Blackberry SWD-20120924140022907 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Blackberry SWD-20120924140022907, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Blackberry SWD-20120924140022907 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Blackberry SWD-20120924140022907. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Blackberry SWD-20120924140022907 should contain:
- informations concerning technical data of Blackberry SWD-20120924140022907
- name of the manufacturer and a year of construction of the Blackberry SWD-20120924140022907 item
- rules of operation, control and maintenance of the Blackberry SWD-20120924140022907 item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Blackberry SWD-20120924140022907 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Blackberry SWD-20120924140022907, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Blackberry service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Blackberry SWD-20120924140022907.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Blackberry SWD-20120924140022907 item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 3 Administration Guide[...]

  • Page 2

    Published: 2012-09-24 SWD-20120924140022907[...]

  • Page 3

    Contents 1 Overview: BlackBerry Enterprise Server ......................................................................................... 21 Document revision history ................................................................................................................................................ 21 Getting started in your BlackBerr[...]

  • Page 4

    View the resolved IT policy rules that are assigned to a user account ........................................................................... 54 Deactivating BlackBerry devices that do not have IT policies applied ................................................................................. 54 Deactivate BlackBerry devices that do not have [...]

  • Page 5

    Configuring the BlackBerry Administration Service to authenticate with a proxy server ................................................ 77 Configuring multiple BlackBerry Enterprise Server instances to use the same BlackBerry Enterprise Server component ..... 79 Configure multiple BlackBerry Enterprise Server instances to use the same BlackBerry MDS[...]

  • Page 6

    Use the BlackBerry Administration Service to find the time and reason for the last automatic failover event ............... 109 Fail over the BlackBerry Enterprise Server manually using the BlackBerry Administration Service .................................... 109 Fail over the BlackBerry Enterprise Server manually using the BlackBerry Configuratio[...]

  • Page 7

    Prepare the database server that hosts the replicated BlackBerry Configuration Database and configure the subscription ............................................................................................................................................................ 133 Start the BlackBerry Enterprise Server instances .....................[...]

  • Page 8

    Reconciliation rules: Application control policies ...................................................................................................... 166 Reconciliation rules: Application control policies for unlisted applications ................................................................. 166 13 Alternative methods for installing BlackBe[...]

  • Page 9

    Permitting push applications to make trusted connections to a BlackBerry MDS Connection Service ............................... 188 Create a key store to store certificates for use with HTTPS connections ..................................................................... 189 Add a certificate for the BlackBerry MDS Connection Service ............[...]

  • Page 10

    Map a contact list field in an email application to a contact list field on a BlackBerry device ...................................... 214 Map a contact information field in an email application to contact list fields on BlackBerry devices ........................... 215 Map a contact list field in an email application to a contact list field on a [...]

  • Page 11

    Create a VPN profile based on an existing VPN profile ............................................................................................... 240 Configure a VPN profile ............................................................................................................................................ 240 Assign a VPN profile to a g[...]

  • Page 12

    22 Changing the security settings of the BlackBerry Administration Service and BlackBerry Web Desktop Manager ........................................................................................................................ 266 Import a new SSL certificate for the BlackBerry Administration Service and BlackBerry Web Desktop Manager .........[...]

  • Page 13

    Delete a user account from the BlackBerry Enterprise Server ................................................................................... 289 Update a user account manually .............................................................................................................................. 290 Add an administrator role to a user acco[...]

  • Page 14

    Configuring the Microsoft Active Directory account to delegate access ..................................................................... 315 Configuring the BlackBerry MDS Connection Service when the messaging server is located in a remote Microsoft Active Directory domain .........................................................................[...]

  • Page 15

    Forward email messages from inbox subfolders to a BlackBerry device ..................................................................... 336 Turn off email message forwarding to user accounts in a group ................................................................................. 337 Turn off email message forwarding to a user account ........[...]

  • Page 16

    Change how a BlackBerry Attachment Connector retries sending requests to a BlackBerry Attachment Service ........ 357 Change how a BlackBerry Attachment Connector restores a lost connection to a BlackBerry Attachment Service ..... 358 Attachment file formats that the BlackBerry Attachment Service supports ...........................................[...]

  • Page 17

    Change the transport protocol for a Microsoft instant messaging environment ................................................................. 385 Specify the Windows domain name for users who log in to a collaboration client .............................................................. 386 Managing instant messaging sessions ......................[...]

  • Page 18

    Configuring BlackBerry Policy Service throttling for IT policies and service books ...................................................... 417 Configuring BlackBerry Policy Service throttling for PIN encryption keys ................................................................... 419 Configuring BlackBerry Policy Service throttling for applicatio[...]

  • Page 19

    IBM Lotus Sametime connection type and port number .................................................................................................. 466 Microsoft Exchange connection types and port numbers ................................................................................................. 466 Microsoft Office Live Communications Serv[...]

  • Page 20

    38 Legal notice ................................................................................................................................ 498[...]

  • Page 21

    Overview: BlackBerry Enterprise Server The BlackBerry Enterprise Server is designed to be a secure, centralized link between an organization's wireless network, communications software, applications, and BlackBerry smartphones. The BlackBerry Enterprise Server integrates with your organization's existing infrastructure to provide smartpho[...]

  • Page 22

    Date Description 14 September 2011 Updated the following topics: • Import IT policy data • Reconciliation rules for conflicting IT policies when you apply multiple IT policies to a user account • Reconciliation rules for conflicting IT policies when you apply one IT policy to the user account • Troubleshooting: IT policies • Mapping conta[...]

  • Page 23

    Task Chapter Review the default IT policies. If necessary, change existing IT policies or create new IT policies. Configuring security options • Section: Using an IT policy to manage BlackBerry Enterprise Solution security Add user accounts to the BlackBerry Enterprise Server. Configuring user accounts • Section: Adding a user account to the Bl[...]

  • Page 24

    Task Chapter • Section: Change how to install, update, or remove BlackBerry Java Applications on BlackBerry devices Review the default application control policies and application control policies for unlisted applications. If necessary, change the existing application control policies. Sending software and BlackBerry Java Applications to BlackBe[...]

  • Page 25

    Task Chapter Configure high availability for BlackBerry Enterprise Server components and for the BlackBerry Configuration Database. Configuring BlackBerry Enterprise Server high availability Configuring BlackBerry Configuration Database high availability Use the BlackBerry Monitoring Service to troubleshoot issues and monitor the health of a BlackB[...]

  • Page 26

    Log in to the BlackBerry Administration Service for the first time To open the BlackBerry Administration Service, you can use a browser on any computer that has access to the computer that hosts the BlackBerry Administration Service. Before you begin: To manage a BlackBerry device using the BlackBerry Administration Service while the BlackBerry dev[...]

  • Page 27

    Possible solution Add the web address for the BlackBerry Administration Service to the list of trusted web sites in Windows Internet Explorer, and install the certificate for the BlackBerry Administration Service in the certificate store of your computer. 1. In Windows Internet Explorer, navigate to the BlackBerry Administration Service console. 2.[...]

  • Page 28

    2. Click I Understand the Risks . 3. Click Add Exception . 4. Click Confirm Security Exception . 5. Close and reopen the browser. Administration Guide Log in to the BlackBerry Administration Service for the first time 28[...]

  • Page 29

    Creating administrator accounts Administrative roles and permissions You create roles for administrator accounts or assign preconfigured roles to administrator accounts so that you can specify what tasks an administrator can perform on the BlackBerry Enterprise Server. You can specify the actions that administrators can perform by changing the perm[...]

  • Page 30

    Permission name Security role Enterprise role Senior Helpdesk role Junior Helpdesk role Server only role User only role Create a group X X X X Delete a group X X X View a group (across Group) X X X X X Edit a group (across Group) X X X X X Create a user X X X X Delete a user X X X X View a user (across Group) X X X X X Edit a user (across Group) X [...]

  • Page 31

    Permission name Security role Enterprise role Senior Helpdesk role Junior Helpdesk role Server only role User only role Import an IT policy template X X X Resend data to devices X X X Create a software configuration X X X View a software configuration X X X X X Edit a software configuration X X X Delete a software configuration X X X View BlackBerr[...]

  • Page 32

    Permission name Security role Enterprise role Senior Helpdesk role Junior Helpdesk role Server only role User only role Clear synchronization backup data X X X X Clear user statistics X X X X X Export statistics X X X Reset user field mapping X X X X Turn on redirection X X X X Turn off redirection X X X X Refresh available user list from company d[...]

  • Page 33

    Permission name Security role Enterprise role Senior Helpdesk role Junior Helpdesk role Server only role User only role Edit a job X X X Manage deployment job tasks X X X Change the status of a job task X X X Update peer-to-peer encryption key X X X View job distribution settings X X X Edit job distribution settings X X X Delete an instance X X X E[...]

  • Page 34

    Permission name Security role Enterprise role Senior Helpdesk role Junior Helpdesk role Server only role User only role Import or export groups within roles X Import new users X X X Import or export users X X X X Import user updates X X X Import or export email message filters for a user X X X Export asset summary data X X X Add or remove to user c[...]

  • Page 35

    2. Click Create a role . 3. Type a name and description for the role. 4. Click Save . 5. In the Role information section, click the name of the role that you created. 6. Click Edit role . 7. Switch the appropriate tabs to turn on the appropriate permissions. 8. Click Save all . After you finish: Assign the role to an administrator account or group.[...]

  • Page 36

    If your environment includes a Microsoft Exchange resource forest, you must create the administrator account in the resource forest. Before you begin: Verify that you can configure the authentication type and roles for an administrator account. 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Administr[...]

  • Page 37

    Related information Create a group to manage similar user accounts, 84 Specify an email address for the BlackBerry Administration Service You can specify the email address that the BlackBerry Administration Service sends BlackBerry Enterprise Server system messages or activation passwords from. Before you begin: Create an email account on your orga[...]

  • Page 38

    7. In the User information section, in the Display name field, type the user name. 8. In the Authentication type section, type and verify a password. 9. Click the Update icon. 10. Click Save all . Assign a BlackBerry device to an administrator account You can assign a BlackBerry device to an administrator without creating a separate user account. 1[...]

  • Page 39

    Using an IT policy to manage BlackBerry Enterprise Solution security You can use an IT policy to control and manage BlackBerry devices, the BlackBerry Desktop Software, and the BlackBerry Web Desktop Manager in your organization's environment. An IT policy consists of multiple IT policy rules that manage the security and behavior of the BlackB[...]

  • Page 40

    To use an IT policy rule on a BlackBerry device, you must verify that the BlackBerry Device Software version supports the IT policy rule. For example, you cannot use the Disable Camera IT policy rule to control whether a BlackBerry device user can access the camera on the device if the BlackBerry Device Software version does not support the IT poli[...]

  • Page 41

    Preconfigured IT policy Description Medium Security with No 3rd Party Applications Similar to the Medium Password Security, this policy requires a complex password that a user must change frequently, a security timeout, and a maximum password history. This policy prevents users from making their devices discoverable by other Bluetooth enabled devic[...]

  • Page 42

    IT policy rule Default IT policy Individual- Liable Device IT policy Basic Password Security IT policy Medium Password Security IT policy Medium Password Security with No 3rd Party Applications IT policy Advanced Security IT policy Advanced Security with No 3rd Party Applications IT policy numeric character numeric character numeric character numer[...]

  • Page 43

    IT policy rule Default IT policy Individual- Liable Device IT policy Basic Password Security IT policy Medium Password Security IT policy Medium Password Security with No 3rd Party Applications IT policy Advanced Security IT policy Advanced Security with No 3rd Party Applications IT policy Between Services Disable USB Mass Storage No — — — ?[...]

  • Page 44

    IT policy rule Default IT policy Individual- Liable Device IT policy Basic Password Security IT policy Medium Password Security IT policy Medium Password Security with No 3rd Party Applications IT policy Advanced Security IT policy Advanced Security with No 3rd Party Applications IT policy Disable File Transfer No — — — — Yes Yes Disable Se[...]

  • Page 45

    b. Click Edit IT policy . c. On a tab for an IT policy group, configure values for the IT policy rules. d. Click Save All . After you finish: For more information, see the BlackBerry Enterprise Server Policy Reference Guide . Create an IT policy based on an existing IT policy 1. In the BlackBerry Administration Service, on the BlackBerry solution m[...]

  • Page 46

    • Location of the data source file • File encryption password that you use to protect the data source file 5. Click Next . 6. Click Add all IT policies . Related information Preconfigured IT policies, 40 Import IT policy rules from an IT policy pack You can import the IT policy rules that Research In Motion releases in an IT policy pack into yo[...]

  • Page 47

    Assign an IT policy to a group 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Group . 2. Click Manage groups . 3. In the Manage groups section, click the group that you want to assign an IT policy to. 4. On the Policies tab, click Edit group . 5. In the drop-down list, click an IT policy. 6. Click Sa[...]

  • Page 48

    Sending an IT policy over the wireless network If your organization's environment includes C++ based BlackBerry devices that are running BlackBerry Device Software version 2.5 or later or Java based devices that are running BlackBerry Device Software version 3.6 or later, the BlackBerry Enterprise Server can send changes to IT policies to a de[...]

  • Page 49

    2. Expand BlackBerry Domain > Component view . 3. In the Policy section, click an instance. 4. Click Edit instance . 5. In the General section, in the Policy resend interval (hours) field, type an interval that you want the BlackBerry device to resend the IT policy at. 6. Click Save All . Assigning IT policies and resolving IT policy conflicts Y[...]

  • Page 50

    Option 1: Applying one IT policy to each user account, 50 Option 2: Applying multiple IT policies to each user account, 51 Option 1: Applying one IT policy to each user account You can configure the BlackBerry Enterprise Server to apply only one IT policy to a user account when a user account is a member of multiple groups that have different IT po[...]

  • Page 51

    Change the method that the BlackBerry Enterprise Server uses to resolve conflicting IT policies You can change the method that the BlackBerry Enterprise Server uses to determine what IT policy to apply to a user account when a user account belongs to multiple groups that have different IT policies. If you change the method used to resolve conflicti[...]

  • Page 52

    If you install BlackBerry Enterprise Server 5.0 SP2 or later, this is the default method for resolving IT policy conflicts. If you upgrade to BlackBerry Enterprise Server 5.0 SP2 or later from a previous version of the BlackBerry Enterprise Server, the default method for resolving IT policy conflicts is to assign one IT policy to each user account [...]

  • Page 53

    Scenario Rule the default value of Yes). You assign the second group IT policy B, which has the Allow Browser IT policy rule set to No. You ranked IT policy A higher than IT policy B in the BlackBerry Administration Service. For example, in this scenario, the Allow Browser IT policy rule setting from IT policy B, No, is applied to the user account [...]

  • Page 54

    BlackBerry Enterprise Server resolves the conflicting rules. The preview displays the conflicting IT policy rules and the resolved settings for each rule. If an IT policy rule is not conflicting in the multiple IT policies that you selected, the preview does not display the policy rule in the results. 1. In the BlackBerry Administration Service, on[...]

  • Page 55

    expires. If the time limit expires, the BlackBerry Enterprise Server deactivates the BlackBerry device PINs. The permitted range for this option is 0 hours to 8760 hours. If you specify 0 hours, BlackBerry devices deactivate when the IT policy cannot apply automatically. Deactivate BlackBerry devices that do not have IT policies applied 1. In the B[...]

  • Page 56

    5. In the Destination drop-down list, choose whether you want the BlackBerry device, the BlackBerry Desktop Software, or both to be able to use the IT policy rule. 6. Click Save . After you finish: Add the IT policy rule to an IT policy. Change or delete IT policy rules for third-party applications 1. In the BlackBerry Administration Service, on th[...]

  • Page 57

    10. Click Close . Delete an IT policy 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy . 2. Click Manage IT policies . 3. In the list of IT policies, click an IT policy. 4. Click Delete IT policy . 5. Click Yes – Delete the IT policy . Related information Assigning IT policies and resolving IT[...]

  • Page 58

    Configuring security options Encrypting data that the BlackBerry Enterprise Server and a BlackBerry device send to each other To encrypt data that is in transit between the BlackBerry Enterprise Server and a BlackBerry device in your organization, the BlackBerry Enterprise Solution uses BlackBerry transport layer encryption. BlackBerry transport la[...]

  • Page 59

    Change the symmetric key encryption algorithm that the BlackBerry Enterprise Solution uses 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > BlackBerry Enterprise Server . 2. Click the instance that you want to change. 3. Click Edit in[...]

  • Page 60

    The BlackBerry Administration Service includes lists of permitted manufacturers and models of devices that you associated with the BlackBerry Enterprise Server previously. You can permit a user to override the Enterprise Service Policy so that a device can connect to the BlackBerry Enterprise Server even if you configure the allowed list with crite[...]

  • Page 61

    Permit a user to override the Enterprise Service Policy Before you begin: Turn on the Enterprise Service Policy. 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User . 2. Click Manage users . 3. Search for a user account. 4. Click the display name for the user account. 5. Click Edit user . 6. On the C[...]

  • Page 62

    To require the BlackBerry device user to use PGP encryption when forwarding or replying to messages, you can configure the PGP Force Digital Signature IT policy rule and the PGP Force Encrypted Messages IT policy rule. The PGP Support Package for BlackBerry smartphones is designed to support encoding and decoding Unicode messages and permits PGP en[...]

  • Page 63

    • Ability to use a password, which the sender and recipient each know, to encrypt S/MIME-protected email messages or PIN messages • Ability to read S/MIME certificates that are stored on a smart card Configure the BlackBerry Enterprise Solution to support S/MIME encryption 1. Configure encryption options for S/MIME-protected messages on the Bla[...]

  • Page 64

    • To require that the BlackBerry Enterprise Server deletes attachment data from any signed-only S/MIME-protected messages so that the BlackBerry Enterprise Server conserves bandwidth, in the Remove attachment data from signed S/MIME messages drop-down list, click True . • To require that the BlackBerry Enterprise Server sends encrypted S/MIME-p[...]

  • Page 65

    Enforcing secure messaging using classifications You can use message classifications to require S/MIME-enabled users or PGP enabled users to sign, encrypt, or sign and encrypt email messages that they send from the BlackBerry devices. You use the Message Classification IT policy rule to configure one or more message classifications that users can a[...]

  • Page 66

    After you finish: If you create more than one message classification, order the message classifications in the list. By default, if a user does not select a message classification, the BlackBerry device applies the first message classification in the list. Create a message classification based on an existing message classification 1. In the BlackBe[...]

