Introduction to Administering and

Supporting BlackBerry Enterprise

Server version 4.1
© 2005 Research In Motion Limited. All Rights Reserved. The RIM and BlackBerry families of
related marks, images and symbols are the exclusive properties of and trademarks of Research In
Motion Limited. RIM, Research In Motion, “Always On, Always Connected”, the “envelope in
motion” symbol and BlackBerry are registered with the U.S. Patent and Trademark Office and
may be pending or registered in other countries. Adobe and Acrobat are either registered
trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other
countries. The Bluetooth word mark is owned by Bluetooth SIG, Inc. and any use of such marks
by Research In Motion Limited is under license. Corel and WordPerfect are trademarks or
registered trademarks of Corel Corporation and/or its subsidiaries in Canada, the United States
and/or other countries. IBM, Lotus, Lotus Notes, iNotes, and Domino are either registered
trademarks or trademarks of International Business Machines Corporation in the United States
and/or other countries. Java is a trademark or registered trademark of Sun Microsystems, Inc. in
the United States and other countries. Microsoft, PowerPoint and Windows are either registered
trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
All other brands, product names, company names, trademarks and service marks are the
properties of their respective owners.

The BlackBerry handheld and/or associated software are protected by copyright, international
treaties and various patents, including one or more of the following U.S. patents: 6,278,442;
6,271,605; 6,219,694; 6,075,470; 6,073,318; D445,428; D433,460; D416,256. Other patents are
registered or pending in various countries around the world. Visit www.rim.com/patents.shtml
for a current listing of applicable patents.

This document is provided “as is” and Research In Motion Limited and its affiliated companies
(“RIM”) assume no responsibility for any typographical, technical or other inaccuracies in this
document. RIM reserves the right to periodically change information that is contained in this
document; however, RIM makes no commitment to provide any such changes, updates,
enhancements or other additions to this document to you in a timely manner or at all. RIM
MAKES NO REPRESENTATIONS, WARRANTIES, CONDITIONS OR COVENANTS, EITHER
EXPRESS OR IMPLIED (INCLUDING WITHOUT LIMITATION, ANY EXPRESS OR IMPLIED
WARRANTIES OR CONDITIONS OF FITNESS FOR A PARTICULAR PURPOSE, NON-
INFRINGEMENT, MERCHANTABILITY, DURABILITY, TITLE, OR RELATED TO THE
PERFORMANCE OR NON-PERFORMANCE OF ANY SOFTWARE REFERENCED HEREIN
OR PERFORMANCE OF ANY SERVICES REFERENCED HEREIN). IN CONNECTION WITH
YOUR USE OF THIS DOCUMENTATION, NEITHER RIM NOR ITS RESPECTIVE DIRECTORS,
OFFICERS, EMPLOYEES OR CONSULTANTS SHALL BE LIABLE TO YOU FOR ANY
DAMAGES WHATSOEVER BE THEY DIRECT, ECONOMIC, COMMERCIAL, SPECIAL,
CONSEQUENTIAL, INCIDENTAL, EXEMPLARY OR INDIRECT DAMAGES, EVEN IF RIM
HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, INCLUDING WITHOUT
LIMITATION, LOSS OF BUSINESS REVENUE OR EARNINGS, LOST DATA, DAMAGES
CAUSED BY DELAYS, LOST PROFITS, OR A FAILURE TO REALIZE EXPECTED SAVINGS.

This document might contain references to third party sources of information, hardware or
software, products or services and/or third party web sites (collectively the “Third-Party
Information”). RIM does not control, and is not responsible for, any Third-Party Information,
including, without limitation the content, accuracy, copyright compliance, compatibility,
performance, trustworthiness, legality, decency, links, or any other aspect of Third-Party
Information. The inclusion of Third-Party Information in this document does not imply
endorsement by RIM of the Third Party Information or the third party in any way. Installation
and use of Third Party Information with RIM's products and services may require one or more
patent, trademark or copyright licenses in order to avoid infringement of the intellectual
property rights of others. Any dealings with Third Party Information, including, without
limitation, compliance with applicable licenses and terms and conditions, are solely between you
and the third party. You are solely responsible for determining whether such third party
licenses are required and are responsible for acquiring any such licenses relating to Third Party
Information. To the extent that such intellectual property licenses may be required, RIM
expressly recommends that you do not install or use Third Party Information until all such
applicable licenses have been acquired by you or on your behalf. Your use of Third Party
Information shall be governed by and subject to you agreeing to the terms of the Third Party
Information licenses. Any Third Party Information that is provided with RIM's products and
services is provided "as is". RIM makes no representation, warranty or guarantee whatsoever in
relation to the Third Party Information and RIM assumes no liability whatsoever in relation to
the Third Party Information even if RIM has been advised of the possibility of such damages or
can anticipate such damages.

Certain features outlined in this document require a minimum version of BlackBerry Enterprise
Server software, BlackBerry Desktop Software, and/or BlackBerry Handheld Software and may
require additional development or third party products and/or services for access to corporate
applications.

Warning: This document is for the use of BlackBerry Training registrants only and its use is
subject to the terms and conditions of the BlackBerry Training Agreement. Any unauthorized
copying or distribution of information is a violation of copyright laws.

For more information on BlackBerry, call 1-877-255-2377

Research In Motion Limited

295 Phillip Street Waterloo, Ontario
Canada N2L 3W8
tel. (519) 888-7465 Fax (519) 888-6906
web site: www.rim.com
email: [email protected]

Printed in Canada
About This Training

This training is designed for BlackBerry Enterprise Server® administrators who have little to no
experience using or supporting the BlackBerry Enterprise Server version 4.1.

For more effective classroom learning, participants should take the the web-based prerequisites
before attending an instructor led session. BlackBerry® web-based training introduces the
learner to the basics of BlackBerry products and services. The prerequisites attempt to
demonstrate how to use the main features of each BlackBerry product and service and present
information necessary to understand how to support the BlackBerry wireless solution.

This training manual must be accompanied by an instructor led presentation by a certified

BlackBerry Instructor. Contact [email protected] for details on available programs.
RIM Education Services

Table of contents

Module 1: Introducing the BlackBerry Enterprise Solution ........... 1

About the BlackBerry Enterprise Solution ................................................................................... 2
BlackBerry Enterprise Solution architecture................................................................................ 3
Message flow through the BlackBerry Enterprise Solution.................................................... 5
Message flow to and from a device ............................................................................................ 5

Module 2: Introducing the BlackBerry Enterprise Server............. 11

About the BlackBerry Enterprise Server..................................................................................... 12
Functions of the BlackBerry Enterprise Server ...................................................................... 12
BlackBerry Enterprise Server architecture ................................................................................. 13
Microsoft Exchange ....................................................................................................................... 14
IBM Lotus Domino......................................................................................................................... 14
Novell GroupWise........................................................................................................................... 15
BlackBerry Enterprise Server components ................................................................................ 17
BlackBerry Router........................................................................................................................... 17
BlackBerry Dispatcher................................................................................................................... 19
BlackBerry Controller..................................................................................................................... 19
BlackBerry Synchronization Service.......................................................................................... 19
BlackBerry Policy Service.............................................................................................................. 20
BlackBerry Collaboration Service .............................................................................................. 21
BlackBerry Messaging Agent...................................................................................................... 21
GroupWise Connector................................................................................................................... 23
BlackBerry Attachment Service.................................................................................................. 23
BlackBerry Mobile Data System (MDS) Services .................................................................. 23
BlackBerry Enterprise Server databases .................................................................................. 25
BlackBerry Manager ...................................................................................................................... 26
BlackBerry Enterprise Server messaging system..................................................................... 29
To a device........................................................................................................................................ 29
From a device................................................................................................................................... 32

Module 3: Installing the BlackBerry Enterprise Server ................. 39

BlackBerry Enterprise Server installation process................................................................... 40
BlackBerry Enterprise Server remote installation options.................................................... 41

60IPES41TOC.fm
i
 RIM Education Services

BlackBerry Enterprise Server installation requirements........................................................ 44

Pre-installation tasks........................................................................................................................ 45
Microsoft Exchange pre-installation tasks ............................................................................. 45
IBM Lotus Domino pre-installation tasks ............................................................................... 48
Novell GroupWise pre-installation tasks................................................................................. 49
Installing the BlackBerry Enterprise Server .............................................................................. 53
Installation tips ............................................................................................................................... 55
Verifying the BlackBerry Enterprise Server installation ........................................................ 56
Troubleshooting the BlackBerry Enterprise Server installation.......................................... 58
Common pre-installation errors................................................................................................. 58
Common installation errors......................................................................................................... 59

Module 4: Exploring the BlackBerry Manager ................................ 65

BlackBerry Enterprise Server tools............................................................................................... 66
BlackBerry Server Configuration tool....................................................................................... 66
Main areas within the BlackBerry Manager............................................................................. 69
BlackBerry Manager tips .............................................................................................................. 71
Levels within the BlackBerry Manager....................................................................................... 72
Domain level.................................................................................................................................... 72
Server level........................................................................................................................................ 73
Group level ....................................................................................................................................... 73
Local Ports level .............................................................................................................................. 74
User level........................................................................................................................................... 75

Module 5: Managing administrative roles ....................................... 79

About administrative roles ............................................................................................................ 80
Description of the administrative roles ..................................................................................... 81
Administering roles .......................................................................................................................... 82

60IPES41TOC.fm
ii
RIM Education Services

Module 6: Managing users.................................................................... 89

Adding users to the BlackBerry Enterprise Server.................................................................. 90
Adding the user .............................................................................................................................. 91
Managing users................................................................................................................................. 92
User and account status information ...................................................................................... 92
Task menus....................................................................................................................................... 93
User management tips ................................................................................................................. 94
Configuring new users .................................................................................................................... 95
Configuring user options through the task menus ............................................................. 95
Configuring user options through Edit Properties .............................................................. 96

Module 7: Managing administrative groups ................................. 103

About administrative groups ..................................................................................................... 104
What do groups do? ................................................................................................................... 104
Managing groups .......................................................................................................................... 107
Accessing lists of groups........................................................................................................... 107
Accessing one group .................................................................................................................. 108
Group status information ......................................................................................................... 108
Task menus.................................................................................................................................... 109
Group management tips........................................................................................................... 110
Adding groups to the BlackBerry Enterprise Server ........................................................... 111
Configuring group properties .................................................................................................... 112
Configuring a new group through the task menus ......................................................... 112
Configuring a new group by copying the properties to another group.................... 112
Configuring a new group through the Edit Group Template option......................... 113
Adding new users to a new group........................................................................................... 115
Tips for adding users to groups.............................................................................................. 115
Viewing a list of group members.............................................................................................. 116
Configuring the user properties for a new group member .............................................. 117
Editing the configuration of existing groups ....................................................................... 120
Changing a group template .................................................................................................... 120
Changing the properties set for a group............................................................................. 121
Changing group membership.................................................................................................... 123
Troubleshooting administrative groups ................................................................................. 125

60IPES41TOC.fm
iii
 RIM Education Services

Module 8: Managing data transfer................................................... 131

About email prepopulation ........................................................................................................ 132
Configuring email prepopulation .......................................................................................... 132
Tips for troubleshooting email prepopulation................................................................... 133
About wireless email reconciliation......................................................................................... 136
Configuring wireless email reconciliation ........................................................................... 137
Reconciliation of hard deleted messages for Microsoft Exchange ............................. 138
Tips for troubleshooting email reconciliation .................................................................... 139
About wireless PIM synchronization........................................................................................ 141
Wireless PIM synchronization data flow.............................................................................. 142
Configuring wireless PIM synchronization.......................................................................... 145
Address lookup............................................................................................................................... 148
Tips for troubleshooting wireless PIM synchronization .................................................. 149
About wireless calendar synchronization............................................................................... 152
Wireless calendar synchronization data flow..................................................................... 152
Tips for troubleshooting wireless calendar synchronization ......................................... 156
About automatic wireless backup............................................................................................ 160
Automatic wireless backup data flow .................................................................................. 161
Configuring automatic wireless backup .............................................................................. 163
Tips for troubleshooting automatic wireless backup....................................................... 163

