Page 1: Microsoft Exchange
BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 3...
Page 2 Published: 2012-09-24 SWD-20120924140022907...
Page 3: Table Of Contents
Add an administrator account to a group .......................... 36 Specify an email address for the BlackBerry Administration Service .................. 37 Permit an administrator to log in to the BlackBerry Administration Service using a messaging server account ....37 Assign a BlackBerry device to an administrator account ....................38 Using an IT policy to manage BlackBerry Enterprise Solution security ..........
Page 4 Delete an IT policy ................................57 Configuring security options ......................58 Encrypting data that the BlackBerry Enterprise Server and a BlackBerry device send to each other ........58 Algorithms that the BlackBerry Enterprise Solution uses to encrypt data ..............58 Change the symmetric key encryption algorithm that the BlackBerry Enterprise Solution uses ........
Page 5 Adding a user account to the BlackBerry Enterprise Server ....................85 Add a user account ..............................85 Create a user account that is not in the contact list in the BlackBerry Configuration Database ........86 Export a list of user accounts ............................87 Importing a list of user accounts to a BlackBerry Enterprise Server ................
Page 6 Use the BlackBerry Administration Service to find the time and reason for the last automatic failover event ....109 Fail over the BlackBerry Enterprise Server manually using the BlackBerry Administration Service ........109 Fail over the BlackBerry Enterprise Server manually using the BlackBerry Configuration Panel ........110 Configuring high availability for BlackBerry Enterprise Server components ........
Page 7 ................................133 Start the BlackBerry Enterprise Server instances ...................... 134 Reacting if the BlackBerry Configuration Database that you configured for transactional replication stops responding ..134 Return to the BlackBerry Configuration Database when you configured transactional replication ........135 Configuring a new mirror BlackBerry Configuration Database ..................
Page 8 Share the Research In Motion folder that contains the BlackBerry Java Application ..........176 Configure the standalone application loader tool to install the BlackBerry Java Application in automated mode ..177 Install the BlackBerry Java Application using the standalone application loader tool ..........177 Installing BlackBerry Java Applications using a web browser on BlackBerry devices ............
Page 9 Configuring how the BlackBerry MDS Connection Service connects to BlackBerry devices ..........201 Specify the maximum amount of data that a BlackBerry MDS Connection Service can send to BlackBerry devices ..201 Specify the pending content timeout limit for a BlackBerry MDS Connection Service ..........202 Permit Java applications to use scalable socket connections with a BlackBerry MDS Connection Service ....
Page 10 Map a contact list field in an email application to a contact list field on a BlackBerry device ........214 Map a contact information field in an email application to contact list fields on BlackBerry devices ......215 Map a contact list field in an email application to a contact list field on a BlackBerry device ........215 Configuring BlackBerry devices to enroll certificates over the wireless network ......
Page 11 Prerequisites: Distributing a certificate using the BlackBerry Desktop Manager ............252 Distribute a certificate using the BlackBerry Desktop Manager ................. 252 Configure PEAP configuration settings in the Wi-Fi profile on a BlackBerry device ............. 253 Configuring EAP-TLS authentication ..........................254 Configure EAP-TLS authentication data for BlackBerry devices using a Wi-Fi profile ..........
Page 12 Preparing a device for redistribution to a new user ......................274 Use the BlackBerry Administration Service to delete user data and assign the device to a new user ......274 Use the BlackBerry Administration Service to delete device data and disable the device before assigning the device to a new user ..............................
Page 13 Change how to install, update, or remove BlackBerry Java Applications ..............294 Change how to install or update the BlackBerry Device Software ................296 Change how the BlackBerry Enterprise Server sends standard application settings to BlackBerry devices ....297 Managing the distribution settings for a specific job ......................298 Specify the start time and priority for a job ........................
Page 14 Turn off organizer data synchronization for a specific user account ................330 Changing how organizer data synchronizes ........................331 Change the direction of organizer data synchronization for all user accounts on a BlackBerry Enterprise Server ..331 Change the direction of organizer data synchronization for a specific user account ........... 331 Change how the BlackBerry Administration Service resolves conflicts during organizer data synchronization for all user accounts on a BlackBerry Enterprise Server ......................
Page 15 Prevent a user from searching for remote email messages using a device ..............342 Managing email messages that contain HTML and rich content ..................343 View whether a user turned on support for email messages that contain HTML and rich content for a BlackBerry device ..................................343 Turn off support for rich text formatting and inline images in email messages for users on a BlackBerry Enterprise Server ..................................
Page 16 Change the maximum file size of attachments that users can download ..............367 Managing calendars ........................369 Configuring the BlackBerry Enterprise Server to use Microsoft Exchange Web Services or MAPI and CDO libraries ... 369 Prerequisites: Configuring the BlackBerry Enterprise Server to use Microsoft Exchange Web Services ....... 369 Turn off client throttling in Microsoft Exchange 2010 ....................
Page 17 Prevent users from sending specific file types to instant messaging contacts using the BlackBerry Client for IBM Lotus Sametime ............................... 388 Specifying the maximum size of file types that users can send using the BlackBerry Client for IBM Lotus Sametime .. 388 Prevent users from sending instant messaging conversations in email messages ............389 Prevent users from saving instant messaging conversations ..................
Page 18 Change the port number that BlackBerry Enterprise Server components use to connect to the BlackBerry Configuration Database ..............................421 Change the port number that the syslog tools use to monitor BlackBerry Enterprise Server events ........422 BlackBerry Controller and BlackBerry Enterprise Server Component Monitoring ......423 How the BlackBerry Controller monitors the BlackBerry Enterprise Server components ...........
Page 19 A user did not accept a notification about an instant message on a computer and the notification disappeared ..476 A user receives a 301 error when the user logs in to an instant messaging application on a BlackBerry device ... 476 Troubleshooting: BlackBerry Web Desktop Manager .......................
Page 20 Legal notice ..........................498...
Page 21: Overview: Blackberry Enterprise Server
Overview: BlackBerry Enterprise Server The BlackBerry Enterprise Server is designed to be a secure, centralized link between an organization's wireless network, communications software, applications, and BlackBerry smartphones. The BlackBerry Enterprise Server integrates with your organization's existing infrastructure to provide smartphone users with mobile access to your organization's resources.
Page 22: Getting Started In Your Blackberry Enterprise Server Environment
Getting started in your BlackBerry Enterprise Server environment The following table lists the tasks that administrators typically perform after installing a BlackBerry Enterprise Server, and the chapter or section in the BlackBerry Enterprise Server Administration Guide that contains the information required to complete the task.
Page 23 IT policies or create new IT policies. • Section: Using an IT policy to manage BlackBerry Enterprise Solution security Add user accounts to the BlackBerry Enterprise Server. Configuring user accounts • Section: Adding a user account to the BlackBerry Enterprise Server Create groups.
Page 24 Configure BlackBerry Enterprise Server high availability. Configuring BlackBerry Enterprise Server high availability Optional tasks Task Chapter Update BlackBerry Device Software on BlackBerry devices. Visit www.blackberry.com/go/serverdocs to see the BlackBerry Device Software Update Guide. Make the BlackBerry Web Desktop Manager available to Making the BlackBerry Web Desktop Manager available to users and configure the BlackBerry Web Desktop Manager.
Page 25 Use the BlackBerry Monitoring Service to troubleshoot Visit www.blackberry.com/go/serverdocs to see the issues and monitor the health of a BlackBerry Enterprise BlackBerry Enterprise Server Monitoring Guide. Server. Change how the BlackBerry Enterprise Server creates log BlackBerry Enterprise Server log files...
Page 26: Log In To The Blackberry Administration Service For The First Time
Click Log in. Related information Best practice: Running the BlackBerry Enterprise Server, The web browser displays an HTTP 404 or HTTP 504 error message when it tries to connect to a BlackBerry Administration Service instance, There is a problem with this website's...
Page 27: This Connection Is Untrusted
Log in to the BlackBerry Administration Service for the first time Possible solution Add the web address for the BlackBerry Administration Service to the list of trusted web sites in Windows Internet Explorer, and install the certificate for the BlackBerry Administration Service in the certificate store of your computer.
Page 28 Administration Guide Log in to the BlackBerry Administration Service for the first time 2. Click I Understand the Risks. 3. Click Add Exception. 4. Click Confirm Security Exception. 5. Close and reopen the browser.
Page 29: Creating Administrator Accounts
You can also assign roles to groups and add administrator accounts to groups. This allows you to specify administrative role permissions at a group level instead of at an individual level. If the group contains BlackBerry device users, the roles are also assigned to the users and the users become administrators.
Page 30 Administration Guide Creating administrator accounts Senior Junior Enterprise Server only User only Permission name Security role Helpdesk Helpdesk role role role role role Create a group Delete a group View a group (across Group) Edit a group (across Group) Create a user Delete a user View a user (across Group) Edit a user (across Group)
Page 31 Resend data to devices Create a software configuration View a software configuration Edit a software configuration Delete a software configuration View BlackBerry Administration Service software management Edit BlackBerry Administration Service software management Create an application View an application Edit an application...
Page 32 Administration Guide Creating administrator accounts Senior Junior Enterprise Server only User only Permission name Security role Helpdesk Helpdesk role role role role role Clear synchronization backup data Clear user statistics Export statistics Reset user field mapping Turn on redirection Turn off redirection Refresh available user list from company directory Add User from Company...
Page 33 Edit job distribution settings Delete an instance Edit license keys View license keys Manually fail a job Clear instance statistics View push rules for the BlackBerry MDS Connection Service View pull rules for the BlackBerry MDS Connection Service Send message (across Group)
Page 34: Creating Roles
You can create roles for administrator accounts so that administrators in your organization can perform specific tasks and view specific information in the BlackBerry Administration Service, BlackBerry Monitoring Service, and BlackBerry Web Desktop Manager. For example, you can create a role that has all permissions turned off by default and you can customize the role by turning on specific permissions.
Page 35: Create A Role Based On An Existing Role
Create an administrator account You can create an account for administrators so that they can log in to the BlackBerry Administration Service and manage the BlackBerry Enterprise Server. You create an administrator account and assign the account to one or more roles. The...
Page 36: Add An Administrator Account To A Group
Note: If you add a role to a group, all accounts in the group become administrator accounts and have all of the permissions that are assigned to that role, even if the accounts are user accounts for BlackBerry device users.
Page 37: Specify An Email Address For The Blackberry Administration Service
BlackBerry Administration Service using a messaging server account You can permit an administrator to log in to the BlackBerry Administration Service using a user name and password for the messaging server. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User.
Page 38: Assign A Blackberry Device To An Administrator Account
10. Click Save all. Assign a BlackBerry device to an administrator account You can assign a BlackBerry device to an administrator without creating a separate user account. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User. Click Manage users.
Page 39: Using An It Policy To Manage Blackberry Enterprise Solution Security
By default, if you do not assign an IT policy to the user account or group, the BlackBerry Enterprise Server sends the Default IT policy. If you delete an IT policy that you assigned to the user account or group, the BlackBerry Enterprise Server automatically re-assigns the Default IT policy to the user account and resends the Default IT policy to the device.
Page 40: Preconfigured It Policies
Using an IT policy to manage BlackBerry Enterprise Solution security To use an IT policy rule on a BlackBerry device, you must verify that the BlackBerry Device Software version supports the IT policy rule. For example, you cannot use the Disable Camera IT policy rule to control whether a BlackBerry device user can access the camera on the device if the BlackBerry Device Software version does not support the IT policy rule.
Page 41: Default Values For Preconfigured It Policies
Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security Preconfigured IT policy Description Medium Security with No 3rd Party Similar to the Medium Password Security, this policy requires a complex Applications password that a user must change frequently, a security timeout, and a maximum password history.
Page 42 Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security IT policy rule Default IT Individual- Basic Medium Medium Advanced Advanced policy Liable Password Password Password Security IT Security Device IT Security IT Security IT Security policy with No 3rd...
Page 43 Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security IT policy rule Default IT Individual- Basic Medium Medium Advanced Advanced policy Liable Password Password Password Security IT Security Device IT Security IT Security IT Security policy with No 3rd...
Page 44: Creating And Importing It Policies
Enterprise Upgrade Creating and importing IT policies Create an IT policy In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy. Click Create an IT policy. Type a name and description for the IT policy. Click Save.
Page 45: Create An It Policy Based On An Existing It Policy
CAUTION: For you to import IT policy data successfully, the IT policy data file must contain all of the IT policies that are assigned to user accounts and groups in the BlackBerry Domain that you are importing IT policy data to.
Page 46: Import It Policy Rules From An It Policy Pack
Preconfigured IT policies, Import IT policy rules from an IT policy pack You can import the IT policy rules that Research In Motion releases in an IT policy pack into your organization's BlackBerry Enterprise Server. Download the IT policy pack to your computer and extract the contents of the file.
Page 47: Assign An It Policy To A Group
Using an IT policy to manage BlackBerry Enterprise Solution security Assign an IT policy to a group In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Group. Click Manage groups. In the Manage groups section, click the group that you want to assign an IT policy to.
Page 48: Sending An It Policy Over The Wireless Network
Manager apply the configuration changes immediately. By default, the BlackBerry Enterprise Server is designed to resend an IT policy to the device within a short period of time after you update the IT policy using the BlackBerry Administration Service. You can also resend an IT policy to a specific device manually.
Page 49: Assigning It Policies And Resolving It Policy Conflicts
You can assign IT policies directly to a user account or to a group. By default, if you do not assign an IT policy to a user account or a group that the user is a member of, the BlackBerry Enterprise Server applies the Default IT policy to the user account.
Page 50: Option 1: Applying One It Policy To Each User Account
Option 1: Applying one IT policy to each user account You can configure the BlackBerry Enterprise Server to apply only one IT policy to a user account when a user account is a member of multiple groups that have different IT policies. In this scenario, the BlackBerry Enterprise Server applies the IT policy that you ranked the highest in the BlackBerry Administration Service.
Page 51: Option 2: Applying Multiple It Policies To Each User Account
Option 2: Applying multiple IT policies to each user account, Rank IT policies You must rank the IT policies that you create so that the BlackBerry Enterprise Server can resolve IT policy conflicts when a user account is a member of multiple groups that have different IT policies.
Page 52 Using an IT policy to manage BlackBerry Enterprise Solution security If you install BlackBerry Enterprise Server 5.0 SP2 or later, this is the default method for resolving IT policy conflicts. If you upgrade to BlackBerry Enterprise Server 5.0 SP2 or later from a previous version of the BlackBerry Enterprise Server, the default method for resolving IT policy conflicts is to assign one IT policy to each user account according to the rankings of the IT policies that you specify in the BlackBerry Administration Service.
Page 53 Option 2: Applying multiple IT policies to each user account, Rank IT policies You must rank the IT policies that you create so that the BlackBerry Enterprise Server can resolve IT policy conflicts when a user account is a member of multiple groups that have different IT policies.
Page 54: View The Resolved It Policy Rules That Are Assigned To A User Account
If you change the Disable users with unapplied IT policy option to True, by default, the BlackBerry Enterprise Server sends the IT policy to the BlackBerry devices every 30 minutes until the BlackBerry devices apply the IT policy or the time limit...
Page 55: Deactivate Blackberry Devices That Do Not Have It Policies Applied
If the time limit expires, the BlackBerry Enterprise Server deactivates the BlackBerry device PINs. The permitted range for this option is 0 hours to 8760 hours. If you specify 0 hours, BlackBerry devices deactivate when the IT policy cannot apply automatically.
Page 56: Change Or Delete It Policy Rules For Third-Party Applications
If you export all IT policy data to a data file, you must create an encryption password for the data file that you can use to protect the data file. You can import the data file at a later time to another BlackBerry Domain.
Page 57: Delete An It Policy
Using an IT policy to manage BlackBerry Enterprise Solution security 10. Click Close. Delete an IT policy In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy. Click Manage IT policies. In the list of IT policies, click an IT policy.
Page 58: Configuring Security Options
BlackBerry Enterprise Solution uses BlackBerry transport layer encryption. BlackBerry transport layer encryption is designed to encrypt data from the time that a BlackBerry device user sends a message from the BlackBerry device to when the BlackBerry Enterprise Server receives the message, and from the time that the BlackBerry Enterprise Server sends a message to when the BlackBerry device receives the message.
Page 59: Change The Symmetric Key Encryption Algorithm That The Blackberry Enterprise Solution Uses
BlackBerry Enterprise Solution to use. Click Save All. After you finish: Re-activate all of the BlackBerry devices that are located in the BlackBerry Domain so that users can send and receive email messages on their BlackBerry devices.
Page 60: Turn On The Enterprise Service Policy
BlackBerry Enterprise Server. To add a new BlackBerry device, on the Add new allowed PINs tab, in the New allowed PINs field, type the PIN for the BlackBerry device. Click the Add icon.
Page 61: Permit A User To Override The Enterprise Service Policy
To extend messaging security, you must instruct the BlackBerry device user to install the PGP Support Package for BlackBerry smartphones on the BlackBerry device and to transfer the PGP private key of the BlackBerry device user to the BlackBerry device. The BlackBerry device user can use the PGP private key to digitally sign, encrypt, and send PGP protected messages from the BlackBerry device.
Page 62: Extending Messaging Security Using S/Mime Encryption
Configure the BlackBerry Enterprise Solution to support PGP encryption Configure the PGP Universal Server Address IT policy rule in the IT policy that you assign to BlackBerry device users. Instruct users to install the PGP Support Package for BlackBerry smartphones on BlackBerry devices.
Page 63 True. • To permit BlackBerry device users that have email applications that do not support S/MIME to read the text of an S/MIME-protected message, in the Send S/MIME messages in clear-signed format drop-down list, click True.
Page 64: Blackberry Enterprise Server
Use PKCS #7 MIME type drop-down list, click True. Click Save all. To make sure that the changes take effect immediately, perform the following actions to restart the BlackBerry Messaging Agent: On the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain >...
Page 65: Enforcing Secure Messaging Using Classifications
S/MIME message protection or PGP message protection that applies to the email messages. If a user does not select a message classification, by default, the BlackBerry device applies the first classification in the message classification list on the BlackBerry device. You can change the order that the BlackBerry device lists the classifications in.
Page 66: Create A Message Classification Based On An Existing Message Classification
After you finish: If you create more than one message classification, order the message classifications in the list. By default, if a user does not select a message classification, the BlackBerry device applies the first message classification in the list.
Page 67: Delete A Message Classification
PIN-message encryption By default, all BlackBerry devices store a common PIN encryption key that they use to protect PIN messages. To limit the number of devices that can decrypt PIN messages that BlackBerry device users in your organization send from their devices, you can generate a new PIN encryption key that is stored on and known only to devices in your organization.
Page 68: Turn Off Blackberry Services That The Blackberry Mds Connection Service, Blackberry Collaboration Service, And Blackberry Mvs Provide
Internet, running applications that communicate with application servers and content servers, sending or receiving instant messages, or making calls using VoIP. You can turn off the BlackBerry services if you want to enhance security, save bandwidth on the wireless network, or conserve system resources on the computer.
Page 69: Changing When A Blackberry Device Cleans The Blackberry Device Memory
The BlackBerry device user changes the time or time zone on the BlackBerry device. To change when the memory cleaner application runs, you can use IT policies or the BlackBerry device user can turn on or turn off the memory cleaner application in the Security options on the BlackBerry device.
Page 70: Best Practice: Configuring Additional Memory Cleaner Settings For Blackberry Devices
Start the memory cleaner after a specific amount of time Set the Memory Cleaner Maximum Idle Time IT policy rule has elapsed. to the desired time (for example, 10 minutes). For more information, see the BlackBerry Enterprise Server Policy Reference Guide and S/MIME Support Package User Guide Supplement.
Page 71: Configuring The Blackberry Enterprise Server Environment
BlackBerry Mail Store Service, BlackBerry Policy Service, and BlackBerry Synchronization Service to manual. To avoid errors in the BlackBerry Enterprise Server, do not change the startup type for the BlackBerry Enterprise Server services. Do not change the account information...
Page 72: Configuring Certain Blackberry Enterprise Server Components To Use Proxy Servers
Proxy servers typically do not permit network traffic between servers that are on the same side of the firewall, so you can configure certain BlackBerry Enterprise Server components to use a .pac file, or to access the Internet directly through a proxy server.
Page 73: Configure A Blackberry Enterprise Server Component To Use A Proxy Server
You can specify more than one proxy string in a proxy mapping rule for a web address. If the BlackBerry Enterprise Server component cannot access the web server using the first proxy string, it tries to access the web server using the subsequent proxy strings that you specify, until the component accesses the web server.
Page 74: Configure A Blackberry Enterprise Server Component To Authenticate To A Proxy Server On Behalf Of Blackberry Devices
BlackBerry devices. Before you begin: If you want to configure the BlackBerry MDS Connection Service to authenticate to a proxy server on behalf of BlackBerry devices, turn on authentication support for the BlackBerry MDS Connection Service.
Page 75: Configuring Proxy Selection For The Blackberry Administration Service
Depending on the operating system on the computer that hosts the BlackBerry Administration Service instance, you can use the Proxy Configuration Tool or the Network Shell Utility to manually select a proxy server for a BlackBerry Administration Service instance. You must configure manual proxy selection for all of the computers that host a BlackBerry Administration Service instance.
