How it Works
Blackberry
Loading...
R
S
T
U
V
W
Y
Z
Loading...
Loading...
SWD-20120924140022907
User Manual
500 pgs3.25 Mb0
Table of contents
Loading...

Blackberry SWD-20120924140022907 User Manual

BlackBerry Enterprise Server for
Microsoft Exchange
Version: 5.0
Service Pack: 3
Administration Guide
Published: 2012-09-24
SWD-20120924140022907
Contents
Document revision history ................................................................................................................................................ 21
Getting started in your BlackBerry Enterprise Server environment ..................................................................................... 22
There is a problem with this website's security certificate .................................................................................................. 26
This connection is untrusted ............................................................................................................................................. 27
Administrative roles and permissions ................................................................................................................................ 29
Preconfigured administrative roles ............................................................................................................................. 29
Creating roles ................................................................................................................................................................... 34
Create a role .............................................................................................................................................................. 34
Create a role based on an existing role ........................................................................................................................ 35
Create an administrator account ....................................................................................................................................... 35
Add an administrator account to a group .......................................................................................................................... 36
Specify an email address for the BlackBerry Administration Service .................................................................................. 37
Permit an administrator to log in to the BlackBerry Administration Service using a messaging server account .................... 37
Assign a BlackBerry device to an administrator account .................................................................................................... 38
4
Using an IT policy to manage BlackBerry Enterprise Solution security ............................................ 39
Using IT policy rules to manage BlackBerry Enterprise Solution security ............................................................................ 39
Preconfigured IT policies .................................................................................................................................................. 40
Default values for preconfigured IT policies ................................................................................................................ 41
Creating and importing IT policies ..................................................................................................................................... 44
Create an IT policy ..................................................................................................................................................... 44
Create an IT policy based on an existing IT policy ........................................................................................................ 45
Import IT policy data .................................................................................................................................................. 45
Import IT policy rules from an IT policy pack ............................................................................................................... 46
Change the value for an IT policy rule ................................................................................................................................ 46
Assign an IT policy to a group ............................................................................................................................................ 47
Assign an IT policy to a user account ................................................................................................................................. 47
Sending an IT policy over the wireless network .................................................................................................................. 48
Resend an IT policy to a BlackBerry device manually .................................................................................................. 48
Resend an IT policy to a BlackBerry device automatically ........................................................................................... 48
Assigning IT policies and resolving IT policy conflicts ......................................................................................................... 49
Option 1: Applying one IT policy to each user account ................................................................................................ 50
Option 2: Applying multiple IT policies to each user account ....................................................................................... 51
View the resolved IT policy rules that are assigned to a user account ........................................................................... 54
Deactivating BlackBerry devices that do not have IT policies applied ................................................................................. 54
Deactivate BlackBerry devices that do not have IT policies applied ............................................................................. 55
Creating new IT policy rules to control third-party applications ........................................................................................... 55
Create an IT policy rule for a third-party application .................................................................................................... 55
Change or delete IT policy rules for third-party applications ........................................................................................ 56
Export all IT policy data to a data file ................................................................................................................................. 56
Delete an IT policy ............................................................................................................................................................ 57
Encrypting data that the BlackBerry Enterprise Server and a BlackBerry device send to each other ................................... 58
Algorithms that the BlackBerry Enterprise Solution uses to encrypt data ..................................................................... 58
Change the symmetric key encryption algorithm that the BlackBerry Enterprise Solution uses .................................... 59
Managing device access to the BlackBerry Enterprise Server ............................................................................................ 59
Turn on the Enterprise Service Policy ......................................................................................................................... 60
Configure the Enterprise Service Policy ...................................................................................................................... 60
Permit a user to override the Enterprise Service Policy ................................................................................................ 61
Extending messaging security to a BlackBerry device ........................................................................................................ 61
Extending messaging security using PGP encryption .................................................................................................. 61
Extending messaging security using S/MIME encryption ............................................................................................. 62
Enforcing secure messaging using classifications .............................................................................................................. 65
Create a message classification ................................................................................................................................. 65
Create a message classification based on an existing message classification .............................................................. 66
Order message classifications .................................................................................................................................... 66
Delete a message classification .................................................................................................................................. 67
Generating organization-specific encryption keys for PIN-message encryption .................................................................. 67
Generate a PIN encryption key ................................................................................................................................... 67
Turn off BlackBerry services that the BlackBerry MDS Connection Service, BlackBerry Collaboration Service, and
BlackBerry MVS provide ................................................................................................................................................... 68
When a BlackBerry device overwrites data in the BlackBerry device memory ..................................................................... 68
Changing when a BlackBerry device cleans the BlackBerry device memory ................................................................ 69
Best practice: Configuring additional memory cleaner settings for BlackBerry devices ................................................ 70
6
Configuring the BlackBerry Enterprise Server environment ............................................................ 71
Best practice: Running the BlackBerry Enterprise Server .................................................................................................. 71
Configuring certain BlackBerry Enterprise Server components to use proxy servers ........................................................... 72
Configure a BlackBerry Enterprise Server component to use a .pac file ....................................................................... 72
Configure a BlackBerry Enterprise Server component to use a proxy server ................................................................. 73
Configure a BlackBerry Enterprise Server component to authenticate to a proxy server on behalf of BlackBerry
devices ...................................................................................................................................................................... 74
Configuring the BlackBerry Administration Service to use a proxy server ............................................................................ 74
Configuring proxy selection for the BlackBerry Administration Service ........................................................................ 75
Configuring the BlackBerry Administration Service to authenticate with a proxy server ................................................ 77
Configuring multiple BlackBerry Enterprise Server instances to use the same BlackBerry Enterprise Server component ..... 79
Configure multiple BlackBerry Enterprise Server instances to use the same BlackBerry MDS Connection Service ........ 79
Configure multiple BlackBerry Enterprise Server instances to use the same BlackBerry Collaboration Service ............. 80
Configuring support for Unicode languages ....................................................................................................................... 80
Configure support for Unicode languages ................................................................................................................... 80
Change the character encoding that the BlackBerry Enterprise Server uses to send Unicode messages ...................... 81
Configure support for Unicode text in calendars on BlackBerry devices in a Microsoft Exchange environment ............. 82
Creating user groups ........................................................................................................................................................ 84
Create a group to manage similar user accounts ......................................................................................................... 84
Add user accounts to a group ..................................................................................................................................... 84
Adding a user account to the BlackBerry Enterprise Server ............................................................................................... 85
Add a user account .................................................................................................................................................... 85
Create a user account that is not in the contact list in the BlackBerry Configuration Database ..................................... 86
Export a list of user accounts ...................................................................................................................................... 87
Importing a list of user accounts to a BlackBerry Enterprise Server ............................................................................. 87
Preparing to distribute a BlackBerry device ....................................................................................................................... 91
Change how the BlackBerry Enterprise Server downloads a user's existing email messages onto the BlackBerry
device ....................................................................................................................................................................... 91
Prevent the BlackBerry Enterprise Server from synchronizing existing email messages onto a BlackBerry device ........ 92
Assigning BlackBerry devices to user accounts ................................................................................................................. 92
Option 1: Activate a BlackBerry device using the BlackBerry Administration Service ................................................... 93
Option 2: Activating a BlackBerry device over the wireless network ............................................................................. 94
Option 3: Activating BlackBerry devices over the LAN ................................................................................................. 97
Option 4: Activating BlackBerry devices using the BlackBerry Web Desktop Manager ................................................. 98
Option 5: Activating BlackBerry devices over an enterprise Wi-Fi network ................................................................... 98
9
Configuring BlackBerry Enterprise Server high availability ............................................................ 101
Check the health of a BlackBerry Enterprise Server ......................................................................................................... 101
Availability state and failover status of the BlackBerry Enterprise Server ................................................................... 101
How the BlackBerry Enterprise Server uses health parameters ........................................................................................ 102
Defining when failover occurs .................................................................................................................................. 102
Changing the promotion threshold and failover threshold ................................................................................................ 104
Change the promotion threshold and failover threshold and the order of the health parameters ................................ 104
