manualshive.com logo in svg

Blackberry PRD-10459-003 - Enterprise Server For IBM Lotus Domino, Administration Manual, Page: 391 / 420

Share
Download
Blackberry PRD-10459-003 - Enterprise Server For IBM Lotus Domino Administration Manual Download Page 391

Troubleshooting: Using IBM Lotus Notes encryption

The BlackBerry device does not prompt the user for the Notes .id password

when it decrypts an IBM Lotus Notes encrypted message

After you configure the Notes Native Encryption Password Timeout IT policy rule to prevent the BlackBerry® device
from storing the user's Notes .id password, the BlackBerry device does not prompt the user for the Notes .id password
to decrypt messages that are encrypted using IBM® Lotus Notes® encryption.

Possible cause

You did not prevent the BlackBerry® Enterprise Server from storing the Notes .id password that it uses to decrypt
messages.

Possible solution

1. On the computer that hosts the BlackBerry Enterprise Server, on the Start menu, click Run.
2. Type regedit.
3. Click OK.
4. In the left pane, navigate to HKEY_LOCAL_MACHINE\Software\Research in Motion\BlackBerry Enterprise

Server.

5. Click Agents.
6. Create a DWORD value that you name SECMSGPasswordCacheTimeout.
7. Double-click SECMSGPasswordCacheTimeout.
8. In the Value Data field, type 0.
9. Click OK.

Troubleshooting: Setting up user accounts

You cannot create a user account in the BlackBerry Administration Service

Possible cause

Possible solution

The BlackBerry® Administration
Service is configured to use static
ports when it connects to the
BlackBerry Configuration Database
server, but the BlackBerry
Configuration Database server uses
a dynamic port.

Configure the BlackBerry Administration Service to use a dynamic port for
the BlackBerry Configuration Database.

1. On the computer that hosts the BlackBerry® Enterprise Server or

BlackBerry Enterprise Server components, on the taskbar, click Start >
Programs > BlackBerry Enterprise Server > BlackBerry Server
Configuration.

Administration Guide

Troubleshooting: Using IBM Lotus Notes encryption

389

Summary of Contents for PRD-10459-003 - Enterprise Server For IBM Lotus Domino

Page 1: ...BlackBerry Enterprise Server for IBM Lotus Domino Version 5 0 Service Pack 3 Administration Guide ...

Page 2: ...Published 2011 09 16 SWDT487521 1597421 0916011550 001 ...

Page 3: ...ation Service using a messaging server account 34 Assign a BlackBerry device to an administrator account 34 4 Using an IT policy to manage BlackBerry Enterprise Solution security 35 Using IT policy rules to manage BlackBerry Enterprise Solution security 35 Preconfigured IT policies 36 Default values for preconfigured IT policies 37 Creating and importing IT policies 40 Create an IT policy 40 Creat...

Page 4: ...e Policy 53 Extending messaging security to a BlackBerry device 53 Extending messaging security using PGP encryption 54 Extending messaging security using S MIME encryption 54 Extending messaging security using IBM Lotus Notes encryption 57 Enforcing secure messaging using classifications 58 Create a message classification 58 Create a message classification based on an existing message classificat...

Page 5: ...rver 73 Add a user account 73 Create a user account that is not in the contact list in the BlackBerry Configuration Database 74 Export a list of user accounts 75 Importing a list of user accounts to a BlackBerry Enterprise Server 75 8 Assigning BlackBerry devices to users 78 Preparing to distribute a BlackBerry device 78 Change how the BlackBerry Enterprise Server downloads a user s existing email...

Page 6: ...n Service and BlackBerry Collaboration Service to fail over automatically 97 Create a BlackBerry Collaboration Service pool for high availability 97 Create a BlackBerry Attachment Service pool for high availability 98 You cannot determine the BlackBerry Attachment Connector that the BlackBerry Enterprise Server or the BlackBerry MDS Connection Service uses 99 Create a BlackBerry Router pool for hi...

Page 7: ...ransactional replication 113 Prepare the database server that hosts the replicated BlackBerry Configuration Database and configure the subscription 113 Start the BlackBerry Enterprise Server instances 114 Reacting if the BlackBerry Configuration Database that you configured for transactional replication stops responding 114 Return to the BlackBerry Configuration Database when you configured transa...

Page 8: ...ion rules BlackBerry Device Software 142 Reconciliation rules Standard application settings 142 Reconciliation rules Application control policies 143 Reconciliation rules Application control policies for unlisted applications 144 13 Alternative methods for installing BlackBerry Java Applications on BlackBerry devices 145 Installing BlackBerry Java Applications on BlackBerry devices without using t...

Page 9: ...56 Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to content servers that use Kerberos 157 Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to content servers that use LTPA 157 Configuring the BlackBerry MDS Connection Service to authenticate devices to the RSA Authentication Manager 158 Configuring how the BlackBerry MDS Connec...

Page 10: ...ssage filters 176 Create an email message filter that applies to all user accounts on a BlackBerry Enterprise Server 176 Turn on an email message filter that applies to all user accounts on a BlackBerry Enterprise Server 177 Create an email message filter that applies to a specific user account 177 Turn on an email message filter that applies to a specific user account 178 Copying existing email m...

Page 11: ...ient files for the BlackBerry Web Desktop Manager in a Windows GPO for Windows Vista 192 Configure the Microsoft ActiveX Installer on Windows Vista 193 Configure users computers to install the client file for the BlackBerry Web Desktop Manager automatically 193 Make the BlackBerry Web Desktop Manager available to users 195 18 Configuring the BlackBerry Web Desktop Manager 196 Permit users to activ...

Page 12: ...Configure LEAP authentication data for BlackBerry devices using a Wi Fi profile 212 Configuring PEAP authentication 213 Configure PEAP authentication data for BlackBerry devices using a Wi Fi profile 213 Prerequisites Distributing a certificate using the BlackBerry Desktop Manager 214 Distribute a certificate using the BlackBerry Desktop Manager 214 Configure PEAP configuration settings in the Wi ...

Page 13: ... authentication 229 Turn on single sign on authentication for the BlackBerry Administration Service 230 BlackBerry Administration Service web addresses and BlackBerry Web Desktop Manager web addresses that support BlackBerry Administration Service single sign on 230 Changing password settings for BlackBerry Administration Service authentication 231 Change password settings for BlackBerry Administr...

Page 14: ...Change how IT policies are sent to BlackBerry devices 248 Change how to install update or remove BlackBerry Java Applications 249 Change how to install or update the BlackBerry Device Software 250 Change how the BlackBerry Enterprise Server sends standard application settings to BlackBerry devices 251 Managing the distribution settings for a specific job 252 Specify the start time and priority for...

Page 15: ...y MDS Connection Service when the messaging server is located in a remote Microsoft Active Directory domain 269 Turn on Integrated Windows authentication so that users can access resources on your organization s network 270 Restricting the push application content that users can receive 271 Restrict push applications from sending data to BlackBerry devices 271 Create push initiators for push appli...

Page 16: ...cific user account 281 Specify the location of organizer data 282 Specify the location that the BlackBerry Messaging Agent uses to find organizer data 282 29 Managing your organization s messaging environment and attachment support 283 Managing message forwarding 283 Forward email messages to a BlackBerry device when no filter rules apply 283 Do not deliver email messages to a BlackBerry device wh...

Page 17: ...tact databases a user can access from the BlackBerry device 295 Configuring access to documents on remote file systems 295 Configure the BlackBerry MDS Connection Service to communicate with a remote file system 296 Add communication information to a BlackBerry MDS Connection Service configuration set 297 Assign a BlackBerry MDS Connection Service configuration set to a BlackBerry MDS Connection S...

Page 18: ...rors on devices 314 Configuration levels using the BlackBerry Enterprise Trait Tool 314 Turn on corrective calendar synchronization 314 View the current settings for corrective calendar synchronization 315 Permit corrective calendar synchronization to correct errors automatically 316 Configure the range of days to check for calendar synchronization errors 316 Configure when corrective calendar syn...

Page 19: ...L key to a text file 339 Configuring the BlackBerry Mail Store Service instance that updates the contact list 340 How the BlackBerry Mail Store Service instances update multiple contact lists 340 Configure the BlackBerry Mail Store Service instance that updates the contact list 340 Configure how users search for email addresses in a Hosted BlackBerry services environment 341 Configuring BlackBerry...

Page 20: ...tion Service connection types and port numbers 367 BlackBerry Attachment Service connection types and port numbers 369 BlackBerry Collaboration Service connection types and port numbers 370 BlackBerry Configuration Database connection types and port numbers 371 BlackBerry Controller connection types and port numbers 372 BlackBerry Dispatcher connection types and port numbers 373 BlackBerry Messagi...

Page 21: ...Instant messaging 391 Users cannot view phone numbers for contacts in the BlackBerry Client for IBM Lotus Sametime 391 A user did not accept a notification about an instant message on a computer and the notification disappeared 392 A user receives a 301 error when the user logs in to an instant messaging application on a BlackBerry device 393 Troubleshooting BlackBerry Web Desktop Manager 394 Trou...

Page 22: ...38 Provide feedback 415 39 Legal notice 416 ...

Page 23: ...ing the BlackBerry instant messaging client You can use the BlackBerry Monitoring Service to monitor and troubleshoot issues with BlackBerry Enterprise Server instances and monitor the activity of device users You can configure the BlackBerryEnterpriseServerandtheBlackBerryEnterpriseServercomponentstosupporthighavailabilitytoenhance the consistency and reliability of your organization s environmen...

Page 24: ...cessary change existing IT policies or create new IT policies Configuring security options Section Using an IT policy to manage BlackBerry Enterprise Solution security Add user accounts to the BlackBerry Enterprise Server Configuring user accounts Section Adding a user account to the BlackBerry Enterprise Server Create groups Configuring user accounts Section Creating groups Add user accounts to g...

Page 25: ...olicies Section Application control policies for unlisted applications Create software configurations for BlackBerry Java Applications Sending software and BlackBerry Java Applications to BlackBerry devices Section Creating software configurations Assign software configurations for BlackBerry Java Applications to groups multiple user accounts or individual user accounts Sending software and BlackB...

Page 26: ...ponents and for the BlackBerry Configuration Database Configuring BlackBerry Enterprise Server high availability Configuring BlackBerry Configuration Database high availability Use the BlackBerry Monitoring Service to troubleshoot issues and monitor the health of a BlackBerry Enterprise Server Visit www blackberry com go serverdocs to see the BlackBerry Enterprise Server Monitoring Guide Change ho...

Page 27: ...04 error message when it tries to connect to a BlackBerry Administration Service instance 387 There is a problem with this website s security certificate Description The browser displays this error message when you try to navigate to the BlackBerry Administration Service or BlackBerry Monitoring Service using Windows Internet Explorer version 7 or later Possible solution Add the web address for th...

Page 28: ...ick Trusted Root Certification Authorities d Click OK 13 Close and reopen the browser This connection is untrusted Description The browser displays this error message when you try to navigate to the BlackBerry Administration Service or BlackBerry Monitoring Service using Mozilla Firefox 3 6 Possible solution Install the certificate for the BlackBerry Administration Service or BlackBerry Monitoring...

Page 29: ...is assigned all the permissions that are turned on for each of the roles Youcanalsoassignrolestogroupsandaddadministratoraccountstogroups Thisallowsyoutospecifyadministrative role permissions at a group level instead of at an individual level If the group contains BlackBerry device users the roles are also assigned to the users and the users become administrators Preconfigured administrative roles...

Page 30: ...IT policy X X X View an IT policy X X X X X Edit an IT policy X X X Import an IT policy X X X Export an IT policy X X X Create a user defined IT policy template X X X Delete a user defined IT policy template X X X Edit a user defined IT policy template X X X Import an IT policy template X X X Resend data to devices X X X Create a software configuration X X X View a software configuration X X X X X...

Page 31: ...o a user X X X X X Turn off and on external services X X X X Clear activation password X X X X X Clear synchronization backup data X X X X Clear user statistics X X X X X Export statistics X X X Reset user field mapping X X X X Turn on redirection X X X X Turn off redirection X X X X Refresh available user list from company directory X X X Add User from Company Directory X X X X Synchronize GroupW...

Page 32: ...y X X X View job distribution settings X X X Edit job distribution settings X X X Delete an instance X X X Edit license keys X X X View license keys X X X Manually fail a job X X X Clear instance statistics X X X View push rules for the BlackBerry MDS Connection Service X X X X X X View pull rules for the BlackBerry MDS Connection Service X X X X X Send message across Group X X X X X Create a role...

Page 33: ...formation in the BlackBerry Administration Service BlackBerry Monitoring Service and BlackBerry Web Desktop Manager For example you can create a role that has all permissions turned off by default and you can customize the role by turning on specific permissions You can also create a role that is based on a preconfigured role and customize the role that you create Create a role You can create a ro...

Page 34: ...ll After you finish Assign the role to an administrator account or group Create an administrator account You create an account for administrators to enable them to log in to the BlackBerry Administration Service and manage the BlackBerry Enterprise Server You create an administrator account and assign the account to one or more administrator roles The roles control the actions that an administrato...

Page 35: ...rs 3 Search for an administrator account 4 In the search results click the display name for the administrator account 5 Click Edit user 6 On the Groups tab in the Available groups list click the group that you want to add the administrator account to 7 Click Add 8 Click Save all Related topics Create a group to manage similar user accounts 72 SpecifyanemailaddressfortheBlackBerryAdministration Ser...

Page 36: ... Click the Update icon 10 Click Save all Assign a BlackBerry device to an administrator account You can assign a BlackBerry device to an administrator without creating a separate user account 1 In the BlackBerry Administration Service on the BlackBerry solution management menu expand User 2 Click Manage users 3 Search for an administrator account 4 Click the display name for the administrator acco...

Page 37: ...account or group the BlackBerry Enterprise Server sends the Default IT policy If you delete an IT policy that you assigned to the user account or group the BlackBerry Enterprise Server automatically re assigns the Default IT policy to the user account and resends the Default IT policy to the device For more information see the BlackBerry Enterprise Server Policy Reference Guide Using IT policy rul...

Page 38: ...erscanusetounlocktheirdevices Usersmustchangethepasswords regularly The IT policy includes a password timeout that locks devices Medium Password Security Similar to the Default IT policy this policy also requires a complex password thatuserscanusetounlocktheirdevices Usersmustchangethepasswords regularly This policy includes a maximum password history and turns off Bluetooth technology on devices ...

Page 39: ...policy Advanced Security IT policy Advanced Security with No 3rd Party Application s IT policy Device Only Items Enable Long Term Timeout Yes Yes Yes Yes Maximum Security Timeout 30 minutes 10 minutes 10 minutes 10 minutes 10 minutes Maximum Password Age 60 days 30 days 30 days 30 days 30 days Password Pattern Checks no restriction no restriction at least 1 alpha and 1 numeric character at least 1...

Page 40: ...Applications Yes Yes Security policy group Allow Outgoing Call When Locked No Yes Content Protection Strength Strong Strong Disable Cut Copy Paste No No Disable Forwarding Between Services No Yes Disable USB Mass Storage No Yes Yes Disallow Third Party Application Download No Yes Yes External File System Encryption level Not required Encrypt to user password excluding multimedia directories Encryp...

Page 41: ... Yes Service Exclusivity policy group Allow Other Calendar Services Yes Yes Allow Other Message Services Yes Yes Bluetooth policy group Disable Address Book Transfer No Yes Yes Disable Discoverable Mode No Yes Yes Yes Yes Disable File Transfer No Yes Yes Disable Serial Port Profile No Yes Yes Require LED Connection Indicator No Yes Yes Wi Fi policy group Wi Fi Allow Handheld Changes Yes No No No N...

Page 42: ...T policies 3 In the list of IT policies click the IT policy that you want to copy 4 Click Copy IT policy 5 Type a name and description for the new IT policy 6 Click Save 7 To change the IT policy settings perform the following actions a In the IT policy information section click the IT policy b Click Edit IT policy c On a tab for an IT policy group change the appropriate values for the IT policy r...

Page 43: ...u expand Policy 3 Click Manage IT policy rules 4 Click Import IT policy definitions 5 Navigate to and select the XML file that contains the IT policy rules for example ITPolicyTemplate082409 xml 6 Click Save Change the value for an IT policy rule 1 In the BlackBerry Administration Service on the BlackBerry solution management menu expand Policy 2 Click Manage IT policies 3 In the IT policy informa...

Page 44: ...y When the device receives an updated IT policy or a new IT policy the device BlackBerry Desktop Software and BlackBerry Web Desktop Manager apply the configuration changes immediately By default the BlackBerry Enterprise Server is designed to resend an IT policy to the device within a short period of time after you update the IT policy using the BlackBerry Administration Service You can also rese...

Page 45: ...Enterprise Server must determine which IT policy to apply to the user account You must use one of the following reconciliation options Method Description Apply one IT policy to the user account The BlackBerry Enterprise Server applies one of the group IT policies to the user account You specify rankings for the available IT policies using the BlackBerry Administration Service and the BlackBerry En...

Page 46: ...e uses predefined rules to determine which IT policy it can apply to a user account The BlackBerry Administration Service might have to reconcile conflicting IT policies if you perform any of the following actions add an IT policy to or remove an IT policy from a user account or group change an IT policy change the ranking of IT policies delete an IT policy Scenario Rule You add a new user account...

Page 47: ...IT policies 1 In the BlackBerry Administration Service on the BlackBerry solution management menu expand Policy 2 Click Manage IT policies 3 Click Set priority of IT policies 4 To move the IT policies higher or lower in the list click the up arrow icon or down arrow icon 5 Click Save Option 2 Applying multiple IT policies to each user account You can configure the BlackBerry Enterprise Server to a...

Page 48: ...ssign to a group takes precedence over the Default IT policy applied at the BlackBerry Domain level A user account belongs to multiple groups You assign multiple IT policies to the groups but you do not assign an IT policy to the user account If you assign multiple IT policies to the groups that the user account belongs to the BlackBerry Enterprise Server resolves the IT policy rule settings in th...

