User's Manual

ManualsBrandsBlackberry ManualsSecurity CameraBlackberry Research In Motion - Blackberry Security Camera SWD-20120924140022907

BlackBerry Enterprise Server for

Microsoft Exchange

Version: 5.0

Service Pack: 3

Administration Guide

Summary of content (500 pages)

PAGE 1
Version: 5.
PAGE 2
Published: 2012-09-24 SWD-20120924140022907
PAGE 3
Contents 1 Overview: BlackBerry Enterprise Server ......................................................................................... 21 Document revision history ................................................................................................................................................ 21 Getting started in your BlackBerry Enterprise Server environment .....................................................................................
PAGE 4
View the resolved IT policy rules that are assigned to a user account ........................................................................... 54 Deactivating BlackBerry devices that do not have IT policies applied ................................................................................. 54 Deactivate BlackBerry devices that do not have IT policies applied .............................................................................
PAGE 5
Configuring the BlackBerry Administration Service to authenticate with a proxy server ................................................ 77 Configuring multiple BlackBerry Enterprise Server instances to use the same BlackBerry Enterprise Server component ..... 79 Configure multiple BlackBerry Enterprise Server instances to use the same BlackBerry MDS Connection Service ........ 79 Configure multiple BlackBerry Enterprise Server instances to use the same BlackBerry Collaboration Service .............
PAGE 6
Use the BlackBerry Administration Service to find the time and reason for the last automatic failover event ............... 109 Fail over the BlackBerry Enterprise Server manually using the BlackBerry Administration Service .................................... 109 Fail over the BlackBerry Enterprise Server manually using the BlackBerry Configuration Panel ........................................ 110 10 Configuring high availability for BlackBerry Enterprise Server components ..............................
PAGE 7
Prepare the database server that hosts the replicated BlackBerry Configuration Database and configure the subscription ............................................................................................................................................................ 133 Start the BlackBerry Enterprise Server instances ......................................................................................................
PAGE 8
Reconciliation rules: Application control policies ...................................................................................................... 166 Reconciliation rules: Application control policies for unlisted applications ................................................................. 166 13 Alternative methods for installing BlackBerry Java Applications on BlackBerry devices ................
PAGE 9
Permitting push applications to make trusted connections to a BlackBerry MDS Connection Service ............................... 188 Create a key store to store certificates for use with HTTPS connections ..................................................................... 189 Add a certificate for the BlackBerry MDS Connection Service ...................................................................................
PAGE 10
Map a contact list field in an email application to a contact list field on a BlackBerry device ...................................... 214 Map a contact information field in an email application to contact list fields on BlackBerry devices ........................... 215 Map a contact list field in an email application to a contact list field on a BlackBerry device ...................................... 215 16 Configuring BlackBerry devices to enroll certificates over the wireless network ................
PAGE 11
Create a VPN profile based on an existing VPN profile ............................................................................................... 240 Configure a VPN profile ............................................................................................................................................ 240 Assign a VPN profile to a group ................................................................................................................................
PAGE 12
22 Changing the security settings of the BlackBerry Administration Service and BlackBerry Web Desktop Manager ........................................................................................................................ 266 Import a new SSL certificate for the BlackBerry Administration Service and BlackBerry Web Desktop Manager ................ 266 Configuring Microsoft Active Directory authentication in an environment that includes a resource forest ..........................
PAGE 13
Delete a user account from the BlackBerry Enterprise Server ................................................................................... 289 Update a user account manually .............................................................................................................................. 290 Add an administrator role to a user account ............................................................................................................. 290 Update the contact list manually ...........
PAGE 14
Configuring the Microsoft Active Directory account to delegate access ..................................................................... 315 Configuring the BlackBerry MDS Connection Service when the messaging server is located in a remote Microsoft Active Directory domain ...........................................................................................................................................
PAGE 15
Forward email messages from inbox subfolders to a BlackBerry device ..................................................................... 336 Turn off email message forwarding to user accounts in a group ................................................................................. 337 Turn off email message forwarding to a user account ................................................................................................
PAGE 16
Change how a BlackBerry Attachment Connector retries sending requests to a BlackBerry Attachment Service ........ 357 Change how a BlackBerry Attachment Connector restores a lost connection to a BlackBerry Attachment Service ..... 358 Attachment file formats that the BlackBerry Attachment Service supports ...................................................................... 359 Limitations for supported attachment file formats ................................................................................
PAGE 17
Change the transport protocol for a Microsoft instant messaging environment ................................................................. 385 Specify the Windows domain name for users who log in to a collaboration client .............................................................. 386 Managing instant messaging sessions .............................................................................................................................
PAGE 18
Configuring BlackBerry Policy Service throttling for IT policies and service books ...................................................... 417 Configuring BlackBerry Policy Service throttling for PIN encryption keys ................................................................... 419 Configuring BlackBerry Policy Service throttling for application polling ..................................................................... 419 Delete a BlackBerry Policy Service throttling setting ........................
PAGE 19
IBM Lotus Sametime connection type and port number .................................................................................................. 466 Microsoft Exchange connection types and port numbers ................................................................................................. 466 Microsoft Office Live Communications Server 2005 connection types and port numbers ..................................................
PAGE 20
38 Legal notice ................................................................................................................................
PAGE 21
Administration Guide Overview: BlackBerry Enterprise Server Overview: BlackBerry Enterprise Server 1 The BlackBerry Enterprise Server is designed to be a secure, centralized link between an organization's wireless network, communications software, applications, and BlackBerry smartphones. The BlackBerry Enterprise Server integrates with your organization's existing infrastructure to provide smartphone users with mobile access to your organization's resources.
PAGE 22
Administration Guide Overview: BlackBerry Enterprise Server Date Description 14 September 2011 Updated the following topics: 3 August 2011 • Import IT policy data • Reconciliation rules for conflicting IT policies when you apply multiple IT policies to a user account • Reconciliation rules for conflicting IT policies when you apply one IT policy to the user account • Troubleshooting: IT policies • Mapping contact information fields for synchronization and contact lookups • Map a contact in
PAGE 23
Administration Guide Task Overview: BlackBerry Enterprise Server Chapter Review the default IT policies. If necessary, change existing Configuring security options IT policies or create new IT policies. • Section: Using an IT policy to manage BlackBerry Enterprise Solution security Add user accounts to the BlackBerry Enterprise Server. Configuring user accounts • Create groups. Configuring user accounts • Add user accounts to groups. Assign BlackBerry devices to user accounts.
PAGE 24
Administration Guide Task Overview: BlackBerry Enterprise Server Chapter • Review the default application control policies and application control policies for unlisted applications. If necessary, change the existing application control policies. Create software configurations for BlackBerry Java Applications.
PAGE 25
Administration Guide Overview: BlackBerry Enterprise Server Task Chapter Configure high availability for BlackBerry Enterprise Server components and for the BlackBerry Configuration Database. Configuring BlackBerry Enterprise Server high availability Use the BlackBerry Monitoring Service to troubleshoot issues and monitor the health of a BlackBerry Enterprise Server. Visit www.blackberry.com/go/serverdocs to see the BlackBerry Enterprise Server Monitoring Guide.
PAGE 26
Administration Guide Log in to the BlackBerry Administration Service for the first time Log in to the BlackBerry Administration Service for the first time 2 To open the BlackBerry Administration Service, you can use a browser on any computer that has access to the computer that hosts the BlackBerry Administration Service.
PAGE 27
Administration Guide Log in to the BlackBerry Administration Service for the first time Possible solution Add the web address for the BlackBerry Administration Service to the list of trusted web sites in Windows Internet Explorer, and install the certificate for the BlackBerry Administration Service in the certificate store of your computer. 1. In Windows Internet Explorer, navigate to the BlackBerry Administration Service console. 2. Click Continue to this website (not recommended). 3.
PAGE 28
Administration Guide 2. Click I Understand the Risks. 3. Click Add Exception. 4. Click Confirm Security Exception. 5. Close and reopen the browser.
PAGE 29
Administration Guide Creating administrator accounts Creating administrator accounts 3 Administrative roles and permissions You create roles for administrator accounts or assign preconfigured roles to administrator accounts so that you can specify what tasks an administrator can perform on the BlackBerry Enterprise Server. You can specify the actions that administrators can perform by changing the permission that you assign to administrative roles.
PAGE 30
Administration Guide Creating administrator accounts Security role Enterprise role Senior Helpdesk role Create a group X X X Delete a group X X View a group (across Group) X X X X X Edit a group (across Group) X X X X X Create a user X X X X Delete a user X X X X View a user (across Group) X X X X X Edit a user (across Group) X X X X X View a device (across Group) X X X X X Edit a device (across Group) X X X X X View device activation settings X X
PAGE 31
Administration Guide Creating administrator accounts Senior Helpdesk role Junior Helpdesk role Security role Enterprise role Import an IT policy template X X Resend data to devices X X Create a software configuration X X View a software configuration X X Edit a software configuration X X X Delete a software configuration X X X View BlackBerry Administration Service software management X X Edit BlackBerry Administration Service software management X X Create an application X
PAGE 32
Administration Guide Creating administrator accounts Security role Enterprise role Senior Helpdesk role Clear synchronization backup data X X X Clear user statistics X X X Export statistics X X Reset user field mapping X X X X Turn on redirection X X X X Turn off redirection X X X X Refresh available user list from company directory X X Add User from Company Directory X X Synchronize GroupWise System Address Book X X X Clear and synchronize GroupWise System Address B
PAGE 33
Administration Guide Creating administrator accounts Senior Helpdesk role Junior Helpdesk role Security role Enterprise role Edit a job X X X Manage deployment job tasks X X X Change the status of a job task X X X Update peer-to-peer encryption key X X View job distribution settings X X X Edit job distribution settings X X X Delete an instance X X X Edit license keys X X X View license keys X X X Manually fail a job X X Clear instance statistics X X View push r
PAGE 34
Administration Guide Permission name Creating administrator accounts Security role Enterprise role Senior Helpdesk role Junior Helpdesk role Server only role User only role Import or export groups within roles X Import new users X X Import or export users X X Import user updates X X X Import or export email message filters for a user X X X Export asset summary data X X X Add or remove to user configuration X X X Delete all device data and remove device X X X X X Delete
PAGE 35
Administration Guide 2. Click Create a role. 3. Type a name and description for the role. 4. Click Save. 5. In the Role information section, click the name of the role that you created. 6. Click Edit role. 7. Switch the appropriate tabs to turn on the appropriate permissions. 8. Click Save all. Creating administrator accounts After you finish: Assign the role to an administrator account or group.
PAGE 36
Administration Guide Creating administrator accounts If your environment includes a Microsoft Exchange resource forest, you must create the administrator account in the resource forest. Before you begin: Verify that you can configure the authentication type and roles for an administrator account. 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Administrator user. 2. Click Create an administrator user. 3. Type the required information.
PAGE 37
Administration Guide Creating administrator accounts Related information Create a group to manage similar user accounts, 84 Specify an email address for the BlackBerry Administration Service You can specify the email address that the BlackBerry Administration Service sends BlackBerry Enterprise Server system messages or activation passwords from. Before you begin: Create an email account on your organization's messaging server. 1.
PAGE 38
Administration Guide 7. In the User information section, in the Display name field, type the user name. 8. In the Authentication type section, type and verify a password. 9. Click the Update icon. Creating administrator accounts 10. Click Save all. Assign a BlackBerry device to an administrator account You can assign a BlackBerry device to an administrator without creating a separate user account. 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User.
PAGE 39
Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security Using an IT policy to manage BlackBerry Enterprise Solution security 4 You can use an IT policy to control and manage BlackBerry devices, the BlackBerry Desktop Software, and the BlackBerry Web Desktop Manager in your organization's environment. An IT policy consists of multiple IT policy rules that manage the security and behavior of the BlackBerry Enterprise Solution.
PAGE 40
Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security To use an IT policy rule on a BlackBerry device, you must verify that the BlackBerry Device Software version supports the IT policy rule. For example, you cannot use the Disable Camera IT policy rule to control whether a BlackBerry device user can access the camera on the device if the BlackBerry Device Software version does not support the IT policy rule.
PAGE 41
Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security Preconfigured IT policy Description Medium Security with No 3rd Party Applications Similar to the Medium Password Security, this policy requires a complex password that a user must change frequently, a security timeout, and a maximum password history. This policy prevents users from making their devices discoverable by other Bluetooth enabled devices and prevents devices from downloading third-party applications.
PAGE 42
Administration Guide IT policy rule Password Required Using an IT policy to manage BlackBerry Enterprise Solution security Default IT policy IndividualLiable Device IT policy Basic Password Security IT policy Medium Password Security IT policy Medium Advanced Password Security IT Security policy with No 3rd Party Applications IT policy Advanced Security with No 3rd Party Applications IT policy numeric character numeric character numeric character numeric character No — Yes Yes Yes Yes Ye
PAGE 43
Administration Guide IT policy rule Using an IT policy to manage BlackBerry Enterprise Solution security Default IT policy IndividualLiable Device IT policy Basic Password Security IT policy Medium Password Security IT policy Medium Advanced Password Security IT Security policy with No 3rd Party Applications IT policy Advanced Security with No 3rd Party Applications IT policy Disable USB Mass Storage No — — — — Yes Yes Disallow Third Party Application Download No — — — Yes — Yes Ext
PAGE 44
Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security IT policy rule Default IT policy IndividualLiable Device IT policy Basic Password Security IT policy Medium Password Security IT policy Medium Advanced Password Security IT Security policy with No 3rd Party Applications IT policy Advanced Security with No 3rd Party Applications IT policy Disable File Transfer No — — — — Yes Yes Disable Serial Port Profile No — — — — Yes Yes Require LED Connecti
PAGE 45
Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security b. Click Edit IT policy. c. On a tab for an IT policy group, configure values for the IT policy rules. d. Click Save All. After you finish: For more information, see the BlackBerry Enterprise Server Policy Reference Guide. Create an IT policy based on an existing IT policy 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy. 2. Click Manage IT policies. 3.
PAGE 46
Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security • Location of the data source file • File encryption password that you use to protect the data source file 5. Click Next. 6. Click Add all IT policies. Related information Preconfigured IT policies, 40 Import IT policy rules from an IT policy pack You can import the IT policy rules that Research In Motion releases in an IT policy pack into your organization's BlackBerry Enterprise Server. 1.
PAGE 47
Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security Assign an IT policy to a group 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Group. 2. Click Manage groups. 3. In the Manage groups section, click the group that you want to assign an IT policy to. 4. On the Policies tab, click Edit group. 5. In the drop-down list, click an IT policy. 6. Click Save all.
PAGE 48
Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security Sending an IT policy over the wireless network If your organization's environment includes C++ based BlackBerry devices that are running BlackBerry Device Software version 2.5 or later or Java based devices that are running BlackBerry Device Software version 3.6 or later, the BlackBerry Enterprise Server can send changes to IT policies to a device over the wireless network automatically.
PAGE 49
Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security 2. Expand BlackBerry Domain > Component view. 3. In the Policy section, click an instance. 4. Click Edit instance. 5. In the General section, in the Policy resend interval (hours) field, type an interval that you want the BlackBerry device to resend the IT policy at. 6. Click Save All.
PAGE 50
Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security Option 1: Applying one IT policy to each user account, 50 Option 2: Applying multiple IT policies to each user account, 51 Option 1: Applying one IT policy to each user account You can configure the BlackBerry Enterprise Server to apply only one IT policy to a user account when a user account is a member of multiple groups that have different IT policies.
PAGE 51
Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security Change the method that the BlackBerry Enterprise Server uses to resolve conflicting IT policies You can change the method that the BlackBerry Enterprise Server uses to determine what IT policy to apply to a user account when a user account belongs to multiple groups that have different IT policies.
PAGE 52
Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security If you install BlackBerry Enterprise Server 5.0 SP2 or later, this is the default method for resolving IT policy conflicts. If you upgrade to BlackBerry Enterprise Server 5.
PAGE 53
Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security Scenario Rule the default value of Yes). You assign the second group IT policy B, which has the Allow Browser IT policy rule set to No. You ranked IT policy A higher than IT policy B in the BlackBerry Administration Service.
PAGE 54
Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security BlackBerry Enterprise Server resolves the conflicting rules. The preview displays the conflicting IT policy rules and the resolved settings for each rule. If an IT policy rule is not conflicting in the multiple IT policies that you selected, the preview does not display the policy rule in the results. 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy. 2.
PAGE 55
Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security expires. If the time limit expires, the BlackBerry Enterprise Server deactivates the BlackBerry device PINs. The permitted range for this option is 0 hours to 8760 hours. If you specify 0 hours, BlackBerry devices deactivate when the IT policy cannot apply automatically. Deactivate BlackBerry devices that do not have IT policies applied 1.
PAGE 56
Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security 5. In the Destination drop-down list, choose whether you want the BlackBerry device, the BlackBerry Desktop Software, or both to be able to use the IT policy rule. 6. Click Save. After you finish: Add the IT policy rule to an IT policy. Change or delete IT policy rules for third-party applications 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy. 2.
PAGE 57
Administration Guide Using an IT policy to manage BlackBerry Enterprise Solution security 10. Click Close. Delete an IT policy 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy. 2. Click Manage IT policies. 3. In the list of IT policies, click an IT policy. 4. Click Delete IT policy. 5. Click Yes – Delete the IT policy.
PAGE 58
Administration Guide Configuring security options Configuring security options 5 Encrypting data that the BlackBerry Enterprise Server and a BlackBerry device send to each other To encrypt data that is in transit between the BlackBerry Enterprise Server and a BlackBerry device in your organization, the BlackBerry Enterprise Solution uses BlackBerry transport layer encryption.
PAGE 59
Administration Guide Configuring security options Change the symmetric key encryption algorithm that the BlackBerry Enterprise Solution uses 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > BlackBerry Enterprise Server. 2. Click the instance that you want to change. 3. Click Edit instance. 4.
PAGE 60
Administration Guide Configuring security options The BlackBerry Administration Service includes lists of permitted manufacturers and models of devices that you associated with the BlackBerry Enterprise Server previously. You can permit a user to override the Enterprise Service Policy so that a device can connect to the BlackBerry Enterprise Server even if you configure the allowed list with criteria that exclude that device. For more information, see the BlackBerry Enterprise Server Administration Guide.
PAGE 61
Administration Guide Configuring security options Permit a user to override the Enterprise Service Policy Before you begin: Turn on the Enterprise Service Policy. 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User. 2. Click Manage users. 3. Search for a user account. 4. Click the display name for the user account. 5. Click Edit user. 6.
PAGE 62
Administration Guide Configuring security options To require the BlackBerry device user to use PGP encryption when forwarding or replying to messages, you can configure the PGP Force Digital Signature IT policy rule and the PGP Force Encrypted Messages IT policy rule. The PGP Support Package for BlackBerry smartphones is designed to support encoding and decoding Unicode messages and permits PGP encryption using keys or passwords.
PAGE 63
Administration Guide Configuring security options • Ability to use a password, which the sender and recipient each know, to encrypt S/MIME-protected email messages or PIN messages • Ability to read S/MIME certificates that are stored on a smart card Configure the BlackBerry Enterprise Solution to support S/MIME encryption 1. Configure encryption options for S/MIME-protected messages on the BlackBerry Enterprise Server. 2. If required, configure message classifications for email messages. 3.
PAGE 64
Administration Guide Configuring security options • To require that the BlackBerry Enterprise Server deletes attachment data from any signed-only S/MIME-protected messages so that the BlackBerry Enterprise Server conserves bandwidth, in the Remove attachment data from signed S/MIME messages drop-down list, click True.
PAGE 65
Administration Guide Configuring security options Enforcing secure messaging using classifications You can use message classifications to require S/MIME-enabled users or PGP enabled users to sign, encrypt, or sign and encrypt email messages that they send from the BlackBerry devices. You use the Message Classification IT policy rule to configure one or more message classifications that users can apply to email messages.
PAGE 66
Administration Guide Configuring security options After you finish: If you create more than one message classification, order the message classifications in the list. By default, if a user does not select a message classification, the BlackBerry device applies the first message classification in the list. Create a message classification based on an existing message classification 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy. 2.
PAGE 67
Administration Guide Configuring security options Delete a message classification 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy. 2. Click Manage IT policies. 3. In the list of IT policies, click an IT policy. 4. Click Edit IT policy. 5. On the Security tab, at the bottom of the screen, click the Delete icon beside the message classification. 6. Click Save all.
PAGE 68
Administration Guide 3. Click Update peer-to-peer encryption key. 4. Click Create new key.
PAGE 69
Administration Guide Configuring security options • You or a BlackBerry device user turns on content protection for the BlackBerry device. • An application uses the RIM Cryptographic API to create a private key or symmetric key. • A third-party application turns on the garbage collection process by registering with the memory cleaner application on the BlackBerry device.
PAGE 70
Administration Guide Configuring security options For more information about the IT policy rules that you can use to change when the memory cleaner application runs, see the BlackBerry Enterprise Server Policy Reference Guide. Best practice: Configuring additional memory cleaner settings for BlackBerry devices Scenario Recommendation Remove decrypted content from BlackBerry device memory when the user holsters BlackBerry device. Change the Force Memory Clean When Holstered IT policy rule to Yes.