  • Page 67

    Delete a message classification 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy . 2. Click Manage IT policies . 3. In the list of IT policies, click an IT policy. 4. Click Edit IT policy . 5. On the Security tab, at the bottom of the screen, click the Delete icon beside the message classificati[...]

  • Page 68

    3. Click Update peer-to-peer encryption key . 4. Click Create new key . Turn off BlackBerry services that the BlackBerry MDS Connection Service, BlackBerry Collaboration Service, and BlackBerry MVS provide You can prevent BlackBerry device users that you associate with a BlackBerry Enterprise Server from browsing the intranet or Internet, running a[...]

  • Page 69

    • You or a BlackBerry device user turns on content protection for the BlackBerry device. • An application uses the RIM Cryptographic API to create a private key or symmetric key. • A third-party application turns on the garbage collection process by registering with the memory cleaner application on the BlackBerry device. The memory cleaner a[...]

  • Page 70

    For more information about the IT policy rules that you can use to change when the memory cleaner application runs, see the BlackBerry Enterprise Server Policy Reference Guide . Best practice: Configuring additional memory cleaner settings for BlackBerry devices Scenario Recommendation Remove decrypted content from BlackBerry device memory when the[...]

  • Page 71

    Configuring the BlackBerry Enterprise Server environment Best practice: Running the BlackBerry Enterprise Server Best practice Description Do not change the startup type for the BlackBerry Enterprise Server services. When you install or upgrade the BlackBerry Enterprise Server, the setup application configures the startup type for the BlackBerry En[...]

  • Page 72

    Configuring certain BlackBerry Enterprise Server components to use proxy servers You can configure the BlackBerry MDS Connection Service and the BlackBerry Collaboration Service to use proxy servers to access web addresses on the Internet and your organization's intranet. You should use a proxy method that is consistent with the proxy method t[...]

  • Page 73

    7. Click the Add icon for the proxy item. If you add more than one proxy item, use the Up and Down icons to set the priority of the proxy items. 8. Click the Add icon for the web address. If you add more than one web address, use the Up and Down icons to set the priority of the web addresses. 9. Click Save all . Configure a BlackBerry Enterprise Se[...]

  • Page 74

    Configure a BlackBerry Enterprise Server component to authenticate to a proxy server on behalf of BlackBerry devices You can configure the BlackBerry MDS Connection Service and the BlackBerry Collaboration Service to authenticate to a proxy server on behalf of BlackBerry devices. Before you begin: If you want to configure the BlackBerry MDS Connect[...]

  • Page 75

    Configuring proxy selection for the BlackBerry Administration Service You can configure the BlackBerry Administration Service to select a proxy server either manually or automatically. To manually select a proxy server, you can use one of the following tools: • Proxy Configuration Tool (proxycfg.exe) with Windows Server 2003 or earlier • Networ[...]

  • Page 76

    3. Click Tools > Internet Options . 4. On the Connections tab, click LAN settings . 5. Select Use a proxy server for your LAN . 6. In the Address field, type the address for the proxy server. 7. In the Port field, type the port number for the proxy server. 8. Click OK . 9. Click OK . Windows Internet Explorer stores the settings for the proxy se[...]

  • Page 77

    CAUTION: If the proxy server authenticates using HTTP basic authentication, the PAC file must be on a computer that is separate from the proxy server and uses Windows authentication or anonymous authentication. 1. On the computer that hosts the BlackBerry Administration Service instance, log in using the Windows account that runs the BlackBerry Adm[...]

  • Page 78

    Task Steps Specify the credentials for HTTP basic authentication that your organization's BlackBerry Domain uses. 1. Type traittool -global -trait BASProxyBasicAuthUID -set <user_name> , where <user_name> is the user name (for example, user01@blackberry.com or blackberry.comuser01). 2. Type traittool -global -trait BASProxyBasicAu[...]

  • Page 79

    Configuring multiple BlackBerry Enterprise Server instances to use the same BlackBerry Enterprise Server component To help make a BlackBerry Domain more scalable, you can configure multiple BlackBerry Enterprise Server instances to use the same BlackBerry MDS Connection Service or BlackBerry Collaboration Service. If a BlackBerry Domain contains on[...]

  • Page 80

    Configure multiple BlackBerry Enterprise Server instances to use the same BlackBerry Collaboration Service You can configure multiple BlackBerry Enterprise Server instances to use the same BlackBerry Collaboration Service to connect to your organization's instant messaging server, and to manage requests from the collaboration client on users&a[...]

  • Page 81

    • If you are running a 32-bit version of Windows, go to HKEY_LOCAL_MACHINESOFTWAREResearch In Motion BlackBerry Enterprise ServerAgents. • If you are running a 64-bit version of Windows, go to HKEY_LOCAL_MACHINESOFTWAREWOW6432Node Research In MotionBlackBerry Enterprise ServerAgents. 5. If the MAPIEncoding registry key exists, perform [...]

  • Page 82

    3. Click OK . 4. Perform one of the following actions: • If you are running a 32-bit version of Windows, go to HKEY_LOCAL_MACHINESOFTWAREResearch In Motion BlackBerry Enterprise ServerAgents. • If you are running a 64-bit version of Windows, go to HKEY_LOCAL_MACHINESOFTWAREWOW6432Node Research In MotionBlackBerry Enterprise ServerAgent[...]

  • Page 83

    • Visit http://support.microsoft.com/kb/923537/en-us to download and install the required hotfix on the computer that will host the BlackBerry Enterprise Server. 1. On the BlackBerry Enterprise Server, on the Start menu, click Run . 2. Type regedit . 3. Click OK . 4. Perform one of the following actions: • If you are running a 32-bit version of[...]

  • Page 84

    Configuring user accounts Creating user groups You can create user groups and assign user accounts to user groups based on custom criteria, such as user location, organizational group, or BlackBerry device model. User accounts that are part of a user group can exist on multiple BlackBerry Enterprise Server instances in the BlackBerry Domain. Create[...]

  • Page 85

    1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User . 2. Click Manage users . 3. Search for the user accounts. 4. Select the user accounts. 5. In the Add to user configuration list, click Add group . 6. In the Available groups list, click the group that you want to add the user accounts to. 7. Click [...]

  • Page 86

    8. Click Add . 9. To select an activation option, perform one of the following actions: Option Step Specify an activation password for the user account. 1. Click Create a user with activation password . 2. In the Set activation password , section, type and confirm an activation password. The password must not contain special characters. Some BlackB[...]

  • Page 87

    8. If you installed multiple BlackBerry Enterprise Server instances, select the BlackBerry Enterprise Server that you want to add the user account to. 9. Click Continue. 10. Type and confirm an activation password. The password must not contain special characters. Specific BlackBerry devices do not support special characters and do not unlock when [...]

  • Page 88

    incorrectly formatted in the .csv file), the BlackBerry Administration Service continues to process the remaining actions that are listed in the file and displays an error message for the action that the BlackBerry Administration Service could not process. The import process can take a long time (more than 30 minutes) to complete if you add more th[...]

  • Page 89

    Field Description Activation Password Expiry This field specifies the amount of time, in hours, that can elapse before the activation password expires if an activation password is required. The activation password will expire if the user does not activate the BlackBerry device on the BlackBerry Enterprise Server before a default value of 48 hours e[...]

  • Page 90

    3. Click Import new users . 4. In the Import users from a list section, click Browse . 5. Navigate to the .csv file that contains the user accounts that you want to import. 6. Click Continue . 7. Perform the appropriate actions for the user accounts. Administration Guide Configuring user accounts 90[...]

  • Page 91

    Assigning BlackBerry devices to users Preparing to distribute a BlackBerry device Before you distribute a BlackBerry device to a user, you can configure the BlackBerry Enterprise Server to synchronize email messages that the user previously sent and received on a supported BlackBerry device. You can synchronize messages for a new user or for a user[...]

  • Page 92

    • To specify the number of previous days that you want to synchronize messages from, in the Prepopulation By message age field, type a number. • To specify the maximum number of messages that you want to synchronize, in the Prepopulation By message count field, type a number. 5. Click Save all . Prevent the BlackBerry Enterprise Server from syn[...]

  • Page 93

    Method Description over the wireless network New BlackBerry device users and users that are receiving replacement BlackBerry devices can activate the BlackBerry devices without requiring a physical connection to your organization's network. over the LAN New BlackBerry device users and users that are receiving replacement BlackBerry devices can[...]

  • Page 94

    Option 2: Activating a BlackBerry device over the wireless network To activate a BlackBerry device over the wireless network, you assign an activation password to a user account. The user receives the activation password in an email message and associates the BlackBerry device with the email account by typing the password on the BlackBerry device. [...]

  • Page 95

    Activation passwords The BlackBerry Enterprise Server activates a BlackBerry device over the wireless network using the wireless activation authentication protocol and an activation password that is specific to the user account associated with the BlackBerry device. Item Description length of the activation password Typical activation passwords are[...]

  • Page 96

    Customize the activation password You can customize the type of activation password and the number of characters the password can contain that you send to BlackBerry devices in a BlackBerry Domain. You can also change the length of time that the activation password exists before it expires. 1. In the BlackBerry Administration Service, on the Device[...]

  • Page 97

    4. In the search results, click the display name for the user account. 5. In the Device activation list, click Specify an activation password . 6. In the Activation password and Confirm password fields, type an activation password. The password must not contain special characters. Some BlackBerry devices do not support special characters and do not[...]

  • Page 98

    Option 4: Activating BlackBerry devices using the BlackBerry Web Desktop Manager Users can activate their BlackBerry devices by connecting them to computers using a USB cable or Bluetooth connection and logging in to the BlackBerry Web Desktop Manager. During the activation process, the BlackBerry Web Desktop Manager prompts users to associate the [...]

  • Page 99

    Prerequisites: Configuring a BlackBerry Router for BlackBerry device activations over the enterprise Wi-Fi network • On the computer that you installed the BlackBerry Router, or on a remote computer, configure an SMTP service that the BlackBerry Router can use. For more information, see the documentation for the Windows Server. • To restrict th[...]

  • Page 100

    7. Click Apply . 8. Click OK . 9. In the Windows Services, restart the BlackBerry Router. After you finish: Instruct users to activate the Wi-Fi enabled BlackBerry devices. Activate a Wi-Fi enabled BlackBerry device If you want to activate a Wi-Fi enabled BlackBerry device using the enterprise Wi-Fi network, you can instruct a BlackBerry user to pe[...]

  • Page 101

    Configuring BlackBerry Enterprise Server high availability Check the health of a BlackBerry Enterprise Server If you configured BlackBerry Enterprise Server high availability, you can check the health of a BlackBerry Enterprise Server instance to verify that it is running as expected. 1. In the BlackBerry Administration Service, in the Servers and [...]

  • Page 102

    receives this information in real time from the BlackBerry Enterprise Server instance so that the failover status is always up- to-date. How the BlackBerry Enterprise Server uses health parameters The BlackBerry Enterprise Server uses health parameters to define the failover and promotion thresholds. The health parameters indicate if a BlackBerry E[...]

  • Page 103

    • For failover to occur only when the standby BlackBerry Enterprise Server is in a healthier state than the primary BlackBerry Enterprise Server, you can move the promotion threshold so that it is lower than the failover threshold. • For failover to occur when the standby BlackBerry Enterprise Server can provide the same services that the prima[...]

  • Page 104

    Configuring failover to occur when the standby BlackBerry Enterprise Server is in a healther state than the active BlackBerry Enterprise Server If you move the failover threshold and promotion threshold so that the promotion threshold is lower than the failover threshold, failover occurs only if the standby BlackBerry Enterprise Server is healthier[...]

  • Page 105

    2. Click the name of the BlackBerry Enterprise Server pair that you want to change the health parameters and thresholds for. 3. Click Edit Automatic Failover settings . 4. To change the order of the health parameters and thresholds, click the Up and Down icons. 5. Click Save . Health parameters for the failover threshold and promotion threshold Hea[...]

  • Page 106

    Health parameter Description Attachment viewing This health parameter indicates whether the BlackBerry Messaging Agent can provide services for attachment viewing. Connection to the BlackBerry Configuration Database This health parameter indicates whether BlackBerry Enterprise Server components can connect to the BlackBerry Configuration Database. [...]

  • Page 107

    If your organization's environment includes multiple BlackBerry Enterprise Server pairs, you can change the percentages of the health parameters for all of the BlackBerry Enterprise Server instances at the BlackBerry Domain level, or for each BlackBerry Enterprise Server pair. If you change the percentages of the health parameters at a BlackBe[...]

  • Page 108

    Prerequisites: Configuring the BlackBerry Enterprise Server pair to fail over automatically • Install a primary BlackBerry Enterprise Server. • Install a standby BlackBerry Enterprise Server. For more information about installing a standby BlackBerry Enterprise Server, see the BlackBerry Enterprise Server Installation and Configuration Guide . [...]

  • Page 109

    Monitoring the BlackBerry Enterprise Server for an automatic failover event You can use the BlackBerry Monitoring Service, BlackBerry Enterprise Server Alert Tool, or another SNMP monitoring tool to monitor the BlackBerry Enterprise Server for an automatic failover event and notify you when an automatic failover event occurs. When an automatic fail[...]

  • Page 110

    Before you begin: Verify that the standby BlackBerry Enterprise Server is running. 1. In the BlackBerry Administration Service, on the Servers and components menu, expand High availability > Highly available BlackBerry Enterprise Servers . 2. Click the name of the BlackBerry Enterprise Server pair. 3. Click Manual Failover . 4. In the list, choo[...]

  • Page 111

    Configuring high availability for BlackBerry Enterprise Server components Creating a BlackBerry MDS Connection Service pool for high availability To configure BlackBerry MDS Connection Service high availablity, you can create a BlackBerry MDS Connection Service pool for each BlackBerry Enterprise Server by associating multiple BlackBerry MDS Connec[...]

  • Page 112

    6. Click Save all . 7. Repeat steps 3 to 6 for each BlackBerry Enterprise Server instance in your organization's environment that you want to configure to use a BlackBerry MDS Connection Service pool. Related information Remove a BlackBerry MDS Connection Service instance from a pool, 122 Configure the BlackBerry MDS Connection Service and Bla[...]

  • Page 113

    Create a BlackBerry Collaboration Service pool for high availability To configure BlackBerry Collaboration Service high availability, you can create a BlackBerry Collaboration Service pool for each BlackBerry Enterprise Server by associating multiple BlackBerry Collaboration Service instances with the BlackBerry Enterprise Server. By default, the B[...]

  • Page 114

    Create a BlackBerry Attachment Service pool for high availability During the BlackBerry Attachment Service installation process, the setup application writes data about the BlackBerry Attachment Service instance to the BlackBerry Configuration Database. You can create a BlackBerry Attachment Service pool for each BlackBerry Enterprise Server by ass[...]

  • Page 115

    11. Click Save all . 12. Repeat steps 2 to 11 for each BlackBerry Enterprise Server instance that you want to use a BlackBerry Attachment Service pool. The BlackBerry Administration Service writes the data about the BlackBerry Attachment Service pool to the BlackBerry Configuration Database. The BlackBerry Messaging Agent caches the pool data and u[...]

  • Page 116

    • If the BlackBerry Enterprise Server uses the BlackBerry Attachment Connector instance, in the Instance information section, in the Friendly description field, type a unique name. 6. Click Save all . The BlackBerry Administration Service updates the list of BlackBerry Attachment Connector instances automatically to use the names that you typed. [...]

  • Page 117

    10. Repeat steps 2 to 9 for each BlackBerry Enterprise Server instance in your organization's environment that you want to have use a BlackBerry Router pool. Related information Remove a BlackBerry Router instance from a pool, 124 Restarting BlackBerry Enterprise Server components, 392 Permit a BlackBerry Enterprise Server to connect to a remo[...]

  • Page 118

    Creating a BlackBerry Administration Service pool that includes the BlackBerry Web Desktop Manager using DNS round robin When you install the BlackBerry Administration Service, BlackBerry Web Desktop Manager, or both, the setup application installs the BlackBerry Administration Service services automatically. The BlackBerry Administration Service a[...]

  • Page 119

    Configure the BlackBerry Administration Service instances in a pool to communicate across network subnets The instances in the BlackBerry Administration Service pool use multicast UDP to communicate with each other. If the BlackBerry Administration Service instances are located in different network subnets and your organization's network confi[...]

  • Page 120

    Change the name of the BlackBerry Administration Service pool Before you begin: If you want to configure high availability for the BlackBerry Administration Service by creating a BlackBerry Administration Service pool using DNS round robin, create the DNS record that represents the BlackBerry Administration Service instances in the pool. 1. On a co[...]

  • Page 121

    1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > BlackBerry Enterprise Server . 2. If you configured BlackBerry Enterprise Server pairs, expand the pair name. 3. Click the name of the BlackBerry Enterprise Server instance that you ass[...]

  • Page 122

    When you navigate to another page in the BlackBerry Administration Service, the BlackBerry Administration Service turns off the refresh option, and you must turn it on again manually when you return to the page that displays the status. If more than one administrator logs in to the BlackBerry Administration Service, each administrator must turn on [...]

  • Page 123

    Remove a BlackBerry Collaboration Service instance from a pool You can remove a BlackBerry Collaboration Service instance from a pool if your organization no longer requires it or to troubleshoot an issue. 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain >[...]

  • Page 124

    1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Attachment > Connector . 2. Click the BlackBerry Attachment Connector that is installed on the BlackBerry Enterprise Server that you want to remove the BlackBerry Attachment Service [...]

  • Page 125

    Configuring BlackBerry Configuration Database high availability You can configure BlackBerry Configuration Database high availability by configuring database mirroring. Database mirroring requires that you configure a principal BlackBerry Configuration Database instance and a mirror BlackBerry Configuration Database. The BlackBerry Enterprise Serve[...]

  • Page 126

    • If you turned on the automatic failover option for the BlackBerry Enterprise Server, use the BlackBerry Administration Service to change the failover type to Manual until you finish configuring database mirroring or database replication. • If you are configuring database mirroring, configure the database servers as follows: • Only use stati[...]

  • Page 127

    2. Repeat step 1 for each BlackBerry Enterprise Server component that connects to the BlackBerry Configuration Database. Configure database mirroring for the BlackBerry Configuration Database For more information about database mirroring, visit http://msdn2.microsoft.com/en-us/library/ms175059(SQL.90).aspx . 1. In the Microsoft SQL Server Managemen[...]

