Pre Installation Checklist and Guidence BlackBerry Enterprise Server 5.

0 for Exchange
Hardware Requirements
1 Hardware (minimum for < 500 users) : Computer with two processor Intel Xeon @ 2.0 GHz. 2 GB of memory. 2 Drivers. RAID 1. 10 GB free disk space. 100 Mbps LAN connection.

2. Hardware ( minimum for 500 1000 users ) : Computer with two processor Intel Xeon @ 2.0 GHz. 3 GB of memory. 2 Drivers. RAID 1. 10 GB free disk space. 100 Mbps LAN connection.

System Requirements
1. Software : BES service same domain with Microsoft Exchange. Operating System : o Windows Server 2003 SP 1 or later. o Windows Server 2003 R2 SP2 ( 64 Bit ). o Windows Server 2008 or later. o Windows Server 2008 ( 64 Bit ). Microsoft Exchange mail server environment do no install the same with BES service. Install Microsoft Exchange System Manager 2003 SP2 on BES server. Internet Service Manager to support System Manager when using Exchange 2007. CDO.dll installed. Link to help http://www.microsoft.com/downloads/ Install MAPI client and CDO 1.2.1 To support exchange 2003 unicode calendar, hotfix 913643 on messaging server and 923537 on BES server. Microsoft Outlook do not installed on the computer on which you are installing BlackBerry Enterprise Server. If you do, it will cause wireless calendar synchronization will not work.

Technical BlackBerry Indosat 2009

Install Windows Media Player version 9 or later for support audio. attachment. Install SNMP services for BlackBerry Monitoring. Install Database ( Recommend different BES server ), support : o MSDE 2000 SP4. o SQL Server 2000 SP4. o SQL Server 2005 Standard, Enterprise or Express ( Support Mirroring ).

2. Defining a service account and mailbox in Microsoft Exchange : Create a service account with mailbox, eg. BESAdmin. 3. Setting permission on service account : On BES server, assign BESAdmin account on BES to have permissions : log on locally, log on as service, local administrator. BESAdmin must be a member of Domain Users Group. On Microsoft Exchange, BESAdmin must be assigned to be a Microsoft Exchange Server View Only Administrator from Administrative Group level. On Microsoft Exchange, BESAdmin must be assigned to have access : Administer Information Store, Send As and Receive As at Mailbox Store or Exchange server level. Granted the Send As permission on a single account for all BlackBerry smartphone users in a Microsoft Active Directory domain or container. 4. Network and Firewall : Open Port 3101 Outbound only for bidirectional traffic. Test Connection on command prompt type srp.ap.blackberry.net 3101. Do not put BES in the DMZ zone. Verify that BlackBerry Network IP address ( srp.ap.blackberry.net ) are allowable addresses. Verify that firewall can resolves DNS names. Note : If problem to open BlackBerry Administration Service (BAS) instance, create the DNS record in the same domain as the computers that host BAS instance. Step : 1. Log in to the DNS server. 2. In the DNS management console, access the forward lookup zone that you want to add the BlackBerry Administration Service instance or BlackBerry MDS Integration Service instance to.

Technical BlackBerry Indosat 2009

3. To create a new host, type the following information: o In the Name field, type the name of the BlackBerry Administration Service pool or BlackBerry MDS Integration Service pool that you want to use. o In the IP Address1 field, type the IP address of the computer that you want to host a BlackBerry Administration Service instance or BlackBerry MDS Integration Service instance on. o Select the Create associated pointer (PTR) record check box. 4. Repeat step 3 for each BlackBerry Administration Service instance or BlackBerry MDS Integration Service instance that you want to install. When you add entries to the same pool, you must use the same pool name for all BlackBerry Administration Service instances or BlackBerry MDS Integration Service instances.

Guide :
1. Create Service account : A. Start > Programs > Administrative Tools > Active Directory Users and Computers. B. Select Users > right click > New > User. C. Create account, example BESAdmin. D. Type a password for the user in the Password field and in the Confirm password field. E. Select any of the password options available. Click Next. A second New Object - User window appear. F. Do the step. G. To initialize the mailbox, send a test message to the service account mailbox 2. Assign Local Administrator rights to the BlackBerry Enterprise Server service account, A. Click Start > Programs > Administrative Tools > Active Directory Users and Computers. B. Select the Builtin folder. C. Double-click Administrators. D. On the Members tab, click Add. E. Select the BlackBerry Enterprise Server service account name (for example, BESAdmin), and then click Add. F. Click OK. G. Click OK again.

Technical BlackBerry Indosat 2009

3. Assign Local Security Policy permissions to the BlackBerry Enterprise Server service account, Note: This allows the BlackBerry Enterprise Server service account to access the local computer and to run the BlackBerry Enterprise Server software as a Windows service. A. Click Start > Administrative Tools > Local Security Policy. If the computer is a domain controller, click Start > Administrative Tools > Domain Controller Security Policy. B. In the Local Securities window, click Local Policies > User Rights Assignment. C. Do one of the following: o For Windows Server 2000, double-click Log on Locally o For Windows Server 2003, double-click Allow Log on Locally D. Click Add User or Group. E. Select the BlackBerry Enterprise Server service account name and click Add. F. Click OK. G. In the Local Security Settings window, double-click Log On As a Service. H. Click Add User and select the BlackBerry Enterprise Server service account. I. Click OK. 4. Assign Microsoft Exchange Server permissions at the Administrative Group level, Note: This allows a system administrator to manage BlackBerry smartphone users and groups. On Microsoft Exchange 2000 or 2003 A. B. C. D. E. F. G. H. Click Start > Programs > Microsoft Exchange > System Manager. Select Administrative Groups. Right-click First Administrative Group and select Delegate Control. In the Exchange Administration Delegation Wizard, click Next, and then click Add. Click Browse and select the BlackBerry Enterprise Server service account. Click OK. In the Role drop-down list of the Delegate Control window, select Exchange View Only Administrator. Click OK to add the BlackBerry Enterprise Server service account to the Users and Groups list.

