlackBerry Web Desktop Manager. You must install the BlackBerry Enterprise Server in the resource forest if a resource forest exists in your organization's environment. In the resource forest, you create a mailbox for each user account and associate the mailboxes with the user accounts that are located in the account forests.
Service and BlackBerry device users to access the BlackBerry Web Desktop Manager without requiring that you or the users type a Microsoft Active Directory user name and password. By default, if you log in to the BlackBerry Administration Service or users log in to the BlackBerry Web Desktop Manager using Microsoft Active Directory authentication, the browser prompts you or the users to type a Microsoft Active Directory user name and password.
Configure constrained delegation for the Microsoft Active Directory account to support single sign-on authentication Use the Windows Server ADSI Edit tool to add the following SPNs for the BlackBerry Administration Service pool to the Microsoft Active Directory account : •...
Instruct all administrators and device users to add the web addresses for the BlackBerry Administration Service and BlackBerry Web Desktop Manager to the list of web sites in the local intranet zone and install the certificate for the BlackBerry Administration Service or BlackBerry Web Desktop Manager in the certificate store of their computers.
Changing password settings for BlackBerry Administration Service authentication If you use BlackBerry Administration Service authentication in your organization's environment, you can change the minimum password length and the number of days until passwords expire to meet the requirements of your organization's security policies.
Before you begin: Verify that you have database owner permissions for the BlackBerry Configuration Database. On all of the computers that host BlackBerry Administration Service instances, in the Windows Services, stop the BlackBerry Administration Service services. On the database server, on the BlackBerry Configuration Database, run the following SQL statement: DELETE from BASTraits WHERE PlugInId=8 AND TraitId=0.
Preparing a device for redistribution to a new user You can prepare a BlackBerry device for redistribution to a new BlackBerry device user by performing one of the following actions: • use the security options on the device to permanently delete all user data •...
To help secure your organization's data on a personal BlackBerry device, you can permit your organization to delete work data from a device when a user no longer works at your organization. You can use the BlackBerry Administration Service to...
Page 276
IT administrative command over the wireless network. All personal data remains on the device. A BlackBerry device user cannot use the device or make emergency calls while the device deletes the work data. The device permanently deletes the following work data:...
Delete only work data from a device Before you begin: If you want to remove your organization's applications from the BlackBerry device, create a software configuration that includes the applications and set the disposition of all work applications to Disallowed in the software configuration.
The BlackBerry Enterprise Server includes IT administration commands that you can send over the wireless network to protect sensitive data on a BlackBerry device. You can use the commands to lock the device, permanently delete work data, permanently delete user information and application data, and return the device settings to the default values.
Protect a lost device If a user misplaces a BlackBerry device or if a device is stolen, you can protect the data on the device by locking the device or making it unavailable.
Protect a lost device that a user might not recover If a BlackBerry device is lost but the device user might recover it, you can protect the information on the device by scheduling it to start deleting all user information and application data and to become unavailable after a period of time that you specify.
Page 281
Administration Guide Protecting and redistributing devices • To disable a user account from the BlackBerry Enterprise Server and remove the BlackBerry Enterprise Server information from the user's mailbox, click Disable the user and remove BlackBerry information from the user's messaging system.
Switch the appropriate tabs to change the appropriate permissions. Click Save all. After you finish: Instruct administrators to log out of the BlackBerry Administration Service and log in again so that the changes can take effect immediately. Change the roles for an administrator...
Delete an administrator account You can delete an administrator account when you no longer require it in your organization's environment. Before you begin: If the administrator is also a BlackBerry device user, remove the BlackBerry device from the administrator account.
Page 284
Administration Guide Managing administrator accounts In the Status list, click Delete user. Click Yes - Delete the user.
You can either create user-specific groups and assign roles to those groups or use the default user groups that contain pre- existing roles. If you are managing a large number of groups (over 3000) using the BlackBerry Administration Service in a single domain, your organization's environment might experience a performance impact.
Junior Helpdesk administrators in this group can perform basic administrative tasks such as adding users to groups and assigning BlackBerry devices to BlackBerry device users. The Junior Helpdesk role can only add users to the Web Desktop Users group and the Junior Helpdesk group.
You can copy the properties from one group to another. When you add user accounts or administrator accounts to a group, the group properties apply to the new accounts automatically. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Group. Click Manage groups.
Managing user accounts You can move user accounts from one user group to another or from one BlackBerry Enterprise Server to another in the BlackBerry Domain. If you move a user account from one BlackBerry Enterprise Server to another, the destination BlackBerry Enterprise Server sends new service books to the BlackBerry device over the wireless network.If you are moving...
In the BlackBerry Enterprise Server status list, click Switch BlackBerry user to different BlackBerry Enterprise Server. In the Available BlackBerry Enterprise Server instances list, click the BlackBerry Enterprise Server that you want to move the user accounts to. Click Next.
You can update the contact list in the BlackBerry Configuration Database so that you can include any organizational changes or updates in the contact list. The amount of time that the BlackBerry Mail Store Service requires to update the contact list depends on the contact list size.
Administration Guide Managing groups and user accounts In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view. Click Email. Click Refresh available user list from company directory. Resend service books to a BlackBerry device In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User.
IT policy, the BlackBerry Administration Service creates jobs to deliver the resulting objects or settings to BlackBerry devices. A job consists of multiple tasks. Each task delivers a specific object or setting to a BlackBerry device, for example, upgrading BlackBerry Device Software, installing or removing a BlackBerry Java Application, or sending updated IT policy settings or application settings.
Click Specify job schedule settings. Click Edit job schedule settings. In the Default delay for each job section, in the Default delay field, type the number of minutes that the BlackBerry Administration Service waits before it creates and processes a job.
The default value is 25. If necessary, in the Total number of tasks per time window per BlackBerry Administration Service instance field, type the total number of IT policy tasks that you want the BlackBerry Enterprise Server to process during each processing interval.
Page 295
3. Click the Add icon. On the System throttling tab, in the Maximum number of simultaneous tasks per BlackBerry Administration Service instance field, type the maximum number of tasks that you want the BlackBerry Enterprise Server to process at the same time.
Enterprise Server to process at the same time. The default value is 1000. On the Job throttling tab, to turn on throttling for all BlackBerry Device Software tasks in jobs, select Enabled to reduce load on system. If necessary, in the Default throttling for all BlackBerry Device Software tasks in each job in a time window section,...
BlackBerry devices. You can change how the BlackBerry Enterprise Server sends the settings to and updates the settings on BlackBerry devices. If you change the default distribution settings for the standard application settings, your organization's environment might experience a performance impact.
BlackBerry devices. Before the BlackBerry Administration Service delivers a specific job, you can change the delivery schedule of the job, priority of the job, and how the job delivers IT policies, BlackBerry Java Applications, BlackBerry Device Software, and standard application settings to BlackBerry devices.
You can change how the BlackBerry Administration Service sends IT policy settings and changes in a specific job to BlackBerry devices. You can change a job's distribution settings for IT policies only if the job is not running. If you changing the IT policy distribution settings for a job, your organization's environment might experience a performance impact.