  • Page 128

    • BlackBerry Alert • BlackBerry Mail Store Service • BlackBerry User Administration Service • all of the remaining BlackBerry Enterprise Server services 2. Repeat step 1 for each BlackBerry Enterprise Server component that connects to the BlackBerry Configuration Database. Related information Restarting BlackBerry Enterprise Server componen[...]

  • Page 129

    Related information Resend the database mirroring parameters to BlackBerry Enterprise Server components, 129 Resend the database mirroring parameters to BlackBerry Enterprise Server components If the computers that host BlackBerry Enterprise Server components were not running or connected to the network when you configured the BlackBerry Enterprise[...]

  • Page 130

    Configuring the BlackBerry Configuration Database for one-way transactional replication in an environment that includes Microsoft SQL Server 2005 or 2008 Stop the BlackBerry Enterprise Server instances To maintain database integrity, you must prevent all services that use the BlackBerry Configuration Database from connecting to the databases while [...]

  • Page 131

    1. Copy the backup file from the database server that hosts the BlackBerry Configuration Database to the database server that will host the replicated BlackBerry Configuration Database. 2. In the Microsoft SQL Server Management Studio, in the left pane, navigate to the database server that will host the replicated BlackBerry Configuration Database.[...]

  • Page 132

    3. Right-click Local Publications . Click New Publication . 4. If the Welcome dialog box appears, click Next . 5. If this is the first time that you are configuring a publication on the database server, perform the following actions: • Select <database_server> will act as its own Distributor . Click Next . • In the Snapshot folder field, [...]

  • Page 133

    2. Right-click the server. Click Properties . 3. Click Advanced . 4. In the Miscellaneous section, set the Max Text Replication Size to the maximum, 2147483647 . 5. Click OK . Prepare the database server that hosts the replicated BlackBerry Configuration Database and configure the subscription 1. In the Microsoft SQL Server Management Studio, in th[...]

  • Page 134

    Start the BlackBerry Enterprise Server instances After you configure the database, permit all BlackBerry Enterprise Server instances to connect to the principal BlackBerry Configuration Database. 1. On the computers that host the BlackBerry Enterprise Server components, in the Windows Services, start all of the BlackBerry Enterprise Server services[...]

  • Page 135

    To configure the BlackBerry Enterprise Server instances and components, you delete the pull subscription from the replicated database server, run a SQL query to update the numbering of the identity values in the replicated BlackBerry Configuration Database, and run the BlackBerry Enterprise Server setup application to permit each BlackBerry Enterpr[...]

  • Page 136

    Sending software and BlackBerry Java Applications to BlackBerry devices Managing BlackBerry Java Applications and BlackBerry Device Software You can use the BlackBerry Administration Service to install and manage the BlackBerry Device Software and BlackBerry Java Applications on BlackBerry devices. To send BlackBerry Java Applications to devices, y[...]

  • Page 137

    After you install the BlackBerry Device Software and BlackBerry Java Applications on devices, you can view details about how the BlackBerry Administration Service resolved software configuration conflicts. For more information about installing and managing the BlackBerry Device Software on devices, visit www.blackberry.com/go/serverdocs to see the [...]

  • Page 138

    Applications on BlackBerry devices. Do not add application files to the shared network folder or make changes to the files that the BlackBerry Administration Service stores in the shared network folder. To make a BlackBerry Java Application available for installation on BlackBerry devices, you must add the application to the BlackBerry Administrati[...]

  • Page 139

    Add a BlackBerry Java Application to the application repository To send a BlackBerry Java Application to BlackBerry devices, you must first add the BlackBerry Java Application bundle to the application repository. To send an updated version of a BlackBerry Java Application to BlackBerry devices, you must first add the updated bundle to the applicat[...]

  • Page 140

    Specify keywords for a BlackBerry Java Application You can specify keywords for a BlackBerry Java Application. You can use the keywords to search for the application in the application repository. 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Software > Applications . 2. Click Manage applications[...]

  • Page 141

    Application control policy Description Standard Required When you apply the application control policy to a BlackBerry Java Application, rule settings require that the BlackBerry Java Application be installed and permitted to run on BlackBerry devices. BlackBerry devices install the application automatically. Standard Optional When you apply the ap[...]

  • Page 142

    If you add the BlackBerry Java Application to multiple software configurations and you assign different custom application control policies to the BlackBerry Java Application in the different software configurations, you must set the priority for the custom application control policies. This priority determines which custom application control poli[...]

  • Page 143

    10. Click Save all . IT policy rules take precedence on smartphones IT policy rule settings override application control policy rule settings. For example, if you change the Allow Internal Connections IT policy rule to No for BlackBerry smartphones, and if the smartphones have an application control policy set that allows a specific application to [...]

  • Page 144

    2. Click Manage application control policies for unlisted applications . 3. Click the Standard Unlisted Optional application control policy. 4. Click Edit application control policy . 5. On the Access settings tab, in the Settings section, configure the settings for the application control policy. 6. Click Save all . Create an application control p[...]

  • Page 145

    1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Software . 2. Click Manage application control policies for unlisted applications . 3. Click Set priority of application control policies for unlisted applications . 4. Click the up and down arrows to set the priority of application control policies for [...]

  • Page 146

    Create a software configuration 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Software . 2. Click Create a software configuration . 3. In the Configuration information section, in the Name field, type a name for the software configuration. 4. In the Disposition for unlisted applications drop-down li[...]

  • Page 147

    • To install the BlackBerry Java Application automatically on BlackBerry devices, and to prevent users from removing the application, click Required . • To permit users to install and remove the BlackBerry Java Application, click Optional . • To prevent users from installing a BlackBerry Java Application on BlackBerry devices, click Disallowe[...]

  • Page 148

    Assign a software configuration to multiple user accounts 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User . 2. Click Manage users . 3. Search for one or more user accounts. 4. Select one or more user accounts. 5. In the Add to user configuration list, click Add software configuration . 6. In the [...]

  • Page 149

    When you assign a software configuration to a user account, the BlackBerry Administration Service creates a job to deliver the resulting object to the BlackBerry device. Related information View the status of a job, 150 Managing the default distribution settings for jobs, 292 Managing the distribution settings for a specific job, 298 Managing softw[...]

  • Page 150

    View the status of a job After you assign a software configuration to user accounts or change an existing software configuration that you assigned to user accounts, the BlackBerry Administration Service creates a job to deliver BlackBerry Device Software, BlackBerry Java applications, or application settings to BlackBerry devices. If you assign an [...]

  • Page 151

    • BlackBerry Dispatcher log files from the day the issue was reported (log level 4 recommended) • BlackBerry Administration Service log files from the day the issue was reported (log level 4 recommended) • BlackBerry device information (for example, the BlackBerry device model, BlackBerry Device Software version, wireless service provider, IT[...]

  • Page 152

    Device reported insufficient memory to install module The BlackBerry device does not have enough application memory available to install the application modules. You can instruct the user to make more application memory available on the BlackBerry device. Resend the BlackBerry Java Application. Device reported insufficient privileges to install mod[...]

  • Page 153

    The BlackBerry Policy Service did not receive an acknowledgment message from a BlackBerry device that indicates that the BlackBerry Java Application was installed. You can verify that the BlackBerry device is turned on and is located in a wireless coverage area. Resend the BlackBerry Java Application. For the command: %s Device reported a general f[...]

  • Page 154

    For information about changing the log level for a BlackBerry Enterprise Server component, visit www.blackberry.com/ support to read article KB04342. For information about obtaining the event log for a BlackBerry device, visit www.blackberry.com/support to read article KB05349. If the recommended administrative action for an error message does not [...]

  • Page 155

    You can verify that the service books on the BlackBerry device permit BlackBerry Device Software updates over the wireless network. Available upgrade deferred by user • 0x01 prior upgrade in progress : The BlackBerry Device Software update did not complete because a previous BlackBerry Device Software update was in progress. If the previous Black[...]

  • Page 156

    Error messages: Standard application settings tasks To troubleshoot errors that display for a task when you change the standard application settings on a BlackBerry device, you can try to determine the cause by collecting the following information: • BlackBerry Synchronization Service log files from the day the issue was reported (log level 4 rec[...]

  • Page 157

    Verify that the BlackBerry Synchronization Service can access the BlackBerry Configuration Database. If necessary, restart the BlackBerry Configuration Database. Failed to delete item The BlackBerry Synchronization Service cannot delete the value of the standard application settings because the BlackBerry Configuration Database is unavailable. Veri[...]

  • Page 158

    For information about changing the log level for a BlackBerry Enterprise Server component, visit www.blackberry.com/ support to read article KB04342. For information about obtaining the event log for a BlackBerry device, visit www.blackberry.com/support to read article KB05349. If the recommended administrative action for an error message does not [...]

  • Page 159

    If you want to delete a job, change the start date of the job to a date that exceeds the job failure period that you configured in the job schedule settings. The default job failure period is 30 days. Related information Change default settings for a job schedule, 292 Specify the start time and priority for a job, 299 Stop a job that is running 1. [...]

  • Page 160

    6. Click View users with application . 7. Search for users that are associated with BlackBerry devices that you installed the BlackBerry Java Application on. View how the BlackBerry Administration Service resolved software configuration conflicts for a user account You can assign multiple software configurations to a user account or group. The Blac[...]

  • Page 161

    Reconciliation rules for conflicting settings in software configurations If you assign multiple software configurations to user accounts or groups, the multiple software configurations might contain conflicting settings. For example, you might specify that a BlackBerry Java Application is required in a software configuration that you assign to a us[...]

  • Page 162

    Reconciliation rules: BlackBerry Java Applications Scenario Rule Multiple software configurations are assigned to a user account or the groups the user belongs to. Multiple BlackBerry Java Applications are contained in each software configuration. The BlackBerry Java Applications in each software configuration are installed on the BlackBerry device[...]

  • Page 163

    Scenario Rule The BlackBerry Administration Service resolves the deployment method after resolving the disposition of an application. The deployment method specified for an application in a software configuration that is assigned to a user account takes precedence over the deployment method for the same application in any software configuration tha[...]

  • Page 164

    Scenario Rule successfully, the application with the dependency is then installed. A software configuration is assigned to a user account and it contains a BlackBerry Java Application that has a dependency on another BlackBerry Java Application. The dependent application is not supported on the BlackBerry device. If a dependent application is not s[...]

  • Page 165

    Reconciliation rules: Standard application settings Scenario Rule A software configuration with standard application settings is assigned to a user account. A software configuration with different standard application settings is assigned to a group that the user account belongs to. The standard application settings in a software configuration that[...]

  • Page 166

    Scenario Rule configured differently in the software configurations that are assigned to the groups. setting takes precedence over the Unlocked and hidden setting. Standard application settings are configured in a software configuration and assigned to user accounts with BlackBerry devices that are running a BlackBerry Device Software version earli[...]

  • Page 167

    Scenario Rule A software configuration that defines unlisted applications as disallowed is assigned to a user account. A software configuration that defines unlisted applications as optional is also assigned to the user account. If unlisted applications are defined as disallowed in a software configuration that is assigned to a user account, unlist[...]

  • Page 168

    Alternative methods for installing BlackBerry Java Applications on BlackBerry devices Installing BlackBerry Java Applications on BlackBerry devices without using the BlackBerry Administration Service You can install and update BlackBerry Java Applications on BlackBerry devices without using the BlackBerry Administration Service. You can use any of [...]

  • Page 169

    BlackBerry devices using a user’s computer or over the wireless network. Application developers can use the BlackBerry JDE or the BlackBerry Java Plug-in for Eclipse to generate .cod files that contain the compiled application code for a BlackBerry Java Application. BlackBerry devices execute .cod files to run BlackBerry Java Applications. The Bl[...]

  • Page 170

    Method Description Install BlackBerry Java Applications using a web browser on BlackBerry devices You can install a BlackBerry Java Application on a BlackBerry device by installing the files for the BlackBerry Java Application on a web server and instructing the user to browse to the appropriate web address on the BlackBerry device. Users can downl[...]

  • Page 171

    • BlackBerry APIs and Java ME (standard on BlackBerry devices) User’s computer • Windows 2000 or later, Windows XP, or Windows Vista • BlackBerry Desktop Software version 4.0 or later • Research In Motion USB drivers and a USB connection for the BlackBerry device BlackBerry Java Application • .alx files and .cod files: The .alx file is [...]

  • Page 172

    Installing BlackBerry Java Applications using the BlackBerry Application Web Loader You can configure the BlackBerry Application Web Loader, which uses Microsoft ActiveX, to install a BlackBerry Java Application on BlackBerry devices using a web server and Microsoft Internet Explorer on users’ computers. You can add the BlackBerry Application Web[...]

  • Page 173

    • Microsoft Internet Explorer version 5.0 or later • Microsoft ActiveX version 8.0 or later • BlackBerry Application Web Loader; if the BlackBerry Application Web Loader is not installed, the user is prompted to install it after the user browses to the specified web address • Research In Motion USB drivers and a USB connection for the Black[...]

  • Page 174

    4. Reference a specific version of the BlackBerry Application Web Loader. For more information about referencing a specific version of the BlackBerry Application Web Loader, visit www.blackberry.com/go/docs to read the BlackBerry Application Web Loader Developer Guide. 5. Associate the BlackBerry Application Web Loader with the .jad file. 6. To loa[...]

  • Page 175

    You must install the BlackBerry Device Manager on users’ computers so that users can use this method to install BlackBerry Java Applications. The BlackBerry Device Manager manages the connection between the standalone application loader tool and the BlackBerry device. The BlackBerry Device Manager is included in the BlackBerry Desktop Software. Y[...]

  • Page 176

    information about application dependencies, visit www.blackberry.com/developers to read the BlackBerry Java Development Environment Development Guide . • required BlackBerry Java Applications: To configure a BlackBerry Java Application as required on a BlackBerry device, in the .alx file, after the copyright statement, add the following tag: <[...]

  • Page 177

    Configure the standalone application loader tool to install the BlackBerry Java Application in automated mode Use automated mode if you do not want to give users the option to cancel the installation of the BlackBerry Java Application. Before you begin: Verify that BlackBerry Device Manager version 4.1 or later is installed on the user’s computer[...]

  • Page 178

    Installing BlackBerry Java Applications using a web browser on BlackBerry devices You can install BlackBerry Java Applications on BlackBerry devices over the wireless network. This method does not require users to connect their BlackBerry devices to their computers. You can add the required files for the BlackBerry Java Application (a .jad file and[...]

  • Page 179

    BlackBerry Java Application • .jad file: The .jad file is the application descriptor that provides information about the application and the location of the application’s .cod or .jar files. • .cod or .jar files: These files contain compiled and packaged application code. Install the BlackBerry Java Application on a web server Before you begi[...]

  • Page 180

    Configuring how users access enterprise applications and web content Specifying a BlackBerry MDS Connection Service as a central push server At least one BlackBerry MDS Connection Service in your organization's BlackBerry Domain must act as a central push server. Central push servers receive content push requests from server-side applications [...]

  • Page 181

    Specify a BlackBerry MDS Connection Service as a central push server You can specify more than one BlackBerry MDS Connection Service in your organization's BlackBerry Domain as a central push server. By default, if one or two BlackBerry MDS Connection Service instances exist in the BlackBerry Domain, those instances are central push servers. 1[...]

  • Page 182

    minutes. The BlackBerry devices prompt users only if the connection to the content server persists for more than 60 minutes. 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view . 2. Click MDS Connection Service . 3. Click Edit component . 4. [...]

  • Page 183

    Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to content servers that use Kerberos Before you begin: Configure the BlackBerry MDS Connection Service to authenticate to content servers on behalf of BlackBerry devices. 1. Navigate to <drive> :Program FilesResearch In MotionBlackBerry Enterprise ServerMDS[...]

  • Page 184

    Configuring the BlackBerry MDS Connection Service to authenticate devices to the RSA Authentication Manager You can configure the BlackBerry MDS Connection Service to require that BlackBerry device users pass RSA authentication when they access the Internet or intranet from BlackBerry devices. You can configure the BlackBerry MDS Connection Service[...]

  • Page 185

    • If you are running a 64-bit version of Windows Server 2008, the <drive> :WINDOWSSysWow64 folder 2. In the RSA Authentication Manager, create an Agent Host record for the BlackBerry Enterprise Server. The RSA Authentication Manager generates an sdconf.rec file. 3. On the computer that hosts the BlackBerry MDS Connection Service, copy the[...]

  • Page 186

    6. In the RSA inactivity timeout field, type a number, in minutes, to specify how long devices can remain connected to your organization's network while the users are inactive. By default, an authenticated connection persists for 60 minutes of user inactivity on the devices. 7. Click Save all . Related information Restarting BlackBerry Enterpr[...]

  • Page 187

    Configure the timeout limit for HTTP connections with BlackBerry devices You can specify how long a BlackBerry MDS Connection Service waits for a BlackBerry device to send data to it before the BlackBerry MDS Connection Service closes the HTTP connection to the BlackBerry device. The default timeout limit is 120,000 milliseconds (2 minutes). 1. In [...]

  • Page 188

    Configure the maximum number of times that the BlackBerry Browser accepts HTTP redirections HTTP redirection occurs when the BlackBerry Browser requests a web page from a web server and the web server redirects the request to a new web address for the page. The default limit is 5 redirections. 1. In the BlackBerry Administration Service, on the Ser[...]

  • Page 189

    Create a key store to store certificates for use with HTTPS connections You must create a key store to store the certificates that permit the BlackBerry MDS Connection Service to accept HTTPS connections from push applications. 1. On the computer that hosts the BlackBerry MDS Connection Service, on the taskbar, click Start > Programs > BlackB[...]

  • Page 190

    Task Steps 3. When prompted, click Yes . 3. Copy the key store file to <drive> :Program FilesResearch In MotionBlackBerry Enterprise ServerMDSwebserver . After you finish: Export the certificate for the BlackBerry MDS Connection Service to make it available to other applications. Export the BlackBerry MDS Connection Service certificate t[...]

  • Page 191

    After you finish: If the certificate does not exist, import the certificate to <drive> :Program FilesJava <JRE version> lib securitycacerts . Permit push applications to select the transport protocol for PAP requests By default, when a push application sends a PAP request to the BlackBerry MDS Connection Service, the BlackBerry MD[...]

  • Page 192

    Specify whether the BlackBerry MDS Connection Service requires trusted HTTPS connections from web servers 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view . 2. Click MDS Connection Service . 3. Click Edit component . 4. On the HTTPS tab, i[...]

