Installing BlackBerry Enterprise Server 2.1 for Microsoft Exchange 2000

PLEASE READ THE LEGAL NOTICES SET OUT AT THE END OF

THIS DOCUMENT.

This document provides information about preparing to install and installing BlackBerry Enterprise Server version 2.1 with a Microsoft Exchange 2000 Server.

Contents

???System requirements

???Defining a service account and mailbox in Microsoft Exchange 2000

???Assigning Windows 2000 permissions on a service account

???Assigning local administrator permissions to service accounts

???Assigning further Microsoft Exchange permissions to service accounts

???Installing with Microsoft Small Business Server 2000

???Installing BlackBerry Enterprise Server Software

???Register for and download BlackBerry Enterprise Server upgrade

???Verifying MAPI Profiles

???Configuring the BlackBerry Enterprise Server

???Starting the BlackBerry Enterprise Server services

System requirements

The BlackBerry Enterprise Server Software requires the following hardware and software components:

Hardware

???Computer with an Intel??-compatible Pentium?? processor or compatible (233 MHz or higher, 128-MB RAM, 1-GB hard disk)

Software

BlackBerry Enterprise Server works in Microsoft Exchange 5.5 (or later) or Microsoft Exchange 2000 native environments, or in a mixed (Microsoft Exchange 5.5 and Microsoft Exchange 2000) environment.

The following software is required for the BlackBerry Enterprise Server to function:

???Windows 2000 Server (Service Pack 1 or later)

???Microsoft Exchange 2000 (Service Pack 2 or later) mail server environment (recommended installation on a separate computer than the BlackBerry Enterprise Server service) and Microsoft Exchange 2000 System Manager

Note: If Microsoft Exchange Service Pack 2 is installed on the Microsoft Exchange Server, it should also be installed on the BlackBerry Enterprise Server.

???Before installing BlackBerry Enterprise Server, install the CDO.dll hotfix for Microsoft Product Support Services Knowledge Base article Q314606. You can download the hotfix and obtain information on the Knowledge Base article from:

http://www.microsoft.com/downloads/release.asp?ReleaseID=38952&area=se

arch&ordinal=2, and then copy the CDO.dll hotfix to C:/winnt/system32/.The CDO.dll should be version 06.00.16.5770.

The following software is required for BlackBerry Enterprise Server Management

(required if Microsoft Exchange 2000 is installed) to function:

???A database tool (MSDE, SQL 7.0, or SQL 2000) must be installed before, during, or after BlackBerry Enterprise Server Management installation, before you can use BlackBerry Enterprise Server Management

Warning: To install BlackBerry User Administration, BlackBerry Enterprise Server Management must also be installed on the same computer.

Note: BlackBerry Enterprise Server and Microsoft Exchange are not required on the same computer as BlackBerry User Administration. BlackBerry User Administration has the same system requirements but requires different permissions than the BlackBerry Enterprise Server.

???Adobe?? Acrobat Reader 5.0 (available from

http://www.adobe.com/products/acrobat/readstep.html) is required to read the BlackBerry Enterprise Server Software documentation that is provided in PDF format.

Refer to the BlackBerry Enterprise Server for Microsoft Exchange Installation and Getting Started Guide for further details on the appropriate system requirements for your installation environment.

Defining a service account and mailbox in Microsoft Exchange 2000

You must define a user service account and mailbox to be used by each of the following BlackBerry Enterprise Server Software components you install:

???BlackBerry Enterprise Server,

???BlackBerry Enterprise Server Management,

???and BlackBerry User Administration.

Note: It is not necessary to install all of the tools on the same computer. However, the same service account can be used by two or more of the above components if they are installed on the same computer. The same mailbox should be used by all.

The service account should be a member of the Domain Users group.

Complete the following procedure, using a Windows 2000 account with Microsoft Exchange 2000 service account and Windows 2000 administrative privileges, to create a service account and mailbox:

1.Log in to the computer on which you will install the BlackBerry Enterprise Server, on the domain as a domain administrator.