Module 9: Managing filters................................................................. 169

About filters..................................................................................................................................... 170
Creating a new filter..................................................................................................................... 172
Adding a filter .............................................................................................................................. 172
Filter conditions.............................................................................................................................. 174
Filter actions .................................................................................................................................... 176
Enabling a filter.............................................................................................................................. 177
Changing the default if no filters apply................................................................................. 179
Filter order........................................................................................................................................ 180
Filter order tips............................................................................................................................. 180
Reordering filters ......................................................................................................................... 181
Managing filters............................................................................................................................. 182

60IPES41TOC.fm
iv
RIM Education Services

Module 10: Managing IT policies........................................................ 191

About IT policies ............................................................................................................................ 192
IT policy distribution .................................................................................................................. 192
IT policy data flow......................................................................................................................... 193
Creating IT policies ....................................................................................................................... 194
Available IT policies.................................................................................................................... 195
Assigning IT policies ..................................................................................................................... 196
Changing IT policies ..................................................................................................................... 199
Applying IT policy changes...................................................................................................... 200
Managing IT policies .................................................................................................................... 201
Troubleshooting IT policies ........................................................................................................ 202

Module 11: Managing the devices...................................................... 207

About device management ........................................................................................................ 208
Deploying devices ......................................................................................................................... 209
Deploying devices using the BlackBerry Desktop Manager ......................................... 210
Deploying devices using the BlackBerry Manager........................................................... 210
Deploying devices through Enterprise Activation............................................................ 211
Enterprise Activation process..................................................................................................... 213
Troubleshooting wireless Enterprise Activation issues...................................................... 217
Tips for troubleshooting wireless Enterprise Activation issues .................................... 217
Controlling which devices can activate on the BlackBerry Enterprise Server ............ 219
Configuring an Enterprise Service Policy............................................................................. 220
Managing software on the devices.......................................................................................... 221
BlackBerry Manager console ................................................................................................... 221
Managing the devices wirelessly .............................................................................................. 223
Managing connected devices .................................................................................................... 224
Monitoring devices........................................................................................................................ 227
Configuring automatic handheld management ............................................................... 229
Configuring Auto BCC addresses........................................................................................... 230

60IPES41TOC.fm
v
 RIM Education Services

Module 12: Administering the BlackBerry Attachment Service 237

About the BlackBerry Attachment Service ............................................................................ 238
Attachment Service supported file formats ........................................................................ 239
BlackBerry Attachment Service network architecture........................................................ 241
Attachment viewing data flow ............................................................................................... 242
Configuring the BlackBerry Attachment Service ................................................................. 245
Configuring the Attachment Service Connector properties .......................................... 246
Configuring BlackBerry Attachment Server properties ................................................... 247
Setting supported attachment formats and distillers...................................................... 248
Configuring the maximum file size for a distiller ............................................................. 249
Tips for configuring the BlackBerry Attachment Service................................................ 250
Troubleshooting the Attachment Service .............................................................................. 252
Testing the BlackBerry Attachment Service........................................................................ 252
BlackBerry Attachment Service error codes ........................................................................ 253
Attachment Server logs ............................................................................................................. 253
Tips for troubleshooting the Attachment Service............................................................. 253

Module 13: Administering the BlackBerry MDS

Connection Service ........................................................... 259
Introducing BlackBerry Mobile Data System........................................................................ 260
BlackBerry MDS architecture................................................................................................... 260
BlackBerry MDS Connection Service ....................................................................................... 263
Pull requests.................................................................................................................................. 263
Push requests................................................................................................................................ 268
Authentication ............................................................................................................................. 270
Access Control .............................................................................................................................. 271
Disabling BlackBerry MDS Connection Service ................................................................... 275
Configuring the BlackBerry MDS Connection Service ....................................................... 276
Configuring RSA authentication............................................................................................... 278
Configuring BlackBerry MDS Connection Service proxy settings .................................. 279
Configure proxy server settings .............................................................................................. 279
Assign a URL to a proxy server ............................................................................................... 280
Configure a URL to bypass the proxy server ...................................................................... 280
Configuring BlackBerry MDS Connection Service access rules....................................... 281
Troubleshooting BlackBerry MDS Connection Service issues.......................................... 283

60IPES41TOC.fm
vi
RIM Education Services

Module 14: Administering the BlackBerry Collaboration

Service................................................................................... 291
About the BlackBerry Collaboration Service......................................................................... 292
BlackBerry Collaboration Service data flow .......................................................................... 293
Managing the BlackBerry Collaboration Service ................................................................. 296
Enabling and disabling the BlackBerry Collaboration Service ..................................... 296
Configuring the BlackBerry Collaboration Service ........................................................... 297
Troubleshooting tips .................................................................................................................. 298

Module 15: Troubleshooting the BlackBerry Enterprise

Server..................................................................................... 301
BlackBerry Enterprise Server logs ............................................................................................. 302
Locating BlackBerry Enterprise Server logs......................................................................... 302
BlackBerry Enterprise Server log format .............................................................................. 303
Configuring logging for BlackBerry Enterprise Server..................................................... 304
Troubleshooting messaging issues with BlackBerry Enterprise Server logs................ 307
Identifying errors in BlackBerry Enterprise Server logs ................................................... 307
Tracing a message in BlackBerry Enterprise Server logs ................................................ 308
Command line utilities................................................................................................................. 311
BBSRPTest.exe .............................................................................................................................. 311
HandheldCleanup.exe ............................................................................................................... 311
IEMSTest.exe ................................................................................................................................. 312
Troubleshooting device issues................................................................................................... 314
Notifying users................................................................................................................................ 315
Using the Technical Knowledge Center................................................................................. 318
Troubleshooting messaging issues .......................................................................................... 320

60IPES41TOC.fm
vii
 RIM Education Services

60IPES41TOC.fm
viii
Module 1: Introducing the BlackBerry
Enterprise Solution
This module introduces the BlackBerry Enterprise Solution™ and
discusses the solution’s purpose and components. In addition, this
module discusses message flow through this solution.

Objectives
• Identify the purpose of the BlackBerry Enterprise Solution.
• Describe the architecture and components of the
BlackBerry Enterprise Solution.
• Describe how messages flow through the BlackBerry
Enterprise Solution.
 RIM Education Services Introducing the BlackBerry Enterprise Solution

About the BlackBerry Enterprise Solution

The BlackBerry Enterprise Solution is a solution that permits
mobile professionals to stay connected to both people and
information. It is a fully integrated, secure platform that allows
organizations to deploy information from existing applications to
mobile professionals as quickly and cost-effectively as possible. In
addition, the BlackBerry Enterprise Solution provides an
organization with the ability to manage a large number of
BlackBerry users within their existing corporate information
systems infrastructure.

The BlackBerry Enterprise Solution provides users with wireless

access to a full suite of productivity enhancing tools, including the
following:

• email messages
• applications
• Internet and corporate intranet
• organizer features
• cellular phone functionality
• short messaging service (SMS)

60IPES41m1.fm
2
RIM Education Services Introducing the BlackBerry Enterprise Solution

BlackBerry Enterprise Solution architecture

The architecture of the BlackBerry Enterprise Solution is displayed
in the following figure.

The components of the BlackBerry Enterprise Solution include the

following.

Component Description
BlackBerry devices, With the BlackBerry Enterprise Solution, you can select
BlackBerry Connect from a wide range of wireless devices.
devices, and
BlackBerry Built-In A BlackBerry devices provide users with easy access to
devices email messages and information without dialing up or
requesting delivery. When messages are sent to the device,
it decrypts, decompresses, and displays the received
messages. For messages created on the device, the device
encrypts, compresses, and sends them to the wireless
network.

BlackBerry Connect is a software stack added to mobile

devices from a variety of manufacturers that enables
BlackBerry functionality and allows users to take
advantage of BlackBerry push technology.

With BlackBerry Built-In devices, the operating system is

built into mobile devices from leading manufacturers. As a
result, it has some of the same applications found on a
BlackBerry Wireless Handheld and will have a similar look
and feel to a BlackBerry handheld.

60IPES41m1.fm
3
 RIM Education Services Introducing the BlackBerry Enterprise Solution

Component Description
Wireless networks The BlackBerry Enterprise Solution works with many
different wireless network technologies around the world.

The wireless network transports the data to and from the

device and places it on the Internet to be sent to its
destination.
Internet The Internet transports data to and from the corporate
firewall.
BlackBerry The BlackBerry Infrastructure provides a secure and
Infrastructure reliable connection to many carriers who operate on the
iDEN, CDMA, and GSM/GPRS networks around the world.
With this gateway, users have access to both personal and
corporate data as well as email messages, and the
calendar and address book applications.
Corporate firewall Messages travel through port 3101 on the corporate
firewall to the BlackBerry Enterprise Server. This is not a
“hole” or a potential security risk in the firewall, but rather
an outbound-initiated, bi-directional connection.
BlackBerry Enterprise The BlackBerry Enterprise Server is the optional add-on
Server BlackBerry software installed on a server.

The BlackBerry Enterprise Server does the following:

• manages the wireless transfer of information from
behind the firewall
• uses advanced security to encrypt all information
that flows to and from the BlackBerry device
• enables secure, push delivery of content to mobile
users

For more information, see “About the BlackBerry

Enterprise Server” on page 12.
Messaging servers The BlackBerry Enterprise Solution integrates with
Microsoft® Exchange, IBM® Lotus® Domino®, and
Novell® GroupWise® corporate messaging servers to
wirelessly and securely extend email messaging.
Application servers The BlackBerry Enterprise Solution provides the
and databases technology to wirelessly extend an organization’s
application infrastructure.

60IPES41m1.fm
4
RIM Education Services Introducing the BlackBerry Enterprise Solution

Message flow through the BlackBerry

Enterprise Solution
In the BlackBerry Enterprise Solution, data flows through the
corporate servers and firewall, out to the Internet and then to the
wireless network which delivers it to the device.

Message flow to and from a device

The following scenario outlines the message flow when a message
is created by a BlackBerry user in one corporation (the sender) and
received by a BlackBerry user in another corporation (the
recipient). As your instructor discusses the data flow, add the lines
and numbers to the diagram.

1. User A creates an email message and sends it. The message

is compressed, encrypted, and sent to the wireless
network.
2. The wireless network routes the message to the Internet
through the BlackBerry Infrastructure.
3. The message reaches the corporate firewall, where it
passes through port 3101 to the BlackBerry Enterprise
Server.
4. The BlackBerry Enterprise Server decrypts the message,
decompresses it, and places it in the sender’s outbox.

60IPES41m1.fm
5
 RIM Education Services Introducing the BlackBerry Enterprise Solution

5. The corporate messaging server sends the message as

SMTP traffic through the corporate firewall via port 25.
6. The message travels across the Internet as SMTP traffic
and arrives at User B’s corporate firewall.
7. The corporate firewall allows the message to pass through
to the messaging server where it is placed in User B’s
mailbox.
8. The BlackBerry Enterprise Server monitors User B’s
mailbox and retrieves the new message. The new message
is applied against global and personal filters. If the
message is to be delivered to User B’s device, the
BlackBerry Enterprise Server compresses and encrypts the
first 2K of the message and queues it for delivery.
9. The message is sent by the BlackBerry Enterprise Server
through port 3101 on the corporate firewall to the
BlackBerry Infrastructure.
10. The BlackBerry Infrastructure routes the message to the
wireless network.
11. The wireless network receives the message and forwards it
to User B’s device.
12. User B’s device receives, decrypts, and decompresses the
message. The device also sends a confirmation notification
to the BlackBerry Enterprise Server to indicate that it
received the message.

60IPES41m1.fm
6
RIM Education Services Introducing the BlackBerry Enterprise Solution

Review questions

1. The following diagram shows the components involved when

a message is sent from a BlackBerry device to a computer in a
different corporation. Label each of the components.