You can change how the BlackBerry Administration Service installs, updates, or removes the BlackBerry Java Applications in a specific job on BlackBerry devices. You can change a job's distribution settings for applications only if the job is not running. If you change the default application distribution settings, your organization's environment might experience a performance impact.
Page 301
If necessary, in the Total number of tasks per time window per BlackBerry Administration Service instance field, type the total number of application tasks in the job that you want the BlackBerry Enterprise Server to process during each processing interval.
You can change how the BlackBerry Administration Service installs or updates the BlackBerry Device Software in a specific job on BlackBerry devices. You can change the distribution settings for a job for the BlackBerry Device Software only if the job is not running. If you change the default distribution settings for BlackBerry Device Software, your organization's environment might experience a performance impact.
Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices If necessary, in the Default throttling for all BlackBerry Device Software tasks in each job in a time window section, in the Maximum number of simultaneous tasks per BlackBerry Administration Service instance field, type the maximum number of BlackBerry Device Software tasks in the job that you want the BlackBerry Enterprise Server to process at the same time.
Make a BlackBerry Java Application unavailable for installation You can delete a BlackBerry Java Application and all versions of the application from the application repository if you do not want to make the BlackBerry Java Application available to add to software configurations. You cannot delete a...
Remove a BlackBerry Java Application from BlackBerry devices over the wireless network You can remove a BlackBerry Java Application, the collaboration client, or the BlackBerry MDS Runtime from BlackBerry devices over the wireless network. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Software.
Administration Guide Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices Managing software configurations Remove a software configuration from a group If you remove a software configuration from a group, the applications in the software configuration are removed from the BlackBerry devices that are associated with the user accounts that belong to the group.
Administration Guide Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices Click Save. Remove a software configuration from a user account If you remove a software configuration from a user account, the applications in the software configuration are removed from the BlackBerry device associated with the user account.
You can prevent BlackBerry device users from accessing specific web servers using the BlackBerry Browser or applications on BlackBerry devices. To specify the web servers that you want users to access, you can turn on pull authorization to restrict access to all types of web content and create pull rules to specify a list of web servers that you permit users to access.
BlackBerry devices. After you create a pull rule, you must assign it to user accounts or groups. A web site that uses DNS load balancing returns a single IP address to the BlackBerry MDS Connection Service but might use multiple IP addresses to provide access to the web site.
BlackBerry MDS Connection Service to authenticate devices to Microsoft Active Directory. A web site that uses DNS load balancing returns a single IP address to the BlackBerry MDS Connection Service but might use multiple IP addresses to provide access to the web site. As a result, the BlackBerry MDS Connection Service might not be able to restrict BlackBerry devices from accessing the web site.
To require that a user authenticates to the RSA Authentication Manager using RSA authentication, click RSA. • To require that the BlackBerry MDS Connection Service authenticates the user using integrated Windows authentication and that a user authenticates to the RSA Authentication Manager using RSA authentication, click Integrated and RSA.
BlackBerry device users can download to BlackBerry devices during each connection. Each request for data that the device makes to the BlackBerry MDS Connection Service is a connection. If you do not configure a limit for media content types, the default values apply.
BlackBerry device users can only download a specific amount of media content to BlackBerry devices with each connection. You can configure a limit in the BlackBerry Administration Service. If you do not configure a limit, the default limit applies. The following table lists the default values.
BlackBerry MDS Connection Service to support Integrated Windows authentication. Users can then access network resources such as intranet sites and network shared folders on their devices using the BlackBerry Browser or Files application without typing a user name and password.
For more information about configuring the Microsoft Active Directory account using setspn and Microsoft Active Directory, visit www.blackberry.com/btsc to read article KB22726. If a pool of application servers host a intranet site and the pool is running on Microsoft IIS and is located behind a load-balancer, use setspn or ADSI to add the SPNs of the intranet site to the user account (also known as the identity) of the pool.
Page 316
Repeat steps 1 to 6 for each intranet site that you want to turn on integrated Windows authentication for. After you finish: • If required, configure BlackBerry MDS Connection Service to use a Microsoft Active Directory account when the messaging server is in a remote Microsoft Active Directory domain. •...
Microsoft Active Directory domain If the computer that hosts the BlackBerry MDS Connection Service is not located in the same Microsoft Active Directory domain as the global catalog server or messaging server and you want to configure support for Integrated Windows authentication, you must create a Microsoft Active Directory account that the BlackBerry MDS Connection Service can use to connect to the global catalog server.
Save and close the rimpublic.properties file. In the Windows Services, restart the BlackBerry MDS Connection Service service. After you finish: Turn on Integrated Windows authentication when BlackBerry device users access resources on your organization's network. Related information Restarting BlackBerry Enterprise Server components,...
Page 319
13. Assign the pull rules to the users or groups that you want to access intranet sites or shared network folders. 14. On the Servers and components menu, expand BlackBerry solution topology > BlackBerry Domain > Component view > MDS Connection Service.
BlackBerry devices. To permit specific users to receive push requests on BlackBerry devices, you can create push rules and assign the rules to the users.
If you turned on push authentication and created push initiators to specify which push applications can send push requests, you can create push rules to specify which users are permitted to receive authenticated push requests. The BlackBerry MDS Connection Service can apply push rules only if you turn on push authorization for the BlackBerry MDS Connection Service.
Managing how users access enterprise applications and web content Restrict push applications from sending data to BlackBerry devices, Create a push rule In the BlackBerry Administration Service, in the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view. Click MDS Connection Service.
• Create a push rule. • Assign push initiators to the push rule. In the BlackBerry Administration Service, in the BlackBerry solution management menu, expand User. Click Manage users. Click View more criteria. Search for a group. Click Select all results in the entire set.
Encrypt push requests that push applications send to BlackBerry devices You can configure a BlackBerry MDS Connection Service to use SSL or TLS to encrypt the push requests that server-side push applications send to BlackBerry devices. By default, the BlackBerry MDS Connection Service does not encrypt the push requests that server-side push applications send.
To manage memory and system resources in your organization's environment, you can configure a BlackBerry MDS Connection Service to store PAP and Research In Motion push requests in the BlackBerry Configuration Database. You can also configure storage settings for the BlackBerry Configuration Database. For more information about types of push requests, visit www.blackberry.com/developers...
BlackBerry Configuration Database to store. In the Maximum push message age field, type the maximum length of time, in minutes, that you want the BlackBerry Configuration Database to store a push request before the BlackBerry Enterprise Server deletes it from the BlackBerry Configuration Database.
The BlackBerry MDS Connection Service queues push connections when the number of connections exceeds a limit that you specify. You can configure the maximum number of push connections that a BlackBerry MDS Connection Service can queue. The BlackBerry MDS Connection Service sends a "service unavailable" message to BlackBerry devices when the number of pending push connections in the queue exceeds the limit.
You can also use the wireless backup feature to restore data from the BlackBerry Enterprise Server to the BlackBerry device. By default, wireless backup is turned on when you activate BlackBerry devices.