2.From the Start menu select Settings> Control Panel> Administrative Tools> Active Directory Users and Computers.

3.Right-click the User menu, and select New User. The new user will act as your BlackBerry Enterprise Server service account.

4.Enter a new user login name (for example, BESAdmin) and click Next.

5.On the New Object - User window, enter a password for the user in the Password field and in the Confirm password field.

6.Select any of the password options available. Click Next.

7.On the second New Object - User window, Create an Exchange mailbox should be selected, and default values should appear in the Alias, Server, and Mailbox Store fields. Change these values if necessary. Click Next.

8.The third New Object - User window lists the new user options you selected. Click Finish to create the new user and mailbox.

9.To initialize the mailbox, send a test message to the service account mailbox.

Set permissions for the service account(s) you created as detailed in the following procedures.

Assigning Windows 2000 permissions on a service account

Note: Permission to log on locally should be granted to the service account by default. Complete this procedure only if it has not been granted.

1.Using an account with administrative Windows 2000 and Microsoft Exchange permissions, log in to a domain controller.

2.From the Start menu select Settings> Control Panel> Administrative Tools> Local Security Policy.

3.Expand the Local Policies object, and then expand User Rights Assignment. In the Policies list, double-click Log on locally. The Add window appears.

4.Click Add. On the Select Users or Groups window, select the name of the service account, and then click OK to return to the Exchange Server Properties window. The service account should now appear in the Name list.

5.Assign the appropriate local policy settings to the service account, including Log on as a service.

Note: Domain level settings listed under Effective Policy Settings might override Local Policy Settings.

Assigning local administrator permissions to service accounts

Warning: You must also assign local administrator permissions on the BlackBerry Enterprise Server service computer to the service account used to run BlackBerry Enterprise Server Management. Without local administrator permissions on the BlackBerry Enterprise Server computer, you will be unable to access all of the BlackBerry Server Property pages.

Assigning permissions consists of adding the service account to the Administrator group.

1.Using an account with administrative privileges on the local computer, log in to the server you will be using as your BlackBerry Enterprise Server (or BlackBerry Enterprise Server Management computer or BlackBerry User Administration computer, if you are assigning permissions to the service accounts for those tools).

2.From the Start menu select Settings > Control Panel > Administrative Tools > Computer Management.

3.Expand the System Tools object, select Local Users and Groups, and then select

Groups.

4.Double-click the Administrators group to open the Administrators Properties dialog box.

5.In the Administrators Properties dialog box, click Add to open the Select Users and Groups dialog box.

6.From the Name list, select the service account and click Add. The name appears in the lower pane of the dialog box.

7.Click OK. The name appears in the Members list as confirmation that it was added to the Administrators group.

8.Click OK to return to the main Computer Management window.

Assigning further Microsoft Exchange permissions to service accounts

Before installing BlackBerry Enterprise Server and/or BlackBerry Enterprise Server Management Software, use Microsoft Exchange 2000 System Manager to set the following service account/mailbox permissions on the BlackBerry Enterprise Server administration service account AND the BlackBerry Enterprise Server Management administration service account.

Note: You can use the same service account for both BlackBerry Enterprise Server and BlackBerry Enterprise Server Management. The same service account can also be used for BlackBerry User Administration.

???Microsoft Exchange View Only Administrator (minimum) access at the Administrative Groups level in Microsoft Exchange 2000 to be able to read from the Active Directory. This permission should also be set on the BlackBerry User Administration service account.

Microsoft Exchange Administer Information store, set at the Mailbox store level or the Microsoft Exchange server level (to write information to the administration service account mailbox)

To set View Only Administrator permissions on a service account:

1.Open Microsoft Exchange 2000 System Manager.

2.Right-click an administrative group folder and select Delegate control. The Exchange Administration Delegation Wizard appears.

3.Click Next. The Users and Groups screen appears.