Page 76 If you want to configure the BlackBerry Administration Service to use the Web Proxy Autodiscovery Protocol to select a proxy server automatically, you must use the BlackBerry Enterprise Trait Tool. The Web Proxy Autodiscovery Protocol uses DHCP and DNS to find a PAC file. Perform this task on any computer that hosts a BlackBerry Administration Service instance.
Page 77: Configuring The Blackberry Administration Service To Authenticate With A Proxy Server
BlackBerry Enterprise Trait Tool. You can specify the credentials for either the entire BlackBerry Domain or for individual BlackBerry Administration Service instances. The BlackBerry Administration Service tries the credentials that you specify for the BlackBerry Administration Service instance first and then tries the credentials that you specify for the BlackBerry Domain.
Page 78 BlackBerry Administration Service instance and <password> is the password for the computer. Delete credentials for HTTP basic authentication On the computer that hosts the BlackBerry Administration Service, at the command prompt, navigate to the folder that contains the TraitTool.exe file. Perform one of the following tasks:...
Page 79: Configuring Multiple Blackberry Enterprise Server Instances To Use The Same Blackberry Enterprise Server Component
Enterprise Server instance that you want to use the BlackBerry MDS Connection Service. Click Add. Repeat steps 4 and 5 for each BlackBerry Enterprise Server instance that you want to have use the BlackBerry MDS Connection Service. Click Save all.
Page 80: Configure Multiple Blackberry Enterprise Server Instances To Use The Same Blackberry Collaboration Service
Configuring support for Unicode languages Configure support for Unicode languages You can make sure that the messaging application can display the Unicode messages that the BlackBerry device sends by configuring the BlackBerry Enterprise Server to support Unicode languages (for example, Japanese, Korean, or Simplified Chinese).
Page 81: Change The Character Encoding That The Blackberry Enterprise Server Uses To Send Unicode Messages
(for example, if email applications cannot display attachment file names or contact lists correctly), you can configure the BlackBerry Enterprise Server to select another character encoding to use to process Unicode messages. Before you begin: Configure support for Unicode languages.
Page 82: Configure Support For Unicode Text In Calendars On Blackberry Devices In A Microsoft Exchange Environment
To configure the BlackBerry Enterprise Server to select the most appropriate character encoding when it encodes email messages that use RTF or HTML, type 2. If the BlackBerry Enterprise Server cannot identify which character encoding to use, the BlackBerry Enterprise Server encodes email messages that use RTF or HTML in UTF-8.
Page 83 Visit http://support.microsoft.com/kb/923537/en-us to download and install the required hotfix on the computer that will host the BlackBerry Enterprise Server. On the BlackBerry Enterprise Server, on the Start menu, click Run. Type regedit. Click OK. Perform one of the following actions: •...
Page 84: Configuring User Accounts
You can create user groups and assign user accounts to user groups based on custom criteria, such as user location, organizational group, or BlackBerry device model. User accounts that are part of a user group can exist on multiple BlackBerry Enterprise Server instances in the BlackBerry Domain.
Page 85: Adding A User Account To The Blackberry Enterprise Server
Assigning BlackBerry devices to users, Add a user account You can add a user account to the BlackBerry Enterprise Server, assign a BlackBerry device to a user account and activate the BlackBerry device. The user account must exist on your organization's messaging server.
Page 86: Create A User Account That Is Not In The Contact List In The Blackberry Configuration Database
You can create a user account for a user even if the did not yet synchronize the contact information for the user account to the BlackBerry Configuration Database. If the BlackBerry Mail Store Service did not synchronize the contact information and you create a user account, the BlackBerry Administration Service does not display the user account in the search results.
Page 87: Export A List Of User Accounts
Export a list of user accounts You can export a list of user accounts from a BlackBerry Enterprise Server to a .csv file. The .csv file contains information about the user accounts, such as the user ID, display name, PIN and email address. You can import the list of user accounts to another BlackBerry Enterprise Server.
Page 88 Configuring user accounts incorrectly formatted in the .csv file), the BlackBerry Administration Service continues to process the remaining actions that are listed in the file and displays an error message for the action that the BlackBerry Administration Service could not process.
Page 89 "jbuac@example.com","JBUAC0011,"Admins","specify", "asdf","24" Import multiple user accounts from a .csv file You can import a list of user accounts from a .csv file to a BlackBerry Enterprise Server so that you can manage the user accounts. Before you begin: Create a .csv file.
Page 90 Administration Guide Configuring user accounts Click Import new users. In the Import users from a list section, click Browse. Navigate to the .csv file that contains the user accounts that you want to import. Click Continue. Perform the appropriate actions for the user accounts.
Page 91: Assigning Blackberry Devices To Users
BlackBerry device. You can synchronize messages for a new user or for a user whose PIN changed when they received a replacement BlackBerry device. When the BlackBerry Enterprise Server synchronizes messages onto a BlackBerry device, it applies the message filter rules and redirection settings that are specific to the user account.
Page 92: Prevent The Blackberry Enterprise Server From Synchronizing Existing Email Messages Onto A Blackberry Device
In the Prepopulation by message count field, type 0. Click Save all. Assigning BlackBerry devices to user accounts To assign BlackBerry devices to user accounts and activate the BlackBerry devices, you can use any of the following methods: Method Description...
Page 93: Option 1: Activate A Blackberry Device Using The Blackberry Administration Service
Wi-Fi network. If you add a user account that was previously located on another BlackBerry Enterprise Server in a different BlackBerry Domain, or the user previously used the BlackBerry Desktop Redirector, you must assign a BlackBerry device to the user account using the BlackBerry Administration Service.
Page 94: Option 2: Activating A Blackberry Device Over The Wireless Network
To activate a BlackBerry device over the wireless network, you assign an activation password to a user account. The user receives the activation password in an email message and associates the BlackBerry device with the email account by typing the password on the BlackBerry device.
Page 95 Assigning BlackBerry devices to users Activation passwords The BlackBerry Enterprise Server activates a BlackBerry device over the wireless network using the wireless activation authentication protocol and an activation password that is specific to the user account associated with the BlackBerry device. Item...
Page 96 You can customize the type of activation password and the number of characters the password can contain that you send to BlackBerry devices in a BlackBerry Domain. You can also change the length of time that the activation password exists before it expires.
Page 97: Option 3: Activating Blackberry Devices Over The Lan
When users complete the activation process, the BlackBerry Enterprise Server sends email messages and organizer data to the BlackBerry devices through the BlackBerry Router. If a connection to the BlackBerry Router is interrupted, the data transfer continues over the wireless network.
Page 98: Option 4: Activating Blackberry Devices Using The Blackberry Web Desktop Manager
(also known as a Mail User Agent). As an SMTP client, the BlackBerry Router communicates with an SMTP server, that sends an ETP message to the user. The ETP message is the email message that the BlackBerry Router sends to the user’s mailbox during the activation process.
Page 99 • To restrict the BlackBerry Router so that it acts only as a gateway for BlackBerry device activations over the enterprise Wi-Fi network, on a computer that does not host a BlackBerry Enterprise Server, install a BlackBerry Router whose only purpose is to provide a connection to Wi-Fi enabled BlackBerry devices over the enterprise Wi-Fi network.
Page 100 If you want to activate a Wi-Fi enabled BlackBerry device using the enterprise Wi-Fi network, you can instruct a BlackBerry user to perform the following task on the BlackBerry device. If you want to reactivate a BlackBerry device, you must create a new activation password for the BlackBerry device.
Page 101: Configuring Blackberry Enterprise Server High Availability
Check the health of a BlackBerry Enterprise Server If you configured BlackBerry Enterprise Server high availability, you can check the health of a BlackBerry Enterprise Server instance to verify that it is running as expected. In the BlackBerry Administration Service, in the Servers and components menu, expand High availability.
Page 102: How The Blackberry Enterprise Server Uses Health Parameters
Administration Guide Configuring BlackBerry Enterprise Server high availability receives this information in real time from the BlackBerry Enterprise Server instance so that the failover status is always up- to-date. How the BlackBerry Enterprise Server uses health parameters The BlackBerry Enterprise Server uses health parameters to define the failover and promotion thresholds. The health parameters indicate if a BlackBerry Enterprise Server service or component is healthy or unhealthy.
Page 103 For failover to occur when the standby BlackBerry Enterprise Server can provide the same services that the primary BlackBerry Enterprise Server can provide when it is healthy, you can move the promotion threshold so that it is equal to the failover threshold.
Page 104: Changing The Promotion Threshold And Failover Threshold
BlackBerry Enterprise Server meets all of your organization’s requirements. In this scenario, you configure the standby BlackBerry Enterprise Server to promote itself when it can provide most or all of the BlackBerry services that your organization requires. The primary BlackBerry Enterprise Server does not demote itself as long as it can provide at least the BlackBerry services that your organization considers essential.
Page 105 Administration Guide Configuring BlackBerry Enterprise Server high availability Click the name of the BlackBerry Enterprise Server pair that you want to change the health parameters and thresholds for. Click Edit Automatic Failover settings. To change the order of the health parameters and thresholds, click the Up and Down icons.
Page 106: Changing When Automatic Failover Occurs By Customizing The Health Parameters For User Accounts And Messaging Servers
For example, if your organization requires that all users can access email messages from BlackBerry devices at all times and that the BlackBerry Enterprise Server is connected to all of the messaging servers at all times, you can change the...
Page 107 Example: Changing the percentage of the User accounts health parameter If you want to change the percentage of the User accounts health parameter to 80% for a BlackBerry Enterprise Server pair and the primary BlackBerry Enterprise Server instance is named server03, you can type traittool.exe -host server03 -trait UserHealthPercentage -set 80.
Page 108: Prerequisites: Configuring The Blackberry Enterprise Server Pair To Fail Over Automatically
Click Turn on automatic BlackBerry Enterprise Server failover. In the System status section, the value for the Automatic BlackBerry Enterprise Server failover mode field changes to True. After you finish: To turn off automatic failover, click Turn off automatic BlackBerry Enterprise Server failover.
Page 109: Monitoring The Blackberry Enterprise Server For An Automatic Failover Event
When an automatic failover event occurs, the primary BlackBerry Enterprise Server and standby BlackBerry Enterprise Server write the time and reason at logging level 5 (Verbose) in the log files for the BlackBerry Dispatcher, BlackBerry Controller, and BlackBerry Messaging Agent. The BlackBerry Controller and BlackBerry Dispatcher instances for the primary BlackBerry Enterprise Server and standby BlackBerry Enterprise Server create SNMP alerts using the BlackBerry Enterprise Server Alert Tool.
Page 110: Fail Over The Blackberry Enterprise Server Manually Using The Blackberry Configuration Panel
BlackBerry Configuration Panel You can use the BlackBerry Configuration Panel to force the primary BlackBerry Enterprise Server to perform a failover process if it is not running as expected or if it requires maintenance. Before you begin: Verify that the standby BlackBerry Enterprise Server is running.
Page 111: Configuring High Availability For Blackberry Enterprise Server Components
BlackBerry Enterprise Server by associating multiple BlackBerry MDS Connection Service instances with each BlackBerry Enterprise Server. If the BlackBerry MDS Connection Service instance with the active connection stops responding, the BlackBerry Enterprise Server promotes the connection to the next instance in the pool list to an active connection.
Page 112: Configure The Blackberry Mds Connection Service And Blackberry Collaboration Service To Fail Over Automatically
BlackBerry Collaboration Service pools for. Click Turn on automatic connections failover. In the System status section, the value of the BlackBerry Enterprise Server connection failover mode field changes to True. After you finish: To turn off automatic failover, click Turn off automatic connections failover.
Page 113: Create A Blackberry Collaboration Service Pool For High Availability
BlackBerry Enterprise Server by associating multiple BlackBerry Collaboration Service instances with the BlackBerry Enterprise Server. By default, the BlackBerry Collaboration Service instance at the top of the pool list is the instance that the BlackBerry Enterprise Server assigns the active connection to. If the instance with the active connection stops responding, the BlackBerry Collaboration Service tries to connect to the next instance in the pool list.
Page 114: Create A Blackberry Attachment Service Pool For High Availability
To turn off support for an attachment file format, in the Extensions section, click the Delete icon that is located beside the file extension. Click the Add icon. 10. Repeat steps 5 to 9 for each BlackBerry Attachment Service instance that you want to add to the pool.
Page 115: You Cannot Determine The Blackberry Attachment Connector That The Blackberry Enterprise Server Or The Blackberry Mds Connection Service Uses
Configuring high availability for BlackBerry Enterprise Server components 11. Click Save all. 12. Repeat steps 2 to 11 for each BlackBerry Enterprise Server instance that you want to use a BlackBerry Attachment Service pool. The BlackBerry Administration Service writes the data about the BlackBerry Attachment Service pool to the BlackBerry Configuration Database.
Page 116: Create A Blackberry Router Pool For High Availability
Server determines which BlackBerry Router instance to connect to by trying to connect to the first BlackBerry Router instance in the pool list. If the BlackBerry Enterprise Server cannot connect to the first BlackBerry Router instance in the list, it tries to connect to each BlackBerry Router in sequence until a connection succeeds.
Page 117: Permit A Blackberry Enterprise Server To Connect To A Remote Blackberry Router
BlackBerry Router If you installed a BlackBerry Router on a computer that is separate from the computer that hosts a BlackBerry Enterprise Server, you must permit the BlackBerry Dispatcher that you installed with the BlackBerry Enterprise Server to connect to the BlackBerry Router.
Page 118: Creating A Blackberry Administration Service Pool That Includes The Blackberry Web Desktop Manager Using Dns Round Robin
For example, you can install the BlackBerry Administration Service on two of the computers in the pool and the BlackBerry Web Desktop Manager on two other computers in the pool.
Page 119: Configure The Blackberry Administration Service Instances In A Pool To Communicate Across Network Subnets
Administration Service instances in the pool. You must also change the name of the BlackBerry Administration Service pool if you have changed the name of the corresponding DNS record in the DNS server. You can only configure one BlackBerry Administration Service pool in a BlackBerry Domain.
Page 120: Change The Name Of The Blackberry Administration Service Pool
Change the name of the BlackBerry Administration Service pool Before you begin: If you want to configure high availability for the BlackBerry Administration Service by creating a BlackBerry Administration Service pool using DNS round robin, create the DNS record that represents the BlackBerry Administration Service instances in the pool.
Page 121: Monitoring The High Availability Status Or Job Deployment Status Using The Blackberry Administration Service
BlackBerry Administration Service When you navigate to a BlackBerry Administration Service page that displays the high availability status or job deployment status, the BlackBerry Administration Service displays the high availability status of the BlackBerry Enterprise Server, BlackBerry Collaboration Service, or BlackBerry MDS Connection Service and the job deployment status that is stored in the BlackBerry Configuration Database.
Page 122: Monitor The High Availability Status Or Job Deployment Status Using The Blackberry Administration Service
Remove a BlackBerry MDS Connection Service instance from a pool You can remove a BlackBerry MDS Connection Service instance from a pool if your organization no longer requires it or to troubleshoot an issue. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology >...
Page 123: Remove A Blackberry Collaboration Service Instance From A Pool
Remove a BlackBerry Collaboration Service instance from a pool You can remove a BlackBerry Collaboration Service instance from a pool if your organization no longer requires it or to troubleshoot an issue. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology >...
Page 124: Remove A Blackberry Router Instance From A Pool
Remove a BlackBerry Router instance from a pool You can remove a BlackBerry Router instance from a pool if it is no longer required or to troubleshoot an issue. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology >...
Page 125: Configuring Blackberry Configuration Database High Availability
• Configure the database server that will host the mirror or replicated BlackBerry Configuration Database with the same permissions that you configured on the database server that hosts the prinicipal BlackBerry Configuration Database. •...
Page 126: Configuring Database Mirroring
BlackBerry Enterprise Server instances. Configuring database mirroring You can use Microsoft SQL Server 2005 or 2008 database mirroring to configure the BlackBerry Configuration Database for high availability. The BlackBerry Configuration Database only supports high safety with automatic failover (synchronous) operating mode for database mirroring.
Page 127: Configure Database Mirroring For The Blackberry Configuration Database
After you configure the database, permit all BlackBerry Enterprise Server instances to connect to the principal BlackBerry Configuration Database. On the computers that host the BlackBerry Enterprise Server components, in the Windows Services, start all of the BlackBerry Enterprise Server services in the following order: •...
Page 128: Configure The Blackberry Enterprise Solution To Support Database Mirroring
Administration Service also adds the name of the Microsoft SQL Server that hosts the mirror database to the BlackBerry Configuration Database. CAUTION: If you click Save all more than once but you do not restart the BlackBerry Enterprise Server services or the computers that host the BlackBerry Enterprise Server components that the BlackBerry Administration Service specifies as Updated, you should restart the BlackBerry Enterprise Server services or restart the computers for all of the BlackBerry Enterprise Server components.
Page 129: Resend The Database Mirroring Parameters To Blackberry Enterprise Server Components
If the computers that host BlackBerry Enterprise Server components were not running or connected to the network when you configured the BlackBerry Enterprise Solution to support database mirroring, or if you do not know if all of the components were configured to support database mirroring, you should resend the database mirroring parameters to the components.
Page 130: Configuring The Blackberry Configuration Database For One-Way Transactional Replication In An Environment That Includes Microsoft Sql Server 2005 Or 2008
To maintain database integrity, you must prevent all services that use the BlackBerry Configuration Database from connecting to the databases while you configure replication. On the computers that host the BlackBerry Enterprise Server components, in the Windows Services, stop all of the BlackBerry Enterprise Server services in the following order: •...
Page 131: Permit Access To The Blackberry Configuration Database Instances
Administration Guide Configuring BlackBerry Configuration Database high availability Copy the backup file from the database server that hosts the BlackBerry Configuration Database to the database server that will host the replicated BlackBerry Configuration Database. In the Microsoft SQL Server Management Studio, in the left pane, navigate to the database server that will host the replicated BlackBerry Configuration Database.
Page 132: Increase The Maximum Data Size For Transactional Replication
Click Transactional publication. Click Next. In the Objects to publish list, select Tables, Stored Procedures, Views, and User Defined Functions. If you installed the BlackBerry database notification system on the computer, expand Tables and clear the ServiceConfig table and the ServiceTable table. Click Next.
Page 133: Prepare The Database Server That Hosts The Replicated Blackberry Configuration Database And Configure The Subscription
Right-click Local Subscriptions. Click New Subscription. In the list of publishers, select the name of the database server that hosts the BlackBerry Configuration Database. In the list of databases and publications, select the publication for the BlackBerry Configuration Database. Click Next.
Page 134: Start The Blackberry Enterprise Server Instances
After you configure the database, permit all BlackBerry Enterprise Server instances to connect to the principal BlackBerry Configuration Database. On the computers that host the BlackBerry Enterprise Server components, in the Windows Services, start all of the BlackBerry Enterprise Server services in the following order: •...
Page 135: Return To The Blackberry Configuration Database When You Configured Transactional Replication
To configure the BlackBerry Enterprise Server instances and components, you delete the pull subscription from the replicated database server, run a SQL query to update the numbering of the identity values in the replicated BlackBerry Configuration Database, and run the BlackBerry Enterprise Server setup application to permit each BlackBerry Enterprise Server instance and component to connect to the replicated BlackBerry Configuration Database.
Page 136: Sending Software And Blackberry Java Applications To Blackberry Devices
To send BlackBerry Java Applications to devices, you must first add the applications to the application repository. You can use the application repository to store and manage all versions of the BlackBerry Java Applications that you want to install on, update on, or remove from devices.
Page 137: Developing Blackberry Java Applications For Blackberry Devices
BlackBerry Java Application. BlackBerry devices execute .cod files to run BlackBerry Java Applications. The BlackBerry JDE and the BlackBerry Java Plug-in for Eclipse also include tools to generate .jad files or .alx descriptor files that provide information about a BlackBerry Java Application that is used when the application is compiled.
Page 138: Specify A Shared Network Folder For Blackberry Java Applications
Before you begin: Create a shared network folder on the network that hosts the BlackBerry Enterprise Server. This shared network folder must not be the same network share location that is used for BlackBerry Device Software, and it must not be located in <drive>:\Program Files\Common Files\Research In Motion .
Page 139: Add A Blackberry Java Application To The Application Repository
Add a BlackBerry Java Application to the application repository To send a BlackBerry Java Application to BlackBerry devices, you must first add the BlackBerry Java Application bundle to the application repository. To send an updated version of a BlackBerry Java Application to BlackBerry devices, you must first add the updated bundle to the application repository.
Page 140: Specify Keywords For A Blackberry Java Application
Sending software and BlackBerry Java Applications to BlackBerry devices Specify keywords for a BlackBerry Java Application You can specify keywords for a BlackBerry Java Application. You can use the keywords to search for the application in the application repository. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Software >...
Page 141: Change A Standard Application Control Policy
Change a standard application control policy When you add a BlackBerry Java Application to a software configuration, you must assign an application control policy to the BlackBerry Java Application. Based on the requirements of your organization's environment, you can change the default settings for the standard application control policies.
Page 142 If you add the BlackBerry Java Application to multiple software configurations and you assign different custom application control policies to the BlackBerry Java Application in the different software configurations, you must set the priority for the custom application control policies. This priority determines which custom application control policy the BlackBerry Policy Service applies if you assign multiple software configurations to a user account.