Label Component
A

60IPES41m1.fm
7
 RIM Education Services Introducing the BlackBerry Enterprise Solution

2. The following scenario outlines the message flow when a

message is sent from a BlackBerry device to a computer in a
different corporation.

Identify what happens at each step in the message flow:

Label Description
The corporate messaging server sends the message as SMTP traffic
through the firewall via port 25.
The message arrives at the recipient’s corporate firewall via SMTP.

The BlackBerry Infrastructure routes the message to the sender’s

corporate firewall.
The corporate firewall allows the SMTP message to pass through to
the messaging server where it is placed in the recipient’s mailbox.
The wireless network routes the message to the BlackBerry
Infrastructure.
The BlackBerry Enterprise Server decrypts the message,
decompresses it, and places the message in the sender’s outbox.
The sender composes and sends a message from their device. The
device compresses and encrypts the message and sends it to the
wireless network.
The message travels across the Internet as SMTP traffic.
The message passes through port 3101 on the firewall and arrives at
the BlackBerry Enterprise Server.

60IPES41m1.fm
8
RIM Education Services Introducing the BlackBerry Enterprise Solution

3. Which of the following components can be found in the

BlackBerry Enterprise Solution?
a. Corporate firewall, corporate intranet, BlackBerry
Enterprise Server, and BlackBerry devices
b. BlackBerry Enterprise Solution, wireless networks, instant
messaging servers, and BlackBerry Connect devices.
c. BlackBerry Connect devices, BlackBerry Built-In devices,
wireless networks, and the BlackBerry Mobile Data
Services.
d. Corporate firewall, BlackBerry Enterprise Server, wireless
networks, and BlackBerry devices.

60IPES41m1.fm
9
 RIM Education Services Introducing the BlackBerry Enterprise Solution

Module summary

Objective Summary
Identify the purpose The BlackBerry Enterprise Solution is a fully
of the BlackBerry integrated, secure platform that allows organizations
Enterprise Solution. to deploy information from existing applications to
mobile professionals as quickly and cost-effectively
as possible.

See “About the BlackBerry Enterprise Solution” on

page 2.
Describe the The components of the BlackBerry Enterprise
architecture and Solution include the following:
components of the • BlackBerry devices, BlackBerry Connect devices,
BlackBerry Enterprise and BlackBerry Built-In devices
Solution.
• wireless network
• Internet
• corporate firewall
• BlackBerry Enterprise Server
• messaging servers
• application servers and databases

See “BlackBerry Enterprise Solution architecture” on

page 3.
Describe how See “Message flow through the BlackBerry Enterprise
messages flow Solution” on page 5.
through the
BlackBerry Enterprise
Solution.

60IPES41m1.fm
10
Module 2: Introducing the BlackBerry
Enterprise Server
This module introduces the BlackBerry Enterprise Server and
discusses its purpose and components. In addition, this module
discusses message flow through the BlackBerry Enterprise Server.

Objectives
• Identify the purpose of the BlackBerry Enterprise Server.
• Describe the functions of the BlackBerry Enterprise Server.
• Describe the BlackBerry Enterprise Server architecture.
• Describe the BlackBerry Enterprise Server components.
• Describe how messages flow to a device through the
BlackBerry Enterprise Server.
• Describe how messages flow from a device through the
BlackBerry Enterprise Server.
 RIM Education Services Introducing the BlackBerry Enterprise Server

About the BlackBerry Enterprise Server

The BlackBerry Enterprise Server is the add-on BlackBerry software
installed on a server within the BlackBerry Enterprise Solution. It is
the behind-the-firewall infrastructure that provides a centralized,
secure link to the wireless network and the wireless devices. With
BlackBerry Enterprise Server, mobile professionals have secure,
effortless access to enterprise information and applications.

Functions of the BlackBerry Enterprise Server

The BlackBerry Enterprise Server performs the following functions:

• manages email messages remotely

• accesses other enterprise applications and systems
• controls the type and number of messages received on the
device
• provides access to Personal Information Management
(PIM) information
• maintains information integrity and confidentiality
• accommodates attachment viewing on the device
• provides access to content from the Internet and corporate
data sources
• provides simplified management and centralized control
of the wireless environment

60IPES41m2.fm
12
RIM Education Services Introducing the BlackBerry Enterprise Server

BlackBerry Enterprise Server architecture

The BlackBerry Enterprise Server consists of several different
components as shown below. Each of these components belongs to
one or more systems which support the BlackBerry Enterprise
Server functions.

Within the BlackBerry Enterprise Server architecture, the

BlackBerry Manager is the graphical user interface used by
administrators to manage the BlackBerry Enterprise Server. It runs
on an administration computer separate from the BlackBerry
Enterprise Server. The following services can be installed on
separate machines to increase functionality and scalability within a
network environment:

• BlackBerry Attachment Service

• BlackBerry Router
• BlackBerry Manager
• BlackBerry MDS Connection Service
• BlackBerry Collaboration Service
• BlackBerry MDS Services
• Configuration database

60IPES41m2.fm
13
 RIM Education Services Introducing the BlackBerry Enterprise Server

In addition, the messaging server in the architecture can be one of

three platforms: Microsoft Exchange, IBM Lotus Domino, and
Novell GroupWise. While the architecture is generally the same
between the three platforms, there are small differences.

Microsoft Exchange
The BlackBerry Enterprise Server integrates with Microsoft
Exchange. With the Microsoft Exchange platform, the BlackBerry
Enterprise Server runs using MAPI. As well, the BlackBerry
Enterprise Server does not poll the Exchange mailboxes because
Microsoft Exchange notifies the BlackBerry Enterprise Server when
a new message arrives in the user’s inbox.

IBM Lotus Domino

The BlackBerry Enterprise Server also integrates with IBM Lotus
Domino. The IBM Lotus Domino software offers messaging and
calendar/scheduling options as well as access to collaborative
applications. The BlackBerry Enterprise Server for IBM Lotus
Domino extends these features to the BlackBerry wireless device.

The BlackBerry Enterprise Server for IBM Lotus Domino also

supports multiple Domino domains, which permits the BlackBerry
Enterprise Server to support full functionality for all devices across

60IPES41m2.fm
14
RIM Education Services Introducing the BlackBerry Enterprise Server

all local and foreign domains. The BlackBerry Enterprise Server

polls the user’s mailboxes to determine if new mail has arrived.

Novell GroupWise
The BlackBerry Enterprise Server also integrates with Novell
GroupWise. Novell GroupWise is a collaboration software solution
providing users with integrated email, calendar, instant messaging,
task management, contact services, document management, and
storage functions.

The BlackBerry Enterprise Server, which is treated as a GroupWise

trusted application, accesses GroupWise using Object API.

The BlackBerry Enterprise Server does not maintain a persistent

connection to the mailboxes on the GroupWise server. As a result,
the GroupWise server does not notify the BlackBerry Enterprise
Server of new email messages. Instead, the BlackBerry Enterprise
Server’s GroupWise Connector polls the GroupWise mailbox every
20 seconds to determine if new items have arrived. In addition, the
BlackBerry Enterprise Server does not write anything directly to
the mailbox.

All items in GroupWise are tagged for identification and these tags
are stored in the BlackBerry Enterprise Server’s Configuration
database. The BlackBerry Enterprise Server does not share

60IPES41m2.fm
15
 RIM Education Services Introducing the BlackBerry Enterprise Server

databases in GroupWise because of the frequency with which the

configuration database has to be accessed. Because everything in
GroupWise, including tasks and notes, are stored as mail items, the
BlackBerry Enterprise Server must look at the tags on the item
rather than its location in the file system to determine what it is.

GroupWise does not keep multiple copies of each message in

different folders. Instead, it keeps one copy in a central location and
places pointers to these messages in the user’s mail file. The user,
however, sees them in different folders on the client

60IPES41m2.fm
16
RIM Education Services Introducing the BlackBerry Enterprise Server

BlackBerry Enterprise Server components

The BlackBerry Enterprise Server consists of the following
components.

BlackBerry Router
Did You Know The BlackBerry Router routes data (such as email messages, PIM
You can install the BlackBerry information, browser data, and data sent from the corporate
Router on a separate intranet) from the BlackBerry Enterprise Server to the BlackBerry
computer to increase device. This data is routed either through the wireless network or
scalability and control. through a corporate LAN as shown below. As devices are
connected and disconnected from the computer, the BlackBerry
Router dynamically switches between sending data wirelessly and
sending it through the corporate LAN.

Routing data through the wireless network

Did You Know The BlackBerry Router manages the connection between the
The BlackBerry Router can be BlackBerry Enterprise Server and the Service Relay Protocol (SRP)
run from within a De- server to route BlackBerry data through the wireless network. The
Militarized Zone (DMZ) if one BlackBerry Router must be able to reach the BlackBerry
exists in the corporate Infrastructure through port 3101 of the firewall.
network.
If they are installed on the same machine, the BlackBerry Router
and the BlackBerry Enterprise Server communicate through a local
port. If they are installed on separate machines, they communicate
through a TCP/IP connection.

60IPES41m2.fm
17
 RIM Education Services Introducing the BlackBerry Enterprise Server

Routing data through a corporate LAN

Important The BlackBerry Router also manages the connection between the
The BlackBerry Handheld BlackBerry Enterprise Server and the BlackBerry Handheld
Manager is not part of the Manager. The BlackBerry Handheld Manager is a small COM
BlackBerry® Desktop service agent installed on a user’s computer. With a device
Manager. connected to the user’s computer via serial, USB, or Bluetooth, the
BlackBerry Handheld Manager will transfer data from the device to
the BlackBerry Enterprise Server through the BlackBerry Router.
As a result, data is transferred across the corporate LAN rather
than across the wireless network. By routing data through the
corporate LAN, corporations can reduce wireless traffic and the
associated financial charges.

Did You Know To route data over the corporate LAN, the BlackBerry Router must
Essentially, the BlackBerry be reachable through port 4101 on the corporate firewall by
Handheld Manager acts as the computers with the BlackBerry Handheld Manager installed. The
client piece of the BlackBerry BlackBerry Handheld Manager and the BlackBerry Router
Router. communicate through a TCP/IP connection.

When the BlackBerry Router is routing data across the corporate

LAN, users can view basic connection statistics within the
BlackBerry Handheld Manager. As well, the BlackBerry Handheld
Manager applies the USB drivers needed to allow administrators to
do remote installs from a centralized Application Loader tool on
the network.

Systems which use this component

• Messaging system
• Policy system
• PIM synchronization system
• Backup system
• MDS system
• Attachment system
• Collaboration system

60IPES41m2.fm
18
RIM Education Services Introducing the BlackBerry Enterprise Server

BlackBerry Dispatcher
All communication between the components of the BlackBerry
Enterprise Server passes through the BlackBerry Dispatcher. The
BlackBerry Dispatcher encrypts/decrypts and compresses/
decompresses all BlackBerry data and routes this data through the
BlackBerry Router to and from the BlackBerry Infrastructure.

Systems which use this component

• Messaging system
• Policy system
• PIM synchronization system
• Backup system
• MDS system
• Attachment system
• Collaboration system

BlackBerry Controller
The BlackBerry Controller monitors all of the BlackBerry Enterprise
Server’s components and services and restarts any that stop
responding.

Novell GroupWise
On the Novell GroupWise platform, the BlackBerry Controller also
monitors and restarts the GroupWise Connector.

Systems which use this component

• Not applicable

BlackBerry Synchronization Service

The BlackBerry Synchronization Service manages the full two-way
wireless synchronization of the address book, task, and memo
applications.

Did You Know It is also responsible for device management information and over
The Calendar is synchronized the air (OTA) back up and restore. Administrators have the ability
using the BlackBerry to control whether or not this functionality is available for a given
Messaging Agent, not the user or group of users using an IT policy.
BlackBerry Synchronization
Service.