PAGE 71
Administration Guide Configuring the BlackBerry Enterprise Server environment Configuring the BlackBerry Enterprise Server environment 6 Best practice: Running the BlackBerry Enterprise Server Best practice Description Do not change the startup type for the BlackBerry Enterprise Server services. When you install or upgrade the BlackBerry Enterprise Server, the setup application configures the startup type for the BlackBerry Enterprise Server services to automatic or manual.
PAGE 72
Administration Guide Configuring the BlackBerry Enterprise Server environment Configuring certain BlackBerry Enterprise Server components to use proxy servers You can configure the BlackBerry MDS Connection Service and the BlackBerry Collaboration Service to use proxy servers to access web addresses on the Internet and your organization's intranet. You should use a proxy method that is consistent with the proxy method that other applications and servers in your organization use to access web content.
PAGE 73
Administration Guide Configuring the BlackBerry Enterprise Server environment 7. Click the Add icon for the proxy item. If you add more than one proxy item, use the Up and Down icons to set the priority of the proxy items. 8. Click the Add icon for the web address. If you add more than one web address, use the Up and Down icons to set the priority of the web addresses. 9. Click Save all.
PAGE 74
Administration Guide Configuring the BlackBerry Enterprise Server environment Configure a BlackBerry Enterprise Server component to authenticate to a proxy server on behalf of BlackBerry devices You can configure the BlackBerry MDS Connection Service and the BlackBerry Collaboration Service to authenticate to a proxy server on behalf of BlackBerry devices.
PAGE 75
Administration Guide Configuring the BlackBerry Enterprise Server environment Configuring proxy selection for the BlackBerry Administration Service You can configure the BlackBerry Administration Service to select a proxy server either manually or automatically. To manually select a proxy server, you can use one of the following tools: • Proxy Configuration Tool (proxycfg.exe) with Windows Server 2003 or earlier • Network Shell Utility (netsh.
PAGE 76
Administration Guide 3. Click Tools > Internet Options. 4. On the Connections tab, click LAN settings. 5. Select Use a proxy server for your LAN. 6. In the Address field, type the address for the proxy server. 7. In the Port field, type the port number for the proxy server. 8. Click OK. 9. Click OK.
PAGE 77
Administration Guide Configuring the BlackBerry Enterprise Server environment CAUTION: If the proxy server authenticates using HTTP basic authentication, the PAC file must be on a computer that is separate from the proxy server and uses Windows authentication or anonymous authentication. 1. On the computer that hosts the BlackBerry Administration Service instance, log in using the Windows account that runs the BlackBerry Administration Service. 2. Open Windows Internet Explorer. 3.
PAGE 78
Administration Guide Configuring the BlackBerry Enterprise Server environment Task Steps Specify the credentials for HTTP basic authentication that your organization's BlackBerry Domain uses. 1. Type traittool -global -trait BASProxyBasicAuthUID -set , where is the user name (for example, user01@blackberry.com or blackberry.com\user01). 2. Type traittool -global -trait BASProxyBasicAuthPassword -set , where is the password.
PAGE 79
Administration Guide Configuring the BlackBerry Enterprise Server environment Configuring multiple BlackBerry Enterprise Server instances to use the same BlackBerry Enterprise Server component To help make a BlackBerry Domain more scalable, you can configure multiple BlackBerry Enterprise Server instances to use the same BlackBerry MDS Connection Service or BlackBerry Collaboration Service.
PAGE 80
Administration Guide Configuring the BlackBerry Enterprise Server environment Configure multiple BlackBerry Enterprise Server instances to use the same BlackBerry Collaboration Service You can configure multiple BlackBerry Enterprise Server instances to use the same BlackBerry Collaboration Service to connect to your organization's instant messaging server, and to manage requests from the collaboration client on users' BlackBerry devices. 1.
PAGE 81
Administration Guide 5. 6. 7. 8. Configuring the BlackBerry Enterprise Server environment • If you are running a 32-bit version of Windows, go to HKEY_LOCAL_MACHINE\SOFTWARE\Research In Motion \BlackBerry Enterprise Server\Agents. • If you are running a 64-bit version of Windows, go to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node \Research In Motion\BlackBerry Enterprise Server\Agents. If the MAPIEncoding registry key exists, perform one of the following actions: • Delete the key.
PAGE 82
Administration Guide 3. Click OK. 4. Perform one of the following actions: Configuring the BlackBerry Enterprise Server environment • If you are running a 32-bit version of Windows, go to HKEY_LOCAL_MACHINE\SOFTWARE\Research In Motion \BlackBerry Enterprise Server\Agents. • If you are running a 64-bit version of Windows, go to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node \Research In Motion\BlackBerry Enterprise Server\Agents. 5. Create a DWORD value that is named AutoSelectOutgoingEncoding. 6.
PAGE 83
Administration Guide • Configuring the BlackBerry Enterprise Server environment Visit http://support.microsoft.com/kb/923537/en-us to download and install the required hotfix on the computer that will host the BlackBerry Enterprise Server. 1. On the BlackBerry Enterprise Server, on the Start menu, click Run. 2. Type regedit. 3. Click OK. 4.
PAGE 84
Administration Guide Configuring user accounts Configuring user accounts 7 Creating user groups You can create user groups and assign user accounts to user groups based on custom criteria, such as user location, organizational group, or BlackBerry device model. User accounts that are part of a user group can exist on multiple BlackBerry Enterprise Server instances in the BlackBerry Domain.
PAGE 85
Administration Guide Configuring user accounts 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User. 2. Click Manage users. 3. Search for the user accounts. 4. Select the user accounts. 5. In the Add to user configuration list, click Add group. 6. In the Available groups list, click the group that you want to add the user accounts to. 7. Click Add. 8. Click Save.
PAGE 86
Administration Guide Configuring user accounts 8. Click Add. 9. To select an activation option, perform one of the following actions: Option Step Specify an activation password for the user account. 1. Click Create a user with activation password. 2. In the Set activation password, section, type and confirm an activation password. The password must not contain special characters.
PAGE 87
Administration Guide Configuring user accounts 8. If you installed multiple BlackBerry Enterprise Server instances, select the BlackBerry Enterprise Server that you want to add the user account to. 9. Click Continue. 10. Type and confirm an activation password. The password must not contain special characters. Specific BlackBerry devices do not support special characters and do not unlock when a user types a password that contains special characters. 11.
PAGE 88
Administration Guide Configuring user accounts incorrectly formatted in the .csv file), the BlackBerry Administration Service continues to process the remaining actions that are listed in the file and displays an error message for the action that the BlackBerry Administration Service could not process. The import process can take a long time (more than 30 minutes) to complete if you add more than 2000 user accounts. Fields in a .
PAGE 89
Administration Guide Configuring user accounts Field Description Activation Password Expiry This field specifies the amount of time, in hours, that can elapse before the activation password expires if an activation password is required. The activation password will expire if the user does not activate the BlackBerry device on the BlackBerry Enterprise Server before a default value of 48 hours elapses.
PAGE 90
Administration Guide 3. Click Import new users. 4. In the Import users from a list section, click Browse. 5. Navigate to the .csv file that contains the user accounts that you want to import. 6. Click Continue. 7. Perform the appropriate actions for the user accounts.
PAGE 91
Administration Guide Assigning BlackBerry devices to users Assigning BlackBerry devices to users 8 Preparing to distribute a BlackBerry device Before you distribute a BlackBerry device to a user, you can configure the BlackBerry Enterprise Server to synchronize email messages that the user previously sent and received on a supported BlackBerry device. You can synchronize messages for a new user or for a user whose PIN changed when they received a replacement BlackBerry device.
PAGE 92
Administration Guide 5. Assigning BlackBerry devices to users • To specify the number of previous days that you want to synchronize messages from, in the Prepopulation By message age field, type a number. • To specify the maximum number of messages that you want to synchronize, in the Prepopulation By message count field, type a number. Click Save all. Prevent the BlackBerry Enterprise Server from synchronizing existing email messages onto a BlackBerry device 1.
PAGE 93
Administration Guide Assigning BlackBerry devices to users Method Description over the wireless network New BlackBerry device users and users that are receiving replacement BlackBerry devices can activate the BlackBerry devices without requiring a physical connection to your organization's network.
PAGE 94
Administration Guide Assigning BlackBerry devices to users Option 2: Activating a BlackBerry device over the wireless network To activate a BlackBerry device over the wireless network, you assign an activation password to a user account. The user receives the activation password in an email message and associates the BlackBerry device with the email account by typing the password on the BlackBerry device.
PAGE 95
Administration Guide Assigning BlackBerry devices to users Activation passwords The BlackBerry Enterprise Server activates a BlackBerry device over the wireless network using the wireless activation authentication protocol and an activation password that is specific to the user account associated with the BlackBerry device. Item Description length of the activation password Typical activation passwords are four to eight characters long.
PAGE 96
Administration Guide Assigning BlackBerry devices to users Customize the activation password You can customize the type of activation password and the number of characters the password can contain that you send to BlackBerry devices in a BlackBerry Domain. You can also change the length of time that the activation password exists before it expires. 1. In the BlackBerry Administration Service, on the Devices menu, expand Wireless activations. 2. Click Device activation settings. 3.
PAGE 97
Administration Guide Assigning BlackBerry devices to users 4. In the search results, click the display name for the user account. 5. In the Device activation list, click Specify an activation password. 6. In the Activation password and Confirm password fields, type an activation password. The password must not contain special characters. Some BlackBerry devices do not support special characters and do not unlock when a user types a password that contains special characters. 7.
PAGE 98
Administration Guide Assigning BlackBerry devices to users Option 4: Activating BlackBerry devices using the BlackBerry Web Desktop Manager Users can activate their BlackBerry devices by connecting them to computers using a USB cable or Bluetooth connection and logging in to the BlackBerry Web Desktop Manager. During the activation process, the BlackBerry Web Desktop Manager prompts users to associate the BlackBerry device with their email accounts and generate encryption keys.
PAGE 99
Administration Guide Assigning BlackBerry devices to users Prerequisites: Configuring a BlackBerry Router for BlackBerry device activations over the enterprise Wi-Fi network • On the computer that you installed the BlackBerry Router, or on a remote computer, configure an SMTP service that the BlackBerry Router can use. For more information, see the documentation for the Windows Server.
PAGE 100
Administration Guide 7. Click Apply. 8. Click OK. 9. In the Windows Services, restart the BlackBerry Router. Assigning BlackBerry devices to users After you finish: Instruct users to activate the Wi-Fi enabled BlackBerry devices. Activate a Wi-Fi enabled BlackBerry device If you want to activate a Wi-Fi enabled BlackBerry device using the enterprise Wi-Fi network, you can instruct a BlackBerry user to perform the following task on the BlackBerry device.
PAGE 101
Administration Guide Configuring BlackBerry Enterprise Server high availability Configuring BlackBerry Enterprise Server high availability 9 Check the health of a BlackBerry Enterprise Server If you configured BlackBerry Enterprise Server high availability, you can check the health of a BlackBerry Enterprise Server instance to verify that it is running as expected. 1. In the BlackBerry Administration Service, in the Servers and components menu, expand High availability. 2.
PAGE 102
Administration Guide Configuring BlackBerry Enterprise Server high availability receives this information in real time from the BlackBerry Enterprise Server instance so that the failover status is always upto-date. How the BlackBerry Enterprise Server uses health parameters The BlackBerry Enterprise Server uses health parameters to define the failover and promotion thresholds. The health parameters indicate if a BlackBerry Enterprise Server service or component is healthy or unhealthy.
PAGE 103
Administration Guide Configuring BlackBerry Enterprise Server high availability • For failover to occur only when the standby BlackBerry Enterprise Server is in a healthier state than the primary BlackBerry Enterprise Server, you can move the promotion threshold so that it is lower than the failover threshold.
PAGE 104
Administration Guide Configuring BlackBerry Enterprise Server high availability Configuring failover to occur when the standby BlackBerry Enterprise Server is in a healther state than the active BlackBerry Enterprise Server If you move the failover threshold and promotion threshold so that the promotion threshold is lower than the failover threshold, failover occurs only if the standby BlackBerry Enterprise Server is healthier than the primary BlackBerry Enterprise Server that is sufficiently healthy to r
PAGE 105
Administration Guide Configuring BlackBerry Enterprise Server high availability 2. Click the name of the BlackBerry Enterprise Server pair that you want to change the health parameters and thresholds for. 3. Click Edit Automatic Failover settings. 4. To change the order of the health parameters and thresholds, click the Up and Down icons. 5. Click Save.
PAGE 106
Administration Guide Configuring BlackBerry Enterprise Server high availability Health parameter Description Attachment viewing This health parameter indicates whether the BlackBerry Messaging Agent can provide services for attachment viewing. Connection to the BlackBerry Configuration Database This health parameter indicates whether BlackBerry Enterprise Server components can connect to the BlackBerry Configuration Database.
PAGE 107
Administration Guide Configuring BlackBerry Enterprise Server high availability If your organization's environment includes multiple BlackBerry Enterprise Server pairs, you can change the percentages of the health parameters for all of the BlackBerry Enterprise Server instances at the BlackBerry Domain level, or for each BlackBerry Enterprise Server pair.
PAGE 108
Administration Guide Configuring BlackBerry Enterprise Server high availability Prerequisites: Configuring the BlackBerry Enterprise Server pair to fail over automatically • Install a primary BlackBerry Enterprise Server. • Install a standby BlackBerry Enterprise Server. For more information about installing a standby BlackBerry Enterprise Server, see the BlackBerry Enterprise Server Installation and Configuration Guide. • Configure the health parameters to meet your organization's requirements.
PAGE 109
Administration Guide Configuring BlackBerry Enterprise Server high availability Monitoring the BlackBerry Enterprise Server for an automatic failover event You can use the BlackBerry Monitoring Service, BlackBerry Enterprise Server Alert Tool, or another SNMP monitoring tool to monitor the BlackBerry Enterprise Server for an automatic failover event and notify you when an automatic failover event occurs.
PAGE 110
Administration Guide Configuring BlackBerry Enterprise Server high availability Before you begin: Verify that the standby BlackBerry Enterprise Server is running. 1. In the BlackBerry Administration Service, on the Servers and components menu, expand High availability > Highly available BlackBerry Enterprise Servers. 2. Click the name of the BlackBerry Enterprise Server pair. 3. Click Manual Failover. 4. In the list, choose the standby BlackBerry Enterprise Server instance. 5.
PAGE 111
Administration Guide Configuring high availability for BlackBerry Enterprise Server components Configuring high availability for BlackBerry Enterprise Server components 10 Creating a BlackBerry MDS Connection Service pool for high availability To configure BlackBerry MDS Connection Service high availablity, you can create a BlackBerry MDS Connection Service pool for each BlackBerry Enterprise Server by associating multiple BlackBerry MDS Connection Service instances with each BlackBerry Enterprise Serve
PAGE 112
Administration Guide Configuring high availability for BlackBerry Enterprise Server components 6. Click Save all. 7. Repeat steps 3 to 6 for each BlackBerry Enterprise Server instance in your organization's environment that you want to configure to use a BlackBerry MDS Connection Service pool.
PAGE 113
Administration Guide Configuring high availability for BlackBerry Enterprise Server components Create a BlackBerry Collaboration Service pool for high availability To configure BlackBerry Collaboration Service high availability, you can create a BlackBerry Collaboration Service pool for each BlackBerry Enterprise Server by associating multiple BlackBerry Collaboration Service instances with the BlackBerry Enterprise Server.
PAGE 114
Administration Guide Configuring high availability for BlackBerry Enterprise Server components Create a BlackBerry Attachment Service pool for high availability During the BlackBerry Attachment Service installation process, the setup application writes data about the BlackBerry Attachment Service instance to the BlackBerry Configuration Database.
PAGE 115
Administration Guide Configuring high availability for BlackBerry Enterprise Server components 11. Click Save all. 12. Repeat steps 2 to 11 for each BlackBerry Enterprise Server instance that you want to use a BlackBerry Attachment Service pool. The BlackBerry Administration Service writes the data about the BlackBerry Attachment Service pool to the BlackBerry Configuration Database.
PAGE 116
Administration Guide • Configuring high availability for BlackBerry Enterprise Server components If the BlackBerry Enterprise Server uses the BlackBerry Attachment Connector instance, in the Instance information section, in the Friendly description field, type a unique name. 6. Click Save all. The BlackBerry Administration Service updates the list of BlackBerry Attachment Connector instances automatically to use the names that you typed.
PAGE 117
Administration Guide Configuring high availability for BlackBerry Enterprise Server components 10. Repeat steps 2 to 9 for each BlackBerry Enterprise Server instance in your organization's environment that you want to have use a BlackBerry Router pool.
PAGE 118
Administration Guide Configuring high availability for BlackBerry Enterprise Server components Creating a BlackBerry Administration Service pool that includes the BlackBerry Web Desktop Manager using DNS round robin When you install the BlackBerry Administration Service, BlackBerry Web Desktop Manager, or both, the setup application installs the BlackBerry Administration Service services automatically.
PAGE 119
Administration Guide Configuring high availability for BlackBerry Enterprise Server components Configure the BlackBerry Administration Service instances in a pool to communicate across network subnets The instances in the BlackBerry Administration Service pool use multicast UDP to communicate with each other.
PAGE 120
Administration Guide Configuring high availability for BlackBerry Enterprise Server components Change the name of the BlackBerry Administration Service pool Before you begin: If you want to configure high availability for the BlackBerry Administration Service by creating a BlackBerry Administration Service pool using DNS round robin, create the DNS record that represents the BlackBerry Administration Service instances in the pool. 1.
PAGE 121
Administration Guide Configuring high availability for BlackBerry Enterprise Server components 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > BlackBerry Enterprise Server. 2. If you configured BlackBerry Enterprise Server pairs, expand the pair name. 3.
PAGE 122
Administration Guide Configuring high availability for BlackBerry Enterprise Server components When you navigate to another page in the BlackBerry Administration Service, the BlackBerry Administration Service turns off the refresh option, and you must turn it on again manually when you return to the page that displays the status.
PAGE 123
Administration Guide Configuring high availability for BlackBerry Enterprise Server components Remove a BlackBerry Collaboration Service instance from a pool You can remove a BlackBerry Collaboration Service instance from a pool if your organization no longer requires it or to troubleshoot an issue. 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > BlackBerry Enterprise Server. 2.
PAGE 124
Administration Guide Configuring high availability for BlackBerry Enterprise Server components 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Attachment > Connector. 2. Click the BlackBerry Attachment Connector that is installed on the BlackBerry Enterprise Server that you want to remove the BlackBerry Attachment Service instance from.
PAGE 125
Administration Guide Configuring BlackBerry Configuration Database high availability Configuring BlackBerry Configuration Database high availability 11 You can configure BlackBerry Configuration Database high availability by configuring database mirroring. Database mirroring requires that you configure a principal BlackBerry Configuration Database instance and a mirror BlackBerry Configuration Database.
PAGE 126
Administration Guide Configuring BlackBerry Configuration Database high availability • If you turned on the automatic failover option for the BlackBerry Enterprise Server, use the BlackBerry Administration Service to change the failover type to Manual until you finish configuring database mirroring or database replication. • If you are configuring database mirroring, configure the database servers as follows: • • Only use static port number 1433. • Verify that the SQL Server Browser is running.
PAGE 127
Administration Guide 2. Configuring BlackBerry Configuration Database high availability Repeat step 1 for each BlackBerry Enterprise Server component that connects to the BlackBerry Configuration Database. Configure database mirroring for the BlackBerry Configuration Database For more information about database mirroring, visit http://msdn2.microsoft.com/en-us/library/ms175059(SQL.90).aspx. 1.
PAGE 128
Administration Guide 2. Configuring BlackBerry Configuration Database high availability • BlackBerry Alert • BlackBerry Mail Store Service • BlackBerry User Administration Service • all of the remaining BlackBerry Enterprise Server services Repeat step 1 for each BlackBerry Enterprise Server component that connects to the BlackBerry Configuration Database.
PAGE 129
Administration Guide Configuring BlackBerry Configuration Database high availability Related information Resend the database mirroring parameters to BlackBerry Enterprise Server components, 129 Resend the database mirroring parameters to BlackBerry Enterprise Server components If the computers that host BlackBerry Enterprise Server components were not running or connected to the network when you configured the BlackBerry Enterprise Solution to support database mirroring, or if you do not know if all of t
PAGE 130
Administration Guide Configuring BlackBerry Configuration Database high availability Configuring the BlackBerry Configuration Database for one-way transactional replication in an environment that includes Microsoft SQL Server 2005 or 2008 Stop the BlackBerry Enterprise Server instances To maintain database integrity, you must prevent all services that use the BlackBerry Configuration Database from connecting to the databases while you configure replication. 1. 2.
