1. Ensure port 3101 TCP is open on the firewall (Outbound ONLY).
2. Create a new user called BESadmin and ensure you create a mailbox. Ensure this user is ONLY a member of "Domain users"
3. Make BESadmin a local Administrator of the server. This is done in AD via the "Built-in" Administrators group
4. Go to Admin Tools on open "Domain Controller Security Policy" and expand the "Local Policies" and "User Right Assignment". You need to add BESadmin to "Log on Locally" and "log on as Service".
5. Open Exchange System Manager and right mouse click on "DOMIANNAME (Exchange)" and select Delegate Control. Follow the steps and add BESadmin as an Exchange View Only Administrator.
6. In Exchange manager expand the servers folder and right mouse click on your server and select properties. On the properties windows select BESadmin and add the permissions "Administer Mailbox Store, Receive As, Send As"
7. Open Active Directory and from the View menu select "Advanced Features". Then go to each user that will be added to the BES and open their properties, go to the security tab and add the user BESadmin and add the security permission "Send As". (This will overcome some MS patches that prevent BES sending emails)
8. Log on as BESadmin and install the BES software, normally you just install "BlackBerry Enterprise Server" as most sites don't use the MDS services (MDS is a much heavier install). Follow the prompts of the install and the server will be required to restart half way through the install. Restart the server and log back on as BESadmin and the install will continue. (Make sure the Connect Test works and the SRP ID etc is validated during the install)
9. After the install is finished open BlackBerry Manager, an error will appear about MAPI client which you can just hit OK. The MAPI setting windows will appear so just add the server name back in and select "Check Name", if it resolves just hit OK and the manager will start.
10. Within Blackberry Manager click on Blackberry Domain in the left column and then the users SERVERS tab in the centre section, select your server within this tab and view the properties below. Ensure that "SRP Status:" is Connected (This can take a few minutes the first time so refresh the screen a few times). Once your status is connected you can start adding users.
11. Within Blackberry Manager click on you server name in the left column and then the users TAB in the centre section, just add a user and the click on that user. You will see all the users’ properties and a drop down menu called "Service Access” and select “Set Activation Password” and set a password of “a” for example.
12. Turn on you BlackBerry device and ensure Wireless is enabled. Go into “Options/Settings” and “Time & Date” and set the correct zone and time etc. Then from the home screen go to enterprise activation and enter the users email address and enter the password that was set in step 10. Press the track wheel and select Activate. Within a minute you should get data returned which indicates the process is functioning correct.
Extra
a. Also ensure you review the IT Policy in BlackBerry Manager. This can be found in BlackBerry Domain > Global TAB > Edit properties. It is recommended that in the IT Policy you go into “Device Only Items” and set “Enable WAP config” to FALSE, this will force user to use the free browser (It uses the internet connection of your BES server). It is also highly recommended that you configure a password policy prior to rolling out any handhelds.
b. If you are unable to activate devices wirelessly you can test your connectivity to Blackberry buy running the following app from the command prompt:
C:\Program Files\Research In Motion BlackBerry Enterprise Server\Utility\BBSrpTest.exe
This will send a signal to BB and wait for a response, it this fails check your firewall settings (open and/or direct port 3101 TCP to you BES server)
c. If you have Domain Admins using BlackBerry devices you may have to run the following script if you are unable to send email for those users devices:
dsacls "cn=adminsdholder,cn=system,dc=domainname,dc=c om " /G "DOMAINNAME\BESadmin:CA;Send As"
2. Create a new user called BESadmin and ensure you create a mailbox. Ensure this user is ONLY a member of "Domain users"
3. Make BESadmin a local Administrator of the server. This is done in AD via the "Built-in" Administrators group
4. Go to Admin Tools on open "Domain Controller Security Policy" and expand the "Local Policies" and "User Right Assignment". You need to add BESadmin to "Log on Locally" and "log on as Service".
5. Open Exchange System Manager and right mouse click on "DOMIANNAME (Exchange)" and select Delegate Control. Follow the steps and add BESadmin as an Exchange View Only Administrator.
6. In Exchange manager expand the servers folder and right mouse click on your server and select properties. On the properties windows select BESadmin and add the permissions "Administer Mailbox Store, Receive As, Send As"
7. Open Active Directory and from the View menu select "Advanced Features". Then go to each user that will be added to the BES and open their properties, go to the security tab and add the user BESadmin and add the security permission "Send As". (This will overcome some MS patches that prevent BES sending emails)
8. Log on as BESadmin and install the BES software, normally you just install "BlackBerry Enterprise Server" as most sites don't use the MDS services (MDS is a much heavier install). Follow the prompts of the install and the server will be required to restart half way through the install. Restart the server and log back on as BESadmin and the install will continue. (Make sure the Connect Test works and the SRP ID etc is validated during the install)
9. After the install is finished open BlackBerry Manager, an error will appear about MAPI client which you can just hit OK. The MAPI setting windows will appear so just add the server name back in and select "Check Name", if it resolves just hit OK and the manager will start.
10. Within Blackberry Manager click on Blackberry Domain in the left column and then the users SERVERS tab in the centre section, select your server within this tab and view the properties below. Ensure that "SRP Status:" is Connected (This can take a few minutes the first time so refresh the screen a few times). Once your status is connected you can start adding users.
11. Within Blackberry Manager click on you server name in the left column and then the users TAB in the centre section, just add a user and the click on that user. You will see all the users’ properties and a drop down menu called "Service Access” and select “Set Activation Password” and set a password of “a” for example.
12. Turn on you BlackBerry device and ensure Wireless is enabled. Go into “Options/Settings” and “Time & Date” and set the correct zone and time etc. Then from the home screen go to enterprise activation and enter the users email address and enter the password that was set in step 10. Press the track wheel and select Activate. Within a minute you should get data returned which indicates the process is functioning correct.
Extra
a. Also ensure you review the IT Policy in BlackBerry Manager. This can be found in BlackBerry Domain > Global TAB > Edit properties. It is recommended that in the IT Policy you go into “Device Only Items” and set “Enable WAP config” to FALSE, this will force user to use the free browser (It uses the internet connection of your BES server). It is also highly recommended that you configure a password policy prior to rolling out any handhelds.
b. If you are unable to activate devices wirelessly you can test your connectivity to Blackberry buy running the following app from the command prompt:
C:\Program Files\Research In Motion BlackBerry Enterprise Server\Utility\BBSrpTest.exe
This will send a signal to BB and wait for a response, it this fails check your firewall settings (open and/or direct port 3101 TCP to you BES server)
c. If you have Domain Admins using BlackBerry devices you may have to run the following script if you are unable to send email for those users devices:
dsacls "cn=adminsdholder,cn=system,dc=domainname,dc=c om " /G "DOMAINNAME\BESadmin:CA;Send As"
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
Posts
No comments:
Post a Comment