60IPES41m2.fm
19
 RIM Education Services Introducing the BlackBerry Enterprise Server

IBM Lotus Domino

On the IBM Lotus Domino platform, the user’s PIM information
can be synchronized in one of the following ways:

• By enabling the user’s roaming profile provided the user is

running IBM Lotus Domino version 6.0 or later.
• By using the iNotes Template.
• By creating a replica of each user’s Personal Address Book
on a Domino Server that is accessible by the BlackBerry
Enterprise Server.

Systems which use this component

• PIM synchronization system
• Backup system

BlackBerry Policy Service

The BlackBerry Policy Service is responsible for pushing IT policies
wirelessly to the device. It also sends the wireless commands to
erase handheld data, lock the device and force a password for
access, change the user password, set owner information, and send
service books. As well, the BlackBerry Policy Service generates and
regenerates encryption keys, making it an important component in
Enterprise Activation.

Systems which use this component

• Policy system

60IPES41m2.fm
20
RIM Education Services Introducing the BlackBerry Enterprise Server

BlackBerry Collaboration Service

The BlackBerry Collaboration Service provides instant messaging
services to the BlackBerry Enterprise Server and BlackBerry
wireless devices.

The BlackBerry Enterprise Server supports three instant messaging

solutions.

• Microsoft Live Communications Server (LCS)

• IBM Sametime®
• GroupWise Messenger

As the server side component of the instant messaging solution, the

BlackBerry Collaboration Service connects the BlackBerry
Enterprise Server with the related instant messaging server
(Microsoft LCS, IBM Sametime, or GroupWise Messenger).

Systems which use this component

• Collaboration System

BlackBerry Messaging Agent

The BlackBerry Messaging Agent connects to the messaging server
to provide email, address lookup, and attachment services. In
addition, the BlackBerry Messaging Agent acts as a gateway for the
BlackBerry Synchronization Service to access Personal Information
Management (PIM) data and perform the wireless synchronization
of the calendar application and the wireless generation of the
original encryption key.

60IPES41m2.fm
21
 RIM Education Services Introducing the BlackBerry Enterprise Server

Microsoft Exchange
The Microsoft Exchange server notifies the BlackBerry Messaging
Agent when new messages arrive, instead of the BlackBerry
Messaging Agent polling the mailbox. Once the notification has
been received, the BlackBerry Messaging Agent can retrieve and
process the new message for delivery. Also, with Microsoft
Exchange, there can be multiple BlackBerry Messaging Agents, as
required by the number of mailboxes. The BlackBerry Enterprise
Server automatically adjusts the number of BlackBerry Messaging
Agents as necessary.

IBM Lotus Domino

In the IBM Lotus Domino platform, the BlackBerry Messaging
Agent uses native IBM Lotus Domino APIs to poll the IBM Lotus
Domino server every 20 seconds for new messages. When a new
message arrives in the mailfile of a BlackBerry user, the BlackBerry
Messaging Agent is responsible for retrieving the Universal Notes
Identifier (UNID) of the message and creating a reference point for
the message within the user’s state database for tracking.

Novell GroupWise
On the Novell GroupWise platform, when changes occur in the
mailboxes on the GroupWise server, the GroupWise Connector
updates the BlackBerry Enterprise Server’s Configuration database
with the GroupWise ID and the Ref ID. The BlackBerry Messaging
Agent monitors the Configuration database for the changes sent by
the GroupWise Connector. When a change occurs, the BlackBerry
Messaging Agent goes to the GroupWise server and retrieves the
information.

Systems which use this component

• Messaging system
• PIM synchronization system
• Attachment system

60IPES41m2.fm
22
RIM Education Services Introducing the BlackBerry Enterprise Server

GroupWise Connector
For the Novell GroupWise platform, the GroupWise Connector
exists between the GroupWise server and the Configuration
database and polls the GroupWise server every 20 seconds for new
or changed mail items. For new or changed items, the GroupWise
Connector updates the Configuration database with the
GroupWise ID and the Ref ID. The BlackBerry Messaging Agent
monitors the database and when changes occur, retrieves the
information from the mailboxes on the GroupWise server.

Systems which use this component

• Messaging system

BlackBerry Attachment Service

Did You Know Attachments are never sent to the device with the email message.
You can install the Instead, they are stored on a server until the BlackBerry
Attachment Service on a Attachment Service retrieves them and converts them to a format
separate computer to increase users can view on the device. Users can then pan, zoom, and rotate
scalability and control. these images.

Systems which use this component

• Attachment system
• MDS system

BlackBerry Mobile Data System (MDS) Services

Did You Know BlackBerry MDS Services retrieves and translates information from
You can install BlackBerry the Internet or corporate intranet and sends it to the device through
MDS Services on a separate the BlackBerry Dispatcher. It acts as an intelligent gateway
computer to increase facilitating the secure data flow between the BlackBerry Browser
scalability and control. and third-party Java applications on the device and online
corporate data, corporate applications, and Internet sites.

There are five BlackBerry MDS Services.

BlackBerry MDS
Description
Service
BlackBerry MDS • It accepts and responds to push requests from
Connection Service server-side push applications that reside
behind the corporate firewall.
• It uses standard Internet protocols such as
HTTP or TCP/IP.

60IPES41m2.fm
23
 RIM Education Services Introducing the BlackBerry Enterprise Server

BlackBerry MDS
Service Description

BlackBerry MDS • It supports web services and other standard

Application mechanisms for integrating wireless
Integration Service applications with existing enterprise
applications and systems.
• It manages the transmission of application
data messages between BlackBerry MDS
services and data sources.
BlackBerry MDS • It controls which BlackBerry MDS services users
Provisioning Service can download to BlackBerry devices.
• It supports application discovery from a
BlackBerry device.
• It manages wireless transmission and use on
BlackBerry devices.
BlackBerry MDS Data • It converts existing server-side content and
Optimization Service data for efficient wireless transmission and use
on BlackBerry devices.
BlackBerry MDS • It centralizes the application lifecycle
Administrative and management.
Management Service

Systems which use this component

• MDS system

60IPES41m2.fm
24
RIM Education Services Introducing the BlackBerry Enterprise Server

BlackBerry Enterprise Server databases

Depending upon the associated messaging server, the BlackBerry
Enterprise Server can have up to three databases. These databases
store all of the information required by the BlackBerry Enterprise
Server.

BlackBerry Configuration database

Did You Know In all three platforms, the BlackBerry Configuration database stores
You can install the the BlackBerry configuration information in one central location,
Configuration database on a which gives administrators more flexibility when managing
separate computer to increase BlackBerry servers and users. Whenever a change is made on the
scalability and control. device or on the BlackBerry Enterprise Server, a change is made in
the BlackBerry Configuration database. Because the information is
stored centrally, users do not need to regenerate an encryption key
if they are moved from one BlackBerry server to another.

The databases supported on each of the platforms are outlined

below.

Platform Database
Microsoft Exchange SQL
MSDE
IBM Lotus Domino SQL
MSDE
DB2
Novell GroupWise SQL
MSDE

BlackBerry Profiles database - IBM Lotus Domino

On the IBM Lotus Domino platform, a BlackBerry Profiles database
(BlackBerryProfiles.nsf) exists. This database is generated when the
BlackBerry Enterprise Server add-in task is started for the first time.
Whenever a change is made on the Desktop Manager, this database
is updated. The changes are then filtered to the Configuration
database so the content in the Profiles database matches the content
in the Configuration database.

If the BlackBerry Profiles database does not exist before the

BlackBerry Enterprise Server installation, the database will be
created and populated from the Configuration database after a
restart of the Domino server.

Note: The profile documents are not editable in the native database format;
only the BlackBerry Desktop Manager and BlackBerry Server Manager
applications can modify the values in these documents.

60IPES41m2.fm
25
 RIM Education Services Introducing the BlackBerry Enterprise Server

BlackBerry State database - IBM Lotus Domino

On the IBM Lotus Domino platform, each user has a uniquely
named state database in which the BlackBerry Enterprise Server
stores information about messages, calendar items, requests for
more information, and attachments which are sent or received by
the device. The BlackBerry Enterprise Server writes a new entry to
the user’s state database each time it receives an item from the
device or redirects an item to the device. This entry links the item in
the mail file and the item on the device by storing the reference ID.

As an item travels through the different delivery stages, the

associated entries in the database are updated with the current
status. When the item is delivered to the device, the entry is deleted
from the database.

The state database is critical to the operation of the BlackBerry

Enterprise Server because it supports functionality such as message
replies, forwarding, filtering, filing, and reconciliation.

Systems which use this component

• Messaging system
• Policy system
• PIM synchronization system
• Backup system
• MDS system
• Attachment system
• Collaboration system

BlackBerry Manager
Did You Know The BlackBerry Manager is the graphical user interface used by
You can install the BlackBerry administrators to administer, manage, and configure the
Manager on a separate BlackBerry Enterprise Server.
computer to increase
scalability and control. The BlackBerry Manager has a common interface across all three
supported messaging platforms.

Systems which use this component

• Administers all of the systems

60IPES41m2.fm
26
RIM Education Services Introducing the BlackBerry Enterprise Server

Exercise 1: BlackBerry Enterprise Server platform

comparison
In small groups, check the boxes in the following table to indicate
which platforms the statement applies to.

Statement Microsoft Lotus Novell

Exchange Domino GroupWise
1. The BlackBerry Enterprise Server
polls the mailboxes on the
messaging server to see if new
messages have arrived.
2. The BlackBerry Enterprise Server
connects to the messaging server
using MAPI.
3. The BlackBerry Messaging Agent
retrieves new messages from the
messaging server.
4. The BlackBerry Controller monitors
and restarts the BlackBerry
Messaging Agent, the BlackBerry
Dispatcher, and the GroupWise
Connector.
5. The BlackBerry Collaboration
Service provides instant messaging
services to the BlackBerry Enterprise
Server and the device.
6. The BlackBerry Messaging Agent
runs as an add-in task.
7. The BlackBerry Enterprise Server is
treated as a trusted application and
accesses the messaging server using
Object API.
8. The State database stores
information about messages that
are sent or received by the device.
9. The BlackBerry Enterprise Server
does not maintain any connection
to the mailboxes on the messaging
server.
10. The BlackBerry MDS Connection
Service is part of the BlackBerry
MDS Services.

60IPES41m2.fm
27
 RIM Education Services Introducing the BlackBerry Enterprise Server

Microsoft Lotus Novell

Statement
Exchange Domino GroupWise
11. The Profiles database is updated
every time a change is made to the
BlackBerry Manager.
12. The messaging server automatically
notifies the BlackBerry Enterprise
Server when a new message arrives.
13. The GroupWise Connector updates
the Configuration database when a
new message arrives on the
messaging server.
14. The Configuration database stores
all the configuration information in
one central location.
15. A user’s PIM information can be
synchronized by enabling a user’s
roaming profile.
16. The BlackBerry Router can be used
to route data through a wireless
network or a corporate LAN.
17. The BlackBerry Controller monitors
and restarts the BlackBerry
Messaging Agent and the
BlackBerry Dispatcher.

60IPES41m2.fm
28
RIM Education Services Introducing the BlackBerry Enterprise Server

BlackBerry Enterprise Server messaging

system
The BlackBerry Enterprise Server controls the message flow to and
from the messaging servers and the BlackBerry devices. As your
instructor discusses the data flow to and from the device, add the
appropriate lines and numbers to the diagrams.