  • Page 193

    2. Click MDS Connection Service . 3. Click Edit component . 4. On the TLS tab, in the Name field, type the name of a web server. 5. In the Service URL field, type the regular expression for the web address of the web server. 6. In the Settings section, in the Allow untrusted servers drop-down list, perform one of the following actions: • To permi[...]

  • Page 194

    Configure the LDAP servers that the BlackBerry MDS Connection Service uses to retrieve certificates You can create a user name and password so that the BlackBerry MDS Connection Service can authenticate to LDAP servers on behalf of BlackBerry devices. If you change the LDAP port number or host server information, you must stop and restart the Black[...]

  • Page 195

    LDAP server settings Field Description Base Query This field specifies the base query for the default LDAP server. You can use %20 for spaces. Each LDAP server can host multiple Windows domains but can search in only one Windows domain at a time. You might need to configure a default base query for some LDAP servers. Password and Confirm Password T[...]

  • Page 196

    Task Steps 4. To permit the BlackBerry MDS Connection Service to authenticate with the DSML certificate server on behalf of BlackBerry devices, in the User name field, type the user name that the BlackBerry MDS Connection Service can use to authenticate with the DSML certificate server. 5. In the Password and Confirm password fields, type the passw[...]

  • Page 197

    • Configure the OCSP handler to use the OCSP responder extension in a certificate. 5. Perform one of the following tasks: Task Steps Create an OCSP server configuration. 1. In the Name field, type the OCSP server name. 2. In the Service URL field, type the web address for the server. 3. Click the Add icon. Change an existing OCSP server configura[...]

  • Page 198

    Task Steps Create a CRL server configuration. 1. Type the CRL server name and the web address for the server. 2. Click the Add icon. Change an existing CRL server configuration. 1. Click the Edit icon beside the CRL server. 2. Click the Accept icon. 6. Click Save all . After you finish: Add the communication information that you configured for the [...]

  • Page 199

    8. To specify the communication method that the BlackBerry MDS Connection Service should try to connect to the server with first , click the Up and Down arrows. The BlackBerry MDS Connection Service resolves conflicts by applying communication methods in the order that you specify. The order of that you specify for LDAP, DSML, or file communication[...]

  • Page 200

    Add a retrieved certificate for a web server to the key store You can use the Java keytool to add a certificate for a web server to the BlackBerry MDS Connection Service key store. The certificate permits the BlackBerry MDS Connection Service to connect to the trusted web server. 1. Save the certificate from a secure web site to a .cer file. 2. On [...]

  • Page 201

    Configure global login information for intranet site access 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry solution topology > BlackBerry Domain > Component view . 2. Click MDS Connection Service . 3. On the HTTP tab, click Edit component . 4. In the Protocol service information section, in [...]

  • Page 202

    5. Click Save all . Specify the pending content timeout limit for a BlackBerry MDS Connection Service You can specify how long a BlackBerry MDS Connection Service waits for acknowledgment from a BlackBerry device before it deletes pending content for the BlackBerry device. 1. In the BlackBerry Administration Service, on the Servers and components m[...]

  • Page 203

    Before you begin: Verify that your system memory can support the thread pool size that you want to specify. 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > MDS Connection Service . 2. Click the instance that you want to specify the t[...]

  • Page 204

    MDS Connection Service to process data as it did in previous versions of the BlackBerry Enterprise Server, you can prevent a BlackBerry MDS Connection Service from using scalable HTTP. 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > [...]

  • Page 205

    Specify how often a BlackBerry MDS Connection Service polls for configuration information You can specify how often a BlackBerry MDS Connection Service polls the BlackBerry Configuration Database for changes to the administration settings for the BlackBerry MDS Connection Service and BlackBerry Collaboration Service. The default interval is 5 minut[...]

  • Page 206

    Setting up the messaging environment Creating email message filters You can create email message filters to define which email messages the BlackBerry Enterprise Server forwards from users’ email applications to their BlackBerry devices. When users receive email messages in the incoming message queue, the BlackBerry Enterprise Server applies emai[...]

  • Page 207

    5. In the Email message filter rules section, configure the options for the email message filter. Use semicolons (;) to separate multiple items that you specify. If you specify multiple users in the From or Sent to fields, or multiple subject terms in the Subject field, the message filter is applied to email messages that contain any of the users o[...]

  • Page 208

    2. Click Manage users . 3. Search for a user account. 4. In the search results, click the name of the user account. 5. Click Edit user . 6. In the Messaging configuration section, click Default configuration . 7. On the Email tab, in the Email message filter name field, type a name for the email message filter. 8. In the Email message filter rules [...]

  • Page 209

    8. In the Enabled drop-down list, click Yes . 9. Click Continue to user information edit . 10. Click Save all . The BlackBerry Administration Service applies email message filters in the order that they are listed in. Copying existing email message filters to another BlackBerry Enterprise Server You can copy the existing email message filters for a[...]

  • Page 210

    4. On the Email message filters tab, click Import email message filters . 5. In the Import email message filters section, click Browse . Navigate to the .xml file that contains the email message filters that you want to import. 6. Click Import email message filters . 7. Click Save all . Copying existing email message filters to user accounts You ca[...]

  • Page 211

    4. In the search results, click the name of the user account. 5. Click Edit user . 6. In the Messaging configuration section, click Default configuration . 7. On the Email tab, at the bottom of the screen, click Import email filters . 8. In the Import email message filters section, click Browse . Navigate to the .xml file that contains the email me[...]

  • Page 212

    • If you are running a 32-bit version of Windows, navigate to HKEY_LOCAL_MACHINESoftwareResearch In Motion BlackBerry Enterprise ServerAgents. • If you are running a 64-bit version of Windows, navigate to HKEY_LOCAL_MACHINESoftwareWOW6432Node Research In MotionBlackBerry Enterprise ServerAgents. 5. If necessary, create a DWORD value na[...]

  • Page 213

    Change how a BlackBerry Messaging Agent uses extension plug-ins The BlackBerry Messaging Agent uses a BlackBerry Enterprise Server extension process to load extension plug-ins to process email messages. If you do not add an extension plug-in to the BlackBerry Administration Service, and you install the extension plug-in application on the computer [...]

  • Page 214

    Mapping contact information fields for synchronization and contact lookups You can map contact information fields from the email applications on users' computers to the contact list fields on the BlackBerry devices. The information in the fields in the email applications synchronizes to the fields on the BlackBerry devices. You can create the [...]

  • Page 215

    4. In the search results, click the display name for the user account. 5. Click Edit user . 6. In the Messaging configuration section, click Default configuration . 7. On the Mappings for organizer data synchronization tab, in the Mappings for organizer data synchronization section, select the Turned on option. 8. In the appropriate drop-down lists[...]

  • Page 216

    6. In the Messaging configuration section, click Default configuration . 7. On the Mappings for organizer data synchronization tab, in the Mappings for organizer data synchronization section, select the Turned on option. 8. In the Other mappings section, in each User defined string drop-down list, select the contact field that you want to map to th[...]

  • Page 217

    Configuring BlackBerry devices to enroll certificates over the wireless network You can configure the BlackBerry Enterprise Server to permit BlackBerry devices to enroll certificates that the devices can use with any PKI-enabled application or process. You can permit devices to enroll the certificates instead of instructing users to send the certif[...]

  • Page 218

    If you configured the BlackBerry MDS Connection Service to retrieve the status of the certificates using an OCSP server or a CRL server and pull authorization is turned on, devices may not be able to enroll some certificates over the mobile network. The devices might not be able to enroll some certificates because, devices that initiate the request[...]

  • Page 219

    example, http://myca.mycompany.com:80/* ). Use <port_number> /* to make sure that the BlackBerry MDS Connection Service can access all the URLs for the certification authority. 6. In the Settings section, in the User name field, type the name of a certification authority administrator account that can approve certificate requests using one of[...]

  • Page 220

    7. Click the Add icon. 8. To specify the communication method that the BlackBerry MDS Connection Service should try to connect to the server with first , click the Up and Down arrows. The BlackBerry MDS Connection Service resolves conflicts by applying communication methods in the order that you specify. The order of that you specify for LDAP, DSML[...]

  • Page 221

    7. To assign the BlackBerry MDS Connection Service configuration set to another BlackBerry MDS Connection Service instance, repeat steps 3 to 7. Add certificate information to a Wi-Fi profile You must add the name of the certification authority profile that contains certificate information to a Wi-Fi profile. The name of the certification authority[...]

  • Page 222

    • Custom Microsoft Certificate Authority Certificate Template • Distinguished Name Components • Key Algorithm • Key Length • Microsoft Certificate Authority Certificate Template • RSA Certificate Authority Certificate ID • RSA Jurisdiction ID A certificate enrollment process does not delete the existing certificate from the device key[...]

  • Page 223

    Properties in the rimpublic.properties file Property Description application.handler.pkcs10.pollinginte rval If the certificate authority requires a certificate administrator to approve certificate requests, this property specifies the interval, in minutes, that the BlackBerry MDS Connection Service waits before it requests an update about pending [...]

  • Page 224

    Making the BlackBerry Web Desktop Manager available to users Installing the client components of the BlackBerry Web Desktop Manager on users' computers By default, when users open and log in to the BlackBerry Web Desktop Manager for the first time, the browser prompts them to accept a client authentication certificate and install the required [...]

  • Page 225

    Publish the client files for the BlackBerry Web Desktop Manager in a Windows GPO for Windows XP If you use Microsoft Active Directory, you can create a Windows GPO to make sure that the browser settings are correct for your organization's environment. Alternatively, you can check the browser settings on users' computers and, if necessary,[...]

  • Page 226

    After you finish: Perform one of the following actions: • On each user's computer that runs a 32-bit version of Windows, add the registry key HKEY_LOCAL_MACHINESoftware MicrosoftWindowCurrentVersionInternet SettingsUseCoInstall. • On each user's computer that runs a 64-bit version of Windows, add the registry key HKEY_LOCAL_MACHI[...]

  • Page 227

    16. Expand Windows Components . 17. Click ActiveXInstaller Service . 18. Right-click Approved Installation Sites for ActiveX Controls . 19. Select Properties . 20. On the Settings tab, click Enabled . 21. Click Show . 22. Click Add . 23. In the Enter the name of the item to be added field, type the web address for the BlackBerry Administration Serv[...]

  • Page 228

    CLASS MACHINE CATEGORY !!RegistrySettings KEYNAME "SoftwareMicrosoftWindowsCurrentVersionInternet Settings" ;KEYNAME "SoftwarePoliciesMicrosoftWindowsCurrentVersionInternet Settings" POLICY !!EnableActiveXInstallFromAD EXPLAIN !!EnableActiveXInstallFromAD_Explain VALUENAME "UseCoInstall" VALUEON NUMERIC 1 VALU[...]

  • Page 229

    13. Click Enabled . 14. Click OK . After you finish: For more information about registry-based Windows GPOs, visit technet.microsoft.com to read Using Administrative Template Files with Registry-Based Group Policy . Make the BlackBerry Web Desktop Manager available to users The BlackBerry Web Desktop Manager web address is https:// <full_compute[...]

  • Page 230

    Configuring the BlackBerry Web Desktop Manager You can configure the BlackBerry Web Desktop Manager to permit users to perform administrative tasks such as creating a password for wireless activation, locking a lost or stolen BlackBerry device, deleting data from a device, or deactivating a device. You can also customize the UI of the BlackBerry We[...]

  • Page 231

    Permit users to activate devices using the BlackBerry Web Desktop Manager You can specify whether users can use the BlackBerry Web Desktop Manager to activate BlackBerry devices using a wired connection to a computer. 1. In the BlackBerry Administration Service, in the Servers and components menu, expand BlackBerry Solution Topology > BlackBerry[...]

  • Page 232

    After you finish: To prevent users from backing up and restoring data from their BlackBerry devices, change Allow users to backup and restore data to No . Configure the domains for backing up data using the BlackBerry Web Desktop Manager You can specify the domains that users' computers are located in so that you can limit which users can back[...]

  • Page 233

    5. Click Save All . BlackBerry Web Desktop Manager text colors Parameter Description Default Font color 1 This text color specifies the hexadecimal color value of the description text in the BlackBerry Web Desktop Manager. #000000 (black) Font color 2 This text color specifies the hexadecimal color value of the copyright text in the BlackBerry Web [...]

  • Page 234

    Display a custom image in the BlackBerry Web Desktop Manager You can display a custom image, such as your organization's logo, in the upper-right corner of the BlackBerry Web Desktop Manager. The image file that you specify must be a .jpg or .gif file that is located on a trusted web site. 1. In the BlackBerry Administration Service, in the Se[...]

  • Page 235

    Creating and configuring Wi-Fi profiles and VPN profiles Creating and configuring Wi-Fi profiles You can use Wi-Fi configuration settings and optional VPN configuration settings to manage BlackBerry devices that can operate on both mobile and Wi-Fi networks. You can manage the configuration settings for user accounts that are associated with a Blac[...]

  • Page 236

    • Configure authentication using a supported authentication method. For example, if your organization uses layer 2 access security, verify that your organization uses one of the supported layer 2 security methods. • Configure encryption using a supported encryption method. If your organization’s environment requires a VPN concentrator, config[...]

  • Page 237

    Item Connection type Default port number Where to configure the connection incoming connection from a BlackBerry device to the BlackBerry Router TCP 4101 Windows registry outgoing connection from a BlackBerry device to the BlackBerry Router for a direct Wi-Fi connection to the BlackBerry Infrastructure TCP 443 — Create a Wi-Fi profile 1. In the B[...]

  • Page 238

    Configure a Wi-Fi profile on a BlackBerry device You can instruct BlackBerry device users to perform the following task if you want users to configure a Wi-Fi profile for the Wi-Fi networks that you did not create a Wi-Fi profile for in the BlackBerry Administration Service. By default, new Wi-Fi profiles appear at the end of the Wi-Fi profile list[...]

  • Page 239

    1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User . 2. Click Manage users . 3. Search for one or more user accounts. 4. Click the name of the user account that you want to assign a Wi-Fi profile to. 5. Click Edit user . 6. On the Wi-Fi profiles tab, in the Wi-Fi profile name section, in the drop-do[...]

  • Page 240

    To create a VPN profile, you configure the VPN configuration settings (for example, the IP address of the VPN concentrator, user names and passwords, and cryptographic methods that the BlackBerry Enterprise Server uses) on a BlackBerry device or using a VPN profile or IT policy. You can assign one or more VPN profiles to a user account or to a grou[...]

  • Page 241

    4. Click Edit profile . 5. On the VPN profile settings tab, change the values for the configuration settings. 6. Click Save All . After you finish: • For information about VPN configuration settings, see the BlackBerry Enterprise Server Policy Reference Guide . • To update BlackBerry device information immediately, resend the IT policy to the B[...]

  • Page 242

    7. If required, in the VPN user specific settings section, specify the login information that you want to associate with the VPN profile. 8. Click the Add icon. 9. Click Save All . When you assign a VPN profile to a user account, the BlackBerry Administration Service creates a job to deliver the resulting object to the BlackBerry device. Associate [...]

  • Page 243

    Delete a VPN profile Before you begin: Verify that the VPN profile is not assigned to a user account or associated with a Wi-Fi profile. 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy > Wi-Fi configuration . 2. Click Manage VPN profiles . 3. Click the name of a VPN profile. 4. Click Delete [...]

  • Page 244

    • If you are using a text editor to create the .csv file, use quotation marks (" ") if the value for a field contains a space (for example, "Westlee Barichak"). • Add no more than 2000 actions to a file. • Assign a maximum of 32 profiles to BlackBerry devices that are running BlackBerry Device Software versions that are ea[...]

  • Page 245

    Example: Changing profile information that you assigned to user accounts "User Id","Display Name","PIN","Email Address","Logon Name","Attribute Name","Attribute Type","Action","User Name","Password" "16","Westlee Barichak","&[...]

  • Page 246

    Field Description User Name This field specifies the user name that the BlackBerry device can use to access the enterprise Wi-Fi network or VPN, if a user name is required. Password This field specifies the password that the BlackBerry device can use to access the enterprise Wi-Fi network or VPN, if a password is required. You can include quotation[...]

  • Page 247

    Configuring encryption and authentication methods for Wi- Fi enabled BlackBerry devices For information about the encryption and authentication methods for Wi-Fi connections, see the BlackBerry Enterprise Solution Security Technical Overview . Configuring WEP encryption WEP encryption uses matching encryption keys that are located at wireless acces[...]

  • Page 248

    1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy > Wi-Fi configuration . 2. Click Manage Wi-Fi profiles . 3. Click the name of the Wi-Fi profile that you want to change. 4. Click Edit profile . 5. On the Wi-Fi profile settings tab, configure the values for the following configuration settings[...]

  • Page 249

    Configure PSK encryption data for BlackBerry devices using a Wi-Fi profile If BlackBerry device users in your organization's environment use BlackBerry 7270 smartphones, you must configure passphrases using IT policy rules instead of configuration settings. Before you begin: Obtain the passphrase for the wireless access point. For more informa[...]

  • Page 250

    Configure LEAP authentication data for BlackBerry devices using a Wi-Fi profile If BlackBerry device users in your organization's environment use BlackBerry 7270 smartphones, you must configure user names and passwords using IT policy rules instead of configuration settings. Before you begin: • Using the wireless access point, configure the [...]

  • Page 251

    PEAP authentication requires that BlackBerry devices trust the authentication server certificate. To trust the authentication server certificate, BlackBerry devices must trust the certificate authority that issued the certificate. A certificate authority that the BlackBerry devices and the authentication server trust mutually must generate the cert[...]

  • Page 252

    • For more information about configuration settings, see the BlackBerry Enterprise Server Policy Reference Guide . • Resend the IT policy that you assign to the user accounts to BlackBerry devices. • Distribute the certificates. Related information Creating and configuring Wi-Fi profiles, 235 Prerequisites: Distributing a certificate using th[...]

  • Page 253

    8. In the Security Warning dialog box, click Yes . 9. Connect the BlackBerry device to the BlackBerry Desktop Manager. 10. In the BlackBerry Desktop Manager, select the Certificate Synch tool. 11. Type a password that you can use as the keystore password. 12. Perform one of the following actions: • If you are distributing a root certificate, on t[...]

  • Page 254

    9. If necesssary, in the Server subject field, type the server name in the server certificate, in URL format (for example, server1.domain.com or server1.domain.net). If you leave the field blank, the BlackBerry device skips over it during server authentication. 10. If necesssary, in the Server SAN field, type the alternative name for the server, in[...]