PAGE 131
Administration Guide Configuring BlackBerry Configuration Database high availability 1. Copy the backup file from the database server that hosts the BlackBerry Configuration Database to the database server that will host the replicated BlackBerry Configuration Database. 2. In the Microsoft SQL Server Management Studio, in the left pane, navigate to the database server that will host the replicated BlackBerry Configuration Database. 3. Right-click Database. Click Restore Database. 4.
PAGE 132
Administration Guide Configuring BlackBerry Configuration Database high availability 3. Right-click Local Publications. Click New Publication. 4. If the Welcome dialog box appears, click Next. 5. If this is the first time that you are configuring a publication on the database server, perform the following actions: • Select will act as its own Distributor. Click Next. • In the Snapshot folder field, type the network location of the snapshot folder. Click Next. 6.
PAGE 133
Administration Guide Configuring BlackBerry Configuration Database high availability 2. Right-click the server. Click Properties. 3. Click Advanced. 4. In the Miscellaneous section, set the Max Text Replication Size to the maximum, 2147483647. 5. Click OK. Prepare the database server that hosts the replicated BlackBerry Configuration Database and configure the subscription 1.
PAGE 134
Administration Guide Configuring BlackBerry Configuration Database high availability Start the BlackBerry Enterprise Server instances After you configure the database, permit all BlackBerry Enterprise Server instances to connect to the principal BlackBerry Configuration Database. 1. 2.
PAGE 135
Administration Guide Configuring BlackBerry Configuration Database high availability To configure the BlackBerry Enterprise Server instances and components, you delete the pull subscription from the replicated database server, run a SQL query to update the numbering of the identity values in the replicated BlackBerry Configuration Database, and run the BlackBerry Enterprise Server setup application to permit each BlackBerry Enterprise Server instance and component to connect to the replicated BlackBerry C
PAGE 136
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices Sending software and BlackBerry Java Applications to BlackBerry devices 12 Managing BlackBerry Java Applications and BlackBerry Device Software You can use the BlackBerry Administration Service to install and manage the BlackBerry Device Software and BlackBerry Java Applications on BlackBerry devices.
PAGE 137
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices After you install the BlackBerry Device Software and BlackBerry Java Applications on devices, you can view details about how the BlackBerry Administration Service resolved software configuration conflicts. For more information about installing and managing the BlackBerry Device Software on devices, visit www.blackberry.com/go/serverdocs to see the BlackBerry Device Software Update Guide.
PAGE 138
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices Applications on BlackBerry devices. Do not add application files to the shared network folder or make changes to the files that the BlackBerry Administration Service stores in the shared network folder. To make a BlackBerry Java Application available for installation on BlackBerry devices, you must add the application to the BlackBerry Administration Service application repository.
PAGE 139
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices Add a BlackBerry Java Application to the application repository To send a BlackBerry Java Application to BlackBerry devices, you must first add the BlackBerry Java Application bundle to the application repository. To send an updated version of a BlackBerry Java Application to BlackBerry devices, you must first add the updated bundle to the application repository. 1.
PAGE 140
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices Specify keywords for a BlackBerry Java Application You can specify keywords for a BlackBerry Java Application. You can use the keywords to search for the application in the application repository. 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Software > Applications. 2. Click Manage applications. 3. Search for an application. 4.
PAGE 141
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices Application control policy Description Standard Required When you apply the application control policy to a BlackBerry Java Application, rule settings require that the BlackBerry Java Application be installed and permitted to run on BlackBerry devices. BlackBerry devices install the application automatically.
PAGE 142
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices If you add the BlackBerry Java Application to multiple software configurations and you assign different custom application control policies to the BlackBerry Java Application in the different software configurations, you must set the priority for the custom application control policies.
PAGE 143
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices 10. Click Save all. IT policy rules take precedence on smartphones IT policy rule settings override application control policy rule settings.
PAGE 144
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices 2. Click Manage application control policies for unlisted applications. 3. Click the Standard Unlisted Optional application control policy. 4. Click Edit application control policy. 5. On the Access settings tab, in the Settings section, configure the settings for the application control policy. 6. Click Save all.
PAGE 145
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Software. 2. Click Manage application control policies for unlisted applications. 3. Click Set priority of application control policies for unlisted applications. 4. Click the up and down arrows to set the priority of application control policies for unlisted applications. 5. Click Save.
PAGE 146
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices Create a software configuration 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Software. 2. Click Create a software configuration. 3. In the Configuration information section, in the Name field, type a name for the software configuration. 4.
PAGE 147
Administration Guide 9. Sending software and BlackBerry Java Applications to BlackBerry devices • To install the BlackBerry Java Application automatically on BlackBerry devices, and to prevent users from removing the application, click Required. • To permit users to install and remove the BlackBerry Java Application, click Optional. • To prevent users from installing a BlackBerry Java Application on BlackBerry devices, click Disallowed.
PAGE 148
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices Assign a software configuration to multiple user accounts 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User. 2. Click Manage users. 3. Search for one or more user accounts. 4. Select one or more user accounts. 5. In the Add to user configuration list, click Add software configuration. 6.
PAGE 149
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices When you assign a software configuration to a user account, the BlackBerry Administration Service creates a job to deliver the resulting object to the BlackBerry device.
PAGE 150
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices View the status of a job After you assign a software configuration to user accounts or change an existing software configuration that you assigned to user accounts, the BlackBerry Administration Service creates a job to deliver BlackBerry Device Software, BlackBerry Java applications, or application settings to BlackBerry devices.
PAGE 151
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices • BlackBerry Dispatcher log files from the day the issue was reported (log level 4 recommended) • BlackBerry Administration Service log files from the day the issue was reported (log level 4 recommended) • BlackBerry device information (for example, the BlackBerry device model, BlackBerry Device Software version, wireless service provider, IT policy assigned to the BlackBerry device, service books on the Blac
PAGE 152
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices Device reported insufficient memory to install module The BlackBerry device does not have enough application memory available to install the application modules. You can instruct the user to make more application memory available on the BlackBerry device. Resend the BlackBerry Java Application.
PAGE 153
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices The BlackBerry Policy Service did not receive an acknowledgment message from a BlackBerry device that indicates that the BlackBerry Java Application was installed. You can verify that the BlackBerry device is turned on and is located in a wireless coverage area. Resend the BlackBerry Java Application.
PAGE 154
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices For information about changing the log level for a BlackBerry Enterprise Server component, visit www.blackberry.com/ support to read article KB04342. For information about obtaining the event log for a BlackBerry device, visit www.blackberry.com/support to read article KB05349. If the recommended administrative action for an error message does not resolve the issue, contact RIM Technical Support.
PAGE 155
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices You can verify that the service books on the BlackBerry device permit BlackBerry Device Software updates over the wireless network. Available upgrade deferred by user • 0x01 prior upgrade in progress: The BlackBerry Device Software update did not complete because a previous BlackBerry Device Software update was in progress.
PAGE 156
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices Error messages: Standard application settings tasks To troubleshoot errors that display for a task when you change the standard application settings on a BlackBerry device, you can try to determine the cause by collecting the following information: • BlackBerry Synchronization Service log files from the day the issue was reported (log level 4 recommended) • BlackBerry Dispatcher log files from the day the issue
PAGE 157
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices Verify that the BlackBerry Synchronization Service can access the BlackBerry Configuration Database. If necessary, restart the BlackBerry Configuration Database. Failed to delete item The BlackBerry Synchronization Service cannot delete the value of the standard application settings because the BlackBerry Configuration Database is unavailable.
PAGE 158
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices For information about changing the log level for a BlackBerry Enterprise Server component, visit www.blackberry.com/ support to read article KB04342. For information about obtaining the event log for a BlackBerry device, visit www.blackberry.com/support to read article KB05349. If the recommended administrative action for an error message does not resolve the issue, contact Research In Motion Technical Support.
PAGE 159
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices If you want to delete a job, change the start date of the job to a date that exceeds the job failure period that you configured in the job schedule settings. The default job failure period is 30 days. Related information Change default settings for a job schedule, 292 Specify the start time and priority for a job, 299 Stop a job that is running 1.
PAGE 160
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices 6. Click View users with application. 7. Search for users that are associated with BlackBerry devices that you installed the BlackBerry Java Application on. View how the BlackBerry Administration Service resolved software configuration conflicts for a user account You can assign multiple software configurations to a user account or group.
PAGE 161
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices Reconciliation rules for conflicting settings in software configurations If you assign multiple software configurations to user accounts or groups, the multiple software configurations might contain conflicting settings.
PAGE 162
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices Reconciliation rules: BlackBerry Java Applications Scenario Rule Multiple software configurations are assigned to a user account or the groups the user belongs to. Multiple BlackBerry Java Applications are contained in each software configuration. The BlackBerry Java Applications in each software configuration are installed on the BlackBerry device.
PAGE 163
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices Scenario Rule The BlackBerry Administration Service resolves the deployment method after resolving the disposition of an application. The deployment method specified for an application in a software configuration that is assigned to a user account takes precedence over the deployment method for the same application in any software configuration that is assigned to a group.
PAGE 164
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices Scenario Rule successfully, the application with the dependency is then installed. A software configuration is assigned to a user account and it contains a BlackBerry Java Application that has a dependency on another BlackBerry Java Application. The dependent application is not supported on the BlackBerry device.
PAGE 165
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices Reconciliation rules: Standard application settings Scenario Rule A software configuration with standard application settings is assigned to a user account. A software configuration with different standard application settings is assigned to a group that the user account belongs to.
PAGE 166
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices Scenario Rule configured differently in the software configurations that are setting takes precedence over the Unlocked and hidden assigned to the groups. setting. Standard application settings are configured in a software configuration and assigned to user accounts with BlackBerry devices that are running a BlackBerry Device Software version earlier than 5.0.
PAGE 167
Administration Guide Sending software and BlackBerry Java Applications to BlackBerry devices Scenario Rule A software configuration that defines unlisted applications as disallowed is assigned to a user account. A software configuration that defines unlisted applications as optional is also assigned to the user account. If unlisted applications are defined as disallowed in a software configuration that is assigned to a user account, unlisted applications are not permitted on the BlackBerry device.
PAGE 168
Administration Guide Alternative methods for installing BlackBerry Java Applications on BlackBerry devices Alternative methods for installing BlackBerry Java Applications on BlackBerry devices 13 Installing BlackBerry Java Applications on BlackBerry devices without using the BlackBerry Administration Service You can install and update BlackBerry Java Applications on BlackBerry devices without using the BlackBerry Administration Service.
PAGE 169
Administration Guide Alternative methods for installing BlackBerry Java Applications on BlackBerry devices BlackBerry devices using a user’s computer or over the wireless network. Application developers can use the BlackBerry JDE or the BlackBerry Java Plug-in for Eclipse to generate .cod files that contain the compiled application code for a BlackBerry Java Application. BlackBerry devices execute .cod files to run BlackBerry Java Applications.
PAGE 170
Administration Guide Alternative methods for installing BlackBerry Java Applications on BlackBerry devices Method Description Install BlackBerry Java Applications using a web browser on BlackBerry devices You can install a BlackBerry Java Application on a BlackBerry device by installing the files for the BlackBerry Java Application on a web server and instructing the user to browse to the appropriate web address on the BlackBerry device.
PAGE 171
Administration Guide • Alternative methods for installing BlackBerry Java Applications on BlackBerry devices BlackBerry APIs and Java ME (standard on BlackBerry devices) User’s computer • Windows 2000 or later, Windows XP, or Windows Vista • BlackBerry Desktop Software version 4.0 or later • Research In Motion USB drivers and a USB connection for the BlackBerry device BlackBerry Java Application • .alx files and .cod files: The .
PAGE 172
Administration Guide Alternative methods for installing BlackBerry Java Applications on BlackBerry devices Installing BlackBerry Java Applications using the BlackBerry Application Web Loader You can configure the BlackBerry Application Web Loader, which uses Microsoft ActiveX, to install a BlackBerry Java Application on BlackBerry devices using a web server and Microsoft Internet Explorer on users’ computers.
PAGE 173
Administration Guide Alternative methods for installing BlackBerry Java Applications on BlackBerry devices • Microsoft Internet Explorer version 5.0 or later • Microsoft ActiveX version 8.
PAGE 174
Administration Guide 4. Alternative methods for installing BlackBerry Java Applications on BlackBerry devices Reference a specific version of the BlackBerry Application Web Loader. For more information about referencing a specific version of the BlackBerry Application Web Loader, visit www.blackberry.com/go/docs to read the BlackBerry Application Web Loader Developer Guide. 5. Associate the BlackBerry Application Web Loader with the .jad file. 6. To load the .jad file, invoke loadJad().
PAGE 175
Administration Guide Alternative methods for installing BlackBerry Java Applications on BlackBerry devices You must install the BlackBerry Device Manager on users’ computers so that users can use this method to install BlackBerry Java Applications. The BlackBerry Device Manager manages the connection between the standalone application loader tool and the BlackBerry device. The BlackBerry Device Manager is included in the BlackBerry Desktop Software.
PAGE 176
Administration Guide Alternative methods for installing BlackBerry Java Applications on BlackBerry devices information about application dependencies, visit www.blackberry.com/developers to read the BlackBerry Java Development Environment Development Guide. • required BlackBerry Java Applications: To configure a BlackBerry Java Application as required on a BlackBerry device, in the .alx file, after the copyright statement, add the following tag: true.
PAGE 177
Administration Guide Alternative methods for installing BlackBerry Java Applications on BlackBerry devices Configure the standalone application loader tool to install the BlackBerry Java Application in automated mode Use automated mode if you do not want to give users the option to cancel the installation of the BlackBerry Java Application. Before you begin: Verify that BlackBerry Device Manager version 4.1 or later is installed on the user’s computer.
PAGE 178
Administration Guide Alternative methods for installing BlackBerry Java Applications on BlackBerry devices Installing BlackBerry Java Applications using a web browser on BlackBerry devices You can install BlackBerry Java Applications on BlackBerry devices over the wireless network. This method does not require users to connect their BlackBerry devices to their computers. You can add the required files for the BlackBerry Java Application (a .jad file and the application .cod or .
PAGE 179
Administration Guide Alternative methods for installing BlackBerry Java Applications on BlackBerry devices BlackBerry Java Application • .jad file: The .jad file is the application descriptor that provides information about the application and the location of the application’s .cod or .jar files. • .cod or .jar files: These files contain compiled and packaged application code. Install the BlackBerry Java Application on a web server Before you begin: Obtain the .jad and .cod files or .
PAGE 180
Administration Guide Configuring how users access enterprise applications and web content Configuring how users access enterprise applications and web content 14 Specifying a BlackBerry MDS Connection Service as a central push server At least one BlackBerry MDS Connection Service in your organization's BlackBerry Domain must act as a central push server. Central push servers receive content push requests from server-side applications that are located on an application server or on a web server.
PAGE 181
Administration Guide Configuring how users access enterprise applications and web content Specify a BlackBerry MDS Connection Service as a central push server You can specify more than one BlackBerry MDS Connection Service in your organization's BlackBerry Domain as a central push server. By default, if one or two BlackBerry MDS Connection Service instances exist in the BlackBerry Domain, those instances are central push servers. 1.
PAGE 182
Administration Guide Configuring how users access enterprise applications and web content minutes. The BlackBerry devices prompt users only if the connection to the content server persists for more than 60 minutes. 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view. 2. Click MDS Connection Service. 3. Click Edit component. 4.
PAGE 183
Administration Guide Configuring how users access enterprise applications and web content Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to content servers that use Kerberos Before you begin: Configure the BlackBerry MDS Connection Service to authenticate to content servers on behalf of BlackBerry devices. 1. Navigate to :\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\Servers\Instance\config . 2. Configure the krb5.conf file.
PAGE 184
Administration Guide Configuring how users access enterprise applications and web content Configuring the BlackBerry MDS Connection Service to authenticate devices to the RSA Authentication Manager You can configure the BlackBerry MDS Connection Service to require that BlackBerry device users pass RSA authentication when they access the Internet or intranet from BlackBerry devices.
PAGE 185
Administration Guide • Configuring how users access enterprise applications and web content If you are running a 64-bit version of Windows Server 2008, the :\WINDOWS\SysWow64 folder 2. In the RSA Authentication Manager, create an Agent Host record for the BlackBerry Enterprise Server. The RSA Authentication Manager generates an sdconf.rec file. 3. On the computer that hosts the BlackBerry MDS Connection Service, copy the sdconf.
PAGE 186
Administration Guide 6. Configuring how users access enterprise applications and web content In the RSA inactivity timeout field, type a number, in minutes, to specify how long devices can remain connected to your organization's network while the users are inactive. By default, an authenticated connection persists for 60 minutes of user inactivity on the devices. 7. Click Save all.
PAGE 187
Administration Guide Configuring how users access enterprise applications and web content Configure the timeout limit for HTTP connections with BlackBerry devices You can specify how long a BlackBerry MDS Connection Service waits for a BlackBerry device to send data to it before the BlackBerry MDS Connection Service closes the HTTP connection to the BlackBerry device. The default timeout limit is 120,000 milliseconds (2 minutes). 1.
PAGE 188
Administration Guide Configuring how users access enterprise applications and web content Configure the maximum number of times that the BlackBerry Browser accepts HTTP redirections HTTP redirection occurs when the BlackBerry Browser requests a web page from a web server and the web server redirects the request to a new web address for the page. The default limit is 5 redirections. 1.
PAGE 189
Administration Guide Configuring how users access enterprise applications and web content Create a key store to store certificates for use with HTTPS connections You must create a key store to store the certificates that permit the BlackBerry MDS Connection Service to accept HTTPS connections from push applications. 1. On the computer that hosts the BlackBerry MDS Connection Service, on the taskbar, click Start > Programs > BlackBerry Enterprise Server > BlackBerry Server Configuration. 2.
PAGE 190
Administration Guide Task Configuring how users access enterprise applications and web content Steps 3. When prompted, click Yes. 3. Copy the key store file to :\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\webserver . After you finish: Export the certificate for the BlackBerry MDS Connection Service to make it available to other applications.
PAGE 191
Administration Guide Configuring how users access enterprise applications and web content After you finish: If the certificate does not exist, import the certificate to :\Program Files\Java\\lib \security\cacerts . Permit push applications to select the transport protocol for PAP requests By default, when a push application sends a PAP request to the BlackBerry MDS Connection Service, the BlackBerry MDS Connection Service directs requests to an HTTPS port.
PAGE 192
Administration Guide Configuring how users access enterprise applications and web content Specify whether the BlackBerry MDS Connection Service requires trusted HTTPS connections from web servers 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view. 2. Click MDS Connection Service. 3. Click Edit component. 4. On the HTTPS tab, in the Name field, type the name of a web server. 5.
PAGE 193
Administration Guide Configuring how users access enterprise applications and web content 2. Click MDS Connection Service. 3. Click Edit component. 4. On the TLS tab, in the Name field, type the name of a web server. 5. In the Service URL field, type the regular expression for the web address of the web server. 6. In the Settings section, in the Allow untrusted servers drop-down list, perform one of the following actions: • To permit only trusted TLS connections from the web server, click No.
PAGE 194
Administration Guide Configuring how users access enterprise applications and web content Configure the LDAP servers that the BlackBerry MDS Connection Service uses to retrieve certificates You can create a user name and password so that the BlackBerry MDS Connection Service can authenticate to LDAP servers on behalf of BlackBerry devices.
PAGE 195
Administration Guide Configuring how users access enterprise applications and web content LDAP server settings Field Description Base Query This field specifies the base query for the default LDAP server. You can use %20 for spaces. Each LDAP server can host multiple Windows domains but can search in only one Windows domain at a time. You might need to configure a default base query for some LDAP servers.
PAGE 196
Administration Guide Task Configuring how users access enterprise applications and web content Steps 4. To permit the BlackBerry MDS Connection Service to authenticate with the DSML certificate server on behalf of BlackBerry devices, in the User name field, type the user name that the BlackBerry MDS Connection Service can use to authenticate with the DSML certificate server. 5.
PAGE 197
Administration Guide • 5. Configuring how users access enterprise applications and web content Configure the OCSP handler to use the OCSP responder extension in a certificate. Perform one of the following tasks: Task Steps Create an OCSP server configuration. 1. In the Name field, type the OCSP server name. 2. In the Service URL field, type the web address for the server. 3. Click the Add icon. Change an existing OCSP server configuration. 1.
PAGE 198
Administration Guide Task Configuring how users access enterprise applications and web content Steps Create a CRL server configuration. 1. Type the CRL server name and the web address for the server. 2. Click the Add icon. Change an existing CRL server configuration. 6. 1. Click the Edit icon beside the CRL server. 2. Click the Accept icon. Click Save all.
PAGE 199
Administration Guide Configuring how users access enterprise applications and web content 8. To specify the communication method that the BlackBerry MDS Connection Service should try to connect to the server with first , click the Up and Down arrows. The BlackBerry MDS Connection Service resolves conflicts by applying communication methods in the order that you specify. The order of that you specify for LDAP, DSML, or file communication applies to each communication method separately.