Technical BlackBerry Indosat 2009

I. Click Next, and then click Finish. On Microsoft Exchange 2007 To set an Exchange View Only Administrator role: A. Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell. B. In the command prompt window, type the following and then press ENTER: add-exchangeadministrator <BESAdmin> -role ViewOnlyAdmin where <BESAdmin> is the name of the BlackBerry Enterprise Server service account. To check an Exchange View Only Administrator role: A. Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell. B. In the command prompt window, type the following and then press ENTER: get-exchangeadministrator | Format-List C. Verify that the BlackBerry Enterprise Server service account has the ViewOnlyAdmin role. 5. Assign Microsoft Exchange Server permissions at the Microsoft Exchange Server level, On Microsoft Exchange 2000 or 2003 Go to Start > Programs > Microsoft Exchange > System Manager. Select Administrative Groups > First Administrative Group > Servers. Right-click the Microsoft Exchange Server name and select Properties. On the Security tab, select the BlackBerry Enterprise Server service account. E. Select the following permissions from the Permissions list: F. o Administer Information Store o Send As o Receive As G. Click the Advanced button. H. Verify that the option Select the Allow inheritable permissions from parent to propagate to this object and all child objects is checked. A. B. C. D.

Technical BlackBerry Indosat 2009

I. Click OK. J. Repeat the preceding steps for each Microsoft Exchange Server within the routing group that will host mailboxes for BlackBerry smartphone users with accounts on a BlackBerry Enterprise Server. On Microsoft Exchange 2007 To set Send As, Receive As, and Administer Information Store permissions: A. Open Windows PowerShell. To open it go to Start> Programs> Microsoft Exchange Server 2007> Exchange Management Shell. B. Open a command prompt window. To open it go to Start> Run> type 'cmd' and then press Enter. C. At the command prompt window, type the following line, and then press ENTER: get-mailboxserver Exchange2007 | add-adpermission -user <BESAdmin> -accessrights GenericRead, GenericWrite extendedrights Send-As, Receive-As, ms-Exch-Store-Admin where: D. Exchange 2007 is the name of the Microsoft Exchange 2007 Server o <BESAdmin> is the name of the BlackBerry Enterprise Server service account
o

To check the Send As, Receive As, and Administer Information Store permissions: 1. Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell. 2. In the command prompt window, type the following and then press ENTER: get-mailboxserver Exchange2007 | get-ADpermission -user BESAdmin | Format-List On Microsoft Exchange 5.5 The BlackBerry Enterprise Server service account requires the Service Account Admin permissions on the Site container and Configuration container. 6. To grant the Send As permission on a single account for all BlackBerry smartphone users in a Microsoft Active Directory domain or container,

Technical BlackBerry Indosat 2009

A. Open Active Directory Users and Computers. B. From the View menu, select the Advanced Features option. Note: If Advanced Features is not selected, the Security page will not be visible for domain and container objects. C. Right-click the appropriate domain or container and click Properties. D. On the Security tab, click Advanced. E. If the BlackBerry Enterprise Server service account that requires the Send As permission is not listed, click Add and select the BlackBerry Enterprise Server service account name. F. Click OK. G. Double-click the BlackBerry Enterprise Server service account name. H. Select User Objects in the Applies Onto list. I. Select the Send As check box. J. Click Apply and then click OK. K. Close the Properties window and then close Active Directory Users and Computers. 7. Install the SNMP service for monitoring by the BlackBerry Monitoring Service, A. On the taskbar, click Start > Settings > Control Panel > Add/Remove Programs > Add/Remove Windows Components. B. Double-click Management and Monitoring Tools. C. Select the Simple Network Management Protocol check box. D. Click OK. E. When prompted, install the files from the Windows installation media. F. Complete the installation wizard. G. In the Windows Services, verify that the SNMP service is running. 8. Permissions for the administrator account on the LDAP server that the BlackBerry Administration Service uses, Create an administrator account for the BlackBerry Administration Service. To authenticate a user account, you must configure permissions for an adminstrator account on the LDAP server so that the BlackBerry Administration Service can read LDAP attributes in the Microsoft Active Directory. 1. In Microsoft Active Directory, in the search base container and all subcontainers that user accounts are located in, add the following permissions to the administrator account: o for containers, the List Contents permission o for user objects, the Read All Properties permission

Technical BlackBerry Indosat 2009

2. Configure the administrator account so that the account has the correct permission to read the attributes of the crossRef objects that represent domains in the Partitions container of the Microsoft Active Directory configuration partition. Note : Open port 3268 for LDAP.

Technical BlackBerry Indosat 2009