Page 49: ...k Switch method to resolve multiple IT policies 4 Click Yes Switch the method Related topics Option 1 Applying one IT policy to each user account 44 Option 2 Applying multiple IT policies to each user account 45 Rank IT policies You must rank the IT policies that you create so that the BlackBerry Enterprise Server can resolve IT policy conflicts when a user account is a member of multiple groups t...

Page 50: ...ied To prevent BlackBerry devices that do not have IT policies applied to them from remaining active on a BlackBerry Enterprise Server you can change the Disable users with unapplied IT policy option to True The Disable user time limit hours option specifies the amount of time that BlackBerry devices can be active on a BlackBerry Enterprise Server without having an IT policy applied to the BlackBe...

Page 51: ...rules to control device applications and features Create an IT policy rule for a third party application 1 In the BlackBerry Administration Service on the BlackBerry solution management menu expand Policy 2 Click Create an IT policy rule 3 Type a name and description for the IT policy rule 4 In the Type drop down list click the type of value that the IT policy rule uses 5 In the Destination drop d...

Page 52: ... encryption password field type a password so that the BlackBerry Enterprise Server can encrypt the IT policy data file 5 Click Export 6 Click Download file 7 Click Save 8 Browse to a location on a local or network drive where you want to save the data file 9 Click Save 10 Click Close Delete an IT policy 1 In the BlackBerry Administration Service on the BlackBerry solution management menu expand P...

Page 53: ...se Server uses the strongest algorithm that both the BlackBerry Enterprise Server and the BlackBerry device support for BlackBerry transport layer encryption If you configure the BlackBerry Enterprise Serverto support AES and Triple DES by default the BlackBerry Enterprise Solution generates device transport keys using AES encryption If a BlackBerry device uses BlackBerry Device Software version 3...

Page 54: ...a specific device PINs range of device PINs specific manufacturers specific device models The BlackBerry Administration Service includes lists of permitted manufacturers and models of devices that you associated with the BlackBerry Enterprise Server previously You can permit a user to override the Enterprise Service Policy so that a device can connect to the BlackBerry Enterprise Server even if yo...

Page 55: ...ew allowed PINs field type the PIN for the BlackBerry device Click the Add icon 6 To remove a BlackBerry device from the list on the Remove existing allowed PINs tab search for the PIN for the BlackBerry device In the search results select the PIN for the BlackBerry device 7 Click Save All Permit a user to override the Enterprise Service Policy Before you begin Turn on the Enterprise Service Polic...

Page 56: ...ones is designed to support encoding and decoding Unicode messagesandpermitsPGPencryptionusingkeysorpasswords ThePGPSupportPackageforBlackBerrysmartphones permits the BlackBerry device to encrypt PGP protected email messages or PGP protected PIN messages using a password that the sender and recipient both know For more information about the OpenPGP format see RFC 2440 For more information about th...

Page 57: ...ich the sender and recipient each know to encrypt S MIME protected email messages or PIN messages ability to read S MIME certificates that are stored on a smart card Configure the BlackBerry Enterprise Solution to support S MIME encryption 1 Configure encryption options for S MIME protected messages on the BlackBerry Enterprise Server 2 If required configure message classifications for email messa...

Page 58: ...n the Use PKCS 7 MIME type drop down list click True 5 Click Save all 6 To make sure that the changes take effect immediately perform the following actions to restart the BlackBerry Messaging Agent a On the Servers and components menu expand BlackBerry Solution topology BlackBerry Domain Component view BlackBerry Enterprise Server b Click the BlackBerry Enterprise Server instance that includes the...

Page 59: ...ult To require the BlackBerry device user to use Lotus Notes encryption when forwarding or replying to messages you can configure the Require Notes Native Encryption For Outgoing Messages IT policy rule To prevent a BlackBerry device user from forwarding or replying to Lotus Notes protected messages you can configure the Disable Notes Native Encryption Forward And Reply IT policy rule Configure Bl...

Page 60: ...e email messages determines the type of S MIME message protection or PGP message protection that applies to the email messages If a user does not select a message classification by default the BlackBerry device applies the first classification in the message classification list on the BlackBerry device You can change the order that the BlackBerry device lists the classifications in The message pro...

Page 61: ... Edit IT policy 5 On the Security tab at the bottom of the screen click the Copy icon beside the message classification that you want to copy 6 In the Message classification display name field type a name for the message classification that you copied 7 If necessary change the subject suffix that you want to append in parentheses to the email message subject 8 If necessary click the minimum action...

Page 62: ...llowing actions can only encrypt PIN messages sent to other devices on your organization s network that use the same PIN encryption key can only decrypt PIN messages that are sent from devices that use the global PIN encryption key or PIN messages from other devices on your organization s network that use the same PIN encryption key cannot decrypt PIN messages sent from devices that use a PIN encr...

Page 63: ...rite data in the BlackBerry device memory that the BlackBerry device no longer uses The BlackBerry device runs the garbage collection process when any of the following conditions exist You or a BlackBerry device user turns on content protection for the BlackBerry device An application uses the RIM Cryptographic API to create a private key or symmetric key A third party application turns on the gar...

Page 64: ...the S MIME Support Packagefor BlackBerry smartphones on the BlackBerry device and a private key exists on the BlackBerry device The BlackBerry device user installs the PGP Support Package for BlackBerry smartphones on the BlackBerry device and a private key exists on the BlackBerry device If you or the BlackBerry device user turns on the memory cleaner application Java based garbage collection pro...

Page 65: ...rver documentation specifies that you can Run the BlackBerry Configuration Panel as an administrator Consider the following guidelines if you are running the BlackBerry Configuration Panel on Windows Server 2008 Log in to the computer with a user account that is in the Administrator group on the Windows Server Right click the BlackBerry Configuration Panel icon and click Run as administrator Use W...

Page 66: ...onnection Service and the BlackBerry Collaboration Service to use a pac file The BlackBerry Enterprise Server components support only one pac file 1 In the BlackBerry Administration Service in the Servers and components menu expand BlackBerry Solution topology BlackBerry Domain Component view 2 Expand the appropriate BlackBerry Enterprise Server component 3 Click the instance that you want to chan...

Page 67: ...owing actions To configure a proxy server click PROXY In the Proxy string field type the proxy server name and port number using the following format proxy_server port To exclude the web address from routing through the proxy server click DIRECT 7 Click the Add icon for the proxy item If you add more than one proxy item use the Up and Down icons to set the priority for the proxy items 8 Click the ...

Page 68: ...k Shell Utility netsh exe with Windows Server 2008 Windows Internet Explorer To automatically select a proxy server you can use one of the following methods enable the Web Proxy Autodiscovery Protocol using the BlackBerry Enterprise Trait Tool specify a URL for a PAC file using Windows Internet Explorer Configuring manual proxy selection for a BlackBerry Administration Service instance Depending o...

Page 69: ...roxy server in the HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Internet Settings registry key Configure the BlackBerry Administration Service to use the Web Proxy Autodiscovery Protocol to select a proxy server automatically If you want to configure the BlackBerry Administration Service to use the Web Proxy Autodiscovery Protocol to selectaproxyserverautomatically youmustusetheBlac...

Page 70: ...ernet Explorer 3 Click Tools Internet Options 4 On the Connections tab click LAN settings 5 Select Use automatic configuration script 6 In the Address field type the URL for the PAC file 7 Click OK 8 Click OK Configuring the BlackBerry Administration Service to authenticate with a proxy server If your organization s proxy server requires authentication you must configure the BlackBerry Administrat...

Page 71: ...istration Service instance uses a Type traittool BASServer name trait BASProxyBasicAuthUID set user_name where name is the host name of the computer that hosts the BlackBerry Administration Service instance and user_name is the user name for example user01 blackberry com or blackberry com user01 for that computer b Type traittool BASServer name trait BASProxyBasicAuthPassword set password where na...

Page 72: ...You can configure multiple BlackBerry Enterprise Server instances to use the same central push server to transfer application data to and from BlackBerry devices and to manage HTTP requests from the BlackBerry Browser Before you begin Specify a BlackBerry MDS Connection Service as a central push server 1 In the BlackBerry Administration Service on the Servers and components menu expand BlackBerry ...

Page 73: ... expand BlackBerry Solution topology BlackBerry Domain Component view Collaboration 2 Click the instance that you want to change 3 Click Edit instance 4 On the Supported Dispatcher instances tab in the Available Dispatcher instances list click the BlackBerry Enterprise Server instance that you want to use the BlackBerry Collaboration Service 5 Click Add 6 Repeat steps 4 and 5 for each BlackBerry E...

Page 74: ...rry Administration Service on the BlackBerry solution management menu expand Group 2 Click Create a group 3 In the Group information section type a name and description for the group 4 Click Save After you finish Add properties to the group Add user accounts to the group Related topics Change the properties of a group 243 Add user accounts to a group 72 Add user accounts to a group You can add use...

Page 75: ...nvironment the server that you add the user account from require a replica of the primary IBM Lotus Domino Directory Related topics Assigning BlackBerry devices to users 78 Add a user account You can add a user account to the BlackBerry Enterprise Server assign a BlackBerry device to a user account and activate the BlackBerry device The user account must exist on your organization s messaging serv...

Page 76: ...ice did not yet synchronize the contact information for the user account to the BlackBerry Configuration Database If the BlackBerry Mail Store Service did not synchronize the contact information and you create a user account the BlackBerry Administration Service does not display the user account in the search results 1 In the BlackBerry Administration Service on the BlackBerry solution management ...

Page 77: ...r accounts on a BlackBerry Enterprise Server The csv file can include the following information user accounts that you want to create names of the groups you want to add the user accounts to activation passwords and expiry times that you want to assign to the user accounts The BlackBerry Administration Serviceprocesses actions in the order that they appear in the csv file If the BlackBerry Adminis...

Page 78: ...the values must be provided on every line of the csv file If the field is set to generate the password is automatically generated by the BlackBerry Administration Service and the final two fields of each csv line must be empty The activation password will expire if the user does not activate the BlackBerry device on the BlackBerry Enterprise Server before the password timeout elapses The default v...

Page 79: ... 5 Navigate to the csv file that contains the user accounts that you want to import 6 Click Next 7 Perform the appropriate actions for the user accounts Create multiple user accounts by importing the user accounts from a csv file You can import a list of user accounts from a csv file and add them to a BlackBerry Enterprise Server The user accounts must exist on your organizations messaging server ...

Page 80: ...rver can synchronize up to 3000 messages from the previous 30 days 1 In the BlackBerry Administration Service on the Servers and components menu expand BlackBerry Solution topology BlackBerry Domain Component view Email 2 Click the instance that you want to change 3 Click Edit instance 4 On the Messaging tab in the Message prepopulation settings section perform the following actions To specify the...

Page 81: ...iving replacement BlackBerry devices can activate the BlackBerry devices by connecting the BlackBerry devices to a computer that hosts the BlackBerry Web Desktop Manager over your organization s Wi Fi network You can activate Wi Fi enabled BlackBerry devices over your organization s Wi Fi network If you add a user account that was previously located on another BlackBerry Enterprise Server in a dif...

Page 82: ...ck Save all Wireless activation The wireless activation process activates BlackBerry devices on the BlackBerry Enterprise Server over the wireless network Neither you nor the users are required to connect the BlackBerry devices to a computer to complete the activation process You can use wireless activation process to activate a large number of BlackBerry devices over the wireless network When use...

Page 83: ...he BlackBerry device on the BlackBerry Enterprise Server a potentially malicioususerwhocanaccesstheactivationpasswordcanconnectanother BlackBerry device to the BlackBerry Enterprise Server and assume the identity of the intended user When a user activates a BlackBerry device on the BlackBerry Enterprise Server the activation password becomes inactive and a potentially malicious user cannot reuse i...

Page 84: ... make sure that the activation message that users receive on their computers conforms to your organization s messaging policies you can customize the default activation message 1 In the BlackBerry Administration Service on the Devices menu expand Wireless activations 2 Click Device activation settings 3 Click Edit activation settings 4 In the Email initialization message section perform the follow...

Page 85: ... BlackBerry Desktop Manager is associated with During the activation process the BlackBerry Desktop Manager prompts users to associate the BlackBerry devices with their work email accounts and generate encryption keys When users complete the activation process the BlackBerry Enterprise Serversends email messages and organizer data to the BlackBerry devices through the BlackBerry Router If a connec...

Page 86: ... one or more BlackBerry Router instances in the chain can act as a gateway for other network traffic For more information about Wi Fi enabled BlackBerry devices see the BlackBerry Enterprise Server Feature and Technical Overview Prerequisites Configuring a BlackBerry Router for BlackBerry device activations over the enterprise Wi Fi network On the computer that you installed the BlackBerry Router ...

Page 87: ...and port Type the server name and the server port number for the SMTP server 5 If the SMTP server requires authentication specify the SMTP login name and SMTP password 6 In the From address for ETP messages field type the email address that you want to use as the From address The ETP message is the email message that the BlackBerry Router sends to the users mailboxes during the activation process ...

Page 88: ...ss View activations page search for the user account Confirm that the activation is successful Related topics Restarting BlackBerry Enterprise Server components 327 Troubleshooting Connections to the Wi Fi network 394 Administration Guide Assigning BlackBerry devices to user accounts 86 ...

Page 89: ...Berry Administration Service might not display up to date information about the availability state The failover status specifies whether the BlackBerry Enterprise Server instance is a primary instance or standby instanceandwhethertheBlackBerryEnterpriseServerinstanceisrunningasexpected The BlackBerryAdministration Servicereceivesthisinformation inrealtime from the BlackBerry EnterpriseServerinstan...

Page 90: ...rise Server is in an acceptable state you can move the promotion threshold so that it is higher than the failover threshold An acceptable state provides only the BlackBerry services that your organization considers essential For failover to occur only when the standby BlackBerry Enterprise Server is in a healthier state than the primary BlackBerry Enterprise Server you can move the promotion thres...

Page 91: ...ary BlackBerry Enterprise Server cannot connect to the messaging server and the standby BlackBerry Enterprise Server cannot browse the Internet the standby BlackBerry Enterprise Server cannot promote itself because it is not sufficiently healthy Configuring failover to occur when the standby BlackBerry Enterprise Server is in a healther state than the active BlackBerry Enterprise Server If you mov...

Page 92: ... health parameters and thresholds click the Up and Down icons 5 Click Save Health parameters for the failover threshold and promotion threshold Health parameter Description Wireless network access This health parameter indicates whether the BlackBerry Router can access the wireless network You cannot configure the failover threshold or promotion threshold so that they are above this health paramet...

Page 93: ... BlackBerry Enterprise Server components can connect to the BlackBerry Configuration Database Push application access This health parameter indicates whether the BlackBerry MDS Connection Service can push application data to BlackBerry devices BlackBerry Collaboration Service This health parameter indicates whether the BlackBerry Collaboration Service can provide services for the collaboration cli...

Page 94: ... parameters at a BlackBerry Domain level and for a BlackBerry Enterprise Serverpair the percentage of the health parameters for the BlackBerry Enterprise Server pair overrides the percentage of the health parameters at the BlackBerry Domain level Change when automatic failover occurs by customizing the health parameters for user accounts and messaging servers Beforeyoubegin If youwantto changethep...

Page 95: ...ou can type traittool exe global trait ServerHealthPercentage set 60 Prerequisites Configuring the BlackBerry Enterprise Server pair to fail over automatically Install a primary BlackBerry Enterprise Server Replicate the state databases and the profile database from the primary BlackBerry Enterprise Server to the standby BlackBerry Enterprise Server For more information about replicating databases...

Page 96: ...utomatic failover event and notify you when an automatic failover event occurs Whenanautomaticfailovereventoccurs theprimaryBlackBerryEnterpriseServerandstandbyBlackBerryEnterprise Server write the time and reason at logging level 5 Verbose in the log files for the BlackBerry Dispatcher BlackBerry Controller and BlackBerry Messaging Agent The BlackBerry Controller and BlackBerry Dispatcher instanc...

Page 97: ...ist choose the standby BlackBerry Enterprise Server instance 5 Click Yes Failover to standby instance 6 Verify that the failover event occured Fail over the BlackBerry Enterprise Server manually using the BlackBerry Configuration Panel You can use the BlackBerry Configuration Panel to force the primary BlackBerry Enterprise Server to perform a failover process if it is not running as expected or i...

Page 98: ...Berry Enterprise Server Planning Guide Create a BlackBerry MDS Connection Service pool for high availability 1 In the BlackBerry Administration Service on the Servers and components menu expand BlackBerry Solution topology BlackBerry Domain Component view BlackBerry Enterprise Server 2 If you configured BlackBerry Enterprise Server pairs expand the pair name 3 Click the name of the BlackBerry Ente...

Page 99: ... off automatic connections failover Related topics Fail over the BlackBerry MDS Connection Service or BlackBerry Collaboration Service manually 103 Create a BlackBerry Collaboration Service pool for high availability To configure BlackBerry Collaboration Service high availability you can create a BlackBerry Collaboration Service pool for each BlackBerry Enterprise Server by associating multiple Bl...

Page 100: ...nt Service instances with each BlackBerry Enterprise Server Within each pool you can create primary and secondary groups For more information see the BlackBerry Enterprise Server Planning Guide 1 In the BlackBerry Administration Service on the Servers and components menu expand BlackBerry Solution topology BlackBerry Domain Component view Attachment Connector 2 Click the BlackBerry Attachment Conn...

Page 101: ...ackBerry Attachment Service The other instance connects the BlackBerry MDS Connection Service to the BlackBerry Attachment Service During the installation process the setup application gives both BlackBerry Attachment Connector instances a name that includes the computer name for example computer_name _AC The BlackBerry Administration Service displays the names of both the BlackBerry Attachment Co...

Page 102: ...ackBerry Enterprise Server Planning Guide 1 In the BlackBerry Administration Service on the Servers and components menu click BlackBerry Solution topology BlackBerry Domain Component view BlackBerry Enterprise Server 2 Click the name of the BlackBerry Enterprise Serveror the name of the BlackBerry Enterprise Serverpair that you want to assign the BlackBerry Router pool to 3 Click Edit instance 4 I...