Changing when automatic failover occurs by customizing the health parameters for user accounts and messaging
servers .................................................................................................................................................................... 106
Prerequisites: Configuring the BlackBerry Enterprise Server pair to fail over automatically ............................................... 108
Configure the BlackBerry Enterprise Server to fail over automatically ............................................................................... 108
Monitoring the BlackBerry Enterprise Server for an automatic failover event .................................................................... 109
Use the BlackBerry Administration Service to find the time and reason for the last automatic failover event ............... 109
Fail over the BlackBerry Enterprise Server manually using the BlackBerry Administration Service .................................... 109
Fail over the BlackBerry Enterprise Server manually using the BlackBerry Configuration Panel ........................................ 110
Creating a BlackBerry MDS Connection Service pool for high availability .......................................................................... 111
Create a BlackBerry MDS Connection Service pool for high availability ...................................................................... 111
Configure the BlackBerry MDS Connection Service and BlackBerry Collaboration Service to fail over automatically .......... 112
Create a BlackBerry Collaboration Service pool for high availability .................................................................................. 113
Create a BlackBerry Attachment Service pool for high availability .................................................................................... 114
You cannot determine the BlackBerry Attachment Connector that the BlackBerry Enterprise Server or the
BlackBerry MDS Connection Service uses ................................................................................................................ 115
Create a BlackBerry Router pool for high availability ........................................................................................................ 116
Permit a BlackBerry Enterprise Server to connect to a remote BlackBerry Router ..................................................... 117
Creating a BlackBerry Administration Service pool that includes the BlackBerry Web Desktop Manager using DNS
round robin .................................................................................................................................................................... 118
Configure the BlackBerry Administration Service instances in a pool to communicate across network subnets .......... 119
Changing the name of the BlackBerry Administration Service pool .................................................................................. 119
Change the name of the BlackBerry Administration Service pool .............................................................................. 120
Fail over the BlackBerry MDS Connection Service or BlackBerry Collaboration Service manually ..................................... 120
Monitoring the high availability status or job deployment status using the BlackBerry Administration Service ................... 121
Monitor the high availability status or job deployment status using the BlackBerry Administration Service ................. 122
Remove a BlackBerry MDS Connection Service instance from a pool ............................................................................... 122
Remove a BlackBerry Collaboration Service instance from a pool .................................................................................... 123
Remove a BlackBerry Attachment Service instance from a pool ...................................................................................... 123
Remove a BlackBerry Router instance from a pool .......................................................................................................... 124
11
Configuring BlackBerry Configuration Database high availability .................................................. 125
Prerequisites: Configuring database mirroring or database replication of the BlackBerry Configuration Database ............. 125
Configuring database mirroring ....................................................................................................................................... 126
Stop the BlackBerry Enterprise Server instances ...................................................................................................... 126
Configure database mirroring for the BlackBerry Configuration Database ................................................................. 127
Start the BlackBerry Enterprise Server instances ...................................................................................................... 127
Configure the BlackBerry Enterprise Solution to support database mirroring ............................................................. 128
Resend the database mirroring parameters to BlackBerry Enterprise Server components ......................................... 129
Configuring the BlackBerry Configuration Database for one-way transactional replication in an environment that
includes Microsoft SQL Server 2005 or 2008 ................................................................................................................... 130
Stop the BlackBerry Enterprise Server instances ...................................................................................................... 130
Create the replicated BlackBerry Configuration Database from a backup .................................................................. 130
Permit access to the BlackBerry Configuration Database instances .......................................................................... 131
Configure the publication for the BlackBerry Configuration Database ....................................................................... 131
Increase the maximum data size for transactional replication ................................................................................... 132
Prepare the database server that hosts the replicated BlackBerry Configuration Database and configure the
subscription ............................................................................................................................................................ 133
Start the BlackBerry Enterprise Server instances ...................................................................................................... 134
Reacting if the BlackBerry Configuration Database that you configured for transactional replication stops responding ..... 134
Return to the BlackBerry Configuration Database when you configured transactional replication ..................................... 135
Configuring a new mirror BlackBerry Configuration Database .......................................................................................... 135
Managing BlackBerry Java Applications and BlackBerry Device Software ........................................................................ 136
Developing BlackBerry Java Applications for BlackBerry devices ..................................................................................... 137
Preparing to distribute BlackBerry Java Applications ....................................................................................................... 137
Specify a shared network folder for BlackBerry Java Applications ............................................................................. 138
Add a BlackBerry Java Application to the application repository ............................................................................... 139
Add a collaboration client to the application repository ............................................................................................. 139
Specify keywords for a BlackBerry Java Application .................................................................................................. 140
Configuring application control policies ........................................................................................................................... 140
Standard application control policies ....................................................................................................................... 140
Change a standard application control policy ........................................................................................................... 141
Create custom application control policies for a BlackBerry Java Application ............................................................ 141
IT policy rules take precedence on smartphones ...................................................................................................... 143
Application control policies for unlisted applications ....................................................................................................... 143
Change the standard application control policy for unlisted applications that are optional ......................................... 143
Create an application control policy for unlisted applications .................................................................................... 144
Configure the priority of application control policies for unlisted applications ............................................................ 144
Creating software configurations ..................................................................................................................................... 145
Create a software configuration ................................................................................................................................ 146
Add a BlackBerry Java Application to a software configuration ................................................................................. 146
Assign a software configuration to a group ................................................................................................................ 147
Assign a software configuration to multiple user accounts ........................................................................................ 148
Assign a software configuration to a user account ..................................................................................................... 148
Install BlackBerry Java Applications on a BlackBerry device at a central computer .......................................................... 149
View the status of a job ................................................................................................................................................... 150
View the status of a task ........................................................................................................................................... 150
Stopping a job that is running .......................................................................................................................................... 158
Stop a job that is running ......................................................................................................................................... 159
View the users that have a BlackBerry Java Application installed on their BlackBerry devices .......................................... 159
View how the BlackBerry Administration Service resolved software configuration conflicts for a user account ................... 160
Reconciliation rules for conflicting settings in software configurations ............................................................................. 161
Reconciliation rules: BlackBerry Java Applications ................................................................................................... 162
Reconciliation rules: BlackBerry Device Software ..................................................................................................... 164
Reconciliation rules: Standard application settings ................................................................................................... 165
Reconciliation rules: Application control policies ...................................................................................................... 166
Reconciliation rules: Application control policies for unlisted applications ................................................................. 166
Installing BlackBerry Java Applications on BlackBerry devices without using the BlackBerry Administration Service ........ 168
Developing BlackBerry Java Applications for BlackBerry devices ..................................................................................... 168
Methods you can use to install BlackBerry Java Applications on BlackBerry devices ........................................................ 169
Installing BlackBerry Java Applications using the BlackBerry Desktop Software ............................................................... 170
Prerequisites: Installing BlackBerry Java Applications using the BlackBerry Desktop Software .................................. 170
Make the BlackBerry Java Application available to the BlackBerry Desktop Software ................................................ 171
Install the BlackBerry Java Application using the BlackBerry Desktop Software ........................................................ 171
Installing BlackBerry Java Applications using the BlackBerry Application Web Loader ..................................................... 172
Prerequisites: Installing BlackBerry Java Applications using the BlackBerry Application Web Loader ........................ 172
Enable the BlackBerry Application Web Loader on a web server ............................................................................... 173
Install the BlackBerry Java Application using the BlackBerry Application Web Loader ............................................... 174
Installing BlackBerry Java Applications using the standalone application loader tool ........................................................ 174
Prerequisites: Installing BlackBerry Java Applications using the standalone application loader tool ........................... 175
Add BlackBerry Java Application files to a shared network folder .............................................................................. 176
Share the Research In Motion folder that contains the BlackBerry Java Application .................................................. 176
Configure the standalone application loader tool to install the BlackBerry Java Application in automated mode ......... 177
Install the BlackBerry Java Application using the standalone application loader tool ................................................. 177
Installing BlackBerry Java Applications using a web browser on BlackBerry devices ........................................................ 178
Prerequisites: Installing BlackBerry Java Applications using a web browser on BlackBerry devices ............................ 178
Install the BlackBerry Java Application on a web server ............................................................................................ 179
Install the BlackBerry Java Application using a web browser on the BlackBerry device .............................................. 179
14
Configuring how users access enterprise applications and web content ....................................... 180
Specifying a BlackBerry MDS Connection Service as a central push server ...................................................................... 180
Specify a BlackBerry MDS Connection Service as a central push server .................................................................... 181
Configuring how BlackBerry devices authenticate to content servers ............................................................................... 181
Configure how BlackBerry devices authenticate to content servers ........................................................................... 181
Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to content servers that use