Page 143: It Policy Rules Take Precedence On Smartphones
Application control policies for unlisted applications When you create a software configuration and assign it to user accounts so that you can send BlackBerry Device Software, BlackBerry Java Applications, and standard application settings to BlackBerry devices, you must configure whether the software configuration permits users to install and use applications that are not included in the software configuration (also known as unlisted applications).
Page 144: Create An Application Control Policy For Unlisted Applications
The BlackBerry Administration Service includes two default application control policies for unlisted applications: one for unlisted applications that you permit on BlackBerry devices, and one for unlisted applications that you do not permit on BlackBerry devices. You can also create custom application control policies for unlisted applications that are optional.
Page 145: Creating Software Configurations
• specify that a BlackBerry Java Application is not permitted • specify whether BlackBerry Java Applications that you do not include in the software configuration are permitted or not permitted • configure the access permissions for BlackBerry Java Applications that you do not include in the software configuration •...
Page 146: Create A Software Configuration
Add a BlackBerry Java Application to a software configuration You must add a BlackBerry Java Application to a software configuration and assign the software configuration to user accounts to install the BlackBerry Java Application on BlackBerry devices over the wireless network. To upgrade an application, you must add the new version of the application to the appropriate software configuration.
Page 147: Assign A Software Configuration To A Group
To install the application on BlackBerry devices using a USB connection to the user's computer and the BlackBerry Web Desktop Manager, click Wired. 11. Repeat steps 6 to 10 for each BlackBerry Java Application that you want to add to the software configuration. 12. Click Add to software configuration.
Page 148: Assign A Software Configuration To Multiple User Accounts
Sending software and BlackBerry Java Applications to BlackBerry devices Assign a software configuration to multiple user accounts In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User. Click Manage users. Search for one or more user accounts.
Page 149: Install Blackberry Java Applications On A Blackberry Device At A Central Computer
BlackBerry device at a central computer If you do not want to install BlackBerry Java Applications on a BlackBerry device over the wireless network, and you do not want the user to install the BlackBerry Java Applications using the BlackBerry Web Desktop Manager or BlackBerry Desktop Software, you can install the BlackBerry Java Applications on a BlackBerry device by connecting the BlackBerry device to a central computer that can access the BlackBerry Administration Service.
Page 150: View The Status Of A Job
BlackBerry devices. If you assign an IT policy to user accounts or change an existing IT policy, a job sends the IT policy changes to BlackBerry devices. You can view the status of a job to determine if it is ready to run, currently running, completed, or completed with task failures.
Page 151 An error occurred when the BlackBerry Policy Service tried to retrieve the data that it required to install the BlackBerry Java Application. You can verify that the BlackBerry Policy Service can access the network share that you use to store the application files. QueueModule failed, processing stopped An error occurred when the BlackBerry Policy Service tried to process the application modules and send the application modules to the BlackBerry device.
Page 152 You can verify that the application files are formatted properly and try to send the BlackBerry Java Application to the BlackBerry device again. If your second try at the installation is not successful, in the log files that you collected, locate the user account that experienced the issue.
Page 153 The BlackBerry Policy Service did not receive an acknowledgment message from a BlackBerry device that indicates that the BlackBerry Java Application was installed. You can verify that the BlackBerry device is turned on and is located in a wireless coverage area. Resend the BlackBerry Java Application.
Page 154 0x03 disallowed by IT policy: An IT policy rule in an IT policy that you assigned to the user account does not permit BlackBerry Device Software updates over the wireless network. You can verify that the IT policy rule settings in the IT policy that you assigned to the user account permits BlackBerry Device Software updates over the wireless network.
Page 155 0x02 reset required The user must reset the BlackBerry device to clear a code module condition. You can instruct the user to reset the BlackBerry device. The update application tries to perform the update for up to 72 hours. After 72 hours, the update application performs the update and the user no longer has the option to defer the update.
Page 156 Sending software and BlackBerry Java Applications to BlackBerry devices Error messages: Standard application settings tasks To troubleshoot errors that display for a task when you change the standard application settings on a BlackBerry device, you can try to determine the cause by collecting the following information: •...
Page 157 Error messages: IT policy tasks To troubleshoot errors that display for a task when you send an IT policy to a BlackBerry device or update an IT policy on a BlackBerry device, you can try to determine the cause by collecting the following information: •...
Page 158: Stopping A Job That Is Running
BlackBerry device, the remaining commands in the group are not delivered to the BlackBerry device. You can try to resend the IT policy to the BlackBerry device. You can also try to resend the service books to the BlackBerry device.
Page 159: Stop A Job That Is Running
Managing the distribution settings for a specific job, View the users that have a BlackBerry Java Application installed on their BlackBerry devices In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Software > Applications. Click Manage applications. Search for an application.
Page 160: View How The Blackberry Administration Service Resolved Software Configuration Conflicts For A User Account
Sending software and BlackBerry Java Applications to BlackBerry devices Click View users with application. Search for users that are associated with BlackBerry devices that you installed the BlackBerry Java Application on. View how the BlackBerry Administration Service resolved software configuration conflicts for a user account You can assign multiple software configurations to a user account or group.
Page 161: Reconciliation Rules For Conflicting Settings In Software Configurations
If you assign multiple software configurations to user accounts or groups, the multiple software configurations might contain conflicting settings. For example, you might specify that a BlackBerry Java Application is required in a software configuration that you assign to a user account, but you might also specify that the same application is not permitted in a software configuration that you assign to a group that the user account belongs to.
Page 162: Reconciliation Rules: Blackberry Java Applications
2.0 of the application is installed on the BlackBerry device. The version of a BlackBerry Java Application that is in a software configuration that is assigned to a user account takes precedence over the version of a BlackBerry Java Application that is in a software configuration that is assigned to a group.
Page 163 Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices Scenario Rule The BlackBerry Administration Service resolves the deployment method after resolving the disposition of an application. The deployment method specified for an application in a software configuration that is assigned to a...
Page 164: Reconciliation Rules: Blackberry Device Software
BlackBerry Administration Service, is installed on the BlackBerry device. The BlackBerry Enterprise Server does not install a version of the BlackBerry Device Software if that version is ranked lower than the version of the BlackBerry Device Software that is currently installed on the...
Page 165: Reconciliation Rules: Standard Application Settings
The calendar initial view setting that is applied to the user's initial view setting is configured differently in each of the BlackBerry device is the lowest value that was specified in software configurations that are assigned to the groups. the multiple software configurations.
Page 166: Reconciliation Rules: Application Control Policies
BlackBerry Enterprise BlackBerry devices that are running a BlackBerry Device Server version 5.0 or later, and BlackBerry devices that are Software version earlier than 5.0. running BlackBerry Device Software version 5.0 or later.
Page 167 Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices Scenario Rule A software configuration that defines unlisted applications If unlisted applications are defined as disallowed in a as disallowed is assigned to a user account. A software software configuration that is assigned to a user account,...
Page 168: Alternative Methods For Installing Blackberry Java Applications On Blackberry Devices
BlackBerry Administration Service You can install and update BlackBerry Java Applications on BlackBerry devices without using the BlackBerry Administration Service. You can use any of the following tools or software to install, update, and manage BlackBerry Java Applications on BlackBerry devices: •...
Page 169: Methods You Can Use To Install Blackberry Java Applications On Blackberry Devices
BlackBerry Java Application. BlackBerry devices execute .cod files to run BlackBerry Java Applications. The BlackBerry JDE and the BlackBerry Java Plug-in for Eclipse also include tools to generate .jad files or .alx descriptor files that provide information about a BlackBerry Java Application that is used when the application is compiled.
Page 170: Installing Blackberry Java Applications Using The Blackberry Desktop Software
Application developers can use the BlackBerry Java Development Environment or the for Eclipse to create an automated application installer. You can use the application installer to install the files for a BlackBerry Java Application (the .alx identifier file and the application's .cod files) on users’ computers. You can then instruct users to use the application loader tool in the BlackBerry Desktop Software to install the BlackBerry Java Application on their BlackBerry devices.
Page 171: Make The Blackberry Java Application Available To The Blackberry Desktop Software
.alx files and .cod files: The .alx file is the application descriptor that provides information about the application and the location of the application's .cod files. A .cod file contains compiled and packaged application code. The application loader tool requires these files so that it can install the BlackBerry Java Application on BlackBerry devices. •...
Page 172: Installing Blackberry Java Applications Using The Blackberry Application Web Loader
BlackBerry devices. The users must connect their BlackBerry devices to their computers. The BlackBerry Application Web Loader supports .cod files only. To install a MIDlet, convert the .jar file to a .cod file. For more information about how to compile .java and .jar file formats into the .cod file format, visit www.blackberry.com/...
Page 173: Enable The Blackberry Application Web Loader On A Web Server
• Research In Motion USB drivers and a USB connection for the BlackBerry device Web server Configure the following MIME types on the web server to permit users to download and install BlackBerry Java Applications on BlackBerry devices: • .cod files: application/vnd.rim.cod •...
Page 174: Install The Blackberry Java Application Using The Blackberry Application Web Loader
Connect the BlackBerry device to your computer. Using Microsoft Internet Explorer version 5.0 or later, browse to <web_address>. If the required version of the BlackBerry Application Web Loader is not installed on your computer, accept the installation prompt, and complete the instructions on the screen.
Page 175: Prerequisites: Installing Blackberry Java Applications Using The Standalone Application Loader Tool
Alternative methods for installing BlackBerry Java Applications on BlackBerry devices You must install the BlackBerry Device Manager on users’ computers so that users can use this method to install BlackBerry Java Applications. The BlackBerry Device Manager manages the connection between the standalone application loader tool and the BlackBerry device.
Page 176: Add Blackberry Java Application Files To A Shared Network Folder
<drive>:\Program Files\Common Files\Research In Motion\AppLoader . • Obtain the .alx and .cod files for the BlackBerry Java Application from the application developer, vendor, or wireless service provider. In <drive:>\Program Files\Common Files\Research In Motion\Shared\Applications\ , create a folder with a unique name to contain the application files.
Page 177: Configure The Standalone Application Loader Tool To Install The Blackberry Java Application In Automated Mode
BlackBerry Java Application in automated mode Use automated mode if you do not want to give users the option to cancel the installation of the BlackBerry Java Application. Before you begin: Verify that BlackBerry Device Manager version 4.1 or later is installed on the user’s computer.
Page 178: Installing Blackberry Java Applications Using A Web Browser On Blackberry Devices
BlackBerry devices to their computers. You can add the required files for the BlackBerry Java Application (a .jad file and the application .cod or .jar files) to a web server, and instruct users to navigate to the appropriate web address using a browser on their BlackBerry devices. Users can use the BlackBerry Browser or the wireless service provider’s WAP Browser.
Page 179: Install The Blackberry Java Application On A Web Server
.cod or .jar files: These files contain compiled and packaged application code. Install the BlackBerry Java Application on a web server Before you begin: Obtain the .jad and .cod files or .jar files for the BlackBerry Java Application from the application developer, vendor, or wireless service provider.
Page 180: Configuring How Users Access Enterprise Applications And Web Content
BlackBerry MDS Connection Service is the central push server. If two BlackBerry MDS Connection Service instances that are version 5.0 or later exist in a BlackBerry Domain, by default, both instances are central push servers. If more than two BlackBerry MDS Connection Service instances (that are version 5.0 or later) exist in a BlackBerry Domain, the first two instances that start are central push servers.
Page 181: Specify A Blackberry Mds Connection Service As A Central Push Server
You can specify more than one BlackBerry MDS Connection Service in your organization's BlackBerry Domain as a central push server. By default, if one or two BlackBerry MDS Connection Service instances exist in the BlackBerry Domain, those instances are central push servers.
Page 182: Configure The Blackberry Mds Connection Service To Authenticate Blackberry Devices To Content Servers That Use Ntlm
Administration Guide Configuring how users access enterprise applications and web content minutes. The BlackBerry devices prompt users only if the connection to the content server persists for more than 60 minutes. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology >...
Page 183: Configure The Blackberry Mds Connection Service To Authenticate Blackberry Devices To Content Servers That Use Kerberos
BlackBerry devices to content servers that use LTPA BlackBerry devices that are running BlackBerry Device Software version 3.8 or later manage how HTTP cookies are stored and used to authenticate to content servers that use LTPA authentication technology. For BlackBerry devices that use previous versions of the BlackBerry Device Software, you must permit the BlackBerry MDS Connection Service to manage HTTP cookie storage on BlackBerry devices.
Page 184: Configuring The Blackberry Mds Connection Service To Authenticate Devices To The Rsa Authentication Manager
If required, remove the RSA Authentication Agent from the computer that hosts the BlackBerry MDS Connection Service. • If required, in the RSA Authentication Manager, delete the node secret data for the computer that hosts the BlackBerry MDS Connection Service. •...
Page 185 In the RSA Authentication Manager, create an Agent Host record for the BlackBerry Enterprise Server. The RSA Authentication Manager generates an sdconf.rec file. On the computer that hosts the BlackBerry MDS Connection Service, copy the sdconf.rec file that the RSA Authentication Manager generates to one of the following folders: •...
Page 186: Configuring How The Blackberry Mds Connection Service Manages Requests For Web Content
Configure the BlackBerry MDS Connection Service to manage HTTP cookie storage By default, the BlackBerry MDS Connection Service does not manage HTTP cookie storage for BlackBerry devices. If the BlackBerry device requires JavaScript support for its HTTP requests, the BlackBerry device processes cookies.
Page 187: Configure The Timeout Limit For Http Connections With Blackberry Devices
BlackBerry devices You can specify how long a BlackBerry MDS Connection Service waits for a BlackBerry device to send data to it before the BlackBerry MDS Connection Service closes the HTTP connection to the BlackBerry device. The default timeout limit is 120,000 milliseconds (2 minutes).
Page 188: Configure The Maximum Number Of Times That The Blackberry Browser Accepts Http Redirections
BlackBerry MDS Connection Service. You can use the Java keytool to create a self-signed certificate for the BlackBerry MDS Connection Service, or you can import a signed certificate from a trusted public certification authority. You can use the Java keytool to export the BlackBerry MDS Connection Service certificate from the key store, and import the certificate to the key stores that the Java push applications use.
Page 189: Create A Key Store To Store Certificates For Use With Https Connections
Create a key store to store certificates for use with HTTPS connections You must create a key store to store the certificates that permit the BlackBerry MDS Connection Service to accept HTTPS connections from push applications. On the computer that hosts the BlackBerry MDS Connection Service, on the taskbar, click Start > Programs >...
Page 190: Export The Blackberry Mds Connection Service Certificate To Make It Available To Push Applications
Export the BlackBerry MDS Connection Service certificate to make it available to push applications You must export the certificate for the BlackBerry MDS Connection Service so that you can import it to the key store of a server-side push application.
Page 191: Permit Push Applications To Select The Transport Protocol For Pap Requests
PAP requests By default, when a push application sends a PAP request to the BlackBerry MDS Connection Service, the BlackBerry MDS Connection Service directs requests to an HTTPS port. Because some applications require an HTTP port, you may want to change this default setting.
Page 192: Specify Whether The Blackberry Mds Connection Service Requires Trusted Https Connections From Web Servers
Specify whether the BlackBerry MDS Connection Service requires trusted HTTPS connections from web servers In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view. Click MDS Connection Service. Click Edit component.
Page 193: Configuring Certificate Server Information For The Blackberry Mds Connection Service
To search for and retrieve certificates from an LDAP server, you can configure the BlackBerry MDS Connection Service to use LDAP or DSML. The BlackBerry MDS Connection Service searches each LDAP server using LDAP or DSML in the order that you specify. If you configure the BlackBerry MDS Connection Service to use both LDAP and DSML to search and retrieve certificates, the BlackBerry MDS Connection Service searches the servers using LDAP and then searches the servers using DSML.
Page 194 BlackBerry devices. If you change the LDAP port number or host server information, you must stop and restart the BlackBerry MDS Connection Service so that the BlackBerry MDS Connection Service can use the new port number or host server information immediately.
Page 195: Ldap Server Settings
Configure the BlackBerry MDS Connection Service to use DSML to retrieve certificates In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view. Click MDS Connection Service. On the DSML tab, click Edit component.
Page 196 Click Save all. After you finish: • To configure the BlackBerry MDS Connection Service to retrieve the status of certificates from an OCSP server or CRL server, you must configure the OCSP server and CRL server information. • Add the communication information that you configured for the DSML server to the BlackBerry MDS Connection Service configuration set.
Page 197 2. In the Settings section, change the OCSP server settings. 3. Click the Update icon. Click Save all. After you finish: Add the communication information that you configured for the OCSP server to the BlackBerry MDS Connection Service configuration set. Related information...
Page 198: Configuration Set
2. Click the Accept icon. Click Save all. After you finish: Add the communication information that you configured for the CRL server to the BlackBerry MDS Connection Service configuration set. Related information Add communication information to a BlackBerry MDS Connection Service configuration set,...
Page 199 To specify the communication method that the BlackBerry MDS Connection Service should try to connect to the server with first , click the Up and Down arrows. The BlackBerry MDS Connection Service resolves conflicts by applying communication methods in the order that you specify. The order of that you specify for LDAP, DSML, or file communication applies to each communication method separately.
Page 200: Add A Retrieved Certificate For A Web Server To The Key Store
Add a retrieved certificate for a web server to the key store You can use the Java keytool to add a certificate for a web server to the BlackBerry MDS Connection Service key store. The certificate permits the BlackBerry MDS Connection Service to connect to the trusted web server.
Page 201: Configure Global Login Information For Intranet Site Access
Configuring how users access enterprise applications and web content Configure global login information for intranet site access In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry solution topology > BlackBerry Domain > Component view. Click MDS Connection Service.
Page 202: Specify The Pending Content Timeout Limit For A Blackberry Mds Connection Service
On the General tab, in the Socket connection settings section, in the Use scalable sockets options list, click Yes. Click Save all. Specify the thread pool size of a BlackBerry MDS Connection Service You can specify the maximum number of threads that a BlackBerry MDS Connection Service can process at the same time.
Page 203: Specify The Maximum Number Of Scalable Socket Connections
MDS Connection Service to use fewer system resources and to establish more socket connections at one time than previous versions of the BlackBerry MDS Connection Service. When a BlackBerry MDS Connection Service uses scalable HTTP, it streams data to and from BlackBerry devices instead of storing and forwarding the data. If you want a BlackBerry...
Page 204: Specify The Port Number That The Web Server Listens On For Push Application Requests
Administration Guide Configuring how users access enterprise applications and web content MDS Connection Service to process data as it did in previous versions of the BlackBerry Enterprise Server, you can prevent a BlackBerry MDS Connection Service from using scalable HTTP.
Page 205: Specify How Often A Blackberry Mds Connection Service Polls For Configuration Information
Specify how often a BlackBerry MDS Connection Service polls for configuration information You can specify how often a BlackBerry MDS Connection Service polls the BlackBerry Configuration Database for changes to the administration settings for the BlackBerry MDS Connection Service and BlackBerry Collaboration Service. The default interval is 5 minutes.
Page 206: Setting Up The Messaging Environment
BlackBerry devices. Email message filters that you create and apply override the email message filters that users create using the BlackBerry Desktop Manager, the BlackBerry Web Desktop Manager, or their BlackBerry devices. You can specify the order that the BlackBerry Messaging Agent applies the email message filters in.
Page 207: Turn On An Email Message Filter That Applies To All User Accounts On A Blackberry Enterprise Server
Perform one of the following tasks: • To create an email message filter that does not deliver email messages that match the filter criteria to BlackBerry devices, select Do not forward email messages to the device. •...
Page 208: Turn On An Email Message Filter That Applies To A Specific User Account
Perform one of the following tasks: • To create an email message filter that does not deliver email messages that match the filter criteria to BlackBerry devices, select Do not forward email messages to the device. •...
Page 209: Copying Existing Email Message Filters To Another Blackberry Enterprise Server
BlackBerry Enterprise Server. To create a copy of existing email message filters, you can export the existing email message filters for a BlackBerry Enterprise Server as an .xml file. You can then import the .xml file so that you can use it with another instance of the BlackBerry Enterprise Server.
Page 210: Copying Existing Email Message Filters To User Accounts
.xml file so that you can use it with other user accounts. Export email message filters for a user account In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User. Click Manage users.
Page 211: Extension Plug-Ins For Processing Messages
You can add extension plug-ins to a BlackBerry Messaging Agent. The BlackBerry Messaging Agent uses extension plug- ins to process and make changes to email messages and attachments that the BlackBerry Messaging Agent sends to and receives from BlackBerry devices. For example, you can add an extension plug-in to modify the signature in email messages.
Page 212: Add An Extension Plug-In To A Blackberry Messaging Agent
Repeat steps 4 and 5 for each extension plug-in that you want to add. If necessary, click the Up and Down icons to set the order that the BlackBerry Messaging Agent uses the extension plug-ins to process email messages in.