  • Page 255

    Configure EAP-TLS authentication data for BlackBerry devices using a Wi-Fi profile If BlackBerry users in your organization's environment use BlackBerry 7270 smartphones, you must configure user names and passwords using IT policy rules instead of configuration settings. 1. In the BlackBerry Administration Service, on the BlackBerry solution m[...]

  • Page 256

    Configure EAP-TLS configuration settings in the Wi-Fi profile on a BlackBerry device If you do not configure the EAP-TLS configuration settings using the BlackBerry Administration Service, instruct the users to configure the settings in the Wi-Fi profile on the Wi-Fi enabled BlackBerry device. 1. On the BlackBerry device, in the device options, cli[...]

  • Page 257

    EAP-TTLS authentication requires that BlackBerry devices trust the authentication server certificate. To trust the authentication server certificate, BlackBerry devices must trust the certificate authority that issued the certificate. A certificate authority that the BlackBerry devices and the authentication server trust mutually must generate the [...]

  • Page 258

    • For more information about configuration settings, see the BlackBerry Enterprise Server Policy Reference Guide . • Resend the IT policy that you assign to the user accounts to Wi-Fi enabled BlackBerry devices. • Distribute the certificates. Related information Prerequisites: Distributing a certificate using the BlackBerry Desktop Manager, 2[...]

  • Page 259

    Configuring EAP-FAST authentication EAP-FAST is an authentication method that was developed by Cisco Systems. Similar to PEAP authentication, EAP-FAST authentication encrypts EAP transactions within a TLS tunnel. Although PEAP uses a server-side digital certificate to configure the TLS tunnel, EAP-FAST uses a .pac file. The .pac file that the Black[...]

  • Page 260

    Send EAP-FAST authentication data to a BlackBerry device using a Wi-Fi profile If BlackBerry users in your organization's environment use BlackBerry 7270 smartphones, you must configure user names and passwords using IT policy rules instead of configuration settings. 1. In the BlackBerry Administration Service, on the BlackBerry solution manag[...]

  • Page 261

    Configure EAP-FAST configuration settings in the Wi-Fi profile on BlackBerry devices If you do not configure the EAP-FAST configuration settings using the BlackBerry Administration Service, instruct users to configure the settings in the Wi-Fi profile on the Wi-Fi enabled BlackBerry device. 1. On the BlackBerry device, in the device options, click [...]

  • Page 262

    Configuring software tokens for BlackBerry devices The BlackBerry Enterprise Server is designed to work with the RSA Authentication Manager to provide software token support for use with layer 2 and layer 3 Wi-Fi authentication on Wi-Fi enabled BlackBerry devices. When you configure a software token for users, BlackBerry devices are designed to use[...]

  • Page 263

    • Import the token seed file (also known as the *.sdtid file) that contains the UID for each software token into the RSA Authentication Manager Database. • In the RSA Authentication Manager Database, create a user record for each software token holder. • In the RSA Authentication Manager Administration application, configure the following par[...]

  • Page 264

    Configure RSA authentication over a Wi-Fi network using a software token You must add the serial number of the software token that the Wi-Fi enabled BlackBerry devices can use to a Wi-Fi profile so that RSA authentication can occur over Wi-Fi connections. 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expan[...]

  • Page 265

    6. Click Save All . After you finish: • Assign the VPN profile to the user accounts. • Resend the IT policy that you assign to the user accounts to BlackBerry devices. Assign software tokens to a user account You must assign the software tokens that BlackBerry device users can use to authenticate to a Wi-Fi network or VPN network to the user ac[...]

  • Page 266

    Changing the security settings of the BlackBerry Administration Service and BlackBerry Web Desktop Manager Import a new SSL certificate for the BlackBerry Administration Service and BlackBerry Web Desktop Manager When you install the BlackBerry Administration Service and BlackBerry Web Desktop Manager, the setup application generates an SSL certifi[...]

  • Page 267

    web.keystore"). When the keytool prompts you for the first name and last name, type the pool name of the BlackBerry Administration Service. You can find the pool name in the Administration Service – High Availability tab. 4. If you want to use a trusted certificate, using the keytool, import the root certificate of the certification authori[...]

  • Page 268

    can use Microsoft Active Directory authentication to log users into the BlackBerry Administration Service console and the BlackBerry Web Desktop Manager. You must install the BlackBerry Enterprise Server in the resource forest if a resource forest exists in your organization's environment. In the resource forest, you create a mailbox for each [...]

  • Page 269

    6. In the User domain field, type the name of the Windows domain that is a part of the resource forest. 7. In the Global Catalog search base field, perform one of the following actions: • To permit the BlackBerry Administration Service to search the global catalog, leave the Global Catalog search base field blank. • To control which user accoun[...]

  • Page 270

    screen and access the BlackBerry Administration Service and BlackBerry Web Desktop Manager directly. The BlackBerry Monitoring Service does not support single sign-on authentication. Before you turn on single sign-on, you must configure constrained delegation for the Microsoft Active Directory account for the BlackBerry Administration Service. Conf[...]

  • Page 271

    4. In the Login domain section, in the Single sign-on authentication for BlackBerry Administration Service turned on drop-down list, click Yes. 5. To configure the Microsoft Active Directory account for each forest, in the Account forest name section, type the user domain name, user name, and password for the Microsoft Active Directory account. 6. [...]

  • Page 272

    Changing password settings for BlackBerry Administration Service authentication If you use BlackBerry Administration Service authentication in your organization's environment, you can change the minimum password length and the number of days until passwords expire to meet the requirements of your organization's security policies. By defau[...]

  • Page 273

    Regenerate the system credentials for the BlackBerry Administration Service The setup application generates the system credentials for the BlackBerry Administration Service during the installation process. The BlackBerry Administration Service uses the system credentials when it communicates with other BlackBerry Enterprise Server components. If yo[...]

  • Page 274

    Protecting and redistributing devices Preparing a device for redistribution to a new user You can prepare a BlackBerry device for redistribution to a new BlackBerry device user by performing one of the following actions: • use the security options on the device to permanently delete all user data • connect the device to the BlackBerry Administr[...]

  • Page 275

    6. Click Assign current device . 7. Search for the new user account that you want to assign the device to. 8. Select the user name. 9. Click Associate user . After you assign the user account to the device, the activation process begins automatically. 10. On the Devices menu, click Attached devices > Device software . 11. Install the application[...]

  • Page 276

    require that a personal device remove only work data when the device receives the Delete only the organization data and remove device IT administrative command over the wireless network. All personal data remains on the device. A BlackBerry device user cannot use the device or make emergency calls while the device deletes the work data. The device [...]

  • Page 277

    Delete only work data from a device Before you begin: If you want to remove your organization's applications from the BlackBerry device, create a software configuration that includes the applications and set the disposition of all work applications to Disallowed in the software configuration. Assign the software configuration to the user accou[...]

  • Page 278

    Using IT administration commands to protect a lost or stolen device The BlackBerry Enterprise Server includes IT administration commands that you can send over the wireless network to protect sensitive data on a BlackBerry device. You can use the commands to lock the device, permanently delete work data, permanently delete user information and appl[...]

  • Page 279

    IT administration command Description You can also specify whether you want to delete or disable a user account from the BlackBerry Enterprise Server after the device deletes all user information and application data. Protect a stolen device 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User . 2. Cl[...]

  • Page 280

    1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User . 2. Click Manage users . 3. Search for a user account. 4. In the search results, click the PIN for the user account. 5. In the Device activation section, click Specify new device password and lock device . 6. Type and confirm an activation password[...]

  • Page 281

    • To disable a user account from the BlackBerry Enterprise Server and remove the BlackBerry Enterprise Server information from the user's mailbox, click Disable the user and remove BlackBerry information from the user's messaging system . 8. Click Yes - Delete all device data and remove device . Administration Guide Protecting and redis[...]

  • Page 282

    Managing administrator accounts Change role permissions To turn on or turn off permissions for administrator accounts, you can change the permissions for the roles that you assigned to the administrator accounts. If an administrator account is a member of a group that you assigned roles to, you can also turn on or turn off the permissions for the a[...]

  • Page 283

    2. Click Manage users . 3. Search for an administrator account. 4. In the search results, click the display name for the administrator account. 5. Click Edit user . 6. On the Roles tab, in the Available roles and Current roles lists, add or remove the appropriate roles. 7. Click Save all . Related information Administrative roles and permissions, 2[...]

  • Page 284

    5. In the Status list, click Delete user . 6. Click Yes - Delete the user . Administration Guide Managing administrator accounts 284[...]

  • Page 285

    Managing groups and user accounts Managing groups You can reduce the time that you spend managing user accounts by creating groups of similar user accounts and assigning shared properties, such as software configurations or IT policies, to the group. Properties that you assign to a group are assigned to all user accounts in the group. You can assig[...]

  • Page 286

    group consists of a set of preconfigured rules which specify the information that administrators can view and the tasks that they can perform using the BlackBerry Administration Service and BlackBerry Monitoring Service. The default groups ensure users without administrative privileges cannot escalate their permissions, for example, junior administ[...]

  • Page 287

    Change the properties of a group After you create a group, specify the properties that you want to apply to all user and administrator accounts in the group. You can copy the properties from one group to another. When you add user accounts or administrator accounts to a group, the group properties apply to the new accounts automatically. 1. In the [...]

  • Page 288

    Managing user accounts You can move user accounts from one user group to another or from one BlackBerry Enterprise Server to another in the BlackBerry Domain. If you move a user account from one BlackBerry Enterprise Server to another, the destination BlackBerry Enterprise Server sends new service books to the BlackBerry device over the wireless ne[...]

  • Page 289

    Move a user account from one BlackBerry Enterprise Server to another 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User . 2. Click Manage users . 3. Search for one or more user accounts. 4. In the search results, select one or more user accounts. 5. In the BlackBerry Enterprise Server status list, c[...]

  • Page 290

    • To delete the BlackBerry Enterprise Server information from the user’s mailbox, click Yes - Disable as BlackBerry user and remove information from the user's mail system . 7. Click Back to search . 8. In the Search users > User criteria section, type the display name for the user account. 9. Click the display name for the user account[...]

  • Page 291

    1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view . 2. Click Email . 3. Click Refresh available user list from company directory . Resend service books to a BlackBerry device 1. In the BlackBerry Administration Service, on the BlackBerry so[...]

  • Page 292

    Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices Managing the default distribution settings for jobs When you create a software configuration and assign it to user accounts, change a software configuration that you assigned to user accounts, or assign or change an IT policy[...]

  • Page 293

    1. In the BlackBerry Administration Service, on the Devices menu, expand Deployment jobs . 2. Click Specify job schedule settings . 3. Click Edit job schedule settings . 4. In the Default delay for each job section, in the Default delay field, type the number of minutes that the BlackBerry Administration Service waits before it creates and processe[...]

  • Page 294

    Task Steps 1. In the Scheduled deployment day(s) drop-down list, click the appropriate recurrence option. If necessary, select the recurrence days. 2. In the Start time drop-down list, click the appropriate option. If necessary, set the start time and end time. 3. Click the Add icon. 5. On the System throttling tab, in the Maximum number of simulta[...]

  • Page 295

    Task Steps Change the default recurrence day for installing, upgrading, or removing BlackBerry Java Applications. 1. Click the Edit icon for the default recurrence day. 2. In the Scheduled deployment day(s) drop-down list, click the appropriate recurrence option. If necessary, select the recurrence days. 3. In the Start time drop-down list, click t[...]

  • Page 296

    Change how to install or update the BlackBerry Device Software You can change the settings that the BlackBerry Administration Service uses to install or upgrade the BlackBerry Device Software on BlackBerry devices. If you change the default distribution settings for the BlackBerry Device Software, your organization's environment might experien[...]

  • Page 297

    maximum number of BlackBerry Device Software tasks that you want the BlackBerry Enterprise Server to process at the same time. The default value is 25. 8. If necessary, in the Total number of tasks per time window per BlackBerry Administration Service instance field, type the total number of BlackBerry Device Software tasks that you want the BlackB[...]

  • Page 298

    Task Steps 3. Click the Add icon. 5. On the System throttling tab, in the Maximum number of simultaneous tasks per BlackBerry Administration Service instance field, type the maximum number of tasks that you want the BlackBerry Enterprise Server to process at the same time. The default value is 1000. 6. On the Job throttling tab, to turn on throttli[...]

  • Page 299

    Specify the start time and priority for a job If a job has not started running, you can specify when you want the job to start. If you do not specify the start time for a job, the job starts according to the distribution settings that you configured in the BlackBerry Administration Service. You can also change the priority of a job. By default, all[...]

  • Page 300

    Task Steps 2. In the Scheduled deployment day(s) drop-down list, click the appropriate recurrence option. If necessary, select the recurrence days. 3. In the Start time drop-down list, click the appropriate option. If necessary, change the start time and end time. 4. Click the Update icon. By default, the recurrence day is Every day and the start t[...]

  • Page 301

    2. Click Manage deployment jobs . 3. Search for the job that you want to change. 4. In the search results, click the ID of the job that you want to change. 5. Click Edit job . 6. On the Application Distribution tab, perform any of the following tasks: Task Steps Change the default recurrence day for installing, upgrading, or removing BlackBerry Jav[...]

  • Page 302

    Change how a job sends the BlackBerry Device Software to BlackBerry devices You can change how the BlackBerry Administration Service installs or updates the BlackBerry Device Software in a specific job on BlackBerry devices. You can change the distribution settings for a job for the BlackBerry Device Software only if the job is not running. If you [...]

  • Page 303

    8. If necessary, in the Default throttling for all BlackBerry Device Software tasks in each job in a time window section, in the Maximum number of simultaneous tasks per BlackBerry Administration Service instance field, type the maximum number of BlackBerry Device Software tasks in the job that you want the BlackBerry Enterprise Server to process a[...]

  • Page 304

    Task Steps Add a recurrence day for sending or updating standard application settings. To add more than one recurrence day, the schedules for the separate recurrence days cannot overlap. 1. In the Scheduled deployment day(s) drop-down list, click the appropriate recurrence option. If necessary, click the recurrence days. 2. In the Start time drop-d[...]

  • Page 305

    BlackBerry Java Application from the application repository if the BlackBerry Java Application is in a software configuration. 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Software > Applications . 2. Click Manage applications . 3. Search for a BlackBerry Java Application. 4. In the search resul[...]

  • Page 306

    Managing software configurations Remove a software configuration from a group If you remove a software configuration from a group, the applications in the software configuration are removed from the BlackBerry devices that are associated with the user accounts that belong to the group. 1. In the BlackBerry Administration Service, on the BlackBerry [...]

  • Page 307

    9. Click Save . Remove a software configuration from a user account If you remove a software configuration from a user account, the applications in the software configuration are removed from the BlackBerry device associated with the user account. 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User .[...]

  • Page 308

    Managing how users access enterprise applications and web content Restricting user access to content on web servers You can prevent BlackBerry device users from accessing specific web servers using the BlackBerry Browser or applications on BlackBerry devices. To specify the web servers that you want users to access, you can turn on pull authorizati[...]

  • Page 309

    5. Click Save all . Users cannot access web content on their BlackBerry devices until you permit the users to access specific web servers using pull rules. After you finish: To permit users to access specific web servers, specify allowed web address patterns and assign the web address patterns to a pull rule, and assign the pull rule to a user acco[...]

  • Page 310

    5. In the Control type drop-down list, click Pull . 6. Click the Add icon. 7. Click Save all . After you finish: Restrict or permit web address patterns using a pull rule. Restrict or permit web addresses and Intranet addresses using a pull rule Before you begin: • Create a pull rule. • If you want BlackBerry device users to use RSA authenticat[...]

  • Page 311

    • To require that a user authenticates to the RSA Authentication Manager using RSA authentication, click RSA . • To require that the BlackBerry MDS Connection Service authenticates the user using integrated Windows authentication and that a user authenticates to the RSA Authentication Manager using RSA authentication, click Integrated and RSA .[...]

  • Page 312

    7. Click Add . 8. Click Save . Restricting user access to media content in the BlackBerry Browser You can use standard definitions for MIME media types so that you can restrict the media types that the BlackBerry MDS Connection Service can send to the BlackBerry Browser and other applications on BlackBerry devices. For more information about MIME m[...]

  • Page 313

    1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view . 2. Click MDS Connection Service . 3. Click Edit component . 4. In the Media content type field, type the media type and subtype using standard definitions for MIME media types. Use the for[...]

  • Page 314

    Configure download limits for media content types, 312 Configuring Integrated Windows authentication so that users can access resources on your organization's network To permit BlackBerry device users to access resources on your organization's network using BlackBerry devices without requiring the users to type a user name and password ea[...]

  • Page 315

    Configuring the Microsoft Active Directory account to delegate access Prerequisites: Configuring the Microsoft Active Directory account to delegate access to an intranet site • Verify that you configured Integrated Windows authentication for the application server that hosts the intranet site. • Verify that the application server that hosts the[...]

  • Page 316

    2. In Microsoft Active Directory, in the Microsoft Active Directory account properties, if the Delegation tab does not display, update the default HOST SPN registrations for the Microsoft Active Directory account. 3. In the Microsoft Active Directory account properties, on the Delegation tab, configure the following settings: • trust this user fo[...]

  • Page 317

    Configure the Microsoft Active Directory account to delegate access to a shared folder You are required to have only one Microsoft Active Directory account in each Microsoft Active Directory domain that includes the resources that you want to turn on Integrated Windows authentication for. For more information about configuring the Microsoft Active [...]

  • Page 318

    located in a different Microsoft Active Directory domain than the global catalog server, you must create the Microsoft Active Directory account in the Microsoft Active Directory domain that includes the global catalog server. You do not need to configure constrained delegation for the Microsoft Active Directory account that you create in the Micros[...]

  • Page 319

    4. In the Integrated authentication turned on drop-down list, click Yes . 5. For each Microsoft Active Directory account, provide the following information: • In the Delegation user domain field, type the FQDN (for example, ldap.example.com ). • In the Delegation user name field, type the user name. • In the Password and Confirm fields, type [...]

  • Page 320

    Restricting the push application content that users can receive By default, a BlackBerry MDS Connection Service sends push requests from server-side push applications to applications on BlackBerry devices. BlackBerry devices can receive application data and application updates without users requesting the content. You can configure your organizatio[...]