PAGE 200
Administration Guide Configuring how users access enterprise applications and web content Add a retrieved certificate for a web server to the key store You can use the Java keytool to add a certificate for a web server to the BlackBerry MDS Connection Service key store. The certificate permits the BlackBerry MDS Connection Service to connect to the trusted web server. 1. Save the certificate from a secure web site to a .cer file. 2.
PAGE 201
Administration Guide Configuring how users access enterprise applications and web content Configure global login information for intranet site access 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry solution topology > BlackBerry Domain > Component view. 2. Click MDS Connection Service. 3. On the HTTP tab, click Edit component. 4. In the Protocol service information section, in the Authentication support enabled drop-down list, click Yes. 5.
PAGE 202
Administration Guide 5. Configuring how users access enterprise applications and web content Click Save all. Specify the pending content timeout limit for a BlackBerry MDS Connection Service You can specify how long a BlackBerry MDS Connection Service waits for acknowledgment from a BlackBerry device before it deletes pending content for the BlackBerry device. 1.
PAGE 203
Administration Guide Configuring how users access enterprise applications and web content Before you begin: Verify that your system memory can support the thread pool size that you want to specify. 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > MDS Connection Service. 2. Click the instance that you want to specify the thread pool size for. 3. Click Edit instance. 4.
PAGE 204
Administration Guide Configuring how users access enterprise applications and web content MDS Connection Service to process data as it did in previous versions of the BlackBerry Enterprise Server, you can prevent a BlackBerry MDS Connection Service from using scalable HTTP. 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > MDS Connection Service. 2.
PAGE 205
Administration Guide Configuring how users access enterprise applications and web content Specify how often a BlackBerry MDS Connection Service polls for configuration information You can specify how often a BlackBerry MDS Connection Service polls the BlackBerry Configuration Database for changes to the administration settings for the BlackBerry MDS Connection Service and BlackBerry Collaboration Service. The default interval is 5 minutes. 1.
PAGE 206
Administration Guide Setting up the messaging environment Setting up the messaging environment 15 Creating email message filters You can create email message filters to define which email messages the BlackBerry Enterprise Server forwards from users’ email applications to their BlackBerry devices.
PAGE 207
Administration Guide 5. Setting up the messaging environment In the Email message filter rules section, configure the options for the email message filter. Use semicolons (;) to separate multiple items that you specify. If you specify multiple users in the From or Sent to fields, or multiple subject terms in the Subject field, the message filter is applied to email messages that contain any of the users or terms that you specify.
PAGE 208
Administration Guide Setting up the messaging environment 2. Click Manage users. 3. Search for a user account. 4. In the search results, click the name of the user account. 5. Click Edit user. 6. In the Messaging configuration section, click Default configuration. 7. On the Email tab, in the Email message filter name field, type a name for the email message filter. 8. In the Email message filter rules section, configure the options for the email message filter.
PAGE 209
Administration Guide 8. In the Enabled drop-down list, click Yes. 9. Click Continue to user information edit. Setting up the messaging environment 10. Click Save all. The BlackBerry Administration Service applies email message filters in the order that they are listed in. Copying existing email message filters to another BlackBerry Enterprise Server You can copy the existing email message filters for a BlackBerry Enterprise Server and apply them to other instances of the BlackBerry Enterprise Server.
PAGE 210
Administration Guide Setting up the messaging environment 4. On the Email message filters tab, click Import email message filters. 5. In the Import email message filters section, click Browse. Navigate to the .xml file that contains the email message filters that you want to import. 6. Click Import email message filters. 7. Click Save all.
PAGE 211
Administration Guide Setting up the messaging environment 4. In the search results, click the name of the user account. 5. Click Edit user. 6. In the Messaging configuration section, click Default configuration. 7. On the Email tab, at the bottom of the screen, click Import email filters. 8. In the Import email message filters section, click Browse. Navigate to the .xml file that contains the email message filters that you want to import. 9. Click Import email message filters. 10.
PAGE 212
Administration Guide Setting up the messaging environment • If you are running a 32-bit version of Windows, navigate to HKEY_LOCAL_MACHINE\Software\Research In Motion \BlackBerry Enterprise Server\Agents. • If you are running a 64-bit version of Windows, navigate to HKEY_LOCAL_MACHINE\Software\WOW6432Node \Research In Motion\BlackBerry Enterprise Server\Agents. 5. If necessary, create a DWORD value named PlugIns. 6. Double-click the PlugIns DWORD value. 7.
PAGE 213
Administration Guide Setting up the messaging environment Change how a BlackBerry Messaging Agent uses extension plug-ins The BlackBerry Messaging Agent uses a BlackBerry Enterprise Server extension process to load extension plug-ins to process email messages.
PAGE 214
Administration Guide Setting up the messaging environment Mapping contact information fields for synchronization and contact lookups You can map contact information fields from the email applications on users' computers to the contact list fields on the BlackBerry devices. The information in the fields in the email applications synchronizes to the fields on the BlackBerry devices.
PAGE 215
Administration Guide Setting up the messaging environment 4. In the search results, click the display name for the user account. 5. Click Edit user. 6. In the Messaging configuration section, click Default configuration. 7. On the Mappings for organizer data synchronization tab, in the Mappings for organizer data synchronization section, select the Turned on option. 8. In the appropriate drop-down lists, select the fields on the BlackBerry device that you want to map the information to. 9.
PAGE 216
Administration Guide Setting up the messaging environment 6. In the Messaging configuration section, click Default configuration. 7. On the Mappings for organizer data synchronization tab, in the Mappings for organizer data synchronization section, select the Turned on option. 8. In the Other mappings section, in each User defined string drop-down list, select the contact field that you want to map to the BlackBerry device. 9. Click Continue to user information edit. 10. Click Save all.
PAGE 217
Administration Guide Configuring BlackBerry devices to enroll certificates over the wireless network Configuring BlackBerry devices to enroll certificates over the wireless network 16 You can configure the BlackBerry Enterprise Server to permit BlackBerry devices to enroll certificates that the devices can use with any PKI-enabled application or process.
PAGE 218
Administration Guide Configuring BlackBerry devices to enroll certificates over the wireless network If you configured the BlackBerry MDS Connection Service to retrieve the status of the certificates using an OCSP server or a CRL server and pull authorization is turned on, devices may not be able to enroll some certificates over the mobile network.
PAGE 219
Administration Guide Configuring BlackBerry devices to enroll certificates over the wireless network example, http://myca.mycompany.com:80/* ). Use /* to make sure that the BlackBerry MDS Connection Service can access all the URLs for the certification authority. 6. In the Settings section, in the User name field, type the name of a certification authority administrator account that can approve certificate requests using one of the following formats: domain\username or domain@username. 7.
PAGE 220
Administration Guide Configuring BlackBerry devices to enroll certificates over the wireless network 7. Click the Add icon. 8. To specify the communication method that the BlackBerry MDS Connection Service should try to connect to the server with first , click the Up and Down arrows. The BlackBerry MDS Connection Service resolves conflicts by applying communication methods in the order that you specify.
PAGE 221
Administration Guide 7. Configuring BlackBerry devices to enroll certificates over the wireless network To assign the BlackBerry MDS Connection Service configuration set to another BlackBerry MDS Connection Service instance, repeat steps 3 to 7. Add certificate information to a Wi-Fi profile You must add the name of the certification authority profile that contains certificate information to a Wi-Fi profile.
PAGE 222
Administration Guide Configuring BlackBerry devices to enroll certificates over the wireless network • Custom Microsoft Certificate Authority Certificate Template • Distinguished Name Components • Key Algorithm • Key Length • Microsoft Certificate Authority Certificate Template • RSA Certificate Authority Certificate ID • RSA Jurisdiction ID A certificate enrollment process does not delete the existing certificate from the device key store or notify the certification authority that the certi
PAGE 223
Administration Guide Configuring BlackBerry devices to enroll certificates over the wireless network Properties in the rimpublic.properties file Property Description application.handler.pkcs10.pollinginte If the certificate authority requires a certificate administrator to approve rval certificate requests, this property specifies the interval, in minutes, that the BlackBerry MDS Connection Service waits before it requests an update about pending certificate requests from the certificate authority.
PAGE 224
Administration Guide Making the BlackBerry Web Desktop Manager available to users Making the BlackBerry Web Desktop Manager available to users 17 Installing the client components of the BlackBerry Web Desktop Manager on users' computers By default, when users open and log in to the BlackBerry Web Desktop Manager for the first time, the browser prompts them to accept a client authentication certificate and install the required RIMWebComponents.cab file. The RIMWebComponents.
PAGE 225
Administration Guide Making the BlackBerry Web Desktop Manager available to users Publish the client files for the BlackBerry Web Desktop Manager in a Windows GPO for Windows XP If you use Microsoft Active Directory, you can create a Windows GPO to make sure that the browser settings are correct for your organization's environment. Alternatively, you can check the browser settings on users' computers and, if necessary, change them manually. 1.
PAGE 226
Administration Guide Making the BlackBerry Web Desktop Manager available to users After you finish: Perform one of the following actions: • On each user's computer that runs a 32-bit version of Windows, add the registry key HKEY_LOCAL_MACHINE\Software \Microsoft\WindowCurrentVersion\Internet Settings\UseCoInstall. • On each user's computer that runs a 64-bit version of Windows, add the registry key HKEY_LOCAL_MACHINE\Software \WOW6432Node\Microsoft\WindowCurrentVersion\Internet Settings\UseCoInstall.
PAGE 227
Administration Guide Making the BlackBerry Web Desktop Manager available to users 16. Expand Windows Components. 17. Click ActiveXInstaller Service. 18. Right-click Approved Installation Sites for ActiveX Controls. 19. Select Properties. 20. On the Settings tab, click Enabled. 21. Click Show. 22. Click Add. 23. In the Enter the name of the item to be added field, type the web address for the BlackBerry Administration Service. 24. In the Enter the value of the item to be added field, type 2,2,1,0. 25.
PAGE 228
Administration Guide Making the BlackBerry Web Desktop Manager available to users CLASS MACHINE CATEGORY !!RegistrySettings KEYNAME "Software\Microsoft\Windows\CurrentVersion\Internet Settings" ;KEYNAME "Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" POLICY !!EnableActiveXInstallFromAD EXPLAIN !!EnableActiveXInstallFromAD_Explain VALUENAME "UseCoInstall" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END POLICY END CATEGORY [strings] EnableActiveXInstallFromAD="Allow user computers to install
PAGE 229
Administration Guide Making the BlackBerry Web Desktop Manager available to users 13. Click Enabled. 14. Click OK. After you finish: For more information about registry-based Windows GPOs, visit technet.microsoft.com to read Using Administrative Template Files with Registry-Based Group Policy. Make the BlackBerry Web Desktop Manager available to users The BlackBerry Web Desktop Manager web address is https:// /webdesktop/login.
PAGE 230
Administration Guide Configuring the BlackBerry Web Desktop Manager Configuring the BlackBerry Web Desktop Manager 18 You can configure the BlackBerry Web Desktop Manager to permit users to perform administrative tasks such as creating a password for wireless activation, locking a lost or stolen BlackBerry device, deleting data from a device, or deactivating a device.
PAGE 231
Administration Guide Configuring the BlackBerry Web Desktop Manager Permit users to activate devices using the BlackBerry Web Desktop Manager You can specify whether users can use the BlackBerry Web Desktop Manager to activate BlackBerry devices using a wired connection to a computer. 1. In the BlackBerry Administration Service, in the Servers and components menu, expand BlackBerry Solution Topology > BlackBerry Domain > Component view. 2. Click BlackBerry Administration Service. 3.
PAGE 232
Administration Guide Configuring the BlackBerry Web Desktop Manager After you finish: To prevent users from backing up and restoring data from their BlackBerry devices, change Allow users to backup and restore data to No. Configure the domains for backing up data using the BlackBerry Web Desktop Manager You can specify the domains that users' computers are located in so that you can limit which users can back up data on their BlackBerry devices using the BlackBerry Web Desktop Manager. 1.
PAGE 233
Administration Guide 5. Configuring the BlackBerry Web Desktop Manager Click Save All. BlackBerry Web Desktop Manager text colors Parameter Description Default Font color 1 This text color specifies the hexadecimal color value of the description text in the BlackBerry Web Desktop Manager. #000000 (black) Font color 2 This text color specifies the hexadecimal color value of the copyright text in the BlackBerry Web Desktop Manager.
PAGE 234
Administration Guide Configuring the BlackBerry Web Desktop Manager Display a custom image in the BlackBerry Web Desktop Manager You can display a custom image, such as your organization's logo, in the upper-right corner of the BlackBerry Web Desktop Manager. The image file that you specify must be a .jpg or .gif file that is located on a trusted web site. 1.
PAGE 235
Administration Guide Creating and configuring Wi-Fi profiles and VPN profiles Creating and configuring Wi-Fi profiles and VPN profiles 19 Creating and configuring Wi-Fi profiles You can use Wi-Fi configuration settings and optional VPN configuration settings to manage BlackBerry devices that can operate on both mobile and Wi-Fi networks. You can manage the configuration settings for user accounts that are associated with a BlackBerry Enterprise Server by creating Wi-Fi profiles.
PAGE 236
Administration Guide Creating and configuring Wi-Fi profiles and VPN profiles • Configure authentication using a supported authentication method. For example, if your organization uses layer 2 access security, verify that your organization uses one of the supported layer 2 security methods. • Configure encryption using a supported encryption method. If your organization’s environment requires a VPN concentrator, configure a VPN concentrator for VPN access security using IPsec VPN.
PAGE 237
Administration Guide Creating and configuring Wi-Fi profiles and VPN profiles Item Connection type Default port number Where to configure the connection incoming connection from a BlackBerry device to the BlackBerry Router TCP 4101 Windows registry outgoing connection from a BlackBerry device to the BlackBerry Router for a direct Wi-Fi connection to the BlackBerry Infrastructure TCP 443 — Create a Wi-Fi profile 1.
PAGE 238
Administration Guide Creating and configuring Wi-Fi profiles and VPN profiles Configure a Wi-Fi profile on a BlackBerry device You can instruct BlackBerry device users to perform the following task if you want users to configure a Wi-Fi profile for the Wi-Fi networks that you did not create a Wi-Fi profile for in the BlackBerry Administration Service. By default, new Wi-Fi profiles appear at the end of the Wi-Fi profile list on the BlackBerry device. 1.
PAGE 239
Administration Guide Creating and configuring Wi-Fi profiles and VPN profiles 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User. 2. Click Manage users. 3. Search for one or more user accounts. 4. Click the name of the user account that you want to assign a Wi-Fi profile to. 5. Click Edit user. 6. On the Wi-Fi profiles tab, in the Wi-Fi profile name section, in the drop-down list, click the Wi-Fi profile. 7.
PAGE 240
Administration Guide Creating and configuring Wi-Fi profiles and VPN profiles To create a VPN profile, you configure the VPN configuration settings (for example, the IP address of the VPN concentrator, user names and passwords, and cryptographic methods that the BlackBerry Enterprise Server uses) on a BlackBerry device or using a VPN profile or IT policy. You can assign one or more VPN profiles to a user account or to a group.
PAGE 241
Administration Guide Creating and configuring Wi-Fi profiles and VPN profiles 4. Click Edit profile. 5. On the VPN profile settings tab, change the values for the configuration settings. 6. Click Save All. After you finish: • For information about VPN configuration settings, see the BlackBerry Enterprise Server Policy Reference Guide. • To update BlackBerry device information immediately, resend the IT policy to the BlackBerry device.
PAGE 242
Administration Guide Creating and configuring Wi-Fi profiles and VPN profiles 7. If required, in the VPN user specific settings section, specify the login information that you want to associate with the VPN profile. 8. Click the Add icon. 9. Click Save All. When you assign a VPN profile to a user account, the BlackBerry Administration Service creates a job to deliver the resulting object to the BlackBerry device.
PAGE 243
Administration Guide Creating and configuring Wi-Fi profiles and VPN profiles Delete a VPN profile Before you begin: Verify that the VPN profile is not assigned to a user account or associated with a Wi-Fi profile. 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy > Wi-Fi configuration. 2. Click Manage VPN profiles. 3. Click the name of a VPN profile. 4. Click Delete profile. 5. Click Yes - Delete the profile.
PAGE 244
Administration Guide Creating and configuring Wi-Fi profiles and VPN profiles • If you are using a text editor to create the .csv file, use quotation marks (" ") if the value for a field contains a space (for example, "Westlee Barichak"). • Add no more than 2000 actions to a file. • Assign a maximum of 32 profiles to BlackBerry devices that are running BlackBerry Device Software versions that are earlier than 4.5.0.
PAGE 245
Administration Guide Creating and configuring Wi-Fi profiles and VPN profiles Example: Changing profile information that you assigned to user accounts "User Id","Display Name","PIN","Email Address","Logon Name","Attribute Name","Attribute Type","Action","User Name","Password" "16","Westlee Barichak","","wbarichak@rim.com",,"wlan_1","WLAN","UPDATE","update_username","update _password" "8","Sherisse Da Silva","2072C4B7","sdasilva@.rim.
PAGE 246
Administration Guide Creating and configuring Wi-Fi profiles and VPN profiles Field Description User Name This field specifies the user name that the BlackBerry device can use to access the enterprise Wi-Fi network or VPN, if a user name is required. Password This field specifies the password that the BlackBerry device can use to access the enterprise Wi-Fi network or VPN, if a password is required. You can include quotation marks (" ") in the password. Import profile information from a .
PAGE 247
Administration Guide Configuring encryption and authentication methods for Wi-Fi enabled BlackBerry devices Configuring encryption and authentication methods for WiFi enabled BlackBerry devices 20 For information about the encryption and authentication methods for Wi-Fi connections, see the BlackBerry Enterprise Solution Security Technical Overview.
PAGE 248
Administration Guide Configuring encryption and authentication methods for Wi-Fi enabled BlackBerry devices 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy > Wi-Fi configuration. 2. Click Manage Wi-Fi profiles. 3. Click the name of the Wi-Fi profile that you want to change. 4. Click Edit profile. 5. On the Wi-Fi profile settings tab, configure the values for the following configuration settings: 6.
PAGE 249
Administration Guide Configuring encryption and authentication methods for Wi-Fi enabled BlackBerry devices Configure PSK encryption data for BlackBerry devices using a Wi-Fi profile If BlackBerry device users in your organization's environment use BlackBerry 7270 smartphones, you must configure passphrases using IT policy rules instead of configuration settings. Before you begin: Obtain the passphrase for the wireless access point. For more information, see the documentation for the access point. 1.
PAGE 250
Administration Guide Configuring encryption and authentication methods for Wi-Fi enabled BlackBerry devices Configure LEAP authentication data for BlackBerry devices using a Wi-Fi profile If BlackBerry device users in your organization's environment use BlackBerry 7270 smartphones, you must configure user names and passwords using IT policy rules instead of configuration settings.
PAGE 251
Administration Guide Configuring encryption and authentication methods for Wi-Fi enabled BlackBerry devices PEAP authentication requires that BlackBerry devices trust the authentication server certificate. To trust the authentication server certificate, BlackBerry devices must trust the certificate authority that issued the certificate. A certificate authority that the BlackBerry devices and the authentication server trust mutually must generate the certificate for the authentication server.
PAGE 252
Administration Guide Configuring encryption and authentication methods for Wi-Fi enabled BlackBerry devices • For more information about configuration settings, see the BlackBerry Enterprise Server Policy Reference Guide. • Resend the IT policy that you assign to the user accounts to BlackBerry devices. • Distribute the certificates.
PAGE 253
Administration Guide Configuring encryption and authentication methods for Wi-Fi enabled BlackBerry devices 8. In the Security Warning dialog box, click Yes. 9. Connect the BlackBerry device to the BlackBerry Desktop Manager. 10. In the BlackBerry Desktop Manager, select the Certificate Synch tool. 11. Type a password that you can use as the keystore password. 12.
PAGE 254
Administration Guide 9. Configuring encryption and authentication methods for Wi-Fi enabled BlackBerry devices If necesssary, in the Server subject field, type the server name in the server certificate, in URL format (for example, server1.domain.com or server1.domain.net). If you leave the field blank, the BlackBerry device skips over it during server authentication. 10. If necesssary, in the Server SAN field, type the alternative name for the server, in URL format (for example, server1.domain.
PAGE 255
Administration Guide Configuring encryption and authentication methods for Wi-Fi enabled BlackBerry devices Configure EAP-TLS authentication data for BlackBerry devices using a Wi-Fi profile If BlackBerry users in your organization's environment use BlackBerry 7270 smartphones, you must configure user names and passwords using IT policy rules instead of configuration settings. 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy > Wi-Fi configuration. 2.
PAGE 256
Administration Guide Configuring encryption and authentication methods for Wi-Fi enabled BlackBerry devices Configure EAP-TLS configuration settings in the Wi-Fi profile on a BlackBerry device If you do not configure the EAP-TLS configuration settings using the BlackBerry Administration Service, instruct the users to configure the settings in the Wi-Fi profile on the Wi-Fi enabled BlackBerry device. 1. On the BlackBerry device, in the device options, click Wi-Fi Connections. 2.