Page 103: ...mber 80 By default the port number is 3101 7 In the Windows Services restart the BlackBerry Router service Creating a BlackBerry Administration Service pool using DNS round robin that includes the BlackBerry Web Desktop Manager When you install the BlackBerry Administration Service BlackBerry Web Desktop Manager or both the setup application installs the BlackBerry Administration Service services ...

Page 104: ...th each other If the BlackBerry Administration Service instances are located in different network subnets and your organization s network configuration does not permit multicast UDP across the network subnets you must configure the BlackBerry Administration Service instances to use TCP to communicate with each other For example if your organization uses a UDP peer to peer firewall filter you must ...

Page 105: ...nize button 4 Click OK 5 On the computer that hosts a BlackBerry Administration Service instance in the Windows Services restart the BlackBerry Administration Service services 6 If the BlackBerry Administration Service instance uses a self signed certificate on the computers that host the other BlackBerry Administration Service instances in the Windows Services restart the BlackBerry Administratio...

Page 106: ...y Monitoring the high availability status or job deployment status using the BlackBerry Administration Service When you navigate to a BlackBerry Administration Service page that displays the high availability status or job deployment status the BlackBerry Administration Service displays the high availability status of the BlackBerry Enterprise Server BlackBerry Collaboration Service or BlackBerry ...

Page 107: ...instance 5 On the Supported MDS Connection Service instances tab remove the BlackBerry MDS Connection Service instance from the list of current instances 6 Click Save all Remove a BlackBerry Collaboration Service instance from a pool You can remove a BlackBerry Collaboration Service instance from a pool if your organization no longer requires it or to troubleshoot an issue 1 In the BlackBerry Admi...

Page 108: ..._AC_EMAIL_13 3 Click Edit instance 4 Click the Supported Attachment Server Instances tab 5 Click the Delete icon for the BlackBerry Attachment Service instance that you want to remove 6 Click Save all Remove a BlackBerry Router instance from a pool You can remove a BlackBerry Router instance from a pool if it is no longer required or to troubleshoot an issue 1 In the BlackBerry Administration Serv...

Page 109: ...database server Configure the database servers to permit access from remote computers Verify that the Microsoft SQL Server Agent uses a domain user account with the local administrative permissions set to the same permissions as the Windows account that runs the BlackBerry Enterprise Server services Verify that the domain user account has permissons on both database servers so that each Microsoft ...

Page 110: ...on Service BlackBerry Dispatcher BlackBerry Attachment Service BlackBerry Controller all of the remaining BlackBerry Enterprise Server services that connect to the BlackBerry Configuration Database 2 Repeat step 1 for each BlackBerry Enterprise Server component that connects to the BlackBerry Configuration Database Configure database mirroring for the BlackBerry Configuration Database For more inf...

Page 111: ...BlackBerry Enterprise Server services 2 Repeat step 1 for each BlackBerry Enterprise Server component that connects to the BlackBerry Configuration Database Related topics Restarting BlackBerry Enterprise Server components 327 Configure the BlackBerry Enterprise Solution to support database mirroring When you configure the BlackBerry Enterprise Solution to support database mirroring the BlackBerry...

Page 112: ...e mirroring parameters to the components When you resend the database mirroring parameters the BlackBerry Administration Service adds a registry key to the computers that host the components The registry key includes the name of the Microsoft SQL Server that hosts the mirror database CAUTION If you resend the database mirroring parameters more than once but you do not restart the BlackBerry Enterp...

Page 113: ...onent that connects to the BlackBerry Configuration Database Create the replicated BlackBerry Configuration Database from a backup Before you begin Back up the BlackBerry Configuration Database with the Backup type option set to Full 1 CopythebackupfilefromthedatabaseserverthathoststheBlackBerry ConfigurationDatabasetothedatabase server that will host the replicated BlackBerry Configuration Databa...

Page 114: ... field type the network location of the snapshot folder Click Next 6 In the list of databases select the BlackBerry Configuration Database name Click Next 7 Click Transactional publication Click Next 8 In the Objects to publish list select Tables Stored Procedures Views and User Defined Functions 9 If you installed the BlackBerry database notification system on the computer expand Tables and clear...

Page 115: ...ver that hosts the replicated BlackBerry Configuration Database 3 Click Replication 4 Right click Local Subscriptions Click New Subscription 5 Inthelistofpublishers selectthenameofthedatabaseserverthathoststheBlackBerryConfigurationDatabase 6 In the list of databases and publications select the publication for the BlackBerry Configuration Database Click Next 7 Select Run each agent at its Subscrib...

Page 116: ...s 327 ReactingiftheBlackBerryConfigurationDatabasethatyou configured for transactional replication stops responding If a BlackBerry Configuration Database that you configured for one way transactional replication stops responding you must configure all BlackBerry Enterprise Server instances and BlackBerry Enterprise Server components that connect to the BlackBerry Configuration Database to connect...

Page 117: ...nfiguration Database 4 Run the setup application to permit each BlackBerry Enterprise Serverinstance and BlackBerry Enterprise Server component to connect to the BlackBerry Configuration Database Configuring a new mirror BlackBerry Configuration Database If the principal BlackBerry Configuration Databasestops responding and the BlackBerry Enterprise Serverfails over automatically to the mirror Bla...

Page 118: ...ntrol policies If you permit users to install unlisted applications you must create an application control policy for unlisted applications that specifies what resources the applications can access When you assign a software configuration to a group or individual user accounts the BlackBerry Administration ServicecreatesadeploymentjobtoinstalltheBlackBerryDeviceSoftwareand BlackBerryJavaApplicatio...

Page 119: ...x file that contains information about the application If a directory structure is described in the alx file that directory structure must be represented in the zip file For more information about creating BlackBerry Java Applications and alx files visit www blackberry com developers to see the BlackBerry Java Development Environment Development Guide Before you distribute BlackBerry Java Applicat...

Page 120: ...rprise Server instances must have access to the shared network folder 1 In the BlackBerry Administration Service on the Servers and components menu expand BlackBerry Solution topology BlackBerry Domain Component view 2 Click BlackBerry Administration Service 3 Click Edit component 4 In the Software management section in the BlackBerry Administration Service application shared network drive field t...

Page 121: ...ublish application Specify keywords for a BlackBerry Java Application You can specify keywords for a BlackBerry Java Application You can use the keywords to search for the application in the application repository 1 In the BlackBerry Administration Service on the BlackBerry solution management menu expand Software Applications 2 Click Manage applications 3 Search for an application 4 In the search...

Page 122: ...ttings make the BlackBerry Java Application optional on the BlackBerry device Users can install and run the BlackBerry Java Application on their BlackBerry devices Standard Disallowed When you apply the application control policy to a BlackBerry Java Application rule settings prevent users from installing the BlackBerry Java Application on BlackBerry devices Users cannot install and run the BlackB...

Page 123: ...s to a user account 1 In the BlackBerry Administration Service on the BlackBerry solution management menu expand Software Applications 2 Click Manage applications 3 Search for a BlackBerry Java Application 4 In the search results click a BlackBerry Java Application 5 In the Application versions section click the version of the application that you want to create a custom application control policy...

Page 124: ... and assign it to user accounts so that you can send BlackBerry Device Software BlackBerry Java Applications and standard application settings to BlackBerry devices you must configure whether the software configuration permits users to install and use applications that are not included in the software configuration also known as unlisted applications When you configure whether unlisted application...

Page 125: ...devices and one for unlisted applications that you do not permit on BlackBerry devices You can also create custom application control policies for unlisted applications that are optional For more information about the rule settings in application control policies for unlisted applications see the BlackBerry Enterprise Server Policy Reference Guide 1 In the BlackBerry Administration Service on the ...

Page 126: ...erry Java Applications to control application permissions and the data that the applications can access specify that a BlackBerry Java Application is not permitted specifywhetherBlackBerryJavaApplicationsthatyoudonotincludeinthesoftwareconfigurationarepermitted or not permitted configure the access permissions for BlackBerry Java Applications that you do not include in the software configuration i...

Page 127: ...dd BlackBerry Device Software configurations and BlackBerry Java Applications to the software configuration Add a BlackBerry Java Application to a software configuration You must add a BlackBerry Java Application to a software configuration and assign the software configuration to user accounts to install the BlackBerry Java Application on BlackBerry devices over the wireless network To upgrade an...

Page 128: ... 3 Click a group 4 Click Edit group 5 On the Software configuration tab in the Available software configurations list click a software configuration 6 Click Add 7 Repeat steps 5 and 6 for each software configuration that you want to assign 8 Click Save all Related topics Create a group to manage similar user accounts 72 View the status of a job 128 Managing the default distribution settings for jo...

Page 129: ...puter If you do not want to install BlackBerry Java Applications on a BlackBerry device over the wireless network and you do not want the user to install the BlackBerry Java Applications using the BlackBerry Web Desktop Manager or BlackBerry Desktop Software you can install the BlackBerry Java Applications on a BlackBerry device by connecting the BlackBerry device to a central computer that can ac...

Page 130: ...a job that is running 136 View the status of a task Each deployment job consists of multiple tasks Each task delivers a specific object or setting to a BlackBerry device that carries out an action for example updating BlackBerry Device Software installing or removing a BlackBerry Java Application or applying updated IT policy settings or application settings You can view the status of tasks If a B...

Page 131: ...ackBerry Policy Service sends application data to a BlackBerry device as a group of application modules If the BlackBerry Policy Service does not deliver one of the application modules to the BlackBerry device the remaining application modules are not delivered to the BlackBerry device You can try to resend the BlackBerry Java Application to the BlackBerry device SendApp failed due to error gettin...

Page 132: ...ice Software version that is running on the BlackBerry device Device reported Data Format Error in packet while installing module An error occurred in the BlackBerry Policy Service that prevented the BlackBerry device from installing the BlackBerry Java Application Inthelogfilesthatyoucollected locatetheuseraccountthatexperiencedtheissue Tracetheinstallationactivity Device reported a s error while...

Page 133: ...lication Inthelogfilesthatyoucollected locatetheuseraccountthatexperiencedtheissue Tracetheinstallationactivity Error messages BlackBerry Device Software tasks To troubleshoot errors that display for a task when you are updating BlackBerry Device Software on a BlackBerry device you can try to determine the cause by collecting the following information BlackBerry Policy Service log files from the d...

Page 134: ...ted with the BlackBerry device does not support the BlackBerry Device Software update You can verify that the BlackBerry device model the current BlackBerry Device Softwareversion and the vendor ID that are associated with the BlackBerry device support the BlackBerry Device Software update 0x03 disallowed by IT policy An IT policy rule in an IT policy that you assigned to the user account does not...

Page 135: ... application performs the update and the user no longer has the option to defer the update Upgrade rejected An error or inconsistency exists in the BlackBerry Device Software files that are available from the BlackBerry Infrastructure Upgrade failed rollback complete After the update application downloaded and applied the current BlackBerry Device Software patch files to the BlackBerry device an e...

Page 136: ...kBerry Synchronization Service log files from the day the issue was reported log level 6 recommended system event logs copy of the BlackBerry Configuration Database SQL trace of the BlackBerry Synchronization Service that communicates with the BlackBerry Configuration Database For information about changing the log level for a BlackBerry Enterprise Server component visit www blackberry com support...

Page 137: ...Berry Synchronization Service received an invalid command from the BlackBerry device Related topics Restarting BlackBerry Enterprise Server components 327 Error messages IT policy tasks To troubleshoot errors that display for a task when you send an IT policy to a BlackBerry device or update an IT policy on a BlackBerry device you can try to determine the cause by collecting the following informat...

Page 138: ...password criteria that you configured using IT policy rules Sequence Processing Stopped due to error processing SET_IT_POLICY_COMMAND command The BlackBerry Policy Service can send the IT policy data to a BlackBerry device in a group of commands If the IT policy command is not delivered to the BlackBerry device the remaining commands in the group are not delivered to the BlackBerry device You can ...

Page 139: ... ID of the job that you want to stop You can only stop jobs with a Running status 5 Click Stop Current Execution 6 Click Yes Stop Current Execution Related topics View the status of a job 128 Managing the default distribution settings for jobs 247 Managing the distribution settings for a specific job 252 View the users that have a BlackBerry Java Application installed on their BlackBerry devices 1...

Page 140: ...cations To view how the BlackBerry Administration Service resolved conflicts that involve the standard application settings in BlackBerry Device Software configurations click View Resolved BlackBerry Device Software application settings 6 View the appropriate information about how the BlackBerry Administration Service resolved the software configuration conflicts for the user account Reconciliatio...

Page 141: ...s BlackBerry Java Applications Scenario Rule Multiple software configurations are assigned to a user account or the groups the user belongs to Multiple BlackBerry Java Applications are contained in each software configuration The BlackBerry Java Applications in each software configuration are installed on the BlackBerry device If the BlackBerry Device Software does not support a specific BlackBerr...

Page 142: ...er the optional disposition and the optional disposition takes precedence over the disallowed disposition The BlackBerry Administration Service resolves the deployment method after resolving the disposition of an application The deployment method specified for an application in a software configuration that is assigned to a user account takes precedence over the deployment method for the same appl...

Page 143: ...s assigned to a user account and it contains a BlackBerry Java Application that has a dependency on another BlackBerry Java Application The dependent application is not supported on the BlackBerry device If a dependent application is not supported by the BlackBerry device or was not installed successfully on the BlackBerry device the application with the dependency is not installed on the user s B...

Page 144: ...tandard application settings is assigned to a group that the user account belongs to The standard application settings in a software configuration that is assigned to a user account take precedence over the standard application settings in a software configuration that is assigned to a group A user account belongs to multiple groups The calendar initialviewsettingisconfigureddifferentlyineachofthe...

Page 145: ...application settings are configured differently in the software configurations that are assigned to the groups The Locked and visible setting takes precedence over the Unlocked and visible setting The Unlocked and visible setting takes precedence over the Unlocked and hidden setting Standard application settings are configured in a software configuration and assigned to user accounts with BlackBer...

Page 146: ...er the application control policy for unlisted applications in a software configuration that is assigned to a group A software configuration that defines unlisted applications as disallowed is assigned to a user account A software configuration that defines unlisted applications as optional is also assigned to the user account If unlisted applications are defined as disallowed in a software config...

Page 147: ...r Eclipse to generate cod files that contain the compiled application code for a BlackBerry Java Application BlackBerry devices execute cod files to run BlackBerry Java Applications The BlackBerry JDE and the BlackBerry Java Plug in for Eclipse also include tools to generate jad files or alx descriptor files that provide information about a BlackBerry Java Application that is used when the applica...

Page 148: ...re a full installation of the BlackBerry Desktop Software Install BlackBerry Java Applications using a web browser on BlackBerry devices You can install a BlackBerry Java Application on a BlackBerry device by installing the files for the BlackBerry Java Application on a web server and instructing the user to browse to the appropriate web address on the BlackBerry device Users can download the Blac...

Page 149: ...plication code The application loader tool requires these files so that it can install the BlackBerry Java Application on BlackBerry devices required modules Some BlackBerry Java Applications require modules that are part of the BlackBerry Device Software The required modules are listed in the alx file in a requires tag If the required modules do not exist on the BlackBerry device you need to inst...

Page 150: ... MIDlet convert the jar file to a cod file For more information about how to compile java and jar file formats into the cod file format visit www blackberry com developers to read the BlackBerry Java Development Environment Development Guide For more information about the BlackBerry Application Web Loader and a sample development template visit www blackberry com go docs to read the BlackBerry App...

Page 151: ...tion Web Loader is 32 MIDlet support The BlackBerry Application Web Loader supports CLDC applications that reference the BlackBerry API or MIDlets that have been converted to the cod file format Enable the BlackBerry Application Web Loader on a web server Before you begin Obtain the jad and cod files for the BlackBerry Java Application from the application developer vendor or wireless service prov...

Page 152: ...ionfiles Youcanmake the standalone application loader tool available from a shared network folder and provide users with a link to run the tool and install the BlackBerry Java on their BlackBerry devices The users must connect their BlackBerry devices to their computers to install the BlackBerry Java Application You must install the BlackBerry Device Manager on users computers so that users can us...

Page 153: ...red modules do not exist on the BlackBerry device you must install the required BlackBerry Device Software on the BlackBerry device For more information about application dependencies visit www blackberry com developers to read the BlackBerry Java Development Environment Development Guide required BlackBerry Java Applications To configure a BlackBerry Java Application as required on a BlackBerry d...

Page 154: ...re you begin Verify that BlackBerry Device Manager version 4 1 or later is installed on the user s computer When you distribute the link to the shared network folder to users specify the loading command using the following format USB shared_computer_name Research In Motion Apploader loader exe defaultUSB forceload Install the BlackBerry Java Application using the standalone application loader tool...

Page 155: ...r computers Users are responsible for completing the installation This method has the following disadvantages You cannot control when users install the BlackBerry Java Application Installing a BlackBerry Java Application on BlackBerry devices over the wireless network can result in increased network usage Prerequisites Installing BlackBerry Java Applications using a web browser on BlackBerry devic...

Page 156: ...web server that hosts the web page After you finish Select a distribution method for example an email message or an intranet web page that you can use to provide users with the web address for the web page that you created Install the BlackBerry Java Application using a web browser on the BlackBerry device Send these instructions to users 1 Open a web browser on the BlackBerry device 2 Navigate to...

Page 157: ...tion Service in your organization s BlackBerry Domain to act as a central push server If a BlackBerry MDS Connection Service in your organization s environment is earlier than version 5 0 it is not designated as a central push server automatically when it starts Related topics Configure multiple BlackBerry Enterprise Server instances to use the same BlackBerry MDS Connection Service 70 Specify a B...