NTLM ...................................................................................................................................................................... 182
Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to content servers that use
Kerberos ................................................................................................................................................................. 183
Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to content servers that use
LTPA ....................................................................................................................................................................... 183
Configuring the BlackBerry MDS Connection Service to authenticate devices to the RSA Authentication Manager ..... 184
Configuring how the BlackBerry MDS Connection Service manages requests for web content .......................................... 186
Configure the BlackBerry MDS Connection Service to manage HTTP cookie storage ................................................. 186
Configure the timeout limit for HTTP connections with BlackBerry devices ............................................................... 187
Configure the timeout limit for HTTP connections with web servers ........................................................................... 187
Configure the maximum number of times that the BlackBerry Browser accepts HTTP redirections ............................ 188
15
Permitting push applications to make trusted connections to a BlackBerry MDS Connection Service ............................... 188
Create a key store to store certificates for use with HTTPS connections ..................................................................... 189
Add a certificate for the BlackBerry MDS Connection Service ................................................................................... 189
Export the BlackBerry MDS Connection Service certificate to make it available to push applications ......................... 190
Import the BlackBerry MDS Connection Service certificate to the key store of a push application .............................. 190
Permit push applications to select the transport protocol for PAP requests ...................................................................... 191
Configuring a BlackBerry MDS Connection Service to trust web servers ........................................................................... 191
Specify whether the BlackBerry MDS Connection Service requires trusted HTTPS connections from web servers ...... 192
Specify whether the BlackBerry MDS Connection Service requires trusted TLS connections from web servers ........... 192
Configuring certificate server information for the BlackBerry MDS Connection Service .............................................. 193
Add a retrieved certificate for a web server to the key store ....................................................................................... 200
Permitting users to access intranet sites on BlackBerry devices using global login information ......................................... 200
Configure global login information for intranet site access ......................................................................................... 201
Configuring how the BlackBerry MDS Connection Service connects to BlackBerry devices .............................................. 201
Specify the maximum amount of data that a BlackBerry MDS Connection Service can send to BlackBerry devices .... 201
Specify the pending content timeout limit for a BlackBerry MDS Connection Service ................................................. 202
Permit Java applications to use scalable socket connections with a BlackBerry MDS Connection Service .................. 202
Specify the thread pool size of a BlackBerry MDS Connection Service ....................................................................... 202
Specify the maximum number of scalable socket connections .................................................................................. 203
Prevent the BlackBerry MDS Connection Service from using scalable HTTP ............................................................. 203
Specify the port number that the web server listens on for push application requests ................................................ 204
Specify how often a BlackBerry MDS Connection Service polls for configuration information ..................................... 205
Setting up the messaging environment ........................................................................................ 206
Creating email message filters ........................................................................................................................................ 206
Create an email message filter that applies to all user accounts on a BlackBerry Enterprise Server ............................ 206
Turn on an email message filter that applies to all user accounts on a BlackBerry Enterprise Server .......................... 207
Create an email message filter that applies to a specific user account ....................................................................... 207
Turn on an email message filter that applies to a specific user account ..................................................................... 208
Copying existing email message filters to another BlackBerry Enterprise Server ............................................................... 209
Export email message filters for a BlackBerry Enterprise Server ................................................................................ 209
Import email message filters for a BlackBerry Enterprise Server ................................................................................ 209
Copying existing email message filters to user accounts .................................................................................................. 210
Export email message filters for a user account ........................................................................................................ 210
Import email message filters for a user account ........................................................................................................ 210
Extension plug-ins for processing messages .................................................................................................................... 211
Install an extension plug-in application ..................................................................................................................... 211
Add an extension plug-in to a BlackBerry Messaging Agent ...................................................................................... 212
Change how a BlackBerry Messaging Agent uses extension plug-ins ......................................................................... 213
Mapping contact information fields for synchronization and contact lookups ................................................................... 214
Map a contact information field in an email application to contact list fields on BlackBerry devices ........................... 214
Map a contact list field in an email application to a contact list field on a BlackBerry device ...................................... 214
Map a contact information field in an email application to contact list fields on BlackBerry devices ........................... 215
Map a contact list field in an email application to a contact list field on a BlackBerry device ...................................... 215
Configure the certificate information using IT policies ...................................................................................................... 217
Configure the BlackBerry MDS Connection Service to connect to the certificate authority ................................................ 218
Add communication information to a BlackBerry MDS Connection Service configuration set ..................................... 219
Assign a BlackBerry MDS Connection Service configuration set to a BlackBerry MDS Connection Service instance ... 220
Add certificate information to a Wi-Fi profile .................................................................................................................... 221
Managing an enrolled certificate ..................................................................................................................................... 221
Change the polling interval, logging, and pool size for the BlackBerry MDS Connection Service connection to the
certificate authority ........................................................................................................................................................ 222
Properties in the rimpublic.properties file ................................................................................................................. 223
Installing the client components of the BlackBerry Web Desktop Manager on users' computers ....................................... 224
Publish the client files for the BlackBerry Web Desktop Manager in a Windows GPO for Windows XP ................................ 225
Publish the client files for the BlackBerry Web Desktop Manager in a Windows GPO for Windows Vista ............................. 226
Configure the Microsoft ActiveX Installer on Windows Vista ....................................................................................... 227
Configure users' computers to install the client file for the BlackBerry Web Desktop Manager automatically .................... 227
Make the BlackBerry Web Desktop Manager available to users ....................................................................................... 229
Permit users to perform administrative tasks using the BlackBerry Web Desktop Manager ............................................... 230
Permit users to activate devices using the BlackBerry Web Desktop Manager .................................................................. 231
Permit users to back up and restore data using the BlackBerry Web Desktop Manager .................................................... 231
Configure the domains for backing up data using the BlackBerry Web Desktop Manager ................................................. 232
Change the text colors in the BlackBerry Web Desktop Manager ..................................................................................... 232
BlackBerry Web Desktop Manager text colors .......................................................................................................... 233
Display a custom image in the BlackBerry Web Desktop Manager ................................................................................... 234
Display the domain name on the login page of the BlackBerry Web Desktop Manager ...................................................... 234
19
Creating and configuring Wi-Fi profiles and VPN profiles .............................................................. 235
Creating and configuring Wi-Fi profiles ............................................................................................................................ 235
Prerequisites: Creating Wi-Fi profiles and VPN profiles ............................................................................................. 235
Create a Wi-Fi profile ............................................................................................................................................... 237
Create a Wi-Fi profile based on an existing Wi-Fi profile ............................................................................................ 237
Configure a Wi-Fi profile on a BlackBerry device ....................................................................................................... 238
Assign a Wi-Fi profile to a group ............................................................................................................................... 238
Assign a Wi-Fi profile to a user account .................................................................................................................... 238
Configure a Wi-Fi profile ........................................................................................................................................... 239
Creating and configuring VPN profiles ............................................................................................................................. 239
Create a VPN profile ................................................................................................................................................ 240
Create a VPN profile based on an existing VPN profile ............................................................................................... 240
Configure a VPN profile ............................................................................................................................................ 240
Assign a VPN profile to a group ................................................................................................................................ 241
Assign a VPN profile to a user account ..................................................................................................................... 241
Associate a VPN profile with a Wi-Fi profile ............................................................................................................... 242
Delete a Wi-Fi profile ...................................................................................................................................................... 242
Delete a VPN profile ....................................................................................................................................................... 243
Importing profile information from a .csv file .................................................................................................................... 243
Best practices: Creating a .csv file that contains profile information that you want to import ...................................... 243
Create a .csv file that contains profile information that you want to import ................................................................. 244
Import profile information from a .csv file .................................................................................................................. 246
Configuring WEP encryption ........................................................................................................................................... 247
Configure WEP keys for BlackBerry devices using a Wi-Fi profile ............................................................................... 247
Configuring PSK encryption ............................................................................................................................................ 248
Configure PSK encryption data for BlackBerry devices using a Wi-Fi profile ............................................................... 249
Configuring LEAP authentication .................................................................................................................................... 249
Configure LEAP authentication data for BlackBerry devices using a Wi-Fi profile ....................................................... 250
Configuring PEAP authentication .................................................................................................................................... 250
Configure PEAP authentication data for BlackBerry devices using a Wi-Fi profile ....................................................... 251
Prerequisites: Distributing a certificate using the BlackBerry Desktop Manager ........................................................ 252
Distribute a certificate using the BlackBerry Desktop Manager ................................................................................. 252
Configure PEAP configuration settings in the Wi-Fi profile on a BlackBerry device ..................................................... 253
Configuring EAP-TLS authentication ............................................................................................................................... 254