PAGE 257
Administration Guide Configuring encryption and authentication methods for Wi-Fi enabled BlackBerry devices EAP-TTLS authentication requires that BlackBerry devices trust the authentication server certificate. To trust the authentication server certificate, BlackBerry devices must trust the certificate authority that issued the certificate. A certificate authority that the BlackBerry devices and the authentication server trust mutually must generate the authentication server certificate.
PAGE 258
Administration Guide Configuring encryption and authentication methods for Wi-Fi enabled BlackBerry devices • For more information about configuration settings, see the BlackBerry Enterprise Server Policy Reference Guide. • Resend the IT policy that you assign to the user accounts to Wi-Fi enabled BlackBerry devices. • Distribute the certificates.
PAGE 259
Administration Guide Configuring encryption and authentication methods for Wi-Fi enabled BlackBerry devices Configuring EAP-FAST authentication EAP-FAST is an authentication method that was developed by Cisco Systems. Similar to PEAP authentication, EAP-FAST authentication encrypts EAP transactions within a TLS tunnel. Although PEAP uses a server-side digital certificate to configure the TLS tunnel, EAP-FAST uses a .pac file. The .
PAGE 260
Administration Guide Configuring encryption and authentication methods for Wi-Fi enabled BlackBerry devices Send EAP-FAST authentication data to a BlackBerry device using a Wi-Fi profile If BlackBerry users in your organization's environment use BlackBerry 7270 smartphones, you must configure user names and passwords using IT policy rules instead of configuration settings. 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy > Wi-Fi configuration. 2.
PAGE 261
Administration Guide Configuring encryption and authentication methods for Wi-Fi enabled BlackBerry devices Configure EAP-FAST configuration settings in the Wi-Fi profile on BlackBerry devices If you do not configure the EAP-FAST configuration settings using the BlackBerry Administration Service, instruct users to configure the settings in the Wi-Fi profile on the Wi-Fi enabled BlackBerry device. 1. On the BlackBerry device, in the device options, click Wi-Fi Connections. 2.
PAGE 262
Administration Guide Configuring software tokens for BlackBerry devices Configuring software tokens for BlackBerry devices 21 The BlackBerry Enterprise Server is designed to work with the RSA Authentication Manager to provide software token support for use with layer 2 and layer 3 Wi-Fi authentication on Wi-Fi enabled BlackBerry devices.
PAGE 263
Administration Guide Configuring software tokens for BlackBerry devices • Import the token seed file (also known as the *.sdtid file) that contains the UID for each software token into the RSA Authentication Manager Database. • In the RSA Authentication Manager Database, create a user record for each software token holder.
PAGE 264
Administration Guide Configuring software tokens for BlackBerry devices Configure RSA authentication over a Wi-Fi network using a software token You must add the serial number of the software token that the Wi-Fi enabled BlackBerry devices can use to a Wi-Fi profile so that RSA authentication can occur over Wi-Fi connections. 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy > Wi-Fi configuration. 2. Click Manage Wi-Fi profiles. 3.
PAGE 265
Administration Guide 6. Configuring software tokens for BlackBerry devices Click Save All. After you finish: • Assign the VPN profile to the user accounts. • Resend the IT policy that you assign to the user accounts to BlackBerry devices. Assign software tokens to a user account You must assign the software tokens that BlackBerry device users can use to authenticate to a Wi-Fi network or VPN network to the user accounts.
PAGE 266
Administration Guide Changing the security settings of the BlackBerry Administration Service and BlackBerry Web Desktop Manager Changing the security settings of the BlackBerry Administration Service and BlackBerry Web Desktop Manager 22 Import a new SSL certificate for the BlackBerry Administration Service and BlackBerry Web Desktop Manager When you install the BlackBerry Administration Service and BlackBerry Web Desktop Manager, the setup application generates an SSL certificate to protect the HTTPS c
PAGE 267
Administration Guide Changing the security settings of the BlackBerry Administration Service and BlackBerry Web Desktop Manager \web.keystore"). When the keytool prompts you for the first name and last name, type the pool name of the BlackBerry Administration Service. You can find the pool name in the Administration Service – High Availability tab. 4.
PAGE 268
Administration Guide Changing the security settings of the BlackBerry Administration Service and BlackBerry Web Desktop Manager can use Microsoft Active Directory authentication to log users into the BlackBerry Administration Service console and the BlackBerry Web Desktop Manager. You must install the BlackBerry Enterprise Server in the resource forest if a resource forest exists in your organization's environment.
PAGE 269
Administration Guide Changing the security settings of the BlackBerry Administration Service and BlackBerry Web Desktop Manager 6. In the User domain field, type the name of the Windows domain that is a part of the resource forest. 7. In the Global Catalog search base field, perform one of the following actions: • To permit the BlackBerry Administration Service to search the global catalog, leave the Global Catalog search base field blank.
PAGE 270
Administration Guide Changing the security settings of the BlackBerry Administration Service and BlackBerry Web Desktop Manager screen and access the BlackBerry Administration Service and BlackBerry Web Desktop Manager directly. The BlackBerry Monitoring Service does not support single sign-on authentication. Before you turn on single sign-on, you must configure constrained delegation for the Microsoft Active Directory account for the BlackBerry Administration Service.
PAGE 271
Administration Guide Changing the security settings of the BlackBerry Administration Service and BlackBerry Web Desktop Manager 4. In the Login domain section, in the Single sign-on authentication for BlackBerry Administration Service turned on drop-down list, click Yes. 5. To configure the Microsoft Active Directory account for each forest, in the Account forest name section, type the user domain name, user name, and password for the Microsoft Active Directory account. 6. Click Save all. 7.
PAGE 272
Administration Guide Changing the security settings of the BlackBerry Administration Service and BlackBerry Web Desktop Manager Changing password settings for BlackBerry Administration Service authentication If you use BlackBerry Administration Service authentication in your organization's environment, you can change the minimum password length and the number of days until passwords expire to meet the requirements of your organization's security policies.
PAGE 273
Administration Guide Changing the security settings of the BlackBerry Administration Service and BlackBerry Web Desktop Manager Regenerate the system credentials for the BlackBerry Administration Service The setup application generates the system credentials for the BlackBerry Administration Service during the installation process. The BlackBerry Administration Service uses the system credentials when it communicates with other BlackBerry Enterprise Server components.
PAGE 274
Administration Guide Protecting and redistributing devices Protecting and redistributing devices 23 Preparing a device for redistribution to a new user You can prepare a BlackBerry device for redistribution to a new BlackBerry device user by performing one of the following actions: • use the security options on the device to permanently delete all user data • connect the device to the BlackBerry Administration Service and delete all user data from the device permanently • connect the device to the
PAGE 275
Administration Guide Protecting and redistributing devices 6. Click Assign current device. 7. Search for the new user account that you want to assign the device to. 8. Select the user name. 9. Click Associate user. After you assign the user account to the device, the activation process begins automatically. 10. On the Devices menu, click Attached devices > Device software. 11. Install the applications that the user requires on the device.
PAGE 276
Administration Guide Protecting and redistributing devices require that a personal device remove only work data when the device receives the Delete only the organization data and remove device IT administrative command over the wireless network. All personal data remains on the device. A BlackBerry device user cannot use the device or make emergency calls while the device deletes the work data.
PAGE 277
Administration Guide Protecting and redistributing devices Delete only work data from a device Before you begin: If you want to remove your organization's applications from the BlackBerry device, create a software configuration that includes the applications and set the disposition of all work applications to Disallowed in the software configuration. Assign the software configuration to the user account to send it to the device.
PAGE 278
Administration Guide Protecting and redistributing devices Using IT administration commands to protect a lost or stolen device The BlackBerry Enterprise Server includes IT administration commands that you can send over the wireless network to protect sensitive data on a BlackBerry device. You can use the commands to lock the device, permanently delete work data, permanently delete user information and application data, and return the device settings to the default values.
PAGE 279
Administration Guide IT administration command Protecting and redistributing devices Description You can also specify whether you want to delete or disable a user account from the BlackBerry Enterprise Server after the device deletes all user information and application data. Protect a stolen device 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User. 2. Click Manage users. 3. Search for a user account. 4.
PAGE 280
Administration Guide Protecting and redistributing devices 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User. 2. Click Manage users. 3. Search for a user account. 4. In the search results, click the PIN for the user account. 5. In the Device activation section, click Specify new device password and lock device. 6. Type and confirm an activation password. For devices that are running BlackBerry Device Software version 4.
PAGE 281
Administration Guide • 8. Protecting and redistributing devices To disable a user account from the BlackBerry Enterprise Server and remove the BlackBerry Enterprise Server information from the user's mailbox, click Disable the user and remove BlackBerry information from the user's messaging system. Click Yes - Delete all device data and remove device.
PAGE 282
Administration Guide Managing administrator accounts Managing administrator accounts 24 Change role permissions To turn on or turn off permissions for administrator accounts, you can change the permissions for the roles that you assigned to the administrator accounts. If an administrator account is a member of a group that you assigned roles to, you can also turn on or turn off the permissions for the administrator account by changing the permissions for the roles that you assign to the group. 1.
PAGE 283
Administration Guide Managing administrator accounts 2. Click Manage users. 3. Search for an administrator account. 4. In the search results, click the display name for the administrator account. 5. Click Edit user. 6. On the Roles tab, in the Available roles and Current roles lists, add or remove the appropriate roles. 7. Click Save all.
PAGE 284
Administration Guide 5. In the Status list, click Delete user. 6. Click Yes - Delete the user.
PAGE 285
Administration Guide Managing groups and user accounts Managing groups and user accounts 25 Managing groups You can reduce the time that you spend managing user accounts by creating groups of similar user accounts and assigning shared properties, such as software configurations or IT policies, to the group. Properties that you assign to a group are assigned to all user accounts in the group.
PAGE 286
Administration Guide Managing groups and user accounts group consists of a set of preconfigured rules which specify the information that administrators can view and the tasks that they can perform using the BlackBerry Administration Service and BlackBerry Monitoring Service. The default groups ensure users without administrative privileges cannot escalate their permissions, for example, junior administrators cannot escalate their roles to senior administrator roles.
PAGE 287
Administration Guide Managing groups and user accounts Change the properties of a group After you create a group, specify the properties that you want to apply to all user and administrator accounts in the group. You can copy the properties from one group to another. When you add user accounts or administrator accounts to a group, the group properties apply to the new accounts automatically. 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Group. 2.
PAGE 288
Administration Guide Managing groups and user accounts Managing user accounts You can move user accounts from one user group to another or from one BlackBerry Enterprise Server to another in the BlackBerry Domain. If you move a user account from one BlackBerry Enterprise Server to another, the destination BlackBerry Enterprise Server sends new service books to the BlackBerry device over the wireless network.
PAGE 289
Administration Guide Managing groups and user accounts Move a user account from one BlackBerry Enterprise Server to another 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User. 2. Click Manage users. 3. Search for one or more user accounts. 4. In the search results, select one or more user accounts. 5. In the BlackBerry Enterprise Server status list, click Switch BlackBerry user to different BlackBerry Enterprise Server. 6.
PAGE 290
Administration Guide • Managing groups and user accounts To delete the BlackBerry Enterprise Server information from the user’s mailbox, click Yes - Disable as BlackBerry user and remove information from the user's mail system. 7. Click Back to search. 8. In the Search users > User criteria section, type the display name for the user account. 9. Click the display name for the user account. 10. In the Status list, click Delete user. Update a user account manually 1.
PAGE 291
Administration Guide Managing groups and user accounts 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view. 2. Click Email. 3. Click Refresh available user list from company directory. Resend service books to a BlackBerry device 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User. 2. Click Manage users. 3. Search for a user account. 4.
PAGE 292
Administration Guide Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices 26 Managing the default distribution settings for jobs When you create a software configuration and assign it to user accounts, change a software configuration that you assigned to user accounts, or assign or change an IT policy, the Bla
PAGE 293
Administration Guide Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices 1. In the BlackBerry Administration Service, on the Devices menu, expand Deployment jobs. 2. Click Specify job schedule settings. 3. Click Edit job schedule settings. 4. In the Default delay for each job section, in the Default delay field, type the number of minutes that the BlackBerry Administration Service waits before it creates and processes a job.
PAGE 294
Administration Guide Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices Task Steps 1. In the Scheduled deployment day(s) drop-down list, click the appropriate recurrence option. If necessary, select the recurrence days. 2. In the Start time drop-down list, click the appropriate option. If necessary, set the start time and end time. 3. Click the Add icon. 5.
PAGE 295
Administration Guide Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices Task Steps Change the default recurrence day for installing, upgrading, or removing BlackBerry Java Applications. 1. Click the Edit icon for the default recurrence day. 2. In the Scheduled deployment day(s) drop-down list, click the appropriate recurrence option. If necessary, select the recurrence days. 3.
PAGE 296
Administration Guide Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices Change how to install or update the BlackBerry Device Software You can change the settings that the BlackBerry Administration Service uses to install or upgrade the BlackBerry Device Software on BlackBerry devices.
PAGE 297
Administration Guide Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices maximum number of BlackBerry Device Software tasks that you want the BlackBerry Enterprise Server to process at the same time. The default value is 25. 8.
PAGE 298
Administration Guide Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices Task Steps 3. Click the Add icon. 5. On the System throttling tab, in the Maximum number of simultaneous tasks per BlackBerry Administration Service instance field, type the maximum number of tasks that you want the BlackBerry Enterprise Server to process at the same time. The default value is 1000. 6.
PAGE 299
Administration Guide Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices Specify the start time and priority for a job If a job has not started running, you can specify when you want the job to start. If you do not specify the start time for a job, the job starts according to the distribution settings that you configured in the BlackBerry Administration Service. You can also change the priority of a job.
PAGE 300
Administration Guide Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices Task Steps 2. In the Scheduled deployment day(s) drop-down list, click the appropriate recurrence option. If necessary, select the recurrence days. 3. In the Start time drop-down list, click the appropriate option. If necessary, change the start time and end time. 4. Click the Update icon.
PAGE 301
Administration Guide Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices 2. Click Manage deployment jobs. 3. Search for the job that you want to change. 4. In the search results, click the ID of the job that you want to change. 5. Click Edit job. 6.
PAGE 302
Administration Guide Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices Change how a job sends the BlackBerry Device Software to BlackBerry devices You can change how the BlackBerry Administration Service installs or updates the BlackBerry Device Software in a specific job on BlackBerry devices. You can change the distribution settings for a job for the BlackBerry Device Software only if the job is not running.
PAGE 303
Administration Guide 8.
PAGE 304
Administration Guide Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices Task Steps Add a recurrence day for sending or updating standard application settings. To add more than one recurrence day, the schedules for the separate recurrence days cannot overlap. 1. In the Scheduled deployment day(s) drop-down list, click the appropriate recurrence option. If necessary, click the recurrence days. 2.
PAGE 305
Administration Guide Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices BlackBerry Java Application from the application repository if the BlackBerry Java Application is in a software configuration. 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Software > Applications. 2. Click Manage applications. 3. Search for a BlackBerry Java Application. 4.
PAGE 306
Administration Guide Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices Managing software configurations Remove a software configuration from a group If you remove a software configuration from a group, the applications in the software configuration are removed from the BlackBerry devices that are associated with the user accounts that belong to the group. 1.
PAGE 307
Administration Guide 9. Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices Click Save. Remove a software configuration from a user account If you remove a software configuration from a user account, the applications in the software configuration are removed from the BlackBerry device associated with the user account. 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User. 2.
PAGE 308
Administration Guide Managing how users access enterprise applications and web content Managing how users access enterprise applications and web content 27 Restricting user access to content on web servers You can prevent BlackBerry device users from accessing specific web servers using the BlackBerry Browser or applications on BlackBerry devices.
PAGE 309
Administration Guide 5. Managing how users access enterprise applications and web content Click Save all. Users cannot access web content on their BlackBerry devices until you permit the users to access specific web servers using pull rules. After you finish: To permit users to access specific web servers, specify allowed web address patterns and assign the web address patterns to a pull rule, and assign the pull rule to a user account or group.
PAGE 310
Administration Guide 5. In the Control type drop-down list, click Pull. 6. Click the Add icon. 7. Click Save all. Managing how users access enterprise applications and web content After you finish: Restrict or permit web address patterns using a pull rule. Restrict or permit web addresses and Intranet addresses using a pull rule Before you begin: • Create a pull rule.
PAGE 311
Administration Guide 9. Managing how users access enterprise applications and web content • To require that a user authenticates to the RSA Authentication Manager using RSA authentication, click RSA. • To require that the BlackBerry MDS Connection Service authenticates the user using integrated Windows authentication and that a user authenticates to the RSA Authentication Manager using RSA authentication, click Integrated and RSA. Click the Add icon. 10.
PAGE 312
Administration Guide 7. Click Add. 8. Click Save. Managing how users access enterprise applications and web content Restricting user access to media content in the BlackBerry Browser You can use standard definitions for MIME media types so that you can restrict the media types that the BlackBerry MDS Connection Service can send to the BlackBerry Browser and other applications on BlackBerry devices. For more information about MIME media types, visit www.iana.org.
PAGE 313
Administration Guide Managing how users access enterprise applications and web content 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view. 2. Click MDS Connection Service. 3. Click Edit component. 4. In the Media content type field, type the media type and subtype using standard definitions for MIME media types. Use the format /.
PAGE 314
Administration Guide Managing how users access enterprise applications and web content Configure download limits for media content types, 312 Configuring Integrated Windows authentication so that users can access resources on your organization's network To permit BlackBerry device users to access resources on your organization's network using BlackBerry devices without requiring the users to type a user name and password each time they access the network resources, you can configure the BlackBerry MDS Co
PAGE 315
Administration Guide Managing how users access enterprise applications and web content Configuring the Microsoft Active Directory account to delegate access Prerequisites: Configuring the Microsoft Active Directory account to delegate access to an intranet site • Verify that you configured Integrated Windows authentication for the application server that hosts the intranet site.
PAGE 316
Administration Guide Managing how users access enterprise applications and web content 2. In Microsoft Active Directory, in the Microsoft Active Directory account properties, if the Delegation tab does not display, update the default HOST SPN registrations for the Microsoft Active Directory account. 3.
PAGE 317
Administration Guide Managing how users access enterprise applications and web content Configure the Microsoft Active Directory account to delegate access to a shared folder You are required to have only one Microsoft Active Directory account in each Microsoft Active Directory domain that includes the resources that you want to turn on Integrated Windows authentication for. For more information about configuring the Microsoft Active Directory account using setspn and Microsoft Active Directory, visit www.
PAGE 318
Administration Guide Managing how users access enterprise applications and web content located in a different Microsoft Active Directory domain than the global catalog server, you must create the Microsoft Active Directory account in the Microsoft Active Directory domain that includes the global catalog server.
PAGE 319
Administration Guide Managing how users access enterprise applications and web content 4. In the Integrated authentication turned on drop-down list, click Yes. 5. For each Microsoft Active Directory account, provide the following information: • In the Delegation user domain field, type the FQDN (for example, ldap.example.com). • In the Delegation user name field, type the user name. • In the Password and Confirm fields, type the password. 6. Click Save all. 7.
PAGE 320
Administration Guide Managing how users access enterprise applications and web content Restricting the push application content that users can receive By default, a BlackBerry MDS Connection Service sends push requests from server-side push applications to applications on BlackBerry devices. BlackBerry devices can receive application data and application updates without users requesting the content.
PAGE 321
Administration Guide Managing how users access enterprise applications and web content use the same authorization password) if your organization's development environment permits it. Verify that the authorization HTTP header in push requests from server-side push applications matches the name and password that you specify for the push initiator. Before you begin: Turn on push authentication for the appropriate instances of the BlackBerry MDS Connection Service. 1.
PAGE 322
Administration Guide Managing how users access enterprise applications and web content Restrict push applications from sending data to BlackBerry devices, 320 Create a push rule 1. In the BlackBerry Administration Service, in the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view. 2. Click MDS Connection Service. 3. Click Edit component. 4. On the Access control rules tab, in the Rule name field, type a name for the push rule. 5.
PAGE 323
Administration Guide Managing how users access enterprise applications and web content Assign a push rule to the members of a group Before you begin: • Create a push rule. • Assign push initiators to the push rule. 1. In the BlackBerry Administration Service, in the BlackBerry solution management menu, expand User. 2. Click Manage users. 3. Click View more criteria. 4. Search for a group. 5. Click Select all results in the entire set. 6.
PAGE 324
Administration Guide Managing how users access enterprise applications and web content Encrypt push requests that push applications send to BlackBerry devices You can configure a BlackBerry MDS Connection Service to use SSL or TLS to encrypt the push requests that server-side push applications send to BlackBerry devices. By default, the BlackBerry MDS Connection Service does not encrypt the push requests that server-side push applications send. 1.
PAGE 325
Administration Guide Managing how users access enterprise applications and web content 2. Click the instance that you want to specify device ports for. 3. Click Edit instance. 4. In the Device ports enabled for reliable pushes field, type the device port number. 5. Click the Add icon. 6. Repeat steps 4 to 5 for each device port number that you want to add. 7. Click Save all. 8. Click Restart instance.
