in

Bunker Hollow

Matt Williamson's home on the web, welcome.

Social Tools

Home Home About About Email Email
RSS RSS Atom Atom Comments RSS Comments
Twitter Twitter Facebook Facebook LinkedIn LinkedIn

Tags

Matt Williamson's Blog

Personal discoveries of an IT professional.

BlackBerry Professional Software (BES) for Exchange 2007 Installation

| Share

So here's the plan, I got a BlackBerry Curve 8310 from work, which is hooked up to our corporate Exchange email.  I want to hook it up to my personal Exchange 2007 Server running on a Server 2008 Hyper-V virtual machine at home.  One super-easy way to do it is via POP3 or IMAP4.  But this post covers how to do it like your company would, through the BlackBerry Enterprise Server.  Please note, your BlackBerry can only be connected to one BES account at a time (as of July 2008), regardless of what you may have read elsewhere.  I had to contact my company's helpdesk to re-connect my company email.

I've followed some good tutorials on how to do this, a BlackBerry Guide and a CrackBerry Guide, but I'm going to write down my exact steps anyway.

Change Your Corporate Email Message Service Display Name

Install the BlackBerry Desktop Software on your work machine with all the default installation choices.  Run the manager, connect your BlackBerry, then choose:

Email Settings -> Advanced Tab -> Message Service Display Name -> "YourCompany".
Synchronize -> Synchronize Now.

Disconnect your BlackBerry, goto your mail, compose and new message and scroll to the top.  In "Send Using" you should see your new display name.

Download BlackBerry Professional Software, aka, BlackBerry Enterprise Server Express

You can obtain a fully-functional copy of BES with a single Client Access License (CAL) for free.  http://www.blackberry.com/select/professional/express.shtml

Create your BES Server

  1. Create new BES Virtual Machine - I've configured a Windows Server 2003 R2 Standard x86 machine for the job.  Updated and ready to go.  I tried on a Server 2008 x64 virtual, and the software would install but at the very end of the installation, only the last two processes would start.
     
  2. Add BES Server to Domain - This isn't necessary, but I like to manage my machines using my domain administrator account.
     

Create BESAdmin Mailbox and User Account

  1. Open the Exchange Management Console on your Exchange server.
     
  2. Recipient Configuration -> New Mailbox... -> New User named BESAdmin.

Add BESAdmin Domain Rights

  1. Open the Exchange PowerShell on your Exchange server.
     
  2. Enter this command:
    add-exchangeadministrator "BESAdmin" –role ViewOnlyAdmin
     
  3. Enter this command (replace MAIL_SERVER_NAME with your servers machine name and DOMAIN with your domain name if you're using one):
     
    get-mailboxserver MAIL_SERVER_NAME | add-adpermission -user DOMAIN\BESAdmin -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

Configure BESAdmin Domain Security Settings

  1. On your Exchange Server, Start -> Administrative Tools -> Active Directory Users and Computers.
     
  2. View -> Advanced Features.
     
  3. Global Setting - To configure for all users, right-click your domain -> Properties.
    Security Tab -> Advanced -> Add... -> BESAdmin
    Apply to: Descendant User objects -> Allow Send as.
     
    Individual Setting - Instead of configuring globally you can just choose the user who's mailbox will be connected to your BlackBerry:
    User -> Properties -> Security Tab -> Add BESAdmin -> Allow Send as.

Temporarily Whitelist "blackberry.net" for Activation

  1. On your Exchange Server, open PowerShell.
     
  2. Execute this command:
    Set-ContentFilterConfig –BypassedSenderDomains blackberry.net
     
  3. Verify with:
    get-ContentFilterConfig
     
  4. Force a sync with Edge to be sure:
    Start-EdgeSynchronization

Add BESAdmin as Local Administrator on BES Server Machine

  1. On your BES Server, Right-click -> My Computer -> Manage.
     
  2. Local Users and Groups -> Groups -> Administrators.

Add BESAdmin to Local Security Policy on BES Server Machine

  1. On your BES Server, Start -> Administrative Tools -> Local Security Policy.
     
  2. Security Settings -> Local Policies -> User Rights Assignment -> Allow log on locally.
     
  3. Security Settings -> Local Policies -> User Rights Assignment -> Log on as a service.

Login as BESAdmin and Install BlackBerry Professional Software

  1. On the 3rd or 4th installation screen you'll see a warning:
    "The setup application could not verify the Microsoft Exchange permissions for the Microsoft Windows account.  Before you continue, verify that the permissions are correct."  That's fine, don't worry about it.
     
