Monday, May 6, 2013

BES Installation


Ok, this is going to be long... not hard, but long.  You can build a Space Shuttle with fewer steps, but don't worry... you can do it.
To make this more difficult, the instructions are for Blackberry Enterprise Server Express on Exchange 2010 Single Sever running on R2 of Windows 2008 64 Bit.  Pitter patter, lets get at 'er:
  1. Download and skim the BES "Installation and Configuration Guide"  from HERE.
  2. CREATE A "BESADMIN" ACCOUNT
    • On the computer that hosts Microsoft Exchange, log in using an administrator account that has the permission to create accounts.
    • Open the Microsoft Exchange Management Console.
    • Create an account and mailbox that you name BESAdmin.
    • To permit the BlackBerry® Enterprise Server to check if a BlackBerry device user has permission to access a public folder ,assign the Owner permission for all public folders to the administrator account.
  3. ADD PERMISSIONS TO BESADMIN
    •  BES Install - Send As open the Microsoft Exchange Management Shell and type:

      Get-MailboxDatabase | Add-ADPermission -User "BESAdmin" -AccessRights ExtendedRight –ExtendedRights Receive-As, ms-Exch-Store-Admin

      Add-RoleGroupMember "View-Only Organization Management" -Member "BESAdmin"

      Add-ADPermission -InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As -User "BESAdmin" -Identity "CN=Users,DC=<domain_1>,DC=<domain_2>,DC=<domain_3>" 

      where <domain_1>, <domain_2>, and <domain_3> form the name of the domain
      For example, if the domain name is www.example.com, type www for <domain_1>, example for <domain_2>, and com for <domain_3>.