Page 158: ...MDS Connection Service 3 Click Edit component 4 OntheHTTPtab intheProtocol service informationsection intheAuthenticationsupportenableddrop down list perform one of the following actions If you want BlackBerry devices to authenticate to content servers directly click No If you want the BlackBerry MDS Connection Service to store authentication information and perform HTTP authentication on behalf o...

Page 159: ...ure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to content servers that use LTPA BlackBerry devices that are running BlackBerry Device Softwareversion 3 8 or later manage how HTTP cookies are stored and used to authenticate to content servers that use LTPA authentication technology For BlackBerry devices thatusepreviousversionsoftheBlackBerryDeviceSoftware youmustpermi...

Page 160: ...rry MDS Connection Service If required in the RSA Authentication Manager delete the node secret data for the computer that hosts the BlackBerry MDS Connection Service If required delete the node secret data that is located on the computer that hosts the BlackBerry MDS Connection Service Retrieve the RSA Authentication API version 5 0 3 2 from RSA Configure the BlackBerry MDS Connection Service to ...

Page 161: ...rn on for Intranet only If you want users to use RSA authentication for web addresses or intranet addresses that you specify select Turn on for specific sites only 5 In the RSA authentication timeout field type a number in minutes to specify how long devices that the RSA Authentication Manager authenticates can remain connected to your organization s network while the users are active By default t...

Page 162: ...ervice closes the HTTP connection to the BlackBerry device The default timeout limit is 120 000 milliseconds 2 minutes 1 In the BlackBerry Administration Service on the Servers and components menu expand BlackBerry Solution topology BlackBerry Domain Component view 2 Click MDS Connection Service 3 Click Edit component 4 On the HTTP tab in the Protocol service information section in the Device conn...

Page 163: ...rtificate to open HTTPS connections to the BlackBerry MDS Connection Service to push application data and application updates to the BlackBerry devices that are assigned to that BlackBerry MDS Connection Service You can use the Java keytool to create a self signed certificate for the BlackBerry MDS Connection Service or you can import a signed certificate from a trusted public certification author...

Page 164: ... tomcat keyalg RSA keystore webserver keystore b Type the required information c To confirm the information that you typed type Yes Add a publicly signed certificate to the key store a Type keytool import trustcacerts alias tomcat file trustedserver cer keystore webserver keystore b Type the key store password c When prompted click Yes 3 Copy the key store file to drive Program Files Research In M...

Page 165: ... to the key store at the prompt type Yes After you finish If the certificate does not exist import the certificate to drive Program Files Java JRE version lib security cacerts Permitpushapplicationstoselectthetransportprotocolfor PAP requests By default when a push application sends a PAP request to the BlackBerry MDS Connection Service the BlackBerry MDS Connection Service directs requests to an ...

Page 166: ...dress of the web server For example type to represent all web servers or type https domain com to specify all web servers in a specific domain For more information about regular expressions in Java visit java sun com j2se 1 4 2 docs api java util regex Pattern html and java sun com docs books tutorial essential regex literals html 6 In the Settings section in the Allow untrusted servers drop down ...

Page 167: ...ML The BlackBerry MDS Connection Service searches each LDAP server using LDAP or DSML in the order that you specify If you configure the BlackBerry MDS Connection Service to use both LDAP and DSML to search and retrieve certificates the BlackBerry MDS Connection Service searches the servers using LDAP and then searches the servers using DSML After the BlackBerry MDS Connection Service retrieves th...

Page 168: ... 5 Click Save all After you finish To configure the BlackBerry MDS Connection Service to retrieve the status of certificates configure the OCSP and CRL server information Add the communication information that you configured for the LDAP server to the BlackBerry MDS Connection Service configuration set Related topics Add communication information to a BlackBerry MDS Connection Service configuratio...

Page 169: ...for the DSML certificate server that you want the BlackBerry MDS Connection Service to search b In the Service URL field type the FQDN of the DSML certificate server for example http server01 rim com 1234 dsml adssoap dsmlx c In the Settings section if you do not want the BlackBerryMDSConnectionServicetosearchtheentire directory tree in the Base query field type the search base that the BlackBerry...

Page 170: ...tion Service to authenticate to OCSP servers on behalf of BlackBerry devices and to retrieve the status of certificates 1 In the BlackBerry Administration Service on the Servers and components menu expand BlackBerry Solution topology BlackBerry Domain Component view 2 Click MDS Connection Service 3 On the OCSP tab click Edit component 4 Perform the following actions Configure the BlackBerry MDS Co...

Page 171: ...ure the CRL handler to use the CRL responder extension in a certificate 5 Perform one of the following tasks Task Steps Create a CRL server configuration a Type the CRL server name and the web address for the server b Click the Add icon Change an existing CRL server configuration a Click the Edit icon beside the CRL server b Click the Accept icon 6 Click Save all After you finish Add the communica...

Page 172: ... the order that you specify The order of that you specify for LDAP DSML or file communication applies to each communication method separately The order permits the BlackBerry MDS Connection Service to resolve conflicts between domains if you created multiple communication methods for a specific URL 9 Perform one of the following actions To add a new configuration set click the Add icon To update a...

Page 173: ...rry MDS Connection Service copy the cer file to drive Program Files Java JRE_version lib security 3 At a command prompt navigate to drive Program Files Java JRE_version bin 4 Type keytool import trustcacerts alias alias_name file cert_filename keystore cacerts 5 Type the key store password 6 To add the certificate to the key store at the command prompt type Yes After you finish For more informatio...

Page 174: ...pand BlackBerry Solution topology BlackBerry Domain Component view MDS Connection Service 2 Click the instance that you want to change 3 Click Edit instance 4 On the General tab in the Flow control section in the Maximum data amount permitted per connection field type a number in KB 5 Click Save all Specify the pending content timeout limit for a BlackBerry MDS Connection Service You can specify h...

Page 175: ...MDS Connection Service 2 Click the instance that you want to specify the thread pool size for 3 Click Edit instance 4 On the General tab in the Socket connection settings section in the Thread pool size field type a number between 100 and 1000 5 Click Save all Specify the maximum number of scalable socket connections You can specify the maximum number of scalable socket connections that can be ope...

Page 176: ...calable HTTP drop down list click No 5 Click Save all Specify the port number that the web server listens on for push application requests You can specify the port number that the web server listens on for HTTP requests and HTTPS requests from server side push applications You should change the default port parameters only if a port conflict exists with another service on the same computer 1 In th...

Page 177: ...e The default interval is 5 minutes 1 In the BlackBerry Administration Service on the Servers and components menu expand BlackBerry Solution topology BlackBerry Domain Component view MDS Connection Service 2 Click the instance that you want change 3 Click Edit instance 4 On the General tab in the Database section in the Database admin configuration cycle timer field type a time in minutes 5 Click ...

Page 178: ...erry Enterprise Server applies the changes immediately Create an email message filter that applies to all user accounts on a BlackBerry Enterprise Server 1 In the BlackBerry Administration Service on the Servers and components menu expand BlackBerry Solution topology BlackBerry Domain Component view Email 2 Click the instance that you want to change 3 Click Edit instance 4 On the Email message fil...

Page 179: ...xpand User 2 Click Manage users 3 Search for a user account 4 In the search results click the name of the user account 5 Click Edit user 6 In the Messaging configuration section click Default configuration 7 On the Email tab in the Email message filter name field type a name for the email message filter 8 In the Email message filter rules section configure the options for the email message filter ...

Page 180: ...opying existing email message filters to another BlackBerry Enterprise Server You can copy the existing email message filters for a BlackBerry Enterprise Serverand apply them to other instances of the BlackBerry Enterprise Server To create a copy of existing email message filters you can export the existing email message filters for a BlackBerry Enterprise Server as an xml file You can then import...

Page 181: ...that you can use it with other user accounts Export email message filters for a user account 1 In the BlackBerry Administration Service on the BlackBerry solution management menu expand User 2 Click Manage users 3 Search for a user account 4 In the search results click the name of the user account 5 In the Messaging configuration section click Default configuration 6 On the Email tab click Export ...

Page 182: ...multiple extension plug ins to a BlackBerry Messaging Agent you can define the order that the BlackBerry Messaging Agent uses the extension plug ins to process email messages in Install an extension plug in application To add an extension plug in to the BlackBerry Administration Service you must first install the application for the extension plug in on the computer that hosts the BlackBerry Enter...

Page 183: ...rocess to load extension plug ins to process email messages If you do not add an extension plug in to the BlackBerry Administration Service and you install the extension plug in application on the computer that hosts the BlackBerry Enterprise Server the extension plug inisloadeddirectlybytheBlackBerryMessagingAgentinsteadoftheextensionprocess Tostabilizeandmanage your organization s messaging envi...

Page 184: ...gy BlackBerry Domain Component view Email 2 Click the instance that you want to change 3 Click Edit instance 4 In the State database pruning section in the Turn on state database pruning options click Yes 5 In the Remove deleted messages from state database after field type a number of days that is greater than 30 The default value is 183 days 6 In the Remove created messages from state database a...

Page 185: ...t field in an email application to a contact list field on a BlackBerry device 1 In the BlackBerry Administration Service on the BlackBerry solution management menu expand User 2 Click Manage users 3 Search for a user account 4 In the search results click the display name for the user account 5 Click Edit user 6 In the Messaging configuration section click Default configuration 7 On the Mappings f...

Page 186: ...mail application to a BlackBerry device 1 In the BlackBerry Administration Service on the BlackBerry solution management menu expand User 2 Click Manage users 3 Search for a user account 4 In the search results click the display name for the user account 5 Click Edit user 6 In the Messaging configuration section click Default configuration 7 On the Mappings for organizer data synchronization tab i...

Page 187: ...he email address that is assigned to the device For more information about the enrollment process see the BlackBerry Enterprise Solution Security Technical Overview You can make the certificate enrollment process required so that devices automatically start the certificate enrollment process after the devices receive the updated IT policy from the BlackBerry Enterprise Server If you do not make th...

Page 188: ...ion topology BlackBerry Domain Component view 2 Click MDS Connection Service 3 Click Edit component 4 On the HTTP tab in the Name field type the certificate authority name 5 In the Service URL field type the URL that the BlackBerry MDS Connection Service can use to send certificate requests to the certification authority using the following format http FQDN_of_CA_server port_number for example htt...

Page 189: ...he configuration set Click the Add icon To change an existing configuration set click the Edit icon 5 In the Priority Service group drop down list click the name of the service that you want to configure the communication method for 6 In the Service Name Description drop down list click the name of the communication method that you want to configure 7 Click the Add icon 8 To specify the communicat...

Page 190: ...e on the Instance information tab in the Status list click Restart instance 7 To assign the BlackBerry MDS Connection Service configuration set to another BlackBerry MDS Connection Service instance repeat steps 3 to 7 Add certificate information to a Wi Fi profile You must add the name of the certification authority profile that contains certificate information to a Wi Fi profile The name of the c...

Page 191: ...he BlackBerry Enterprise Server deletes the existing certificate from the BlackBerry Configuration Database when the certificate enrollment process starts for a new certificate Also if a certificate is expired or revoked you or a BlackBerry device user can update the certificates on the device using the certificate synchronization tool in the BlackBerry Desktop Software or by copying an updated ce...

Page 192: ...the certificate authority The default interval is 60 minutes application handler pkcs10 poolsize If the certificate authority requires a certificate administrator to approve certificate requests this property specifies the maximum number of simultaneousworkerthreadsthatcanmanagependingcertificaterequests The default pool size is 100 worker threads application handler pkcs10 logging This property s...

Page 193: ...Related topics Configuring the BlackBerry Web Desktop Manager 196 Publish the client files for the BlackBerry Web Desktop Manager in a Windows GPO for Windows XP If you use Microsoft Active Directory you can create a Windows GPO to make sure that the browser settings are correct for your organization s environment Alternatively you can check the browser settings on users computers and if necessary...

Page 194: ... the BlackBerry Web Desktop Manager in a Windows GPO for Windows Vista Before you begin Add the web address for the BlackBerry Administration Service to the list of trusted web sites in the web browser Download and install the Microsoft Group Policy Management Console with Service Pack 1 For more information about installing the service pack see www microsoft com 1 Open the Microsoft Exchange Mana...

Page 195: ...r the BlackBerry Web Desktop Manager automatically You can create a new Windows GPO so that you can add the registry key HKEY_LOCAL_MACHINE Software Microsoft Windows CurrentVersion Internet Settings UseCoInstall to users computers When you add the registry key the users computers install the RIMWebComponents msi file and other Microsoft ActiveX controls automatically The Windows GPO adds the regi...

Page 196: ...ion Administrative Templates 8 Right click Administrative Templates Perform one of the following actions If the computer uses Windows 2000 Server clear the View Show Policies Only option If the computer uses Windows Server 2003 click View Filtering Clear the Only show policy settings that can be fully managed check box 9 Right click Administrative Templates Click Add Remove Templates 10 Add the En...

Page 197: ...ou want to display the changes on the login screen you must direct users to https full_computer_name webdesktop app page Login service page orgId 0 Send users the following information BlackBerry Web Desktop Manager web page address IBM Lotus Domino Internet user names and passwords that you configured for the users in your messaging environment Administration Guide Make the BlackBerry Web Desktop...

Page 198: ... Manager to activate BlackBerry devices using a wired connection to a computer 1 In the BlackBerry Administration Service in the Servers and components menu expand BlackBerry Solution Topology BlackBerry Domain Component view 2 Click BlackBerry Administration Service 3 Click Edit component 4 On the BlackBerry Web Desktop Manager information tab perform one of the following actions To permit users ...

Page 199: ...on Service 3 Click Edit component 4 On the BlackBerry Web Desktop Manager information tab in the Device backup domains field type a domain that permits the user to back up data 5 Click the Add icon 6 Repeat steps 4 and 5 for each domain that you want to add 7 Click Save all Change the text colors in the BlackBerry Web Desktop Manager You can change the text colors in BlackBerry Web Desktop Manager...

Page 200: ...ecifies the hexadecimal color value of the text in the BlackBerry Web Desktop Manager headers and the text in the tab links that point to web pages that the user is not currently visiting ffffff white Font color 7 This text color specifies the hexadecimal color value of the text in the available BlackBerry Web Desktop Manager menu and text in the option links 005387 blue Font color 8 This text col...

Page 201: ...e the domain name to users when you send their login information to them 1 In the BlackBerry Administration Service in the Servers and components menu expand BlackBerry Solution Topology BlackBerry Domain Component view 2 Click BlackBerry Administration Service 3 Click Edit component 4 On the Microsoft Active Directory authentication tab in the Login domain section in the Default domain field type...

Page 202: ...ite survey and assign channels If your organization does not use a switched enterprise Wi Fi network and your organization has multiple subnets configure the subnets to cover the same physical area The configuration can affect how users send or receive calls Assign an SSID to each access point or each group of access points that share an SSID If users can roam between the access points configure a...

Page 203: ...ses Permit all access points to use the AAA server If you configure service specific access security create a captive portal login You must configure user accounts in your organization s environment Perform the following actions Create authentication credentials for the user accounts If your organization uses EAP TLS EAP TTLS or PEAP authentication methods permit the BlackBerry Enterprise Server t...

Page 204: ...rm the following task if you want users to configure a Wi Fi profile for the Wi Fi networks that you did not create a Wi Fi profile for in the BlackBerry Administration Service By default new Wi Fi profiles appear at the end of the Wi Fi profile list on the BlackBerry device 1 On the Home screen or in the application list click Manage Connections 2 Click Set Up Wi Fi Network 3 Perform the instruct...

Page 205: ...er accounts 4 Click the name of the user account that you want to assign a Wi Fi profile to 5 Click Edit user 6 On the Wi Fi profiles tab in the Wi Fi profile name section in the drop down list click the Wi Fi profile 7 If required in the Wi Fi user specific settings section specify the login information for the Wi Fi profile 8 Click the Add icon 9 Click Save all When you assign a Wi Fi profile to...

Page 206: ...sociate the VPN profile with the Wi Fi profile for the user account Depending on your organization s security policy you can save a user name and password to a BlackBerry device to prevent the BlackBerry device from prompting the user for the login information the first time or each time the BlackBerry device connects to the enterprise Wi Fi network Create a VPN profile 1 In the BlackBerry Adminis...

Page 207: ...ution management menu expand Group 2 Click Manage groups 3 In the Manage groups section click the group that you want to assign a VPN profile to 4 On the VPN profiles tab click Edit group 5 In the Available VPN profiles list click the profile that you want to assign to the group and click Add Repeat for any additional profiles that you want to assign to the group 6 Click Save When you assign a VPN...

Page 208: ...configuration 2 Click Manage Wi Fi profiles 3 Click the name of the Wi Fi profile 4 Click Edit profile 5 On the Wi Fi profile settings tab in the Wi Fi associations section in the Associated VPN Profile drop down list click the VPN profile that you want to associate with the Wi Fi profile 6 Click Save All After you finish To update the BlackBerry device information immediately resend the IT policy...

Page 209: ...n more than one action to a user account create multiple rows for the user account If you are using a text editor to create the csv file include a comma after the value that appears in each field in each row If a field does not contain a value include only a comma in the field If you are using a text editor to create the csv file include a character return at the end of each row If you are using a...

Page 210: ... Name Attribute Type Action User Name Password 16 Westlee Barichak wbarichak rim com wlan_1 WLAN UPDATE update_username update_ password 8 Sherisse Da Silva 2072C4B7 sdasilva rim com wifi_1 WLAN UPDATE update_username up date_password Example Removing profile information from user accounts User Id Display Name PIN Email Address Logon Name Attribute Name Attribute Type Action User Name Password 8 L...

Page 211: ...s required Password ThisfieldspecifiesthepasswordthattheBlackBerrydevicecanusetoaccess the enterprise Wi Fi network or VPN if a password is required You can include quotation marks in the password Import profile information from a csv file The BlackBerry Administration Service processes actions in the order that they appear in the csv file If two actions that you listed in the file contradict each...

