Blackberry Enterprise Server Express 5.0.4 installation

Download and install latest Collaboration Data Objects 1.2.1 (CDO) on BES server.



Create Account

1)    Create an account and mailbox that you name BESAdmin.
2)    Verify that the BESAdmin account is not a member of the Domain Administrators group in Microsoft Active Directory.
Configure Microsoft Exchange 2010 permissions for the Windows account
Open Microsoft Exchange Management Shell and run following commands:

Get-MailboxDatabase | Add-ADPermission -User "BESAdmin" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin, ms-Exch-Store-Visible

Add-RoleGroupMember "View-Only Organization Management" -Member "BESAdmin"

Add-ADPermission -InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As -User "BESAdmin" -Identity "DC=<domain_1>,DC=<domain_2>,DC=<domain_3>"

For example, if the domain name is, type example for <domain_1>, organization for <domain_2>, and net for <domain_3>.
If you create new mailbox database for Microsoft Exchange, repeat step 1

Turn off client throttling in Microsoft Exchange 2010

New-ThrottlingPolicy BESPolicy -CPAMaxConcurrency $NULL -CPAPercentTimeInCAS $NULL -CPAPercentTimeInMailboxRPC $NULL -RCAMaxConcurrency $null -RCAPercentTimeInAD $null -RCAPercentTimeInCAS $null -RCAPercentTimeInMailboxRPC $null -EWSMaxConcurrency $null -EWSPercentTimeInAD $null -EWSPercentTimeInCAS $null -EWSPercentTimeInMailboxRPC $null -EWSMaxSubscriptions $null -EWSFastSearchTimeoutInSeconds $null -EWSFindCountLimit $null


Set-Mailbox "BESAdmin" -ThrottlingPolicy BESPolicy


If throttling policy exists, run following command to update policy:


Set-ThrottlingPolicy BESPolicy -CPAMaxConcurrency $NULL -CPAPercentTimeInCAS $NULL -CPAPercentTimeInMailboxRPC $NULL -RCAMaxConcurrency $null -RCAPercentTimeInAD $null -RCAPercentTimeInCAS $null -RCAPercentTimeInMailboxRPC $null -EWSMaxConcurrency $null -EWSPercentTimeInAD $null -EWSPercentTimeInCAS $null -EWSPercentTimeInMailboxRPC $null -EWSMaxSubscriptions $null -EWSFastSearchTimeoutInSeconds $null -EWSFindCountLimit $null

Configure a management role for Microsoft Exchange Web Services

New-ManagementRoleAssignment -Name "BES Admin EWS" -Role ApplicationImpersonation –User "BESAdmin"

Configure the BlackBerry Enterprise Server Express to run without public folders
If you did not install any public folders in Microsoft Exchange, you must configure the BlackBerry Enterprise Server Express
to run without public folders by changing a registry key.
1.    On each computer that hosts the BlackBerry Enterprise Server Express, click Start > Run.
2.    In the Openfield, type regedit.
3.    Click OK.
4.    Perform one of the following actions:
• If you are running a 32-bit version of Windows, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Messaging Subsystem\CDO.
• If you are running a 64-bit version of Windows, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Messaging Subsystem.
5.    If the CDOregistry key does not exist, create a registry key that you name CDO.
6.    In the CDOregistry key, if the DWORD value does not exist, create a DWORD value that you name Ignore No PF.
7.    Change the DWORD value to 1.
8.    Click OK.

Permit meeting requests from outside of your organization when using
Microsoft Exchange Web Services for Microsoft Exchange 2010

For each Microsoft Exchange Server that hosts users, type the following command:
Get-Mailbox -server<messaging-server name> –ResultSize Unlimited | Set-CalendarProcessing -ProcessExternalMeetingMessages $true –AutomateProcessing AutoUpdate

BES Server prepare
Make BESadmin a local Administrator of the server where you will be installing the BES software. This is done by right mouse clicking My Computer and selecting “Manage”. From Computer Management expand “Local Users & Groups” and select Groups (or in Server 2008 right click Computer > From Server Manager expand Configuration and select “Local Users & Groups” > Select Groups). From Groups double click “Administrators” and add BESadmin.

On the BES server go to “Administrative Tools” and open "Local Security Policy" and then expand the "Local Policies" and "User Right Assignment". You need to add BESadmin to "Allow Log on Locally" and "Log on as Service".

Log onto the server where you will be installing the BES using the BESadmin account. Extract the install files and run the setup file. When making your selection please note that the Monitoring service should be installed on a separate machine and the MDS Integration Service is only required for application development (note: the standard MDS service is installed by default). During the final part of the installation when you enter your SRP ID, Auth Key and CAL please ensure you select the verify option as apart from validating the info it confirms that Port 3101 is opened correctly.

Note: If you are installing BES onto server with existing services that use port 443 during the BES install change the HTTPS Service Port to a port that does not conflict with any other applications e.g. 643 or 3443.