  2. Install SQL Express locally.
     
  3. Press Continue to reboot.
     
  4. Leave the default database settings, click yes to create the database.
     
  5. Enter your CAL and SRP information, you will have received this from BlackBerry with the link to download the software.
     
  6. Enter your Exchange server name and click Check Name.  It will validate it, then click OK.
     
  7. Click Start Service.  All services should start successfully.  Click Finish.

Open BlackBerry Manager and Configure your User

  1. Open BlackBerry Manager and you will receive a warning that "The MAPI Profile 'BlackBerryManager' does not exist."  Click OK.
     
  2. Enter your server name, again, Check Name, and click OK.
     
  3. Your service status should be "Running" and your SRP Status should be "Connected".
     
  4. Add New Users Wizard -> Select your user.
     
  5. Choose the Default IT Policy. Next.
     
  6. Deploy Devices Wirelessly. Done.  An email will be sent to that user's mailbox.

Active BlackBerry Handheld Device

  1. Obtain your password from the email in your user's mailbox.
     
  2. On your BlackBerry choose Enterprise Activation or Options -> Advanced Options -> Enterprise Activation.
     
  3. Enter your user's email address and password.

Troubleshooting

  • Activation times out, after about 30 minutes, with "Server is not responding".
    Verify the BESAdmin Domain Rights were properly set by going to your BES Server:
    Run -> cmd -> cd c:\program files\research in motion\blackberry enterprise server\utility\
    IEMSTest.exe
    Run the test for both choices against your user.  If you see a failure, which I did in my case, then the domain rights weren't properly set.  Revisit that step.
     
  • Policy Error, try wiping your BlackBerry.  I also received this error, so the next time I tried activation I said Yes to wiping the BlackBerry.  Activation was then successful, but now I've lost my work email account.  I made a backup before doing all this, so I'll have to see if that restores things, otherwise I'll be sending it off to get it fixed.  *** I just tried the restore, it did not restore my enterprise activation settings, I'll have to ask infrastructure to re-activate my phone.
Published Jun 14 2008, 05:03 PM by Matt Williamson
Filed under: , ,

Comments

 

Glen said:

Excellent instructions for how to setup Blackberry professional to work with Exchange 2007.

Unfortunately you cannot have a blackberry configured to two different BES servers simultaneously :-(

It looks like your mobile provider has provisioned the device for BIS and BES, so you could explore the options for BIS connecting to your home Excahnge via OWA.

July 17, 2008 11:59 AM
 

Matt Williamson said:

Haha!  I figured that out the hard way and forgot to make a note of it in my post.  Once connected to my own Exchange server I was completely disconnected from my work email.  I had to call infrastructure and explain that my blackberry somehow reset itself :)  Some people on forums out there say it is possible, but I can confirm at this point it's not.  I've resorted to IMAP4 thought BIS which is good enough.

July 17, 2008 3:46 PM
 

Community Web Directory said:

Press releases have some unique characteristics that can contribute to an increase in search engine positioning for your site. They are similar in many ways to pages that use search engine copywriting techniques. They have a narrow focus, include copy

August 1, 2008 6:13 PM
 

Cj said:

Dude, awesome instructions, I have never seen so many typos in Blackberry's instructions, very nice job... I was hung at

On the 3rd or 4th installation screen you'll see a warning:

"The setup application could not verify the Microsoft Exchange permissions for the Microsoft Windows account.  Before you continue, verify that the permissions are correct."  That's fine, don't worry about it.

Once I got past this thanks to you, I was great. I spent an hour trying to figure this one out... Thank you

January 21, 2009 10:42 PM
 

Fro said:

"Activation times out, after about 30 minutes, with "Server is not responding".

Verify the BESAdmin Domain Rights were properly set by going to your BES Server:

Run -> cmd -> cd c:\program files\research in motion\blackberry enterprise server\utility\

IEMSTest.exe

Run the test for both choices against your user.  If you see a failure, which I did in my case, then the domain rights weren't properly set.  Revisit that step."

