Blackberry Enterprise Services with Exchange 2010 Sp1

These requirements were gathered from Microsoft and Blackberry support sites, and are presented here in an easy format of implementing them.
The Design can be summarized as follow:
  • One BES Server
  • One Existing backend Server
  • Existing Exchange 2010 Sp1 Servers
The initial software used are:
  • Windows 2008 R2 for BES Server, Member of the Domain
  • Windows 2008 R2 for the SQL Server 2008 Sp1, Member of the Domain
  • BES 5.0.2 with a trial license acquired from the enterprise solution section of www.blackberry.com

 

Create a Windows account that has a Microsoft Exchange 2010 mailbox

You must create a Windows® account with a Microsoft® Exchange 2010 mailbox so that the Windows account can authenticate with the Microsoft® Exchange Server.
Before you begin: If you want free/busy lookups to work in Microsoft® Outlook® 2003 and earlier, you must configure Microsoft Exchange 2010 to support Microsoft Outlook 2003 and earlier by creating a public folder database. For more information about supporting Microsoft Outlook 2003 and earlier, visit http://support.microsoft.com to read article 555851 and visit http://technet.microsoft.com to read articles 123694, 124270, 397221, and 691120.

  1. On the computer that hosts Microsoft Exchange, log in using an administrator account that has the permission to create accounts.
  2. Open the Microsoft Exchange Management Console.
  3. Create an account and mailbox that you name BESAdmin.
  4. To permit the BlackBerry® Enterprise Server to check if a BlackBerry device user has permission to access a public folder, assign the Owner permission for all public folders to the administrator account.
After you finish:
  • To verify that you created the Windows account, log in to a computer using the Windows account.
  • Verify that the Windows account is not a member of the Domain Administrators group in Microsoft® Active Directory®.
  • Verify that BlackBerry device users have Read permissions and Visible permissions to public folders.
  • To permit BlackBerry device users to check the availability of meeting participants using BlackBerry® Device Software 4.5 or later, configure the Schedule+ Free/Busy information for the system public folder. For more information, visit http://technet.microsoft.com to read articles 629523 and 691129.
Configure permissions for the Windows account
  1. Add BESAdmin in the local administrator group of the BES Server
  2. Add BESAdmin in the local administrator group of the SQL Server
  3. Add BESAdmin as sysadmin in the SQL Server security roles
Note: You can check more SQL Permission based on the scenario on http://docs.blackberry.com/en/admin/deliverables/12070/Configuring_the_BES_databases_connection_868247_11.jsp
Configure Microsoft Exchange 2010 permissions for the Windows account


  1. On a computer that hosts the Microsoft Exchange Management Shell, open the Microsoft Exchange Management Shell.
  2. Type Get-MailboxDatabase | Add-ADPermission -User "BESAdmin" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin.
  3. Type Add-RoleGroupMember "View-Only Organization Management" -Member "BESAdmin".
  4. Do one of the following:
    • To set the permissions at the organizational unit level, type Add-ADPermission -InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As -User "BESAdmin" -Identity "OU=<organizational_unit>,DC=<domain_1>,DC=<domain_2>,DC=<domain_3>" where <domain_1>, <domain_2>, and <domain_3> form the name of the domain. For example, if the organizational unit is Texas and the domain name is example.organization.net, type Texas for <organizational_unit>, example for <domain_1>, organization for <domain_2>, and net for <domain_3>.
    • To set the permissions at the common name level, type Add-ADPermission -InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As -User "BESAdmin" -Identity "CN=<common_name>,DC=<domain_1>,DC=<domain_2>,DC=<domain_3>" where <domain_1>, <domain_2>, and <domain_3> form the name of the domain. For example, if the common name is Users and the domain name is example.organization.net, type Users for <common_name>, example for <domain_1>, organization for <domain_2>, and net for <domain_3>.
After you finish: If you create a new mailbox database for Microsoft Exchange, repeat step 2.
Turn off client throttling in Microsoft Exchange 2010
By default, Microsoft® Exchange 2010 uses client throttling policies to track the bandwidth that each Microsoft Exchange user consumes and enforce bandwidth limits, as necessary. The policies affect the performance of the BlackBerry® Enterprise Server negatively, so you should turn off client throttling for the Windows® account that has a Microsoft Exchange mailbox.
  1. On a computer that hosts the Microsoft Exchange Management Shell, open the Microsoft Exchange Management Shell.
  2. Type New-ThrottlingPolicy BESPolicy.
  3. Type Set-ThrottlingPolicy BESPolicy -RCAMaxConcurrency $null -RCAPercentTimeInAD $null -RCAPercentTimeInCAS $null -RCAPercentTimeInMailboxRPC $null -EWSMaxConcurrency $null -EWSPercentTimeInAD $null -EWSPercentTimeInCAS $null -EWSPercentTimeInMailboxRPC $null -EWSMaxSubscriptions $null -EWSFastSearchTimeoutInSeconds $null -EWSFindCountLimit $null.
  4. Type Set-Mailbox "BESAdmin" -ThrottlingPolicy BESPolicy.