PAGE 326
Administration Guide Managing how users access enterprise applications and web content Configure the settings for storing push requests in the BlackBerry Configuration Database To manage your organization's system resources, you can configure storage settings for push requests that are stored in the BlackBerry Configuration Database. 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view. 2.
PAGE 327
Administration Guide Managing how users access enterprise applications and web content Configure the maximum number of queued connections that a BlackBerry MDS Connection Service can process The BlackBerry MDS Connection Service queues push connections when the number of connections exceeds a limit that you specify. You can configure the maximum number of push connections that a BlackBerry MDS Connection Service can queue.
PAGE 328
Administration Guide Managing organizer data synchronization Managing organizer data synchronization 28 Managing the wireless backup and recovery of organizer data The wireless backup feature backs up user account settings and data from BlackBerry devices to the BlackBerry Enterprise Server automatically. You can use the wireless backup feature to synchronize organizer data to BlackBerry devices without affecting the performance of your organization's messaging server.
PAGE 329
Administration Guide Managing organizer data synchronization Delete organizer data for members of a user group from the BlackBerry Enterprise Server If the BlackBerry Enterprise Server is not writing organizer data for members of a user group from their BlackBerry devices to the BlackBerry Configuration Database correctly, the organizer data on the BlackBerry Enterprise Server might be corrupted. You can delete the organizer data from the BlackBerry Enterprise Server.
PAGE 330
Administration Guide Managing organizer data synchronization Turn off organizer data synchronization for all user accounts that are associated with a BlackBerry Enterprise Server 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Synchronization. 2. Click the instance that you want to change. 3. In the Instance information section, click Synchronization. 4. Click Edit component. 5.
PAGE 331
Administration Guide Managing organizer data synchronization Changing how organizer data synchronizes Change the direction of organizer data synchronization for all user accounts on a BlackBerry Enterprise Server 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Synchronization. 2. Click the instance that you want to change. 3. In the Instance information section, click Synchronization. 4.
PAGE 332
Administration Guide 7. Managing organizer data synchronization On the Organizer data synchronization tab, for each type of organizer data, in the Synchronization type drop-down list, perform one of the following actions: • To synchronize data from the BlackBerry Enterprise Server to the BlackBerry device only, click Server to Device. • To synchronize data from the BlackBerry device to the BlackBerry Enterprise Server only, click Device to Server.
PAGE 333
Administration Guide Managing organizer data synchronization 2. Click Manage users. 3. Search for a user account. 4. In the search results, click the display name for the user account. 5. Click Edit user. 6. In the Messaging configuration section, click Default configuration. 7.
PAGE 334
Administration Guide Managing organizer data synchronization 6. In the Messaging configuration section, click Default configuration. 7. On the Mappings for organizer data synchronization tab, in the Additional mappings section, in the Picture dropdown list, click None. 8. Click Continue to user information edit. 9. Click Save all.
PAGE 335
Administration Guide Managing your organization's messaging environment and attachment support Managing your organization's messaging environment and attachment support 29 Managing message forwarding You can define the message forwarding settings for user accounts and groups that are associated with the BlackBerry Enterprise Server. The settings control how the BlackBerry Enterprise Server forwards email messages from users’ email applications to their BlackBerry devices.
PAGE 336
Administration Guide 8. Click Continue to user information edit. 9. Click Save all. Managing your organization's messaging environment and attachment support Do not deliver email messages to a BlackBerry device when no filter rules apply You can configure a BlackBerry Enterprise Server to prevent the delivery of incoming email messages to a user’s BlackBerry device when no email message filters apply to the email messages. 1.
PAGE 337
Administration Guide Managing your organization's messaging environment and attachment support • To forward email messages from the user's inbox and sent items folder, click Inbox and Sent Items only. • To select the folders that you want the BlackBerry Enterprise Server to forward messages from, click Selected folders. Click the folders that you want to forward messages from. 8. Click Continue to user information edit. 9. Click Save all.
PAGE 338
Administration Guide Managing your organization's messaging environment and attachment support 5. In the Messaging configuration section, click Default configuration. 6. In the Email services settings section, on the Redirect to BlackBerry device drop-down list, click No. 7. Click Continue to user information edit. 8. Click Save all. After you finish: The user can turn on message forwarding on the BlackBerry device manually.
PAGE 339
Administration Guide Managing your organization's messaging environment and attachment support 6. In the Messaging configuration section, click Default configuration. 7. In the Email services settings section, in the Redirect when in cradle drop-down list, click No. 8. Click Continue to user information edit. 9. Click Save all.
PAGE 340
Administration Guide Managing your organization's messaging environment and attachment support Managing wireless message reconciliation The BlackBerry Enterprise Server synchronizes email message status changes between BlackBerry devices and the email applications on users' computers. The BlackBerry Enterprise Server reconciles message moves, deletions, and indicators for read and unread messages every 30 minutes. By default, wireless message reconciliation is turned on.
PAGE 341
Administration Guide Managing your organization's messaging environment and attachment support 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Email. 2. Click the instance that you want to change. 3. Click Edit instance. 4. On the Messaging tab, in the Messaging options section, in the Hard deletes reconciliation drop-down list, click True. 5. Click Save all. 6.
PAGE 342
Administration Guide 7. Managing your organization's messaging environment and attachment support • If you want to change a BlackBerry Enterprise Server pair, click one of the instances, and on the Instance information tab, click Restart instance. Repeat this step for the other instance in the pair. • In the Windows Services, restart the BlackBerry Dispatcher. Repeat step 2 to step 6 for each BlackBerry Enterprise Server instance that you want to turn off the feature for.
PAGE 343
Administration Guide Managing your organization's messaging environment and attachment support After you finish: To turn on the ability to search for remote messages, in the Messaging Options section, change Remote search turn on to True. Click Save all. Restart the BlackBerry Enterprise Server.
PAGE 344
Administration Guide Managing your organization's messaging environment and attachment support Turn off support for rich text formatting and inline images in email messages for users on a BlackBerry Enterprise Server You can prevent the BlackBerry Enterprise Server from sending email messages that contain HTML and rich content to BlackBerry devices. When you turn off rich text formatting, the BlackBerry Enterprise Server sends all email messages in plain text format.
PAGE 345
Administration Guide Managing your organization's messaging environment and attachment support Turn off support for rich text formatting and inline images in email messages using an IT policy rule You can change an IT policy rule to prevent the BlackBerry Enterprise Server from sending email messages that contain HTML and rich content or inline images to users. If you turn off support for rich text formatting, the BlackBerry Enterprise Server sends all email messages in plain text format.
PAGE 346
Administration Guide Managing your organization's messaging environment and attachment support Synchronizing folders on the BlackBerry device Control which published public contact folders a user can synchronize to a BlackBerry device By default, a user can synchronize contacts from all of the published public contact folders on the messaging server with the contact lists on a BlackBerry device.
PAGE 347
Administration Guide Managing your organization's messaging environment and attachment support 3. Search for a user account. 4. Click the display name for the user account. 5. Click Edit User. 6. In the Messaging configuration section, click Device configuration. 7. On the Email tab, in the Private contact folders section, select the private contact subfolders that you want to permit the user to synchronize with the contact lists on the BlackBerry device. 8.
PAGE 348
Administration Guide Managing your organization's messaging environment and attachment support Configuring access to documents on remote file systems By default, the BlackBerry MDS Connection Service can search your organization's Windows network for any documents that users might want to access from the BlackBerry devices. In BlackBerry Enterprise Server version 5.0 or later and BlackBerry Device Software version 5.
PAGE 349
Administration Guide Managing your organization's messaging environment and attachment support (for example, the DFS Namespace in Windows Server) and is the optional directory path that can include a specific filename. When you type the UNC path, you can use an asterisk (*) to represent a sequence of arbitrary characters (including blank spaces), a question mark (?) to represent a single arbitrary character, and a backslash (\) to represent an escape character.
PAGE 350
Administration Guide • Managing your organization's messaging environment and attachment support To change an existing configuration set, click the Edit icon. 5. In the Priority Service group drop-down list, click the name of the service that you want to configure the communication method for. 6. In the Service (Name : Description) drop-down list, click the name of the communication method that you want to configure. 7. Click the Add icon. 8.
PAGE 351
Administration Guide Managing your organization's messaging environment and attachment support 4. Click Edit instance. 5. On the Component Configuration Sets tab, in the Available component configuration sets section, in the Service configuration sets drop-down list, click the configuration set that you want to assign to the BlackBerry MDS Connection Service instance. 6. Click Save all. 7.
PAGE 352
Administration Guide Managing your organization's messaging environment and attachment support Add a disclaimer to email messages that users send from BlackBerry devices You can add a disclaimer to email messages that users send from their BlackBerry devices. Users cannot change the disclaimers that you define. 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry solution topology > BlackBerry Domain > Component view > Email. 2.
PAGE 353
Administration Guide 8. Click Continue to user information edit. 9. Click Save all. Managing your organization's messaging environment and attachment support Specify conflict rules for disclaimers If you associate multiple disclaimers with a user account, you can specify conflict rules for the disclaimer to define the order in which the BlackBerry Enterprise Server applies the disclaimers.
PAGE 354
Administration Guide Managing your organization's messaging environment and attachment support Monitor email messages that users send from BlackBerry devices To monitor the content of email messages that users send from their BlackBerry devices, you can BCC specific email addresses on the email messages. You can BCC the email addresses of all of the users that you assign to a BlackBerry Messaging Agent.
PAGE 355
Administration Guide Managing your organization's messaging environment and attachment support appropriate for informing users about messaging server outages because BlackBerry devices send and receive PIN messages directly, without using the messaging server. BlackBerry devices do not apply filters to PIN messages.
PAGE 356
Administration Guide 6. Managing your organization's messaging environment and attachment support Click Send message. Send a notification message to a user 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User. 2. Click Manage users. 3. Search for a user account. 4. In the search results, click the name of a user account. 5. Click Send message to user. 6. Type the message that you want to send. 7. Click Send message.
PAGE 357
Administration Guide Managing your organization's messaging environment and attachment support How the BlackBerry Attachment Connector communicates with BlackBerry Attachment Service instances When a user sends a request to view an email message attachment on a BlackBerry device, the BlackBerry device sends a request to the BlackBerry Enterprise Server to convert the attachment.
PAGE 358
Administration Guide Managing your organization's messaging environment and attachment support 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Attachment > Connector. 2. Click the instance that you want to change. 3. Click Edit instance. 4.
PAGE 359
Administration Guide Managing your organization's messaging environment and attachment support Attachment file formats that the BlackBerry Attachment Service supports Format Extension Adobe Acrobat .pdf ASCII text .txt audio .amr, .mp3, .wav, .wma Corel WordPerfect 7-10 .wpd HTML .htm, .html images .bmp, .gif, .jpeg, .jpg, .png, .ppm, .tif, .t iff, .wmf Microsoft Excel 97-2003, 2007, and XP .xls, .xlsx Microsoft PowerPoint 97-2003, 2007, and XP .pps, .ppsx, .ppt, .
PAGE 360
Administration Guide Format and extension Managing your organization's messaging environment and attachment support Limitations OpenOffice Format version 1.1 — .odp The BlackBerry Attachment Service supports .odp files that users create using files IBM Lotus Symphony only. The fonts that can be displayed in slides are dependent on the font types that are available on the BlackBerry Attachment Service.
PAGE 361
Administration Guide Format and extension Managing your organization's messaging environment and attachment support Limitations • charts • style effects for cells: shadow, borders • headers and footers • drawing objects and Fontwork objects Changing how a BlackBerry Attachment Service converts attachments If the BlackBerry Enterprise Server receives requests from BlackBerry device users to view email message attachments, the BlackBerry Attachment Service converts the attachments into a DOM and ca
PAGE 362
Administration Guide Managing your organization's messaging environment and attachment support 4. In the General section, configure the BlackBerry Attachment Service optimization settings. 5. Click Save. BlackBerry Attachment Service optimization settings Setting Description Range Submit port This setting specifies the TCP/IP port number that a BlackBerry Attachment Service uses to listen for and receive attachment conversion requests in a predefined XML/binary protocol.
PAGE 363
Administration Guide Setting Managing your organization's messaging environment and attachment support Description Range The default value is 4. Server busy time (seconds) This setting specifies the threshold at which the BlackBerry Attachment Service does not accept new conversion requests. 60 to 270 seconds The default value is 120 seconds. Allow remote services This setting specifies whether you prevent or permit remote TCP/IP connections to the BlackBerry Attachment Service.
PAGE 364
Administration Guide Managing your organization's messaging environment and attachment support Suggested file sizes for attachments File format Suggested size Adobe Acrobat versions 1.1, 1.2, 1.3, and 1.4 less than 2000 KB ASCII text less than 100 KB audio less than 2000 KB Corel WordPerfect versions 6.0, 7.0, 8.0, 9.0 (2000), and 10.
PAGE 365
Administration Guide Managing your organization's messaging environment and attachment support 3. Click Edit instance. 4. In the Distiller display name section, in the Allowed column, specify which distillers are supported for the instance. 5. Click Save. After you finish: Restart the BlackBerry Attachment Service.
PAGE 366
Administration Guide Managing your organization's messaging environment and attachment support Changing how the BlackBerry Messaging Agent reconciles attachments to the messaging server The BlackBerry Messaging Agent receives message attachments from supported BlackBerry devices and reconciles the attachments to the messaging server. The BlackBerry Attachment Service does not convert the attachments.
PAGE 367
Administration Guide Managing your organization's messaging environment and attachment support 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Email. 2. Click the instance that you want to change. 3. Click Edit instance. 4. On the Messaging tab, in the Messaging options section, perform any of the following actions: 5.
PAGE 368
Administration Guide Managing your organization's messaging environment and attachment support 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Email. 2. Click the instance that you want to change. 3. Click Edit instance. 4.
PAGE 369
Administration Guide Managing calendars Managing calendars 30 Configuring the BlackBerry Enterprise Server to use Microsoft Exchange Web Services or MAPI and CDO libraries By default, the BlackBerry Enterprise Server uses Microsoft Exchange Web Services to manage calendars on BlackBerry devices. The BlackBerry Enterprise Server monitors periodically whether a user account can use Microsoft Exchange Web Services.
PAGE 370
Administration Guide Managing calendars • Configure Microsoft Exchange Impersonation for a BlackBerry Enterprise Server administrator account. For more information about configuring Microsoft Exchange Impersonation, visit msdn.microsoft.com/en-us/library/ bb204095.aspx and select the appropriate tab for Microsoft Exchange 2007 or Microsoft Exchange 2010.
PAGE 371
Administration Guide Managing calendars BlackBerry Messaging Agent. If you configured high availability, configure only the primary BlackBerry Enterprise Server. 5. • To configure all BlackBerry Messaging Agent instances on a specific BlackBerry Enterprise Server to use Microsoft Exchange Web Services, type traittool -server -trait EWSEnable -set true, where is the name of the BlackBerry Enterprise Server.
PAGE 372
Administration Guide • 5. Managing calendars To configure all BlackBerry Messaging Agent instances on all BlackBerry Enterprise Server instances to use MAPI and CDO libraries, type traittool -global -trait EWSEnable -set false. Restart the BlackBerry Messaging Agent instances that you made changes to.
PAGE 373
Administration Guide Managing calendars Restarting BlackBerry Enterprise Server components, 392 Configure the BlackBerry Messaging Agent instances to use a specific web address for a client access server for Microsoft Exchange You can configure the BlackBerry Messaging Agent instances to use a specific client access server for Microsoft Exchange to connect to Microsoft Exchange Web Services.
PAGE 374
Administration Guide Managing calendars Configuring the BlackBerry Messaging Agent instances to look up the user's status using only Microsoft Exchange Web Services You can configure the BlackBerry Messaging Agent instances to use only Microsoft Exchange Web Services to determine the user's status, for example, whether a user is available, busy, or offline.
PAGE 375
Administration Guide Managing calendars Correcting calendar synchronization errors on devices If you run corrective calendar synchronization on a BlackBerry Enterprise Server instance, you can find and correct differences between the calendar entries on BlackBerry devices and the calendar entries on users' computers. You can specify a recurring day and time when the process can run and specific days when the process should check for calendar synchronization errors.
PAGE 376
Administration Guide Managing calendars Turn off corrective calendar synchronization By default, corrective calendar synchronization is turned on. If you do not want the BlackBerry Enterprise Server to check for differences between calendar entries on BlackBerry devices and calendar entries on users' computers, you can turn off corrective calendar synchronization. 1. Copy the BlackBerry Enterprise Server installation files to a computer that hosts a BlackBerry Enterprise Server instance. 2.
PAGE 377
Administration Guide Managing calendars View the current settings for corrective calendar synchronization 1. Copy the BlackBerry Enterprise Server installation files to a computer that hosts a BlackBerry Enterprise Server instance. 2. Extract the contents to a folder on the computer. 3. At the command prompt, navigate to the folder that the TraitTool.exe file is located in. 4. Perform one of the following actions: 5.
PAGE 378
Administration Guide 5. Managing calendars • To turn off automatic correction of calendar synchronization errors for a specific user account, type traittool -user -trait ExchangeSmartSyncSendUpdate -set false. • To turn off automatic correction of calendar synchronization errors for all user accounts that are associated with a BlackBerry Enterprise Server, type traittool -server -trait ExchangeSmartSyncSendUpdate -set false.
PAGE 379
Administration Guide • 5. Managing calendars To check for calendar synchronization errors during a specific range of days in the calendar for all user accounts, type traittool -global -trait ExchangeSmartSyncDays -set , where is a number from 1 to 365. Press ENTER.
PAGE 380
Administration Guide Managing calendars Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday, Weekdays, Weekends, or Daily. The default value is Daily. 7.
PAGE 381
Administration Guide Managing calendars Item Description MOD specifies that a calendar item is missing on the device MOO specifies that a calendar item is missing in the email application SAM specifies that a calendar item is the same on the device and in the email application SmartSyncFireOff specifies that the calendar synchronization process was initiated using the BlackBerry Enterprise Trait Tool instead of the standard calendar synchronization process Delete a setting for corrective calenda
PAGE 382
Administration Guide Managing calendars Start corrective calendar synchronization manually for a user account By default, the BlackBerry Enterprise Server synchronizes the calendar on each BlackBerry device user's computer with the calendar on each user's BlackBerry device at a regular interval. You can use the BlackBerry Administration Service to start corrective calendar synchronization manually for a user account. 1.
PAGE 383
Administration Guide Managing calendars For more information, visit www.blackberry.com/support to read KB 21413. Change how the BlackBerry Enterprise Server creates temporary MAPI profiles for the CalHelper application 1. On the computer that hosts the BlackBerry Enterprise Server, on the taskbar, click Start > Run. 2. Type regedit. 3. Click OK. 4.
PAGE 384
Administration Guide Managing instant messaging Managing instant messaging 31 The BlackBerry Collaboration Service is designed to provide a connection between your organization's instant messaging server and the collaboration client on BlackBerry devices. In some instant messaging environments, you can use TLS or HTTPS to encrypt the connection between specific instant messaging components.
PAGE 385
Administration Guide Managing instant messaging Change the instant messaging server or pool that a BlackBerry Collaboration Service connects to 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Collaboration. 2. Expand the instant messaging environment. 3. Click the instance that you want to change. 4. Click Edit instance. 5.
PAGE 386
Administration Guide Managing instant messaging 4. Click Edit instance. 5. In the Connection settings section, perform one of the following actions: Option Description For Microsoft Office Communications Server 2007 R2 In the Transport protocol drop-down list, perform one of the following actions: For Microsoft Office Live Communications Server 2005 or Microsoft Office Communications Server 2007 6.
PAGE 387
Administration Guide Managing instant messaging Managing instant messaging sessions Specify the maximum number of instant messaging sessions that can be open at the same time To control bandwidth and resource consumption in your organization's environment, you can specify the number of instant messaging sessions that can be open between the BlackBerry Collaboration Service and the instant messaging server at the same time. 1.
PAGE 388
Administration Guide Managing instant messaging Managing instant messaging features Prevent users from sending specific file types to instant messaging contacts using the BlackBerry Client for IBM Lotus Sametime On BlackBerry devices that are running BlackBerry Device Software version 4.2 or later and the latest version of the BlackBerry Client for IBM Lotus Sametime, users can send files to their instant messaging contacts.
PAGE 389
Administration Guide Managing instant messaging Prevent users from sending instant messaging conversations in email messages Using the latest version of the BlackBerry Client for use with Microsoft Office Live Communications Server 2005, BlackBerry Client for use with Microsoft Office Communications Server 2007, or BlackBerry Client for IBM Lotus Sametime, BlackBerry device users can send their instant messaging conversations to contacts in email messages.
PAGE 390
Administration Guide 3. Click the instance that you want to change. 4. Click Edit instance. 5. In the General section, in the Show Mobile Icon drop-down list, click False. 6. Click Save all. Managing instant messaging Make additional contact information and phone numbers available for the BlackBerry Client for IBM Lotus Sametime users In the latest version of the BlackBerry Client for IBM Lotus Sametime, users can make calls to contacts directly from their contact lists.