Page 212: ...ackBerry device is WEP key 0 in the configuration settings and WEP key 2 on the BlackBerry device is WEP key 1 in the configuration settings You type or copy the WEP keys for the access points as a string of hexadecimal digits BlackBerry devices do not support a WEP passphrase Configure WEP keys for BlackBerry devices using a Wi Fi profile If BlackBerry device users in your organization s environm...

Page 213: ...Solution supports PSK encryption see the BlackBerry Enterprise Server Security Technical Overview Configure PSK encryption data for BlackBerry devices using a Wi Fi profile If BlackBerry device users in your organization s environment use BlackBerry 7270 smartphones you must configure passphrases using IT policy rules instead of configuration settings Before you begin Obtain the passphrase for the...

Page 214: ...tings Before you begin Using the wireless access point configure the LEAP settings to accept SSID association requests from users that have the credentials that you specify or to identify the authentication server that the Wi Fi enabled BlackBerry devices use to verify user credentials For more information see the documentation for your organization s access points Configure strong password polici...

Page 215: ... about how the BlackBerry Enterprise Solution supports PEAP authentication see the BlackBerry Enterprise Server Security Technical Overview Configure PEAP authentication data for BlackBerry devices using a Wi Fi profile If BlackBerry device users in your organization s environment use BlackBerry 7270 smartphones you must configure user names and passwords using IT policy rules instead of configura...

Page 216: ...icate or both you can distribute the certificates using BlackBerry Desktop Manager The BlackBerry device can add the certificates to the list of explicitly trusted certificate authority certificates or the list of client certificates 1 On the user s computer right click the certificate Click Install certificate 2 Click Next 3 Click Place all certificates in the following store 4 Click Browse 5 Per...

Page 217: ...ion server 7 Select the Inner link security type 8 If your organization does not use EAP MS CHAPv2 if necesssary in the Token list select the token type 9 If necesssary in the Server subject field type the server name in the server certificate in URL format for example server1 domain com or server1 domain net If you leave the field blank the BlackBerry device skips over it during server authentica...

Page 218: ...erry Desktop Manager or you can enroll the certificate over the wireless network You must configure a Wi Fi profile to provide the user name and password for authentication For more information about how the BlackBerry Enterprise Solution supports EAP TLS authentication see the BlackBerry Enterprise Server Security Technical Overview Configure EAP TLS authentication data for BlackBerry devices usi...

Page 219: ... the authentication server certificate 8 In the Client certificate list click the user certificate 9 Ifnecessary intheServersubjectfield typetheservernameintheservercertificate inURLformat forexample server1 domain com or server1 domain net If you leave the field blank the BlackBerry device skips over it during server authentication 10 If necessary in the Server SAN field type the alternative name...

Page 220: ...ry device users in your organization s environment use BlackBerry 7270 smartphones you must configure user names and passwords using IT policy rules instead of configuration settings 1 In the BlackBerry Administration Service on the BlackBerry solution management menu expand Policy Wi Fi configuration 2 Click Manage Wi Fi profiles 3 Click the name of the Wi Fi profile that you want to change 4 Cli...

Page 221: ... net If you leave the field blank the BlackBerry device skips over it during server authentication 10 If your organization use dynamic IP addresses verify that the Automatically obtain IP address and DNS option is selected 11 Verify that the Allow inter access point handover option is selected 12 If necesssary select the Prompt before connection check box If you do not select the check box the Bla...

Page 222: ...g the BlackBerry Desktop Manager 214 Creating and configuring Wi Fi profiles 200 Send EAP FAST authentication data to a BlackBerry device using a Wi Fi profile If BlackBerry users in your organization s environment use BlackBerry 7270smartphones you must configure user names and passwords using IT policy rules instead of configuration settings 1 In the BlackBerry Administration Service on the Blac...

Page 223: ...n the BlackBerry device in the device options click Wi Fi Connections 2 Click the Wi Fi profile that you want to change 3 Click Edit 4 In the Security Type list select EAP FAST 5 Type the user name and password for the messaging server 6 In the Inner link security list click the security type 7 If necessary in the Token list select the token type 8 If your organization uses dynamic IP addresses ve...

Page 224: ...Berry Enterprise Solution Security Technical Overview Prerequisites Configuring BlackBerry devices for RSA authentication To perform tasks in the RSA Authentication Manager see the RSA Authentication Manager documentation and the documentation for the RSA SecurID token In the RSA Authentication Manager configure the following policies for the PINs of the software tokens in your organization s envi...

Page 225: ...nd time on the BlackBerry devices with the date and time on the users computers After you finish Assign the Wi Fi profile to the user accounts Resend the IT policy to BlackBerry devices Configure RSA authentication over a Wi Fi network using a software token You must add the serial number of the software token that the Wi Fi enabled BlackBerry devices can use to a Wi Fi profile so that RSA authent...

Page 226: ...se to authenticate to a Wi Fi network or VPN network to the user accounts Depending on the number of software token records that are available to you you can assign up to three software tokens to each user account 1 In the BlackBerry Administration Service on the BlackBerry solution management menu expand User 2 Click Manage users 3 Search for a user account 4 Click the display name for the user a...

Page 227: ...11 Click Save all Administration Guide Assign software tokens to a user account 225 ...

Page 228: ...alias httpssl keystore drive Program Files Research In Motion BlackBerry Enterprise Server BAS bin web keystore 3 Using the keytool and the SSL password that you specified when you installed the BlackBerry Administration Service generateanewentryandprivatekeyintheweb keystorefile for example keytool genkey aliashttpssl keypass password keystore drive Program Files Research In Motion BlackBerry Ent...

Page 229: ... Service can access user account information The BlackBerry Web Desktop Manager uses DIIOP if users authenticate with it using their IBM iNotes credentials You can update the IBM Lotus Domino server information if you want the BlackBerry Administration Service to connect to a different server after you install the BlackBerry Administration Service If you want to configure high availability for the...

Page 230: ...d Confirm password field type the password for the Microsoft Active Directory account 6 In the User domain field type the name of the Windows domain that is a part of the resource forest 7 In the Global Catalog search base field perform one of the following actions To permit the BlackBerry Administration Service to search the global catalog leave the Global Catalog search base field blank To contr...

Page 231: ... Active Directory user name and password Ifyouturnonsinglesign onauthentication andyou logintoa computer usinga Microsoft ActiveDirectory account you can bypass the login screen and access the BlackBerry Administration Service and BlackBerry Web Desktop Manager directly The BlackBerry Monitoring Service does not support single sign on authentication Before you turn on single sign on you must confi...

Page 232: ...inistration Service and BlackBerry Web Desktop Managerto the list of web sites in the local intranet zone and install the certificate for the BlackBerry Administration Service or BlackBerry Web Desktop Manager in the certificate store of their computers BlackBerry Administration Service web addresses and BlackBerry Web Desktop Manager web addresses that support BlackBerry Administration Service si...

Page 233: ...rd settings for BlackBerry Administration Service authentication 1 In the BlackBerry Administration Service on the Servers and components menu click BlackBerry Solution topology BlackBerry Domain Component view 2 Click BlackBerry Administration Service 3 Click Edit component 4 In the Security settings section change the minimum password length and number of days until the password expires 5 Click ...

Page 234: ...rvice services 4 OnthecomputersthathosttheremainingBlackBerryAdministrationServiceinstances intheWindowsServices start the BlackBerry Administration Service services Related topics Restarting BlackBerry Enterprise Server components 327 Administration Guide Regenerate the system credentials for the BlackBerry Administration Service 232 ...

Page 235: ...uter that you used to log in to the BlackBerry Administration Service 2 If you receive a prompt type the device password 3 In the BlackBerry Administration Service on the Devices menu click Attached devices Manage current device 4 Click Remove user data from current device 5 Click Yes Remove user data 6 Click Assign current device 7 Search for the new user account that you want to assign the devic...

Page 236: ...es the Delete only the organizationdataandremovedeviceITadministrativecommandoverthewirelessnetwork Allpersonaldataremains on the device A BlackBerry device user cannot use the device or make emergency calls while the device deletes the work data The device permanently deletes the following work data Item Description email messages email messages that are sent to the user s work email account and ...

Page 237: ...onfiguration to the user account to send it to the device For more information see the BlackBerry Enterprise Server Administration Guide 1 In the BlackBerry Administration Service on the BlackBerry solution management menu expand User 2 Click Manage users 3 Search for a user account 4 In the search results click the PIN for the user account 5 In the Device activation list click Delete only the org...

Page 238: ... BlackBerry device user locates the device When the user unlocks the device the device prompts the user to accept or reject the new password You can use this command if the device is lost If you or a user turned on content protection and a device is running BlackBerry Device Software 4 3 0 or later you can use this command If you or a user turned on two factor content protection you cannot use thi...

Page 239: ...rform one of the following actions To delete a user account from the BlackBerry Enterprise Server but retain the BlackBerry Enterprise Server information in the user s mailbox click Delete the user To delete a user account from the BlackBerry Enterprise Server and remove the BlackBerry Enterprise Server information from the user s mailbox click Delete the user and remove the profile document and t...

Page 240: ...he BlackBerry Administration Service on the BlackBerry solution management menu expand User 2 Click Manage users 3 Search for a user account 4 In the search results click the PIN for the user account 5 In the Device activation section click Delete all device data and remove device 6 In the Erase Data Settings section perform the following actions In the Erase Data Delay hours field type the number...

Page 241: ...kBerry Enterprise Server information from the user s mailbox click Disable the user and remove the profile document and the state database 8 Click Yes Delete all device data and remove device Administration Guide Using IT administration commands to protect a lost or stolen device 239 ...

Page 242: ... in again so that the changes can take effect immediately Change the roles for an administrator account To reflect the changes to an administrator s responsibilities in your organization you can add or remove one or more administrative roles for the administrator account 1 In the BlackBerry Administration Service on the BlackBerry solution management menu expand User 2 Click Manage users 3 Search ...

Page 243: ... If the administrator is also a BlackBerry device user remove the BlackBerry device from the administrator account 1 In the BlackBerry Administration Service on the BlackBerry solution management menu expand Administrator User 2 Click Manage users 3 Search for an administrator account 4 In the search results click the display name for the administrator account 5 In the Status list click Delete use...

Page 244: ...es to those groups or use the default user groups that contain pre existing roles If you are managing a large number of groups over 3000 using the BlackBerry Administration Service in a single domain your organization s environment might experience a performance impact Usingdefaultgroupstomanageuseraccountsandadministratoraccounts The BlackBerry Enterprise Server installation includes default grou...

Page 245: ...roup 1 In the BlackBerry Administration Service on the BlackBerry solution management menu expand Group 2 Click Manage groups 3 Click the group name 4 In the Manage users in group membership list click Remove users from group membership 5 Search for a user account 6 Select the check boxes beside the display names for the user accounts that you want to remove 7 Click Remove from group membership Ch...

Page 246: ...er account will have the same settings it had before you deleted it Move a user account to a different group 1 In the BlackBerry Administration Service on the BlackBerry solution management menu expand User 2 Click Manage users 3 Search for a user account 4 In the search results click the display name for the user account 5 Click Edit user 6 On the Groups tab in the Current groups list click the g...

Page 247: ... click Yes Switch the users and fail the deployment tasks If you do not want to move the user accounts that have pending deployment tasks click No Switch only the users that have no existing deployment tasks Delete a user account from the BlackBerry Enterprise Server Before you begin Verify that the primary BlackBerry Enterprise Server is running 1 In the BlackBerry Administration Service on the B...

Page 248: ...tact list depends on the contact list size 1 In the BlackBerry Administration Service on the Servers and components menu expand BlackBerry Solution topology BlackBerry Domain Component view 2 Click Email 3 Click Refresh available user list from company directory Resend service books to a BlackBerry device 1 In the BlackBerry Administration Service on the BlackBerry solution management menu expand ...

Page 249: ... multiple tasks Each task delivers a specific object or setting to a BlackBerry device for example upgrading BlackBerry Device Software installing or removing a BlackBerry Java Application or sending updated IT policy settings or application settings You can change the default settings for a job to control how the BlackBerry Administration Service processes jobs If you change the default settings ...

Page 250: ...ce day for sending IT policy updates If you want to add more than one recurrence day for sending IT policy updates the schedules for the separate recurrence days cannot overlap a In the Scheduled deployment day s drop down list click the appropriate recurrence option If necessary select the recurrence days b In the Start time drop down list click the appropriate option If necessary set the start t...

Page 251: ...ications a Click the Edit icon for the default recurrence day b In the Scheduled deployment day s drop down list click the appropriate recurrence option If necessary select the recurrence days c In the Start time drop down list click the appropriate option If necessary change the start time and end time d Click the Update icon By default the recurrence day is Every day and the start time is All da...

Page 252: ...ronment might experience a performance impact 1 In the BlackBerry Administration Service on the Devices menu expand Deployment jobs 2 Click Specify BlackBerry Device Software distribution settings 3 Click Edit distribution settings 4 Perform any of the following tasks Task Steps Change the recurrence day for installing updating or removing the BlackBerry Device Software a Click the Edit icon for t...

Page 253: ...ault value is 150 9 Click Save all Change how the BlackBerry Enterprise Server sends standard application settings to BlackBerry devices BlackBerry Device Software configurations include standard application settings that you can use to control calendar email andcontactlistsettingsonBlackBerrydevices YoucanchangehowtheBlackBerry EnterpriseServer sends the settings to and updates the settings on Bl...

Page 254: ...e the maximum number of tasks for standard application settings that you want the BlackBerry Enterprise Server to process at the same time The default value is 25 8 If necessary in the Total number of tasks per time window per BlackBerry Administration Service instance field type the total number of tasks for standard application settings that you want the BlackBerry Enterprise Server to process d...

Page 255: ...w a job sends IT policies to BlackBerry devices You can change how the BlackBerry Administration Service sends IT policy settings and changes in a specific job to BlackBerry devices You can change a job s distribution settings for IT policies only if the job is not running If you changingtheITpolicydistributionsettingsforajob yourorganization senvironmentmightexperienceaperformance impact 1 In the...

Page 256: ...fault value is 25 9 If necessary in the Total number of tasks per time window per BlackBerry Administration Service instance field type the total number of IT policy tasks in the job that you want the BlackBerry Enterprise Serverto process during each processing interval The default value is 150 10 Click Save all Change how a job sends BlackBerry Java Applications to BlackBerry devices You can cha...

Page 257: ...abled to reduce load on system 8 If necessary in the Default throttling for all application tasks in each job in a time window section in the Maximum number of simultaneous tasks per BlackBerry Administration Service instance field type the maximum number of application tasks in the job that you want the BlackBerry Enterprise Server to process at the same time The default value is 25 9 If necessar...

Page 258: ...f necessary click the recurrence days b In the Start time drop down list click the appropriate recurrence option If necessary change the start time and end time c Click the Add icon 7 To turn on throttling for all BlackBerry Device Software tasks in jobs in the Default throttling enablement for all BlackBerry Device Software tasks in each job in a time window section click Enabled to reduce load o...

Page 259: ...tings a Click the Edit icon for the recurrence day b In the Scheduled deployment day s drop down list click the appropriate recurrence option If necessary select the number of recurrence days c In the Start time drop down list click the appropriate recurrence option If necessary change the start time and end time d Click the Update icon By default the recurrence day is Every day and the start time...

Page 260: ...ou do not want to make the BlackBerry Java Application available to add to software configurations You cannot delete a BlackBerry Java Application from the application repository if the BlackBerry Java Applicationis in a software configuration 1 In the BlackBerry Administration Service on the BlackBerry solution management menu expand Software Applications 2 Click Manage applications 3 Search for ...

Page 261: ...onfiguration from a group the applications in the software configuration are removed from the BlackBerry devices that are associated with the user accounts that belong to the group 1 In the BlackBerry Administration Service on the BlackBerry solution management menu expand Group 2 Click Manage groups 3 Click a group 4 Click Edit group 5 On the Software configuration tab in the Current software con...

Page 262: ...ch for one or more user accounts 4 In the search results click the display name for a user account 5 Click Edit user 6 On the Software configuration tab in the Current software configurations list click a software configuration 7 Click Remove 8 Repeat steps 6 and 7 for each software configuration that you want to remove 9 Click Save all Delete a software configuration You can delete a software con...

Page 263: ...e Servers and components menu expand BlackBerry Solution topology BlackBerry Domain Component view MDS Connection Service 2 Click the instance that you want to change 3 Click Edit instance 4 In the Access control section in the Pull authorization drop down list click Yes 5 Click Save all Users cannot access web content on their BlackBerry devices until you permit the users to access specific web s...

Page 264: ...nents menu expand BlackBerry Solution topology BlackBerry Domain Component view 2 Click MDS Connection Service 3 Click Edit component 4 On the Access control rules tab in the Rule name field type a name for the pull rule 5 In the Control type drop down list click Pull 6 Click the Add icon 7 Click Save all After you finish Restrict or permit web address patterns using a pull rule Restrict or permit...

Page 265: ...the web site To require that the BlackBerry MDS Connection Service authenticates a user using integrated Windows authentication click Integrated To require that a user authenticates to the RSA Authentication Manager using RSA authentication click RSA To require that the BlackBerry MDS Connection Service authenticates the user using integrated Windows authentication and that a user authenticates to...

Page 266: ... more information about MIME media types visit www iana org Prevent users from accessing specific media types You can configure the BlackBerry MDS Connection Service instances in your organization s environment to prevent users from accessing every format of a media type for example video or a specific format of a media type for example mp3 using the BlackBerry Browser and other applications on a ...

Page 267: ... for the Media content type field include application msword application pdf video mpeg application image 5 In the Maximum KB Connection field type the maximum size in KB of content that a user can download to the device during each connection to the BlackBerry MDS Connection Service 6 In the Disallow content drop down list click No 7 Click the Add icon 8 Click Save all Related topics Default down...

Page 268: ...ion Service is running on and other Microsoft Active Directory domains in other forests that the BlackBerry MDS Connection Service must connect to The S4U2proxy extension that the BlackBerry MDS Connection Service uses to retrieve the Kerberos service tickets for users requires a two way trust between Microsoft Active Directory domains After you turn on Integrated Windows authentication and specif...