BlackBerry Enterprise Server If the BlackBerry Enterprise Server is not writing organizer data for members of a user group from their BlackBerry devices to the BlackBerry Configuration Database correctly, the organizer data on the BlackBerry Enterprise Server might be corrupted.
BlackBerry Enterprise Server In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Synchronization. Click the instance that you want to change.
For each type of organizer data, in the Synchronization type drop-down list, perform one of the following actions: • To synchronize data from the BlackBerry Enterprise Server to the BlackBerry device only, click Server to Device. • To synchronize data from the BlackBerry device to the BlackBerry Enterprise Server only, click Device to Server.
• To synchronize data from the BlackBerry Enterprise Server to the BlackBerry device only, click Server to Device. • To synchronize data from the BlackBerry device to the BlackBerry Enterprise Server only, click Device to Server.
By default, the BlackBerry Synchronization Service synchronizes pictures that a user adds to contact entries in their contact list between the BlackBerry device and the email applications on their computer. A user can add, delete, and change pictures in the email applications on the computer or on the BlackBerry device.
Page 334
Administration Guide Managing organizer data synchronization In the Messaging configuration section, click Default configuration. On the Mappings for organizer data synchronization tab, in the Additional mappings section, in the Picture drop- down list, click None. Click Continue to user information edit. Click Save all.
BlackBerry devices. You can also manage individual user accounts, provide support to users, control the size of the message queue, and control the load on the BlackBerry Messaging Agent to process forwarding requests. By default, email message forwarding is turned on when you add a user account to the BlackBerry Enterprise Server.
Do not deliver email messages to a BlackBerry device when no filter rules apply You can configure a BlackBerry Enterprise Server to prevent the delivery of incoming email messages to a user’s BlackBerry device when no email message filters apply to the email messages.
When you turn off message forwarding for a user account, the user can send email messages from the BlackBerry device, but cannot receive email messages.
BlackBerry device If you do not want a user’s email application to receive a copy of email messages that the user sends from the BlackBerry device, you can turn off synchronization for email messages that the user sends from the BlackBerry device.
When you delete pending email messages from the incoming message queue, the BlackBerry Enterprise Server does not send the email messages to the user’s BlackBerry device. The email messages remain in the email application on the user’s computer.
Turn on reconciliation for email messages that are hard deleted Users can hard delete email messages in Microsoft Outlook and you can configure a BlackBerry Enterprise Server to remove hard deleted messages from BlackBerry devices. If you turn on hard deletes reconciliation, the BlackBerry Messaging Agent also deletes email messages from devices when users archive or move email messages to personal folders in Microsoft Outlook.
BlackBerry device By default, when a BlackBerry device user creates a meeting request , the BlackBerry device user can check to see if a potential participant is available. You can turn this feature off if you want to minimize the resource impact of the BlackBerry Enterprise Server on your organization's messaging server.
If you are changing a BlackBerry Enterprise Server instance, in the Status list, click Restart instance. • If you are changing a BlackBerry Enterprise Server pair, in the Status list for one of the instances in the pair, click Restart instance. Repeat this step for the other instance in the pair.
The BlackBerry Enterprise Server supports email messages that contain HTML and rich content on BlackBerry devices that are running BlackBerry Device Software version 4.5 or later. You can turn off support for rich content and inline images in email messages. Users can configure the message settings on the BlackBerry devices. The settings that you define override the settings that users define.
Restart instance. Repeat this step for the other instance in the pair. • In the Windows Services, restart the BlackBerry Dispatcher. Repeat step 2 through step 6 for each BlackBerry Enterprise Server instance that you want to turn off rich text formatting or inline images for.
You can change an IT policy rule to prevent the BlackBerry Enterprise Server from sending email messages that contain HTML and rich content or inline images to users. If you turn off support for rich text formatting, the BlackBerry Enterprise Server sends all email messages in plain text format.
By default, a user can synchronize contacts from all of the published public contact folders on the messaging server with the contact lists on a BlackBerry device. To help manage network resources, you can select the published public contact folders that a user can synchronize.
Control which personal mail folders a user can synchronize with a BlackBerry device To help manage network resources, you can select the personal mail folders that a user can synchronize with a BlackBerry device. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User.
BlackBerry devices. In BlackBerry Enterprise Server version 5.0 or later and BlackBerry Device Software version 5.0 or later, if you want to permit users to access specific documents that are not located on the Windows network (for example, documents that are...
If the file system requires the BlackBerry MDS Connection Service to authenticate with the remote file system, perform the following actions: • In the User name field, type the name of the account that you want the BlackBerry MDS Connection Service to use to authenticate to the remote file system. •...
To specify the communication method that the BlackBerry MDS Connection Service should try to connect to the server with first , click the Up and Down arrows. The BlackBerry MDS Connection Service resolves conflicts by applying communication methods in the order that you specify. The order of that you specify for LDAP, DSML, or file communication applies to each communication method separately.
Connection Service instance. Click Save all. To restart the BlackBerry MDS Connection Service instance, on the Instance information tab, in the Status list, click Restart instance. To assign the BlackBerry MDS Connection Service configuration set to another BlackBerry MDS Connection Service instance, repeat steps 3 to 7.
Add a disclaimer to email messages that users send from BlackBerry devices You can add a disclaimer to email messages that users send from their BlackBerry devices. Users cannot change the disclaimers that you define. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry solution topology >...
If you associate multiple disclaimers with a user account, you can specify conflict rules for the disclaimer to define the order in which the BlackBerry Enterprise Server applies the disclaimers. For example, you can configure the BlackBerry Enterprise Server to display the user disclaimer first in the email message, followed by the BlackBerry Enterprise Server disclaimer.
Sending notification messages to users You can send a notification message to a user, to all of the users associated with a BlackBerry Enterprise Server, or to all of the users in the BlackBerry Domain. You can send notifications as email messages or PIN messages. PIN messages are...
BlackBerry devices do not apply filters to PIN messages. When users reply to a notification email message, their BlackBerry devices send the replies to the Windows account that you used to install the BlackBerry Enterprise Server (for example, besadmin).
The BlackBerry Messaging Agent uses a message state database to manage the mapping between email messages on BlackBerry devices and email messages on the Microsoft Exchange Server. The size of the message state database defines how many recent email messages are kept in this mapping for each user. Increasing the size of the message state...
BlackBerry Attachment Service instances When a user sends a request to view an email message attachment on a BlackBerry device, the BlackBerry device sends a request to the BlackBerry Enterprise Server to convert the attachment. The BlackBerry Enterprise Server uses a BlackBerry Attachment Connector to send the attachment data to a BlackBerry Attachment Service, which processes the request and returns the attachment data to the BlackBerry Attachment Connector.
In the General section, in the Minimum wait for retry per request field, type the amount of time, in milliseconds, that the BlackBerry Attachment Connector waits before it resends a request that is not delivered to a BlackBerry Attachment Service.
You must install the software update for KB22953 on Windows Server 2008 if you want the BlackBerry Attachment Service to support .mp3 audio files on BlackBerry devices and all audio formats on BlackBerry 7100 Series devices that support CDMA networks. To download the software update for KB22953,...