4.Click Add. The Delegate Control dialog box appears.

5.Click Browse. The Select Users, Computers or Groups dialog box appears. Select the correct service account from the list, and then click OK.

6.On the Delegate Control dialog box, under Role, select Exchange View Only Administrator from the drop-down list. Click OK.

7.Click Next. The final screen appears. Review the change you are making and click

Finish.

To set Administer Information store permissions:

1.Open Microsoft Exchange 2000 System Manager.

2.Right-click a Microsoft Exchange Server and select Properties.

3.Select the Security tab. Click Add. The Select Users, Computers or Groups dialog box appears. Select the correct service account from the list, and then click Add. Click OK.

4.On the Security tab, select the service account and verify that (at minimum) Administer Information store is selected in the Permissions pane (the Allow check box is selected).

5.Verify that the service account is assigned Send as and Receive as permissions. The BlackBerry User Administration service account (which can be the same account as you use for the other tools) requires Receive as permission only.

6.Click OK.

Note: You can also use Microsoft Exchange 2000 System Manager to set these permissions for any Microsoft Exchange 5.5 servers, if you plan to install BlackBerry Enterprise Server Management in a mixed environment.

Finally, log out and log in again with the newly created BESAdmin account.

Installing with Microsoft Small Business Server 2000

Solution 1

1.Install the MSDE 2000 that ships with MSBS 2000. This software is located on CD 2 in the \SQL2000\MSDE directory.

2.Run setup.exe SECURITYMODE=SQL.

You can now install the BlackBerry Enterprise Server Management Software. This enables the software to correctly create the database for the BlackBerry Enterprise Server Management.

Details

By default, when run on the Microsoft Windows NT 4.0 or Microsoft Windows 2000 operating system, the Desktop Engine Setup configures the installed instance of Microsoft SQL Server to use Windows Authentication, and places the Windows local administrator's group in the SQL Server sysadmin fixed server role. When running Desktop Engine Setup on the Windows NT 4.0 or Windows 2000 operating system, you can specify a SECURITYMODE=SQL parameter to have the installed instance

configured to use SQL Server Authentication with a null sa password. If the MSDE 2000 software has been installed previously, the Security model can be changed by editing the following registry key:

HKLM\Software\Microsoft\MSSqlserver\MSSqlServer\LoginMode

The default for this key is 1 to enable integrated security. Changing this key to 2 changes the server security setting to mixed and enables the BlackBerry Enterprise Server to create the database.

Solution 2

If the MSDE software has already been installed and the BlackBerry Enterprise Server Software setup has been run, the database can be recreated by following these steps:

1.After setting the security mode as specified above, open the Createdb.sql file located in \Program Files\Research in Motion\BlackBerry Enterprise Server

Management\Database\. This file specifies c:\mssql7\data\, as the default path for the database data directory.

2.Change the file path to: C:\Program Files\Microsoft SQL Server\MSSQL\data\.

3.After the file has been modified, open a command prompt and change to the

\Program Files\Research in Motion\BlackBerry Enterprise Server Management\Database\ directory.

4.Run Createdb.exe from the command line. After this process has completed you receive the following message: Database setup complete. Check the setup.txt for any sql messages.

You can now install the BlackBerry Enterprise Server as you would on any Microsoft Exchange 2000 system.

Details

The setup.txt file should look like this:

Starting the database creation script Creating the database now

The CREATE DATABASE process is allocating 1.00 MB on disk 'BESMgmt'. The CREATE DATABASE process is allocating 1.00 MB on disk 'BESMgmtLog'. Creating the tables

Adding error messages to the database

Creating the stored procedures in the database Finished setting up the stored procedures

Installing BlackBerry Enterprise Server Software

1.Log in to the BlackBerry Enterprise Server target computer with the BlackBerry Enterprise Server service account.

2.From the root of the BlackBerry Enterprise Server Software CD, run setup.exe. The Welcome screen appears.