Page 213: Change How A Blackberry Messaging Agent Uses Extension Plug-Ins
The BlackBerry Messaging Agent uses a BlackBerry Enterprise Server extension process to load extension plug-ins to process email messages. If you do not add an extension plug-in to the BlackBerry Administration Service, and you install the extension plug-in application on the computer that hosts the BlackBerry Enterprise Server, the extension plug-in is loaded directly by the BlackBerry Messaging Agent instead of the extension process.
Page 214: Mapping Contact Information Fields For Synchronization And Contact Lookups
You can map up to four fields that users define in the contact information on their computers to their BlackBerry devices. When users request a remote contact lookup from the contact list, the fields that you configure display on BlackBerry devices.
Page 215: Map A Contact Information Field In An Email Application To Contact List Fields On Blackberry Devices
On the Mappings for organizer data synchronization tab, in the Mappings for organizer data synchronization section, select the Turned on option. In the appropriate drop-down lists, select the fields on the BlackBerry device that you want to map the information to. Click Continue to user information edit.
Page 216 Turned on option. In the Other mappings section, in each User defined string drop-down list, select the contact field that you want to map to the BlackBerry device. Click Continue to user information edit. 10. Click Save all.
Page 217: Configuring Blackberry Devices To Enroll Certificates Over The Wireless Network
You can make the certificate enrollment process required so that devices automatically start the certificate enrollment process after the devices receive the updated IT policy from the BlackBerry Enterprise Server. If you do not make the certificate enrollment process required, you must instruct users to start the CA Profile Manager on the devices manually.
Page 218: Configure The Blackberry Mds Connection Service To Connect To The Certificate Authority
Configuring BlackBerry devices to enroll certificates over the wireless network If you configured the BlackBerry MDS Connection Service to retrieve the status of the certificates using an OCSP server or a CRL server and pull authorization is turned on, devices may not be able to enroll some certificates over the mobile network.
Page 219: Add Communication Information To A Blackberry Mds Connection Service Configuration Set
DSML server, a CRL server, an OCSP server, or a certification authority. You must add the communication information that the BlackBerry MDS Connection Service requires to communicate with servers to a configuration set so that a BlackBerry MDS Connection Service instance can communicate with the servers after you assign the configuration set to the instance.
Page 220: Assign A Blackberry Mds Connection Service Configuration Set To A Blackberry Mds Connection Service Instance
To specify the communication method that the BlackBerry MDS Connection Service should try to connect to the server with first , click the Up and Down arrows. The BlackBerry MDS Connection Service resolves conflicts by applying communication methods in the order that you specify. The order of that you specify for LDAP, DSML, or file communication applies to each communication method separately.
Page 221: Add Certificate Information To A Wi-Fi Profile
BlackBerry device uses for Wi-Fi authentication. You can find the name of the certification authority profile in the Certificate Authority Profile Name IT policy rule.
Page 222: Change The Polling Interval, Logging, And Pool Size For The Blackberry Mds Connection Service Connection To The Certificate Authority
BlackBerry Configuration Database when the certificate enrollment process starts for a new certificate. Also, if a certificate is expired or revoked, you or a BlackBerry device user can update the certificates on the device using the certificate synchronization tool in the BlackBerry Desktop Software or by copying an updated certificate from a media card or smart card.
Page 223: Properties In The Rimpublic.properties File
If the certificate authority requires a certificate administrator to approve rval certificate requests, this property specifies the interval, in minutes, that the BlackBerry MDS Connection Service waits before it requests an update about pending certificate requests from the certificate authority. The default interval is 60 minutes.
Page 224: Making The Blackberry Web Desktop Manager Available To Users
BlackBerry Web Desktop Manager on users' computers By default, when users open and log in to the BlackBerry Web Desktop Manager for the first time, the browser prompts them to accept a client authentication certificate and install the required RIMWebComponents.cab file. The RIMWebComponents.cab file provides the BlackBerry Device Manager and USB drivers that users require to use the...
Page 225: Publish The Client Files For The Blackberry Web Desktop Manager In A Windows Gpo For Windows Xp
Alternatively, you can check the browser settings on users' computers and, if necessary, change them manually. In the BlackBerry Enterprise Server installation files, navigate to tools/RIMWebComponents . Copy the RIMWebComponents.msi file to a shared network folder. In Microsoft Active Directory Users and Computers, right-click the organizational unit that you want to assign the Windows GPO to.
Page 226: Publish The Client Files For The Blackberry Web Desktop Manager In A Windows Gpo For Windows Vista
Before you begin: • Add the web address for the BlackBerry Administration Service to the list of trusted web sites in the web browser. • Download and install the Microsoft Group Policy Management Console with Service Pack 1. For more information about installing the service pack, see www.microsoft.com.
Page 227: Configure The Microsoft Activex Installer On Windows Vista
22. Click Add. 23. In the Enter the name of the item to be added field, type the web address for the BlackBerry Administration Service. 24. In the Enter the value of the item to be added field, type 2,2,1,0.
Page 228 Administration Guide Making the BlackBerry Web Desktop Manager available to users CLASS MACHINE CATEGORY !!RegistrySettings KEYNAME "Software\Microsoft\Windows\CurrentVersion\Internet Settings" ;KEYNAME "Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" POLICY !!EnableActiveXInstallFromAD EXPLAIN !!EnableActiveXInstallFromAD_Explain VALUENAME "UseCoInstall" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END POLICY END CATEGORY [strings] EnableActiveXInstallFromAD="Allow user computers to install administrator-approved Microsoft ActiveX components."...
Page 229: Make The Blackberry Web Desktop Manager Available To Users
Manager available to users The BlackBerry Web Desktop Manager web address is https://<full_computer_name> /webdesktop/login. If you customized the BlackBerry Web Desktop Manager text colors or image and you want to display the changes on the login screen, you must direct users to https://<full_computer_name>/webdesktop/app?page=Login&service=page&orgId=0.
Page 230: Configuring The Blackberry Web Desktop Manager
BlackBerry device, deleting data from a device, or deactivating a device. You can also customize the UI of the BlackBerry Web Desktop Manager by changing the text colors or displaying a custom image, such as your organization's logo, to match the design of your organization's intranet.
Page 231: Permit Users To Activate Devices Using The Blackberry Web Desktop Manager
Permit users to activate devices using the BlackBerry Web Desktop Manager You can specify whether users can use the BlackBerry Web Desktop Manager to activate BlackBerry devices using a wired connection to a computer. In the BlackBerry Administration Service, in the Servers and components menu, expand BlackBerry Solution Topology >...
Page 232: Configure The Domains For Backing Up Data Using The Blackberry Web Desktop Manager
Administration Guide Configuring the BlackBerry Web Desktop Manager After you finish: To prevent users from backing up and restoring data from their BlackBerry devices, change Allow users to backup and restore data to No. Configure the domains for backing up data...
Page 233: Blackberry Web Desktop Manager Text Colors
Font color 6 This text color specifies the hexadecimal color value of the #ffffff (white) text in the BlackBerry Web Desktop Manager headers, and the text in the tab links that point to web pages that the user is not currently visiting.
Page 234: Display A Custom Image In The Blackberry Web Desktop Manager
Web Desktop Manager You can display a custom image, such as your organization's logo, in the upper-right corner of the BlackBerry Web Desktop Manager. The image file that you specify must be a .jpg or .gif file that is located on a trusted web site.
Page 235: Creating And Configuring Wi-Fi Profiles And Vpn Profiles
Wi-Fi networks. You can manage the configuration settings for user accounts that are associated with a BlackBerry Enterprise Server by creating Wi-Fi profiles. You can create and assign one or more Wi-Fi profiles to a user account or to a group using a process that is similar to the process you use to create an IT policy and assign it to a user account.
Page 236 If necessary, configure your organization’s enterprise Wi-Fi network to access the DHCP server. • If you do not use static IT addresses, use the DNS lookup tool on a Wi-Fi enabled BlackBerry device to verify that the BlackBerry device can access the DHCP server.
Page 237: Create A Wi-Fi Profile
Wi-Fi connection to the BlackBerry Infrastructure Create a Wi-Fi profile In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy > Wi-Fi configuration. Click Create Wi-Fi profile. In the Name field, type a name for the Wi-Fi profile.
Page 238: Configure A Wi-Fi Profile On A Blackberry Device
Configure a Wi-Fi profile on a BlackBerry device You can instruct BlackBerry device users to perform the following task if you want users to configure a Wi-Fi profile for the Wi-Fi networks that you did not create a Wi-Fi profile for in the BlackBerry Administration Service. By default, new Wi-Fi profiles appear at the end of the Wi-Fi profile list on the BlackBerry device.
Page 239: Configure A Wi-Fi Profile
If required, in the Wi-Fi user specific settings section, specify the login information for the Wi-Fi profile. Click the Add icon. Click Save all. When you assign a Wi-Fi profile to a user account, the BlackBerry Administration Service creates a job to deliver the resulting object to the BlackBerry device. Configure a Wi-Fi profile In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy >...
Page 240: Create A Vpn Profile
Depending on your organization's security policy, you can save a user name and password to a BlackBerry device to prevent the BlackBerry device from prompting the user for the login information the first time (or each time) the BlackBerry device connects to the enterprise Wi-Fi network.
Page 241: Assign A Vpn Profile To A Group
Click Save. When you assign a VPN profile to a group that has at least one user account assigned to it, the BlackBerry Administration Service creates jobs to deliver the resulting objects to BlackBerry devices.
Page 242: Associate A Vpn Profile With A Wi-Fi Profile
Associate a VPN profile with a Wi-Fi profile To permit a BlackBerry device to connect to a Wi-Fi network using a VPN session, you must associate a VPN profile with a Wi-Fi profile that you assigned to the user account.
Page 243: Delete A Vpn Profile
Consider the following guidelines: • Specify only one action that you want the BlackBerry Enterprise Server to perform in each row of the file. • To assign more than one action to a user account, create multiple rows for the user account.
Page 244: Create A .Csv File That Contains Profile Information That You Want To Import
• Add no more than 2000 actions to a file. • Assign a maximum of 32 profiles to BlackBerry devices that are running BlackBerry Device Software versions that are earlier than 4.5.0. • Assign a maximum of 64 profiles to BlackBerry devices that are running BlackBerry Device Software version 4.5.0 and later.
Page 245 Fields in the .csv file that contains profile information The following table describes the fields that you can configure in a .csv file. The BlackBerry Administration Service uses the fields in the .csv file to update profile information that you assigned to user accounts.
Page 246: Import Profile Information From A .Csv File
Import profile information from a .csv file The BlackBerry Administration Service processes actions in the order that they appear in the .csv file. If two actions that you listed in the file contradict each other, the action that appears closer to the end of the file is the action that the BlackBerry Administration Service processes.
Page 247: Configuring Encryption And Authentication Methods For Wi-Fi Enabled Blackberry Devices
WEP key numbering in the configuration settings of the Wi-Fi profile for the enterprise Wi-Fi network. For example, WEP key 1 on the BlackBerry device is WEP key 0 in the configuration settings, and WEP key 2 on the BlackBerry device is WEP key 1 in the configuration settings.
Page 248: Configuring Psk Encryption
PSK encryption in small office and home environments where it is not feasible to configure server-based authentication. To configure PSK encryption, you must distribute a passphrase to Wi-Fi enabled BlackBerry devices that matches the key or passphrase for the wireless access points. You must distribute the passphrase using the Wi-Fi profiles that you assign to user accounts.
Page 249: Configure Psk Encryption Data For Blackberry Devices Using A Wi-Fi Profile
BlackBerry devices support LEAP authentication that uses a user name and password. You must distribute the user name and password using a Wi-Fi profile that you assign to user accounts. BlackBerry devices use a one-way function to encrypt passwords before they send the passwords to the authentication server.
Page 250: Configure Leap Authentication Data For Blackberry Devices Using A Wi-Fi Profile
Using the wireless access point, configure the LEAP settings to accept SSID association requests from users that have the credentials that you specify or to identify the authentication server that the Wi-Fi enabled BlackBerry devices use to verify user credentials. For more information, see the documentation for your organization's access points.
Page 251: Configure Peap Authentication Data For Blackberry Devices Using A Wi-Fi Profile
To distribute the root certificate to BlackBerry devices, you can use the certificate synchronization tool in the BlackBerry Desktop Manager. You must configure a Wi-Fi profile to provide the user name and password for authentication.
Page 252: Prerequisites: Distributing A Certificate Using The Blackberry Desktop Manager
Distribute a certificate using the BlackBerry Desktop Manager If a BlackBerry device requires the root certificate for the certificate authority, a client certificate, or both, you can distribute the certificates using BlackBerry Desktop Manager. The BlackBerry device can add the certificates to the list of explicitly trusted certificate authority certificates or the list of client certificates.
Page 253: Configure Peap Configuration Settings In The Wi-Fi Profile On A Blackberry Device
The certificate synchronization tool was not installed when the user installed the BlackBerry Desktop Manager. Possible solution Instruct the user to re-install the BlackBerry Desktop Manager using the custom installation option. During the custom installation process, the user can install the certificate synchronization tool.
Page 254: Configuring Eap-Tls Authentication
12. Verify that the Allow inter-access point handover option is selected. 13. If necesssary, select the Prompt before connection check box. If you do not select the check box, the BlackBerry device connects to an available wireless access point automatically.
Page 255: Configure Eap-Tls Authentication Data For Blackberry Devices Using A Wi-Fi Profile
Configure EAP-TLS authentication data for BlackBerry devices using a Wi-Fi profile If BlackBerry users in your organization's environment use BlackBerry 7270 smartphones, you must configure user names and passwords using IT policy rules instead of configuration settings. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy > Wi-Fi configuration.
Page 256: Configure Eap-Tls Configuration Settings In The Wi-Fi Profile On A Blackberry Device
12. Verify that the Allow inter-access point handover option is selected. 13. If necessary, select the Prompt before connection check box. If you do not select the check box, the BlackBerry device connects to an available wireless access point automatically.
Page 257: Configure Eap-Ttls Authentication Data For Blackberry Devices Using A Wi-Fi Profile
BlackBerry devices and the authentication server trust mutually must generate the authentication server certificate. Each BlackBerry device stores a list of explicitly trusted certificate authority certificates. BlackBerry devices that use EAP- TTLS authentication require the root certificate for the certificate authority that created the authentication server certificate.
Page 258: Configure Eap-Ttls Configuration Settings In The Wi-Fi Profile On A Blackberry Device
11. Verify that the Allow inter-access point handover option is selected. 12. If necesssary, select the Prompt before connection check box. If you do not select the check box, the BlackBerry device connects to an available wireless access point automatically.
Page 259: Configuring Eap-Fast Authentication
TLS tunnel, EAP-FAST uses a .pac file. The .pac file that the BlackBerry devices and the authentication server share contains secret keys that are unique to the BlackBerry devices. The EAP-FAST master key on the authentication server generates the .pac file. EAP-FAST uses the .pac file to open the TLS tunnel and authenticates the user credentials through the TLS tunnel.
Page 260: Send Eap-Fast Authentication Data To A Blackberry Device Using A Wi-Fi Profile
Send EAP-FAST authentication data to a BlackBerry device using a Wi-Fi profile If BlackBerry users in your organization's environment use BlackBerry 7270 smartphones, you must configure user names and passwords using IT policy rules instead of configuration settings. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy > Wi-Fi configuration.
Page 261: Configure Eap-Fast Configuration Settings In The Wi-Fi Profile On Blackberry Devices
If your organization uses dynamic IP addresses, verify that the Automatically obtain IP address and DNS option is selected. If necesssary, select the Prompt before connection check box. If you do not select the check box, the BlackBerry device connects to an available wireless access point automatically.
Page 262: Configuring Software Tokens For Blackberry Devices
2 and layer 3 Wi-Fi authentication on Wi-Fi enabled BlackBerry devices. When you configure a software token for users, BlackBerry devices are designed to use the passcode to authenticate the users to the Wi-Fi network and VPNs automatically using the PEAPv1, EAP-GTC, and EAP-TTLS or EAP-GTC authentication methods.
Page 263: Configure Blackberry Devices For Rsa Authentication
Authentication Manager, even though the RSA Authentication Manager is designed to accommodate time differences of up to three minutes. Instruct users to use one of the following methods to synchronize the date, time, and time zone settings on the BlackBerry devices with the RSA Authentication Manager: •...
Page 264: Configure Rsa Authentication Over A Wi-Fi Network Using A Software Token
Configure RSA authentication over a VPN network using a software token You must add the serial number of the software token that the Wi-Fi enabled BlackBerry device can use to a VPN profile so that RSA authentication can occur over VPN connections.
Page 265: Assign Software Tokens To A User Account
Assign software tokens to a user account You must assign the software tokens that BlackBerry device users can use to authenticate to a Wi-Fi network or VPN network to the user accounts. Depending on the number of software token records that are available to you, you can assign up to three software tokens to each user account.
Page 266: Changing The Security Settings Of The Blackberry Administration Service And Blackberry Web Desktop Manager
SSL certificate to protect the HTTPS connection. You can import a self-signed SSL certificate or a trusted certificate that a certification authority signs after the installation process completes. If you configure a BlackBerry Administration Service pool, you must generate an SSL certificate that uses the name of the BlackBerry Administration Service pool.
Page 267: Configuring Microsoft Active Directory Authentication In An Environment That Includes A Resource Forest
\web.keystore"). When the keytool prompts you for the first name and last name, type the pool name of the BlackBerry Administration Service. You can find the pool name in the Administration Service – High Availability tab. If you want to use a trusted certificate, using the keytool, import the root certificate of the certification authority (for example, keytool -import -alias <ca_alias_name>...
Page 268: Change The Information For Microsoft Active Directory Authentication
BlackBerry Web Desktop Manager. You must install the BlackBerry Enterprise Server in the resource forest if a resource forest exists in your organization's environment. In the resource forest, you create a mailbox for each user account and associate the mailboxes with the user accounts that are located in the account forests.
Page 269: Configuring Single Sign-On Authentication For The Blackberry Administration Service And Blackberry Web Desktop Manager
Service and BlackBerry device users to access the BlackBerry Web Desktop Manager without requiring that you or the users type a Microsoft Active Directory user name and password. By default, if you log in to the BlackBerry Administration Service or users log in to the BlackBerry Web Desktop Manager using Microsoft Active Directory authentication, the browser prompts you or the users to type a Microsoft Active Directory user name and password.
Page 270: Configure Constrained Delegation For The Microsoft Active Directory Account To Support Single Sign-On Authentication
Configure constrained delegation for the Microsoft Active Directory account to support single sign-on authentication Use the Windows Server ADSI Edit tool to add the following SPNs for the BlackBerry Administration Service pool to the Microsoft Active Directory account : •...
Page 271: Blackberry Administration Service Web Addresses And Blackberry Web Desktop Manager Web Addresses That Support Blackberry Administration Service Single Sign-On
Instruct all administrators and device users to add the web addresses for the BlackBerry Administration Service and BlackBerry Web Desktop Manager to the list of web sites in the local intranet zone and install the certificate for the BlackBerry Administration Service or BlackBerry Web Desktop Manager in the certificate store of their computers.
Page 272: Changing Password Settings For Blackberry Administration Service Authentication
Changing password settings for BlackBerry Administration Service authentication If you use BlackBerry Administration Service authentication in your organization's environment, you can change the minimum password length and the number of days until passwords expire to meet the requirements of your organization's security policies.
Page 273: Regenerate The System Credentials For The Blackberry Administration Service
Before you begin: Verify that you have database owner permissions for the BlackBerry Configuration Database. On all of the computers that host BlackBerry Administration Service instances, in the Windows Services, stop the BlackBerry Administration Service services. On the database server, on the BlackBerry Configuration Database, run the following SQL statement: DELETE from BASTraits WHERE PlugInId=8 AND TraitId=0.
Page 274: Protecting And Redistributing Devices
Preparing a device for redistribution to a new user You can prepare a BlackBerry device for redistribution to a new BlackBerry device user by performing one of the following actions: • use the security options on the device to permanently delete all user data •...
Page 275: Use The Blackberry Administration Service To Delete Device Data And Disable The Device Before Assigning The Device To A New User
To help secure your organization's data on a personal BlackBerry device, you can permit your organization to delete work data from a device when a user no longer works at your organization. You can use the BlackBerry Administration Service to...
Page 276 IT administrative command over the wireless network. All personal data remains on the device. A BlackBerry device user cannot use the device or make emergency calls while the device deletes the work data. The device permanently deletes the following work data:...
Page 277: Delete Only Work Data From A Device
Delete only work data from a device Before you begin: If you want to remove your organization's applications from the BlackBerry device, create a software configuration that includes the applications and set the disposition of all work applications to Disallowed in the software configuration.
Page 278: Using It Administration Commands To Protect A Lost Or Stolen Device
The BlackBerry Enterprise Server includes IT administration commands that you can send over the wireless network to protect sensitive data on a BlackBerry device. You can use the commands to lock the device, permanently delete work data, permanently delete user information and application data, and return the device settings to the default values.
Page 279: Protect A Stolen Device
Protect a lost device If a user misplaces a BlackBerry device or if a device is stolen, you can protect the data on the device by locking the device or making it unavailable.
Page 280: Protect A Lost Device That A User Might Not Recover
Protect a lost device that a user might not recover If a BlackBerry device is lost but the device user might recover it, you can protect the information on the device by scheduling it to start deleting all user information and application data and to become unavailable after a period of time that you specify.
Page 281 Administration Guide Protecting and redistributing devices • To disable a user account from the BlackBerry Enterprise Server and remove the BlackBerry Enterprise Server information from the user's mailbox, click Disable the user and remove BlackBerry information from the user's messaging system.
