BlackBerry Forums Support Community

BlackBerry Forums Support Community (http://www.blackberryforums.com/)
-   BES Admin Corner (http://www.blackberryforums.com/bes-admin-corner/)
-   -   BBAdmin's BES Prerequisites Thread (http://www.blackberryforums.com/bes-admin-corner/68185-bbadmins-bes-prerequisites-thread.html)

BBAdmin 03-07-2007 03:44 AM

BBAdmin's BES Prerequisites Thread
 
One of the painful elements of implementing BES is the way in which RIM write the checklists. I often come across people who are not quite sure what they need to do in terms of prerequisites . The problem I think is not so much the complexity, but the way in which the checklist element of BES is laid out. RIM also make this worse by segregating the checklist on the basis you may want to install various BES components on different machines, and most of us don't need this. To try and make the process as simple as possible I have decided to write up a checklist which, although largely taken from RIM's documentation, I have added my own experiences and ways of explaining each element in the hope that if you need it, you will find my documentation simplier to follow!!!

Now, a couple of footnotes; We know you can fudge a BlackBerry Server to work on an Exchange box, and we know you can get away with installing it on a machine with perhaps lower than recommended specs (depending on the size of the user base), but my theory behind the below is on the fact that most people want a BES server which they can get support on from RIM, therefore my checklist ensures a supported configuration. Also please note my checklist is based on an implementation for Exchange 2003.

To prevent this thread getting cluttered please only post your thanks, or your recommendations (or corrections on the basis I may have gotten something wrong). I don't want to hear "you can install it on the Exchange Server"!!! Post your corrections and I will ammend this post so we always have the most up to date information at the top of the thread!!


BES Prerequisites for Exchange 2003


Hardware Requirements

RIMxxx8217;s minimum recommendations for the hardware on which you want to run BES are:

Intel Pentium IV processor (2GHz or higher)
1.5GB RAM
1GB of free disk space

Your BES should also be located near your Exchange Server to avoid issues with latency


Network Environment & Firewall Configuration

Do not put the BES in a DMZ

Configure your firewall to initiate a bi-directional TCP/IP connection to an external server on port 3101

Verify that the firewall can resolve Internet addresses using DNS

If using a proxying firewall, ensure that the proxy is transparent


SPAM & Anti Virus Systems

You must allow .DAT file attachments to pass through to users mailboxes for Enterprise Activation

You must ensure your Anti SPAM software does not prevent activation messages reaching usersxxx8217; mailboxes. The best way to configure this is to allow all emails from *.blackberry.net


BES Software Requirements

Your BES server will need to run Microsoft Windows 2000 (Server or Advanced Server editions) or Microsoft Windows Server 2003 SP1

You will need to install Microsoft Exchange 2003 System Manager ONLY (do not install a full Exchange Server on the BES computer)

Microsoft Internet Explorer version 6.0 or later

Adobe Acrobat Reader 3.0 or later (to read the user guides)

You must install MSDE 2000 Release A or SQL 2000 on the same computer as the BlackBerry Enterprise Server. You can also utilise a remote SQL server if required.


Microsoft Exchange Infrastructure

Microsoft Exchange 2003 native environment

Any Microsoft Exchange service packs that are installed on your mail server must also be installed on the BES computer

Do not install Microsoft Outlook on the computer on which you intend to install BES

Install and register the cdo.dll hot fix in C:\Program Files\Exchsrvr\BIN\ on the BES computer to obtain the correct Messaging API (MAPI) version. The version number on the BES computer must be the same or higher than the CDO.dll on your Exchange Server

Verify that the BES is in the same Microsoft Exchange domain as your messaging server


Configuration Database

If you intend to install your database on the same computer as BES, install one of the following database programs:

1. Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)

2. Microsoft SQL Server 2000 Service Pack 3a

3. Microsoft SQL Server 2005 (Professional or Enterprise)

If your configuration database is on a remote server, you must enable network protocols to make a connection

Microsoft SQL Server must not be installed with case-sensitive collation settings. Use the default case-insensitive collation settings.

Install one of the following Microsoft Data Access Component (MDAC) versions on the computer where you plan to install the BlackBerry Enterprise Server:

1. MDAC 2.8 with Security Patch MS04-003 (version 2000.85.1025.00)

2. MDAC 2.8 Service Pack 2 (version 2000.86.1830.00)

If you are using Microsoft SQL Server, download and install the appropriate Java Database Connectivity (JDBC) driver.

Microsoft SQL Server 2000 driver for JDBC Service Pack 3: Visit
Downloads for Microsoft SQL Server 2000 for more information

Microsoft SQL Server 2005 driver for JDBC: Visit
Downloads for SQL Server 2005 for more information


Database Permissions

If creating the configuration database on the BES computer, assign System Administrator permission

If creating the configuration database on a remote database server during the BES installation, assign Server Administrator and Database Creator permissions


BESAdmin Permissions

Create a Windows 2000 Domain User to act as your BES service account and create an Exchange mailbox for the newly created user.