To a device

60IPES41m2.fm
29
 RIM Education Services Introducing the BlackBerry Enterprise Server

1. A new message arrives in the user’s mailbox.

- Microsoft Exchange: The Microsoft Exchange router
delivers a new message to the user's Microsoft
Exchange mailbox. Microsoft Exchange notifies the
BlackBerry Messaging Agent that a new message has
arrived.
- IBM Lotus Domino: The IBM Lotus Domino router
delivers a new message to the user's IBM Lotus
Domino mailfile. The BlackBerry Messaging Agent
polls the user's mailbox and detects the new message.
The default polling interval is 20 seconds.
- Novell GroupWise: The Novell GroupWise router
delivers a new message to the user's mailbox. The
GroupWise Connector finds the message during its
next scheduled poll of the user’s mailbox and updates
the Configuration database. When the BlackBerry
Messaging Agent sees the entry in the database, it
retrieves the message from the GroupWise messaging
server. The default polling interval of the GroupWise
Connector is 20 seconds.
2. Global and personal filters are applied to the new
message.
- The BlackBerry Messaging Agent checks the message
fields against global filters and filters the messages
that meet the filter criteria. It then checks the message
fields against personal filters and filters the messages
that meet that filter criteria.
3. Message reference information is recorded.
- Microsoft Exchange: The BlackBerry Messaging
Agent writes the Reference ID (RefID) to the message
in Exchange.
- IBM Lotus Domino: The BlackBerry Messaging
Agent creates an entry in the user's state database.
The entry is used to track delivery state and associate
the UNID (applied to the message in IBM Lotus
Notes) with a randomly generated RefID and tag. If
the message is a meeting invitation or calendar item,
the BlackBerry Messaging Agent appends calendar
information to the message.
- Novell GroupWise: The GroupWise Connector
updates the Configuration database with the
GroupWise ID and the Ref ID for the message. When
the BlackBerry Messaging Agent detects the update in
the database, it goes to the GroupWise server and
retrieves the information.

60IPES41m2.fm
30
RIM Education Services Introducing the BlackBerry Enterprise Server

4. The message is sent to the BlackBerry Dispatcher.

- The BlackBerry Messaging Agent sends the first 2K of
the message to the BlackBerry Dispatcher.
5. The message is compressed and encrypted.
- The BlackBerry Dispatcher compresses and encrypts
the first portion of the message with the user's
encryption key and passes it to the BlackBerry Router
for delivery to the device.
- IBM Lotus Domino: The user’s state database shows
the message status, which is also written to the IBM
Lotus Domino console and log.
6. The message is sent to the wireless network.
- The BlackBerry Router sends the first portion of the
message through port 3101 to the BlackBerry
Infrastructure. The BlackBerry Infrastructure then
passes it to the wireless network, which verifies the
PIN belongs to a valid device registered on the
wireless network.
7. A delivery confirmation is returned.
- The wireless network locates the user's device and
delivers the message. The device sends a delivery
confirmation to the BlackBerry Dispatcher, which
passes it to the BlackBerry Messaging Agent. If the
BlackBerry Enterprise Server does not receive
confirmation within four hours, it resubmits the
message to the wireless network.
- IBM Lotus Domino: The BlackBerry Messaging
Agent writes the message’s delivery state to the user’s
state database.
8. The message arrives on the device.
- The device decrypts and decompresses the message
so the user can view it and notifies the user of its
arrival.

60IPES41m2.fm
31
 RIM Education Services Introducing the BlackBerry Enterprise Server

From a device

Did You Know 1. The message is sent from the device.

For more information on - The user sends a message from the device. The device
service books, see page 11 of looks up the CMIME service book for the appropriate
the Administering the routing information.
BlackBerry Enterprise Server
version 4.1 - Reference Guide. - On the device, the message is assigned a RefId. If the
message is a meeting invitation or calendar item, the
device appends the calendar information to the
message.
2. The message is compressed and encrypted.
- The device compresses and encrypts the entire
message using AES or Triple DES encryption.
3. The message is sent to the BlackBerry Enterprise Server
- The message is sent over the wireless network to the
BlackBerry Infrastructure, which passes the data via
the SRP connection. It then travels through port 3101
to the BlackBerry Enterprise Server.
4. The message is decrypted and decompressed.
- The BlackBerry Dispatcher uses the encryption key to
decrypt and decompress the message. If it cannot be
decrypted using the user's unique encryption key, the
BlackBerry Enterprise Server ignores the message and
sends an error to the user’s device.

60IPES41m2.fm
32
RIM Education Services Introducing the BlackBerry Enterprise Server

5. On the IBM Lotus Domino platform, an entry is written

to the state database.
- If the message is a new message, the BlackBerry
Messaging Agent creates an entry in the user’s state
database. If the message is a reply with text or a
forwarded message, the BlackBerry Messaging Agent
performs a lookup using the state database entry to
correlate the incoming message to the original
message in the user's mailfile. The state database
contains a link to the original message. Because only
the first portion of a message is redirected to the
device, the BlackBerry Messaging Agent must locate
and retrieve the full message text to forward or reply
with text.
6. The message is delivered to the user’s mailbox.
- Microsoft Exchange: The BlackBerry Messaging
Agent places the message in the user’s Microsoft
Exchange mailbox.
- IBM Lotus Domino platform: The BlackBerry
Messaging Agent places the message in the local
mail.box on the IBM Lotus Domino server for
delivery.
- Novell GroupWise: The BlackBerry Messaging Agent
places the message in the user's Novell GroupWise
mailbox.
7. The message is copied into the Sent folder.
- The BlackBerry Messaging Agent places a copy of the
message in the user’s Sent Items folder. This step does
not take place if the Don't save a copy to the Sent
Items folder option is enabled in the user’s settings
and that setting is allowed on the BlackBerry
Enterprise Server.
8. The message is routed to the recipients.
- The messaging server router routes the message to
the recipients. As a result, a message that is sent from
the device appears to have originated from the user’s
corporate email address, just as it would if the
message had been sent from the desktop.

60IPES41m2.fm
33
 RIM Education Services Introducing the BlackBerry Enterprise Server

Review questions

1. The BlackBerry Dispatcher

a. encrypts/decrypts and compresses/decompresses email
only.
b. routes data through port 3101 in the corporate firewall to
the BlackBerry Infrastructure and the Internet.
c. encrypts/decrypts and compresses/decompresses all data
and routes this data through the BlackBerry Router.
d. is a component on the Internet operated by RIM.

2. The BlackBerry Synchronization Service

a. manages the full two-way wireless synchronization of the
address book, tasks, and memo applications.
b. allows users to request the synchronization of data with a
send/receive option.
c. manages the full two-way wireless synchronization of
email messages.
d. manages the full two-way wireless synchronization of the
Calendar, Address Book, Tasks, and MemoPad
applications.

3. The BlackBerry Policy Service

a. allows administrators to configure multiple users.
b. is responsible for pushing IT policies wirelessly to the
device through the BlackBerry Dispatcher.
c. determines which service books are provisioned on the
handheld.
d. is only required in a Microsoft Exchange environment.

60IPES41m2.fm
34
RIM Education Services Introducing the BlackBerry Enterprise Server

4. For each of the following tasks, identify the component that

performs it.

Task Component
Creates and assigns RefIDs.
Sends a message through port
3101 to the wireless network.
Applies global and personal
filters to a message.
Uses an encryption key to
decrypt and decompress a
message.

60IPES41m2.fm
35
 RIM Education Services Introducing the BlackBerry Enterprise Server

Module summary

Objective Summary
Identify the purpose The BlackBerry Enterprise Server is the add-on
of the BlackBerry BlackBerry software installed on a server within the
Enterprise Server. BlackBerry Enterprise Solution. It is the behind-the-
firewall infrastructure that provides a centralized,
secure link to the wireless network and the wireless
devices.

See “About the BlackBerry Enterprise Server” on

page 12.
Describe the functions The functions of the BlackBerry Enterprise Server
of the BlackBerry include the following:
Enterprise Server. • managing email messages remotely
• accessing other enterprise applications and
systems
• controlling the type and number of messages
received on the device
• providing access to Personal Information
Management (PIM) information
• maintaining information integrity and
confidentiality
• accommodating attachment viewing on the
device
• providing access to content from the Internet
and corporate data sources

See “About the BlackBerry Enterprise Server” on

page 12.
Describe the The BlackBerry Enterprise Server can be installed on
BlackBerry Enterprise the following three platforms:
Server architecture. • Microsoft Exchange
• IBM Lotus Domino
• Novell GroupWise

See “BlackBerry Enterprise Server architecture” on

page 13.

60IPES41m2.fm
36
RIM Education Services Introducing the BlackBerry Enterprise Server

Objective Summary
Describe the The components of the BlackBerry Enterprise Server
BlackBerry Enterprise include the following:
Server components. • BlackBerry Router
• BlackBerry Dispatcher
• BlackBerry Controller
• BlackBerry Synchronization Service
• BlackBerry Policy Service
• BlackBerry Messaging Agent
• GroupWise Connector
• BlackBerry Attachment Service
• BlackBerry MDS Services
• BlackBerry Enterprise Server databases
• BlackBerry Manager

See “BlackBerry Enterprise Server components” on

page 17.
Describe how 1. A new message arrives in the user’s mailbox.
messages flow to a 2. Global and personal filters are applied to the
device through the new message.
BlackBerry Enterprise
Server. 3. Message reference information is recorded.
4. The message is sent to the BlackBerry
Dispatcher.
5. The message is compressed and encrypted.
6. The message is sent to the wireless network.
7. A delivery confirmation is returned.
8. The message arrives on the device.

See “BlackBerry Enterprise Server messaging system”

on page 29.

60IPES41m2.fm
37
 RIM Education Services Introducing the BlackBerry Enterprise Server

Objective Summary
Describe how 1. The message is sent from the device.
messages flow from a 2. The message is compressed and encrypted.
device through the
BlackBerry Enterprise 3. The message is sent to the BlackBerry Enterprise
Server. Server.
4. The message is decrypted and decompressed.
5. On the IBM Lotus Domino platform, the state
database is written to.
6. The message is delivered to the user’s mailbox.
7. The message is copied into the Sent folder.
8. The message is routed to the recipients.

See “BlackBerry Enterprise Server messaging system”

on page 29.

60IPES41m2.fm
38
Module 3: Installing the BlackBerry
Enterprise Server
This module describes how to install and verify the installation of
the BlackBerry Enterprise Server.

Objectives
• Discuss the BlackBerry Enterprise Server installation
process.
• Identify which BlackBerry Enterprise Server components
can be installed remotely.
• Verify the BlackBerry Enterprise Server installation
requirements have been met.
• Perform the pre-installation tasks for each platform on
which the BlackBerry Enterprise Server is supported.
• Install the BlackBerry Enterprise Server.
• Verify the BlackBerry Enterprise Server installation.
• Troubleshoot issues with the BlackBerry Enterprise Server
installation.
 RIM Education Services Installing the BlackBerry Enterprise Server

BlackBerry Enterprise Server installation

process
The process you would follow to install the BlackBerry Enterprise
Server is as follows:

60IPES41m3.fm
40
RIM Education Services Installing the BlackBerry Enterprise Server

BlackBerry Enterprise Server remote

installation options
When you are installing the BlackBerry Enterprise Server, you can
install all of the BlackBerry Enterprise Server components on one
machine or you can install some components on remote machines.
Determine which components will be remotely installed before
starting the installation.

Installation type Description

BlackBerry Enterprise It installs all the BlackBerry Enterprise Server components
Server on the same machine, except for the BlackBerry MDS
Services.
BES with MDS It installs all the BlackBerry Enterprise Server components,
Services including the BlackBerry MDS Services software on the
same machine.
BlackBerry Manager It installs the BlackBerry Enterprise Server administration
tools on a remote computer to allow for remote
administration. During the configuration of the BlackBerry
Manager, you define which database it will connect to.

One BlackBerry Manager can support many BlackBerry

Enterprise Servers.
BlackBerry It installs the BlackBerry Attachment Service and the
Attachment Service BlackBerry Controller on a remote computer. During the
configuration of the Attachment Service, you define which
BlackBerry Enterprise Server it will connect to.

A remote BlackBerry Attachment Service can support

multiple BlackBerry Enterprise Servers.
BlackBerry Router It installs the BlackBerry Router and the BlackBerry
Controller on a remote computer. During the configuration
of the BlackBerry Router, you define which BlackBerry
Enterprise Server it will connect to.

A remote BlackBerry Router can support multiple

BlackBerry Enterprise Servers.