Page 282: Managing Administrator Accounts
Switch the appropriate tabs to change the appropriate permissions. Click Save all. After you finish: Instruct administrators to log out of the BlackBerry Administration Service and log in again so that the changes can take effect immediately. Change the roles for an administrator...
Page 283: Delete A Role
Delete an administrator account You can delete an administrator account when you no longer require it in your organization's environment. Before you begin: If the administrator is also a BlackBerry device user, remove the BlackBerry device from the administrator account.
Page 284 Administration Guide Managing administrator accounts In the Status list, click Delete user. Click Yes - Delete the user.
Page 285: Managing Groups And User Accounts
You can either create user-specific groups and assign roles to those groups or use the default user groups that contain pre- existing roles. If you are managing a large number of groups (over 3000) using the BlackBerry Administration Service in a single domain, your organization's environment might experience a performance impact.
Page 286: Remove A User Account From A Group
Junior Helpdesk administrators in this group can perform basic administrative tasks such as adding users to groups and assigning BlackBerry devices to BlackBerry device users. The Junior Helpdesk role can only add users to the Web Desktop Users group and the Junior Helpdesk group.
Page 287: Change The Properties Of A Group
You can copy the properties from one group to another. When you add user accounts or administrator accounts to a group, the group properties apply to the new accounts automatically. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Group. Click Manage groups.
Page 288: Managing User Accounts
Managing user accounts You can move user accounts from one user group to another or from one BlackBerry Enterprise Server to another in the BlackBerry Domain. If you move a user account from one BlackBerry Enterprise Server to another, the destination BlackBerry Enterprise Server sends new service books to the BlackBerry device over the wireless network.If you are moving...
Page 289: Move A User Account From One Blackberry Enterprise Server To Another
In the BlackBerry Enterprise Server status list, click Switch BlackBerry user to different BlackBerry Enterprise Server. In the Available BlackBerry Enterprise Server instances list, click the BlackBerry Enterprise Server that you want to move the user accounts to. Click Next.
Page 290: Update A User Account Manually
You can update the contact list in the BlackBerry Configuration Database so that you can include any organizational changes or updates in the contact list. The amount of time that the BlackBerry Mail Store Service requires to update the contact list depends on the contact list size.
Page 291: Resend Service Books To A Blackberry Device
Administration Guide Managing groups and user accounts In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view. Click Email. Click Refresh available user list from company directory. Resend service books to a BlackBerry device In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User.
Page 292: Managing The Delivery Of Blackberry Java Applications, Blackberry Device Software, And Device Settings To Blackberry Devices
IT policy, the BlackBerry Administration Service creates jobs to deliver the resulting objects or settings to BlackBerry devices. A job consists of multiple tasks. Each task delivers a specific object or setting to a BlackBerry device, for example, upgrading BlackBerry Device Software, installing or removing a BlackBerry Java Application, or sending updated IT policy settings or application settings.
Page 293: Change How It Policies Are Sent To Blackberry Devices
Click Specify job schedule settings. Click Edit job schedule settings. In the Default delay for each job section, in the Default delay field, type the number of minutes that the BlackBerry Administration Service waits before it creates and processes a job.
Page 294: Change How To Install, Update, Or Remove Blackberry Java Applications
The default value is 25. If necessary, in the Total number of tasks per time window per BlackBerry Administration Service instance field, type the total number of IT policy tasks that you want the BlackBerry Enterprise Server to process during each processing interval.
Page 295 3. Click the Add icon. On the System throttling tab, in the Maximum number of simultaneous tasks per BlackBerry Administration Service instance field, type the maximum number of tasks that you want the BlackBerry Enterprise Server to process at the same time.
Page 296: Change How To Install Or Update The Blackberry Device Software
Enterprise Server to process at the same time. The default value is 1000. On the Job throttling tab, to turn on throttling for all BlackBerry Device Software tasks in jobs, select Enabled to reduce load on system. If necessary, in the Default throttling for all BlackBerry Device Software tasks in each job in a time window section,...
Page 297: Change How The Blackberry Enterprise Server Sends Standard Application Settings To Blackberry Devices
BlackBerry devices. You can change how the BlackBerry Enterprise Server sends the settings to and updates the settings on BlackBerry devices. If you change the default distribution settings for the standard application settings, your organization's environment might experience a performance impact.
Page 298: Managing The Distribution Settings For A Specific Job
BlackBerry devices. Before the BlackBerry Administration Service delivers a specific job, you can change the delivery schedule of the job, priority of the job, and how the job delivers IT policies, BlackBerry Java Applications, BlackBerry Device Software, and standard application settings to BlackBerry devices.
Page 299: Specify The Start Time And Priority For A Job
You can change how the BlackBerry Administration Service sends IT policy settings and changes in a specific job to BlackBerry devices. You can change a job's distribution settings for IT policies only if the job is not running. If you changing the IT policy distribution settings for a job, your organization's environment might experience a performance impact.
Page 300: Change How A Job Sends Blackberry Java Applications To Blackberry Devices
You can change how the BlackBerry Administration Service installs, updates, or removes the BlackBerry Java Applications in a specific job on BlackBerry devices. You can change a job's distribution settings for applications only if the job is not running. If you change the default application distribution settings, your organization's environment might experience a performance impact.
Page 301 If necessary, in the Total number of tasks per time window per BlackBerry Administration Service instance field, type the total number of application tasks in the job that you want the BlackBerry Enterprise Server to process during each processing interval.
Page 302: Change How A Job Sends The Blackberry Device Software To Blackberry Devices
You can change how the BlackBerry Administration Service installs or updates the BlackBerry Device Software in a specific job on BlackBerry devices. You can change the distribution settings for a job for the BlackBerry Device Software only if the job is not running. If you change the default distribution settings for BlackBerry Device Software, your organization's environment might experience a performance impact.
Page 303: Change How A Job Sends Standard Application Settings To Blackberry Devices
Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices If necessary, in the Default throttling for all BlackBerry Device Software tasks in each job in a time window section, in the Maximum number of simultaneous tasks per BlackBerry Administration Service instance field, type the maximum number of BlackBerry Device Software tasks in the job that you want the BlackBerry Enterprise Server to process at the same time.
Page 304: Managing Blackberry Java Applications On Blackberry Devices
Make a BlackBerry Java Application unavailable for installation You can delete a BlackBerry Java Application and all versions of the application from the application repository if you do not want to make the BlackBerry Java Application available to add to software configurations. You cannot delete a...
Page 305: Remove A Blackberry Java Application From Blackberry Devices Over The Wireless Network
Remove a BlackBerry Java Application from BlackBerry devices over the wireless network You can remove a BlackBerry Java Application, the collaboration client, or the BlackBerry MDS Runtime from BlackBerry devices over the wireless network. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Software.
Page 306: Managing Software Configurations
Administration Guide Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices Managing software configurations Remove a software configuration from a group If you remove a software configuration from a group, the applications in the software configuration are removed from the BlackBerry devices that are associated with the user accounts that belong to the group.
Page 307: Remove A Software Configuration From A User Account
Administration Guide Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices Click Save. Remove a software configuration from a user account If you remove a software configuration from a user account, the applications in the software configuration are removed from the BlackBerry device associated with the user account.
Page 308: Managing How Users Access Enterprise Applications And Web Content
You can prevent BlackBerry device users from accessing specific web servers using the BlackBerry Browser or applications on BlackBerry devices. To specify the web servers that you want users to access, you can turn on pull authorization to restrict access to all types of web content and create pull rules to specify a list of web servers that you permit users to access.
Page 309: Specify Web Address Patterns
BlackBerry devices. After you create a pull rule, you must assign it to user accounts or groups. A web site that uses DNS load balancing returns a single IP address to the BlackBerry MDS Connection Service but might use multiple IP addresses to provide access to the web site.
Page 310: Restrict Or Permit Web Addresses And Intranet Addresses Using A Pull Rule
BlackBerry MDS Connection Service to authenticate devices to Microsoft Active Directory. A web site that uses DNS load balancing returns a single IP address to the BlackBerry MDS Connection Service but might use multiple IP addresses to provide access to the web site. As a result, the BlackBerry MDS Connection Service might not be able to restrict BlackBerry devices from accessing the web site.
Page 311: Assign A Pull Rule To The Members Of A Group
To require that a user authenticates to the RSA Authentication Manager using RSA authentication, click RSA. • To require that the BlackBerry MDS Connection Service authenticates the user using integrated Windows authentication and that a user authenticates to the RSA Authentication Manager using RSA authentication, click Integrated and RSA.
Page 312: Restricting User Access To Media Content In The Blackberry Browser
BlackBerry device users can download to BlackBerry devices during each connection. Each request for data that the device makes to the BlackBerry MDS Connection Service is a connection. If you do not configure a limit for media content types, the default values apply.
Page 313: Default Download Limits For Media Content Types
BlackBerry device users can only download a specific amount of media content to BlackBerry devices with each connection. You can configure a limit in the BlackBerry Administration Service. If you do not configure a limit, the default limit applies. The following table lists the default values.
Page 314: Configuring Integrated Windows Authentication So That Users Can Access Resources On Your Organization's Network
BlackBerry MDS Connection Service to support Integrated Windows authentication. Users can then access network resources such as intranet sites and network shared folders on their devices using the BlackBerry Browser or Files application without typing a user name and password.
Page 315: Configuring The Microsoft Active Directory Account To Delegate Access
For more information about configuring the Microsoft Active Directory account using setspn and Microsoft Active Directory, visit www.blackberry.com/btsc to read article KB22726. If a pool of application servers host a intranet site and the pool is running on Microsoft IIS and is located behind a load-balancer, use setspn or ADSI to add the SPNs of the intranet site to the user account (also known as the identity) of the pool.
Page 316 Repeat steps 1 to 6 for each intranet site that you want to turn on integrated Windows authentication for. After you finish: • If required, configure BlackBerry MDS Connection Service to use a Microsoft Active Directory account when the messaging server is in a remote Microsoft Active Directory domain. •...
Page 317: Configuring The Blackberry Mds Connection Service When The Messaging Server Is Located In A Remote Microsoft Active Directory Domain
Microsoft Active Directory domain If the computer that hosts the BlackBerry MDS Connection Service is not located in the same Microsoft Active Directory domain as the global catalog server or messaging server and you want to configure support for Integrated Windows authentication, you must create a Microsoft Active Directory account that the BlackBerry MDS Connection Service can use to connect to the global catalog server.
Page 318: Turn On Integrated Windows Authentication So That Users Can Access Resources On Your Organization's Network
Save and close the rimpublic.properties file. In the Windows Services, restart the BlackBerry MDS Connection Service service. After you finish: Turn on Integrated Windows authentication when BlackBerry device users access resources on your organization's network. Related information Restarting BlackBerry Enterprise Server components,...
Page 319 13. Assign the pull rules to the users or groups that you want to access intranet sites or shared network folders. 14. On the Servers and components menu, expand BlackBerry solution topology > BlackBerry Domain > Component view > MDS Connection Service.
Page 320: Restricting The Push Application Content That Users Can Receive
BlackBerry devices. To permit specific users to receive push requests on BlackBerry devices, you can create push rules and assign the rules to the users.
Page 321: Turn On Push Authorization
If you turned on push authentication and created push initiators to specify which push applications can send push requests, you can create push rules to specify which users are permitted to receive authenticated push requests. The BlackBerry MDS Connection Service can apply push rules only if you turn on push authorization for the BlackBerry MDS Connection Service.
Page 322: Create A Push Rule
Managing how users access enterprise applications and web content Restrict push applications from sending data to BlackBerry devices, Create a push rule In the BlackBerry Administration Service, in the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view. Click MDS Connection Service.
Page 323: Assign A Push Rule To The Members Of A Group
• Create a push rule. • Assign push initiators to the push rule. In the BlackBerry Administration Service, in the BlackBerry solution management menu, expand User. Click Manage users. Click View more criteria. Search for a group. Click Select all results in the entire set.
Page 324: Encrypt Push Requests That Push Applications Send To Blackberry Devices
Encrypt push requests that push applications send to BlackBerry devices You can configure a BlackBerry MDS Connection Service to use SSL or TLS to encrypt the push requests that server-side push applications send to BlackBerry devices. By default, the BlackBerry MDS Connection Service does not encrypt the push requests that server-side push applications send.
Page 325: Store Push Application Requests In The Blackberry Configuration Database
To manage memory and system resources in your organization's environment, you can configure a BlackBerry MDS Connection Service to store PAP and Research In Motion push requests in the BlackBerry Configuration Database. You can also configure storage settings for the BlackBerry Configuration Database. For more information about types of push requests, visit www.blackberry.com/developers...
Page 326: Configure The Settings For Storing Push Requests In The Blackberry Configuration Database
BlackBerry Configuration Database to store. In the Maximum push message age field, type the maximum length of time, in minutes, that you want the BlackBerry Configuration Database to store a push request before the BlackBerry Enterprise Server deletes it from the BlackBerry Configuration Database.
Page 327: Configure The Maximum Number Of Queued Connections That A Blackberry Mds Connection Service Can Process
The BlackBerry MDS Connection Service queues push connections when the number of connections exceeds a limit that you specify. You can configure the maximum number of push connections that a BlackBerry MDS Connection Service can queue. The BlackBerry MDS Connection Service sends a "service unavailable" message to BlackBerry devices when the number of pending push connections in the queue exceeds the limit.
Page 328: Managing Organizer Data Synchronization
You can also use the wireless backup feature to restore data from the BlackBerry Enterprise Server to the BlackBerry device. By default, wireless backup is turned on when you activate BlackBerry devices.
Page 329: Delete Organizer Data For Members Of A User Group From The Blackberry Enterprise Server
BlackBerry Enterprise Server If the BlackBerry Enterprise Server is not writing organizer data for members of a user group from their BlackBerry devices to the BlackBerry Configuration Database correctly, the organizer data on the BlackBerry Enterprise Server might be corrupted.
Page 330: Turn Off Organizer Data Synchronization For All User Accounts That Are Associated With A Blackberry Enterprise Server
BlackBerry Enterprise Server In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Synchronization. Click the instance that you want to change.
Page 331: Changing How Organizer Data Synchronizes
For each type of organizer data, in the Synchronization type drop-down list, perform one of the following actions: • To synchronize data from the BlackBerry Enterprise Server to the BlackBerry device only, click Server to Device. • To synchronize data from the BlackBerry device to the BlackBerry Enterprise Server only, click Device to Server.
Page 332: Change How The Blackberry Administration Service Resolves Conflicts During Organizer Data Synchronization For All User Accounts On A Blackberry Enterprise Server
• To synchronize data from the BlackBerry Enterprise Server to the BlackBerry device only, click Server to Device. • To synchronize data from the BlackBerry device to the BlackBerry Enterprise Server only, click Device to Server.
Page 333: Synchronizing Contact Pictures
By default, the BlackBerry Synchronization Service synchronizes pictures that a user adds to contact entries in their contact list between the BlackBerry device and the email applications on their computer. A user can add, delete, and change pictures in the email applications on the computer or on the BlackBerry device.
Page 334 Administration Guide Managing organizer data synchronization In the Messaging configuration section, click Default configuration. On the Mappings for organizer data synchronization tab, in the Additional mappings section, in the Picture drop- down list, click None. Click Continue to user information edit. Click Save all.
Page 335: Managing Your Organization's Messaging Environment And Attachment Support
BlackBerry devices. You can also manage individual user accounts, provide support to users, control the size of the message queue, and control the load on the BlackBerry Messaging Agent to process forwarding requests. By default, email message forwarding is turned on when you add a user account to the BlackBerry Enterprise Server.
Page 336: Do Not Deliver Email Messages To A Blackberry Device When No Filter Rules Apply
Do not deliver email messages to a BlackBerry device when no filter rules apply You can configure a BlackBerry Enterprise Server to prevent the delivery of incoming email messages to a user’s BlackBerry device when no email message filters apply to the email messages.
Page 337: Turn Off Email Message Forwarding To User Accounts In A Group
When you turn off message forwarding for a user account, the user can send email messages from the BlackBerry device, but cannot receive email messages.
Page 338: Turn Off Synchronization For Email Messages Sent From A Blackberry Device
BlackBerry device If you do not want a user’s email application to receive a copy of email messages that the user sends from the BlackBerry device, you can turn off synchronization for email messages that the user sends from the BlackBerry device.
Page 339: Managing The Incoming Message Queue
When you delete pending email messages from the incoming message queue, the BlackBerry Enterprise Server does not send the email messages to the user’s BlackBerry device. The email messages remain in the email application on the user’s computer.
Page 340: Managing Wireless Message Reconciliation
Turn on reconciliation for email messages that are hard deleted Users can hard delete email messages in Microsoft Outlook and you can configure a BlackBerry Enterprise Server to remove hard deleted messages from BlackBerry devices. If you turn on hard deletes reconciliation, the BlackBerry Messaging Agent also deletes email messages from devices when users archive or move email messages to personal folders in Microsoft Outlook.
Page 341: Managing Access To Remote Message Data
BlackBerry device By default, when a BlackBerry device user creates a meeting request , the BlackBerry device user can check to see if a potential participant is available. You can turn this feature off if you want to minimize the resource impact of the BlackBerry Enterprise Server on your organization's messaging server.
Page 342: Prevent A User From Searching For Remote Email Messages Using A Device
If you are changing a BlackBerry Enterprise Server instance, in the Status list, click Restart instance. • If you are changing a BlackBerry Enterprise Server pair, in the Status list for one of the instances in the pair, click Restart instance. Repeat this step for the other instance in the pair.
Page 343: Managing Email Messages That Contain Html And Rich Content
The BlackBerry Enterprise Server supports email messages that contain HTML and rich content on BlackBerry devices that are running BlackBerry Device Software version 4.5 or later. You can turn off support for rich content and inline images in email messages. Users can configure the message settings on the BlackBerry devices. The settings that you define override the settings that users define.
Page 344: Turn Off Support For Rich Text Formatting And Inline Images In Email Messages For Users On A Blackberry Enterprise Server
Restart instance. Repeat this step for the other instance in the pair. • In the Windows Services, restart the BlackBerry Dispatcher. Repeat step 2 through step 6 for each BlackBerry Enterprise Server instance that you want to turn off rich text formatting or inline images for.
Page 345: Turn Off Support For Rich Text Formatting And Inline Images In Email Messages Using An It Policy Rule
You can change an IT policy rule to prevent the BlackBerry Enterprise Server from sending email messages that contain HTML and rich content or inline images to users. If you turn off support for rich text formatting, the BlackBerry Enterprise Server sends all email messages in plain text format.
Page 346: Synchronizing Folders On The Blackberry Device
By default, a user can synchronize contacts from all of the published public contact folders on the messaging server with the contact lists on a BlackBerry device. To help manage network resources, you can select the published public contact folders that a user can synchronize.
Page 347: Control Which Personal Mail Folders A User Can Synchronize With A Blackberry Device
Control which personal mail folders a user can synchronize with a BlackBerry device To help manage network resources, you can select the personal mail folders that a user can synchronize with a BlackBerry device. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User.
Page 348: Configuring Access To Documents On Remote File Systems
BlackBerry devices. In BlackBerry Enterprise Server version 5.0 or later and BlackBerry Device Software version 5.0 or later, if you want to permit users to access specific documents that are not located on the Windows network (for example, documents that are...
Page 349: Add Communication Information To A Blackberry Mds Connection Service Configuration Set
If the file system requires the BlackBerry MDS Connection Service to authenticate with the remote file system, perform the following actions: • In the User name field, type the name of the account that you want the BlackBerry MDS Connection Service to use to authenticate to the remote file system. •...
Page 350: Assign A Blackberry Mds Connection Service Configuration Set To A Blackberry Mds Connection Service Instance
To specify the communication method that the BlackBerry MDS Connection Service should try to connect to the server with first , click the Up and Down arrows. The BlackBerry MDS Connection Service resolves conflicts by applying communication methods in the order that you specify. The order of that you specify for LDAP, DSML, or file communication applies to each communication method separately.
Page 351: Managing Signatures And Disclaimers In Email Messages
Connection Service instance. Click Save all. To restart the BlackBerry MDS Connection Service instance, on the Instance information tab, in the Status list, click Restart instance. To assign the BlackBerry MDS Connection Service configuration set to another BlackBerry MDS Connection Service instance, repeat steps 3 to 7.
Page 352: Add A Disclaimer To Email Messages That Users Send From Blackberry Devices
Add a disclaimer to email messages that users send from BlackBerry devices You can add a disclaimer to email messages that users send from their BlackBerry devices. Users cannot change the disclaimers that you define. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry solution topology >...
Page 353: Specify Conflict Rules For Disclaimers
