Blackberry Enterprise Server Express 5.0.4 installation
Create Account
1) Create an account and mailbox that you name BESAdmin.
2) Verify that the BESAdmin account is not a member of the Domain Administrators group in Microsoft Active Directory.
Configure Microsoft Exchange 2010 permissions for the Windows account
Open Microsoft Exchange Management Shell and run following commands:
Get-MailboxDatabase | Add-ADPermission -User "BESAdmin" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin, ms-Exch-Store-Visible
Add-RoleGroupMember "View-Only Organization Management" -Member "BESAdmin"
Add-ADPermission -InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As -User "BESAdmin" -Identity
"DC=<domain_1>,DC=<domain_2>,DC=<domain_3>"
For example, if the domain name is example.organization.net, type example for <domain_1>, organization for <domain_2>, and
net for <domain_3>.
If you create new mailbox database for Microsoft Exchange, repeat step 1
Turn off client throttling in Microsoft Exchange 2010
New-ThrottlingPolicy BESPolicy -CPAMaxConcurrency $NULL -CPAPercentTimeInCAS $NULL -CPAPercentTimeInMailboxRPC $NULL -RCAMaxConcurrency $null -RCAPercentTimeInAD $null -RCAPercentTimeInCAS $null -RCAPercentTimeInMailboxRPC $null -EWSMaxConcurrency $null -EWSPercentTimeInAD $null -EWSPercentTimeInCAS $null -EWSPercentTimeInMailboxRPC $null -EWSMaxSubscriptions $null -EWSFastSearchTimeoutInSeconds $null -EWSFindCountLimit $null
Set-Mailbox "BESAdmin" -ThrottlingPolicy BESPolicy
If throttling policy exists, run following command to update policy:
Set-ThrottlingPolicy BESPolicy -CPAMaxConcurrency $NULL -CPAPercentTimeInCAS $NULL -CPAPercentTimeInMailboxRPC $NULL -RCAMaxConcurrency $null -RCAPercentTimeInAD $null -RCAPercentTimeInCAS $null -RCAPercentTimeInMailboxRPC $null -EWSMaxConcurrency $null -EWSPercentTimeInAD $null -EWSPercentTimeInCAS $null -EWSPercentTimeInMailboxRPC $null -EWSMaxSubscriptions $null -EWSFastSearchTimeoutInSeconds $null -EWSFindCountLimit $null
Configure a management role for Microsoft Exchange Web Services
New-ManagementRoleAssignment -Name "BES Admin EWS" -Role ApplicationImpersonation –User "BESAdmin"
Configure the BlackBerry Enterprise Server Express to run without public folders
If you did not install any public folders in Microsoft Exchange, you must configure the BlackBerry Enterprise Server Express
to run without public folders by changing a registry key.
1. On each computer that hosts the BlackBerry Enterprise Server Express, click Start > Run.
2. In the Openfield, type regedit.
3. Click OK.
4. Perform one of the following actions:
• If you are running a 32-bit version of Windows, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Messaging Subsystem\CDO.
• If you are running a 64-bit version of Windows, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Messaging Subsystem.
5. If the CDOregistry key does not exist, create a registry key that you name CDO.
6. In the CDOregistry key, if the DWORD value does not exist, create a DWORD value that you name Ignore No PF.
7. Change the DWORD value to 1.
8. Click OK.
Permit meeting requests from outside of your organization when using
Microsoft Exchange Web Services for Microsoft Exchange 2010
For each Microsoft Exchange Server that hosts users, type the following command:
Get-Mailbox -server<messaging-server name> –ResultSize Unlimited | Set-CalendarProcessing -ProcessExternalMeetingMessages $true –AutomateProcessing AutoUpdate
BES Server prepare
Make BESadmin a local Administrator of the server where you will be installing the BES software. This is done by right mouse clicking My Computer and selecting “Manage”. From Computer Management
expand “Local Users & Groups” and select Groups (or in Server 2008 right click Computer > From Server Manager expand Configuration and select “Local Users & Groups” > Select
Groups). From Groups double click “Administrators” and add BESadmin.
On the BES server go to “Administrative Tools” and open "Local Security Policy" and then expand the "Local Policies" and "User Right Assignment". You need to add BESadmin to "Allow Log on
Locally" and "Log on as Service".
Log onto the server where you will be installing the BES using the BESadmin account. Extract the install files and run the setup file. When making your selection please note that the Monitoring
service should be installed on a separate machine and the MDS Integration Service is only required for application development (note: the standard MDS service is installed by default). During the
final part of the installation when you enter your SRP ID, Auth Key and CAL please ensure you select the verify option as apart from validating the info it confirms that Port 3101 is opened
correctly.
Note: If you are installing BES onto server with existing services that use port 443 during the BES install change the HTTPS Service Port to a port that does not conflict with any other
applications e.g. 643 or 3443.