Page 269: ...sources that you want to turn on Integrated Windows authentication for For more information about configuring the Microsoft Active Directory account using setspn and Microsoft Active Directory visit www blackberry com btsc to read article KB22726 1 If a pool of application servers host a intranet site and the pool is running on Microsoft IIS and is located behind a load balancer use setspn or ADSI...

Page 270: ... the password meets the security requirements of your organization the user is not required to change their password the next time that the user logs in the user s password never expires Configure the Microsoft Active Directory account to delegate access to a shared folder You are required to have only one Microsoft Active Directory account in each Microsoft Active Directory domain that includes t...

Page 271: ...tory account that you create in the Microsoft Active Directory domain that includes the messaging server or global catalog server Configure the BlackBerry MDS Connection Service when the messaging server is located in a remote Microsoft Active Directory domain Before you begin Create a Microsoft Active Directory account in the Microsoft Active Directory domain that the messaging server or global c...

Page 272: ... tab click Edit component 8 In the Authentication support enabled drop down list click Yes 9 Click Save all 10 On the Pull URL Patterns tab specify web address patterns for the intranet sites or shared folders that you want to permit BlackBerry device users to access for example intranet_site 80 The web address patterns are based on Java regular expressions Consider specifying the following web ad...

Page 273: ...ce from sending push requests and create push initiators that permit specific server side applications to send push requests to BlackBerry devices To permit specific users to receive push requests on BlackBerry devices you can create push rules and assign the rules to the users For more information about push requests see the BlackBerry Java Development Environment Development Guide Restrict push ...

Page 274: ...erry devices 5 In the Credentials field type the password for the server side push application 6 Click the Add icon 7 Click Save all After you finish Create a push initiator for each server side push application that you want to permit to send push requests to BlackBerry devices To specify which users can receive push requests from authenticated push applications turn on push authorization and cre...

Page 275: ...Administration Service in the Servers and components menu expand BlackBerry Solution topology BlackBerry Domain Component view 2 Click MDS Connection Service 3 Click Edit component 4 On the Access control rules tab click the Edit icon for a push rule 5 In the Available push initiators list click the push initiator that you want to assign to the push rule 6 Click Add 7 Repeat steps 5 and 6 for each...

Page 276: ...the Available push rules list click a push rule 7 Click Add 8 Click Save Encrypt push requests that push applications send to BlackBerry devices You can configure a BlackBerry MDS Connection Service to use SSL or TLS to encrypt the push requests that server side push applications send to BlackBerry devices By default the BlackBerry MDS Connection Service does not encrypt the push requests that ser...

Page 277: ...ush requests 1 In the BlackBerry Administration Service on the Servers and components menu expand BlackBerry Solution topology BlackBerry Domain Component view MDS Connection Service 2 Click the instance that you want to specify device ports for 3 Click Edit instance 4 In the Device ports enabled for reliable pushes field type the device port number 5 Click the Add icon 6 Repeat steps 4 to 5 for e...

Page 278: ...on Database to store 5 In the Maximum push message age field type the maximum length of time in minutes that you want the BlackBerry Configuration Database to store a push request before the BlackBerry Enterprise Server deletes it from the BlackBerry Configuration Database 6 Click Save all Configure the maximum number of active connections that a BlackBerry MDS Connection Service can process You c...

Page 279: ... when the number of pending push connections in the queue exceeds the limit 1 In the BlackBerry Administration Service on the Servers and components menu expand BlackBerry Solution topology BlackBerry Domain Component view MDS Connection Service 2 Click the instance that you want to configure the maximum number of queued connections for 3 Click Edit instance 4 In the Push access protocol section i...

Page 280: ...guration section click Default configuration 7 On the Organizer data synchronization tab in the General section in the Automatic wireless backup turned on drop down list click No 8 Click Continue to user information edit 9 Click Save all Delete organizer data for members of a user group from the BlackBerry Enterprise Server If the BlackBerry Enterprise Server is not writing organizer data for memb...

Page 281: ...hat are associated with a BlackBerry Enterprise Server 1 In the BlackBerry Administration Service on the Servers and components menu expand BlackBerry Solution topology BlackBerry Domain Component view Synchronization 2 Click the instance that you want to change 3 In the Instance information section click Synchronization 4 Click Edit component 5 In the Synchronization turned on drop down list clic...

Page 282: ...rom the BlackBerry Enterprise Server to the BlackBerry device only click Server to Device To synchronize data from the BlackBerry device to the BlackBerry Enterprise Server only click Device to Server To synchronize data from the BlackBerry device to the BlackBerry Enterprise Server and from the BlackBerry Enterprise Server to the BlackBerry device click Bidirectional 6 Click Save all Change the d...

Page 283: ...atthe BlackBerry EnterpriseServerdataoverridesthe BlackBerrydevicedata clickServerWins To specify that the BlackBerry device data overrides the BlackBerry Enterprise Server data click Device Wins 6 Click Save all ChangehowtheBlackBerryAdministrationServiceresolvesconflictsduring organizer data synchronization for a specific user account 1 In the BlackBerry Administration Service on the BlackBerry ...

Page 284: ...es to find a BlackBerry user s address book or memo organizer data Note If the Location Server and Location Relative Path fields are not populated the BlackBerry Enterprise Server does not synchronize the user s address book and memo application to the user s BlackBerry device 1 In the BlackBerry Administration Service on the BlackBerry solution management menu expand User 2 Click Manage users 3 S...

Page 285: ...configure a BlackBerry Enterprise Server to deliver incoming messages to a user s BlackBerry device when no email message filters apply to those messages 1 In the BlackBerry Administration Service on the BlackBerry solution management menu expand User 2 Click Manage users 3 Search for a user account 4 In the search results click the name of a user account 5 In the Messaging configuration section c...

Page 286: ...ard email messages from the user s inbox and sent items folder click Inbox and Sent Items only To select the folders that you want the BlackBerry Enterprise Serverto forward messages from click Selected folders Click the folders that you want to forward messages from 8 Click Continue to user information edit 9 Click Save all Turn off email message forwarding to user accounts in a group You can tem...

Page 287: ... that the user sends from the BlackBerry device you can turn off synchronization for email messages that the user sends from the BlackBerry device 1 In the BlackBerry Administration Service on the BlackBerry solution management menu expand User 2 Click Manage users 3 Search for a user account 4 In the search results click the name of the user account 5 Click Edit user 6 In the Messaging configurat...

Page 288: ...rry Administration Service on the BlackBerry solution management menu expand User 2 Click Manage users 3 Search for one or more user accounts 4 Select the user accounts that you want to delete incoming messages for 5 In the Pending data packets list click Purge pending data packets for selected devices If wireless calendar synchronization for a user account is turned on the BlackBerry Enterprise S...

Page 289: ...ation s messaging server 1 In the BlackBerry Administration Service on the Servers and components menu expand BlackBerry Solution topology BlackBerry Domain Component View Email 2 Click the name of the BlackBerry Enterprise Server instance or BlackBerry Enterprise Server pair that you want to change 3 Click Edit instance 4 On the Messaging tab in the Messaging Options section change Free busy look...

Page 290: ...se Server using one of the following methods If you are changing a BlackBerry Enterprise Server instance in the Status list click Restart instance If you are changing a BlackBerry Enterprise Server pair in the Status list for one of the instances in the pair click Restart instance Repeat this step for the other instance in the pair In the Windows Services restart the BlackBerry Dispatcher 9 Repeat...

Page 291: ...ng email messages that contain inline images to BlackBerry devices If you turn off support for rich content and inline images you reduce the resource consumption on the computers that are running the messaging server BlackBerry Attachment Service and BlackBerry MDS Connection Service 1 In the BlackBerry Administration Service in the Servers and components menu expand BlackBerry Solution topology B...

Page 292: ...erprise Server components 327 Configuring IBM Lotus Notes links on devices In IBM Lotus Notes BlackBerry device users can include Lotus Notes links to connect to documents specific sections of a document views folders or applications in Lotus Notes The BlackBerry Enterprise Server supports Lotus Notes links in email messages that users create and receive on their BlackBerry devices The BlackBerry ...

Page 293: ...er name and host name to the map manually using a registry value 1 On the computer that hosts the BlackBerry Messaging Agent click Start Run 2 Type regedit 3 Perform one of the following actions If you are running a 32 bit version of Windows go to HKEY_LOCAL_MACHINE SOFTWARE Research In Motion BlackBerry Enterprise Server Agents If you are running a 64 bit version of Windows go to HKEY_LOCAL_MACHI...

Page 294: ... 7 In the Value data field type the interval in seconds that can elapse before the map updates itself The minimum value is 3600 seconds 1 hour the maximum value is 86 400 seconds 24 hours 8 Click OK Turn off support for IBM Lotus Notes links By default support for IBM Lotus Notes links is turned on If your organization s environment has security restrictions you can turn off support for Lotus Note...

Page 295: ...to synchronize with the contact lists on the BlackBerry device 8 Click Continue to user information edit 9 Click Save all Control which personal contact subfolders a user can synchronize to a BlackBerry device By default a user can synchronize all of the personal contact subfolders on the messaging server with the contact lists on the BlackBerry device To help manage network resources you can sele...

Page 296: ...fy public contact databases that users can access from their BlackBerry devices 1 In the BlackBerry Administration Service on the Servers and components menu expand BlackBerry Solution topology BlackBerry Domain Component view 2 Click Email 3 Click Edit component 4 In the Published contact servers section in the User synchronized public contact servers maximum field type the maximum number of publ...

Page 297: ...t want to access from the BlackBerry devices In BlackBerry Enterprise Serverversion 5 0 or later and BlackBerry Device Software version 5 0 or later if you want to permit users to access specific documents that are not located on the Windows network for example documents that are located on a Linux network from the BlackBerry devices you must configure the BlackBerry MDS ConnectionServicetosearcht...

Page 298: ...s for example the DFS Namespace in Windows Server and fs_path is the optional directory path that can include a specific filename When you type the UNC path you can use an asterisk to represent a sequence of arbitrary characters including blank spaces a question mark to represent a single arbitrary character and a backslash to represent an escape character You cannot type a URL that can search all...

Page 299: ...hange an existing configuration set click the Edit icon 5 In the Priority Service group drop down list click the name of the service that you want to configure the communication method for 6 In the Service Name Description drop down list click the name of the communication method that you want to configure 7 Click the Add icon 8 To specify the communication method that the BlackBerry MDS Connectio...

Page 300: ...onnection Service instance 6 Click Save all 7 To restart the BlackBerry MDS Connection Service instance on the Instance information tab in the Status list click Restart instance 8 To assign the BlackBerry MDS Connection Service configuration set to another BlackBerry MDS Connection Service instance repeat steps 3 to 7 Related topics Restarting BlackBerry Enterprise Server components 327 Managing s...

Page 301: ... a disclaimer for 6 Click Save all Add a disclaimer to email messages that a user sends from a BlackBerry device You can add a disclaimer to all email messages that are sent by a user that is different from the disclaimer that you added for all users on a BlackBerry Enterprise Server A user cannot change the disclaimer that you define 1 In the BlackBerry Administration Service on the BlackBerry so...

Page 302: ... In the BlackBerry Administration Service on the Servers and components menu expand BlackBerry solution topology BlackBerry Domain Component view Email 2 Click the instance that you want to change 3 Click Edit instance 4 On the Messaging tab in the Messaging options section perform any of the following actions To turn off disclaimers that appear before the body of the message in the Prepended disc...

Page 303: ...sages PIN messages are appropriate for informing users about messaging server outages because BlackBerry devices send and receive PIN messages directly without using the messaging server BlackBerry devices do not apply filters to PIN messages When users reply to a notification email message their BlackBerry devices send the replies to the administration email address Send a notification message to...

Page 304: ...ype the message that you want to send 7 Click Send message Automated notification messages If the BlackBerry Enterprise Server cannot send email messages to BlackBerry devices it sends a notification PIN message to the BlackBerry devices automatically informing users about an issue with wireless email delivery Change the subject for automated notification messages You can change the subject for au...

Page 305: ...ftware Research In Motion BlackBerry Enterprise Server Agents If you are running a 64 bit version of Windows navigate to HKEY_LOCAL_MACHINE Software WOW6432Node Research In Motion BlackBerry Enterprise Server Agents 5 Right click Agents Click New DWORD Value 6 Type MaxSkippedNotificationsPerDay 7 Double click the new value 8 In the Value data field type 0 9 Click OK After you finish Restart the Bl...

Page 306: ... topics Create a BlackBerry Attachment Service pool for high availability 98 Change how a BlackBerry Attachment Connector retries sending requests to a BlackBerry Attachment Service The BlackBerry Attachment Connector sends requests to view attachments from users BlackBerry devices to a BlackBerry Attachment Service You can change how a BlackBerry Attachment Connector processes attachment requests...

Page 307: ...lost connection field type the amount of time in milliseconds that the BlackBerry Attachment Connector waits before it tries to restore a lost connection to a BlackBerry Attachment Service The default value is 1000 milliseconds 5 Click Save all Attachment file formats that the BlackBerry Attachment Service supports Format Extension Adobe Acrobat pdf ASCII text txt audio amr mp3 wav wma Corel WordP...

Page 308: ...vailable The BlackBerry Attachment Service does not support the following features in odp files some text effects and style options line spacing proportional at least leading text with position functionality animation transitions tables svm images crop and clip image effects specific types of text object spacing table of contents portrait page orientation color gradient hatching and bitmap fill ef...

Page 309: ...ning conversion process The maximum file size of attachments impacts the amount of cached memory that the BlackBerry Attachment Service uses By default the BlackBerry Attachment Service does not limit the file size of an attachment that is embedded in an email message or retrieved using a link The BlackBerry Enterprise Server sends data to BlackBerry devices over the wirelessnetworkinpacketsthatar...

Page 310: ...number of processes ThissettingspecifiesthenumberofconversionrequeststhattheBlackBerry Attachment Service can process at the same time When you specify this value considertheamountofavailablememoryandthecompetingservices on the computer that hosts the BlackBerry Attachment Service The default value is 4 1 through 64 Process recycle time minutes This setting specifies the length of time that an app...

Page 311: ...istration Service on the Servers and components menu expand BlackBerry Solution topology BlackBerry Domain Component view Attachment Server 2 Click the instance that you want to change 3 Click Edit instance 4 In the Distiller display name section in the Attachment size KB column type a value in KB for the distillers that you want to change If necessary configure the settings in the Additional data...

Page 312: ...ents 327 Add support for an additional attachment file format to a BlackBerry Attachment Service You can configure a BlackBerry Attachment Service to support additional file formats If your organization s messaging server connects to a document management system that renames file format extensions you must add the necessary extensions to the list of supported file formats for all BlackBerry Attach...

Page 313: ... If the BlackBerry Messaging Agent receives more than one attachment at a time it limits the total file size of all of the attachments to a maximum of 5 MB Data that a BlackBerry device and the messaging server send each other over the wireless network must be in packets that are no larger than 64 KB If a BlackBerry device sends an attachment that is larger than a single packet the BlackBerry devi...

Page 314: ...t users from sending large attachments they can only send specific attachments such as certificates and contact list entries that are less than a single packet 1 In the BlackBerry Administration Service on the Servers and components menu expand BlackBerry Solution topology BlackBerry Domain Component view Email 2 Click the instance that you want to change 3 Click Edit instance 4 On the Messaging t...

Page 315: ...ximumsingleattachmentdownloadsize KB field type a number in KB that is between 0 and 10240 10 MB If you type 0 users cannot download attachments in a native format to their BlackBerry devices 5 Click Save all Administration Guide Changing how the BlackBerry Messaging Agent reconciles attachments to the messaging server 313 ...

Page 316: ...ion levels using the BlackBerry Enterprise Trait Tool You can use the BlackBerry Enterprise Trait Tool to specify whether corrective calendar synchronization checks calendar entries for a specific user users on a specific BlackBerry Enterprise Server or all users The tool uses a hierarchy to determine what calendar entries to check Settings at the user level override settings at the server level s...

Page 317: ...ccount the server name of a specific BlackBerry Enterprise Server for all user accounts that are associated with the specific BlackBerry Enterprise Server or global for all user accounts View the current settings for corrective calendar synchronization 1 Copy the BlackBerry Enterprise Serverinstallation files to a computer that hosts a BlackBerry Enterprise Server instance 2 Extract the contents t...

Page 318: ...SendUpdate set true 5 Press ENTER Example Configuring the process to correct calendar synchronization errors for a specific user traittool user ian dundas blackberry com trait DominoSmartSyncSendUpdate set true After you finish To turn off calendar synchronization error correction type traittool level trait DominoSmartSyncSendUpdate set false where level is the SMTP address of a specific user acco...

Page 319: ...s to a folder on the computer 3 At the command prompt navigate to the folder that the TraitTool exe file is located in 4 Perform one of the following actions To configure calendar synchronization to occur at a specific hour for a specific user account type traittool user smtp_address trait DominoSmartSyncTriggerHour set value where value is a number from 0 to 23 0 is 12 00 AM and 23 is 11 00 PM Th...

Page 320: ...23 Example Corrective calendar synchronization that runs on weekdays for all users traittool global trait DominoSmartSyncSchedule set Weekdays Example Corrective calendar synchronization that runs on Monday Wednesday and Friday for a specific user traittool user greg stark blackberry com trait DominoSmartSyncSchedule set Monday Wednesday Friday Configure throttling for corrective calendar synchron...

Page 321: ...Corrective calendar synchronization writes the following information to the BlackBerry Messaging Agent log file Item Description DIF specifies that a calendar item is different on the BlackBerry device than it is in the email application MOD specifies that a calendar item is missing on the device MON specifies that a calendar item is missing in the email application SAM specifies that a calendar i...

Page 322: ...onization begins on the BlackBerry Enterprise Server that is named SERVER01 type traittool server SERVER01 trait DominoSmartSyncTriggerHour erase Start corrective calendar synchronization manually for a user account By default the BlackBerry Enterprise Server synchronizes the calendar on each BlackBerry device user s computer with the calendar on each user s BlackBerry device at a regular interval...