If you associate multiple disclaimers with a user account, you can specify conflict rules for the disclaimer to define the order in which the BlackBerry Enterprise Server applies the disclaimers. For example, you can configure the BlackBerry Enterprise Server to display the user disclaimer first in the email message, followed by the BlackBerry Enterprise Server disclaimer.
Page 354: Monitor Email Messages That Users Send From Blackberry Devices
Sending notification messages to users You can send a notification message to a user, to all of the users associated with a BlackBerry Enterprise Server, or to all of the users in the BlackBerry Domain. You can send notifications as email messages or PIN messages. PIN messages are...
Page 355: Send A Notification Message To All Users In A Blackberry Domain
BlackBerry devices do not apply filters to PIN messages. When users reply to a notification email message, their BlackBerry devices send the replies to the Windows account that you used to install the BlackBerry Enterprise Server (for example, besadmin).
Page 356: Send A Notification Message To A User
The BlackBerry Messaging Agent uses a message state database to manage the mapping between email messages on BlackBerry devices and email messages on the Microsoft Exchange Server. The size of the message state database defines how many recent email messages are kept in this mapping for each user. Increasing the size of the message state...
Page 357: How The Blackberry Attachment Connector Communicates With Blackberry Attachment Service Instances
BlackBerry Attachment Service instances When a user sends a request to view an email message attachment on a BlackBerry device, the BlackBerry device sends a request to the BlackBerry Enterprise Server to convert the attachment. The BlackBerry Enterprise Server uses a BlackBerry Attachment Connector to send the attachment data to a BlackBerry Attachment Service, which processes the request and returns the attachment data to the BlackBerry Attachment Connector.
Page 358: Change How A Blackberry Attachment Connector Restores A Lost Connection To A Blackberry Attachment Service
In the General section, in the Minimum wait for retry per request field, type the amount of time, in milliseconds, that the BlackBerry Attachment Connector waits before it resends a request that is not delivered to a BlackBerry Attachment Service.
Page 359: Attachment File Formats That The Blackberry Attachment Service Supports
You must install the software update for KB22953 on Windows Server 2008 if you want the BlackBerry Attachment Service to support .mp3 audio files on BlackBerry devices and all audio formats on BlackBerry 7100 Series devices that support CDMA networks. To download the software update for KB22953,...
Page 360 IBM Lotus Symphony only. The fonts that can be displayed in slides are dependent on the font types that are available on the BlackBerry Attachment Service. If a specific font is not available, the BlackBerry Attachment Service uses the most similar font type that is available.
Page 361: Changing How A Blackberry Attachment Service Converts Attachments
The BlackBerry Enterprise Server sends data to BlackBerry devices over the wireless network in packets that are no larger than 64 KB, and it can send an unlimited number of packets to BlackBerry devices.
Page 362: Blackberry Attachment Service Optimization Settings
Administration Guide Managing your organization's messaging environment and attachment support In the General section, configure the BlackBerry Attachment Service optimization settings. Click Save. BlackBerry Attachment Service optimization settings Setting Description Range Submit port This setting specifies the TCP/IP port number that a BlackBerry Attachment —...
Page 363: Change The Maximum File Size For Attachments That Users Can Receive
The BlackBerry Attachment Service uses memory during the attachment conversion process. If users try to open large or complex attachments (for example, .pdf files or ASCII text files that are larger than 2 MB) or multiple attachments at the same time, you might want to limit the file size for attachments.
Page 364: Turn Off Support For An Attachment File Format For A Blackberry Attachment Service
The BlackBerry Attachment Service uses distillers to convert attachments that are in supported file formats so that users can view the attachments on their BlackBerry devices. By default, all supported distillers are turned on. You can turn off a distiller to prevent users from viewing attachments that are in a specific file format. For example, if you turn off the .pdf distiller, users cannot view .pdf attachments on their BlackBerry devices.
Page 365: Add Support For An Additional Attachment File Format To A Blackberry Attachment Service
BlackBerry Attachment Service instances. If your organization uses new common extensions for a file format that there is a distiller available for on a BlackBerry Attachment Service, you must add those extensions to the BlackBerry Attachment Connector. For example, if users send .rtf files as .wav files, you must verify that the BlackBerry Attachment Connector supports .wav files and that the...
Page 366: Changing How The Blackberry Messaging Agent Reconciles Attachments To The Messaging Server
By default, the BlackBerry Messaging Agent limits the file size of attachments that it can receive from a BlackBerry device to a maximum of 3 MB. If the BlackBerry Messaging Agent receives more than one attachment at a time, it limits the total file size of all of the attachments to a maximum of 5 MB.
Page 367: Prevent Users From Sending Large Attachments
On BlackBerry devices that are running specific versions of the BlackBerry Device Software, users can download attachments in native formats (for example, .txt for a text file) to their BlackBerry devices. Users can open and make changes to the files that they download using an appropriate third-party application on their BlackBerry devices. A user might be able to open specific file formats using the media application on the BlackBerry device.
Page 368 Administration Guide Managing your organization's messaging environment and attachment support In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Email. Click the instance that you want to change.
Page 369: Managing Calendars
Microsoft Exchange, the BlackBerry Enterprise Server uses MAPI and CDO libraries to manage calendars on devices. A BlackBerry Messaging Agent on the BlackBerry Enterprise Server can include a dynamic mix of user accounts that use Microsoft Exchange Web Services and user accounts that use MAPI and CDO libraries.
Page 370: Turn Off Client Throttling In Microsoft Exchange 2010
Configure the BlackBerry Enterprise Server to use Microsoft Exchange Web Services You can configure the BlackBerry Enterprise Server to use only Microsoft Exchange Web Services to manage calendars on BlackBerry devices. Copy the BlackBerry Enterprise Server installation files to the computer that hosts the primary BlackBerry Enterprise Server.
Page 371: Configure The Blackberry Enterprise Server To Use Mapi And Cdo Libraries
In the logs folder verify that the file named <server_name>_CALH_<agent_id>_<date>.txt appears. In the file name, <server_name> is the name of the BlackBerry Enterprise Server, <agent_id> is the ID of the BlackBerry Messaging Agent, and <date> is the date that you configured the BlackBerry Enterprise Server to use Microsoft Exchange Web Services.
Page 372: Configure The Blackberry Messaging Agent Instances To Use A Web Address For A Specific Microsoft Autodiscover Service
Restart the BlackBerry Messaging Agent instances that you made changes to. Example: To specify a web address for a specific Microsoft Autodiscover service that all BlackBerry Messaging Agent instances on all BlackBerry Enterprise Server instances will use, type traittool -global -trait EWSSCPURL -set https:// server.company.com/Autodiscover/Autodiscover.xml...
Page 373: Configure The Blackberry Messaging Agent Instances To Use A Specific Web Address For A Client Access Server For Microsoft Exchange
Exchange that the Microsoft Autodiscover service selects. If you configure the BlackBerry Messaging Agent instances to use the web address for the client access server, the BlackBerry Messaging Agent instances do not use the Microsoft Autodiscover service to search for a client access server for Microsoft Exchange.
Page 374: Configuring The Blackberry Messaging Agent Instances To Look Up The User's Status Using Only Microsoft Exchange Web Services
You can configure the BlackBerry Messaging Agent instances to use only Microsoft Exchange Web Services to determine the user's status, for example, whether a user is available, busy, or offline. By default, the BlackBerry Messaging Agent instances can determine the user's status using Microsoft Exchange Web Services unless the user is an external user or the user's email address is a distribution list.
Page 375: Correcting Calendar Synchronization Errors On Devices
You can use the BlackBerry Enterprise Trait Tool to specify whether corrective calendar synchronization checks calendar entries for a specific user, users on a specific BlackBerry Enterprise Server, or all users. The tool uses a hierarchy to determine what calendar entries to check. Settings at the user level override settings at the server level, settings at the server level override settings at the global level, and settings at the global level override the default settings.
Page 376: Turn Off Corrective Calendar Synchronization
Turn off corrective calendar synchronization By default, corrective calendar synchronization is turned on. If you do not want the BlackBerry Enterprise Server to check for differences between calendar entries on BlackBerry devices and calendar entries on users' computers, you can turn off corrective calendar synchronization.
Page 377: View The Current Settings For Corrective Calendar Synchronization
By default, corrective calendar synchronization process finds calendar synchronization errors, add the errors to the BlackBerry Messaging Agent log file, and automatically corrects the errors. If you do not want corrective calendar synchronization to automatically correct calendar synchronization errors, you can turn off this function.
Page 378: Configure The Range Of Days To Check For Calendar Synchronization Errors
ExchangeSmartSyncSendUpdate -set true, where <level> is the SMTP address of a specific user account, the server name of a specific BlackBerry Enterprise Server for all user accounts that are associated with the specific BlackBerry Enterprise Server, or global for all user accounts.
Page 379: Configure When Corrective Calendar Synchronization Runs
To specify more than one value for when corrective calendar synchronization runs, after you extract the BlackBerry Enterprise Server installation files to the computer, you can create a list of values that are separated by commas (,) at the command prompt.
Page 380: Logging Information For Corrective Calendar Synchronization
Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday, Weekdays, Weekends, or Daily. The default value is Daily. Press ENTER. Example: Configuring corrective calendar synchronization to run at 10:00 PM for all users on the BlackBerry Enterprise Server that is named SERVER01 traittool -server SERVER01 -trait ExchangeSmartSyncTriggerHour -set 22...
Page 381: Delete A Setting For Corrective Calendar Synchronization
<name> is the setting you want to delete. • To delete a setting for all user accounts that are associated with a BlackBerry Enterprise Server, type traittool - <server_name> -trait <name> -erase, where <name> is the setting you want to delete.
Page 382: Start Corrective Calendar Synchronization Manually For A User Account
BlackBerry Messaging Agent uses the MAPI32.dll library to create the temporary MAPI profiles. After you install BlackBerry Enterprise Server 4.1 SP7 or BlackBerry Enterprise Server 5.0 SP1 or later, if you are running Windows Server 2008 and notice that the limit that Windows Server 2008 places on NSPI connections is impacting MAPI performance and the flow of email messages, you can change how the BlackBerry Messaging Agent creates temporary MAPI profiles for the CalHelper application.
Page 383: Change How The Blackberry Enterprise Server Creates Temporary Mapi Profiles For The Calhelper Application
KB 21413. Change how the BlackBerry Enterprise Server creates temporary MAPI profiles for the CalHelper application On the computer that hosts the BlackBerry Enterprise Server, on the taskbar, click Start > Run. Type regedit. Click OK. Perform one of the following actions: •...
Page 384: Managing Instant Messaging
Installing a collaboration client on BlackBerry devices For detailed information about the methods that you can use to install a collaboration client on BlackBerry devices, see the "Add a collaboration client to the application repository" and "Alternative methods for installing BlackBerry Java Applications on devices"...
Page 385: Change The Instant Messaging Server Or Pool That A Blackberry Collaboration Service Connects To
Change the instant messaging server or pool that a BlackBerry Collaboration Service connects to In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Collaboration. Expand the instant messaging environment.
Page 386: Specify The Windows Domain Name For Users Who Log In To A Collaboration Client
You can specify your organization’s Windows domain name so that users do not have to type their user names when they log in to a collaboration client on their BlackBerry devices. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Collaboration.
Page 387: Managing Instant Messaging Sessions
To control bandwidth and resource consumption in your organization's environment, you can specify the number of instant messaging sessions that can be open between the BlackBerry Collaboration Service and the instant messaging server at the same time.
Page 388: Managing Instant Messaging Features
To control the use of network resources in your organization's environment, you can use the media content management feature to specify the maximum size of specific file types that BlackBerry device users can send to each other using the BlackBerry Client for IBM Lotus Sametime. The maximum file size that you specify for a file type must not exceed the maximum file size that you specified on the IBM Lotus Sametime server.
Page 389: Prevent Users From Sending Instant Messaging Conversations In Email Messages
.txt files in the internal memory of their BlackBerry devices or on an external memory device. You can turn off this feature if you do not want users to save their instant messaging conversations on their BlackBerry devices.
Page 390: Make Additional Contact Information And Phone Numbers Available For The Blackberry Client For Ibm Lotus Sametime Users
Lotus Sametime users In the latest version of the BlackBerry Client for IBM Lotus Sametime, users can make calls to contacts directly from their contact lists. You can make additional phone numbers available to users from their contact lists, and you can make more contact information available in the contact list on BlackBerry devices by adding new fields to each user's contact information.
Page 391 Administration Guide Managing instant messaging <Set Set id="_done213238950373320" params="MailAddress,Name,Title,Location,Telephone,Photo,Company,OfficePhone,HomePhone,CellPhone,Manag er,Department,HomeAddress,HomeZip,HomeState,HomeCity,WorkAddress,WorkZip,WorkCity,WorkState,LoginId"/> Save the UserInfoConfig.xml file. Restart the IBM Lotus Domino server. To verify that the new fields were added to each user's contact information, perform the following actions: 1. Create a test user account in the IBM Lotus Domino Directory. 2.
Page 392: Managing A Blackberry Domain
Managing a BlackBerry Domain Restarting BlackBerry Enterprise Server components When you complete certain tasks, you need to restart one or more BlackBerry Enterprise Server components. You restart the BlackBerry Enterprise Server components using the BlackBerry Administration Service or Windows services. BlackBerry Enterprise Server...
Page 393: Restart A Blackberry Enterprise Server Component Using The Blackberry Administration Service
On each computer that hosts the BlackBerry Enterprise Server component, in the Windows Services, restart the services for the component. If you want to restart all of the BlackBerry Enterprise Server components, you must restart the Windows Services in the following order: •...
Page 394: Best Practice: Restarting More Than One Blackberry Administration Service Instance
The BlackBerry Enterprise Trait Tool is a stand-alone command line tool that you can use to configure specific BlackBerry Enterprise Server traits. You can configure most BlackBerry Enterprise Server settings using the BlackBerry Administration Service, but you must use the BlackBerry Enterprise Trait Tool to configure specific settings that are not available in the BlackBerry Administration Service.
Page 395: Blackberry Enterprise Trait Tool Traits
Restart the BlackBerry Enterprise Server component that is associated with the trait that you configured. BlackBerry Enterprise Trait Tool traits The BlackBerry Enterprise Trait Tool includes the following traits that you can change to meet the requirements of your organization's environment:...
Page 396 Description ACP data that BlackBerry devices can receive is 4 bytes. The BlackBerry Enterprise Server check-s the value of this trait to find out how many bytes of ACP data to send to devices. If the version of the BlackBerry Device Software that the device is running is earlier than the version that this trait specifies, the BlackBerry Enterprise Server sends the device 4 bytes of ACP data instead of 8 bytes.
Page 397 This trait specifies how the BlackBerry Messaging Agent modifies MAPI profile settings when you install the BlackBerry Enterprise Server. If you want the BlackBerry Messaging Agent to modify the MAPI profile settings that the BlackBerry Enterprise Server requires for BlackBerry Enterprise Server version 4.1 SP6 and earlier, set the trait to true (1).
Page 398 If you want the BlackBerry Enterprise Server to use only Microsoft Exchange Web Services to manage calendars on devices, change the value to true (1). If you want the BlackBerry Enterprise Server to use only MAPI and CDO libraries to manage calendars on devices, change the value to false (0).
Page 399 BlackBerry Messaging Agent to receive the user's status using Microsoft Exchange Web Services, change the value to EWS. The default value is PF, the BlackBerry Messaging Agent receives the user's status using Microsoft Exchange public folders. For more information, see...
Page 400 (0) for a specific user account, all user accounts that are associated with a BlackBerry Enterprise Server, or all user accounts. The default value is true (1), the BlackBerry Enterprise Server checks for calendar errors on devices. For more information, see...
Page 401 Service to update the user directory in the BlackBerry Configuration Database. If you want the BlackBerry Mail Store Service to update the user directory in the BlackBerry Configuration Database, change the value to true (1). If you do not want the BlackBerry Mail Store Service...
Page 402 BlackBerry Configuration Database, change the value to false (0). The default value is true (1), the BlackBerry Mail Store Service updates the user directory in the BlackBerry Configuration Database. For more information, see...
Page 403 Junk folder. If you do not want the BlackBerry Enterprise Server to monitor the Junk folder for activation messages, change the value to false (0) and restart the BlackBerry Controller.
Page 404 IT policies and service books, change the value to false (0). The default value is false (0), the BlackBerry Policy Service does not use throttling to send applications the same way that it throttles IT policies and service books.
Page 405 Description PolicyThrottlingP2PKeyRate This trait specifies the maximum number of processes for PIN encryption keys that a BlackBerry Policy Service can process at one time before the BlackBerry Policy Service schedules additional processes for PIN encryption keys. The default value is 60.
Page 406: Permit The Blackberry Messaging Agent To Write Statistics To Microsoft Exchange Mailboxes
Microsoft Exchange mailboxes By default, to reduce the workload on the Microsoft Exchange Server, the BlackBerry Messaging Agent 5.0 SP2 or later does not write statistics to each user's Microsoft Exchange mailbox when it processes email messages. If you want the BlackBerry Messaging Agent to function as it did in previous versions, you can permit the BlackBerry Messaging Agent to write statistics to each user's Microsoft Exchange mailbox.
Page 407: Managing Blackberry Cal Keys
Managing BlackBerry CAL keys BlackBerry CAL keys control how many user accounts can exist on a BlackBerry Enterprise Server at the same time. If you exceed the number of user accounts that can exist on a BlackBerry Enterprise Server, the BlackBerry Administration Service informs you that you require more BlackBerry CAL keys.
Page 408: Copy A Blackberry Cal Key To A Text File
Copy a BlackBerry CAL key to a text file You can copy a BlackBerry CAL key to a text file and save it on a computer for reference if you want to transfer CAL keys to a different BlackBerry Enterprise Server or troubleshoot BlackBerry CAL key issues.
Page 409: Configure The Blackberry Mail Store Service Instance That Updates The Contact List
BlackBerry Administration Service. You can only create the user account if you use the Add from company directory option in the BlackBerry Administration Service. The Add from company directory option permits the BlackBerry Mail Store Service to search the contact information that is stored in the messaging environment so that you can create the user account even if the BlackBerry Configuration Database does not contain the contact information for the user account.
Page 410: Configuring Hosted Blackberry Services When You Permit Your Organization's Customers Limited Access To Microsoft Active Directory
Enterprise Server might return inaccurate search results. If a user tries to search for another user's contact information but you did not specify the name of the organization that the other user belongs to in Microsoft Active Directory, the BlackBerry Enterprise Server does not return any search results.
Page 411: Configure Hosted Blackberry Services When Your Organization's Customers Have Full Control Of Their Subtree In Microsoft Active Directory
Microsoft Active Directory You can configure the BlackBerry Enterprise Server to search for contact information or calendar availability within subtrees in a Microsoft Active Directory that you configured for multi-tenancy. When you configure the BlackBerry Enterprise Server to search within subtrees, the BlackBerry Enterprise Server searches the Microsoft Active Directory using the organizational unit information that is included in the distinguished name of the BlackBerry device users.
Page 412: Configuring The Blackberry Enterprise Server To Use Ldap To Retrieve Email Addresses And Organizer Data
Enterprise Server uses MAPI to connect to the Microsoft Exchange Server and retrieve the email addresses or organizer data that is stored in Microsoft Active Directory. You can configure the BlackBerry Enterprise Server to use LDAP to connect to Microsoft Active Directory directly to retrieve email addresses, organizer data, or both.
Page 413: Configure The Blackberry Enterprise Server To Connect To Microsoft Active Directory
(for example, example.com:3268). If the BlackBerry Enterprise Server must use a specific port to connect to Microsoft Active Directory and you did not specify the port number in the LDAPDomain string, perform the following actions:...
Page 414: Configure The Blackberry Enterprise Server To Retrieve Email Addresses And Organizer Data Using Ldap
Administration Guide Managing a BlackBerry Domain Change the value to the port number. To limit the number of LDAP queries that the BlackBerry Enterprise Server needs, use the port number of the global catalog server (port 3268). If the BlackBerry Enterprise Server must use LDAPS to connect to the Microsoft Active Directory, perform the following actions: Create a DWORD value named LDAPssl.
Page 415: Prevent The Blackberry Enterprise Server From Retrieving Contact Information For Specific Users
If you are required by your organization to prevent BlackBerry device users from finding contact information for specific users, you can specify a list of users that you want to prevent BlackBerry device users from finding contact information for or you can filter users using an attribute in Microsoft Active Directory.
Page 416: Restrict The Location In Microsoft Active Directory That The Blackberry Enterprise Server Can Retrieve Email Addresses And Organizer Data From
BlackBerry Enterprise Server can retrieve email addresses and organizer data from You can configure a BlackBerry Enterprise Server instance so that it searches for email addresses and organizer data only in a specified BaseDN in Microsoft Active Directory. On the computer that hosts the BlackBerry Enterprise Server, click Start > Run.
Page 417: View The Current Settings For Blackberry Policy Service Throttling
Database, it schedules a task to create and deliver the IT policy or service book to BlackBerry device users that must receive the update. The BlackBerry Policy Service tries to process tasks as fast as the server permits, which can result in an unexpected increase in CPU usage and database usage.
Page 418 Example: Configuring the maximum number of IT policies or service books that a BlackBerry Policy Service can send If you want to configure the maximum number of IT policies or service books that a BlackBerry Policy Service can send to...
Page 419: Configuring Blackberry Policy Service Throttling For Pin Encryption Keys
60 second period. The default setting is 60, or one process per second. You can adjust the number of users that the BlackBerry Policy Service schedules over the 60 second interval using throttling.
Page 420: Delete A Blackberry Policy Service Throttling Setting
Managing a BlackBerry Domain If you do not configure throttling, the BlackBerry Policy Service tries to process tasks as fast as the server permits, which might result in an unexpected increase in CPU usage and database usage. If you configure throttling, the BlackBerry Policy Service sends applications to devices using the same method that it uses to throttle IT policies and service books.
Page 421: Change The Port Number That Blackberry Enterprise Server Components Use To Connect To The Blackberry Configuration Database
