Tuesday, June 18, 2013

BES with Exchange 2013

In order to use the BlackBerry Enterprise Server product with a Microsoft Exchange 2013 deployment, version 5.0.4 Maintenance Release 2 or later will be required.
Also required will be the Microsoft MAPI/CDO package, version 6.5.8289.0 or later - available for download from the Microsoft web site.
There are a number of pre-installation requirement tasks which also need to be completed in the Exchange environment. The procedure is as follows.

Create an Active Directory user account

An AD service account will be required, typically named "BesAdmin". This user should NOT be a domain administrator. The user account will require an Exchange mailbox, which should be located on an Exchange 2013 mailbox server.

Assign the BesAdmin account Exchange View-Only Administrator rights

Launch the Exchange PowerShell and assign the BesAdmin user account Exchange View-Only Administrator permissions with the following command:
Add-RoleGroupMember "View-Only Organization Management" -Member BesAdmin
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013

Assign the BesAdmin account Receive As and Administer Information Store rights

Still within the Exchange PowerShell, assign the BesAdmin account Receive As and Administer Information Store rights with the following command:
Get-MailboxDatabase | Add-ADPermission -User BesAdmin -AccessRights ExtendedRight
 -ExtendedRights Receive-As, ms-Exch-Store-Admin
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013

Assign the BesAdmin account Send As rights on domain user objects

Now assign the BesAdmin account Send As rights on all user objects in the domain, with the following command:
Add-ADPermission -InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As
-User BesAdmin -Identity "CN=Users,DC=Domain,DC=com"
(where Domain should be substituted for the details of your AD domain)
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013

Assign Application Impersonation rights to the BesAdmin user

Now create a new Exchange management role and assign the BesAdmin user Application Impersonation rights, required to access Exchange web services:
New-ManagementRoleAssignment -Name BesAdmin -Role:ApplicationImpersonation -User BesAdmin
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013

Enable processing of external calendar items

By default Exchange does not process meeting requests received from external domains via web services, this needs to be enabled:
Get-Mailbox -Server [Server] -ResultSize Unlimited -Filter {RecipientTypeDetails -eq 'UserMailbox'} 
| Set-CalendarProcessing -ProcessExternalMeetingMessages $true
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
The Exchange PowerShell can now be closed.

Assign permissions on the Exchange Web Services web application

Launch the IIS Manager and expand the Default Web Site container and locate the EWS web application. Right click on the entry and select Edit Permissions
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
Click on the Security tab and then on the Edit button:
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
Add the BesAdmin user account and tick the options to allow "Read & execute", "List folder contents" and "Read":
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
Save and apply all changes. Still within the IIS Manager, with the EWS web application selected, on the right hand side locate the Authentication icon:
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
Set Windows Authentication to Enabled:
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
Close the IIS Manager. Now we can focus on the server that is to have the BES software installed on it.

Assign the BesAdmin user administrator rights on the BES

On the server that is to host the BlackBerry Enterprise Server, assign the BesAdmin domain account local administrator rights on the machine:
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013

Assign Log on as a Service rights to the BesAdmin user

Now launch the Local Security Policy console and add the BesAdmin user account to the Log on as a service permitted group:
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
Now log off and log in as the BesAdmin user account.

Install MAPI/CDO package

Logged in as the BesAdmin user (IMPORTANT, be sure to run this as the BesAdmin user and not local administrator), install the MAPI/CDO package you downloaded earlier.
Once installed, launch the Registry Editor.
Navigate to folder HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem.
On the left hand side, right-click on Windows Messaging Subsystem, expand New, select String Value.
Enter RPCHTTPProxyMap_BES in the Name field.
Double click the RPCHTTPProxyMap_BES registry value.
Type *=https://[FrontEndPoolFQDN] in the value field.
(where [FrontEndPoolFQDN] should be substituted for the fully qualified domain name of the Exchange client access server):
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
Click OK, and then close the Windows Registry Editor.

Install the SSL certificate for the Exchange Client Access Server

In Windows Internet Explorer, access the Microsoft CAS through the (default) URL: https://[CAS Server Address]
Select Tools and then Internet Options.
Select the Security tab and then click Trusted Sites.
Click on Sites and add the current site.
Click OK.
Close and then re open Windows Internet Explorer.
Access the Microsoft CAS through the (default) URL: https://[CAS Server Address]
Should an error relating to the certificate be displayed, click on the Certificate Error section of the address bar.
Click on View the certificate.
Click the Install Certificate button.
Click Next.
Click on the radio button Place all certificates in the following store.
Click Browse.
Select Trusted Root Certification Authorities.
Click OK.
Click Next.
Click Finish.
Click Yes if prompted to install the certificate representing the CAS server.
Click on The import was successful prompt.
You are now ready to install the BES software.

Install BlackBerry Enterprise Server 5.0.4

Launch the BES installer and choose your desired language:
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
Confirm that you are logged in as the desired BesAdmin service account that the BES software will run under:
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
Read and accept the license agreement:
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
Select the option to create a BlackBerry configuration database:
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
Select the desired BES components that you wish to install - leave these values at their default if you are installing all components on the same server:
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
Verify that all pre-requisite checks pass, correcting any errors as required:
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
Specify whether you wish to install SQL Express edition locally on the server or use another SQL source:
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
Enter your SRP and CAL information:
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
Review your selections and Install the component software:
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
Once all components have been installed, click Continue:
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
Verify the SQL server information and enter a name for the Configuration Database if desired:
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
You will be prompted to confirm creation of the database, select Yes:
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
And acknowledge when it has been created:
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
You will now be prompted to enter the address of the Exchange server and the name of the BesAdmin user account:
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
Now enter a name for the web site which will be used to administer the BlackBerry server, and enter a passkey for the SSL certificate that will be generated and assigned to the web site:
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
Enter details of an AD account that will be used to lookup BlackBerry users within Active Directory, this can be the same BesAdmin account:
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
Specify whether the BlackBerry management web site should be accessed using AD or local internal BlackBerry authentication:
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
Select the option to Start Services and verify that all BlackBerry services start successfully:
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
Finally make a note of the administrator and user web management site addresses and exit the installer.
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013

Install Maintenance Release 2

Now install the BlackBerry Enterprise Server 5.0.4 Maintenance Release 2 update package.
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013

Enable Exchange Web Services

Locate the BlackBerry Enterprise Server Trait Tool, this is normally located on the Tools directory in the BES 5.0.4 installation media, by default created at
C:\Research In Motion\BlackBerry Enterprise Server 5.0.4\bundle0038\tools
Open a Command Prompt and navigate to this folder, then enable use of Exchange web services with the following command:
TraitTool -global -trait EWSEnable -set true
Installing BlackBerry Enterprise Server 5.0.4 MR2 for Microsoft Exchange 2013
Now restart the BES server.
Your BlackBerry Enterprise Server has been installed.

1 comment:

  1. Hi Evyn

    We have Exchange 2013 & BES 5.0.4 and noticed our BES service account is part of DomainAdmins since build state, shall I remove the account from domain admins groups directly or need to do any check before removing ? Is there any valid reason to have the BES service account as member of domainadmins

    ReplyDelete