How to install BlackBerry Enterprise Server Express on a SBS 2008 By Mariette Knap SBS, www.smallbizserver.net BESExpress, BlackBerry, SBS 2008 Finally we have a BESExpress that can be installed on SBS 2008. It may looks like an easy job but you have to be very precise and follow the steps in this document to be successful. This article comes from my previous website www.smallbizserver.net and was orginally published on April 18, 2010. Table of contents How to install BlackBerry Enterprise Server Express on a SBS 2008 Install Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1 Raise Windows Server 2008 Active Directory Domain and Forest Functional Levels Create a Windows account and mailbox for the BlackBerry Enterprise Server Express Configure Exchange Server 2007 Configure the computer that will host the BlackBerry Enterprise Server Express Configure the database server and run the BlackBerry Enterprise Server Express setup application Configure the Firewall to allow access to the BlackBerry Administration Service and the Web Desktop Manager Finally we have a BESExpress that can be installed on SBS 2008. It may looks like an easy job but you have to be very precise and follow the steps in this document to be successful. This article comes from my previous website www.smallbizserver.net and was orginally published on April 18, 2010. Install Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1 Before we can start with the installation of BESExpress you must install Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1. You can download it here: http://www.microsoft.com/downloads/details.aspx?FamilyID=E17E7F31-079A-43A9-BFF2-0A110307611E&displaylang=en. Your server must have Exchange 2007 Service Pack 2 installed and all rollups. It is best practice to run the SBS 2008 BPA and check the reports before you install BESExpress 5.01. Raise Windows Server 2008 Active Directory Domain and Forest Functional Levels It seems that the ability to login with a Windows account into BlackBerry Web Desktop Manager is only possible when you raise the Functional Levels of you domain and forest to Windows Server 2008. Before you complete this procedure you need to understand what this means, please read: Understanding Domain and Forest Functionality Unable to log on to the BlackBerry Administration Service web console when running a mixed Windows Server 2003 and 2008 domain controller environment If you have a Windows 2003 Server in your network that is a domain controller, such as in a branch office, you should will notice that you cannot raise functionality to Windows 2008 level. If you plan to have a Windows 2003 server that will be a DC do not raise functionality level. Open Active Directory Users and Computers from the Administrative tools. Right click your domain and choose ‘Raise domain functional level’. Choose Windows Server 2008 and click Raise. Accept and click OK. Click OK and close the Active Directory Users and Computers MMC. Open Active Directory Domains and Trusts from the Administrative tools Right click ‘Active Directory Domains and Trusts’ and choose Raise Forest Functional Level. Choose Windows Server 2008 and click Raise Click OK. Click OK and close the ‘Active Directory Domains and Trusts’ MMC. Create a Windows account and mailbox for the BlackBerry Enterprise Server Express From the start menu open the Exchange Management Console. Choose Recipient Configuration –> Mailbox and in actions pane ‘New Mailbox’. Choose ‘User Mailbox’ and then Next. Choose ‘New User’ and click next. Fill in First name, Name, User Logon name (both) and give a strong password to the BESadmin. Click Next. Click Browse Choose your server and click OK Check your settings and click New. Make sure you have a green check and click Finish Configure Exchange Server 2007 From the start menu choose the Exchange Management Shell. Type the command to set ViewOnlyAdmin role for Besadmin. add-exchangeadministrator "BESAdmin" -role ViewOnlyAdmin Type the command to assign the ms-Exch-Store-Admin, Receive-As, and Send-As permissions for the BESadmin account and press enter. get-mailboxserver "ContosoServer" | add-adpermission -user "BESAdmin" -accessrights ExtendedRight -extendedrights Receive-As, ms-Exch-Store-Admin, Send-As Configure the computer that will host the BlackBerry Enterprise Server Express Start Active Directory Users and Computers from the Start Menu. Select the hive Builtin and double click ‘Administrators’. Choose the tab ‘Members’ and click Add. Type ‘besadmin’ and click ‘Check Names’. Click OK. Click ‘Apply’ and then ‘OK’. Open Group Policy Management from the Administrative Tools. Right click the ‘Default Domain Controllers Policy’ and choose ‘Edit’. Choose Computer Configuration –> Windows Settings –> Security Settings –> Local Policies –> User Rights Assignment and double right click in the right pane ‘Allow log on locally’. Click ‘Add User or Group’. Click Browse Type in the box ‘besadmin’ and click ‘Check Names’. Click ‘OK’. As you see the BESAdmin account is now listed. Click ‘Apply’ and ‘OK’. Scroll down and double click ‘Log on as a service’. Check ‘Define these policy settings’ and click ‘Add User or Group’. Click ‘Browse’. Type in the box ‘besadmin’ and click ‘Check Names’. Click ‘OK’. Click ‘OK’. The ‘besadmin’ account is now listed. Click ‘Apply’ and ‘OK’. Close the Group Policy Management Console. Configure the database server and run the BlackBerry Enterprise Server Express setup application You should download BESExpress here: http://na.blackberry.com/eng/services/business/server/express/. It is free but RIM only asks you to register. After registration RIM will send you a download URL and CAL keys. WARNING! Very Important! Logoff from the server and logon with the BESAdmin account you just created. If you fail to do this everything else will fail Verify that you are logged on as the BESAdmin. Open the start menu and see if BESAdmin is the user who is logged on to your server. Run the download, it will unzip the contents into a folder of your choice and start setup automatically. Again you are warned to check if the current user is BESAdmin. If it is click ‘Continue Installation’. Fill in User name, Organization, choose the country and accept the license agreement. Click ‘Next’. Choose ‘Create a BlackBerry Configuration Database’ and click Next. Choose the defaults and click Next. You must not see any warnings here. Click Next. A default SBS 2008 installation already has SQL 2005 as you can see in this screenshot. You can choose to install the BlackBerry database into the SBSMonitoring instance but it seems to be best practice to create a dedicated instance. The BESExpress installer does that for you and names it BlackBerry as you can also see in the screenshot. We choose to install SQL Server 2005 Express Edition, this will create a new instance called BlackBerry in which the Configuration Database will be created for BlackBerry. Click Next. Fill in the password and the name for your server. Review your settings and click ‘Install’. Click Yes to restart the server. After the server has restarted login with the BESAdmin account. Once restarted and logged in as BESAdmin choose Next. After awhile you are asked to create the BESMgmt database. Choose Yes. The database is created. If a window pops up that a Java update should be installed ignore that and cancel. The database has been created, click OK. Fill in the CAL key, SRP Identifier and Authentication key. If you have difficulties understanding what numbers/keys where to fill in please study the screenshot below. Fill in the name of your server and click Check Name. Click Apply and OK. Type a password and click Next. It is important to understand that you use the same account as you installed your server with. You should not use the BESAdmin here! In this case I use a non AD account that will be able to manage BlackBerry accounts. Almost done. Click Start Services. All services are started and click Next. Click Finish. Configure the Firewall to allow access to the BlackBerry Administration Service and the Web Desktop Manager There are two ways of doing this. You can choose to configure the Firewall with your mouse or use ‘netsh’. We will show you both. With netsh it is really easy. Open a command prompt and choose ‘Run as administrator’. Type netsh firewall add portopening TCP 3443 "BESExpress Management Port" and hit enter. netsh firewall add portopening TCP 3443 "BESExpress Management Port" Now we will use the mouse. Open the Control Panel and choose ‘Allow a program through Windows Firewall’. Aha, there is the rule we created with netsh. Now, if you did not use netsh you would click ‘Add Port’ and add port 3443 for the BESExpress Management Port.