Page 360
IBM Lotus Symphony only. The fonts that can be displayed in slides are dependent on the font types that are available on the BlackBerry Attachment Service. If a specific font is not available, the BlackBerry Attachment Service uses the most similar font type that is available.
The BlackBerry Enterprise Server sends data to BlackBerry devices over the wireless network in packets that are no larger than 64 KB, and it can send an unlimited number of packets to BlackBerry devices.
Administration Guide Managing your organization's messaging environment and attachment support In the General section, configure the BlackBerry Attachment Service optimization settings. Click Save. BlackBerry Attachment Service optimization settings Setting Description Range Submit port This setting specifies the TCP/IP port number that a BlackBerry Attachment —...
The BlackBerry Attachment Service uses memory during the attachment conversion process. If users try to open large or complex attachments (for example, .pdf files or ASCII text files that are larger than 2 MB) or multiple attachments at the same time, you might want to limit the file size for attachments.
The BlackBerry Attachment Service uses distillers to convert attachments that are in supported file formats so that users can view the attachments on their BlackBerry devices. By default, all supported distillers are turned on. You can turn off a distiller to prevent users from viewing attachments that are in a specific file format. For example, if you turn off the .pdf distiller, users cannot view .pdf attachments on their BlackBerry devices.
BlackBerry Attachment Service instances. If your organization uses new common extensions for a file format that there is a distiller available for on a BlackBerry Attachment Service, you must add those extensions to the BlackBerry Attachment Connector. For example, if users send .rtf files as .wav files, you must verify that the BlackBerry Attachment Connector supports .wav files and that the...
By default, the BlackBerry Messaging Agent limits the file size of attachments that it can receive from a BlackBerry device to a maximum of 3 MB. If the BlackBerry Messaging Agent receives more than one attachment at a time, it limits the total file size of all of the attachments to a maximum of 5 MB.
On BlackBerry devices that are running specific versions of the BlackBerry Device Software, users can download attachments in native formats (for example, .txt for a text file) to their BlackBerry devices. Users can open and make changes to the files that they download using an appropriate third-party application on their BlackBerry devices. A user might be able to open specific file formats using the media application on the BlackBerry device.
Page 368
Administration Guide Managing your organization's messaging environment and attachment support In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Email. Click the instance that you want to change.
Microsoft Exchange, the BlackBerry Enterprise Server uses MAPI and CDO libraries to manage calendars on devices. A BlackBerry Messaging Agent on the BlackBerry Enterprise Server can include a dynamic mix of user accounts that use Microsoft Exchange Web Services and user accounts that use MAPI and CDO libraries.
Configure the BlackBerry Enterprise Server to use Microsoft Exchange Web Services You can configure the BlackBerry Enterprise Server to use only Microsoft Exchange Web Services to manage calendars on BlackBerry devices. Copy the BlackBerry Enterprise Server installation files to the computer that hosts the primary BlackBerry Enterprise Server.
In the logs folder verify that the file named <server_name>_CALH_<agent_id>_<date>.txt appears. In the file name, <server_name> is the name of the BlackBerry Enterprise Server, <agent_id> is the ID of the BlackBerry Messaging Agent, and <date> is the date that you configured the BlackBerry Enterprise Server to use Microsoft Exchange Web Services.
Restart the BlackBerry Messaging Agent instances that you made changes to. Example: To specify a web address for a specific Microsoft Autodiscover service that all BlackBerry Messaging Agent instances on all BlackBerry Enterprise Server instances will use, type traittool -global -trait EWSSCPURL -set https:// server.company.com/Autodiscover/Autodiscover.xml...
Exchange that the Microsoft Autodiscover service selects. If you configure the BlackBerry Messaging Agent instances to use the web address for the client access server, the BlackBerry Messaging Agent instances do not use the Microsoft Autodiscover service to search for a client access server for Microsoft Exchange.
You can configure the BlackBerry Messaging Agent instances to use only Microsoft Exchange Web Services to determine the user's status, for example, whether a user is available, busy, or offline. By default, the BlackBerry Messaging Agent instances can determine the user's status using Microsoft Exchange Web Services unless the user is an external user or the user's email address is a distribution list.
You can use the BlackBerry Enterprise Trait Tool to specify whether corrective calendar synchronization checks calendar entries for a specific user, users on a specific BlackBerry Enterprise Server, or all users. The tool uses a hierarchy to determine what calendar entries to check. Settings at the user level override settings at the server level, settings at the server level override settings at the global level, and settings at the global level override the default settings.
Turn off corrective calendar synchronization By default, corrective calendar synchronization is turned on. If you do not want the BlackBerry Enterprise Server to check for differences between calendar entries on BlackBerry devices and calendar entries on users' computers, you can turn off corrective calendar synchronization.
By default, corrective calendar synchronization process finds calendar synchronization errors, add the errors to the BlackBerry Messaging Agent log file, and automatically corrects the errors. If you do not want corrective calendar synchronization to automatically correct calendar synchronization errors, you can turn off this function.
ExchangeSmartSyncSendUpdate -set true, where <level> is the SMTP address of a specific user account, the server name of a specific BlackBerry Enterprise Server for all user accounts that are associated with the specific BlackBerry Enterprise Server, or global for all user accounts.
To specify more than one value for when corrective calendar synchronization runs, after you extract the BlackBerry Enterprise Server installation files to the computer, you can create a list of values that are separated by commas (,) at the command prompt.
Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday, Weekdays, Weekends, or Daily. The default value is Daily. Press ENTER. Example: Configuring corrective calendar synchronization to run at 10:00 PM for all users on the BlackBerry Enterprise Server that is named SERVER01 traittool -server SERVER01 -trait ExchangeSmartSyncTriggerHour -set 22...
<name> is the setting you want to delete. • To delete a setting for all user accounts that are associated with a BlackBerry Enterprise Server, type traittool - <server_name> -trait <name> -erase, where <name> is the setting you want to delete.
BlackBerry Messaging Agent uses the MAPI32.dll library to create the temporary MAPI profiles. After you install BlackBerry Enterprise Server 4.1 SP7 or BlackBerry Enterprise Server 5.0 SP1 or later, if you are running Windows Server 2008 and notice that the limit that Windows Server 2008 places on NSPI connections is impacting MAPI performance and the flow of email messages, you can change how the BlackBerry Messaging Agent creates temporary MAPI profiles for the CalHelper application.
KB 21413. Change how the BlackBerry Enterprise Server creates temporary MAPI profiles for the CalHelper application On the computer that hosts the BlackBerry Enterprise Server, on the taskbar, click Start > Run. Type regedit. Click OK. Perform one of the following actions: •...
Installing a collaboration client on BlackBerry devices For detailed information about the methods that you can use to install a collaboration client on BlackBerry devices, see the "Add a collaboration client to the application repository" and "Alternative methods for installing BlackBerry Java Applications on devices"...
Change the instant messaging server or pool that a BlackBerry Collaboration Service connects to In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Collaboration. Expand the instant messaging environment.