3.On the Welcome screen, click Next. The Select Your Country screen appears.

4.Select the country in which you purchased your license for the BlackBerry Enterprise Server Software, and then click Next to continue. The License Agreement screen appears.

Note: Read the license agreement carefully. Proceeding with the installation indicates that you agree to the conditions of the license agreement.

5.Click Yes to accept the license agreement. Failure to accept the agreement stops the installation program. The Choose Destination Location screen appears.

6.On the Choose Destination Location screen, either accept the default or browse to the desired destination location and click Next. The Select Program Folder screen appears.

7.In the Select Program Folder window, accept the default or define a new program folder name. Leave the Add BlackBerry Enterprise Server Monitor into StartUp program group check box selected to accept it by default, or clear the check box to remove the option. Click Next. The Windows NT Login Information screen appears.

8.In the Password field, type the password for the login account shown in the Account field. The account shown is the account you logged in with to install the BlackBerry Enterprise Server Software. This account should be the BlackBerry Enterprise Server service account that you defined earlier.

9.Click Next. The password you define is verified. You must define a valid password to proceed with the installation. The Communication Information screen appears.

10.In the MAPI Profile field, type a name for the BESAdmin account profile. Beside the MAPI Profile field, click Create/Edit Profile to create a MAPI profile. The Microsoft Exchange Server dialog box opens.

Note: If a Failed to Create MAPI error occurs, verify that neither Microsoft Exchange 2000 System Manager nor Microsoft Outlook is installed on the BlackBerry Enterprise Server system.

11.On the General tab, in the Microsoft Exchange server field, type the name of the Microsoft Exchange Server on which you created the service account mailbox.

12.In the Mailbox field, type the name of BlackBerry Enterprise Server administration mailbox (for example, BESAdmin).

13.Click Check Name to confirm both the server and mailbox names that you specified.

14.When both names appear underlined, click OK to return to the Communication Information screen.

15.In the remaining fields, define the following values:

???Name to be given to the BlackBerry Enterprise Server: a unique name that identifies the BlackBerry Enterprise Server

Note: Note the server name that you define here. You must provide the exact name when you configure the BlackBerry Enterprise Server in Microsoft Exchange.

???Network Access Node: the network access node that BlackBerry Enterprise Server will use to connect to the network (for example, srp.blackberry.net) Use the SRP Address value provided on your installation CD label, unless you are using a proxying firewall, in which case the network access node must be the internal IP of the Proxy, not the SRP Address.

???Network Access Node Port: the port number for the network access node defined above

Unless you are using a port mapping firewall, this value should be 3101.

16.Click Test Network Connection to verify that your settings permit connection to the network.

17.If the connection was unsuccessful, click OK to return to the Communication Information screen, verify that the values are correct, and retest. If the connection is still unsuccessful, it might be the result of a firewall configuration problem.

18.If the connection was successful, in the confirmation dialog box, click OK.

19.Click Next. The Start Copying Files screen appears. Review all the settings that you have chosen (displayed in this window) before continuing with the installation. Click Next to continue.

If you are using an earlier version than BlackBerry Enterprise Server 2.1 Service Pack 1, the installation ends, prompting you to read the Readme file and register CDO.dll. Both of these steps are recommended.

Note: The ...register CDO DLL... option registers the correct CDO.dll file. We recommend that you keep this option selected. This .dll file must be registered for wireless calendar synchronization to work. If registration fails, verify that the CDO.dll file exists in the

C:\Winnt\system32\ directory

To verify that you are using the latest version of the software, complete the following procedure.

Register for and download BlackBerry Enterprise Server upgrade

1.Open a web browser and go to the following address:

http://www.blackberry.net/support/downloads/index.shtml

2.Locate the latest Service Pack for BlackBerry Enterprise Server for Microsoft Exchange v.2.1 and click the Download link for that Service Pack.

3.Complete the Contact Information form with valid information. Read the Eligibility Declaration, and if you accept its terms, click I Agree.

