Yet another nifty BlackBerry software…
Archive for the ‘BlackBerry’ Category
BlackBerry Swiss Army Knife
Posted by bartvdw on 0404/0707/2011
Found this nifty tool today, and it’s really nice!
Posted in BlackBerry | Leave a Comment »
BlackBerry Enterprise Server support for IPv6
Posted by bartvdw on 2323/0606/2011
Currently BlackBerry Enterprise Server does not support IPv6, see link below!
BlackBerry Enterprise Server support for IPv6
http://www.blackberry.com/btsc/KB05094
Posted in BlackBerry | 1 Comment »
BlackBerry Enterprise Server (Express) 5.x preparation guide for Exchange 2010/SP1
Posted by bartvdw on 1111/0606/2011
This is my personal preparation guide when I install BlackBerry Enterprise Express 5.x in an environment. To understand everything, please read the reference links at the bottom.
Update 13/08/2011: added information about IPv6 and BBConvert events
Update 25/08/2011: added Windows Media Format Package command for Windows Server 2008 R2 SP1
Update 03/09/2011: added netsh commands for Windows Firewall rule and references regarding firewall and connection requirements
Firewall and connection requirements
Make sure you have port 3101 TCP open (outbound initiated, bi-directional) on your firewall.
Check the link in the references section if you want to details about connections needed.
Preparation
Create a user named BESAdmin in your Active Directory.
Note: Don’t choose a password with exotic characters, see the link ""Error writing to Database" error message is displayed after the LDAP portion of the BlackBerry Enterprise Server 5.0 installation" in the references at the bottom for details about unsopprted characters.
Recommended:
- Install on a separate server, not on the Exchange Server 2010 itself
- Although there is a KB regarding configuration without Public Folders, it’s advised to have them installed and have an Offline Addressbook configured before installing BES
Install "Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1" on the BES server. See download link in references at the bottom.
On the Exchange 2010 server, open the "Exchange Management Shell" and execute the steps below.
Delegate control and permissions
Add-RoleGroupMember "View-Only Organization Management" -Member "BESAdmin"
Get-MailboxDatabase | Add-ADPermission -User "BESAdmin" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin
Configure "Send As" permission
Add-ADPermission -InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As -User "BESAdmin" -Identity "CN=Users,DC=<domain_1>,DC=<domain_2>,DC=<domain_3>"
Note: If you receive following error, use one of both bypasses. Reason is that by default permissions are not granted, you will need to grant additional rights for the group "Organization management" or for your user specific. Easiest is to use the bypasses. If you want to adjust security to overcome the error below, visit Microsoft TechNet for security documentation.
Active Directory operation failed on Domain ***Controllor Name***. This error is not retriable. Additional information: Access is
denied.
Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
+ CategoryInfo : WriteError: (0:Int32) [Add-ADPermission], ADOperationException
+ FullyQualifiedErrorId : DA172DD1,Microsoft.Exchange.Management.RecipientTasks.AddADPermission
Workaround 1
Assign Send As permissions to all users via Active Directory, complete following steps (see also Task 2 in the official BlackBerry document).