  • Page 321

    use the same authorization password) if your organization's development environment permits it. Verify that the authorization HTTP header in push requests from server-side push applications matches the name and password that you specify for the push initiator. Before you begin: Turn on push authentication for the appropriate instances of the B[...]

  • Page 322

    Restrict push applications from sending data to BlackBerry devices, 320 Create a push rule 1. In the BlackBerry Administration Service, in the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view . 2. Click MDS Connection Service . 3. Click Edit component . 4. On the Access control rules tab, i[...]

  • Page 323

    Assign a push rule to the members of a group Before you begin: • Create a push rule. • Assign push initiators to the push rule. 1. In the BlackBerry Administration Service, in the BlackBerry solution management menu, expand User . 2. Click Manage users . 3. Click View more criteria . 4. Search for a group. 5. Click Select all results in the ent[...]

  • Page 324

    Encrypt push requests that push applications send to BlackBerry devices You can configure a BlackBerry MDS Connection Service to use SSL or TLS to encrypt the push requests that server-side push applications send to BlackBerry devices. By default, the BlackBerry MDS Connection Service does not encrypt the push requests that server-side push applica[...]

  • Page 325

    2. Click the instance that you want to specify device ports for. 3. Click Edit instance . 4. In the Device ports enabled for reliable pushes field, type the device port number. 5. Click the Add icon. 6. Repeat steps 4 to 5 for each device port number that you want to add. 7. Click Save all . 8. Click Restart instance . Related information Restartin[...]

  • Page 326

    Configure the settings for storing push requests in the BlackBerry Configuration Database To manage your organization's system resources, you can configure storage settings for push requests that are stored in the BlackBerry Configuration Database. 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBer[...]

  • Page 327

    Configure the maximum number of queued connections that a BlackBerry MDS Connection Service can process The BlackBerry MDS Connection Service queues push connections when the number of connections exceeds a limit that you specify. You can configure the maximum number of push connections that a BlackBerry MDS Connection Service can queue. The BlackB[...]

  • Page 328

    Managing organizer data synchronization Managing the wireless backup and recovery of organizer data The wireless backup feature backs up user account settings and data from BlackBerry devices to the BlackBerry Enterprise Server automatically. You can use the wireless backup feature to synchronize organizer data to BlackBerry devices without affecti[...]

  • Page 329

    Delete organizer data for members of a user group from the BlackBerry Enterprise Server If the BlackBerry Enterprise Server is not writing organizer data for members of a user group from their BlackBerry devices to the BlackBerry Configuration Database correctly, the organizer data on the BlackBerry Enterprise Server might be corrupted. You can del[...]

  • Page 330

    Turn off organizer data synchronization for all user accounts that are associated with a BlackBerry Enterprise Server 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Synchronization . 2. Click the instance that you want to change. 3.[...]

  • Page 331

    Changing how organizer data synchronizes Change the direction of organizer data synchronization for all user accounts on a BlackBerry Enterprise Server 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Synchronization . 2. Click the in[...]

  • Page 332

    7. On the Organizer data synchronization tab, for each type of organizer data, in the Synchronization type drop-down list, perform one of the following actions: • To synchronize data from the BlackBerry Enterprise Server to the BlackBerry device only, click Server to Device . • To synchronize data from the BlackBerry device to the BlackBerry En[...]

  • Page 333

    2. Click Manage users . 3. Search for a user account. 4. In the search results, click the display name for the user account. 5. Click Edit user . 6. In the Messaging configuration section, click Default configuration . 7. On the Organizer data synchronization tab, for each type of organizer data, in the Conflict resolution drop-down list, perform o[...]

  • Page 334

    6. In the Messaging configuration section, click Default configuration . 7. On the Mappings for organizer data synchronization tab, in the Additional mappings section, in the Picture drop- down list, click None . 8. Click Continue to user information edit . 9. Click Save all . Administration Guide Managing organizer data synchronization 334[...]

  • Page 335

    Managing your organization's messaging environment and attachment support Managing message forwarding You can define the message forwarding settings for user accounts and groups that are associated with the BlackBerry Enterprise Server. The settings control how the BlackBerry Enterprise Server forwards email messages from users’ email applic[...]

  • Page 336

    8. Click Continue to user information edit . 9. Click Save all . Do not deliver email messages to a BlackBerry device when no filter rules apply You can configure a BlackBerry Enterprise Server to prevent the delivery of incoming email messages to a user’s BlackBerry device when no email message filters apply to the email messages. 1. In the Blac[...]

  • Page 337

    • To forward email messages from the user's inbox and sent items folder, click Inbox and Sent Items only . • To select the folders that you want the BlackBerry Enterprise Server to forward messages from, click Selected folders . Click the folders that you want to forward messages from. 8. Click Continue to user information edit . 9. Click [...]

  • Page 338

    5. In the Messaging configuration section, click Default configuration . 6. In the Email services settings section, on the Redirect to BlackBerry device drop-down list, click No . 7. Click Continue to user information edit . 8. Click Save all . After you finish: The user can turn on message forwarding on the BlackBerry device manually. Turn off syn[...]

  • Page 339

    6. In the Messaging configuration section, click Default configuration . 7. In the Email services settings section, in the Redirect when in cradle drop-down list, click No . 8. Click Continue to user information edit . 9. Click Save all . Managing the incoming message queue The incoming message queue stores email messages from an organization'[...]

  • Page 340

    Managing wireless message reconciliation The BlackBerry Enterprise Server synchronizes email message status changes between BlackBerry devices and the email applications on users' computers. The BlackBerry Enterprise Server reconciles message moves, deletions, and indicators for read and unread messages every 30 minutes. By default, wireless m[...]

  • Page 341

    1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Email . 2. Click the instance that you want to change. 3. Click Edit instance . 4. On the Messaging tab, in the Messaging options section, in the Hard deletes reconciliation drop-down l[...]

  • Page 342

    • If you want to change a BlackBerry Enterprise Server pair, click one of the instances, and on the Instance information tab, click Restart instance . Repeat this step for the other instance in the pair. • In the Windows Services, restart the BlackBerry Dispatcher. 7. Repeat step 2 to step 6 for each BlackBerry Enterprise Server instance that y[...]

  • Page 343

    After you finish: To turn on the ability to search for remote messages, in the Messaging Options section, change Remote search turn on to True . Click Save all . Restart the BlackBerry Enterprise Server. Related information Restarting BlackBerry Enterprise Server components, 392 Managing email messages that contain HTML and rich content The BlackBe[...]

  • Page 344

    Turn off support for rich text formatting and inline images in email messages for users on a BlackBerry Enterprise Server You can prevent the BlackBerry Enterprise Server from sending email messages that contain HTML and rich content to BlackBerry devices. When you turn off rich text formatting, the BlackBerry Enterprise Server sends all email mess[...]

  • Page 345

    Turn off support for rich text formatting and inline images in email messages using an IT policy rule You can change an IT policy rule to prevent the BlackBerry Enterprise Server from sending email messages that contain HTML and rich content or inline images to users. If you turn off support for rich text formatting, the BlackBerry Enterprise Serve[...]

  • Page 346

    Synchronizing folders on the BlackBerry device Control which published public contact folders a user can synchronize to a BlackBerry device By default, a user can synchronize contacts from all of the published public contact folders on the messaging server with the contact lists on a BlackBerry device. To help manage network resources, you can sele[...]

  • Page 347

    3. Search for a user account. 4. Click the display name for the user account. 5. Click Edit User . 6. In the Messaging configuration section, click Device configuration . 7. On the Email tab, in the Private contact folders section, select the private contact subfolders that you want to permit the user to synchronize with the contact lists on the Bl[...]

  • Page 348

    Configuring access to documents on remote file systems By default, the BlackBerry MDS Connection Service can search your organization's Windows network for any documents that users might want to access from the BlackBerry devices. In BlackBerry Enterprise Server version 5.0 or later and BlackBerry Device Software version 5.0 or later, if you w[...]

  • Page 349

    (for example, the DFS Namespace in Windows Server) and <fs_path> is the optional directory path that can include a specific filename. When you type the UNC path, you can use an asterisk (*) to represent a sequence of arbitrary characters (including blank spaces), a question mark (?) to represent a single arbitrary character, and a backslash ([...]

  • Page 350

    • To change an existing configuration set, click the Edit icon. 5. In the Priority Service group drop-down list, click the name of the service that you want to configure the communication method for. 6. In the Service (Name : Description) drop-down list, click the name of the communication method that you want to configure. 7. Click the Add icon.[...]

  • Page 351

    4. Click Edit instance . 5. On the Component Configuration Sets tab, in the Available component configuration sets section, in the Service configuration sets drop-down list, click the configuration set that you want to assign to the BlackBerry MDS Connection Service instance. 6. Click Save all . 7. To restart the BlackBerry MDS Connection Service i[...]

  • Page 352

    Add a disclaimer to email messages that users send from BlackBerry devices You can add a disclaimer to email messages that users send from their BlackBerry devices. Users cannot change the disclaimers that you define. 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry solution topology > BlackBerry[...]

  • Page 353

    8. Click Continue to user information edit . 9. Click Save all . Specify conflict rules for disclaimers If you associate multiple disclaimers with a user account, you can specify conflict rules for the disclaimer to define the order in which the BlackBerry Enterprise Server applies the disclaimers. For example, you can configure the BlackBerry Ente[...]

  • Page 354

    Monitor email messages that users send from BlackBerry devices To monitor the content of email messages that users send from their BlackBerry devices, you can BCC specific email addresses on the email messages. You can BCC the email addresses of all of the users that you assign to a BlackBerry Messaging Agent. When you automatically BCC email addre[...]

  • Page 355

    appropriate for informing users about messaging server outages because BlackBerry devices send and receive PIN messages directly, without using the messaging server. BlackBerry devices do not apply filters to PIN messages. When users reply to a notification email message, their BlackBerry devices send the replies to the Windows account that you use[...]

  • Page 356

    6. Click Send message . Send a notification message to a user 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User . 2. Click Manage users . 3. Search for a user account. 4. In the search results, click the name of a user account. 5. Click Send message to user . 6. Type the message that you want to se[...]

  • Page 357

    How the BlackBerry Attachment Connector communicates with BlackBerry Attachment Service instances When a user sends a request to view an email message attachment on a BlackBerry device, the BlackBerry device sends a request to the BlackBerry Enterprise Server to convert the attachment. The BlackBerry Enterprise Server uses a BlackBerry Attachment C[...]

  • Page 358

    1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Attachment > Connector . 2. Click the instance that you want to change. 3. Click Edit instance . 4. In the General section, in the Minimum wait for retry per request field, type the [...]

  • Page 359

    Attachment file formats that the BlackBerry Attachment Service supports Format Extension Adobe Acrobat .pdf ASCII text .txt audio .amr, .mp3, .wav, .wma Corel WordPerfect 7-10 .wpd HTML .htm, .html images .bmp, .gif, .jpeg, .jpg, .png, .ppm, .tif, .t iff, .wmf Microsoft Excel 97-2003, 2007, and XP .xls, .xlsx Microsoft PowerPoint 97-2003, 2007, and[...]

  • Page 360

    Format and extension Limitations OpenOffice Format version 1.1 — .odp files The BlackBerry Attachment Service supports .odp files that users create using IBM Lotus Symphony only. The fonts that can be displayed in slides are dependent on the font types that are available on the BlackBerry Attachment Service. If a specific font is not available, t[...]

  • Page 361

    Format and extension Limitations • charts • style effects for cells: shadow, borders • headers and footers • drawing objects and Fontwork objects Changing how a BlackBerry Attachment Service converts attachments If the BlackBerry Enterprise Server receives requests from BlackBerry device users to view email message attachments, the BlackBer[...]

  • Page 362

    4. In the General section, configure the BlackBerry Attachment Service optimization settings. 5. Click Save . BlackBerry Attachment Service optimization settings Setting Description Range Submit port This setting specifies the TCP/IP port number that a BlackBerry Attachment Service uses to listen for and receive attachment conversion requests in a [...]

  • Page 363

    Setting Description Range The default value is 4. Server busy time (seconds) This setting specifies the threshold at which the BlackBerry Attachment Service does not accept new conversion requests. The default value is 120 seconds. 60 to 270 seconds Allow remote services This setting specifies whether you prevent or permit remote TCP/IP connections[...]

  • Page 364

    Suggested file sizes for attachments File format Suggested size Adobe Acrobat versions 1.1, 1.2, 1.3, and 1.4 less than 2000 KB ASCII text less than 100 KB audio less than 2000 KB Corel WordPerfect versions 6.0, 7.0, 8.0, 9.0 (2000), and 10.0 less than 2000 KB HTML less than 100 KB images less than 2000 KB Microsoft Excel versions 97, 2000, 2003, 2[...]

  • Page 365

    3. Click Edit instance . 4. In the Distiller display name section, in the Allowed column, specify which distillers are supported for the instance. 5. Click Save . After you finish: Restart the BlackBerry Attachment Service. Related information Restarting BlackBerry Enterprise Server components, 392 Add support for an additional attachment file form[...]

  • Page 366

    Changing how the BlackBerry Messaging Agent reconciles attachments to the messaging server The BlackBerry Messaging Agent receives message attachments from supported BlackBerry devices and reconciles the attachments to the messaging server. The BlackBerry Attachment Service does not convert the attachments. The entries in the CMIME service book on [...]

  • Page 367

    1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Email . 2. Click the instance that you want to change. 3. Click Edit instance . 4. On the Messaging tab, in the Messaging options section, perform any of the following actions: • To c[...]

  • Page 368

    1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Email . 2. Click the instance that you want to change. 3. Click Edit instance . 4. On the Messaging tab, in the Messaging options section, in the Maximum single attachment download size[...]

  • Page 369

    Managing calendars Configuring the BlackBerry Enterprise Server to use Microsoft Exchange Web Services or MAPI and CDO libraries By default, the BlackBerry Enterprise Server uses Microsoft Exchange Web Services to manage calendars on BlackBerry devices. The BlackBerry Enterprise Server monitors periodically whether a user account can use Microsoft [...]

  • Page 370

    • Configure Microsoft Exchange Impersonation for a BlackBerry Enterprise Server administrator account. For more information about configuring Microsoft Exchange Impersonation, visit msdn.microsoft.com/en-us/library/ bb204095.aspx and select the appropriate tab for Microsoft Exchange 2007 or Microsoft Exchange 2010. • Assign IIS permissions to a[...]

  • Page 371

    BlackBerry Messaging Agent. If you configured high availability, configure only the primary BlackBerry Enterprise Server. • To configure all BlackBerry Messaging Agent instances on a specific BlackBerry Enterprise Server to use Microsoft Exchange Web Services, type traittool -server <server_name> -trait EWSEnable -set true , where <serve[...]

  • Page 372

    • To configure all BlackBerry Messaging Agent instances on all BlackBerry Enterprise Server instances to use MAPI and CDO libraries, type traittool -global -trait EWSEnable -set false . 5. Restart the BlackBerry Messaging Agent instances that you made changes to. Related information Restarting BlackBerry Enterprise Server components, 392 Configur[...]

  • Page 373

    Restarting BlackBerry Enterprise Server components, 392 Configure the BlackBerry Messaging Agent instances to use a specific web address for a client access server for Microsoft Exchange You can configure the BlackBerry Messaging Agent instances to use a specific client access server for Microsoft Exchange to connect to Microsoft Exchange Web Servi[...]

  • Page 374

    Configuring the BlackBerry Messaging Agent instances to look up the user's status using only Microsoft Exchange Web Services You can configure the BlackBerry Messaging Agent instances to use only Microsoft Exchange Web Services to determine the user's status, for example, whether a user is available, busy, or offline. By default, the Blac[...]

  • Page 375

    Correcting calendar synchronization errors on devices If you run corrective calendar synchronization on a BlackBerry Enterprise Server instance, you can find and correct differences between the calendar entries on BlackBerry devices and the calendar entries on users' computers. You can specify a recurring day and time when the process can run [...]

  • Page 376

    Turn off corrective calendar synchronization By default, corrective calendar synchronization is turned on. If you do not want the BlackBerry Enterprise Server to check for differences between calendar entries on BlackBerry devices and calendar entries on users' computers, you can turn off corrective calendar synchronization. 1. Copy the BlackB[...]

  • Page 377

    View the current settings for corrective calendar synchronization 1. Copy the BlackBerry Enterprise Server installation files to a computer that hosts a BlackBerry Enterprise Server instance. 2. Extract the contents to a folder on the computer. 3. At the command prompt, navigate to the folder that the TraitTool.exe file is located in. 4. Perform on[...]

  • Page 378

    • To turn off automatic correction of calendar synchronization errors for a specific user account, type traittool -user <smtp_address> -trait ExchangeSmartSyncSendUpdate -set false . • To turn off automatic correction of calendar synchronization errors for all user accounts that are associated with a BlackBerry Enterprise Server, type tra[...]

  • Page 379

    • To check for calendar synchronization errors during a specific range of days in the calendar for all user accounts, type traittool -global -trait ExchangeSmartSyncDays -set <value> , where <value> is a number from 1 to 365. 5. Press ENTER. Example: To configure corrective calendar synchronization to check calendar entries for the pe[...]

  • Page 380

    Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday, Weekdays, Weekends, or Daily. The default value is Daily. • To configure calendar synchronization to recur on specific days for all user accounts that are associated with a BlackBerry Enterprise Server, type traittool -server <server_name> -trait ExchangeSmartSyncSchedule -set <valu[...]

  • Page 381

    Item Description MOD specifies that a calendar item is missing on the device MOO specifies that a calendar item is missing in the email application SAM specifies that a calendar item is the same on the device and in the email application SmartSyncFireOff specifies that the calendar synchronization process was initiated using the BlackBerry Enterpri[...]

  • Page 382

    Start corrective calendar synchronization manually for a user account By default, the BlackBerry Enterprise Server synchronizes the calendar on each BlackBerry device user's computer with the calendar on each user's BlackBerry device at a regular interval. You can use the BlackBerry Administration Service to start corrective calendar sync[...]

  • Page 383

    For more information, visit www.blackberry.com/support to read KB 21413. Change how the BlackBerry Enterprise Server creates temporary MAPI profiles for the CalHelper application 1. On the computer that hosts the BlackBerry Enterprise Server, on the taskbar, click Start > Run . 2. Type regedit. 3. Click OK . 4. Perform one of the following actio[...]