The upgrade file downloads. Save it to a temporary directory. Open the setup.exe file. As you proceed through the upgrade, the InstallShield Wizard prompts you to download any components that you have not installed already, including BlackBerry Enterprise Server Management (MMC Snap-in).

1.When the Install Administration Software window appears, select the Install BlackBerry Enterprise Server Management (MMC Snap-in)... option, and then click Next. A warning message appears.

2.Click OK to proceed with the installation.

Note: If you do not have an SQL database installed, the InstallShield Wizard offers to install MSDE at this time. Click Yes if you want to install MSDE, or click No if you want to use your own copy of MSDE, SQL 7.0, or SQL 2000. If you install SQL 2000, you must modify the installation command to read the following:

setup.exe SECURITYMODE=SQL

If you do not do this during installation or if MSDE 2000 has been installed previously, change the Authentication mode by editing the following registry key:

HKLM\Software\Microsoft\MSSqlServer\LoginMode

The default for this key is 1, to enable integrated security. Changing the key to 2 changes the security setting to mixed, enabling the BlackBerry Enterprise Server to create the database.

a)If you choose to install MSDE, you must select a destination location (or accept the default location, C:\MSSQL) in the Destination for MSDE Installation dialog box that appears.

b)Click OK. A warning dialog box appears.

c)Click OK. The MSDE silent installation runs. You are notified when the installation is complete.

d)Click OK to continue with the BlackBerry Enterprise Server Management (MMC Snap-in) installation.

3.On the Welcome screen, click Next to continue with the installation. The Select Your Country screen appears.

4.Select the country in which you purchased your license for the BlackBerry Enterprise Server Software, and then click Next to continue. The License Agreement screen appears.

5.Click Yes to accept the license agreement. Failure to accept the agreement stops the installation. The Database Information screen appears.

6.On the Database Information screen, under Database Information, the name of the local server appears by default in the Server Name field. You can replace the default server name with the name of another server on which you intend to install the database, or with the name of a server on which a database you want to use already resides.

Note: If you do not want to install the database on the local computer (that is, if you change the server name to that of another computer on which you want to use a database), you cannot use the BlackBerry Enterprise Server Management InstallShield Wizard to install the database. You can manually install the database at any time following the BlackBerry Enterprise Server Management (MMC Snap-in) installation. For further information, refer to ???Creating a database after BlackBerry Enterprise Server Management installation (optional)??? on page 28 of the BlackBerry Enterprise Server Management (MMC Snap-in) Software for Microsoft Exchange 2000 Installation & Getting Started Guide. This guide is located on your installation CD as

Root_directory:\BESMan MMC\mmc_snap-in.pdf.

7.Accept the default settings for the remaining steps in the BlackBerry Enterprise Server Management database installation. When prompted, create a MAPI Profile for the BlackBerry Enterprise Server Management console that points to the BESAdmin service account.

8.A dialog box should appear verifying that the database has been successfully created.

9.Click Finish. The BlackBerry Enterprise Server Management installation is now complete.

Verifying MAPI Profiles

1.On the Start menu, select Program Files > BlackBerry Enterprise Server > Edit BES MAPI Profile.

2.Verify that the Microsoft Exchange Server for the BlackBerry Enterprise Server administration service account and mailbox is correct.

3.Verify that the Microsoft Exchange Server for the BlackBerry Enterprise Server administration service account and mailbox is correct.

Configuring the BlackBerry Enterprise Server

After you install the BlackBerry Enterprise Server files and the corresponding Microsoft Exchange administration software, you must configure the BlackBerry Enterprise Server.

1.Open the BlackBerry Enterprise Server Management (MMC Snap-in) console.

2.A BlackBerry object expands automatically to display the routing group(s). Right-click a routing group and click New BlackBerry Server.