Configure EAP-TLS authentication data for BlackBerry devices using a Wi-Fi profile .................................................. 255
Configure EAP-TLS configuration settings in the Wi-Fi profile on a BlackBerry device ................................................ 256
Configuring EAP-TTLS authentication ............................................................................................................................. 256
Configure EAP-TTLS authentication data for BlackBerry devices using a Wi-Fi profile ................................................ 257
Configure EAP-TTLS configuration settings in the Wi-Fi profile on a BlackBerry device .............................................. 258
Configuring EAP-FAST authentication ............................................................................................................................. 259
Configure EAP-FAST authentication ......................................................................................................................... 259
Send EAP-FAST authentication data to a BlackBerry device using a Wi-Fi profile ...................................................... 260
Configure EAP-FAST configuration settings in the Wi-Fi profile on BlackBerry devices ............................................... 261
21
Configuring software tokens for BlackBerry devices ..................................................................... 262
Prerequisites: Configuring BlackBerry devices for RSA authentication ............................................................................. 262
Configure BlackBerry devices for RSA authentication ...................................................................................................... 263
Configure RSA authentication over a Wi-Fi network using a software token ...................................................................... 264
Configure RSA authentication over a VPN network using a software token ....................................................................... 264
Assign software tokens to a user account ........................................................................................................................ 265
22 Changing the security settings of the BlackBerry Administration Service and BlackBerry Web
Desktop Manager ........................................................................................................................ 266
Import a new SSL certificate for the BlackBerry Administration Service and BlackBerry Web Desktop Manager ................ 266
Configuring Microsoft Active Directory authentication in an environment that includes a resource forest .......................... 267
Change the information for Microsoft Active Directory authentication ....................................................................... 268
Configuring single sign-on authentication for the BlackBerry Administration Service and BlackBerry Web Desktop
Manager ........................................................................................................................................................................ 269
Configure constrained delegation for the Microsoft Active Directory account to support single sign-on
authentication ......................................................................................................................................................... 270
Turn on single sign-on authentication for the BlackBerry Administration Service ....................................................... 270
BlackBerry Administration Service web addresses and BlackBerry Web Desktop Manager web addresses that
support BlackBerry Administration Service single sign-on ......................................................................................... 271
Changing password settings for BlackBerry Administration Service authentication .......................................................... 272
Change password settings for BlackBerry Administration Service authentication ...................................................... 272
Regenerate the system credentials for the BlackBerry Administration Service ................................................................. 273
Preparing a device for redistribution to a new user .......................................................................................................... 274
Use the BlackBerry Administration Service to delete user data and assign the device to a new user ........................... 274
Use the BlackBerry Administration Service to delete device data and disable the device before assigning the
device to a new user ................................................................................................................................................ 275
Deleting only work data from a device ............................................................................................................................. 275
Delete only work data from a device ......................................................................................................................... 277
Using IT administration commands to protect a lost or stolen device ............................................................................... 278
Protect a stolen device ............................................................................................................................................. 279
Protect a lost device ................................................................................................................................................ 279
Protect a lost device that a user might not recover .................................................................................................... 280
24
25
Managing administrator accounts ............................................................................................... 282
Change role permissions ................................................................................................................................................ 282
Change the roles for an administrator account ................................................................................................................ 282
Delete a role ................................................................................................................................................................... 283
Delete an administrator account ..................................................................................................................................... 283
Managing groups and user accounts ........................................................................................... 285
Managing groups ............................................................................................................................................................ 285
Using default groups to manage user accounts and administrator accounts .............................................................. 285
Remove a user account from a group ....................................................................................................................... 286
Change the properties of a group ............................................................................................................................. 287
Rename a group ...................................................................................................................................................... 287
Delete a group ......................................................................................................................................................... 287
Managing user accounts ................................................................................................................................................. 288
Move a user account to a different group .................................................................................................................. 288
Move a user account from one BlackBerry Enterprise Server to another .................................................................... 289
Delete a user account from the BlackBerry Enterprise Server ................................................................................... 289
Update a user account manually .............................................................................................................................. 290
Add an administrator role to a user account ............................................................................................................. 290
Update the contact list manually .............................................................................................................................. 290
Resend service books to a BlackBerry device ........................................................................................................... 291
26 Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device
settings to BlackBerry devices ..................................................................................................... 292
Managing the default distribution settings for jobs ........................................................................................................... 292
Change default settings for a job schedule ............................................................................................................... 292
Change how IT policies are sent to BlackBerry devices ............................................................................................. 293
Change how to install, update, or remove BlackBerry Java Applications .................................................................... 294
Change how to install or update the BlackBerry Device Software .............................................................................. 296
Change how the BlackBerry Enterprise Server sends standard application settings to BlackBerry devices ................. 297
Managing the distribution settings for a specific job ........................................................................................................ 298
Specify the start time and priority for a job ................................................................................................................ 299
Change how a job sends IT policies to BlackBerry devices ........................................................................................ 299
Change how a job sends BlackBerry Java Applications to BlackBerry devices ........................................................... 300
Change how a job sends the BlackBerry Device Software to BlackBerry devices ........................................................ 302
Change how a job sends standard application settings to BlackBerry devices ........................................................... 303
Managing BlackBerry Java Applications on BlackBerry devices ....................................................................................... 304
Make a BlackBerry Java Application unavailable for installation ................................................................................ 304
Remove a BlackBerry Java Application from BlackBerry devices over the wireless network ....................................... 305
Managing software configurations .................................................................................................................................. 306
Remove a software configuration from a group ......................................................................................................... 306
Remove a software configuration from multiple user accounts .................................................................................. 306
Remove a software configuration from a user account .............................................................................................. 307
Delete a software configuration ................................................................................................................................ 307
27
Managing how users access enterprise applications and web content .......................................... 308
Restricting user access to content on web servers ........................................................................................................... 308
Restrict requests for content on web servers from BlackBerry devices ...................................................................... 308
Specify web address patterns .................................................................................................................................. 309
Create a pull rule ..................................................................................................................................................... 309
Restrict or permit web addresses and Intranet addresses using a pull rule ................................................................ 310
Assign a pull rule to the members of a group ............................................................................................................ 311
Assign a pull rule to user accounts ........................................................................................................................... 311
Restricting user access to media content in the BlackBerry Browser ............................................................................... 312
Prevent users from accessing specific media types .................................................................................................. 312
Configure download limits for media content types ................................................................................................... 312
Default download limits for media content types ....................................................................................................... 313
Configuring Integrated Windows authentication so that users can access resources on your organization's network ......... 314
Configuring the Microsoft Active Directory account to delegate access ..................................................................... 315
Configuring the BlackBerry MDS Connection Service when the messaging server is located in a remote Microsoft
Active Directory domain ........................................................................................................................................... 317
Turn on Integrated Windows authentication so that users can access resources on your organization's network ........ 318
Restricting the push application content that users can receive ....................................................................................... 320
Restrict push applications from sending data to BlackBerry devices ......................................................................... 320
Create push initiators for push applications .............................................................................................................. 320
Turn on push authorization ...................................................................................................................................... 321
Create a push rule ................................................................................................................................................... 322
Assign push initiators to a push rule ......................................................................................................................... 322
Assign a push rule to the members of a group ........................................................................................................... 323
Assign a push rule to user accounts ......................................................................................................................... 323
Encrypt push requests that push applications send to BlackBerry devices ................................................................ 324
Managing push application requests ............................................................................................................................... 324