Increase the maximum number of connections to the Address Book service in Microsoft Exchange 2010
By default, Microsoft® Exchange 2010 limits the maximum number of connections from the BlackBerry® Enterprise Server to the Address Book service to 50. To permit the BlackBerry Enterprise Server to run, you must increase the number of permitted connections to a large value (for example, 100,000).

  1. On the computer that hosts the Microsoft Exchange CAS server, in <drive>:\Program Files\Microsoft\Exchange Server\V14\Bin, in a text editor, open the microsoft.exchange.addressbook.service.exe.config file.
  2. Change the value of the MaxSessionsPerUser key to 100000.
  3. Save and close the file.
  4. Restart the Address Book service.
Note: if you have deployed Hosted exchange, you will not need to do the above

Configure a management role for Microsoft Exchange Web Services
If you want the BlackBerry® Enterprise Server to use Microsoft® Exchange Web Services to manage calendars on BlackBerry devices, you must configure a management role for Microsoft Exchange Web Services in Microsoft Exchange 2010.
For more information about configuring the BlackBerry Enterprise Server to use Microsoft Exchange Web Services, see the BlackBerry Enterprise Server Administration Guide.

  1. On a computer that hosts the Microsoft Exchange Management Shell, open the Microsoft Exchange Management Shell.
  2. Type New-ManagementRoleAssignment -Name "BES Admin EWS" -Role ApplicationImpersonation -User "BESAdmin".

MAPI and CDO Requirements:
Download and install the following on the BES Server http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e17e7f31-079a-43a9-bff2-0a110307611e&displaylang=en
Configure the BlackBerry Enterprise Server to run without public folders
If you did not install any public folders in Microsoft® Exchange, you must configure the BlackBerry® Enterprise Server to run without public folders by changing a registry key.
  1. On each computer that hosts the BlackBerry Enterprise Server, click Start > Run.
  2. In the Open field, type regedit.
  3. Click OK.
  4. Perform one of the following actions:
    • If you are running a 32-bit version of Windows®, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Messaging Subsystem\CDO.
    • If you are running a 64-bit version of Windows, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Messaging Subsystem.
  5. If the CDO registry key does not exist, create a registry key that you name CDO.
  6. In the CDO registry key, if the DWORD value does not exist, create a DWORD value that you name Ignore No PF.
  7. Change the DWORD value to 1.
  8. Click OK.

 

 

Prerequisites: Installing the BlackBerry Enterprise Server software



  • Verify that the Windows® account that you use to install the BlackBerry® Enterprise Server software is assigned the local administrator permission on the computer that you perform the installation process on.
  • Verify that the Windows account that you want to use to install the BlackBerry Enterprise Server software is not a member of the Domain Admins group in Microsoft® Active Directory®.
  • Retrieve the following information:
    • BlackBerry® CAL key
    • SRP host (in BlackBerry Enterprise Server version 5.0 and later, the format of the SRP host is different from earlier versions)
    • SRP identifier
    • SRP key
    • computer name and port number of the instant messaging server (use the virtual server name and port number where the AJAX Service is installed, if applicable)
    • computer name and port number of the proxy server (if applicable)
  • Add the blackberry.net domain to the permitted lists in the antivirus application or anti-spam application that the messaging server or gateway uses.
  • Verify that the computer has access to www.blackberry.com (optional).
  • If you are performing the installation on a computer that has more than one NIC, verify that the production NIC is first in the bind order in the Windows network settings.

More Here


Courtesy:http://blogs.technet.com/b/ronyyasmine/archive/2011/01/19/blackberry-enterprise-services-with-exchange-2010-sp1.aspx