Page 323: ...f the BlackBerry Enterprise Server Administration Guide To download the zip file for the appropriate collaboration client visit www blackberry com support downloads For information about the compatibility of collaboration clients and versions of the BlackBerry Enterprise Server visit na blackberry com eng support downloads im_server_compatibility jsp Change the instant messaging server or pool tha...

Page 324: ...essagingservers click TCP if you do not want the BlackBerry Collaboration Service to encrypt the data thatitsendstotheinstantmessagingservers For Microsoft Office Live Communications Server 2005 or Microsoft Office Communications Server 2007 In the Transport protocol drop down list perform one of the following actions click HTTPS if you want the BlackBerry Collaboration Service to encrypt the data...

Page 325: ...an be open between the BlackBerry Collaboration Service and the instant messaging server at the same time 1 In the BlackBerry Administration Service on the Servers and components menu expand BlackBerry Solution topology BlackBerry Domain Component view Collaboration 2 Expand the instant messaging environment 3 Click the instance that you want to change 4 Click Edit instance 5 In the General sectio...

Page 326: ...maximum size of file types that users can send using the BlackBerry Client for IBM Lotus Sametime To control the use of network resources in your organization s environment you can use the media content management feature to specify the maximum size of specific file types that BlackBerry device users can send to each other using the BlackBerry Client for IBM Lotus Sametime The maximum file size th...

Page 327: ...Servers and components menu expand BlackBerry solution topology BlackBerry Domain Component view Collaboration 2 Expand the instant messaging environment 3 Click the instance that you want to change 4 Click Edit instance 5 In the General section in the Show Mobile Icon drop down list click False 6 Click Save all Make additional contact information and phone numbers available for the BlackBerry Cli...

Page 328: ...ation Telephone Photo Company OfficePhone HomePhone CellPhone Manager Department HomeAddress HomeZip HomeState HomeCity WorkAddress WorkZip WorkCity WorkSt ate LoginId 6 Save the UserInfoConfig xml file 7 Restart the IBM Lotus Domino server 8 To verify that the new fields were added to each user s contact information perform the following actions a Create a test user account in the IBM Lotus Domin...

Page 329: ...rvice Synchronization BlackBerry Synchronization Service BlackBerry Attachment Service Attachment Service BlackBerry Attachment Service BlackBerry MDS Connection Service MDS Connection Service BlackBerry MDS Connection Service BlackBerry Monitoring Service BlackBerry Monitoring Service Application Core BlackBerry Monitoring Service Data Collection Subsystem BlackBerry Monitoring Service Polling En...

Page 330: ... Attachment Service BlackBerry Controller All of the remaining services for BlackBerry Enterprise Server components Best practice Restarting more than one BlackBerry Administration Service instance To restart all BlackBerry Administration Service instances without issues the best practice is to stop all instances before you begin restarting the instances If you must keep at least one BlackBerry Ad...

Page 331: ...ecified Type traittool trait trait name set value Erase the value of a trait Type traittool trait trait name erase Replace the braces and asterisk with one or more of the following command line options global to specify all BlackBerry Enterprise Server instances in the BlackBerry Domain agent agent id to specify the ID for the BlackBerry Messaging Agent group groups_name to specify a group of Blac...

Page 332: ...ses the Web Proxy Autodiscovery protocol to discover proxy servers automatically If you want to enable the Web Proxy Autodiscovery protocol change the value to 1 If you want to disable the Web Proxy Autodiscovery protocol change the value to 0 If you do not change the value to 1 the Web Proxy Autodiscovery protocol is not enabled For more information see Configure the BlackBerry Administration Ser...

Page 333: ...delivers email messages change the valuetofalse 0 IfyouwanttopreventtheBlackBerryMessaging Agent from sending confirmations automatically when the BlackBerry Messaging Agent delivers email messages change the value to true 1 The default value is false 0 the BlackBerry Messaging Agent sends confirmations automatically when the BlackBerry Messaging Agent delivers email messages DominoSmartSyncDays T...

Page 334: ...BlackBerry Messaging Agent log file or writes the errors to the log file and corrects the calendar synchronization errors on devices You can configure the BlackBerry Messaging Agent to correct calendar synchronization errors automatically for a specific user account all user accounts that you associate with a BlackBerry Enterprise Server or all user accounts If you want the BlackBerry Messaging Ag...

Page 335: ...mail message sent to a device when the BlackBerry Enterprise Server synchronizes email messages that an email application sends The default value is false 0 the body of an email message is sent to a device EnableNNEIDFileProvisioning This trait specifies whether the BlackBerry Enterprise Server can synchronize IBM Lotus Notes id files with the Lotus Notes ID vault automatically and send the files ...

Page 336: ...display the folders and the BlackBerry Administration Service might time out If you want to turn off the look up function change the value to false 0 If you turn off the look up function you can access the BlackBerry MessagingAgentintheBlackBerryAdministrationServicebutyou cannot see the list of available public folders in the Email component page in the BlackBerry Administration Service The defau...

Page 337: ...ers the email messages and places them in the Junk folder If you do not want the BlackBerry Enterprise Server to monitor the Junk folder for activation messages change the value to false 0 and restart the BlackBerry Controller The default value is true 1 the BlackBerry Enterprise Server monitors the Junk folder for activation messages NumberOfUserTargetTypeForSlowSyncInPara llel This trait specifi...

Page 338: ...er the BlackBerry Policy Service uses throttling to send applications the same way that it throttles IT policies and service books If you want the BlackBerry Policy Service to send applications using throttling in the same way that it throttles IT policies and service books change the value to true 1 If you do not want the BlackBerry Policy Service to send applications using throttling in the same...

Page 339: ...tling for PIN encryption keys PrepopulatePIMForNotesUsers This trait specifies whether administrators can change the PIM location for roaming If you want to permit administrators to change the PIM location for roaming change the value to false 0 IfyoudonotwanttopermitadministratorstochangethePIM location for roaming change the value to true 1 and the BlackBerry Messaging Agent determines the PIM l...

Page 340: ...ers for user accounts and messaging servers UserHealthPercentage This trait specifies the percentage of user accounts that are healthy The BlackBerry Dispatcher uses this trait to change the User accounts health parameter If either of the health parameters indicate that the primary BlackBerry Enterprise Server is unhealthy and you turn on automatic failover the BlackBerry Enterprise Server starts ...

Page 341: ...topology BlackBerry Domain Component view 2 Click BlackBerry Administration Service 3 Click Edit component 4 In the License key section perform one of the following actions To add a BlackBerry CAL key type the information for the BlackBerry CAL key Click the Add icon To delete a BlackBerry CAL key click the Delete icon 5 Click Save all Copy a BlackBerry CAL key to a text file You can copy a BlackB...

Page 342: ...ase might not contain the contact information for all user accounts on your organization s messaging server If the BlackBerry Configuration Database does not contain contact information for a user account you cannot create the user account by searching for the contact information in the BlackBerry Administration Service You can only create the user account if you use the Add from company directory...

Page 343: ...the BlackBerry Enterprise Server open the Registry Editor 2 Perform one of the following actions If you are running a 32 bit version of Windows navigate to HKEY_LOCAL_MACHINE Software Research In Motion BlackBerry Enterprise Server Agents If you are running a 64 bit version of Windows navigate to HKEY_LOCAL_MACHINE Software WOW6432Node Research In Motion BlackBerry Enterprise Server Agents 3 Creat...

Page 344: ...ge can lead to unexpected behavior such as database updates not completing To avoid this scenario you can throttle the processing of IT policies and service books You can specify the maximum number of processes for IT policies and service books that a BlackBerry Policy Service can run at one time before the BlackBerry Policy Service schedules additional processes for IT policies and service books ...

Page 345: ...ice books that a BlackBerry Policy Service can send If you want to configure the maximum number of IT policies or service books that a BlackBerry Policy Service can send to 500 type traittool global trait PolicyThrottlingMaxDomainJobs set 500 Configuring BlackBerry Policy Service throttling for PIN encryption keys If the BlackBerry Policy Service detects that you updated the PIN encryption keys in...

Page 346: ...st as the server permits which might result in an unexpected increase in CPU usage and database usage If you configure throttling the BlackBerry Policy Service sends applications to devices using the same method that it uses to throttle IT policies and service books Configure BlackBerry Policy Service throttling for application polling 1 Copy the BlackBerry Enterprise Server installation file to a...

Page 347: ...on Panel 2 In the Database Connectivity tab in the Use dynamic ports or specify SQL port field type the port number 3 Click Apply 4 Click OK 5 In the Windows Services restart the appropriate service for the BlackBerry Enterprise Server component 6 Repeat steps 1 to 5 on each computer that hosts a BlackBerry Enterprise Server component that connects to the BlackBerry Configuration Database Related ...

Page 348: ...exist create a DWORD value that you name Default 5 Change the DWORD value to the port number that the syslog tools listen on 6 Click OK 7 In the Windows Services restart the service for the BlackBerry Enterprise Server component Related topics Restarting BlackBerry Enterprise Server components 327 Syslog connection type and port number 386 Administration Guide Change the port number that the syslo...

Page 349: ...rvice is inactive for a long period of time Registry keys determine how the BlackBerry Controller monitors the BlackBerry Enterprise Server components and restarts the services that are associated with the components You can change the default behavior of the BlackBerry Controller by creating new registry keys and changing the default values of the registry keys TheBlackBerryControlleralsomonitors...

Page 350: ...eld type a value The default maximum number of requests that can occur daily is 100 Change the number of minutes that the BlackBerry Controller waits for NSD to finish if it is running when the BlackBerry Controller tries to restart IBM Lotus Domino and the BlackBerry Messaging Agent a Double click WaitForNSDToComplete b In the Value data field type a value The default number of minutes is 30 Chan...

Page 351: ...koutTo f Double click the new DWORD value g In the Base section select the Decimal option h In the Value data field type the highest value of the time range For example if you configure the RestartAgentOnHungBlackoutFrom value to eight and the RestartAgentOnHungBlackoutTo value to 17 the BlackBerry Controller does not restart the BlackBerry Messaging Agent between 8 00 AM and 5 00 PM if it detects...

Page 352: ...Service if the service stops responding type 0 To permit the BlackBerry Controller to restart the BlackBerry Attachment Service if the service stops responding type 1 Change how the BlackBerry Controller restarts the BlackBerry Collaboration Service a Click BlackBerry Collaboration Service b Double click the DWORD value that is named RestartOnCrash c In the Value data field perform one of the foll...

Page 353: ...estarting the BlackBerry Mail Store Service if the service stops responding type 0 To permit the BlackBerry Controller to restart the BlackBerry Mail Store Service if the service stops responding type 1 Change how the BlackBerry Controller restarts the BlackBerry Policy Service a Navigate to BlackBerry Enterprise Server b Click PolicyServer c Double click the DWORD value that is named RestartOnCra...

Page 354: ...ation Service on the Servers and components menu expand BlackBerry Solution topology BlackBerry Domain Component view Alert 2 Click the instance that you want to change 3 Click Edit instance 4 In the SMTP host name field type the SMTP host name of your organization s gateway in DNS format for example smtp CompanyName com 5 In the SMTP account name field type the name of the SMTP account that you w...

Page 355: ...o change 3 Click Edit instance 4 In the User name field type the name of the contact 5 In the Event level drop down list click one of the following menu items To send notification messages for the default event monitoring level click Default To send notification messages for all events up to and including level 1 critical and error click Error To send notification messages for all events up to and...

Page 356: ...o save the log files 5 Click Save all Monitor PIN messages You can use the log files for PIN messages to monitor the time and frequency when users send PIN messages from BlackBerry devices The log files are named using the format PINLog_ yyyymmdd By default logging for PIN messages is turned off 1 In the BlackBerry Administration Service on the BlackBerry solution management menu expand Policy 2 C...

Page 357: ...ver saves the log files in C Program Files Research In Motion BlackBerry Enterprise Server Logs Each BlackBerry Enterprise Server instance saves the log files in folders that it creates daily and organizes by date To prevent the BlackBerry Enterprise Server log files from taking up too much disk space you can change how BlackBerry Enterprise Server components create and delete log files By default...

Page 358: ...e General section in the Create folder for daily logs drop down list click False 5 Click Save all 6 On each computer that hosts a BlackBerry Enterprise Servercomponent or BlackBerry Enterprise Server service in the Windows Services restart the BlackBerry Enterprise Server services Changing how BlackBerry Enterprise Server components create log files Add a prefix to the file names of the log files ...

Page 359: ...rver component when the current log file reaches its maximum size 358 Restarting BlackBerry Enterprise Server components 327 Change the logging level for a BlackBerry Enterprise Server component You can select whether the information that you save to the log files is detailed or limited by changing the logging level for a BlackBerry Enterprise Server component A more detailed logging level can hel...

Page 360: ...u changed Related topics Restarting BlackBerry Enterprise Server components 327 Change the identifier of the log file for a BlackBerry Enterprise Server component You can identify the log file for a BlackBerry Enterprise Server component by the identifier that is included in the file name For example a log file that is named BBServer01_SYNC_01_20080120_001 txt uses the default component identifier...

Page 361: ... the components that contain the logging settings that you changed Related topics Restarting BlackBerry Enterprise Server components 327 Change the character encoding of the log file for a BlackBerry Enterprise Server component You can change the character encoding of the log files of a BlackBerry Enterprise Server component so that the encoding supports the tools that you use to parse and examine...

Page 362: ...inistration Service Native Code Container service Related topics Restarting BlackBerry Enterprise Server components 327 Component identifiers for log files You can identify the names for the BlackBerry Enterprise Server log files using the following component identifiers Component identifier Logging component ACNV BlackBerry Attachment Service attachment conversion ALRT BlackBerry Enterprise Serve...

Page 363: ...vel for the BlackBerry MDS Connection Service log file which includes the event log UDP log files and TCP log files 1 In the BlackBerry Administration Service on the Servers and components menu expand BlackBerry Solution topology BlackBerry Domain Component view MDS Connection Service 2 Click an instance of the BlackBerry MDS Connection Service 3 On the Logging tab click Edit instance 4 In the Fil...

Page 364: ...P log file messages from the same host and port number that the BlackBerry MDS Connection Service connects to when it sends UDP log messages 1 In the BlackBerry Administration Service on the Servers and components menu expand BlackBerry Solution topology BlackBerry Domain Component view MDS Connection Service 2 Click an instance of the BlackBerry MDS Connection Service 3 On the Logging tab click E...

Page 365: ...d TCP log files 1 In the BlackBerry Administration Service on the Servers and components menu expand BlackBerry Solution topology BlackBerry Domain Component view MDS Connection Service 2 Click a BlackBerry MDS Connection Service instance 3 On the Logging tab click Edit instance 4 In the Logging section perform any of the following tasks Task Steps Do not trace how data packets travel inside the S...

Page 366: ... server In the CRL logging turned on drop down list click Yes Monitor PGP key status and revocation information that the BlackBerry device retrieves from the PGP server InthePGPloggingturnedondrop downlist clickYes 5 Click Save all Related topics Restarting BlackBerry Enterprise Server components 327 Using BlackBerry MDS Connection Service log files to view information for proxied connections to B...

Page 367: ...KBytes size of messages that the BlackBerry device sends in KB MTH_KBytes size of messages that the BlackBerry device receives in KB MFH_PACKET_COUNT number of packets that the BlackBerry device sends MTH_PACKET_COUNT number of packets that the BlackBerry device receives BlackBerry Collaboration Service log files ChangewhichactivitiestheBlackBerryCollaborationServicewritestoalog file 1 In the Blac...

Page 368: ... the BlackBerry Collaboration Service to the BlackBerry Dispatcher In the GME logging turned on drop down list click True 5 Click Save all Related topics Restarting BlackBerry Enterprise Server components 327 Administration Guide BlackBerry Collaboration Service log files 366 ...

Page 369: ...gure the connection for a Microsoft SQL Server incoming data connections from and outgoing data connections to the BlackBerry Configuration Database TCP 1433 Windows registry On a 32 bit version of Windows HKEY_LOCAL_M ACHINE SOFTWARE Research In Motion BlackBerry Enterprise Server Database Port On a 64 bit version of Windows HKEY_LOCAL_M ACHINE SOFTWARE WOW6432Nod e Research In Motion BlackBerry ...

Page 370: ...a connections to BlackBerry Enterprise Server components for Java RMI TCP 13873 BlackBerry Configuration Panel incoming data connections from and outgoing data connections to BlackBerry Enterprise Server components for Java RMI over SSL TLS 13843 BlackBerry Configuration Panel internal data connection TCP 14457 BlackBerry Configuration Panel internal data connection TCP 28083 BlackBerry Configurat...

Page 371: ...y Administration Service incoming document queries from the BlackBerry Attachment Service TCP 2000 BlackBerry Administration Service outgoing conversion results of large attachments to the BlackBerry Attachment Connector for the BlackBerry Attachment Service TCP 2000 BlackBerry Administration Service incoming data connections from and outgoing data connections to the BlackBerry Configuration Datab...

Page 372: ...tion Service incoming data connections from and outgoing data connections to IBM Lotus Sametime TCP IP 1516 BlackBerry Administration Service incoming data connections from and outgoing data connections to the Novell GroupWise Messenger SSL 8300 BlackBerry Administration Service incoming data connections from and outgoing data connections to the BlackBerry Dispatcher TCP 3201 incoming data connect...

Page 373: ...ction types and port numbers Item Connection type Default port number UIwhereyoucanconfigure the connection for a Microsoft SQL Server incoming data connections from and outgoing data connections to any of the following BlackBerry Enterprise Server components BlackBerry Administration Service BlackBerry Attachment Service BlackBerry Collaboration Service BlackBerry Dispatcher BlackBerry MDS Connec...