Specify device ports for application-reliable push requests ....................................................................................... 324
Store push application requests in the BlackBerry Configuration Database ............................................................... 325
Configure the settings for storing push requests in the BlackBerry Configuration Database ....................................... 326
Configure the maximum number of active connections that a BlackBerry MDS Connection Service can process ........ 326
Configure the maximum number of queued connections that a BlackBerry MDS Connection Service can process ..... 327
Managing the wireless backup and recovery of organizer data ......................................................................................... 328
Turn off the wireless backup of organizer data for a user account .............................................................................. 328
Delete organizer data for members of a user group from the BlackBerry Enterprise Server ........................................ 329
Delete a user's organizer data from a BlackBerry Enterprise Server .......................................................................... 329
Turning off organizer data synchronization ...................................................................................................................... 329
Turn off organizer data synchronization for all user accounts that are associated with a BlackBerry Enterprise
Server ..................................................................................................................................................................... 330
Turn off organizer data synchronization for a specific user account ........................................................................... 330
Changing how organizer data synchronizes ..................................................................................................................... 331
Change the direction of organizer data synchronization for all user accounts on a BlackBerry Enterprise Server ........ 331
Change the direction of organizer data synchronization for a specific user account ................................................... 331
Change how the BlackBerry Administration Service resolves conflicts during organizer data synchronization for all
user accounts on a BlackBerry Enterprise Server ...................................................................................................... 332
Change how the BlackBerry Administration Service resolves conflicts during organizer data synchronization for a
specific user account ............................................................................................................................................... 332
Synchronizing contact pictures ....................................................................................................................................... 333
Turn off synchronization of contact pictures for a user account ................................................................................. 333
29
Managing your organization's messaging environment and attachment support ........................... 335
Managing message forwarding ....................................................................................................................................... 335
Forward email messages to a BlackBerry device when no filter rules apply ................................................................ 335
Do not deliver email messages to a BlackBerry device when no filter rules apply ....................................................... 336
Forward email messages from inbox subfolders to a BlackBerry device ..................................................................... 336
Turn off email message forwarding to user accounts in a group ................................................................................. 337
Turn off email message forwarding to a user account ................................................................................................ 337
Turn off synchronization for email messages sent from a BlackBerry device .............................................................. 338
Turn off email message forwarding when a user connects a BlackBerry device to a computer ................................... 338
Managing the incoming message queue ......................................................................................................................... 339
Delete email messages for user accounts from the incoming message queue ........................................................... 339
Managing wireless message reconciliation ...................................................................................................................... 340
Turn off wireless message reconciliation for a BlackBerry Enterprise Server .............................................................. 340
Turn on reconciliation for email messages that are hard deleted ............................................................................... 340
Managing access to remote message data ...................................................................................................................... 341
Prevent a user from checking the availability of meeting participants on the BlackBerry device ................................. 341
Prevent a user from searching for remote email messages using a device ................................................................. 342
Managing email messages that contain HTML and rich content ...................................................................................... 343
View whether a user turned on support for email messages that contain HTML and rich content for a BlackBerry
device ..................................................................................................................................................................... 343
Turn off support for rich text formatting and inline images in email messages for users on a BlackBerry Enterprise
Server ..................................................................................................................................................................... 344
Turn off support for rich text formatting and inline images in email messages using an IT policy rule .......................... 345
Synchronizing folders on the BlackBerry device .............................................................................................................. 346
Control which published public contact folders a user can synchronize to a BlackBerry device .................................. 346
Control which personal contact subfolders a user can synchronize to a BlackBerry device ........................................ 346
Control which personal mail folders a user can synchronize with a BlackBerry device ................................................ 347
Configuring access to documents on remote file systems ................................................................................................ 348
Configure the BlackBerry MDS Connection Service to communicate with a remote file system .................................. 348
Add communication information to a BlackBerry MDS Connection Service configuration set ..................................... 349
Assign a BlackBerry MDS Connection Service configuration set to a BlackBerry MDS Connection Service instance ... 350
Managing signatures and disclaimers in email messages ................................................................................................ 351
Add a signature to email messages that a user sends from a BlackBerry device ........................................................ 351
Add a disclaimer to email messages that users send from BlackBerry devices .......................................................... 352
Add a disclaimer to email messages that a user sends from a BlackBerry device ....................................................... 352
Specify conflict rules for disclaimers ........................................................................................................................ 353
Turn off disclaimers for email messages ................................................................................................................... 353
Monitor email messages that users send from BlackBerry devices ................................................................................... 354
Sending notification messages to users ........................................................................................................................... 354
Send a notification message to all users in a BlackBerry Domain .............................................................................. 355
Send a notification message to all users on a BlackBerry Enterprise Server ............................................................... 355
Send a notification message to group members ........................................................................................................ 355
Send a notification message to a user ....................................................................................................................... 356
Change the size of the message state database ............................................................................................................... 356
How the BlackBerry Attachment Connector communicates with BlackBerry Attachment Service instances ..................... 357
Change how a BlackBerry Attachment Connector retries sending requests to a BlackBerry Attachment Service ........ 357
Change how a BlackBerry Attachment Connector restores a lost connection to a BlackBerry Attachment Service ..... 358
Attachment file formats that the BlackBerry Attachment Service supports ...................................................................... 359
Limitations for supported attachment file formats ..................................................................................................... 359
Changing how a BlackBerry Attachment Service converts attachments ........................................................................... 361
Change how a BlackBerry Attachment Service converts attachments ....................................................................... 361
Change the maximum file size for attachments that users can receive ...................................................................... 363
Turn off support for an attachment file format for a BlackBerry Attachment Service ......................................................... 364
Add support for an additional attachment file format to a BlackBerry Attachment Service ................................................ 365
Changing how the BlackBerry Messaging Agent reconciles attachments to the messaging server .................................... 366
Change the maximum file size for attachments that users can send .......................................................................... 366
Prevent users from sending large attachments ......................................................................................................... 367
Change the maximum file size of attachments that users can download .................................................................... 367
Configuring the BlackBerry Enterprise Server to use Microsoft Exchange Web Services or MAPI and CDO libraries ........... 369
Prerequisites: Configuring the BlackBerry Enterprise Server to use Microsoft Exchange Web Services ....................... 369
Turn off client throttling in Microsoft Exchange 2010 ................................................................................................ 370
Configure the BlackBerry Enterprise Server to use Microsoft Exchange Web Services ................................................ 370
Configure the BlackBerry Enterprise Server to use MAPI and CDO libraries ............................................................... 371
Configure the BlackBerry Messaging Agent instances to use a web address for a specific Microsoft Autodiscover
service .................................................................................................................................................................... 372
Configure the BlackBerry Messaging Agent instances to use a specific web address for a client access server for
Microsoft Exchange ................................................................................................................................................. 373
Configuring the BlackBerry Messaging Agent instances to look up the user's status using only Microsoft Exchange
Web Services ........................................................................................................................................................... 374
Correcting calendar synchronization errors on devices .................................................................................................... 375
Configuration levels using the BlackBerry Enterprise Trait Tool ................................................................................. 375
Turn off corrective calendar synchronization ............................................................................................................ 376
View the current settings for corrective calendar synchronization ............................................................................. 377
Turn off automatic error correction in corrective calendar synchronization ................................................................ 377
Configure the range of days to check for calendar synchronization errors .................................................................. 378
Configure when corrective calendar synchronization runs ......................................................................................... 379
Logging information for corrective calendar synchronization ..................................................................................... 380
Delete a setting for corrective calendar synchronization ........................................................................................... 381
Start corrective calendar synchronization manually for a user account ............................................................................ 382
Improving the flow of email messages and calendar synchronization when the BlackBerry Enterprise Server runs on
Windows Server 2008 ..................................................................................................................................................... 382
Change how the BlackBerry Enterprise Server creates temporary MAPI profiles for the CalHelper application ........... 383
31
Managing instant messaging ....................................................................................................... 384
Installing a collaboration client on BlackBerry devices ..................................................................................................... 384
Change the instant messaging server or pool that a BlackBerry Collaboration Service connects to .................................... 385
Change the transport protocol for a Microsoft instant messaging environment ................................................................. 385
Specify the Windows domain name for users who log in to a collaboration client .............................................................. 386
Managing instant messaging sessions ............................................................................................................................. 387
Specify the maximum number of instant messaging sessions that can be open at the same time ............................... 387
Specify the inactivity timeout limit for instant messaging sessions ............................................................................. 387
Managing instant messaging features ............................................................................................................................. 388