You can specify your organization’s Windows domain name so that users do not have to type their user names when they log in to a collaboration client on their BlackBerry devices. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Collaboration.
To control bandwidth and resource consumption in your organization's environment, you can specify the number of instant messaging sessions that can be open between the BlackBerry Collaboration Service and the instant messaging server at the same time.
To control the use of network resources in your organization's environment, you can use the media content management feature to specify the maximum size of specific file types that BlackBerry device users can send to each other using the BlackBerry Client for IBM Lotus Sametime. The maximum file size that you specify for a file type must not exceed the maximum file size that you specified on the IBM Lotus Sametime server.
.txt files in the internal memory of their BlackBerry devices or on an external memory device. You can turn off this feature if you do not want users to save their instant messaging conversations on their BlackBerry devices.
Lotus Sametime users In the latest version of the BlackBerry Client for IBM Lotus Sametime, users can make calls to contacts directly from their contact lists. You can make additional phone numbers available to users from their contact lists, and you can make more contact information available in the contact list on BlackBerry devices by adding new fields to each user's contact information.
Page 391
Administration Guide Managing instant messaging <Set Set id="_done213238950373320" params="MailAddress,Name,Title,Location,Telephone,Photo,Company,OfficePhone,HomePhone,CellPhone,Manag er,Department,HomeAddress,HomeZip,HomeState,HomeCity,WorkAddress,WorkZip,WorkCity,WorkState,LoginId"/> Save the UserInfoConfig.xml file. Restart the IBM Lotus Domino server. To verify that the new fields were added to each user's contact information, perform the following actions: 1. Create a test user account in the IBM Lotus Domino Directory. 2.
Managing a BlackBerry Domain Restarting BlackBerry Enterprise Server components When you complete certain tasks, you need to restart one or more BlackBerry Enterprise Server components. You restart the BlackBerry Enterprise Server components using the BlackBerry Administration Service or Windows services. BlackBerry Enterprise Server...
On each computer that hosts the BlackBerry Enterprise Server component, in the Windows Services, restart the services for the component. If you want to restart all of the BlackBerry Enterprise Server components, you must restart the Windows Services in the following order: •...
The BlackBerry Enterprise Trait Tool is a stand-alone command line tool that you can use to configure specific BlackBerry Enterprise Server traits. You can configure most BlackBerry Enterprise Server settings using the BlackBerry Administration Service, but you must use the BlackBerry Enterprise Trait Tool to configure specific settings that are not available in the BlackBerry Administration Service.
Restart the BlackBerry Enterprise Server component that is associated with the trait that you configured. BlackBerry Enterprise Trait Tool traits The BlackBerry Enterprise Trait Tool includes the following traits that you can change to meet the requirements of your organization's environment:...
Page 396
Description ACP data that BlackBerry devices can receive is 4 bytes. The BlackBerry Enterprise Server check-s the value of this trait to find out how many bytes of ACP data to send to devices. If the version of the BlackBerry Device Software that the device is running is earlier than the version that this trait specifies, the BlackBerry Enterprise Server sends the device 4 bytes of ACP data instead of 8 bytes.
Page 397
This trait specifies how the BlackBerry Messaging Agent modifies MAPI profile settings when you install the BlackBerry Enterprise Server. If you want the BlackBerry Messaging Agent to modify the MAPI profile settings that the BlackBerry Enterprise Server requires for BlackBerry Enterprise Server version 4.1 SP6 and earlier, set the trait to true (1).
Page 398
If you want the BlackBerry Enterprise Server to use only Microsoft Exchange Web Services to manage calendars on devices, change the value to true (1). If you want the BlackBerry Enterprise Server to use only MAPI and CDO libraries to manage calendars on devices, change the value to false (0).
Page 399
BlackBerry Messaging Agent to receive the user's status using Microsoft Exchange Web Services, change the value to EWS. The default value is PF, the BlackBerry Messaging Agent receives the user's status using Microsoft Exchange public folders. For more information, see...
Page 400
(0) for a specific user account, all user accounts that are associated with a BlackBerry Enterprise Server, or all user accounts. The default value is true (1), the BlackBerry Enterprise Server checks for calendar errors on devices. For more information, see...
Page 401
Service to update the user directory in the BlackBerry Configuration Database. If you want the BlackBerry Mail Store Service to update the user directory in the BlackBerry Configuration Database, change the value to true (1). If you do not want the BlackBerry Mail Store Service...
Page 402
BlackBerry Configuration Database, change the value to false (0). The default value is true (1), the BlackBerry Mail Store Service updates the user directory in the BlackBerry Configuration Database. For more information, see...
Page 403
Junk folder. If you do not want the BlackBerry Enterprise Server to monitor the Junk folder for activation messages, change the value to false (0) and restart the BlackBerry Controller.
Page 404
IT policies and service books, change the value to false (0). The default value is false (0), the BlackBerry Policy Service does not use throttling to send applications the same way that it throttles IT policies and service books.
Page 405
Description PolicyThrottlingP2PKeyRate This trait specifies the maximum number of processes for PIN encryption keys that a BlackBerry Policy Service can process at one time before the BlackBerry Policy Service schedules additional processes for PIN encryption keys. The default value is 60.
Microsoft Exchange mailboxes By default, to reduce the workload on the Microsoft Exchange Server, the BlackBerry Messaging Agent 5.0 SP2 or later does not write statistics to each user's Microsoft Exchange mailbox when it processes email messages. If you want the BlackBerry Messaging Agent to function as it did in previous versions, you can permit the BlackBerry Messaging Agent to write statistics to each user's Microsoft Exchange mailbox.
Managing BlackBerry CAL keys BlackBerry CAL keys control how many user accounts can exist on a BlackBerry Enterprise Server at the same time. If you exceed the number of user accounts that can exist on a BlackBerry Enterprise Server, the BlackBerry Administration Service informs you that you require more BlackBerry CAL keys.
Copy a BlackBerry CAL key to a text file You can copy a BlackBerry CAL key to a text file and save it on a computer for reference if you want to transfer CAL keys to a different BlackBerry Enterprise Server or troubleshoot BlackBerry CAL key issues.
BlackBerry Administration Service. You can only create the user account if you use the Add from company directory option in the BlackBerry Administration Service. The Add from company directory option permits the BlackBerry Mail Store Service to search the contact information that is stored in the messaging environment so that you can create the user account even if the BlackBerry Configuration Database does not contain the contact information for the user account.
Enterprise Server might return inaccurate search results. If a user tries to search for another user's contact information but you did not specify the name of the organization that the other user belongs to in Microsoft Active Directory, the BlackBerry Enterprise Server does not return any search results.
Microsoft Active Directory You can configure the BlackBerry Enterprise Server to search for contact information or calendar availability within subtrees in a Microsoft Active Directory that you configured for multi-tenancy. When you configure the BlackBerry Enterprise Server to search within subtrees, the BlackBerry Enterprise Server searches the Microsoft Active Directory using the organizational unit information that is included in the distinguished name of the BlackBerry device users.