Note: You can install several standby BlackBerry Routers

as failover locations in the event your primary
BlackBerry Router is unavailable.

60IPES41m3.fm
41
 RIM Education Services Installing the BlackBerry Enterprise Server

Installation type Description

BlackBerry MDS It installs the BlackBerry MDS Connection Service and the
Connection Service BlackBerry Controller on a remote computer.

A remote BlackBerry MDS Connection Service can support

one BlackBerry Enterprise Server and one MDS Services
server.

The BlackBerry MDS Connection Service may use increased

server resources when processing content requests. As a
result, you can install the BlackBerry MDS Connection
Service remotely to minimize the impact on message
traffic.
BlackBerry It installs the BlackBerry Collaboration Service, the
Collaboration Service BlackBerry Instant Messaging Connector, and the
BlackBerry Controller on a remote computer.

A remote BlackBerry Collaboration Service can support

one BlackBerry Enterprise Server.

The BlackBerry Collaboration Service uses a persistent

socket connection for each instant messaging session. As a
result, you can install the BlackBerry Collaboration Service
remotely to maximize the number of available sockets.

Note: To support 2000 instant messaging users, Research

In Motion recommends installing the BlackBerry
Collaboration Service remotely.
Note: You can only install one type of collaboration
system and users can only use one type of instant
messaging on their device.

60IPES41m3.fm
42
RIM Education Services Installing the BlackBerry Enterprise Server

Installation type Description

MDS Services It installs the BlackBerry Controller and the following MDS
Services on a remote computer:
• BlackBerry MDS Application Service
• BlackBerry MDS Data Optimization Service
• BlackBerry MDS Provisioning Service
• BlackBerry MDS Management Service
• BlackBerry MDS Application Repository

A remote BlackBerry MDS Services server can support one

BlackBerry Enterprise Server.

The BlackBerry MDS Application Repository can be

installed on the same server as the MDS services or on a
database server with the Configuration database. The
BlackBerry MDS Application Repository only supports SQL
authentication so you must choose one of the following
authentication environments:
• You must install the BlackBerry MDS Application
Repository on an SQL server where Mixed Mode
authentication is supported.
• You must use SQL authentication when
administering MDS services in the BlackBerry
Manager.

Remote installation tips

• You cannot install multiple components on the same
remote machine. Multiple components can only be
installed on the same machine if they are installed on the
BlackBerry Enterprise Server.
• If you install components remotely, install them after you
install the base BlackBerry Enterprise Server.
• Before installing components remotely, you must verify
the remote machines can all communicate with each other.

60IPES41m3.fm
43
 RIM Education Services Installing the BlackBerry Enterprise Server

BlackBerry Enterprise Server installation

requirements
Remember Before installing the BlackBerry Enterprise Server, you must
For the most current complete or verify the following requirements:
requirements, refer to the
BlackBerry Enterprise Server • hardware requirements
Installation Guide for the • operating system requirements
platform you are installing.
• messaging and collaboration server software requirements
• messaging environment requirements
• security support requirements
• additional software requirements
• network environment settings
• multilanguage support requirements
• instant messaging server requirements
• database environment settings
• database permissions requirements
• Terminal Services requirements - Microsoft Exchange
• multi-domain support requirements - IBM Lotus Domino

For more information on the installation requirements, see page 14

in the Administering the BlackBerry Enterprise Server version 4.1 -
Reference Guide.

60IPES41m3.fm
44
RIM Education Services Installing the BlackBerry Enterprise Server

Pre-installation tasks
The Microsoft Exchange, IBM Lotus Domino, and Novell
GroupWise platforms each have different tasks you must complete
before installing the BlackBerry Enterprise Server.

Microsoft Exchange pre-installation tasks

Pre-installation tasks Description Required information

1. Log in to the Domain By logging in as • Administrator
Controller and the Administrator, you have user id
BlackBerry Enterprise access to the domain and • Administrator
Server as the permissions to create password
Administrator. and assign service
accounts.
2. On the Domain The BlackBerry Service • BlackBerry
Controller, create a account is used to start service account
BlackBerry service services and perform name
account and mailbox. administrative tasks on the • BlackBerry
BlackBerry Enterprise service account
Server. It also lends the login name
security context to the
BlackBerry Enterprise • BlackBerry
Server so it can access service account
Microsoft Exchange. password

Note: If the components

are installed on
separate machines,
each machine
requires a user
account, but they
can share the same
mailbox.
3. In the Local Security If you assign the • Domain
Policy, assign the BlackBerry Service account • BlackBerry
BlackBerry Service the right to log in as a Service account
account the right to service, the BlackBerry name
log in as a service. Enterprise Server can run
continuously and
integrates with the
Exchange Server even
when the BlackBerry
Service account is logged
out.

60IPES41m3.fm
45
 RIM Education Services Installing the BlackBerry Enterprise Server

Pre-installation tasks Description Required information

4. Add the BlackBerry Add the BlackBerry Service • Domain
Service account to the account to the • BlackBerry
local Administrator Administrator group so the service account
group on the machine account has the name
on which you are permissions to install
installing the software, create
BlackBerry Enterprise directories, and write to
Server. the registry.
5. Assign Exchange Use the appropriate • Domain
permissions to the Microsoft Exchange • BlackBerry
BlackBerry Service administrative tool to Service account
account. assign Exchange View name
Only Administrator
permission with
Administrative Groups as
the minimum access level.
By assigning these
permissions, you allow the
BlackBerry Enterprise
Server to monitor (but not
change) user mailboxes for
incoming messages on the
Exchange Server.
Note: Exchange System
Manager must be
installed on the
BlackBerry
Enterprise Server in
order to assign
Exchange
permissions to your
BlackBerry
Administrator
mailbox.
6. Assign Exchange Security permissions allow • Exchange Server
Security permissions. your BlackBerry Service • BlackBerry
account to redirect Service account
messages from individual name
user mailboxes on the
Exchange Server to the
users’ devices. These
security permissions
include Administer
Information Store, Receive
As, and Send As.

60IPES41m3.fm
46
RIM Education Services Installing the BlackBerry Enterprise Server

Pre-installation tasks Description Required information

7. Enable MAPI profiles. To initialize the MAPI
subsystem, open the
Microsoft Exchange
2000/2003 System
Manager.
Note: If MAPI is not
present after
completing this
step, you may need
to run a tool so the
BlackBerry
Enterprise Server
installer can
facilitate the
creation and
editing of MAPI
profiles.
8. Install and register the You must install and • CDO version
cdo.dll. register the correct cdo.dll • CDO download
hotfix to support wireless location
calendar synchronization.
The cdo.dll file, including
the cdo.dll hotfix, should
be the same version as the
mapi32.dll file installed on
the BlackBerry Enterprise
Server. Both files should be
the same version as the
cdo.dll file on every server
running Microsoft
Exchange.

60IPES41m3.fm
47
 RIM Education Services Installing the BlackBerry Enterprise Server

IBM Lotus Domino pre-installation tasks

Pre-installation tasks Description Required information

1. Start the IBM Lotus
Domino server.
2. Add the IBM Lotus If the IBM Lotus Domino
Domino server on server running the
which you are BlackBerry Enterprise
installing the Server add-in task is not
BlackBerry Enterprise in the
Server to the LocalDomainServers
LocalDomainServers group, it will not likely
group. have permissions to
access users’ mail files.
3. From the IBM Lotus The BlackBerryAdmins • IBM Lotus
Domino group defines who has Domino
administration server, access to the Domino Administrator
create the databases which are password
BlackBerryAdmins required for Blackberry • IBM Lotus
group. Replicate the user administration. The Domino server
group to the Domino BlackBerryAdmins group name
Directory on the has full manager access
server on which you to these databases. The
plan to install the administration rights of
BlackBerry Enterprise the BlackBerryAdmins
Server. group are limited only to
those Domino Databases
involved with BlackBerry
Enterprise administration.
BlackBerry administrators
do not need to access
anything relating to
Domino Server
administration.

Note: When you create

this group, you
must type it
exactly as shown.
It is case sensitive.
4. Modify the server
document so users
can be moved within
a BlackBerry domain.

60IPES41m3.fm
48
RIM Education Services Installing the BlackBerry Enterprise Server

Pre-installation tasks Description Required information

5. Quit the IBM Lotus The server must be shut
Domino server. down so the BlackBerry
Enterprise Server installer
can add the BlackBerry
Messaging Agent as a
new Domino add-in task.
The install will fail if the
server is running.
6. Log in to Microsoft These permissions are • Account login ID
Windows with an required for the • Account
account that has the BlackBerry Enterprise password
rights to copy files to Server installation.
the file system and
right to the registry.

Novell GroupWise pre-installation tasks

Pre-installation tasks Description Required information

1. Log into a Novell The eDirectory admin has • eDirectory admin
Client for Windows as super-user rights to userid
an eDirectory admin. manipulate the • eDirectory admin
eDirectory on the Novell password
server where GroupWise
resides.

60IPES41m3.fm
49
 RIM Education Services Installing the BlackBerry Enterprise Server

Pre-installation tasks Description Required information

2. Pre-start the The BlackBerry Enterprise • Account login ID
GroupWise Client and Server uses connection • Account
send a test message. information taken from password
the GroupWise Client to
establish communication
with the GroupWise
server. If you have
created a new admin
account and the
GroupWise Client has not
been started successfully,
the BlackBerry Enterprise
Server will not be able to
connect to the GroupWise
server.

Pre-starting the
GroupWise Client also
prompts GroupWise to
create an Address Book
for the account. Until the
address book has been
created, the BlackBerry
Enterprise Server will not
be able to synchronize it
with the address book on
the device.
3. Log in to the Novell The Trusted Application • Novell supervisor
Client with a Novell Key Generator uses the account user ID
supervisor account. credentials of this • Novell supervisor
account when identifying password
itself to the GroupWise
server.
4. From a computer that By verifying the location
is running of the GroupWise primary
ConsoleOne, verify the database, you ensure the
location of your trusted application key
GroupWise primary will generate properly.
database.
5. From a computer that The Trusted Application • Trusted
is running Key Generator creates a Application Key
ConsoleOne, install the Trusted Application Key Generator
Trusted Application the BlackBerry Enterprise download
Key Generator. Server will use to connect location
to the GroupWise server.

60IPES41m3.fm
50
RIM Education Services Installing the BlackBerry Enterprise Server

Pre-installation tasks Description Required information

6. Create a trusted The Trusted Application
application key for the Key is the password that
BlackBerry Enterprise lets the BlackBerry
Server. Enterprise Server connect
to the GroupWise server
through the GroupWise
API and poll user
mailboxes for messages.
The key can be carried to
any other computer.

Multiple BlackBerry
Enterprise Servers can
connect to a single
GroupWise server with
the same key. Multiple
GroupWise systems each
need a separate key.
7. Verify the trusted
application key exists.
8. Verify the BlackBerry
Enterprise Server is a
trusted application.

60IPES41m3.fm
51
 RIM Education Services Installing the BlackBerry Enterprise Server

Lab - Completing the pre-installation tasks

Company X is a telecommunications company which provides a

full suite of communications products. The company has decided
to deploy BlackBerry wireless devices to the majority of their
employees. As a result, they need to install, configure, and
customize their BlackBerry Enterprise Server environment.

As a member of the Information Technology team, complete the

BlackBerry Enterprise Server pre-installation tasks. Your instructor
will tell you which platform you are to install the BlackBerry
Enterprise Server on. You can use the information outlined in this
manual and starting on page 23 in the Administering the BlackBerry
Enterprise Server version 4.1 - Reference Guide.

Required information

Platform:

Windows domain:

Messaging server:

BES administrator
login ID:

Password:

Student number:

Software and SRP

location:

60IPES41m3.fm
52
RIM Education Services Installing the BlackBerry Enterprise Server

Installing the BlackBerry Enterprise Server

After verifying the requirements have been met and completing the
pre-installation tasks, you can install the BlackBerry Enterprise
Server software by running the BlackBerry Enterprise Server
installer.