BlackBerry Configuration Database You can change the static port number that BlackBerry Enterprise Server components use if you changed the port number that the BlackBerry Configuration Database uses after you install the BlackBerry Enterprise Server. By default, the BlackBerry Configuration Database accepts TCP/IP connections to port 1433 on a Microsoft SQL Server.
Page 422: Change The Port Number That The Syslog Tools Use To Monitor Blackberry Enterprise Server Events
BlackBerry Enterprise Server events You can change the port number that the syslog tools listen on to monitor BlackBerry Enterprise Server events. By default, the syslog tools listen to events for the BlackBerry Enterprise Server on port 514.
Page 423: Blackberry Controller And Blackberry Enterprise Server Component Monitoring
Registry keys determine how the BlackBerry Controller monitors the BlackBerry Enterprise Server components and restarts the services that are associated with the components. You can change the default behavior of the BlackBerry Controller by creating new registry keys and changing the default values of the registry keys.
Page 424 The default value is 6. Health checks occur every ten minutes. If a health check does not receive a response from the thread that that the BlackBerry Controller monitors, the BlackBerry Enterprise Server tracks the missed health check in the BlackBerry Messaging Agent log file as the wait count.
Page 425 3. In the Value data field, type a value. health check before it restarts the BlackBerry Messaging Agent. The default value is 2. If you configure the MissedHeartbeatThreshold value to be three, the BlackBerry Controller waits for 30 minutes before it restarts the BlackBerry Messaging Agent.
Page 426: Change How The Blackberry Controller Restarts A Blackberry Enterprise Server Service
BlackBerry Enterprise Server service By default, the BlackBerry Controller restarts a BlackBerry Enterprise Server service if it stops responding. On the computer that hosts the BlackBerry Enterprise Server component that you want to change, open the Registry Editor. In the left pane, perform one of the following actions: •...
Page 427 To prevent the BlackBerry Controller from restarting the BlackBerry MDS Connection Service if the service stops responding, type 0. • To permit the BlackBerry Controller to restart the BlackBerry MDS Connection Service if the service stops responding, type 1. Change how the BlackBerry 1.
Page 428: Blackberry Enterprise Server Alert Tool
Enterprise Server Alert Tool You can use the BlackBerry Enterprise Server Alert Tool to monitor the Windows Event Log and send users that you define as notification recipients a notification message when the tool records a critical, error, warning, or informational event. You must configure notification settings for each BlackBerry Enterprise Server in your organization's BlackBerry Domain.
Page 429 Define a notification recipient You can specify a notification recipient for the BlackBerry Enterprise Server Alert Tool so that the contact receives notification messages in email or popup messages that appear on the screen. You can send popup messages to the contact if the Messenger service for Windows is running on the computer that you installed the BlackBerry Enterprise Server Alert Tool on, and if the computer is not running Windows Server 2008.
Page 430 Administration Guide BlackBerry Controller and BlackBerry Enterprise Server Component Monitoring In the Email address field, type the recipient's email address. To send notification messages as popup messages on the contact's computer, in the Console field, type the name of the contact's computer.
Page 431: Blackberry Enterprise Server Log Files
By default, the log files are stored in C:\Program Files\Research In Motion\BlackBerry Enterprise Server\Logs. This is the same location that the BlackBerry Enterprise Server component log files are stored in.
Page 432: Monitor Sms Text Messages
Turn off call logging You can use the log files for calls to monitor the time and frequency when users make calls from BlackBerry devices. The log files are named using the format PhoneCallLog_<yyyymmdd>. By default, logging for calls is turned on.
Page 433: Log Files For Blackberry Enterprise Server Components
Log files for BlackBerry Enterprise Server components You can use log files to record the activity of BlackBerry Enterprise Server components and troubleshoot issues with the components. The BlackBerry Enterprise Server creates a log file for each BlackBerry Enterprise Server component and saves the log files on the computer that hosts the BlackBerry Enterprise Server.
Page 434: Changing How Blackberry Enterprise Server Components Create Log Files
Store the log files for BlackBerry Enterprise Server components in one folder You can store the log files for BlackBerry Enterprise Server components in one folder instead of permitting the BlackBerry Enterprise Server to save the log files in folders that it creates daily and organizes by date.
Page 435: Server Component
On the Servers and components menu, locate and restart the components that contain the logging settings that you changed. Related information Create an additional log file for a BlackBerry Enterprise Server component when the current log file reaches its maximum size, Restarting BlackBerry Enterprise Server components,...
Page 436 If you turn on log auto-roll for a BlackBerry Enterprise Server component, the BlackBerry Enterprise Server creates a new log file for the component when the current log file reaches the maximum size. If you turn off log auto-roll for a BlackBerry Enterprise Server component, the BlackBerry Enterprise Server overwrites the current log file for the component when the log file reaches the maximum size.
Page 437 Click the instance that contains the logging settings that you want to change. On the Logging details tab, click Edit instance. In each section, in the Maximum age of daily log files field, type the number of days that you want the BlackBerry Enterprise Server to delete the log files after.
Page 438 Server component You can change the character encoding of the log files of a BlackBerry Enterprise Server component so that the encoding supports the tools that you use to parse and examine the log files. You can specify a different character encoding for each BlackBerry Enterprise Server component.
Page 439: Component Identifiers For Log Files
BlackBerry Enterprise Server log files Related information Restarting BlackBerry Enterprise Server components, Component identifiers for log files You can identify the names for the BlackBerry Enterprise Server log files using the following component identifiers: Component identifier Logging component ACNV BlackBerry Attachment Service attachment conversion...
Page 440: Blackberry Mds Connection Service Log Files
Change the logging level for BlackBerry MDS Connection Service log files You can change the logging level for the BlackBerry MDS Connection Service log file, which includes the event log, UDP log files, and TCP log files.
Page 441 Service connects to when it sends UDP log file messages The SNMP agent for the BlackBerry Enterprise Server receives UDP log file messages from the same host and port number that the BlackBerry MDS Connection Service connects to when it sends UDP log messages.
Page 442 Change the activities that the BlackBerry MDS Connection Service writes to a log file The settings for the activities that the BlackBerry MDS Connection Service writes to a log file apply to all log files, including the event log, UDP log files, and TCP log files.
Page 443 Administration Guide BlackBerry Enterprise Server log files In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > MDS Connection Service. Click a BlackBerry MDS Connection Service instance. On the Logging tab, click Edit instance.
Page 444: Using Blackberry Mds Connection Service Log Files To View Information For Proxied Connections To Blackberry Devices
Service proxies in the BlackBerry MDS Connection Service log files. You can find the BlackBerry MDS Connection Service log files on the computer that hosts the BlackBerry Enterprise Server. You can identify BlackBerry MDS Connection Service log files by the component identifier MDAT in the log file name.
Page 445: Blackberry Collaboration Service Log Files
Change which activities the BlackBerry Collaboration Service writes to a log file In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Collaboration. Expand a BlackBerry Collaboration Service, then click an instance.
Page 446 Task Steps Trace how data packets travel inside the GME network In the GME logging turned on drop-down list, click True. layer from the BlackBerry Collaboration Service to the BlackBerry Dispatcher. Click Save all. Related information Restarting BlackBerry Enterprise Server components,...
Page 447: Blackberry Enterprise Solution Connection Types And Port Numbers
BlackBerry Enterprise Solution connection types and port numbers BlackBerry Enterprise Solution connection types and port numbers The BlackBerry Enterprise Server components authenticate the port connections over a TCP/IP or UDP/IP connection that uses SSL or TLS. BlackBerry Administration Service connection types and port numbers...
Page 448 Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can type number configure the connection \Research In Motion \BlackBerry Enterprise Server \Database\Port incoming data connections from, and outgoing data HTTPS BlackBerry connections to, browsers...
Page 449: Blackberry Attachment Service Connection Types And Port Numbers
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can type number configure the connection data connections between BlackBerry Administration multicast IP — Service instances address/port 228.1.2.1/48858 228.1.2.1/48857 228.1.2.1/48855 228.1.2.5/45588 data connections between BlackBerry Administration...
Page 450: Blackberry Collaboration Service Connection Types And Port Numbers
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection outgoing conversion results of large attachments to the 2000 BlackBerry Administration BlackBerry Attachment Connector for the BlackBerry...
Page 451 Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection incoming data connections from, and outgoing data TLS or MTLS 5061 BlackBerry Administration connections to, the Microsoft Office Communications...
Page 452: Blackberry Configuration Database Connection Types And Port Numbers
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection • On a 64-bit version of Windows: HKEY_LOCAL_MACHIN E\SOFTWARE \WOW6432Node \Research In Motion\ \BlackBerrySNMPAgent \Parameters\UDPPort BlackBerry Configuration Database...
Page 453: Blackberry Controller Connection Types And Port Numbers
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection \BlackBerry Enterprise Server\Database\Port Related information Restarting BlackBerry Enterprise Server components, BlackBerry Controller connection types and port numbers...
Page 454: Blackberry Dispatcher Connection Types And Port Numbers
Enterprise Server\Agents \TcpPortDispatcher • On a 64-bit version of Windows: HKEY_LOCAL_MACHIN E\SOFTWARE \WOW6432Node \Research In Motion \BlackBerry Enterprise Server\Agents \TcpPortDispatcher incoming data connections from, and outgoing data 3200 — connections to, one or more of the following BlackBerry Enterprise Server components:...
Page 455 BlackBerry Collaboration Service • BlackBerry MDS Connection Service • BlackBerry Policy Service • BlackBerry Synchronization Service outgoing data connection that uses SRP to the BlackBerry 3101 BlackBerry Administration Router Service incoming data connections from, and outgoing data 1433 Windows registry connections to, the BlackBerry Configuration Database that •...
Page 456: Blackberry Messaging Agent Connection Types And Port Numbers
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection \BlackBerrySNMPAgent \Parameters\UDPPort • On a 64-bit version of Windows: HKEY_LOCAL_MACHIN E\SOFTWARE \WOW6432Node \Research In Motion \BlackBerrySNMPAgent \Parameters\UDPPort...
Page 457 Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection Server\Agents \TcpPortDispatcher incoming data connections from, and outgoing data 1433 Windows registry connections to, the BlackBerry Configuration Database that •...
Page 458 Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection \WOW6432Node \Research In Motion \BlackBerry Enterprise Server\Agents \SysLogHost outgoing syslog connections to the SNMP agent 4071 Windows registry •...
Page 459: Blackberry Mds Connection Service Connection Types And Port Numbers
Administration Guide BlackBerry Enterprise Solution connection types and port numbers BlackBerry MDS Connection Service connection types and port numbers Item Connection Default port UI where you can configure type number the connection if access control for push applications is turned on,...
Page 460: Blackberry Monitoring Service Connection Types And Port Numbers
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection E\SOFTWARE\Research In Motion \BlackBerrySNMPAgent \Parameters\UDPPort • On a 64-bit version of Windows: HKEY_LOCAL_MACHIN E\SOFTWARE \WOW6432Node \Research In Motion...
Page 461: Blackberry Policy Service Connection Types And Port Numbers
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection other applications that you configured the BlackBerry Monitoring Service to send SNMP traps to internal data connection to the BlackBerry Monitoring...
Page 462: Blackberry Router Connection Types And Port Numbers
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection E\SOFTWARE \WOW6432Node \Research In Motion \BlackBerry Enterprise Server\Database\Port incoming data connections from the BlackBerry database first unused —...
Page 463 Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection \Research In Motion \BlackBerryRouter \ServicePort outgoing data connections to the BlackBerry Infrastructure 3101 BlackBerry Configuration that use SRP...
Page 464: Blackberry Synchronization Service Connection Types And Port Numbers
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection \WOW6432Node \Research In Motion \BlackBerryRouter \DevicePort outgoing syslog connections to the SNMP agent 4071 Windows registry •...
Page 465: Calhelper Connection Type And Port Number
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection incoming data connections from, and outgoing data 1433 Windows registry connections to, the BlackBerry Configuration Database that •...
Page 466: Ibm Lotus Sametime Connection Type And Port Number
Administration Guide BlackBerry Enterprise Solution connection types and port numbers IBM Lotus Sametime connection type and port number Item Connection Default port UI where you can configure type number the connection incoming data connections from and outgoing data TCP/IP 1533...
Page 467: Microsoft Office Live Communications Server 2005 Connection Types And Port Numbers
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Microsoft Office Live Communications Server 2005 connection types and port numbers Item Connection Default port UI where you can configure type number the connection incoming data connections from, and outgoing data...
Page 468: Novell Groupwise Messenger Connection Type And Port Number
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Novell GroupWise Messenger connection type and port number Item Connection Default port UI where you can configure type number the connection incoming data connections from, and outgoing data 8300 Novell GroupWise server that...
Page 469: Syslog Connection Type And Port Number
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection Default port UI where you can configure type number the connection \BlackBerrySNMPAgent \Parameters\UDPPort incoming syslog connections from SNMP queries and traps Windows registry outgoing syslog connections from SNMP queries and traps...
Page 470: Troubleshooting
Troubleshooting Troubleshooting: Connecting to the BlackBerry Administration Service The web browser displays an HTTP 404 or HTTP 504 error message when it tries to connect to a BlackBerry Administration Service instance Possible cause Possible solution You created a BlackBerry Administration Service pool using...
Page 471: Troubleshooting: Blackberry Enterprise Server Performance
Possible solution You can use TraitTool.exe to turn off the address book refresh feature for BlackBerry Enterprise Server instances that are geographically remote from the BlackBerry Configuration Database. As a result, BlackBerry Enterprise Server instances that are located geographically close to the BlackBerry Configuration Database can use the BlackBerry Mailstore Service to refresh the user information from your organization's address book in the BlackBerry Configuration Database.
Page 472: Microsoft Sql Server Uses A Considerable Amount Of Disk Space
Administration Guide Troubleshooting To turn on the address book refresh feature for a BlackBerry Enterprise Server again, use the same command with a value of True. Microsoft SQL Server uses a considerable amount of disk space Possible cause Reorganizing or rebuilding an index in Microsoft SQL Server can cause the size of the transaction log file in the BlackBerry Configuration Database to grow larger than expected.
Page 473: You Cannot Find A New User Account In The Directory Using The Blackberry Administration Service
BlackBerry Administration Service Possible solution Refresh the list of available user accounts that the BlackBerry Administration Service can access from the directory. By default, the BlackBerry Administration Service refreshes the list of available user accounts at 12:30 AM daily.
Page 474: Text Does Not Appear Correctly In Unicode Email Messages
The IBM Lotus Sametime API cannot retrieve phone numbers for instant messaging contacts from the IBM Lotus Sametime server. If the BlackBerry Enterprise Server is located in a network that does not permit direct HTTP connections to the IBM Lotus Sametime server, the BlackBerry Collaboration Service cannot retrieve the phone numbers from the IBM Lotus...
Page 475 IBM Lotus Sametime server automatically to retrieve the phone numbers. If your organization's BlackBerry Enterprise Server is located in a restricted network that does not permit direct HTTP connections to the IBM Lotus Sametime server, you must specify an unauthenticated proxy server in the rimpublic.properties file that the BlackBerry Collaboration Service can use to establish an HTTP connection to the IBM Lotus Sametime server.
Page 476: A User Did Not Accept A Notification About An Instant Message On A Computer And The Notification Disappeared
If a user is logged in to Microsoft Office Communicator on both a computer and a BlackBerry device and the user does not accept a notification about an instant message on the computer before the notification disappears, the notification about the instant message disappears from the computer but remains on the BlackBerry device.
Page 477: Troubleshooting: Blackberry Web Desktop Manager
The BlackBerry Collaboration Service Remove the instant messaging application from the BlackBerry device. Install does not support the version of the an earlier version of the instant messaging application on the BlackBerry device. instant messaging application that is installed on the BlackBerry device.
Page 478: Troubleshooting: Connections To The Wi-Fi Network
2. In the Wi-Fi field, verify that the name of the Wi-Fi network appears. If the name does not appear, resend the IT policy to the BlackBerry device, or instruct the user to configure a Wi-Fi profile on the BlackBerry device.
Page 479 • Use a wireless device, such as a computer, to ping the BlackBerry Router. The ping tests whether the BlackBerry Router is on the ACL of the access point. • If access point logs are available, view the logs to determine the error that occurred.
Page 480 IP address, and DNS IP address are configured correctly. • If the BlackBerry device uses DHCP, verify that the BlackBerry device can obtain a valid IP configuration (for example, an IP address, subnet mask, default gateway IP address, or DNS IP address).
Page 481: Status Indicators
BlackBerry device Possible cause The Wi-Fi enabled BlackBerry device is not configured to permit a user to make changes to the Wi-Fi configuration settings. Possible solution 1. In the BlackBerry Administration Service, change the WLAN Allowed Handheld Changes configuration setting in the Wi-Fi profile to Yes.
Page 482 When the BlackBerry device displays the link security method, the security on the Wi-Fi connection is turned on and active. Association This field shows the status of the BlackBerry device connection to the access point. The status indicators are the following icons: •...
Page 483 IP address of the organization’s LAN gateway. In a personal Wi-Fi network, this field specifies the internal IP address of the router for the home network. DHCP This field specifies the status of the DHCP connection to the BlackBerry device. When a check mark displays, DHCP is complete. Primary DNS This field specifies the address of an optional computer that translates host names into IP addresses.
Page 484 This field specifies the certificate that the BlackBerry device can use for Wi-Fi authentication, if applicable. Software Token If you configured a software token for the BlackBerry device, this field specifies the serial number of the software token. Status fields for VPN connections...
Page 485 VPN protects. The subnet mask and IP address provide information about the subnet that the BlackBerry device has connected to. Retry at If a BlackBerry cannot log in, this field specifies the next date and time that the BlackBerry device can try to log in. Session Lifetime...
Page 486 BlackBerry device is idle. Status fields for BlackBerry Infrastructure connections The connection status indicators for the BlackBerry Infrastructure appear on a BlackBerry device when a user makes a Wi- Fi connection or tries to make a Wi-Fi connection.
Page 487: A Blackberry Device Cannot Open A Vpn Connection
This field specifies the IP address of the server that performs authentication. Last Contact At This field specifies the last time that the BlackBerry device had contact with the BlackBerry Enterprise Server through the BlackBerry Infrastructure. Status fields for Enterprise connections...
Page 488: A Blackberry Device Cannot Connect To The Mobile Network Using Uma Or Gan
UNC. 2. Connect a computer to the wireless access point. 3. To verify the IP address of the BlackBerry device, on the Wi-Fi Diagnostics screen, ping the computer. 4. If you do not receive a response to the ping, the reason for this error is an...
Page 489: Verify Whether A Blackberry Device Can Resolve An Ip Address
On the menu, click Send ping. Look up a computer name to resolve an IP address Using a BlackBerry device, a user can look up a computer name in the DNS server to resolve network or domain names and IP addresses.
Page 490: Troubleshooting: Blackberry Administration Service Pools
Possible cause If BlackBerry Administration Service instances are located in different network segments that are separated by a firewall, the firewall can block the dynamic ports on the BlackBerry Administration Service. Possible solution Perform the following actions: 1.
Page 491: Troubleshooting: Blackberry Monitoring Service Connections
If your organization's environment includes a firewall located between the BlackBerry Administration Service and BlackBerry Monitoring Service, the firewall can block the JNDI delegate port on the BlackBerry Administration Service. By default, the JNDI delegate port is configured to 0 (any port).
Page 492: Troubleshooting: It Policies
IT policy packs, search the BlackBerry Technical Solution Center at www.blackberry.com/support. For example, to find the IT policy pack that includes the IT policy rules for BlackBerry Device Software 5.0, search for "IT policy rules for BlackBerry Device Software 5.0".
Page 493: Glossary
American Standard Code for Information Interchange blind carbon copy BlackBerry CAL A BlackBerry Client Access License (BlackBerry CAL) limits how many users you can add to a BlackBerry Enterprise Server. BlackBerry Domain A BlackBerry Domain consists of the BlackBerry Configuration Database with its users and any BlackBerry Enterprise Server instances that connect to it.
Page 494 Glossary CMIME Compressed Multipurpose Internet Mail Extension content protection Content protection helps protect user data on a locked BlackBerry device by encrypting the user data using the content protection key and ECC private key. certificate revocation list certificate signing request...
Page 495 BlackBerry smartphones, BlackBerry PlayBook tablets, the BlackBerry Desktop Software, and the BlackBerry Web Desktop Manager. IT policy rule An IT policy rule permits you to customize and control the actions that BlackBerry smartphones, BlackBerry PlayBook tablets, the BlackBerry Desktop Software, and the BlackBerry Web Desktop Manager can perform.
Page 496 Administration Guide Glossary messaging server A messaging server sends and processes messages and provides collaboration services, such as updating and communicating calendar and address book information. MIDP Mobile Information Device Profile MIME Multipurpose Internet Mail Extensions mirror database In database mirroring, a mirror database is a standby copy of a principal database. mobile network code MTLS Mutual Transport Layer Security...
Page 497 Glossary Structured Query Language Server Routing Protocol SRP ID The SRP ID is a unique identifier for the BlackBerry Enterprise Server that the BlackBerry Enterprise Server uses to identify itself to the BlackBerry Infrastructure during SRP authentication. SSID service set identifier...
Page 498: Legal Notice
© ® ® ® 2012 Research In Motion Limited. All rights reserved. BlackBerry , RIM , Research In Motion , and related trademarks, names, and logos are the property of Research In Motion Limited and are registered and/or used in the U.S. and countries around the world.
Page 499 Some airtime service providers might not offer ® Internet browsing functionality with a subscription to the BlackBerry Internet Service. Check with your service provider for availability, roaming arrangements, service plans and features. Installation or use of Third Party Products and Services with RIM's products and services may require one or more patent, trademark, copyright, or other licenses in order to avoid infringement or violation of third party rights.
Page 500 RIM. Certain features outlined in this documentation require a minimum version of BlackBerry Enterprise Server, BlackBerry Desktop Software, and/or BlackBerry Device Software.