  • Page 384

    Managing instant messaging The BlackBerry Collaboration Service is designed to provide a connection between your organization's instant messaging server and the collaboration client on BlackBerry devices. In some instant messaging environments, you can use TLS or HTTPS to encrypt the connection between specific instant messaging components. Th[...]

  • Page 385

    Change the instant messaging server or pool that a BlackBerry Collaboration Service connects to 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Collaboration . 2. Expand the instant messaging environment. 3. Click the instance that y[...]

  • Page 386

    4. Click Edit instance . 5. In the Connection settings section, perform one of the following actions: Option Description For Microsoft Office Communications Server 2007 R2 In the Transport protocol drop-down list, perform one of the following actions: • click TLS if you want the BlackBerry Collaboration Service to encrypt the data that it sends t[...]

  • Page 387

    Managing instant messaging sessions Specify the maximum number of instant messaging sessions that can be open at the same time To control bandwidth and resource consumption in your organization's environment, you can specify the number of instant messaging sessions that can be open between the BlackBerry Collaboration Service and the instant m[...]

  • Page 388

    Managing instant messaging features Prevent users from sending specific file types to instant messaging contacts using the BlackBerry Client for IBM Lotus Sametime On BlackBerry devices that are running BlackBerry Device Software version 4.2 or later and the latest version of the BlackBerry Client for IBM Lotus Sametime, users can send files to the[...]

  • Page 389

    Prevent users from sending instant messaging conversations in email messages Using the latest version of the BlackBerry Client for use with Microsoft Office Live Communications Server 2005, BlackBerry Client for use with Microsoft Office Communications Server 2007, or BlackBerry Client for IBM Lotus Sametime, BlackBerry device users can send their [...]

  • Page 390

    3. Click the instance that you want to change. 4. Click Edit instance . 5. In the General section, in the Show Mobile Icon drop-down list, click False . 6. Click Save all . Make additional contact information and phone numbers available for the BlackBerry Client for IBM Lotus Sametime users In the latest version of the BlackBerry Client for IBM Lot[...]

  • Page 391

    <Set Set id="_done213238950373320" params="MailAddress,Name,Title,Location,Telephone,Photo,Company,OfficePhone,HomePhone,CellPhone,Manag er,Department,HomeAddress,HomeZip,HomeState,HomeCity,WorkAddress,WorkZip,WorkCity,WorkState,LoginId"/> 6. Save the UserInfoConfig.xml file. 7. Restart the IBM Lotus Domino server. 8. To v[...]

  • Page 392

    Managing a BlackBerry Domain Restarting BlackBerry Enterprise Server components When you complete certain tasks, you need to restart one or more BlackBerry Enterprise Server components. You restart the BlackBerry Enterprise Server components using the BlackBerry Administration Service or Windows services. BlackBerry Enterprise Server component Comp[...]

  • Page 393

    BlackBerry Enterprise Server component Component name in the BlackBerry Administration Service Associated service in Windows Services BlackBerry Administration Service BlackBerry Administration Service • BlackBerry Administration Service - Application Server • BlackBerry Administration Service - Native Code Container BlackBerry Web Desktop Mana[...]

  • Page 394

    • BlackBerry Dispatcher • BlackBerry Attachment Service • BlackBerry Controller • All of the remaining services for BlackBerry Enterprise Server components Best practice: Restarting more than one BlackBerry Administration Service instance To restart all BlackBerry Administration Service instances without issues, the best practice is to stop[...]

  • Page 395

    Task Steps Display the current version of the trait tool and a summary of valid commands. Type traittool . Display all possible traits, the expected data types, and any value restrictions. Type traittool -show . Display a list of traits that were configured in the BlackBerry Domain. Type traittool {*} -list . Configure the value of a trait in the B[...]

  • Page 396

    Trait Description ACP data that BlackBerry devices can receive is 4 bytes. The BlackBerry Enterprise Server check-s the value of this trait to find out how many bytes of ACP data to send to devices. If the version of the BlackBerry Device Software that the device is running is earlier than the version that this trait specifies, the BlackBerry Enter[...]

  • Page 397

    Trait Description not configure these traits, you cannot use HTTP basic authentication for proxy authentication. For more information, see Configure the BlackBerry Administration Service to use HTTP basic authentication . CalendarRescanInterval This trait specifies the amount of time, in minutes, that can occur between the scans that the BlackBerry[...]

  • Page 398

    Trait Description EWSEnable This trait specifies how the BlackBerry Enterprise Server manages calendars on devices. You can configure this trait for a specific BlackBerry Messaging Agent, all BlackBerry Messaging Agent instances on a specific BlackBerry Enterprise Server, or all BlackBerry Messaging Agent instances on all BlackBerry Enterprise Serv[...]

  • Page 399

    Trait Description EWSServiceAccount Service account name that you can use to connect to Microsoft Exchange Web Services to impersonate all other BlackBerry Enterprise Server users. EWSUserAvailabilityAccess This trait specifies whether the BlackBerry Messaging Agent receives the user's status using Microsoft Exchange Web Services or by searchi[...]

  • Page 400

    Trait Description workload on the Microsoft Exchange Server, BlackBerry Messaging Agent 5.0 SP2 or later does not write statistics to user mailboxes when it processes email messages. If you want the BlackBerry Messaging Agent to write statistics to users' Microsoft Exchange mailboxes, change the value to true (1). By default, the value is fals[...]

  • Page 401

    Trait Description The default value is Daily. For more information, see Configure when corrective calendar synchronization runs . ExchangeSmartSyncSendUpdate This trait specifies whether the calendar synchronization process writes calendar synchronization errors to the BlackBerry Messaging Agent log file, or writes the errors to the log file and co[...]

  • Page 402

    Trait Description to update the user directory in the BlackBerry Configuration Database, change the value to false (0). The default value is true (1), the BlackBerry Mail Store Service updates the user directory in the BlackBerry Configuration Database. For more information, see Configure the BlackBerry Mail Store Service instance that updates the [...]

  • Page 403

    Trait Description The default value is 10. MaxSyncServerSlowSyncsPerMin This trait specifies the maximum number of pending full synchronization events that the BlackBerry Synchronization Service can process each minute. The default value is 30. MonitorJunkEmailFolderForETP This trait specifies whether the BlackBerry Messaging Agent monitors the Jun[...]

  • Page 404

    Trait Description The default value is 3:18. Contact a BlackBerry Technical Support representative before you change the default value of this trait. PolicyThrottlingAppPush This trait specifies whether the BlackBerry Policy Service uses throttling to send applications the same way that it throttles IT policies and service books. If you want the Bl[...]

  • Page 405

    Trait Description PolicyThrottlingP2PKeyRate This trait specifies the maximum number of processes for PIN encryption keys that a BlackBerry Policy Service can process at one time before the BlackBerry Policy Service schedules additional processes for PIN encryption keys. The default value is 60. For more information, see Configuring BlackBerry Poli[...]

  • Page 406

    Trait Description UserHealthPercentage This trait specifies the percentage of user accounts that are healthy. The BlackBerry Dispatcher uses this trait to change the User accounts health parameter. If either of the health parameters indicate that the primary BlackBerry Enterprise Server is unhealthy and you turn on automatic failover, the BlackBerr[...]

  • Page 407

    • To permit all BlackBerry Messaging Agent instances to write statistics to users' Microsoft Exchange mailboxes, type TraitTool -global -trait ExchangeEnableWriteUserStatsToMailbox -set true . • To permit all BlackBerry Messaging Agent instances that are associated with a specific BlackBerry Enterprise Server to write statistics to users&a[...]

  • Page 408

    Copy a BlackBerry CAL key to a text file You can copy a BlackBerry CAL key to a text file and save it on a computer for reference if you want to transfer CAL keys to a different BlackBerry Enterprise Server or troubleshoot BlackBerry CAL key issues. 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry s[...]

  • Page 409

    contact list, the BlackBerry Configuration Database might not contain the contact information for all user accounts on your organization's messaging server. If the BlackBerry Configuration Database does not contain contact information for a user account, you cannot create the user account by searching for the contact information in the BlackBe[...]

  • Page 410

    organization’s contact list and restrict users from accessing the contact information of other organizations that also subscribe to the Hosted BlackBerry services. If your organization permits customers to have limited access or read-only access to the Microsoft Active Directory, you can configure the BlackBerry Enterprise Server to use MAPI, LDA[...]

  • Page 411

    • If you are running a 64-bit version of Windows, navigate to HKEY_LOCAL_MACHINESoftwareWOW6432Node Research In MotionBlackBerry Enterprise ServerAgents. 4. Create a DWORD value named HostedServer . 5. Change the value to 1 . 6. In the Windows Services, restart the BlackBerry Controller. Related information Configuring the BlackBerry Enterpr[...]

  • Page 412

    Before you begin: • Configure the BlackBerry Enterprise Server to retrieve email addresses using LDAP. • Verify that the BlackBerry Enterprise Server version is version 5.0 SP2 or later. 1. On the computer that hosts the BlackBerry Enterprise Server, click Start > Run . 2. Type regedit . Click OK . 3. Perform one of the following actions: ?[...]

  • Page 413

    You can configure the following options when you configure the BlackBerry Enterprise Server to use LDAP to retrieve email addresses and organizer data: • Windows domain that the Microsoft Active Directory uses • whether to use LDAPS to connect to Microsoft Active Directory • timeout value for the connection to Microsoft Active Directory • w[...]

  • Page 414

    b. Change the value to the port number. To limit the number of LDAP queries that the BlackBerry Enterprise Server needs, use the port number of the global catalog server (port 3268). 6. If the BlackBerry Enterprise Server must use LDAPS to connect to the Microsoft Active Directory, perform the following actions: a. Create a DWORD value named LDAPss[...]

  • Page 415

    b. Change the value to 1 . 8. In the Windows Services, restart the BlackBerry Controller. Related information Restarting BlackBerry Enterprise Server components, 392 Prevent the BlackBerry Enterprise Server from retrieving contact information for specific users If you are required by your organization to prevent BlackBerry device users from finding[...]

  • Page 416

    6. In the Windows Services, restart the BlackBerry Controller. Related information Restarting BlackBerry Enterprise Server components, 392 Restrict the location in Microsoft Active Directory that the BlackBerry Enterprise Server can retrieve email addresses and organizer data from You can configure a BlackBerry Enterprise Server instance so that it[...]

  • Page 417

    • sends IT policies and service books that you update to all BlackBerry devices that are associated with the BlackBerry Enterprise Server instance that the BlackBerry Policy Service runs on • sends updated PIN encryption keys to all devices that are associated with the BlackBerry Enterprise Server instance that the BlackBerry Policy Service run[...]

  • Page 418

    the maximum number of IT policies and service books that all BlackBerry Policy Service instances can send to devices each minute. If you configure throttling, the BlackBerry Policy Service determines which users that are associated with the BlackBerry Enterprise Server instance that the BlackBerry Policy Service runs on require a new IT policy or s[...]

  • Page 419

    Configuring BlackBerry Policy Service throttling for PIN encryption keys If the BlackBerry Policy Service detects that you updated the PIN encryption keys in the BlackBerry Configuration Database, the BlackBerry Policy Service verifies which BlackBerry device users require a new key and then schedules a certain number of users at equal intervals ov[...]

  • Page 420

    If you do not configure throttling, the BlackBerry Policy Service tries to process tasks as fast as the server permits, which might result in an unexpected increase in CPU usage and database usage. If you configure throttling, the BlackBerry Policy Service sends applications to devices using the same method that it uses to throttle IT policies and [...]

  • Page 421

    Change the port number that BlackBerry Enterprise Server components use to connect to the BlackBerry Configuration Database You can change the static port number that BlackBerry Enterprise Server components use if you changed the port number that the BlackBerry Configuration Database uses after you install the BlackBerry Enterprise Server. By defau[...]

  • Page 422

    Change the port number that the syslog tools use to monitor BlackBerry Enterprise Server events You can change the port number that the syslog tools listen on to monitor BlackBerry Enterprise Server events. By default, the syslog tools listen to events for the BlackBerry Enterprise Server on port 514. 1. On the computer that hosts the BlackBerry En[...]

  • Page 423

    BlackBerry Controller and BlackBerry Enterprise Server Component Monitoring How the BlackBerry Controller monitors the BlackBerry Enterprise Server components The BlackBerry Controller enables the BlackBerry Enterprise Server to continue running if nonresponsive threads occur or BlackBerry Enterprise Server services become inactive. The BlackBerry [...]

  • Page 424

    • If you are running a 32-bit version of Windows, navigate to HKEY_LOCAL_MACHINESoftwareResearch In Motion BlackBerry Enterprise Server. • If you are running a 64-bit version of Windows, navigate to HKEY_LOCAL_MACHINESoftware WOW6432Node Research In MotionBlackBerry Enterprise Server. 3. Click Controller . 4. Perform any of the following[...]

  • Page 425

    Task Steps Prevent the BlackBerry Controller from restarting the BlackBerry Messaging Agent when a nonresponsive thread occurs. 1. Create a DWORD value that is named WaitToRestartAgentOnHung . 2. Double-click the new DWORD value. 3. In the Value data field, type 0 . The default value is 6. Prevent the BlackBerry Controller from restarting the Black[...]

  • Page 426

    Task Steps Prevent the BlackBerry Messaging Agent from restarting if the BlackBerry Controller does not receive health checks from it. 1. Create a DWORD value that is named MissedHeartbeatThreshold . 2. Double-click the new DWORD value. 3. In the Value data field, type 0 . 5. Click OK . Change how the BlackBerry Controller restarts a BlackBerry Ent[...]

  • Page 427

    Task Steps • To prevent the BlackBerry Controller from restarting the BlackBerry Collaboration Service if the service stops responding, type 0 . • To permit the BlackBerry Controller to restart the BlackBerry Collaboration Service if the service stops responding, type 1 . Change how the BlackBerry Controller restarts the BlackBerry MDS Connecti[...]

  • Page 428

    Task Steps • To prevent the BlackBerry Controller from restarting the BlackBerry Policy Service if the service stops responding, type 0 . • To permit the BlackBerry Controller to restart the BlackBerry Policy Service if the service stops responding, type 1 . Change how the BlackBerry Controller restarts the BlackBerry Synchronization Service. 1[...]

  • Page 429

    3. Click Edit instance . 4. In the SMTP host name field, type the SMTP host name of your organization's gateway in DNS format (for example, smtp.CompanyName.com). 5. In the SMTP account name field, type the name of the SMTP account that you want to send notifications from. 6. In the SMTP from address field, type the SMTP address that you want [...]

  • Page 430

    6. In the Email address field, type the recipient's email address. 7. To send notification messages as popup messages on the contact's computer, in the Console field, type the name of the contact's computer. 8. Click OK . Related information Restarting BlackBerry Enterprise Server components, 392 Administration Guide BlackBerry Contr[...]

  • Page 431

    BlackBerry Enterprise Server log files Monitoring PIN messages, SMS text messages, and calls Change the default location for the log files for PIN messages, SMS text messages, and calls Note: The log files for PIN messages, SMS text messages, and calls store confidential information in plain-text format. To protect the information, you must restric[...]

  • Page 432

    2. Click Manage IT policies . 3. In the list of IT policies, click an IT policy. 4. Click Edit IT policy . 5. On the PIM Synchronization tab, in the Disable PIN Messages Wireless Synchronization drop-down list, click No . 6. Click Save all . Monitor SMS text messages You can use the log files for SMS text messages to monitor the time and the freque[...]

  • Page 433

    Log files for BlackBerry Enterprise Server components You can use log files to record the activity of BlackBerry Enterprise Server components and troubleshoot issues with the components. The BlackBerry Enterprise Server creates a log file for each BlackBerry Enterprise Server component and saves the log files on the computer that hosts the BlackBer[...]

  • Page 434

    Store the log files for BlackBerry Enterprise Server components in one folder You can store the log files for BlackBerry Enterprise Server components in one folder instead of permitting the BlackBerry Enterprise Server to save the log files in folders that it creates daily and organizes by date. 1. In the BlackBerry Administration Service, on the S[...]

  • Page 435

    Change the maximum size of the log file for a BlackBerry Enterprise Server component When the log file for a BlackBerry Enterprise Server component reaches its maximum size, the BlackBerry Enterprise Server either creates an additional log file for the component or overwrites the current one, depending on whether you turn on log auto-roll. By defau[...]

  • Page 436

    • To write additional information to the log files that can help you troubleshoot issues with your organization's environment, click Debug . 5. Click Save all . 6. On the Servers and components menu, locate and restart the components that contain the logging settings that you changed. Related information Restarting BlackBerry Enterprise Serv[...]

  • Page 437

    5. Click Save all . 6. On the Servers and components menu, locate and restart the components that contain the logging settings that you changed. Related information Restarting BlackBerry Enterprise Server components, 392 Prevent a BlackBerry Enterprise Server component from creating a daily log file 1. In the BlackBerry Administration Service, on t[...]

  • Page 438

    Change the character encoding of the log file for a BlackBerry Enterprise Server component You can change the character encoding of the log files of a BlackBerry Enterprise Server component so that the encoding supports the tools that you use to parse and examine the log files. You can specify a different character encoding for each BlackBerry Ente[...]

  • Page 439

    Related information Restarting BlackBerry Enterprise Server components, 392 Component identifiers for log files You can identify the names for the BlackBerry Enterprise Server log files using the following component identifiers: Component identifier Logging component ACNV BlackBerry Attachment Service attachment conversion ALRT BlackBerry Enterpris[...]

  • Page 440

    Component identifier Logging component DCS BlackBerry Monitoring Service Data Collection Subsystem DISP BlackBerry Dispatcher EXTS extension connector HHCG BlackBerry Configuration Panel MAGT BlackBerry Messaging Agent MAST BlackBerry Mail Store Service MDAT BlackBerry MDS Connection Service POLC BlackBerry Policy Service ROUT BlackBerry Router SYN[...]

  • Page 441

    4. In the File logging destination , UDP logging destination , TCP logging destination , or EventLog logging destination sections, select one of the following logging levels from the Log level drop-down list: • To write events to the log files, click Event . • To write error messages to the log files, click Error . • To write warning messages[...]

  • Page 442

    3. On the Logging tab, click Edit instance . 4. In the UDP logging destination section, in the Location field, type the host name and port number using the format <host_name>:<port_number> . 5. Click Save all . Related information Restarting BlackBerry Enterprise Server components, 392 Change the host and port number that the BlackBerry[...]