During the installation, the installer passes through three phases:

• initial installation options

• reboot of the administration computer reboot
• final configuration after the reboot completes

During the BlackBerry Enterprise Server installation, the installer

also detects whether various software packages are present, and, if
it is not, the installer installs it. For more information on what
software the installer detects, see page 39 in the Administering the
BlackBerry Enterprise Server version 4.1 - Reference Guide.

Options you configure before the reboot can be altered up until the
computer reboots. Similarly, options you configure after the reboot
can be altered up until the installation finishes and the services are
started. Once the reboot occurs, though, you cannot go back and
alter options set during the initial installation phase.

To begin the install, run the Setup.exe file, which opens the
BlackBerry Enterprise Server Installation and Upgrade wizard.
During the installation of the base BlackBerry Enterprise Server,
you will be prompted to do the following.

60IPES41m3.fm
53
 RIM Education Services Installing the BlackBerry Enterprise Server

Set initial installation options

1. Enter or confirm your customer information and accept the
license agreement.
2. For the type of installation, choose the BlackBerry
Enterprise Server install.
3. Accept the Apache license agreement.
4. Accept the Common Public License agreement.
5. Review the pre-install check list.
6. Enter the installation information.
Note: For a Microsoft Exchange install, you can also enter the name
of the BlackBerry Enterprise Server.
7. For an IBM Lotus Domino install, select the type of
database you are using. Your choice will be SQL Server or
DB2.
8. Select whether or not the Microsoft SQL Server 2000
Desktop Engine (MSDE) will be installed locally or if you
are using a remote database.
9. Change MSDE to mixed mode operation to support
BlackBerry MDS Services.
10. Review the installation summary and begin the install.

The BlackBerry Enterprise Server installer displays a

progress bar as it installs the software. At this time, any
required third-party software will be installed as
previously discussed.

Reboot the administrative computer

1. Reboot your machine when the BlackBerry Enterprise
Server installer finishes installing the software.
Note: After rebooting, you cannot go back and change any of the
options selected up to this point.

Perform final configuration

1. Enter your database information.

Depending on if you are installing a MSDE, SQL, or DB2

database, you will need to enter different information.
2. Enter the client license key.
3. Configure the name or IP address of the host through
which you will connect to the wireless network.
4. Configure the SRP authentication information.

60IPES41m3.fm
54
RIM Education Services Installing the BlackBerry Enterprise Server

5. Enter the BlackBerry Enterprise Server Collaboration

service and BlackBerry Enterprise Server communication
password information.
Note: You will need to enter something in this field even if you are
not using an Instant Messaging server.
6. Enter proxy information.
7. If you are installing the Novell GroupWise platform, enter
the GroupWise information.
8. Start the services.
After starting the services, the dialog box closes. At this
point, the installation is complete.

Installation tips
• The BlackBerry Enterprise Server installer’s title bar
displays the software version and bundle number of the
software being installed. Use this information to verify the
software version being installed.

60IPES41m3.fm
55
 RIM Education Services Installing the BlackBerry Enterprise Server

Verifying the BlackBerry Enterprise Server

installation
To verify your BlackBerry Enterprise Server installation, you need
to do the following:

1. For the IBM Lotus Domino platform, start the Lotus Domino
server.
2. Start the BlackBerry Manager by clicking Start > Programs >
BlackBerry Enterprise Server > BlackBerry Manager.

3. Validate the BlackBerry services are running properly by doing

the following:
a. Right click on My Computer and select Manage.
b. Expand Services and Applications and select
Services.
c. In the right pane, verify all BlackBerry Services are
running. Note what authority they are running
under.

60IPES41m3.fm
56
RIM Education Services Installing the BlackBerry Enterprise Server

Lab — Installing, configuring, and verifying the BlackBerry

Enterprise Server

Based on the platform assigned to you by your instructor, you can

now install the BlackBerry Enterprise Server as outlined in this
manual and starting on page 45 in the Administering the BlackBerry
Enterprise Server version 4.1 - Reference Guide.

60IPES41m3.fm
57
 RIM Education Services Installing the BlackBerry Enterprise Server

Troubleshooting the BlackBerry Enterprise

Server installation
Discussion: Errors found during your installation
As a group, discuss any errors found during your classroom
installation of the BlackBerry Enterprise Server. Identify and
discuss possible resolutions.

Errors found during installation:

Common pre-installation errors

Microsoft Exchange - cdo.dll error
This is the most common error you will see with the Microsoft
Exchange installation.

IBM Lotus Domino - “Count not open ID file”

When you start the BlackBerry installer, you may receive the
message “Could not open ID file” and the installer will close. If this
happens and you recently installed the IBM Lotus Domino server,
you may not have restarted it. You must restart it before running
the BlackBerry installer.

60IPES41m3.fm
58
RIM Education Services Installing the BlackBerry Enterprise Server

Novell GroupWise - Encryption key generation

If an error occurs during key generation, the error message is
logged in TestTApp.ini.

Error Message Correction

Connect_Error You must specify the correct DomainPath in
TestTApp.ini.
Authentication_Error You must log in to Netware as a super-user before
generating the key.

Common installation errors

• If you have entered the wrong SRP information, you will
not be able to connect or validate.
• If you enter the wrong relay address, when you test the
connection, it will fail and stop.
• If you connect to the wrong relay, it will show as
disconnected. To resolve this, you will need to use the
BlackBerry Server Configuration tool to change the SRP
address.
• If one of the third-party tools installed by the BlackBerry
installer does not install successfully, install the tool
manually and restart the installer.

Startup errors
Common errors you may see when you start up the BlackBerry
Manager include the following:

• permissions errors
• error codes
• you will not be able to open the BlackBerry Manager

Microsoft Exchange - MAPI profile

With this error, you are not prompted to edit or confirm the MAPI
profile during the BlackBerry Enterprise Server installation. To
resolve this, you need to create and edit the MAPI profile. For more
information, refer to the BlackBerry Enterprise Server Installation
Guide for the platform you are installing.

60IPES41m3.fm
59
 RIM Education Services Installing the BlackBerry Enterprise Server

Installation failure
If the BlackBerry Enterprise Server installation fails or the installer
hangs, restart the installer and begin again. If you have not yet
rebooted the machine, you will need to start at step 1 in the process.
If you have rebooted the machine, you will need to start at step 12
in the process.

Hanging SQL driver during installation

A bug currently exists with Microsoft Windows 2003 which causes
the SQL driver to hang during installation. To resolve this problem,
install Microsoft Data Access Components (MDAC) 2.8 SP2 which
comes with Microsoft Windows 2003 SP1.

Installation log files

While troubleshooting an installation, you may need to refer to the
installation logs. These logs contain information about what
options the user picked during the installation. The logs exist in the
following locations:

• Before the Installation Summary screen has been

displayed, you can find the logs in the following location:

<directory drive:>\Program Files\Research In

Motion\BlackBerry Enterprise Server\Logs\Installer

• After the Installation Summary screen has been displayed,

you can find the logs in the following location:

<installed directory>\Research In Motion\BlackBerry

Enterprise Server\Logs\Installer

From these locations, you can access the following installation logs.

Log Log file name

Database log • DB_InstallYYMMDDtime.log
Installer log • SetupYYYYMMDDtime.log
BlackBerry Enterprise • UserMigration.log
Server User migration • UserMigrationStatus.bin
log

60IPES41m3.fm
60
RIM Education Services Installing the BlackBerry Enterprise Server

Review questions

1. Identify the main steps in the installation process.

1.

2.

3.

4.

5.

2. Identify and describe three different types of installations.

1.

2.

3.

60IPES41m3.fm
61
 RIM Education Services Installing the BlackBerry Enterprise Server

3. True or False? During the installation process, after you reboot

the server, you can go back and change the location of the log
files.
4. Explain when the logs are stored in each of the following
directories.

Directory Explanation
<directory drive:>\Program
Files\Research In Motion\BlackBerry
Enterprise Server\Logs\Installer
<installed directory>\Research In
Motion\BlackBerry Enterprise
Server\Logs\Installer

60IPES41m3.fm
62
RIM Education Services Installing the BlackBerry Enterprise Server

Module summary

Objective Summary
Discuss the BlackBerry See “BlackBerry Enterprise Server installation
Enterprise Server process” on page 40.
installation process.
Identify which When you are installing the BlackBerry Enterprise
BlackBerry Enterprise Server, you can install all of the BlackBerry Enterprise
Server components Server components on one machine or you can
can be installed install some components on remote machines.
remotely.
See “BlackBerry Enterprise Server remote installation
options” on page 41.
Verify the BlackBerry Before installing the BlackBerry Enterprise Server,
Enterprise Server you must complete or verify several requirements,
installation including hardware, software, infrastructure,
requirements have platform, Microsoft SQL database, firewall, and proxy
been met. configuration requirements.

See “BlackBerry Enterprise Server installation

requirements” on page 44.
Perform the pre- The Microsoft Exchange, IBM Lotus Domino, and
installation tasks for Novell GroupWise platforms each have different
each platform on tasks you must complete before installing the
which the BlackBerry BlackBerry Enterprise Server.
Enterprise Server is
supported. See “Pre-installation tasks” on page 45.
Install the BlackBerry Install the BlackBerry Enterprise Server software by
Enterprise Server. running the BlackBerry Enterprise Server installer.
During the installation, the installer passes through
three phases:
• initial installation options
• reboot of the administration computer reboot
• final configuration after the reboot completes
See “Installing the BlackBerry Enterprise Server” on
page 53.

60IPES41m3.fm
63
 RIM Education Services Installing the BlackBerry Enterprise Server

Objective Summary
Verify the BlackBerry To verify your BlackBerry Enterprise Server
Enterprise Server installation, you need to do the following:
installation. 1. For the IBM Lotus Domino platform, start the
Lotus Domino server.
2. Start the BlackBerry Manager by clicking Start >
Programs > BlackBerry Enterprise Server >
BlackBerry Manager.
3. Validate the BlackBerry services are running
properly.
See “Verifying the BlackBerry Enterprise Server
installation” on page 56.
Troubleshoot issues See “Troubleshooting the BlackBerry Enterprise
with the BlackBerry Server installation” on page 58.
Enterprise Server
installation.

60IPES41m3.fm
64
Module 4: Exploring the BlackBerry
Manager
This module describes the tools packaged with the BlackBerry
Enterprise Server. It also introduces the BlackBerry Manager
console.

Objectives
• Open the BlackBerry Enterprise Server tools.
• Open the BlackBerry Manager.
• Explore the BlackBerry Manager console.
• Describe the levels within the BlackBerry Manager.
 RIM Education Services Exploring the BlackBerry Manager

BlackBerry Enterprise Server tools

After installing the BlackBerry Enterprise Server, you can access
the BlackBerry Enterprise Server tools by selecting Start >
Programs > BlackBerry Enterprise Server. The BlackBerry tools
include the BlackBerry Server Configuration tool and the
BlackBerry Manager.

BlackBerry Server Configuration tool

The BlackBerry Server Configuration tool contains several options
to configure the components and services which make up the
BlackBerry Enterprise Server. Many of these options are configured
by the BlackBerry Enterprise Server installer during installation.
You can use this tool to edit these settings.

To open the tool, select Start > Programs > BlackBerry Enterprise
Server > BlackBerry Server Configuration. This tool is divided
into tabs at the top for accessing the various components and
services, and configuration options for the selected component or
service at the bottom.

60IPES41m4.fm
66
RIM Education Services Exploring the BlackBerry Manager

Important tabs you can access include the following.

Tab Description
Database Use this tab to configure the database used by the
Connectivity BlackBerry Enterprise Server.
BlackBerry Server Use this tab to configure the BlackBerry Enterprise
Server, including the SRP connection settings.
Logging Use this tab to configure the BlackBerry Enterprise
Server logging.
BlackBerry Router Use this tab to configure the BlackBerry Router
connection options.
BlackBerry Use this tab to configure the Instant Messaging
Collaboration Service connection options.
Settings
Secure Connection Use this tab to configure passwords for the
BlackBerry Enterprise Server.
Proxy Settings Use this tab to configure the proxy settings.
Mobile Data Service Use this tab to configure the Mobile Data System
connection options.
Attachment Server Use this tab to configure, test, and administer the
Attachment server.