Blackberry PRD-10459-016 - Enterprise Server For MS Exchange Administration Manual

1 Overview: Blackberry Enterprise Server

2 Log in to the Blackberry Administration Service for the First Time

3 Creating Administrator Accounts

4 Using an IT Policy to Manage Blackberry Enterprise Solution Security

5 Configuring Security Options

6 Configuring the Blackberry Enterprise Server Environment

7 Configuring User Accounts

8 Assigning Blackberry Devices to Users

9 Configuring Blackberry Enterprise Server High Availability

10 Configuring High Availability for Blackberry Enterprise Server Components

11 Configuring Blackberry Configuration Database High Availability

12 Sending Software and Blackberry Java Applications to Blackberry Devices

13 Alternative Methods for Installing Blackberry Java Applications on Blackberry Devices

14 Configuring How Users Access Enterprise Applications and Web Content

15 Setting up the Messaging Environment

16 Configuring Blackberry Devices to Enroll Certificates over the Wireless Network

17 Making the Blackberry Web Desktop Manager Available to Users

18 Configuring the Blackberry Web Desktop Manager

19 Creating and Configuring Wi-Fi Profiles and VPN Profiles

Quick Links

Microsoft Exchange

Troubleshooting

Related Manuals for Blackberry PRD-10459-016 - Enterprise Server For MS Exchange

Summary of Contents for Blackberry PRD-10459-016 - Enterprise Server For MS Exchange