PAGE 391
Administration Guide Managing instant messaging 6. Save the UserInfoConfig.xml file. 7. Restart the IBM Lotus Domino server. 8. To verify that the new fields were added to each user's contact information, perform the following actions: 1.
PAGE 392
Administration Guide Managing a BlackBerry Domain Managing a BlackBerry Domain 32 Restarting BlackBerry Enterprise Server components When you complete certain tasks, you need to restart one or more BlackBerry Enterprise Server components. You restart the BlackBerry Enterprise Server components using the BlackBerry Administration Service or Windows services.
PAGE 393
Administration Guide Managing a BlackBerry Domain BlackBerry Enterprise Server component Component name in the BlackBerry Administration Service Associated service in Windows Services BlackBerry Administration Service BlackBerry Administration Service • BlackBerry Administration Service Application Server • BlackBerry Administration Service Native Code Container • BlackBerry Administration Service Application Server • BlackBerry Administration Service Native Code Container BlackBerry Web Desk
PAGE 394
Administration Guide • BlackBerry Dispatcher • BlackBerry Attachment Service • BlackBerry Controller • All of the remaining services for BlackBerry Enterprise Server components Managing a BlackBerry Domain Best practice: Restarting more than one BlackBerry Administration Service instance To restart all BlackBerry Administration Service instances without issues, the best practice is to stop all instances before you begin restarting the instances.
PAGE 395
Administration Guide Managing a BlackBerry Domain Task Steps Display the current version of the trait tool and a summary of valid commands. Type traittool. Display all possible traits, the expected data types, and any value restrictions. Type traittool -show. Display a list of traits that were configured in the BlackBerry Domain. Type traittool {*} -list. Configure the value of a trait in the Type traittool {*} -trait -set . BlackBerry Domain specified.
PAGE 396
Administration Guide Trait Managing a BlackBerry Domain Description ACP data that BlackBerry devices can receive is 4 bytes. The BlackBerry Enterprise Server check-s the value of this trait to find out how many bytes of ACP data to send to devices. If the version of the BlackBerry Device Software that the device is running is earlier than the version that this trait specifies, the BlackBerry Enterprise Server sends the device 4 bytes of ACP data instead of 8 bytes.
PAGE 397
Administration Guide Trait Managing a BlackBerry Domain Description not configure these traits, you cannot use HTTP basic authentication for proxy authentication. For more information, see Configure the BlackBerry Administration Service to use HTTP basic authentication . CalendarRescanInterval This trait specifies the amount of time, in minutes, that can occur between the scans that the BlackBerry Enterprise Server performs on the calendar contents on the device.
PAGE 398
Administration Guide Managing a BlackBerry Domain Trait Description EWSEnable This trait specifies how the BlackBerry Enterprise Server manages calendars on devices. You can configure this trait for a specific BlackBerry Messaging Agent, all BlackBerry Messaging Agent instances on a specific BlackBerry Enterprise Server, or all BlackBerry Messaging Agent instances on all BlackBerry Enterprise Server instances.
PAGE 399
Administration Guide Managing a BlackBerry Domain Trait Description EWSServiceAccount Service account name that you can use to connect to Microsoft Exchange Web Services to impersonate all other BlackBerry Enterprise Server users. EWSUserAvailabilityAccess This trait specifies whether the BlackBerry Messaging Agent receives the user's status using Microsoft Exchange Web Services or by searching for the information in the Microsoft Exchange public folders.
PAGE 400
Administration Guide Trait Managing a BlackBerry Domain Description workload on the Microsoft Exchange Server, BlackBerry Messaging Agent 5.0 SP2 or later does not write statistics to user mailboxes when it processes email messages. If you want the BlackBerry Messaging Agent to write statistics to users' Microsoft Exchange mailboxes, change the value to true (1). By default, the value is false (0).
PAGE 401
Administration Guide Trait Managing a BlackBerry Domain Description The default value is Daily. For more information, see Configure when corrective calendar synchronization runs. ExchangeSmartSyncSendUpdate This trait specifies whether the calendar synchronization process writes calendar synchronization errors to the BlackBerry Messaging Agent log file, or writes the errors to the log file and corrects the calendar synchronization errors on devices.
PAGE 402
Administration Guide Trait Managing a BlackBerry Domain Description to update the user directory in the BlackBerry Configuration Database, change the value to false (0). The default value is true (1), the BlackBerry Mail Store Service updates the user directory in the BlackBerry Configuration Database. For more information, see Configure the BlackBerry Mail Store Service instance that updates the contact list.
PAGE 403
Administration Guide Trait Managing a BlackBerry Domain Description The default value is 10. MaxSyncServerSlowSyncsPerMin This trait specifies the maximum number of pending full synchronization events that the BlackBerry Synchronization Service can process each minute. The default value is 30. MonitorJunkEmailFolderForETP This trait specifies whether the BlackBerry Messaging Agent monitors the Junk folder and the Inbox for email messages that include an etp.dat attachment.
PAGE 404
Administration Guide Trait Managing a BlackBerry Domain Description The default value is 3:18. Contact a BlackBerry Technical Support representative before you change the default value of this trait. PolicyThrottlingAppPush This trait specifies whether the BlackBerry Policy Service uses throttling to send applications the same way that it throttles IT policies and service books.
PAGE 405
Administration Guide Managing a BlackBerry Domain Trait Description PolicyThrottlingP2PKeyRate This trait specifies the maximum number of processes for PIN encryption keys that a BlackBerry Policy Service can process at one time before the BlackBerry Policy Service schedules additional processes for PIN encryption keys. The default value is 60. For more information, see Configuring BlackBerry Policy Service throttling for PIN encryption keys.
PAGE 406
Administration Guide Managing a BlackBerry Domain Trait Description UserHealthPercentage This trait specifies the percentage of user accounts that are healthy. The BlackBerry Dispatcher uses this trait to change the User accounts health parameter. If either of the health parameters indicate that the primary BlackBerry Enterprise Server is unhealthy and you turn on automatic failover, the BlackBerry Enterprise Server starts the failover process.
PAGE 407
Administration Guide 5. Managing a BlackBerry Domain • To permit all BlackBerry Messaging Agent instances to write statistics to users' Microsoft Exchange mailboxes, type TraitTool -global -trait ExchangeEnableWriteUserStatsToMailbox -set true.
PAGE 408
Administration Guide Managing a BlackBerry Domain Copy a BlackBerry CAL key to a text file You can copy a BlackBerry CAL key to a text file and save it on a computer for reference if you want to transfer CAL keys to a different BlackBerry Enterprise Server or troubleshoot BlackBerry CAL key issues. 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry solution topology > BlackBerry Domain > Component view. 2. Click BlackBerry Administration Service. 3.
PAGE 409
Administration Guide Managing a BlackBerry Domain contact list, the BlackBerry Configuration Database might not contain the contact information for all user accounts on your organization's messaging server. If the BlackBerry Configuration Database does not contain contact information for a user account, you cannot create the user account by searching for the contact information in the BlackBerry Administration Service.
PAGE 410
Administration Guide Managing a BlackBerry Domain organization’s contact list and restrict users from accessing the contact information of other organizations that also subscribe to the Hosted BlackBerry services. If your organization permits customers to have limited access or read-only access to the Microsoft Active Directory, you can configure the BlackBerry Enterprise Server to use MAPI, LDAP, or both to retrieve recipients’ email addresses.
PAGE 411
Administration Guide • Managing a BlackBerry Domain If you are running a 64-bit version of Windows, navigate to HKEY_LOCAL_MACHINE\Software\WOW6432Node \Research In Motion\BlackBerry Enterprise Server\Agents. 4. Create a DWORD value named HostedServer. 5. Change the value to 1. 6. In the Windows Services, restart the BlackBerry Controller.
PAGE 412
Administration Guide Managing a BlackBerry Domain Before you begin: • Configure the BlackBerry Enterprise Server to retrieve email addresses using LDAP. • Verify that the BlackBerry Enterprise Server version is version 5.0 SP2 or later. 1. On the computer that hosts the BlackBerry Enterprise Server, click Start > Run. 2. Type regedit. Click OK. 3.
PAGE 413
Administration Guide Managing a BlackBerry Domain You can configure the following options when you configure the BlackBerry Enterprise Server to use LDAP to retrieve email addresses and organizer data: • Windows domain that the Microsoft Active Directory uses • whether to use LDAPS to connect to Microsoft Active Directory • timeout value for the connection to Microsoft Active Directory • which contacts the BlackBerry Enterprise Server cannot retrieve, if required • whether to support a Microsoft
PAGE 414
Administration Guide b. 6. 7. 8. Managing a BlackBerry Domain Change the value to the port number. To limit the number of LDAP queries that the BlackBerry Enterprise Server needs, use the port number of the global catalog server (port 3268). If the BlackBerry Enterprise Server must use LDAPS to connect to the Microsoft Active Directory, perform the following actions: a. Create a DWORD value named LDAPssl. b. Change the value to 1.
PAGE 415
Administration Guide b. 8. Managing a BlackBerry Domain Change the value to 1. In the Windows Services, restart the BlackBerry Controller.
PAGE 416
Administration Guide 6. Managing a BlackBerry Domain In the Windows Services, restart the BlackBerry Controller. Related information Restarting BlackBerry Enterprise Server components, 392 Restrict the location in Microsoft Active Directory that the BlackBerry Enterprise Server can retrieve email addresses and organizer data from You can configure a BlackBerry Enterprise Server instance so that it searches for email addresses and organizer data only in a specified BaseDN in Microsoft Active Directory.
PAGE 417
Administration Guide Managing a BlackBerry Domain • sends IT policies and service books that you update to all BlackBerry devices that are associated with the BlackBerry Enterprise Server instance that the BlackBerry Policy Service runs on • sends updated PIN encryption keys to all devices that are associated with the BlackBerry Enterprise Server instance that the BlackBerry Policy Service runs on • performs an application poll to verify whether the BlackBerry Policy Service must send applications to
PAGE 418
Administration Guide Managing a BlackBerry Domain the maximum number of IT policies and service books that all BlackBerry Policy Service instances can send to devices each minute. If you configure throttling, the BlackBerry Policy Service determines which users that are associated with the BlackBerry Enterprise Server instance that the BlackBerry Policy Service runs on require a new IT policy or service book.
PAGE 419
Administration Guide Managing a BlackBerry Domain Configuring BlackBerry Policy Service throttling for PIN encryption keys If the BlackBerry Policy Service detects that you updated the PIN encryption keys in the BlackBerry Configuration Database, the BlackBerry Policy Service verifies which BlackBerry device users require a new key and then schedules a certain number of users at equal intervals over the next 60 second period. The default setting is 60, or one process per second.
PAGE 420
Administration Guide Managing a BlackBerry Domain If you do not configure throttling, the BlackBerry Policy Service tries to process tasks as fast as the server permits, which might result in an unexpected increase in CPU usage and database usage. If you configure throttling, the BlackBerry Policy Service sends applications to devices using the same method that it uses to throttle IT policies and service books. Configure BlackBerry Policy Service throttling for application polling 1.
PAGE 421
Administration Guide Managing a BlackBerry Domain Change the port number that BlackBerry Enterprise Server components use to connect to the BlackBerry Configuration Database You can change the static port number that BlackBerry Enterprise Server components use if you changed the port number that the BlackBerry Configuration Database uses after you install the BlackBerry Enterprise Server. By default, the BlackBerry Configuration Database accepts TCP/IP connections to port 1433 on a Microsoft SQL Server.
PAGE 422
Administration Guide Managing a BlackBerry Domain Change the port number that the syslog tools use to monitor BlackBerry Enterprise Server events You can change the port number that the syslog tools listen on to monitor BlackBerry Enterprise Server events. By default, the syslog tools listen to events for the BlackBerry Enterprise Server on port 514. 1. On the computer that hosts the BlackBerry Enterprise Server component, open the Windows Registry Editor. 2.
PAGE 423
Administration Guide BlackBerry Controller and BlackBerry Enterprise Server Component Monitoring BlackBerry Controller and BlackBerry Enterprise Server Component Monitoring 33 How the BlackBerry Controller monitors the BlackBerry Enterprise Server components The BlackBerry Controller enables the BlackBerry Enterprise Server to continue running if nonresponsive threads occur or BlackBerry Enterprise Server services become inactive.
PAGE 424
Administration Guide BlackBerry Controller and BlackBerry Enterprise Server Component Monitoring • If you are running a 32-bit version of Windows, navigate to HKEY_LOCAL_MACHINE\Software\Research In Motion \BlackBerry Enterprise Server. • If you are running a 64-bit version of Windows, navigate to HKEY_LOCAL_MACHINE\Software\ WOW6432Node \Research In Motion\BlackBerry Enterprise Server. 3. Click Controller. 4.
PAGE 425
Administration Guide BlackBerry Controller and BlackBerry Enterprise Server Component Monitoring Task Steps Prevent the BlackBerry Controller from restarting the BlackBerry Messaging Agent when a nonresponsive thread occurs. 1. Create a DWORD value that is named WaitToRestartAgentOnHung. 2. Double-click the new DWORD value. 3. In the Value data field, type 0. The default value is 6.
PAGE 426
Administration Guide BlackBerry Controller and BlackBerry Enterprise Server Component Monitoring Task Steps Prevent the BlackBerry Messaging Agent from restarting if the BlackBerry Controller does not receive health checks from it. 1. Create a DWORD value that is named MissedHeartbeatThreshold. 5. 2. Double-click the new DWORD value. 3. In the Value data field, type 0. Click OK.
PAGE 427
Administration Guide Task Change how the BlackBerry Controller restarts the BlackBerry MDS Connection Service. Change how the BlackBerry Controller restarts the BlackBerry Router. Change how the BlackBerry Controller restarts the BlackBerry Mail Store Service. BlackBerry Controller and BlackBerry Enterprise Server Component Monitoring Steps • To prevent the BlackBerry Controller from restarting the BlackBerry Collaboration Service if the service stops responding, type 0.
PAGE 428
Administration Guide Task Change how the BlackBerry Controller restarts the BlackBerry Synchronization Service. BlackBerry Controller and BlackBerry Enterprise Server Component Monitoring Steps • To prevent the BlackBerry Controller from restarting the BlackBerry Policy Service if the service stops responding, type 0. • To permit the BlackBerry Controller to restart the BlackBerry Policy Service if the service stops responding, type 1. 1. Navigate to BlackBerry Enterprise Server. 2.
PAGE 429
Administration Guide BlackBerry Controller and BlackBerry Enterprise Server Component Monitoring 3. Click Edit instance. 4. In the SMTP host name field, type the SMTP host name of your organization's gateway in DNS format (for example, smtp.CompanyName.com). 5. In the SMTP account name field, type the name of the SMTP account that you want to send notifications from. 6. In the SMTP from address field, type the SMTP address that you want to send notifications and receive replies to notifications.
PAGE 430
Administration Guide BlackBerry Controller and BlackBerry Enterprise Server Component Monitoring 6. In the Email address field, type the recipient's email address. 7. To send notification messages as popup messages on the contact's computer, in the Console field, type the name of the contact's computer. 8. Click OK.
PAGE 431
Administration Guide BlackBerry Enterprise Server log files BlackBerry Enterprise Server log files 34 Monitoring PIN messages, SMS text messages, and calls Change the default location for the log files for PIN messages, SMS text messages, and calls Note: The log files for PIN messages, SMS text messages, and calls store confidential information in plain-text format. To protect the information, you must restrict access to the location of the log files.
PAGE 432
Administration Guide BlackBerry Enterprise Server log files 2. Click Manage IT policies. 3. In the list of IT policies, click an IT policy. 4. Click Edit IT policy. 5. On the PIM Synchronization tab, in the Disable PIN Messages Wireless Synchronization drop-down list, click No. 6. Click Save all. Monitor SMS text messages You can use the log files for SMS text messages to monitor the time and the frequency when users send SMS text messages from BlackBerry devices.
PAGE 433
Administration Guide BlackBerry Enterprise Server log files Log files for BlackBerry Enterprise Server components You can use log files to record the activity of BlackBerry Enterprise Server components and troubleshoot issues with the components. The BlackBerry Enterprise Server creates a log file for each BlackBerry Enterprise Server component and saves the log files on the computer that hosts the BlackBerry Enterprise Server.
PAGE 434
Administration Guide BlackBerry Enterprise Server log files Store the log files for BlackBerry Enterprise Server components in one folder You can store the log files for BlackBerry Enterprise Server components in one folder instead of permitting the BlackBerry Enterprise Server to save the log files in folders that it creates daily and organizes by date. 1.
PAGE 435
Administration Guide BlackBerry Enterprise Server log files Change the maximum size of the log file for a BlackBerry Enterprise Server component When the log file for a BlackBerry Enterprise Server component reaches its maximum size, the BlackBerry Enterprise Server either creates an additional log file for the component or overwrites the current one, depending on whether you turn on log auto-roll.
PAGE 436
Administration Guide • BlackBerry Enterprise Server log files To write additional information to the log files that can help you troubleshoot issues with your organization's environment, click Debug. 5. Click Save all. 6. On the Servers and components menu, locate and restart the components that contain the logging settings that you changed.
PAGE 437
Administration Guide BlackBerry Enterprise Server log files 5. Click Save all. 6. On the Servers and components menu, locate and restart the components that contain the logging settings that you changed. Related information Restarting BlackBerry Enterprise Server components, 392 Prevent a BlackBerry Enterprise Server component from creating a daily log file 1.
PAGE 438
Administration Guide BlackBerry Enterprise Server log files Change the character encoding of the log file for a BlackBerry Enterprise Server component You can change the character encoding of the log files of a BlackBerry Enterprise Server component so that the encoding supports the tools that you use to parse and examine the log files. You can specify a different character encoding for each BlackBerry Enterprise Server component. You can use the ANSI, UTF-8, and UTF-16LE character encoding methods. 1.
PAGE 439
Administration Guide BlackBerry Enterprise Server log files Related information Restarting BlackBerry Enterprise Server components, 392 Component identifiers for log files You can identify the names for the BlackBerry Enterprise Server log files using the following component identifiers: Component identifier Logging component ACNV BlackBerry Attachment Service attachment conversion ALRT BlackBerry Enterprise Server Alert Tool APP BlackBerry Monitoring Service Application Core ASCL BlackBerry Att
PAGE 440
Administration Guide BlackBerry Enterprise Server log files Component identifier Logging component DCS BlackBerry Monitoring Service Data Collection Subsystem DISP BlackBerry Dispatcher EXTS extension connector HHCG BlackBerry Configuration Panel MAGT BlackBerry Messaging Agent MAST BlackBerry Mail Store Service MDAT BlackBerry MDS Connection Service POLC BlackBerry Policy Service ROUT BlackBerry Router SYNC BlackBerry Synchronization Service TAT BlackBerry Threshold Analysis Tool
PAGE 441
Administration Guide 4. 5. BlackBerry Enterprise Server log files In the File logging destination, UDP logging destination, TCP logging destination, or EventLog logging destination sections, select one of the following logging levels from the Log level drop-down list: • To write events to the log files, click Event. • To write error messages to the log files, click Error. • To write warning messages to the log files, click Warning.
PAGE 442
Administration Guide BlackBerry Enterprise Server log files 3. On the Logging tab, click Edit instance. 4. In the UDP logging destination section, in the Location field, type the host name and port number using the format :. 5. Click Save all. Related information Restarting BlackBerry Enterprise Server components, 392 Change the host and port number that the BlackBerry MDS Connection Service connects to when it sends TCP log file messages 1.
PAGE 443
Administration Guide BlackBerry Enterprise Server log files 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > MDS Connection Service. 2. Click a BlackBerry MDS Connection Service instance. 3. On the Logging tab, click Edit instance. 4.
PAGE 444
Administration Guide 5. BlackBerry Enterprise Server log files Click Save all. Related information Restarting BlackBerry Enterprise Server components, 392 Using BlackBerry MDS Connection Service log files to view information for proxied connections to BlackBerry devices The BlackBerry Enterprise Server writes data for each BlackBerry device connection that the BlackBerry MDS Connection Service proxies in the BlackBerry MDS Connection Service log files.
PAGE 445
Administration Guide BlackBerry Enterprise Server log files Attribute Description CONNECTION_TYPE initiator of the proxied connection, which can be either the BlackBerry device user (DEVICE_CONN) or BlackBerry Enterprise Server (PUSH_CONN ) CONNECTIONID unique identifier for an IPPP connection, where - (minus sign) indicates a push connection DURATION(ms) duration of the proxied BlackBerry device connection, in milliseconds MFH_KBytes size of messages that the BlackBerry device sends, in KB MTH_
PAGE 446
Administration Guide BlackBerry Enterprise Server log files Task Steps Trace how data packets travel inside the GME network layer from the BlackBerry Collaboration Service to the BlackBerry Dispatcher. In the GME logging turned on drop-down list, click True. 5. Click Save all.