Initialize the mailbox by sending a test message to the newly created service account mailbox

The service account requires a minimum of the following Windows 2000 permissions:
  • Log on locally with local permissions
  • Log on as a service
  • Local administrator
The service account requires a minimum of the following Microsoft Exchange 2003 permissions:
  • View Only Administrator. This permission should be set to enable (at minimum) access at the Administrative Groups level in Microsoft Exchange 2003 to be able to read from the Active Directory.
  • Administrator Information store, Send as, and Receive as. These permissions should be set at the Microsoft Exchange server level.
You must ensure your Group Policy does not conflict and override the permissions set for the BESAdmin


Terminal Services

Windows Server 2000: If installed, select Remote Administration mode
Windows Server 2003: Do not install; select Remote Desktop mode on the System Properties Remote tab

Multiple Languages


You can enable additional languages to support Unicode in the BlackBerry Manager using the Windows regional options

Download the Microsoft Internet Explorer Multilanguage support pack and adjust the encoding to view Chinese Simplified [GB2312] and, or Chinese Traditional [Big5]


USB Hub

If you are running a USB hub, verify that the driver supports USB 1.1 compliant hubs


As a final point, when it comes to actually installing your BES server, make sure you are logged on as the BESAdmin account!!

Happy installing.




Malkier 03-26-2007 06:32 PM

Nice work, from what I can tell (considering the lack of sleep last night) its spot on, been meaning to write up a simplified version myself.
Now just need one for Domino and GroupWise :razz:

BBAdmin 03-27-2007 03:19 AM

Quote:

Now just need one for Domino and GroupWise
Feel free....I'm a bit of an Exchange monkey and hate everything else!!
:-)

technickel 03-27-2007 02:54 PM

Looks good. Can you create one for 2007 as well

BBAdmin 03-27-2007 04:40 PM

Exchange 2007 isn't supported yet, and I never fudge my BlackBerry servers with unsupported configurations...when RIM are up for it, so am I and you'll see a prerequisites thread for it then my friend!!

bertiebassett 03-28-2007 02:33 AM

Quote:

Originally Posted by BBAdmin
Exchange 2007 isn't supported yet, and I never fudge my BlackBerry servers with unsupported configurations...when RIM are up for it, so am I and you'll see a prerequisites thread for it then my friend!!

Indeed.

Malkier 03-29-2007 09:05 PM

Quote:

Originally Posted by BBAdmin
Feel free....I'm a bit of an Exchange monkey and hate everything else!!
:-)

Same, Hence why I'm in need of the other ones :razz:

Two things I would add for server preperation is installng IIS and Active Directory Management Tools (IIS more so than the later)

nakedcomputerman 03-30-2007 04:50 PM

Thanks for the simplified list, i am going through it now and will give you my results as soon as i get through it all. GOOD WORK it does help.

randy

BBAdmin 03-30-2007 06:57 PM

Cool, although I'm slightly worried from your user name that you perform all of you administration naked!!!!!

nakedcomputerman 04-02-2007 04:54 PM

privately yes, not publicly or within a business. It would be easy for me to do.

bbgirl 04-03-2007 08:24 AM

wow, how do you get to be a "super moderator?"

the guide is nice and simple. Any chances that you have written up a device troubleshooting guide?

I have to write one of those up for my helpdesk. Our Gov't. Agency (GA) is under the gun for documentation, which I have to update.

Can I borrow your simple guide?

BBAdmin 04-03-2007 08:26 AM

Quote:

Can I borrow your simple guide?
Help yourself, it's here for the community!!

nakedcomputerman 04-11-2007 02:51 PM

i love your guide and it was and is quite helpful. i have a few items i think would be helpful through my own experience that may help those starting this installation for the first time. when i get past the database issue and the mixed mode problem and figure that one out i will be near finish i think.

i am not quite ready to share my ideas yet. Thanks for the guide.

bculler2 04-19-2007 12:42 PM

Greate guide... but regarding this part:

Quote:

The service account requires a minimum of the following Microsoft Exchange 2003 permissions:

* View Only Administrator. This permission should be set to enable (at minimum) access at the Administrative Groups level in Microsoft Exchange 2003 to be able to read from the Active Directory.

* Administrator Information store, Send as, and Receive as. These permissions should be set at the Microsoft Exchange server level.
Where do you set these permissions specifically?

acnst 04-19-2007 06:21 PM

Quote:

Originally Posted by bculler2 (Post 514565)
Greate guide... but regarding this part:



Where do you set these permissions specifically?

You need to use Exchange System Manager to set these permissions.

bculler2 04-23-2007 08:51 AM

Anyway to get this thread stickied? This has been a great help.

rliebsch 05-15-2007 03:58 PM

One question,

Can BES reside on a Domain Controller?

SmoothRunnings 05-26-2007 08:55 AM

I read that BES can run on SBS 2003 server so a lot of what you have posted here doesn't really fit in the server configuration. Does anyone have suggests on how to do everything from start to finish?

Thanks
Andrew

SmoothRunnings 05-26-2007 01:40 PM

What the heck does this mean in English? Microsoft doesn't write crap like this without giving detail instructions how to properly configure something!! (sigh) I think RIM needs to have a lession or two in properly documenting stuff.

----snip----

The service account requires a minimum of the following Microsoft Exchange 2003 permissions:
View Only Administrator. This permission should be set to enable (at minimum) access at the Administrative Groups level in Microsoft Exchange 2003 to be able to read from the Active Directory.
Administrator Information store, Send as, and Receive as. These permissions should be set at the Microsoft Exchange server level.
You must ensure your Group Policy does not conflict and override the permissions set for the BESAdmin

----snip----

Andrew

BBAdmin 06-05-2007 03:02 AM

Quote:

Microsoft doesn't write crap like this
You're correct, Microsoft doesn't write crap like this.....they write crap that's so complicated you'll have no idea what you're supposed to do!! It's not RIM's job to teach people how to set permissions in Windows/Exchange click by click, and if you can't perform those basic admin tasks then you shouldn't be setting up stuff like this, so I have to say I entirely disagree with your point.


All times are GMT -5. The time now is 01:27 AM.

Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.