  • Page 443

    1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > MDS Connection Service . 2. Click a BlackBerry MDS Connection Service instance. 3. On the Logging tab, click Edit instance . 4. In the Logging section, perform any of the following task[...]

  • Page 444

    5. Click Save all . Related information Restarting BlackBerry Enterprise Server components, 392 Using BlackBerry MDS Connection Service log files to view information for proxied connections to BlackBerry devices The BlackBerry Enterprise Server writes data for each BlackBerry device connection that the BlackBerry MDS Connection Service proxies in t[...]

  • Page 445

    Attribute Description CONNECTION_TYPE initiator of the proxied connection, which can be either the BlackBerry device user (DEVICE_CONN) or BlackBerry Enterprise Server (PUSH_CONN ) CONNECTIONID unique identifier for an IPPP connection, where - (minus sign) indicates a push connection DURATION(ms) duration of the proxied BlackBerry device connection[...]

  • Page 446

    Task Steps Trace how data packets travel inside the GME network layer from the BlackBerry Collaboration Service to the BlackBerry Dispatcher. In the GME logging turned on drop-down list, click True . 5. Click Save all . Related information Restarting BlackBerry Enterprise Server components, 392 Administration Guide BlackBerry Enterprise Server log [...]

  • Page 447

    BlackBerry Enterprise Solution connection types and port numbers The BlackBerry Enterprise Server components authenticate the port connections over a TCP/IP or UDP/IP connection that uses SSL or TLS. BlackBerry Administration Service connection types and port numbers Item Connection type Default port number UI where you can configure the connection[...]

  • Page 448

    Item Connection type Default port number UI where you can configure the connection Research In Motion BlackBerry Enterprise Server DatabasePort incoming data connections from, and outgoing data connections to, browsers HTTPS 443 BlackBerry Configuration Panel incoming data connections from, and outgoing data connections to, BlackBerry Enterpris[...]

  • Page 449

    Item Connection type Default port number UI where you can configure the connection data connections between BlackBerry Administration Service instances UDP multicast IP address/port 228.1.2.1/48858 228.1.2.1/48857 228.1.2.1/48855 228.1.2.5/45588 — data connections between BlackBerry Administration Service instances using TCP ping TCP first unused[...]

  • Page 450

    Item Connection type Default port number UI where you can configure the connection outgoing conversion results of large attachments to the BlackBerry Attachment Connector for the BlackBerry Attachment Service TCP 2000 BlackBerry Administration Service incoming data connections from, and outgoing data connections to, the BlackBerry Configuration Dat[...]

  • Page 451

    Item Connection type Default port number UI where you can configure the connection incoming data connections from, and outgoing data connections to, the Microsoft Office Communications Server 2007 R2 or 2010 TLS or MTLS 5061 BlackBerry Administration Service incoming data connections from, and outgoing data connections to, IBM Lotus Sametime TCP/IP[...]

  • Page 452

    Item Connection type Default port number UI where you can configure the connection • On a 64-bit version of Windows: HKEY_LOCAL_MACHIN ESOFTWARE WOW6432Node Research In Motion BlackBerrySNMPAgent ParametersUDPPort BlackBerry Configuration Database connection types and port numbers Item Connection type Default port number UI where you can c[...]

  • Page 453

    Item Connection type Default port number UI where you can configure the connection BlackBerry Enterprise ServerDatabasePort Related information Restarting BlackBerry Enterprise Server components, 392 BlackBerry Controller connection types and port numbers Item Connection type Default port number UI where you can configure the connection incoming[...]

  • Page 454

    Item Connection type Default port number UI where you can configure the connection outgoing syslog connections to the BlackBerry Messaging Agent UDP port number that the BlackBerry Messaging Agent provides — BlackBerry Dispatcher connection types and port numbers Item Connection type Default port number UI where you can configure the connection i[...]

  • Page 455

    Item Connection type Default port number UI where you can configure the connection • BlackBerry Collaboration Service • BlackBerry MDS Connection Service • BlackBerry Policy Service • BlackBerry Synchronization Service outgoing data connection that uses SRP to the BlackBerry Router TCP 3101 BlackBerry Administration Service incoming data co[...]

  • Page 456

    Item Connection type Default port number UI where you can configure the connection BlackBerrySNMPAgent ParametersUDPPort • On a 64-bit version of Windows: HKEY_LOCAL_MACHIN ESOFTWARE WOW6432Node Research In Motion BlackBerrySNMPAgent ParametersUDPPort BlackBerry Messaging Agent connection types and port numbers Item Connection type Defau[...]

  • Page 457

    Item Connection type Default port number UI where you can configure the connection ServerAgents TcpPortDispatcher incoming data connections from, and outgoing data connections to, the BlackBerry Configuration Database that a Microsoft SQL Server hosts TCP 1433 Windows registry • On a 32-bit version of Windows: HKEY_LOCAL_MACHIN ESOFTWAREResea[...]

  • Page 458

    Item Connection type Default port number UI where you can configure the connection WOW6432Node Research In Motion BlackBerry Enterprise ServerAgents SysLogHost outgoing syslog connections to the SNMP agent UDP 4071 Windows registry • On a 32-bit version of Windows: HKEY_LOCAL_MACHIN ESOFTWAREResearch In MotionBlackBerry Enterprise Server[...]

  • Page 459

    BlackBerry MDS Connection Service connection types and port numbers Item Connection type Default port number UI where you can configure the connection if access control for push applications is turned on, incoming connections for the HTTP listener port HTTP 8080 BlackBerry Administration Service if access control for push applications is turned on,[...]

  • Page 460

    Item Connection type Default port number UI where you can configure the connection ESOFTWAREResearch In Motion BlackBerrySNMPAgent ParametersUDPPort • On a 64-bit version of Windows: HKEY_LOCAL_MACHIN ESOFTWARE WOW6432Node Research In Motion BlackBerrySNMPAgent ParametersUDPPort incoming data connections for reliable pushes TCP 7874 Bl[...]

  • Page 461

    Item Connection type Default port number UI where you can configure the connection other applications that you configured the BlackBerry Monitoring Service to send SNMP traps to internal data connection to the BlackBerry Monitoring Service Application Core TCP 55500 BlackBerry Configuration Panel internal data connection to the BlackBerry Monitorin[...]

  • Page 462

    Item Connection type Default port number UI where you can configure the connection ESOFTWARE WOW6432Node Research In Motion BlackBerry Enterprise ServerDatabasePort incoming data connections from the BlackBerry database notification system UDP first unused port number from 4185 to 4499 — BlackBerry Router connection types and port numbers I[...]

  • Page 463

    Item Connection type Default port number UI where you can configure the connection Research In Motion BlackBerryRouter ServicePort outgoing data connections to the BlackBerry Infrastructure that use SRP TCP 3101 BlackBerry Configuration Panel Windows registry • On a 32-bit version of Windows: HKEY_LOCAL_MACHIN ESOFTWAREResearch In Motion Bl[...]

  • Page 464

    Item Connection type Default port number UI where you can configure the connection WOW6432Node Research In Motion BlackBerryRouter DevicePort outgoing syslog connections to the SNMP agent UDP 4071 Windows registry • On a 32-bit version of Windows: HKEY_LOCAL_MACHIN ESOFTWAREResearch In Motion BlackBerrySNMPAgent ParametersUDPPort • On [...]

  • Page 465

    Item Connection type Default port number UI where you can configure the connection incoming data connections from, and outgoing data connections to, the BlackBerry Configuration Database that a Microsoft SQL Server hosts TCP 1433 Windows registry • On a 32-bit version of Windows: HKEY_LOCAL_MACHIN ESOFTWAREResearch In MotionBlackBerry Enterpri[...]

  • Page 466

    IBM Lotus Sametime connection type and port number Item Connection type Default port number UI where you can configure the connection incoming data connections from and outgoing data connections to the BlackBerry Collaboration Service TCP/IP 1533 IBM Lotus Sametime Administration Tool Microsoft Exchange connection types and port numbers Item Connec[...]

  • Page 467

    Microsoft Office Live Communications Server 2005 connection types and port numbers Item Connection type Default port number UI where you can configure the connection incoming data connections from, and outgoing data connections to, the connector for the Microsoft Office Live Communications Server TLS 5061 Microsoft Office Live Communications Server[...]

  • Page 468

    Novell GroupWise Messenger connection type and port number Item Connection type Default port number UI where you can configure the connection incoming data connections from, and outgoing data connections to, the BlackBerry Collaboration Service SSL 8300 Novell GroupWise server that hosts the Novell GroupWise Messaging Agent SNMP agent connection ty[...]

  • Page 469

    Item Connection type Default port number UI where you can configure the connection BlackBerrySNMPAgent ParametersUDPPort incoming syslog connections from SNMP queries and traps UDP 161 Windows registry outgoing syslog connections from SNMP queries and traps TCP 162 Windows registry Syslog connection type and port number Item Connection type Defa[...]

  • Page 470

    Troubleshooting Troubleshooting: Connecting to the BlackBerry Administration Service The web browser displays an HTTP 404 or HTTP 504 error message when it tries to connect to a BlackBerry Administration Service instance Possible cause Possible solution You created a BlackBerry Administration Service pool using DNS round robin and you stopped the B[...]

  • Page 471

    Troubleshooting: BlackBerry Enterprise Server Performance A BlackBerry Enterprise Server that you installed remotely from the BlackBerry Configuration Database uses an unexpected amount of system resources and increases wireless network traffic Possible cause Once daily, the BlackBerry Enterprise Server uses the BlackBerry Mailstore Service to refr[...]

  • Page 472

    To turn on the address book refresh feature for a BlackBerry Enterprise Server again, use the same command with a value of True. Microsoft SQL Server uses a considerable amount of disk space Possible cause Reorganizing or rebuilding an index in Microsoft SQL Server can cause the size of the transaction log file in the BlackBerry Configuration Datab[...]

  • Page 473

    Possible cause Possible solution 4. In the Windows Services, restart the services for the BlackBerry Administration Service. You cannot find a new user account in the directory using the BlackBerry Administration Service Possible solution Refresh the list of available user accounts that the BlackBerry Administration Service can access from the dire[...]

  • Page 474

    3. Perform one of the following actions: • Remove the third-party application that uses the BlackBerry Enterprise Server extension API. • Change the third-party application so that it does not filter messages. Text does not appear correctly in Unicode email messages Possible cause By default, when the BlackBerry Enterprise Server receives Unico[...]

  • Page 475

    Possible solution You must configure a proxy server that prevents your organization's BlackBerry Enterprise Server from receiving HTTP requests from external servers. If the BlackBerry Enterprise Server is located in an unrestricted network that permits direct HTTP connections to the IBM Lotus Sametime server, the BlackBerry Collaboration Serv[...]

  • Page 476

    A user did not accept a notification about an instant message on a computer and the notification disappeared Applies to : BlackBerry Collaboration Service version 4.1 or later with the BlackBerry Client for use with Microsoft Office Live Communications Server 2005 or the BlackBerry Client for use with Microsoft Office Communications Server 2007. Po[...]

  • Page 477

    Possible cause Possible solution The BlackBerry Collaboration Service does not support the version of the instant messaging application that is installed on the BlackBerry device. Remove the instant messaging application from the BlackBerry device. Install an earlier version of the instant messaging application on the BlackBerry device. The Microso[...]

  • Page 478

    Troubleshooting: Connections to the Wi-Fi network A BlackBerry device cannot connect to a Wi-Fi network Possible cause Possible solution On the BlackBerry device, Wi-Fi connections are not turned on. 1. On the BlackBerry device, on the Home screen, click Manage Connections . 2. Click Wi-Fi Options . 3. In the Wi-Fi field, verify that a checkmark ap[...]

  • Page 479

    Possible cause Possible solution The BlackBerry device is not assigned to the correct user account. In the BlackBerry Administration Service, assign the correct BlackBerry device to the user account. The BlackBerry Enterprise Server cannot connect to the BlackBerry device. Perform the following actions: • Ping the BlackBerry device from the Black[...]

  • Page 480

    Possible cause Possible solution Verify that the correct authentication method is configured on the access point and BlackBerry device. The static IP address and DHCP for the BlackBerry device are not configured correctly. Perform any of the following actions: • If a static IP address is configured, verify that the parameters such as the subnet m[...]

  • Page 481

    A user cannot see Wi-Fi connection settings on a Wi-Fi enabled BlackBerry device Possible cause The Wi-Fi enabled BlackBerry device is not configured to permit a user to make changes to the Wi-Fi configuration settings. Possible solution 1. In the BlackBerry Administration Service, change the WLAN Allowed Handheld Changes configuration setting in t[...]

  • Page 482

    Field Description When the BlackBerry device displays a value for the AP MAC Address, the BlackBerry device is associated with the access point. Security Type This field specifies the following link security methods: • No Security • WEP • PSK • PEAP • LEAP • EAP-TLS • EAP-FAST • EAP-TTLS When the BlackBerry device displays the link [...]

  • Page 483

    Field Description Network Channel This field specifies the IEEE 802.11 channel that the access point uses. Pairwise Cipher This field specifies information about how the access point manages encryption keys for a user account on the network. You can configure an access point to support multiple pairwise ciphers. You can use a pairwise cipher with a[...]

  • Page 484

    Field Description Certificate This field specifies the certificate that the BlackBerry device can use for Wi-Fi authentication, if applicable. Software Token If you configured a software token for the BlackBerry device, this field specifies the serial number of the software token. Status fields for VPN connections Field Description Current Profile [...]

  • Page 485

    Field Description Secure Subnet Mask This field specifies the subnet mask of the BlackBerry device on the private network that the VPN protects. The subnet mask and IP address provide information about the subnet that the BlackBerry device has connected to. Retry at If a BlackBerry cannot log in, this field specifies the next date and time that the[...]

  • Page 486

    Field Description • Mobile Network Preferred: If possible, the BlackBerry device uses a mobile network connection but the BlackBerry device can also use a Wi-Fi connection. UMA Wi-Fi Available This field specifies whether the user has a UMA profile. You can safely ignore this status field. Connection This field specifies whether the BlackBerry de[...]

  • Page 487

    Field Description Connecting This field specifies the IP address and port number that the BlackBerry device uses to connect to the BlackBerry Infrastructure. Authenticating router This field specifies the IP address of the server that performs authentication, if applicable. Authenticating server This field specifies the IP address of the server tha[...]

  • Page 488

    Possible cause Possible solution • Verify that the VPN concentrator host name resolves to an IP address. If it does not, configure the VPN IP address. The VPN authentication method is not configured correctly. • Verify that the VPN server supports the security parameters. • Verify that the VPN login information for the user account are correc[...]

  • Page 489

    Possible cause Possible solution 5. If you receive a response to the the ping but the BlackBerry device does not display a success message, check the Status field for a reason for this error. Verify whether a BlackBerry device can resolve an IP address If a BlackBerry device cannot connect to a Wi-Fi network, you can determine which connections the[...]

  • Page 490

    2. Click Wi-Fi Options . 3. Press the Menu key and click Wi-Fi Tools > DNS Lookup . 4. In the Host field, type a name or an IP address that you want to look up. 5. Press the Menu key and click DNS Lookup . 6. Press the Menu key and click Send ping . Troubleshooting: BlackBerry Administration Service pools BlackBerry Administration Service instan[...]

  • Page 491

    Troubleshooting: BlackBerry Monitoring Service connections A user cannot log in to the BlackBerry Monitoring Service Possible cause If your organization's environment includes a firewall located between the BlackBerry Administration Service and BlackBerry Monitoring Service, the firewall can block the JNDI delegate port on the BlackBerry Admin[...]

  • Page 492

    Troubleshooting: IT policies I cannot find an IT policy rule in the BlackBerry Administration Service Possible cause The version of the BlackBerry Enterprise Server that you are using does not include the IT policy rule. Possible solution Import the IT policy rule from an IT policy pack that is available from www.blackberry.com/support . For more i[...]

  • Page 493

    Glossary AAA Authentication, Authorization, Accounting AES Advanced Encryption Standard ACL An access control list (ACL) is a list of permissions that are associated with an object, such as a file, directory, or other network resource. It specifies which users or components have permission to perform specific operations on an object. ACP ANSI code [...]

  • Page 494

    CMIME Compressed Multipurpose Internet Mail Extension content protection Content protection helps protect user data on a locked BlackBerry device by encrypting the user data using the content protection key and ECC private key. CRL certificate revocation list CSR certificate signing request DES Data Encryption Standard device transport key The devi[...]

  • Page 495

    GPO Group Policy Object GPS Global Positioning System HTML Hypertext Markup Language HTTP Hypertext Transfer Protocol HTTPS Hypertext Transfer Protocol over Secure Sockets Layer IIS Internet Information Services IP address An Internet Protocol (IP) address is an identification number that each computer or mobile device uses when it sends or receive[...]

  • Page 496

    messaging server A messaging server sends and processes messages and provides collaboration services, such as updating and communicating calendar and address book information. MIDP Mobile Information Device Profile MIME Multipurpose Internet Mail Extensions mirror database In database mirroring, a mirror database is a standby copy of a principal da[...]

  • Page 497

    SQL Structured Query Language SRP Server Routing Protocol SRP ID The SRP ID is a unique identifier for the BlackBerry Enterprise Server that the BlackBerry Enterprise Server uses to identify itself to the BlackBerry Infrastructure during SRP authentication. SSID service set identifier SSL Secure Sockets Layer TCP Transmission Control Protocol TCP/I[...]

  • Page 498

    Legal notice © 2012 Research In Motion Limited. All rights reserved. BlackBerry ® , RIM ® , Research In Motion ® , and related trademarks, names, and logos are the property of Research In Motion Limited and are registered and/or used in the U.S. and countries around the world. Adobe and Acrobat are trademarks of Adobe Systems Incorporated. ANSI[...]

  • Page 499

    COURSE OF DEALING OR USAGE OF TRADE, OR RELATED TO THE DOCUMENTATION OR ITS USE, OR PERFORMANCE OR NON-PERFORMANCE OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICES REFERENCED HEREIN, ARE HEREBY EXCLUDED. YOU MAY ALSO HAVE OTHER RIGHTS THAT VARY BY STATE OR PROVINCE. SOME JURISDICTIONS MAY NOT ALLOW THE EXCLUSION OR LIMIT[...]

  • Page 500

    Third Party Products and Services that are provided with RIM's products and services are provided as a convenience to you and are provided "AS IS" with no express or implied conditions, endorsements, guarantees, representations, or warranties of any kind by RIM and RIM assumes no liability whatsoever, in relation thereto. Your use of[...]