Prevent users from sending specific file types to instant messaging contacts using the BlackBerry Client for IBM
Lotus Sametime ....................................................................................................................................................... 388
Specifying the maximum size of file types that users can send using the BlackBerry Client for IBM Lotus Sametime .. 388
Prevent users from sending instant messaging conversations in email messages ...................................................... 389
Prevent users from saving instant messaging conversations ..................................................................................... 389
Hide the icon that appears on BlackBerry devices for mobile contacts ...................................................................... 389
Make additional contact information and phone numbers available for the BlackBerry Client for IBM Lotus
Sametime users ....................................................................................................................................................... 390
Restarting BlackBerry Enterprise Server components ..................................................................................................... 392
Restart a BlackBerry Enterprise Server component using the BlackBerry Administration Service .............................. 393
Restart a BlackBerry Enterprise Server component using Windows Services ............................................................. 393
Best practice: Restarting more than one BlackBerry Administration Service instance ............................................... 394
Using the BlackBerry Enterprise Trait Tool ...................................................................................................................... 394
Use the BlackBerry Enterprise Trait Tool .................................................................................................................. 394
BlackBerry Enterprise Trait Tool traits ............................................................................................................................. 395
Permit the BlackBerry Messaging Agent to write statistics to Microsoft Exchange mailboxes ............................................ 406
Managing BlackBerry CAL keys ...................................................................................................................................... 407
Add or delete a BlackBerry CAL key ......................................................................................................................... 407
Copy a BlackBerry CAL key to a text file .................................................................................................................... 408
Configuring the BlackBerry Mail Store Service instance that updates the contact list ....................................................... 408
Configure the BlackBerry Mail Store Service instance that updates the contact list ................................................... 409
Configuring a Hosted BlackBerry services environment ................................................................................................... 409
Configuring Hosted BlackBerry services when you permit your organization’s customers limited access to
Microsoft Active Directory ........................................................................................................................................ 410
Configure Hosted BlackBerry services when your organization’s customers have full control of their subtree in
Microsoft Active Directory ........................................................................................................................................ 411
Configuring the BlackBerry Enterprise Server to use LDAP to retrieve email addresses and organizer data ....................... 412
Configure the BlackBerry Enterprise Server to connect to Microsoft Active Directory ................................................. 413
Configure the BlackBerry Enterprise Server to retrieve email addresses and organizer data using LDAP .................... 414
Prevent the BlackBerry Enterprise Server from retrieving contact information for specific users ................................ 415
Restrict the location in Microsoft Active Directory that the BlackBerry Enterprise Server can retrieve email
addresses and organizer data from .......................................................................................................................... 416
Configuring BlackBerry Policy Service throttling .............................................................................................................. 416
View the current settings for BlackBerry Policy Service throttling .............................................................................. 417
Configuring BlackBerry Policy Service throttling for IT policies and service books ...................................................... 417
Configuring BlackBerry Policy Service throttling for PIN encryption keys ................................................................... 419
Configuring BlackBerry Policy Service throttling for application polling ..................................................................... 419
Delete a BlackBerry Policy Service throttling setting ................................................................................................. 420
Change the port number that BlackBerry Enterprise Server components use to connect to the BlackBerry
Configuration Database .................................................................................................................................................. 421
Change the port number that the syslog tools use to monitor BlackBerry Enterprise Server events ................................... 422
How the BlackBerry Controller monitors the BlackBerry Enterprise Server components ................................................... 423
Change how the BlackBerry Controller restarts the BlackBerry Messaging Agent ...................................................... 423
Change how the BlackBerry Controller restarts a BlackBerry Enterprise Server service ............................................. 426
BlackBerry Enterprise Server Alert Tool ........................................................................................................................... 428
Configuring notifications using the BlackBerry Enterprise Server Alert Tool ............................................................... 428
Monitoring PIN messages, SMS text messages, and calls ................................................................................................ 431
Change the default location for the log files for PIN messages, SMS text messages, and calls .................................... 431
Log files for BlackBerry Enterprise Server components .................................................................................................... 433
Changing the location where BlackBerry Enterprise Server components save log files ............................................... 433
Changing how BlackBerry Enterprise Server components create log files .................................................................. 434
Component identifiers for log files ............................................................................................................................ 439
BlackBerry MDS Connection Service log files .................................................................................................................. 440
Changing how the BlackBerry MDS Connection Service creates a log file .................................................................. 440
Using BlackBerry MDS Connection Service log files to view information for proxied connections to BlackBerry
devices .................................................................................................................................................................... 444
BlackBerry Collaboration Service log files ........................................................................................................................ 445
Change which activities the BlackBerry Collaboration Service writes to a log file ........................................................ 445
35
BlackBerry Enterprise Solution connection types and port numbers ............................................. 447
BlackBerry Administration Service connection types and port numbers ........................................................................... 447
BlackBerry Attachment Service connection types and port numbers ............................................................................... 449
BlackBerry Collaboration Service connection types and port numbers ............................................................................. 450
BlackBerry Configuration Database connection types and port numbers ......................................................................... 452
BlackBerry Controller connection types and port numbers .............................................................................................. 453
BlackBerry Dispatcher connection types and port numbers ............................................................................................ 454
BlackBerry Messaging Agent connection types and port numbers ................................................................................... 456
BlackBerry MDS Connection Service connection types and port numbers ....................................................................... 459
BlackBerry Monitoring Service connection types and port numbers ................................................................................. 460
BlackBerry Policy Service connection types and port numbers ........................................................................................ 461
BlackBerry Router connection types and port numbers ................................................................................................... 462
BlackBerry Synchronization Service connection types and port numbers ......................................................................... 464
CalHelper connection type and port number ................................................................................................................... 465
IBM Lotus Sametime connection type and port number .................................................................................................. 466
Microsoft Exchange connection types and port numbers ................................................................................................. 466
Microsoft Office Live Communications Server 2005 connection types and port numbers .................................................. 467
BlackBerry Client for use with Microsoft Office Live Communications Server 2005 connection types and port numbers .... 467
Novell GroupWise Messenger connection type and port number ..................................................................................... 468
SNMP agent connection types and port numbers ............................................................................................................ 468
Syslog connection type and port number ........................................................................................................................ 469
Troubleshooting: Connecting to the BlackBerry Administration Service ........................................................................... 470
The web browser displays an HTTP 404 or HTTP 504 error message when it tries to connect to a BlackBerry
Administration Service instance ............................................................................................................................... 470
Troubleshooting: BlackBerry Enterprise Server Performance ........................................................................................... 471
A BlackBerry Enterprise Server that you installed remotely from the BlackBerry Configuration Database uses an
unexpected amount of system resources and increases wireless network traffic ....................................................... 471
Microsoft SQL Server uses a considerable amount of disk space ............................................................................... 472
Troubleshooting: Setting up user accounts ...................................................................................................................... 472
You cannot create a user account in the BlackBerry Administration Service .............................................................. 472
You cannot find a new user account in the directory using the BlackBerry Administration Service ............................. 473
Troubleshooting: Messaging ........................................................................................................................................... 473
Messages are not delivered to BlackBerry devices .................................................................................................... 473
Text does not appear correctly in Unicode email messages ...................................................................................... 474
Troubleshooting: Instant messaging ................................................................................................................................ 474
Users cannot view phone numbers for contacts in the BlackBerry Client for IBM Lotus Sametime ............................. 474
A user did not accept a notification about an instant message on a computer and the notification disappeared ......... 476
A user receives a 301 error when the user logs in to an instant messaging application on a BlackBerry device ........... 476
Troubleshooting: BlackBerry Web Desktop Manager ....................................................................................................... 477
Troubleshooting: Users cannot log in to the BlackBerry Web Desktop Manager ......................................................... 477
Troubleshooting: Connections to the Wi-Fi network ......................................................................................................... 478
A BlackBerry device cannot connect to a Wi-Fi network ............................................................................................ 478
A BlackBerry device cannot open a VPN connection ................................................................................................ 487
A BlackBerry device cannot connect to the mobile network using UMA or GAN ......................................................... 488
Verify whether a BlackBerry device can resolve an IP address ................................................................................... 489
Look up a computer name to resolve an IP address .................................................................................................. 489
Troubleshooting: BlackBerry Administration Service pools .............................................................................................. 490
BlackBerry Administration Service instances located in different network segments are not connecting to each
other ....................................................................................................................................................................... 490
Troubleshooting: BlackBerry Monitoring Service connections .......................................................................................... 491
A user cannot log in to the BlackBerry Monitoring Service ......................................................................................... 491
Troubleshooting: IT policies ............................................................................................................................................ 492
I cannot find an IT policy rule in the BlackBerry Administration Service ..................................................................... 492
37
Glossary ...................................................................................................................................... 493