3.In the Server Name field, type the server name that you provided during the BlackBerry Enterprise Server files installation. If you do not remember the correct name, refer to the Name key in the Windows Registry under

HKEY_LOCAL_MACHINE\SOFTWARE\Research

In Motion\BlackBerry\Server\

4.In the SRP Identifier and SRP Authentication Key fields, type the appropriate information provided on the installation CD label. This information is unique to each host license.

5.If host routing information was also provided on the installation CD label, in the Host Routing Info field, define the necessary information to connect to the mobile network.

Warning: You should only define values in this field if values are provided with the installation material. If you define incorrect values in this field, connection to the mobile network is not possible.

6.In the Admin Mailbox field, click Select Mailbox to locate the mailbox that you set up for BlackBerry Enterprise Server administration (or type a name and click Check Name to verify it).

7.After you have completed all the fields, click OK to close the BlackBerry Enterprise Server System Info window.

Repeat the procedure for additional BlackBerry Enterprise Servers. For each server added, you must install the BlackBerry Enterprise Server files on the corresponding computer. To prevent loss of service, verify that the SRP identifier and authentication keys are unique for each BlackBerry Enterprise Server.

Starting the BlackBerry Enterprise Server services

The services are installed as automatic services, but must be started manually after the installation or upgrade.

1.On the Start menu, select Settings > Control Panel. The Control Panel window appears.

2.Click Services. The Services window appears.

3.Select the BlackBerry Server item. Click Startup... to start the BlackBerry Enterprise Server service. In the Account field, verify that the BlackBerry Enterprise Server service account name appears. Change the service startup to Automatic and click OK. Click Start to start the BlackBerry Server service.

4.Select the BESAlert item, and click Start to start the BESAlert service.

5.Click Close to return to the Control Panel window.

After you have set up the appropriate accounts, installed the program files and the extensions, and created a BlackBerry Enterprise Server, you are ready to use the server and its tools.

Note: This document is provided for informational purposes only, and does not constitute a binding legal document. RIM assumes no responsibility for any typographical, technical or other inaccuracies in this document, and makes no warranties, express or implied, with respect to the content of this document. RIM reserves the right to periodically change information that is contained in this document; however, RIM

makes no commitment to provide any such changes, updates, enhancements or other additions to this document to you in a timely manner or at all. IN NO EVENT SHALL RIM BE LIABLE TO ANY PARTY

FOR ANY DIRECT, INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES FOR ANY USE OF THIS

DOCUMENT, INCLUDING WITHOUT LIMITATION, RELIANCE ON THE INFORMATION

PRESENTED, LOST PROFITS OR BUSINESS INTERRUPTION, EVEN IF RIM WAS EXPRESSLY ADVISED

OF THE POSSIBILITY OF SUCH DAMAGES.

Any software that is provided with this document will be governed by the terms and conditions of the RIM software license provided to you with either your RIM wireless handheld or the RIM BlackBerry Enterprise Server Software, as applicable, and, by using the software provided with this document, you agree to be bound by such terms.

Warning: This document is for the use of licensed users only. Any unauthorized copying, distribution or disclosure of information is a violation of copyright laws. No reproduction in whole or in part of this document may be made without express written consent of RIM.

?? 2002 Research In Motion Limited. All rights reserved. The BlackBerry and RIM families of related marks, images and symbols are the exclusive properties of Research In Motion Limited. RIM, Research In Motion, 'Always On, Always Connected', the ???envelope in motion??? symbol and the BlackBerry logo are registered with the U.S. Patent and Trademark Office and may be pending or registered in other countries. All other brands, product names, company names, trademarks and service marks are the properties of their respective owners. The handheld and/or associated software are protected by copyright, international treaties and various patents, including one or more of the following U.S. patents: 6,278,442; 6,271,605; 6,219,694; 6,075,470; 6,073,318; D,445,428; D,433,460; D,416,256. Other patents are registered or pending in various countries around the world. Please visit www.rim.net/patents.shtml for a current listing of applicable patents.

Last modified: 27 June 2002