Activation is taking some serious time, I think it's gonna time out but I tried the IEMSTest and everything was successfull with my user... I don't know what I could have forgotten >.> does it activate quickly ?

January 23, 2009 9:09 AM
 

chad said:

Dude, excellent walkthrough!!!! I have 5 clients running BES and two running BPS and this is so helpful!

Thanks!

January 26, 2009 12:08 AM
 

Unlisted message error or Desktop email program unable to submit message - Page 2 - BlackBerry Forums said:

Pingback from  Unlisted message error or Desktop email program unable to submit message - Page 2 - BlackBerry Forums

January 27, 2009 3:00 PM
 

Unlisted message error or Desktop email program unable to submit message - Page 2 - BlackBerry Forums said:

Pingback from  Unlisted message error or Desktop email program unable to submit message - Page 2 - BlackBerry Forums

January 27, 2009 7:12 PM
 

Blackberry Enterprise Aktivierung - MCSEboard.de MCSE Forum said:

Pingback from  Blackberry Enterprise Aktivierung - MCSEboard.de MCSE Forum

February 26, 2009 6:48 AM
 

Yury said:

Thank you for the great instructions, Sir! I was finally able to get this thing to work :)

After the activation am I supposed to blacklist blackberry.net since we temporarily whitelisted it?

If so, how would I go about doing that?

Thank you for your time.

March 9, 2009 4:20 PM
 

Matt Williamson said:

No, don't blacklist it.  Just leave it whitelisted (meaning any email from this address will always get through) or figure out how to undo this command:

Set-ContentFilterConfig –BypassedSenderDomains blackberry.net

Unfortunately it's not as easy as, Remove-ContentFilterConfig so if you figure out how I'd appreciate the tip!

March 9, 2009 4:44 PM
 

Rosewood said:

Fantastic article and it got me going nice and quickly. Thank you. I just wish I would have found this before I started and I would have saved myself the step of getting all the Exchange 2007 tools installed :O

April 10, 2009 4:47 PM
 

Mnemonix said:

I can finally go to bed.  Been trying to get our BES running by following RIM's instructions.  Found your site just in time.  The veins in my forehead and neck are starting to go back to normal.

Thanks so much.

April 25, 2009 11:00 PM
 

Jonathan said:

Great guide! It worked like a charm. The only step I had to do differently was specific the domain user in Step 3 of adding BESadmin domain rights. So instead of -user besadmin, it had to be -user "domain\besadmin", then IEMSTest.exe started working. Prior to that, I was getting errors relating to not being able to create the search folder (temporary folder).

Thanks again for posting this!

July 1, 2009 3:25 PM
 

Matt Williamson said:

Glad it helped.  I guess it worked for me as is, but it's best to specify the domain if in doubt so I updated the post.  Thanks for the feedback.

July 1, 2009 3:49 PM
 

Adrian said:

Thanks for  the excelent document!.

Our Server went bang and we had to rebuild.  The link to download the BPS software now says "Pin has already been used".  How do I obtain the software?

August 28, 2009 7:35 AM
 

fred said:

use a different PIN and next time save the CAL info

September 9, 2009 12:08 PM
 

Sunnt said:

Thanks much better instructions then what i have found over the net, worked like a charm.. thank you..

September 24, 2009 1:15 PM
 

todd elwell said:

worked great! thanks

September 25, 2009 2:17 PM
 

KMDComp said:

I'm setting up another one of these tomorrow and this looks like a perfect checklist, much more complete then most of the other guides I've used in the past.  THANKS!

October 2, 2009 10:15 AM
 

Mike said:

Does this disable Outlook Web Access for all users or just the users that are using BPS?

October 21, 2009 5:06 PM
 

Matt Williamson said:

OWA is independent of any BlackBerry software.  You don't need to disable OWA if you don't want to.

October 22, 2009 8:40 AM
 

Brian said:

Does the BESAdmin domain user always have to be logged in on the virtual machine. The reason I am asking because we have other profiles using this machine.

October 22, 2009 8:55 AM
 

Matt Williamson said:

No, definitely not.

October 22, 2009 9:02 AM
Powered by Community Server (Non-Commercial Edition), by Telligent Systems