Page 374: ...mponents 327 BlackBerry Controller connection types and port numbers Item Connection type Default port number UIwhereyoucanconfigure the connection incoming syslog connections from the BlackBerry Messaging Agent UDP 4070 Microsoft Windows registry On a 32 bit version of Windows HKEY_LOCAL_MACHI NE SOFTWARE Research In Motion BlackBerry Enterprise Server Logging Info Mailbox Agent SysLogHost On a 6...

Page 375: ...Connection type Default port number UIwhereyoucanconfigure the connection incoming data connections from the BlackBerry Messaging Agent TCP 5096 Windows registry On a 32 bit version of Windows HKEY_LOCAL_MACHI NE SOFTWARE Research In Motion BlackBerry Enterprise Server Agents TcpPortDispatcher On a 64 bit version of Windows HKEY_LOCAL_MACHI NE SOFTWARE WOW6432Node Research In Motion BlackBerry Ent...

Page 376: ...ections to the BlackBerry Configuration Database that a Microsoft SQL Server hosts TCP 1433 Windows registry On a 32 bit version of Windows HKEY_LOCAL_MACHI NE SOFTWARE Research In Motion BlackBerry Enterprise Server Database Port On a 64 bit version of Windows HKEY_LOCAL_MACHI NE SOFTWARE WOW6432Node Research In Motion BlackBerry Enterprise Server Database Port incomingdataconnectionfromtheBlackB...

Page 377: ...nd port numbers Item Connection type Default port number UIwhereyoucanconfigure the connection outgoing data connections to the BlackBerry Dispatcher TCP 5096 Windows registry On a 32 bit version of Windows HKEY_LOCAL_MACHI NE SOFTWARE Research In Motion BlackBerry Enterprise Server Agents TcpPortDispatcher On a 64 bit version of Windows HKEY_LOCAL_MACHI NE SOFTWARE WOW6432Node Research In Motion ...

Page 378: ...On a 64 bit version of Windows HKEY_LOCAL_MACHI NE SOFTWARE WOW6432Node Research In Motion BlackBerry Enterprise Server Database Port incoming syslog connections from the BlackBerry Controller and CalHelper UDP first unused port number from 4085 to 4499 outgoing syslog connections to the BlackBerry Controller UDP 4070 Windows registry On a 32 bit version of Windows HKEY_LOCAL_MACHI NE SOFTWARE Res...

Page 379: ...otion BlackBerry Enterprise Server Agents UDPPort On a 64 bit version of Windows HKEY_LOCAL_MACHI NE SOFTWARE WOW6432Node Research In Motion BlackBerry Enterprise Server Agents UDPPort incoming data connections from the BlackBerry database notification system UDP first unused port number from 4185 to 4499 incoming data connections from and outgoing data connections to the IBM Lotus Domino server u...

Page 380: ...ispatcher TCP 3201 incoming data connections from and outgoing data connections to the BlackBerry Configuration Database that a Microsoft SQL Server hosts TCP 1433 Windows registry On a 32 bit version of Windows HKEY_LOCAL_MACHI NE SOFTWARE Research In Motion BlackBerry Enterprise Server Database Port On a 64 bit version of Windows HKEY_LOCAL_MACHI NE SOFTWARE WOW6432Node Research In Motion BlackB...

Page 381: ...owsers HTTP 58180 incoming data connections from and outgoing data connections to browsers HTTPS 8443 incoming data connections from and outgoing data connections to the BlackBerry Enterprise Server and any other applications that you configured the BlackBerry Monitoring Service to send SNMP traps to SNMP 161and162 BlackBerry Monitoring Service console internal data connection to the BlackBerry Mo...

Page 382: ..._MACHI NE SOFTWARE Research In Motion BlackBerry Enterprise Server Database Port On a 64 bit version of Windows HKEY_LOCAL_MACHI NE SOFTWARE WOW6432Node Research In Motion BlackBerry Enterprise Server Database Port incoming data connections from the BlackBerry database notification system UDP first unused port number from 4185 to 4499 BlackBerry Router connection types and port numbers Item Connec...

Page 383: ... TCP 3101 BlackBerry Configuration Panel Windows registry On a 32 bit version of Windows HKEY_LOCAL_MACHI NE SOFTWARE Research In Motion BlackBerryRouter TcpPort On a 64 bit version of Windows HKEY_LOCAL_MACHI NE SOFTWARE WOW6432Node Research In Motion BlackBerryRouter TcpPort incoming data connections from and outgoing data connections to BlackBerry devices that use the BlackBerry Device Manager ...

Page 384: ...32Node Research In Motion BlackBerryRouter DevicePort outgoing syslog connections to the SNMP agent UDP 4071 Windows registry On a 32 bit version of Windows HKEY_LOCAL_MACHI NE SOFTWARE Research In Motion BlackBerrySNMPAg ent Parameters UDPPort On a 64 bit version of Windows HKEY_LOCAL_MACHI NE SOFTWARE WOW6432Node Research In Motion BlackBerrySNMPAg ent Parameters UDPPort Administration Guide Bla...

Page 385: ...search In Motion BlackBerry Enterprise Server Database Port On a 64 bit version of Windows HKEY_LOCAL_MACHI NE SOFTWARE WOW6432Node Research In Motion BlackBerry Enterprise Server Database Port incoming data connections from the BlackBerry database notification system UDP first unused port number from 4185 to 4499 IBM Lotus Domino connection types and port numbers Item Connection type Default port...

Page 386: ...ng data connections to the connector for the Microsoft Office Live Communications Server TLS 5061 Microsoft Office Live Communications Server incoming data connections from and outgoing data connections to the connector for the Microsoft Office Live Communications Server TCP 5060 Microsoft Office Live Communications Server BlackBerry Client for use with Microsoft Office Live Communications Server ...

Page 387: ... connections from the following BlackBerry Enterprise Server components BlackBerry Messaging Agent BlackBerry Dispatcher BlackBerry Router UDP 4071 Windows registry On a 32 bit version of Windows HKEY_LOCAL_MACHI NE SOFTWARE Research In Motion BlackBerrySNMPAg ent Parameters UDPPort On a 64 bit version of Windows HKEY_LOCAL_MACHI NE SOFTWARE WOW6432Node Research In Motion BlackBerrySNMPAg ent Para...

Page 388: ...UDP 514 Windows registry On a 32 bit version of Windows HKEY_LOCAL_MACHI NE SOFTWARE Research In Motion BlackBerry Enterprise Server Logging Info component Default On a 64 bit version of Windows HKEY_LOCAL_MACHI NE SOFTWARE WOW6432Node Research In Motion BlackBerry Enterprise Server Logging Info component Default Administration Guide Syslog connection type and port number 386 ...

Page 389: ...nection is still available However while the BlackBerry Administration Service instance processestherequest itcompletesitsshutdownprocess and the connection becomes unavailable The web browser displays an error message Wait a few seconds and then try to click a link in the BlackBerry Administration Service console again The web browser redirects you to an instance in the BlackBerry Administration ...

Page 390: ...te from the BlackBerry Configuration Database As a result BlackBerry Enterprise Server instances that are located geographically close to the BlackBerry Configuration Database can use the BlackBerry Mailstore Service to refresh the user information from your organization s address book in the BlackBerry Configuration Database TraitTool exe is located in the Tools directory on the BlackBerry Enterp...

Page 391: ...CAL_MACHINE Software Research in Motion BlackBerry Enterprise Server 5 Click Agents 6 Create a DWORD value that you name SECMSGPasswordCacheTimeout 7 Double click SECMSGPasswordCacheTimeout 8 In the Value Data field type 0 9 Click OK Troubleshooting Setting up user accounts You cannot create a user account in the BlackBerry Administration Service Possible cause Possible solution The BlackBerry Adm...

Page 392: ... account restart the Lotus Domino server that isrunningonthecomputerthathoststheBlackBerryEnterpriseServer You cannot find a new user account in the directory using the BlackBerry Administration Service Possible solution Refresh the list of available user accounts that the BlackBerry Administration Service can access from the directory By default the BlackBerry Administration Service refreshes the...

Page 393: ...nterprise Server is located in a network that does not permit direct HTTP connections to the IBM Lotus Sametime server the BlackBerry Collaboration Service cannot retrieve the phone numbers from the IBM Lotus Sametime server instead of the IBM Lotus Sametime API Possible solution You must configure a proxy server that prevents your organization s BlackBerry Enterprise Server from receiving HTTP re...

Page 394: ... components 327 Auserdidnotacceptanotificationaboutaninstantmessageonacomputer and the notification disappeared Applies to BlackBerry Collaboration Service version 4 1 or later with the BlackBerry Clientfor use with Microsoft Office Live Communications Server 2005 or the BlackBerry Client for use with Microsoft Office Communications Server 2007 Possible cause A user logged in to Microsoft Office C...

Page 395: ...rry Collaboration Service version 4 1 or later with the BlackBerry Client for use with Microsoft Office Live Communications Server 2005 and the BlackBerry Client for use with Microsoft Office Communications Server 2007 Possible cause Possible solution The BlackBerry Collaboration Service does not support the version of the instant messaging application that is installed on the BlackBerry device Re...

Page 396: ...onnections 2 Click Wi Fi Options 3 In the Wi Fi field verify that a checkmark appears A Wi Fi profile is not configured on the BlackBerry device 1 On the BlackBerry device on the Home screen click Manage Connections 2 In the Wi Fi field verify that the name of the Wi Fi network appears If the name does not appear resend the IT policy to the BlackBerry device or instruct the user to configure a Wi ...

Page 397: ...rry device is not using the same channel as the access point Perform the following actions Useawirelessdevice suchasalaptopcomputer totesttheassociation with the access point Use the settings that the BlackBerry uses to configure the wireless connection Use a wireless device such as a computer to ping the BlackBerry Router The ping tests whether the BlackBerry Router is on the ACL of the access po...

Page 398: ... DHCP was granted to the BlackBerry device Low signal strength is causing intermittent drops in data connectivity Move the BlackBerry device into a wireless coverage area 1 On the BlackBerry device in the device options click Wi Fi Connections 2 Press the Menu key 3 Click Wi Fi Tools Wi Fi Diagnostics 4 Verify the information in the status fields for the following connection groups Wi Fi VPN UMA G...

Page 399: ... This indicator displays when a connection error exists between the BlackBerry device and a Wi Fi network Status fields for Wi Fi connections Field Description Current Profile This field specifies the name of the Wi Fi profile that the user is currently using SSID This field specifies the identifier for the Wi Fi network When the BlackBerry device displays an SSID value the BlackBerry device is co...

Page 400: ...802 11b hasadatarateof11Mbps and IEEE 802 11a and IEEE 802 11g have a data rate of 54 Mbps Status This field provides a descriptive status message such as Status acquired It also specifies warnings and errors that a user encountered when the user tried to open a connection to an access point Network Type This field specifies whether the wireless connection type is IEEE 802 11a IEEE 802 11b or IEEE...

Page 401: ...e is associated with Certificate This field specifies the certificate that the BlackBerry device can use for Wi Fi authentication if applicable Software Token If you configured a software token for the BlackBerry device this field specifies the serial number of the software token Status fields for VPN connections Field Description Current Profile This field specifies the name of the VPN profile th...

Page 402: ...vice obtains this information from the VPN concentrator Failed Login Attempts This field specifies the number of login attempts that are not successful If a user logs in the field is cleared and reverts to 0 automatically Certificate This field specifies the certificate that the BlackBerry device uses for VPN authentication if applicable Software Token If you configured a software token for the Bl...

Page 403: ...the transition from one network type to the other when the user is on a call Cellular rove in failures This field specifies errors that the BlackBerry device received during the transition from one network type to the other when the BlackBerry device is idle Status fields for BlackBerry Infrastructure connections The connection status indicators for the BlackBerry Infrastructureappear on a BlackBe...

Page 404: ...ckBerry Enterprise Server through the BlackBerry Infrastructure A BlackBerry device cannot open a VPN connection Possible cause Possible solution The connection to the VPN concentrator is not configured correctly Verify that the VPN is turned on Ping the IP address of the VPN concentrator Verify that the VPN concentrator host name resolves to an IP address If it does not configure the VPN IP addre...

Page 405: ... the BlackBerry device does not display a success message check the Status field for a reason for this error Verify whether a BlackBerry device can resolve an IP address If a BlackBerry device cannot connect to a Wi Fi network you can determine which connections the BlackBerry device cannot make to it You can ping the IP address of another wireless device the Wi Fi gateway a VPN concentrator the U...

Page 406: ...le cause If BlackBerry Administration Service instances are located in different network segments that are separated by a firewall the firewall can block the dynamic ports on the BlackBerry Administration Service Possible solution Perform the following actions 1 Make sure that you configured the BlackBerry Administration Service instances to communicate across network subnets using TCP with TCP pi...

Page 407: ...Intheparagraphcluster service xml uncommenttheline attributename RmiPort 11101 attribute The port number can be port 11101 or any port from port 1000 to port 5000 4 Comment out the line attribute name RmiPort 0 attribute 5 Add the JNDI delegate port that you configured in step 3 to the firewall Troubleshooting IT policies I cannot find an IT policy rule in the BlackBerry Administration Service Pos...

Page 408: ...ject ACP ANSI code page AES Advanced Encryption Standard AES CCMP Advanced Encryption Standard Counter Mode CBCMAC Protocol AJAX Asynchronous JavaScript and XML ANSI American National Standards Institute API application programming interface ARFCN absolute radio frequency channel ASCII American Standard Code for Information Interchange BCC blind carbon copy BlackBerry CAL A BlackBerry Client Acces...

Page 409: ...e data is outside an organization s firewall CDMA Code Division Multiple Access CLDC Connected Limited Device Configuration CMIME Compressed Multipurpose Internet Mail Extension content protection Content protection helps protect user data on a locked BlackBerry device by encrypting the user data using the content protection key and ECC private key CRL certificate revocation list CSR certificate s...

Page 410: ...rch for and download certificates EAP FAST Extensible Authentication Protocol Flexible Authentication via Secure Tunneling EAP GTC Extensible Authentication Protocol Generic Token Card EAP TLS Extensible Authentication Protocol Transport Layer Security EAP TTLS Extensible Authentication Protocol Tunneled Transport Layer Security EAP Extensible Authentication Protocol Enterprise Service Policy The ...

Page 411: ...Global Positioning System HTML Hypertext Markup Language HTTP Hypertext Transfer Protocol HTTPS Hypertext Transfer Protocol over Secure Sockets Layer IIS Internet Information Services IP address An Internet Protocol IP address is an identification number that each computer or mobile device uses when it sends or receives information over a network such as the Internet This identification number ide...

Page 412: ...lets the BlackBerry Desktop Software and the BlackBerry Web Desktop Manager can perform Java ME Java Platform Micro Edition JDE Java Development Environment JNDI Java Naming and Directory Interface JRE Java Runtime Environment LAN local area network LDAP Lightweight Directory Access Protocol LDAPS Lightweight Directory Access Protocol over SSL LEAP Lightweight Extensible Authentication Protocol LE...

Page 413: ... mirror database In database mirroring a mirror database is a standby copy of a principal database MNC mobile network code MTLS Mutual Transport Layer Security NAT network address translation NSD Notes System Diagnostic NTLM NT LAN Manager OCSP Online Certificate Status Protocol OEM original equipment manufacturer PAC proxy auto configuration PAP Push Access Protocol PEAP Protected Extensible Auth...

Page 414: ...e is the database that starts the mirroring session PSK pre shared key RMI Record Management System RTF Rich Text Format SAN subject alternative name S MIME Secure Multipurpose Internet Mail Extensions SMS Short Message Service SMTP Simple Mail Transfer Protocol SNMP Simple Network Management Protocol SPN service principal name SQL Structured Query Language SRP Administration Guide Glossary 412 ...

Page 415: ...ission Control Protocol TCP IP Transmission Control Protocol Internet Protocol TCP IP is a set of communication protocols that is used to transmit data over networks such as the Internet TKIP Temporal Key Integrity Protocol TLS Transport Layer Security Triple DES Triple Data Encryption Standard UCS Universal Content Stream UDP IP User Datagram Protocol Internet Protocol UDP User Datagram Protocol ...

Page 416: ...tle Endian VPN virtual private network VoIP Voice over Internet Protocol WAP Wireless Application Protocol WEP Wired Equivalent Privacy witness In database mirroring a witness is a Microsoft SQL Server instance that permits the mirror database to know when to promote itself WLAN wireless local area network XML Extensible Markup Language Administration Guide Glossary 414 ...

Page 417: ...Provide feedback 38 To provide feedback on this deliverable visit www blackberry com docsfeedback Administration Guide Provide feedback 415 ...

Page 418: ...AS IS and AS AVAILABLE and without condition endorsement guarantee representation or warranty of any kind by Research In Motion Limited and its affiliated companies RIM and RIM assumes no responsibility for any typographical technical or other inaccuracies errors or omissions in this documentation In order to protect RIM proprietary and confidential information and or trade secrets this documentat...

Page 419: ...E NO OTHER OBLIGATION DUTY OR LIABILITY WHATSOEVER IN CONTRACT TORT OR OTHERWISE TO YOU INCLUDING ANY LIABILITY FOR NEGLIGENCE OR STRICT LIABILITY THE LIMITATIONS EXCLUSIONS AND DISCLAIMERS HEREIN SHALL APPLY A IRRESPECTIVE OF THE NATURE OF THE CAUSE OF ACTION DEMAND OR ACTION BY YOU INCLUDING BUT NOT LIMITED TO BREACH OF CONTRACT NEGLIGENCE TORT STRICT LIABILITY OR ANY OTHER LEGAL THEORY AND SHAL...

Page 420: ...RIMapplicable thereto NOTHING IN THIS DOCUMENTATION IS INTENDED TO SUPERSEDE ANY EXPRESS WRITTEN AGREEMENTS OR WARRANTIES PROVIDED BY RIM FOR PORTIONS OF ANY RIM PRODUCT OR SERVICE OTHER THAN THIS DOCUMENTATION Certain features outlined in this documentation might require additional development or Third Party Products and Services for access to corporate applications This product contains a modifi...

Reviews:

No comments