Enterprise Server uses MAPI to connect to the Microsoft Exchange Server and retrieve the email addresses or organizer data that is stored in Microsoft Active Directory. You can configure the BlackBerry Enterprise Server to use LDAP to connect to Microsoft Active Directory directly to retrieve email addresses, organizer data, or both.
(for example, example.com:3268). If the BlackBerry Enterprise Server must use a specific port to connect to Microsoft Active Directory and you did not specify the port number in the LDAPDomain string, perform the following actions:...
Administration Guide Managing a BlackBerry Domain Change the value to the port number. To limit the number of LDAP queries that the BlackBerry Enterprise Server needs, use the port number of the global catalog server (port 3268). If the BlackBerry Enterprise Server must use LDAPS to connect to the Microsoft Active Directory, perform the following actions: Create a DWORD value named LDAPssl.
If you are required by your organization to prevent BlackBerry device users from finding contact information for specific users, you can specify a list of users that you want to prevent BlackBerry device users from finding contact information for or you can filter users using an attribute in Microsoft Active Directory.
BlackBerry Enterprise Server can retrieve email addresses and organizer data from You can configure a BlackBerry Enterprise Server instance so that it searches for email addresses and organizer data only in a specified BaseDN in Microsoft Active Directory. On the computer that hosts the BlackBerry Enterprise Server, click Start > Run.
Database, it schedules a task to create and deliver the IT policy or service book to BlackBerry device users that must receive the update. The BlackBerry Policy Service tries to process tasks as fast as the server permits, which can result in an unexpected increase in CPU usage and database usage.
Page 418
Example: Configuring the maximum number of IT policies or service books that a BlackBerry Policy Service can send If you want to configure the maximum number of IT policies or service books that a BlackBerry Policy Service can send to...
60 second period. The default setting is 60, or one process per second. You can adjust the number of users that the BlackBerry Policy Service schedules over the 60 second interval using throttling.
Managing a BlackBerry Domain If you do not configure throttling, the BlackBerry Policy Service tries to process tasks as fast as the server permits, which might result in an unexpected increase in CPU usage and database usage. If you configure throttling, the BlackBerry Policy Service sends applications to devices using the same method that it uses to throttle IT policies and service books.
BlackBerry Configuration Database You can change the static port number that BlackBerry Enterprise Server components use if you changed the port number that the BlackBerry Configuration Database uses after you install the BlackBerry Enterprise Server. By default, the BlackBerry Configuration Database accepts TCP/IP connections to port 1433 on a Microsoft SQL Server.
BlackBerry Enterprise Server events You can change the port number that the syslog tools listen on to monitor BlackBerry Enterprise Server events. By default, the syslog tools listen to events for the BlackBerry Enterprise Server on port 514.
Registry keys determine how the BlackBerry Controller monitors the BlackBerry Enterprise Server components and restarts the services that are associated with the components. You can change the default behavior of the BlackBerry Controller by creating new registry keys and changing the default values of the registry keys.
Page 424
The default value is 6. Health checks occur every ten minutes. If a health check does not receive a response from the thread that that the BlackBerry Controller monitors, the BlackBerry Enterprise Server tracks the missed health check in the BlackBerry Messaging Agent log file as the wait count.
Page 425
3. In the Value data field, type a value. health check before it restarts the BlackBerry Messaging Agent. The default value is 2. If you configure the MissedHeartbeatThreshold value to be three, the BlackBerry Controller waits for 30 minutes before it restarts the BlackBerry Messaging Agent.
BlackBerry Enterprise Server service By default, the BlackBerry Controller restarts a BlackBerry Enterprise Server service if it stops responding. On the computer that hosts the BlackBerry Enterprise Server component that you want to change, open the Registry Editor. In the left pane, perform one of the following actions: •...
Page 427
To prevent the BlackBerry Controller from restarting the BlackBerry MDS Connection Service if the service stops responding, type 0. • To permit the BlackBerry Controller to restart the BlackBerry MDS Connection Service if the service stops responding, type 1. Change how the BlackBerry 1.
Enterprise Server Alert Tool You can use the BlackBerry Enterprise Server Alert Tool to monitor the Windows Event Log and send users that you define as notification recipients a notification message when the tool records a critical, error, warning, or informational event. You must configure notification settings for each BlackBerry Enterprise Server in your organization's BlackBerry Domain.
Page 429
Define a notification recipient You can specify a notification recipient for the BlackBerry Enterprise Server Alert Tool so that the contact receives notification messages in email or popup messages that appear on the screen. You can send popup messages to the contact if the Messenger service for Windows is running on the computer that you installed the BlackBerry Enterprise Server Alert Tool on, and if the computer is not running Windows Server 2008.
Page 430
Administration Guide BlackBerry Controller and BlackBerry Enterprise Server Component Monitoring In the Email address field, type the recipient's email address. To send notification messages as popup messages on the contact's computer, in the Console field, type the name of the contact's computer.
By default, the log files are stored in C:\Program Files\Research In Motion\BlackBerry Enterprise Server\Logs. This is the same location that the BlackBerry Enterprise Server component log files are stored in.
Turn off call logging You can use the log files for calls to monitor the time and frequency when users make calls from BlackBerry devices. The log files are named using the format PhoneCallLog_<yyyymmdd>. By default, logging for calls is turned on.
Log files for BlackBerry Enterprise Server components You can use log files to record the activity of BlackBerry Enterprise Server components and troubleshoot issues with the components. The BlackBerry Enterprise Server creates a log file for each BlackBerry Enterprise Server component and saves the log files on the computer that hosts the BlackBerry Enterprise Server.
Store the log files for BlackBerry Enterprise Server components in one folder You can store the log files for BlackBerry Enterprise Server components in one folder instead of permitting the BlackBerry Enterprise Server to save the log files in folders that it creates daily and organizes by date.
On the Servers and components menu, locate and restart the components that contain the logging settings that you changed. Related information Create an additional log file for a BlackBerry Enterprise Server component when the current log file reaches its maximum size, Restarting BlackBerry Enterprise Server components,...
Page 436
If you turn on log auto-roll for a BlackBerry Enterprise Server component, the BlackBerry Enterprise Server creates a new log file for the component when the current log file reaches the maximum size. If you turn off log auto-roll for a BlackBerry Enterprise Server component, the BlackBerry Enterprise Server overwrites the current log file for the component when the log file reaches the maximum size.
Page 437
Click the instance that contains the logging settings that you want to change. On the Logging details tab, click Edit instance. In each section, in the Maximum age of daily log files field, type the number of days that you want the BlackBerry Enterprise Server to delete the log files after.
Page 438
Server component You can change the character encoding of the log files of a BlackBerry Enterprise Server component so that the encoding supports the tools that you use to parse and examine the log files. You can specify a different character encoding for each BlackBerry Enterprise Server component.
BlackBerry Enterprise Server log files Related information Restarting BlackBerry Enterprise Server components, Component identifiers for log files You can identify the names for the BlackBerry Enterprise Server log files using the following component identifiers: Component identifier Logging component ACNV BlackBerry Attachment Service attachment conversion...