PAGE 447
Administration Guide BlackBerry Enterprise Solution connection types and port numbers BlackBerry Enterprise Solution connection types and port numbers 35 The BlackBerry Enterprise Server components authenticate the port connections over a TCP/IP or UDP/IP connection that uses SSL or TLS.
PAGE 448
Administration Guide Item BlackBerry Enterprise Solution connection types and port numbers Connection type Default port number UI where you can configure the connection \Research In Motion \BlackBerry Enterprise Server \Database\Port incoming data connections from, and outgoing data connections to, browsers HTTPS 443 BlackBerry Configuration Panel incoming data connections from, and outgoing data connections to, BlackBerry Enterprise Server components HTTP 18180 BlackBerry Configuration Panel
PAGE 449
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection type Default port number UI where you can configure the connection data connections between BlackBerry Administration Service instances UDP multicast IP address/port — 228.1.2.1/48858 228.1.2.1/48857 228.1.2.1/48855 228.1.2.
PAGE 450
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection type Default port number UI where you can configure the connection outgoing conversion results of large attachments to the BlackBerry Attachment Connector for the BlackBerry Attachment Service TCP 2000 BlackBerry Administration Service 1433 (static connections only) Windows registry incoming data connections from, and outgoing data TCP connections to, the BlackBerry Configuration Database that a
PAGE 451
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection type Default port number UI where you can configure the connection incoming data connections from, and outgoing data connections to, the Microsoft Office Communications Server 2007 R2 or 2010 TLS or MTLS 5061 BlackBerry Administration Service incoming data connections from, and outgoing data connections to, IBM Lotus Sametime TCP/IP 1516 BlackBerry Administration Service incoming data connecti
PAGE 452
Administration Guide Item BlackBerry Enterprise Solution connection types and port numbers Connection type Default port number UI where you can configure the connection • On a 64-bit version of Windows: HKEY_LOCAL_MACHIN E\SOFTWARE \WOW6432Node \Research In Motion\ \BlackBerrySNMPAgent \Parameters\UDPPort BlackBerry Configuration Database connection types and port numbers Item Connection type for a Microsoft SQL Server, incoming data connections TCP from, and outgoing data connections to, any of th
PAGE 453
Administration Guide Item BlackBerry Enterprise Solution connection types and port numbers Connection type Default port number UI where you can configure the connection \BlackBerry Enterprise Server\Database\Port Related information Restarting BlackBerry Enterprise Server components, 392 BlackBerry Controller connection types and port numbers Item Connection type Default port number UI where you can configure the connection incoming syslog connections from the BlackBerry Messaging Agent UDP 407
PAGE 454
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Item Connection type Default port number UI where you can configure the connection outgoing syslog connections to the BlackBerry Messaging Agent UDP port number that the BlackBerry Messaging Agent provides — BlackBerry Dispatcher connection types and port numbers Item Connection type incoming data connections from the BlackBerry Messaging TCP Agent incoming data connections from, and outgoing data connections
PAGE 455
Administration Guide Item BlackBerry Enterprise Solution connection types and port numbers Connection type Default port number UI where you can configure the connection TCP 3101 BlackBerry Administration Service incoming data connections from, and outgoing data TCP connections to, the BlackBerry Configuration Database that a Microsoft SQL Server hosts 1433 Windows registry • BlackBerry Collaboration Service • BlackBerry MDS Connection Service • BlackBerry Policy Service • BlackBerry Synch
PAGE 456
Administration Guide Item BlackBerry Enterprise Solution connection types and port numbers Connection type Default port number UI where you can configure the connection \BlackBerrySNMPAgent \Parameters\UDPPort • On a 64-bit version of Windows: HKEY_LOCAL_MACHIN E\SOFTWARE \WOW6432Node \Research In Motion \BlackBerrySNMPAgent \Parameters\UDPPort BlackBerry Messaging Agent connection types and port numbers Item Connection type Default port number UI where you can configure the connection outgoing d
PAGE 457
Administration Guide Item BlackBerry Enterprise Solution connection types and port numbers Connection type Default port number UI where you can configure the connection Server\Agents \TcpPortDispatcher incoming data connections from, and outgoing data TCP connections to, the BlackBerry Configuration Database that a Microsoft SQL Server hosts 1433 Windows registry • On a 32-bit version of Windows: HKEY_LOCAL_MACHIN E\SOFTWARE\Research In Motion\BlackBerry Enterprise Server \Database\Port • On a 64
PAGE 458
Administration Guide Item BlackBerry Enterprise Solution connection types and port numbers Connection type Default port number UI where you can configure the connection \WOW6432Node \Research In Motion \BlackBerry Enterprise Server\Agents \SysLogHost outgoing syslog connections to the SNMP agent incoming data connections from the BlackBerry database notification system 458 UDP UDP 4071 Windows registry • On a 32-bit version of Windows: HKEY_LOCAL_MACHIN E\SOFTWARE\Research In Motion\BlackBerry
PAGE 459
Administration Guide BlackBerry Enterprise Solution connection types and port numbers BlackBerry MDS Connection Service connection types and port numbers Item Connection type Default port number UI where you can configure the connection if access control for push applications is turned on, incoming connections for the HTTP listener port HTTP 8080 BlackBerry Administration Service if access control for push applications is turned on, incoming connections for the HTTP listener port HTTPS 8443 Bla
PAGE 460
Administration Guide Item BlackBerry Enterprise Solution connection types and port numbers Connection type Default port number UI where you can configure the connection E\SOFTWARE\Research In Motion \BlackBerrySNMPAgent \Parameters\UDPPort • incoming data connections for reliable pushes TCP 7874 On a 64-bit version of Windows: HKEY_LOCAL_MACHIN E\SOFTWARE \WOW6432Node \Research In Motion \BlackBerrySNMPAgent \Parameters\UDPPort BlackBerry Administration Service BlackBerry Monitoring Service conne
PAGE 461
Administration Guide Item BlackBerry Enterprise Solution connection types and port numbers Connection type Default port number UI where you can configure the connection internal data connection to the BlackBerry Monitoring Service Application Core TCP 55500 BlackBerry Configuration Panel internal data connection to the BlackBerry Monitoring Service Polling Engine TCP 55501 BlackBerry Configuration Panel internal data connection to the BlackBerry Monitoring Service Data Collection Subsystem TC
PAGE 462
Administration Guide Item BlackBerry Enterprise Solution connection types and port numbers Connection type Default port number UI where you can configure the connection E\SOFTWARE \WOW6432Node \Research In Motion \BlackBerry Enterprise Server\Database\Port incoming data connections from the BlackBerry database notification system UDP first unused — port number from 4185 to 4499 BlackBerry Router connection types and port numbers Item Connection type incoming data connections from the BlackBerry D
PAGE 463
Administration Guide Item BlackBerry Enterprise Solution connection types and port numbers Connection type Default port number UI where you can configure the connection \Research In Motion \BlackBerryRouter \ServicePort outgoing data connections to the BlackBerry Infrastructure that use SRP TCP 3101 BlackBerry Configuration Panel Windows registry incoming data connections from, and outgoing data TCP connections to, BlackBerry devices that use the BlackBerry Device Manager to bypass the wireless ne
PAGE 464
Administration Guide Item BlackBerry Enterprise Solution connection types and port numbers Connection type Default port number UI where you can configure the connection \WOW6432Node \Research In Motion \BlackBerryRouter \DevicePort outgoing syslog connections to the SNMP agent UDP 4071 Windows registry • On a 32-bit version of Windows: HKEY_LOCAL_MACHIN E\SOFTWARE\Research In Motion \BlackBerrySNMPAgent \Parameters\UDPPort • On a 64-bit version of Windows: HKEY_LOCAL_MACHIN E\SOFTWARE \WOW6432No
PAGE 465
Administration Guide Item BlackBerry Enterprise Solution connection types and port numbers Connection type incoming data connections from, and outgoing data TCP connections to, the BlackBerry Configuration Database that a Microsoft SQL Server hosts incoming data connections from the BlackBerry database notification system UDP Default port number UI where you can configure the connection 1433 Windows registry • On a 32-bit version of Windows: HKEY_LOCAL_MACHIN E\SOFTWARE\Research In Motion\BlackBe
PAGE 466
Administration Guide BlackBerry Enterprise Solution connection types and port numbers IBM Lotus Sametime connection type and port number Item Connection type Default port number UI where you can configure the connection incoming data connections from and outgoing data connections to the BlackBerry Collaboration Service TCP/IP 1533 IBM Lotus Sametime Administration Tool Microsoft Exchange connection types and port numbers Item Connection type Default port number UI where you can configure the co
PAGE 467
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Microsoft Office Live Communications Server 2005 connection types and port numbers Item Connection type Default port number UI where you can configure the connection incoming data connections from, and outgoing data connections to, the connector for the Microsoft Office Live Communications Server TLS 5061 Microsoft Office Live Communications Server incoming data connections from, and outgoing data connections to,
PAGE 468
Administration Guide BlackBerry Enterprise Solution connection types and port numbers Novell GroupWise Messenger connection type and port number Item Connection type Default port number UI where you can configure the connection incoming data connections from, and outgoing data connections to, the BlackBerry Collaboration Service SSL 8300 Novell GroupWise server that hosts the Novell GroupWise Messaging Agent SNMP agent connection types and port numbers Item Connection type Default port number U
PAGE 469
Administration Guide Item BlackBerry Enterprise Solution connection types and port numbers Connection type Default port number UI where you can configure the connection \BlackBerrySNMPAgent \Parameters\UDPPort incoming syslog connections from SNMP queries and traps UDP 161 Windows registry outgoing syslog connections from SNMP queries and traps TCP 162 Windows registry Syslog connection type and port number Item Connection type Default port number UI where you can configure the connection
PAGE 470
Administration Guide Troubleshooting Troubleshooting 36 Troubleshooting: Connecting to the BlackBerry Administration Service The web browser displays an HTTP 404 or HTTP 504 error message when it tries to connect to a BlackBerry Administration Service instance Possible cause Possible solution You created a BlackBerry Administration Service pool using DNS round robin and you stopped the BlackBerry Administration Service services for the BlackBerry Administration Service instance that you currently use.
PAGE 471
Administration Guide Troubleshooting Troubleshooting: BlackBerry Enterprise Server Performance A BlackBerry Enterprise Server that you installed remotely from the BlackBerry Configuration Database uses an unexpected amount of system resources and increases wireless network traffic Possible cause Once daily, the BlackBerry Enterprise Server uses the BlackBerry Mailstore Service to refresh the user information from your organization's address book in the BlackBerry Configuration Database.
PAGE 472
Administration Guide Troubleshooting To turn on the address book refresh feature for a BlackBerry Enterprise Server again, use the same command with a value of True. Microsoft SQL Server uses a considerable amount of disk space Possible cause Reorganizing or rebuilding an index in Microsoft SQL Server can cause the size of the transaction log file in the BlackBerry Configuration Database to grow larger than expected.
PAGE 473
Administration Guide Possible cause Troubleshooting Possible solution 4. In the Windows Services, restart the services for the BlackBerry Administration Service. You cannot find a new user account in the directory using the BlackBerry Administration Service Possible solution Refresh the list of available user accounts that the BlackBerry Administration Service can access from the directory. By default, the BlackBerry Administration Service refreshes the list of available user accounts at 12:30 AM daily.
PAGE 474
Administration Guide Troubleshooting 3. Perform one of the following actions: • Remove the third-party application that uses the BlackBerry Enterprise Server extension API. • Change the third-party application so that it does not filter messages. Text does not appear correctly in Unicode email messages Possible cause By default, when the BlackBerry Enterprise Server receives Unicode messages from BlackBerry devices, it uses UTF-8 character encoding to process the Unicode messages.
PAGE 475
Administration Guide Troubleshooting Possible solution You must configure a proxy server that prevents your organization's BlackBerry Enterprise Server from receiving HTTP requests from external servers. If the BlackBerry Enterprise Server is located in an unrestricted network that permits direct HTTP connections to the IBM Lotus Sametime server, the BlackBerry Collaboration Service establishes an HTTP connection to the IBM Lotus Sametime server automatically to retrieve the phone numbers.
PAGE 476
Administration Guide Troubleshooting A user did not accept a notification about an instant message on a computer and the notification disappeared Applies to: BlackBerry Collaboration Service version 4.1 or later with the BlackBerry Client for use with Microsoft Office Live Communications Server 2005 or the BlackBerry Client for use with Microsoft Office Communications Server 2007.
PAGE 477
Administration Guide Troubleshooting Possible cause Possible solution The BlackBerry Collaboration Service does not support the version of the instant messaging application that is installed on the BlackBerry device. Remove the instant messaging application from the BlackBerry device. Install an earlier version of the instant messaging application on the BlackBerry device. The Microsoft Office Communicator Web Access server is not configured correctly for AJAX service.
PAGE 478
Administration Guide Troubleshooting Troubleshooting: Connections to the Wi-Fi network A BlackBerry device cannot connect to a Wi-Fi network Possible cause Possible solution On the BlackBerry device, Wi-Fi connections are not turned on. 1. On the BlackBerry device, on the Home screen, click Manage Connections. 2. Click Wi-Fi Options. 3. In the Wi-Fi field, verify that a checkmark appears. A Wi-Fi profile is not configured on the BlackBerry device. 1.
PAGE 479
Administration Guide Troubleshooting Possible cause Possible solution The BlackBerry device is not assigned to the correct user account. In the BlackBerry Administration Service, assign the correct BlackBerry device to the user account. The BlackBerry Enterprise Server cannot connect to the BlackBerry device. Perform the following actions: The settings in the IT policy or Wi-Fi profile were not sent to the BlackBerry device. Resend the IT policy to the BlackBerry device.
PAGE 480
Administration Guide Possible cause Troubleshooting Possible solution Verify that the correct authentication method is configured on the access point and BlackBerry device. The static IP address and DHCP for the Perform any of the following actions: BlackBerry device are not configured • If a static IP address is configured, verify that the parameters such as the correctly. subnet mask, default gateway IP address, and DNS IP address are configured correctly.
PAGE 481
Administration Guide Troubleshooting A user cannot see Wi-Fi connection settings on a Wi-Fi enabled BlackBerry device Possible cause The Wi-Fi enabled BlackBerry device is not configured to permit a user to make changes to the Wi-Fi configuration settings. Possible solution 1. In the BlackBerry Administration Service, change the WLAN Allowed Handheld Changes configuration setting in the Wi-Fi profile to Yes. 2. Resend the IT policy to the BlackBerry device.
PAGE 482
Administration Guide Field Troubleshooting Description When the BlackBerry device displays a value for the AP MAC Address, the BlackBerry device is associated with the access point. Security Type This field specifies the following link security methods: • No Security • WEP • PSK • PEAP • LEAP • EAP-TLS • EAP-FAST • EAP-TTLS When the BlackBerry device displays the link security method, the security on the Wi-Fi connection is turned on and active.
PAGE 483
Administration Guide Troubleshooting Field Description Network Channel This field specifies the IEEE 802.11 channel that the access point uses. Pairwise Cipher This field specifies information about how the access point manages encryption keys for a user account on the network. You can configure an access point to support multiple pairwise ciphers. You can use a pairwise cipher with a group cipher.
PAGE 484
Administration Guide Troubleshooting Field Description Certificate This field specifies the certificate that the BlackBerry device can use for Wi-Fi authentication, if applicable. Software Token If you configured a software token for the BlackBerry device, this field specifies the serial number of the software token. Status fields for VPN connections Field Description Current Profile This field specifies the name of the VPN profile that the user is using.
PAGE 485
Administration Guide Troubleshooting Field Description Secure Subnet Mask This field specifies the subnet mask of the BlackBerry device on the private network that the VPN protects. The subnet mask and IP address provide information about the subnet that the BlackBerry device has connected to. Retry at If a BlackBerry cannot log in, this field specifies the next date and time that the BlackBerry device can try to log in.
PAGE 486
Administration Guide Field Troubleshooting Description • UMA Wi-Fi Available Mobile Network Preferred: If possible, the BlackBerry device uses a mobile network connection but the BlackBerry device can also use a Wi-Fi connection. This field specifies whether the user has a UMA profile. You can safely ignore this status field. Connection This field specifies whether the BlackBerry device is connected over UMA. Status This field specifies the status of the UMA connection.
PAGE 487
Administration Guide Troubleshooting Field Description Connecting This field specifies the IP address and port number that the BlackBerry device uses to connect to the BlackBerry Infrastructure. Authenticating router This field specifies the IP address of the server that performs authentication, if applicable. Authenticating server This field specifies the IP address of the server that performs authentication.
PAGE 488
Administration Guide Possible cause The VPN authentication method is not configured correctly. Troubleshooting Possible solution • Verify that the VPN concentrator host name resolves to an IP address. If it does not, configure the VPN IP address. • Verify that the VPN server supports the security parameters. • Verify that the VPN login information for the user account are correct.
PAGE 489
Administration Guide Possible cause Troubleshooting Possible solution 5. If you receive a response to the the ping but the BlackBerry device does not display a success message, check the Status field for a reason for this error. Verify whether a BlackBerry device can resolve an IP address If a BlackBerry device cannot connect to a Wi-Fi network, you can determine which connections the BlackBerry device cannot make to it.
PAGE 490
Administration Guide 2. Click Wi-Fi Options. 3. Press the Menu key and click Wi-Fi Tools > DNS Lookup. 4. In the Host field, type a name or an IP address that you want to look up. 5. Press the Menu key and click DNS Lookup. 6. Press the Menu key and click Send ping.
PAGE 491
Administration Guide Troubleshooting Troubleshooting: BlackBerry Monitoring Service connections A user cannot log in to the BlackBerry Monitoring Service Possible cause If your organization's environment includes a firewall located between the BlackBerry Administration Service and BlackBerry Monitoring Service, the firewall can block the JNDI delegate port on the BlackBerry Administration Service. By default, the JNDI delegate port is configured to 0 (any port).
PAGE 492
Administration Guide Troubleshooting Troubleshooting: IT policies I cannot find an IT policy rule in the BlackBerry Administration Service Possible cause The version of the BlackBerry Enterprise Server that you are using does not include the IT policy rule. Possible solution Import the IT policy rule from an IT policy pack that is available from www.blackberry.com/support. For more information about IT policy packs, search the BlackBerry Technical Solution Center at www.blackberry.com/support.
PAGE 493
Administration Guide Glossary Glossary 37 AAA Authentication, Authorization, Accounting AES Advanced Encryption Standard ACL An access control list (ACL) is a list of permissions that are associated with an object, such as a file, directory, or other network resource. It specifies which users or components have permission to perform specific operations on an object.
PAGE 494
Administration Guide Glossary CMIME Compressed Multipurpose Internet Mail Extension content protection Content protection helps protect user data on a locked BlackBerry device by encrypting the user data using the content protection key and ECC private key. CRL certificate revocation list CSR certificate signing request DES Data Encryption Standard device transport key The device transport key (formerly known as the master encryption key) is unique to a BlackBerry device.
PAGE 495
Administration Guide Glossary GPO Group Policy Object GPS Global Positioning System HTML Hypertext Markup Language HTTP Hypertext Transfer Protocol HTTPS Hypertext Transfer Protocol over Secure Sockets Layer IIS Internet Information Services IP address An Internet Protocol (IP) address is an identification number that each computer or mobile device uses when it sends or receives information over a network, such as the Internet.
PAGE 496
Administration Guide Glossary messaging server A messaging server sends and processes messages and provides collaboration services, such as updating and communicating calendar and address book information. MIDP Mobile Information Device Profile MIME Multipurpose Internet Mail Extensions mirror database In database mirroring, a mirror database is a standby copy of a principal database.
PAGE 497
Administration Guide Glossary SQL Structured Query Language SRP Server Routing Protocol SRP ID The SRP ID is a unique identifier for the BlackBerry Enterprise Server that the BlackBerry Enterprise Server uses to identify itself to the BlackBerry Infrastructure during SRP authentication.
PAGE 498
Administration Guide Legal notice Legal notice 38 ©2012 Research In Motion Limited. All rights reserved. BlackBerry®, RIM®, Research In Motion®, and related trademarks, names, and logos are the property of Research In Motion Limited and are registered and/or used in the U.S. and countries around the world. Adobe and Acrobat are trademarks of Adobe Systems Incorporated. ANSI is a trademark of the American National Standards Institute. Apache Tomcat is a trademark of The Apache Software Foundation.
PAGE 499
Administration Guide Legal notice COURSE OF DEALING OR USAGE OF TRADE, OR RELATED TO THE DOCUMENTATION OR ITS USE, OR PERFORMANCE OR NON-PERFORMANCE OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICES REFERENCED HEREIN, ARE HEREBY EXCLUDED. YOU MAY ALSO HAVE OTHER RIGHTS THAT VARY BY STATE OR PROVINCE. SOME JURISDICTIONS MAY NOT ALLOW THE EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES AND CONDITIONS.
PAGE 500
Administration Guide Legal notice Third Party Products and Services that are provided with RIM's products and services are provided as a convenience to you and are provided "AS IS" with no express or implied conditions, endorsements, guarantees, representations, or warranties of any kind by RIM and RIM assumes no liability whatsoever, in relation thereto.