Administration Guide Overview: BlackBerry Enterprise Server

Overview: BlackBerry
1
Enterprise Server
The BlackBerry Enterprise Server is designed to be a secure, centralized link between an organization's wireless network, communications software, applications, and BlackBerry smartphones. The BlackBerry Enterprise Server integrates with your organization's existing infrastructure to provide smartphone users with mobile access to your organization's resources.
You can manage the BlackBerry Enterprise Server, smartphones, and user accounts using the BlackBerry Administration Service. You can access the BlackBerry Administration Service web application from any computer that can access the computer that hosts the BlackBerry Administration Service.
You can optionally install BlackBerry Mobile Fusion Studio in your organization's environment to provide a simplified administrative console for your organization's helpdesk administrators and an integrated view of the BlackBerry Enterprise Server and other MDM domains. For more information, visit http://www.blackberry.com/go/serverdocs to see the BlackBerry Mobile Fusion Studio Feature and Technical Overview.

Document revision history

Date Description
17 September 2012 Updated the following topics:
• Create an administrator account
• Permit users to perform administrative tasks using the BlackBerry Web Desktop Manager
• Add a retrieved certificate for a web server to the key store
• Changing password settings for BlackBerry Administration Service authentication
• Permit a BlackBerry Enterprise Server to connect to a remote BlackBerry Router
• Use the BlackBerry Administration Service to delete device data and disable the device before assigning the device to a new user
21
Administration Guide Overview: BlackBerry Enterprise Server
Date Description
14 September 2011 Updated the following topics:
• Import IT policy data
• Reconciliation rules for conflicting IT policies when you apply multiple IT policies to a user account
• Reconciliation rules for conflicting IT policies when you apply one IT policy to the user account
• Troubleshooting: IT policies
• Mapping contact information fields for synchronization and contact lookups
• Map a contact information field in an email application to a contact list field on BlackBerry devices
• Permit users to create activation passwords using the BlackBerry Web Desktop Manager
3 August 2011 Added the following topic:
• Import IT policy rules from an IT policy pack
14 June 2011 Updated the following topics:
• Configuring a new mirror BlackBerry Configuration Database
• Configure the certificate information using IT policies
07 March 2011 Initial version