Change the logging level for BlackBerry MDS Connection Service log files You can change the logging level for the BlackBerry MDS Connection Service log file, which includes the event log, UDP log files, and TCP log files.
Page 441
Service connects to when it sends UDP log file messages The SNMP agent for the BlackBerry Enterprise Server receives UDP log file messages from the same host and port number that the BlackBerry MDS Connection Service connects to when it sends UDP log messages.
Page 442
Change the activities that the BlackBerry MDS Connection Service writes to a log file The settings for the activities that the BlackBerry MDS Connection Service writes to a log file apply to all log files, including the event log, UDP log files, and TCP log files.
Page 443
Administration Guide BlackBerry Enterprise Server log files In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > MDS Connection Service. Click a BlackBerry MDS Connection Service instance. On the Logging tab, click Edit instance.
Service proxies in the BlackBerry MDS Connection Service log files. You can find the BlackBerry MDS Connection Service log files on the computer that hosts the BlackBerry Enterprise Server. You can identify BlackBerry MDS Connection Service log files by the component identifier MDAT in the log file name.
Change which activities the BlackBerry Collaboration Service writes to a log file In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Collaboration. Expand a BlackBerry Collaboration Service, then click an instance.
Page 446
Task Steps Trace how data packets travel inside the GME network In the GME logging turned on drop-down list, click True. layer from the BlackBerry Collaboration Service to the BlackBerry Dispatcher. Click Save all. Related information Restarting BlackBerry Enterprise Server components,...
BlackBerry Enterprise Solution connection types and port numbers BlackBerry Enterprise Solution connection types and port numbers The BlackBerry Enterprise Server components authenticate the port connections over a TCP/IP or UDP/IP connection that uses SSL or TLS. BlackBerry Administration Service connection types and port numbers...
Page 448
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can type number configure the connection \Research In Motion \BlackBerry Enterprise Server \Database\Port incoming data connections from, and outgoing data HTTPS BlackBerry connections to, browsers...
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can type number configure the connection data connections between BlackBerry Administration multicast IP — Service instances address/port 228.1.2.1/48858 228.1.2.1/48857 228.1.2.1/48855 228.1.2.5/45588 data connections between BlackBerry Administration...
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection outgoing conversion results of large attachments to the 2000 BlackBerry Administration BlackBerry Attachment Connector for the BlackBerry...
Page 451
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection incoming data connections from, and outgoing data TLS or MTLS 5061 BlackBerry Administration connections to, the Microsoft Office Communications...
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection • On a 64-bit version of Windows: HKEY_LOCAL_MACHIN E\SOFTWARE \WOW6432Node \Research In Motion\ \BlackBerrySNMPAgent \Parameters\UDPPort BlackBerry Configuration Database...
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection \BlackBerry Enterprise Server\Database\Port Related information Restarting BlackBerry Enterprise Server components, BlackBerry Controller connection types and port numbers...
Enterprise Server\Agents \TcpPortDispatcher • On a 64-bit version of Windows: HKEY_LOCAL_MACHIN E\SOFTWARE \WOW6432Node \Research In Motion \BlackBerry Enterprise Server\Agents \TcpPortDispatcher incoming data connections from, and outgoing data 3200 — connections to, one or more of the following BlackBerry Enterprise Server components:...
Page 455
BlackBerry Collaboration Service • BlackBerry MDS Connection Service • BlackBerry Policy Service • BlackBerry Synchronization Service outgoing data connection that uses SRP to the BlackBerry 3101 BlackBerry Administration Router Service incoming data connections from, and outgoing data 1433 Windows registry connections to, the BlackBerry Configuration Database that •...
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection \BlackBerrySNMPAgent \Parameters\UDPPort • On a 64-bit version of Windows: HKEY_LOCAL_MACHIN E\SOFTWARE \WOW6432Node \Research In Motion \BlackBerrySNMPAgent \Parameters\UDPPort...
Page 457
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection Server\Agents \TcpPortDispatcher incoming data connections from, and outgoing data 1433 Windows registry connections to, the BlackBerry Configuration Database that •...
Page 458
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection \WOW6432Node \Research In Motion \BlackBerry Enterprise Server\Agents \SysLogHost outgoing syslog connections to the SNMP agent 4071 Windows registry •...
Administration Guide BlackBerry Enterprise Solution connection types and port numbers BlackBerry MDS Connection Service connection types and port numbers Item Connection Default port UI where you can configure type number the connection if access control for push applications is turned on,...
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection E\SOFTWARE\Research In Motion \BlackBerrySNMPAgent \Parameters\UDPPort • On a 64-bit version of Windows: HKEY_LOCAL_MACHIN E\SOFTWARE \WOW6432Node \Research In Motion...
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection other applications that you configured the BlackBerry Monitoring Service to send SNMP traps to internal data connection to the BlackBerry Monitoring...
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection E\SOFTWARE \WOW6432Node \Research In Motion \BlackBerry Enterprise Server\Database\Port incoming data connections from the BlackBerry database first unused —...
Page 463
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection \Research In Motion \BlackBerryRouter \ServicePort outgoing data connections to the BlackBerry Infrastructure 3101 BlackBerry Configuration that use SRP...
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection \WOW6432Node \Research In Motion \BlackBerryRouter \DevicePort outgoing syslog connections to the SNMP agent 4071 Windows registry •...
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection incoming data connections from, and outgoing data 1433 Windows registry connections to, the BlackBerry Configuration Database that •...
Administration Guide BlackBerry Enterprise Solution connection types and port numbers IBM Lotus Sametime connection type and port number Item Connection Default port UI where you can configure type number the connection incoming data connections from and outgoing data TCP/IP 1533...
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Microsoft Office Live Communications Server 2005 connection types and port numbers Item Connection Default port UI where you can configure type number the connection incoming data connections from, and outgoing data...
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Novell GroupWise Messenger connection type and port number Item Connection Default port UI where you can configure type number the connection incoming data connections from, and outgoing data 8300 Novell GroupWise server that...
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection \BlackBerrySNMPAgent \Parameters\UDPPort incoming syslog connections from SNMP queries and traps Windows registry outgoing syslog connections from SNMP queries and traps...
Troubleshooting Troubleshooting: Connecting to the BlackBerry Administration Service The web browser displays an HTTP 404 or HTTP 504 error message when it tries to connect to a BlackBerry Administration Service instance Possible cause Possible solution You created a BlackBerry Administration Service pool using...
Possible solution You can use TraitTool.exe to turn off the address book refresh feature for BlackBerry Enterprise Server instances that are geographically remote from the BlackBerry Configuration Database. As a result, BlackBerry Enterprise Server instances that are located geographically close to the BlackBerry Configuration Database can use the BlackBerry Mailstore Service to refresh the user information from your organization's address book in the BlackBerry Configuration Database.
Administration Guide Troubleshooting To turn on the address book refresh feature for a BlackBerry Enterprise Server again, use the same command with a value of True. Microsoft SQL Server uses a considerable amount of disk space Possible cause Reorganizing or rebuilding an index in Microsoft SQL Server can cause the size of the transaction log file in the BlackBerry Configuration Database to grow larger than expected.