      NOTE: If you create a new mailbox database in the future for Microsoft Exchange, repeat the first bullet.
  4. ADD SEND AS PERMISSION 
    • This is apparently not always necessary but it sure was in my case (see THIS for details).  Just follow along and if you find that you already have the entries in question, just skip to the next step,
    •  Open ACTIVE DIRECTORY USERS AND COMPUTERS
    •  Select the VIEW menu and ensure ADVANCED FEATURES is checked.
    •  Right mouse click on your domain name and select PROPERTIES
    •  Select the SECURITY tab
    • Press the ADVANCED button at the bottom on the SECURITY tab
    • Select AD and enter your Blackberry Service Account name (e.g. BESAdmin) and select OK
    •  When the permissions screen appears change the APLLY ONTO drop down to DESCENDANT USER  OBJECTS (if you are running on 2003m which this article does not cover, it would be called USER OBJECTS)
    •  In the Permissions box scroll down and check the ALLOW box beside SEND AS and press OK
    •  Press APPLY and OK to exit
  5. REMOVE THE EXCHANGE 2010 "THROTTLING POLICY"BES Install - Set ThrottleingPolicy Null
    • Note that the instructions in the March 2010 version of the Installation and Configuration guide is WRONG... yup, wrong, read THIS if you want more information.
    • Open an Exchange Shell and type:
      Get-ThrottlingPolicy | where {$_.IsDefault -eq $true} | Set-ThrottlingPolicy -RCAMaxConcurrency $null
    • Display a list of your Throttling Policies using the following command:
      Get-ThrottlingPolicy
    • From the "Get-ThrottlingPolicy" output locate and copy the "DefaultThrottlingPolicy" name.  Example: "DefaultThrottlingPolicy_a1f84187-7a42-4ece-9276-06c704be21e7"
    • Now enter the command below but paste in your DefaultThrottlingPolicy name.
      Set-Mailbox "BESAdmin" -ThrottlingPolicy <Default Policy Name>
  6.  BES Express Install - Set maximum sessionsSET THE MAXIMUM SESSIONS
    •  On the computer that hosts the Microsoft Exchange CAS server, in <drive>:\ProgramFiles\Microsoft\Exchange Server\V14\Bin, in a text editor, open the microsoft.exchange.addressbook.service.exe.config file.
    • Change the value of the MaxSessionsPerUser key to 100000.BES Express Install - Restart address book service
    • Save and close the file.
    • click START, type SERVICES.MSC and Restart the ADDRESS BOOK via
      BES Install - Impersonate Role
  7. CREATE APPLICATION IMPERSONATION ROLE
    • Open the Microsoft Exchange Management Shell and type
      New-ManagementRoleAssignment -Name "BES Admin EWS" -Role ApplicationImpersonation -User "BESAdmin"
  8. CONFIGURE BES EXPRESS TO RUN WITHOUT EXCHANGE 'PUBLIC FOLDERS'
    • Note that I don't have PUBLIC FOLDERS installed on any of the Exchange servers that I run.  I am 95% sure you could skip this step if you DO have PUBLIC FOLDERS.
    • Click START and an type REGEDIT and navigate toHKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Messaging Subsystem
    • If the CDO registry key does not exist, create a registry key that you name CDOBES Express Install - run on exchange without public folders
    •  In the CDO registry key, if the DWORD value does not exist, create a DWORD value that you name:  Ignore No PF
    • Change the DWORD value to 1
  9. INSTALL  MAPI and CDO
    • Download it from HERE
    • Install it on the server.
  10. SET BESADMIN TO BE A LOCAL ADMIN ON YOUR SERVERBES Express Install - Set BESADMIN to be a local admin
    • Read THIS if you have any questions and make sure your BESAdmin account is NOT a Domain Admin or Enterprise Admin... must a LOCAL Admin
    • Click Start > Programs > Administrative Tools > Active Directory Users and Computers.
    • Select the Builtin folder.
    • Double-click Administrators.
    • On the MEMBERS tab, click the ADD button.
    • Type BESAdmin and then click Check Names.
    • Click OK then click Apply then OK.
  11. LOG IN AS BESADMIN
    • Using ACTIVE DIRECTORY USERS AND COMPUTERS, reset the BESAdmin password to something you like
    • Log off
    • Log into the server using the BESADMIN credentials
  12. TEST YOUR PROGRESS
    • this step did not go well for me but I think it was because I was running it under my typical Domain Admin login rather than the BESADMIN account.  The screen shot to the right was actucally taken after I had completed the BES Express install but according to the docs, this is where you are supposed to try it.  The bottom lines is don't panic if it doesn't work.
    • The BlackBerry Enterprise Server requires permission to access each BlackBerry device user's mailbox to process email messages. The IEMSTest.exe tool runs a test to verify whether the Windows account has the Send As permission in Microsoft® Exchange so that the BlackBerry Enterprise Server can access user accounts. The IEMSTest.exe tool does not verify whether the BlackBerry Enterprise Server can send email messages on behalf of a BlackBerry device user
    • Copy the BlackBerry Enterprise Server installation files to your desktop (or anywhere else you like :) )
    • Extract the contents to a folder on the computer
    •  bes-express-install-iemstestClick START, type CMD
    •  Through the command line, navigate to <extracted_folder>\TOOLS folder
    •  type IEMSTEST
    • create a profile if asked
    • In the Profile Name drop-down list, select the profile names for the user accounts and click OK
    • In the left pane, select the user accounts that you want to check
    • Click SELECT and click OK
    • When you are done, you can close the CMD/DOS box
  13. GENTLEMEN: START YOUR ENGINES
    • From the extracted files above double click SETUP
    • Agree with the first few windows and select the obvious choices including INSTALL SQL 2005 SP3. 
    • Mouse over each of these screens for more details on time delays and issues I had
      BES Express Install - Setup Screen 1 - licence   BES Express Install - Setup Screen 2 - create database   BES Express Install - Setup Screen 3 - blackberry express   BES Express Install - Setup Screen 4 - preinstall check   BES Express Install - Setup Screen 5 - Install SQL 2005  BES Express Install - Setup Screen 6 - Account Information   BES Express Install - Setup Screen 7 - Summary - Waited two minute without doing anything but then started   BES Express Install - Setup Screen 8 - Installation Process - took 8 minutes for me and then required a reboot   BES Express Install - Setup Screen 9 - Database Information - Don't Change ANYTHING   BES Express Install - Setup Screen 10 - Create Database Information 
    • The CAL SRP, Key page I found to be even more frustrating that the rest of the install because it used terms which do not match the terms RIM email to you.  So here is the info:
      • SRP IDENTIFIER =                         Serial Number: S7419XXXX
      • SRP AUTHENTICATION KEY =   License Key: bu7v-we76-XXXX-XXXX...
      • nothing =                                           CAL ID: C0007439625
      • KEY =                                              CAL Authentication Key: besexp-b3qXXX-XXXXXX-XX...
       BES Express Install - Setup Screen 11 - CAL and SRP keys
    • You may not see these next screens because I have adjusted my instructions above to hopefully avoid them.  If you do see these, you might want to recheck step 4 above (and remember you have to be signed in as domain admin to see ACTIVE DIRECTORY USERS AND COMPUTERS to you are going to have to SWITCH USER).  In the end I just skipped past this message and dealt with it (as in step 4) after the install.
      BES Express Install - MAPI Setup   BES Express Install - Error user account does not have the exchange view only administrator permission
    • and lets get back on track:
      BES Express Install - administration settings   BES Express Install - advanced administration settings   BES Express 5 Install - Start Services - This took a good 3 minutes and it did not look like it was going to work for the first 2 minutes
  14. LOGIN TO BAS - BLACKBERRY ADMINISTRATION SERVICE
    • surf to:
      https://<your host name>.<your domain>.local:3443/webdesktop/login
      https://<your host name>.<your domain>.LOCAL:3443/webconsole/login
    • before you even sign in, add the site to your TRUSTED ZONE
      BES Express - Blackberry Admin Service BAS 
    • Trust and Install the Certificate to elliminate the cert errors
      BESX Install - Trust BlackBerry Certificate
  15. Done.  Now all you have to do is figure out how to use it... no biggie!

No comments:

Post a Comment