Getting started in your BlackBerry Enterprise Server environment

The following table lists the tasks that administrators typically perform after installing a BlackBerry Enterprise Server, and the chapter or section in the BlackBerry Enterprise Server Administration Guide that contains the information required to complete the task. Some of the tasks might not be required in your organization's environment.
Task Chapter
Create administrator accounts. Creating administrator accounts
22
Administration Guide Overview: BlackBerry Enterprise Server
Task Chapter
Review the default IT policies. If necessary, change existing IT policies or create new IT policies.
Configuring security options
• Section: Using an IT policy to manage BlackBerry
Enterprise Solution security
Add user accounts to the BlackBerry Enterprise Server. Configuring user accounts
• Section: Adding a user account to the BlackBerry
Enterprise Server
Create groups. Configuring user accounts
• Section: Creating groups
Add user accounts to groups. Configuring user accounts
• Section: Add a user account to a group
Review the default distribution settings for IT policies. If necessary, change the default distribution settings.
Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices
• Section: Change how IT policies are sent to BlackBerry
devices
Assign IT policies to groups or user accounts. Setting up security options
• Section: Assign an IT policy to a group
• Section: Assign an IT policy to a user account
Assign BlackBerry devices to user accounts. Assigning BlackBerry devices to users
If necessary, change the default messaging settings for your organization's environment.
Setting up the messaging environment Managing your messaging environment and attachment
support
Prepare to distribute BlackBerry Java Applications. Sending software and BlackBerry Java Applications to
BlackBerry devices
• Section: Preparing to distribute BlackBerry Java
Applications
Review the default distribution settings for BlackBerry Java Applications. If necessary, change the default distribution settings.
Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices
23
Administration Guide Overview: BlackBerry Enterprise Server
Task Chapter
• Section: Change how to install, update, or remove
BlackBerry Java Applications on BlackBerry devices
Review the default application control policies and application control policies for unlisted applications. If necessary, change the existing application control policies.
Sending software and BlackBerry Java Applications to BlackBerry devices
• Section: Configuring application control policies
• Section: Application control policies for unlisted
applications
Create software configurations for BlackBerry Java Applications.
Sending software and BlackBerry Java Applications to BlackBerry devices
• Section: Creating software configurations
Assign software configurations for BlackBerry Java Applications to groups, multiple user accounts, or individual user accounts.
Sending software and BlackBerry Java Applications to BlackBerry devices
• Section: Assign a software configuration to a group
• Section: Assign a software configuration to multiple user
accounts
• Section: Assign a software configuration to a user
account
Configure BlackBerry Enterprise Server high availability. Configuring BlackBerry Enterprise Server high availability
Optional tasks
Task Chapter
Update BlackBerry Device Software on BlackBerry devices. Visit www.blackberry.com/go/serverdocs to see the
BlackBerry Device Software Update Guide.
Make the BlackBerry Web Desktop Manager available to users and configure the BlackBerry Web Desktop Manager.
Making the BlackBerry Web Desktop Manager available to users
Configuring the BlackBerry Web Desktop Manager
Change the default settings for your instant messaging
Managing instant messaging
environment.
Create and configure Wi-Fi and VPN profiles. Creating and configuring Wi-Fi profiles and VPN profiles
Configure BlackBerry devices to enroll certificates. Configuring BlackBerry devices to enroll certificates
24
Administration Guide Overview: BlackBerry Enterprise Server
Task Chapter
Configure high availability for BlackBerry Enterprise Server components and for the BlackBerry Configuration Database.
Use the BlackBerry Monitoring Service to troubleshoot issues and monitor the health of a BlackBerry Enterprise Server.
Change how the BlackBerry Enterprise Server creates log files.
Configuring BlackBerry Enterprise Server high availability Configuring BlackBerry Configuration Database high
availability
Visit www.blackberry.com/go/serverdocs to see the BlackBerry Enterprise Server Monitoring Guide.
BlackBerry Enterprise Server log files
25

Administration Guide Log in to the BlackBerry Administration Service for the first time

Log in to the BlackBerry
2
Administration Service for the first time
To open the BlackBerry Administration Service, you can use a browser on any computer that has access to the computer that hosts the BlackBerry Administration Service.
Before you begin: To manage a BlackBerry device using the BlackBerry Administration Service while the BlackBerry device is connected to the computer, the browser must permit Microsoft ActiveX controls.
1. In the browser, type https:// that hosts the BlackBerry Administration Service.
2. In the User name field, type admin.
3. In the Password field, type the password that you created during the installation process.
4. In the Log in using drop-down list, click BlackBerry Administration Service or Active Directory Authentication.
5. Click Log in.
Related information
Best practice: Running the BlackBerry Enterprise Server, 71 The web browser displays an HTTP 404 or HTTP 504 error message when it tries to connect to a BlackBerry Administration
Service instance, 470
<server_name>
/webconsole/app, where <server_name> is the name of the computer

There is a problem with this website's security certificate

Description
The browser displays this error message when you try to navigate to the BlackBerry Administration Service using Windows Internet Explorer version 7 or later.
26
Administration Guide Log in to the BlackBerry Administration Service for the first time
Possible solution
Add the web address for the BlackBerry Administration Service to the list of trusted web sites in Windows Internet Explorer, and install the certificate for the BlackBerry Administration Service in the certificate store of your computer.
1. In Windows Internet Explorer, navigate to the BlackBerry Administration Service console.
2. Click Continue to this website (not recommended).
3. On the Tools menu, click Internet Options.
4. On the Security tab, click Local Intranet.
5. Click Sites.
6. Click Add to add the console to the list of trusted web sites.
7. Click Close.
8. Click OK.
9. In the browser window, on the toolbar, click Certificate Error.
10. Click View certificates.
11. Click Install certificate. The Certificate Import Wizard opens.
12. Complete the instructions in the Certificate Import Wizard. If you are trying to log in to the BlackBerry Administration
Service using a computer that runs Windows Vista, perform the following actions in the Certificate Import Wizard. a In the Certificate Store dialog box, click Place all certificates in the following store.
b Click Browse. c Click Trusted Root Certification Authorities. d Click OK.
13. Close and reopen the browser.

This connection is untrusted

Description
The browser displays this error message when you try to navigate to the BlackBerry Administration Service or BlackBerry Monitoring Service using Mozilla Firefox 3.6.
Possible solution
Install the certificate for the BlackBerry Administration Service or BlackBerry Monitoring Service in the certificate store of your computer.
1. In Firefox, navigate to the BlackBerry Administration Service console or BlackBerry Monitoring Service console.
27
Administration Guide Log in to the BlackBerry Administration Service for the first time
2. Click I Understand the Risks.
3. Click Add Exception.
4. Click Confirm Security Exception.
5. Close and reopen the browser.
28

Administration Guide Creating administrator accounts

Creating administrator
3
accounts

Administrative roles and permissions

You create roles for administrator accounts or assign preconfigured roles to administrator accounts so that you can specify what tasks an administrator can perform on the BlackBerry Enterprise Server.
You can specify the actions that administrators can perform by changing the permission that you assign to administrative roles. Permissions specify the information that administrators can view and the tasks that they can perform using the BlackBerry Administration Service and BlackBerry Monitoring Service. Each action that you perform in the BlackBerry Administration Service is associated with a specific permission. You can specify the actions that administrators can perform by changing the permission that you assign to administrative roles. For more information about performing specific tasks that are associated with the permissions, see the BlackBerry Enterprise Server Administration Guide. Roles do not apply to tasks that an administrator can perform using the BlackBerry Configuration Panel.
You can assign multiple roles to administrator accounts. If you assign multiple roles to an administrator account, the administrator is assigned all the permissions that are turned on for each of the roles.
You can also assign roles to groups and add administrator accounts to groups. This allows you to specify administrative role permissions at a group level instead of at an individual level. If the group contains BlackBerry device users, the roles are also assigned to the users and the users become administrators.

Preconfigured administrative roles

The BlackBerry Enterprise Server installation process includes preconfigured administrative roles. You can use the preconfigured administrative roles in your organization's environment instead of creating customize administrative roles. Each preconfigured administrative role contains multiple permissions that are turned on. The preconfigured administrative roles make sure that users that do not have specific administrative permissions cannot escalate their permissions. For example, junior helpdesk administrators cannot escalate their roles to senior helpdesk administrator roles. You can configure additional permissions in the preconfigured administrative roles or turn off any of the permissions.
29
Administration Guide Creating administrator accounts
Permission name Security role
Enterprise
role
Senior
Helpdesk
role
Junior
Helpdesk
role
Create a group X X X
Delete a group X X
View a group (across Group) X X X X
Edit a group (across Group) X X X X
Create a user X X X
Delete a user X X X
View a user (across Group) X X X X
Edit a user (across Group) X X X X
View a device (across Group) X X X X
Edit a device (across Group) X X X X
View device activation
X X
settings
Edit device activation
X X
settings
Server only
role
User only
role
X
X
X
X
X
X
X
X
X
X
X
X
Create an IT policy X X
Delete an IT policy X X
View an IT policy X X X X
Edit an IT policy X X
Import an IT policy X X
Export an IT policy X X
Create a user-defined IT
X X
policy template
Delete a user-defined IT
X X
policy template
Edit a user-defined IT policy
X X
template
30
X
X
X
X
X
X
X
X
X
Loading...
+ 470 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use