BlackBerry Administration Service Possible solution Refresh the list of available user accounts that the BlackBerry Administration Service can access from the directory. By default, the BlackBerry Administration Service refreshes the list of available user accounts at 12:30 AM daily.
The IBM Lotus Sametime API cannot retrieve phone numbers for instant messaging contacts from the IBM Lotus Sametime server. If the BlackBerry Enterprise Server is located in a network that does not permit direct HTTP connections to the IBM Lotus Sametime server, the BlackBerry Collaboration Service cannot retrieve the phone numbers from the IBM Lotus...
Page 475
IBM Lotus Sametime server automatically to retrieve the phone numbers. If your organization's BlackBerry Enterprise Server is located in a restricted network that does not permit direct HTTP connections to the IBM Lotus Sametime server, you must specify an unauthenticated proxy server in the rimpublic.properties file that the BlackBerry Collaboration Service can use to establish an HTTP connection to the IBM Lotus Sametime server.
If a user is logged in to Microsoft Office Communicator on both a computer and a BlackBerry device and the user does not accept a notification about an instant message on the computer before the notification disappears, the notification about the instant message disappears from the computer but remains on the BlackBerry device.
The BlackBerry Collaboration Service Remove the instant messaging application from the BlackBerry device. Install does not support the version of the an earlier version of the instant messaging application on the BlackBerry device. instant messaging application that is installed on the BlackBerry device.
2. In the Wi-Fi field, verify that the name of the Wi-Fi network appears. If the name does not appear, resend the IT policy to the BlackBerry device, or instruct the user to configure a Wi-Fi profile on the BlackBerry device.
Page 479
• Use a wireless device, such as a computer, to ping the BlackBerry Router. The ping tests whether the BlackBerry Router is on the ACL of the access point. • If access point logs are available, view the logs to determine the error that occurred.
Page 480
IP address, and DNS IP address are configured correctly. • If the BlackBerry device uses DHCP, verify that the BlackBerry device can obtain a valid IP configuration (for example, an IP address, subnet mask, default gateway IP address, or DNS IP address).
BlackBerry device Possible cause The Wi-Fi enabled BlackBerry device is not configured to permit a user to make changes to the Wi-Fi configuration settings. Possible solution 1. In the BlackBerry Administration Service, change the WLAN Allowed Handheld Changes configuration setting in the Wi-Fi profile to Yes.
Page 482
When the BlackBerry device displays the link security method, the security on the Wi-Fi connection is turned on and active. Association This field shows the status of the BlackBerry device connection to the access point. The status indicators are the following icons: •...
Page 483
IP address of the organization’s LAN gateway. In a personal Wi-Fi network, this field specifies the internal IP address of the router for the home network. DHCP This field specifies the status of the DHCP connection to the BlackBerry device. When a check mark displays, DHCP is complete. Primary DNS This field specifies the address of an optional computer that translates host names into IP addresses.
Page 484
This field specifies the certificate that the BlackBerry device can use for Wi-Fi authentication, if applicable. Software Token If you configured a software token for the BlackBerry device, this field specifies the serial number of the software token. Status fields for VPN connections...
Page 485
VPN protects. The subnet mask and IP address provide information about the subnet that the BlackBerry device has connected to. Retry at If a BlackBerry cannot log in, this field specifies the next date and time that the BlackBerry device can try to log in. Session Lifetime...
Page 486
BlackBerry device is idle. Status fields for BlackBerry Infrastructure connections The connection status indicators for the BlackBerry Infrastructure appear on a BlackBerry device when a user makes a Wi- Fi connection or tries to make a Wi-Fi connection.
This field specifies the IP address of the server that performs authentication. Last Contact At This field specifies the last time that the BlackBerry device had contact with the BlackBerry Enterprise Server through the BlackBerry Infrastructure. Status fields for Enterprise connections...
UNC. 2. Connect a computer to the wireless access point. 3. To verify the IP address of the BlackBerry device, on the Wi-Fi Diagnostics screen, ping the computer. 4. If you do not receive a response to the ping, the reason for this error is an...
On the menu, click Send ping. Look up a computer name to resolve an IP address Using a BlackBerry device, a user can look up a computer name in the DNS server to resolve network or domain names and IP addresses.
Possible cause If BlackBerry Administration Service instances are located in different network segments that are separated by a firewall, the firewall can block the dynamic ports on the BlackBerry Administration Service. Possible solution Perform the following actions: 1.
If your organization's environment includes a firewall located between the BlackBerry Administration Service and BlackBerry Monitoring Service, the firewall can block the JNDI delegate port on the BlackBerry Administration Service. By default, the JNDI delegate port is configured to 0 (any port).
IT policy packs, search the BlackBerry Technical Solution Center at www.blackberry.com/support. For example, to find the IT policy pack that includes the IT policy rules for BlackBerry Device Software 5.0, search for "IT policy rules for BlackBerry Device Software 5.0".
American Standard Code for Information Interchange blind carbon copy BlackBerry CAL A BlackBerry Client Access License (BlackBerry CAL) limits how many users you can add to a BlackBerry Enterprise Server. BlackBerry Domain A BlackBerry Domain consists of the BlackBerry Configuration Database with its users and any BlackBerry Enterprise Server instances that connect to it.
Page 494
Glossary CMIME Compressed Multipurpose Internet Mail Extension content protection Content protection helps protect user data on a locked BlackBerry device by encrypting the user data using the content protection key and ECC private key. certificate revocation list certificate signing request...
Page 495
BlackBerry smartphones, BlackBerry PlayBook tablets, the BlackBerry Desktop Software, and the BlackBerry Web Desktop Manager. IT policy rule An IT policy rule permits you to customize and control the actions that BlackBerry smartphones, BlackBerry PlayBook tablets, the BlackBerry Desktop Software, and the BlackBerry Web Desktop Manager can perform.
Page 496
Administration Guide Glossary messaging server A messaging server sends and processes messages and provides collaboration services, such as updating and communicating calendar and address book information. MIDP Mobile Information Device Profile MIME Multipurpose Internet Mail Extensions mirror database In database mirroring, a mirror database is a standby copy of a principal database. mobile network code MTLS Mutual Transport Layer Security...
Page 497
Glossary Structured Query Language Server Routing Protocol SRP ID The SRP ID is a unique identifier for the BlackBerry Enterprise Server that the BlackBerry Enterprise Server uses to identify itself to the BlackBerry Infrastructure during SRP authentication. SSID service set identifier...
Page 499
Some airtime service providers might not offer ® Internet browsing functionality with a subscription to the BlackBerry Internet Service. Check with your service provider for availability, roaming arrangements, service plans and features. Installation or use of Third Party Products and Services with RIM's products and services may require one or more patent, trademark, copyright, or other licenses in order to avoid infringement or violation of third party rights.
Page 500
RIM. Certain features outlined in this documentation require a minimum version of BlackBerry Enterprise Server, BlackBerry Desktop Software, and/or BlackBerry Device Software.