1. Open "Active Directory Users and Computers"
2. Select "View" menu, select "Advanced Features"
3. Right-click domain name,select "Properties"
4. Select the "Security" tab, click on "Advanced"
6. Select "Add" and enter your Blackberry Service Account name (e.g. BESadmin), select "OK"
7. Select "User Objects" in the "Applies Onto" list (Windows Server 2008 and higher: "Descendant User Objects")
8. Select "Send As" checkbox, click "OK"
9. Press "Apply" and "OK"
Workaround 2
Individually assign the permissions to a user using the Exchange Management Shell:
Add-ADPermission "BES User Mailbox Name" -User "Domain\BESadmin" -Extendedrights "Send As"
Turn off client throttling
New-ThrottlingPolicy BESPolicy
Policy for Exchange 2010 without SP1: Set-ThrottlingPolicy BESPolicy -RCAMaxConcurrency $null -RCAPercentTimeInAD $null -RCAPercentTimeInCAS $null -RCAPercentTimeInMailboxRPC $null -EWSMaxConcurrency $null -EWSPercentTimeInAD $null -EWSPercentTimeInCAS $null -EWSPercentTimeInMailboxRPC $null -EWSMaxSubscriptions $null -EWSFastSearchTimeoutInSeconds $null -EWSFindCountLimit $null
Policy for Exchange 2010 SP1: Set-ThrottlingPolicy BESPolicy -CPAMaxConcurrency $NULL -CPAPercentTimeInCAS $NULL -CPAPercentTimeInMailboxRPC $NULL -RCAMaxConcurrency $null -RCAPercentTimeInAD $null -RCAPercentTimeInCAS $null -RCAPercentTimeInMailboxRPC $null -EWSMaxConcurrency $null -EWSPercentTimeInAD $null -EWSPercentTimeInCAS $null -EWSPercentTimeInMailboxRPC $null -EWSMaxSubscriptions $null -EWSFastSearchTimeoutInSeconds $null -EWSFindCountLimit $null
Set-Mailbox "BESAdmin" -ThrottlingPolicy BESPolicy
Increase maximum number of connections (Exchange 2010 without SP1 only)
On the Exchange server, browse to the directory C:\Program Files\Microsoft\Exchange Server\V14\bin
Open "microsoft.exchange.addressbook.service.exe.config" file in notepad
Set "MaxSessionsPerUser" to "100000"
Save the file and restart the service "Microsoft Exchange Address Book"
Allow BES to manage calendars using "Exchange Web Services"
New-ManagementRoleAssignment -Name "BES Admin EWS" -Role ApplicationImpersonation -User "BESAdmin"
Get-Mailbox -Server "<messaging_server_name>" | Set-CalendarProcessing -ProcessExternalMeetingMessages $true
Local Administrator rights
Add the BESAdmin user to the local "Administrators" group on the BES server.
Local Security settings
Grant following user rights for the "BESAdmin" user on the BES server:
- Log on Locally
- Log on as Service
Windows Server 2008 / R2: disable IPv6
IPv6 is currently not supported, see references. If BES is being installed on separate server then Exchange, disable it.
Windows Server 2008 / R2: install Windows Media Format SDK
This will prevent BBConvert events from being generated: Unable To Locate Component : This application has failed to start because WMVCore.DLL was not found. Re-installing the application may fix this problem. (System Log – Event ID 26 – Application Popup)
Windows Server 2008 x64: pkgmgr.exe /ip /m:"%windir%\servicing\Packages\Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~amd64~~6.0.6001.18000.mum"
Windows Server 2008 x86: pkgmgr.exe /ip /m:"%windir%\servicing\Packages\Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~x86~~6.0.6001.18000.mum"
Windows Server 2008 R2: dism.exe /online /norestart /add-package /packagepath:"%windir%\servicing\Packages\Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~amd64~~6.1.7600.16385.mum" /ignorecheck
Windows Server 2008 R2 SP1: dism.exe /online /norestart /add-package /packagepath:"%windir%\servicing\Packages\Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.mum" /ignorecheck
Windows Firewall rule to allow remote access to the Administration Service & Webdesktop
Windows Server 2008: netsh firewall add portopening TCP 3443 "BESExpress Management Port"
Windows Server 2008 R2: netsh advfirewall firewall add rule name="BESExpress Management Port" dir=in action=allow protocol=TCP localport=3443
References
BlackBerry Knowledge Base: Assign service account permissions for a BlackBerry Enterprise Server for Microsoft Exchange
Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e17e7f31-079a-43a9-bff2-0a110307611e&displaylang=en
Exchange 2010 BES 5.0.x Install Guide
http://www.blackberryforums.com.au/forums/microsoft-exchange/8554-exchange-2010-bes-5-0-x-install-guide.html
BlackBerry Knowledge Base: "Error writing to Database" error message is displayed after the LDAP portion of the BlackBerry Enterprise Server 5.0 installation
Configure the BlackBerry Enterprise Server Express to run without public folders
http://docs.blackberry.com/en/admin/deliverables/14347/Config_Exchange_10_run_wo_public_folders_963029_11.jsp
BlackBerry Enterprise Server support for IPv6
http://bartvdw.wordpress.com/2011/06/23/blackberry-enterprise-server-support-for-ipv6/
BlackBerry Knowledge Base: Firewall and connection requirements for the BlackBerry Enterprise Server
Posted in BlackBerry | 10 Comments »