60IPES41m4.fm
67
 RIM Education Services Exploring the BlackBerry Manager

Exercise 1: Exploring the BlackBerry Server Configuration

tool
1. Open the BlackBerry Server Configuration tool.
2. Answer the following questions based on what you see:
a. What directory are the BlackBerry Enterprise Server
logs stored in?

b. What is the SRP address of the BlackBerry Router?

c. What is the SRP port number of the BlackBerry

Router?

d. What are three format extensions available with the

Attachment Server?

e. What is the host name of the Instant Messaging

server?

f. What is the log level for the BlackBerry Mailbox

Agent?

60IPES41m4.fm
68
RIM Education Services Exploring the BlackBerry Manager

Main areas within the BlackBerry Manager

The BlackBerry Manager console is the primary interface for
managing the BlackBerry Enterprise Server and its users, groups,
and servers.

To open the BlackBerry Manager, select Start > Programs >

BlackBerry Enterprise Server > BlackBerry Manager. When the
console opens, note the main areas the console is divided into.

Area Description
Menus The menus contain options to exit the tool and
access tool-related properties.
Explorer view The Explorer view is a hierarchical representation of
the BlackBerry Enterprise Server levels and
components. You can access additional information
by double clicking on the component in the Explorer
view.
Tabs Depending on what you select in the Explorer view,
different tabs are displayed across the top of the
right-hand window. The name of the tab indicates
the type of options it contains.
Task menus Task menus also change depending on what you
select in the Explorer view. Each of these menus
contains various tasks you can perform on the
selected component.

60IPES41m4.fm
69
 RIM Education Services Exploring the BlackBerry Manager

When you select some of the tabs, a list of information is displayed.

You can view lists of servers, roles, groups, users, software
configurations, and local port configurations by clicking on the
appropriate tab. When you select an item from a list, status
information is displayed at the bottom of the screen and the task
menus are updated to reflect the selected component.

60IPES41m4.fm
70
RIM Education Services Exploring the BlackBerry Manager

BlackBerry Manager tips

• When you have a list of information displayed in
BlackBerry Manager, you can change which columns are
displayed in the list. To do this, select View > Choose
Columns and the Column Chooser dialog box opens.
From this dialog box, you can add and remove the
columns that will be displayed and also select the order
you want them displayed in.

• To order a list you have displayed in the BlackBerry

Manager based on a certain column, click on that column
heading.
• When viewing status information about a user, the
following statuses are possible.

Status Description
Initializing You need to update the encryption key. The
BlackBerry Enterprise Server is trying to establish a
connection to the mailbox of the BlackBerry device
user.
Running The user is functioning normally.
In cradle - email You will not receive messages when your BlackBerry
redirection to the device is in the cradle or connected via USB
handheld is disabled connection.

60IPES41m4.fm
71
 RIM Education Services Exploring the BlackBerry Manager

Levels within the BlackBerry Manager

Within the BlackBerry Manager, the components are organized into
different levels. The four main levels are Domain, Server, Group,
and Port. The User level is accessed from within each of these other
levels.

Because the BlackBerry Enterprise Server consists of multiple

levels, you can access the same information and components in
more than one way. For a summary of the different access methods,
see “Accessing information in the BlackBerry Enterprise Server” on
page 84 in the Administering the BlackBerry Enterprise Server version
4.1 - Reference Guide.

Domain level
At the domain level, options you set or tasks you perform are
performed on all BlackBerry Enterprise Servers within the domain.

For a summary of the options and tasks available at the domain

level, see page 86 in the Administering the BlackBerry Enterprise
Server version 4.1 - Reference Guide.

60IPES41m4.fm
72
RIM Education Services Exploring the BlackBerry Manager

Server level
At the Server level, you can access a list of the servers configured
across the domain.

If you select a specific server in the Explorer view, various options

and tasks are available for that server.

For a summary of the options and tasks available at the Server

level, see page 88 in the Administering the BlackBerry Enterprise
Server version 4.1 - Reference Guide.

Group level
At the Group level, you can access a list of the groups configured
across the domain.

60IPES41m4.fm
73
 RIM Education Services Exploring the BlackBerry Manager

If you select a specific group in the Explorer view, various options

and tasks are available for the selected group.

For a summary of the options and tasks available at the Group

level, see page 92 in the Administering the BlackBerry Enterprise
Server version 4.1 - Reference Guide.

Local Ports level

At the Local Ports (handheld management) level, you can perform
and configure various options and tasks for a device connected to a
local port.

For a summary of the options and tasks available at the Local Ports
level, see page 95 in the Administering the BlackBerry Enterprise
Server version 4.1 - Reference Guide.

60IPES41m4.fm
74
RIM Education Services Exploring the BlackBerry Manager

User level
In addition to the four main levels, you can also access user
information by doing the following:

• Select BlackBerry Domain from the Explorer view and

click the All Users tab to see a list of all users across all
servers.
• Select a server from the Explorer view and click the Users
tab to see a list of users on that one server.
• Select a group from the Explorer view and click the Users
tab to see a list of users in the group.

To see the information for one user, select them from the user list.

60IPES41m4.fm
75
 RIM Education Services Exploring the BlackBerry Manager

Review questions

1. Describe the functions of these BlackBerry Enterprise Server

tools.

Term Description
BlackBerry Server
Configuration tool

BlackBerry Manager

2. For each of the following descriptions, identify the level.

Level Description
This level contains a list of groups configured across
the domain.
This level contains options and tasks you can
perform on all BlackBerry Enterprise Servers within
the domain.
This level contains user information.
This level contains various options and tasks you can
perform on a device connected to a local port.
This level contains a list of servers configured across
the domain.

60IPES41m4.fm
76
RIM Education Services Exploring the BlackBerry Manager

3. The Explorer view provides

a. a list of servers, users, and devices.
b. a hierarchical representation of the BlackBerry Enterprise
Server levels and components.
c. a list of folders containing BlackBerry Enterprise Server
files.
d. a visual representation of logs for each component.

4. To access status information on a server, you would do which

of the following?
a. Click the server name under the Statistics tab.
b. Right click the server name in the Explorer view and select
the status property.
c. Click on the Servers tab to open the server list and then
click on the server whose status information you want to
view.
d. Server status can only be viewed on the Reports tab.

60IPES41m4.fm
77
 RIM Education Services Exploring the BlackBerry Manager

Module summary

Objective Summary
Open the BlackBerry You can access the BlackBerry Enterprise Server tools
Enterprise Server by selecting Start > Programs > BlackBerry Enterprise
tools. Server. The BlackBerry tools include the BlackBerry
Server Configuration tool and the BlackBerry
Manager.

See “BlackBerry Enterprise Server tools” on page 66.

Open the BlackBerry To open the BlackBerry Manager, select BlackBerry
Manager. Manager from the drop down menu.

See “Main areas within the BlackBerry Manager” on

page 69.
Explore the When the console opens, note that it is divided into
BlackBerry Manager the following main areas:
console. • Menus
• Tabs
• Explorer view
• Task menus
• Status information
• Lists
See “Main areas within the BlackBerry Manager” on
page 69.
Describe the levels Within the BlackBerry Manager, the components are
within the BlackBerry organized into different levels. The four main levels
Manager. are Domain, Server, Group, and Port. The User level is
accessed from within each of these other levels

See “Levels within the BlackBerry Manager” on

page 72.

60IPES41m4.fm
78
Module 5: Managing administrative
roles
This module discusses the five administrative roles to which
support personnel can be assigned. It looks in detail at the options
available for each of these roles and discusses how to administer
them.

Objectives
• Define what an administrative role is.
• Describe the functions of administrative roles.
• Describe what options each role can access.
• Describe how to administer the roles.
 RIM Education Services Managing administrative roles

About administrative roles

Within the BlackBerry Enterprise Server, five administrative roles
have been defined. Each of these roles is mapped to a unique
grouping of administrative functionality which support personnel
access when they log in to the BlackBerry Manager.

You can use these administrative roles to perform the following

functions:

• Reduce the security risks of allowing all support personnel

access to all administrative functions.
• Reduce the operational risks of having junior support
personnel access potentially service-impacting options.
• Define different types of system administrators to better
distribute job responsibilities.
• Tie the accessible options to job responsibilities so support
personnel can quickly find the options they need to
perform their tasks.
• Accommodate support personnel who are mobile and who
need to access specific options from the road.

60IPES41m5.fm
80
RIM Education Services Managing administrative roles

Description of the administrative roles

The BlackBerry Enterprise Server administrative roles are
described below.

Role Description
Security Administrator This role has full rights to access and change all of
(rim_db_admin_security) the BlackBerry Enterprise Server options. This access
includes role administration, which only the Security
Administrator can view or change.
Audit Security Administrator This role can view all BlackBerry Enterprise Server
(rim_db_admin_audit_securit options, including the role administration options.
y) This role cannot change or update any of these
options.
Enterprise Administrator This role has access to all of the same tasks and
(rim_db_admin_enterprise) options as the Security Administrator role except for
role administration.
Audit Enterprise This role can view all BlackBerry Enterprise Server
Administrator options as the Security Administrator role can,
(rim_db_admin_audit_enterp except for the role administration options. This role
rise) cannot change or update any of these options.
Handheld Administrator The Handheld Administrator role is responsible for
(rim_db_admin_handheld) configuring and maintaining the devices. As a result,
this role has access to those options directly related
to the devices.
Audit Handheld Administrator This role can view the options relating to configuring
(rim_db_admin_audit_handh and maintaining the devices. This role cannot
eld) change or update any of these options.
Senior Help Desk The Senior Help Desk role generally has access to all
(rim_db_admin_sr_helpdesk) of the options and tasks associated with users.
Audit Senior Help Desk This role can generally view all the options and tasks
(rim_db_admin_audit_sr_hel associated with users. This role cannot change or
pdesk) update any of these options.
Junior Help Desk The Junior Help Desk role generally has access to a
(rim_db_admin_jr_helpdesk) subset of the options and tasks accessible by the
Senior Help Desk role.
Audit Junior Help Desk This role can view a subset of the options and tasks
(rim_db_admin_audit_jr_help accessible by the Senior Help Desk role. This role
desk) cannot change or update any of these options.

For more information on the specific options and tasks accessible

by each role, see page 98 in the Administering the BlackBerry
Enterprise Server version 4.1 - Reference Guide.

60IPES41m5.fm
81
 RIM Education Services Managing administrative roles

Administering roles
The ability to administer roles is only available to the Security
Administrator, who can access the options through the Role
Administration tab.

From this tab, the Security Administrator can use the following
options.

Option Description
List Administrators Click this option to list the roles and the users
assigned to each of them. You can also use this role
to add and delete administrators.
Add Administrators Select a role and click this option to add a user to
this role.

Note: When adding a user to a role, use their fully

qualified windows domain name.
Remove Select a role and click this option to remove a user
Administrators from this role.

60IPES41m5.fm
82
RIM Education Services Managing administrative roles

Installation tips
• When you first install the BlackBerry Enterprise Server,
only the Security Administrator role is created. The
Security Administrator must then assign users to the other
roles.
• To save effort, you can use operating system (OS) groups
to populate the roles.

Troubleshooting tips
• The role the user logs in with is displayed in the title bar.
In a troubleshooting scenario, use the title bar to confirm
which role the user has logged in under.
• When the BlackBerry Manager is started and stopped, an
entry will be added to the log showing the authenticated
user. This entry will include login and role information to
give context to the log entries.
• If a user has been assigned to more than one role, by
default the user will be assigned to the role with the most
restrictive privileges.

60IPES41m5.fm
83
 RIM Education Services Managing administrative roles

Lab - Adding users to roles

The Information Technology team consists of several levels of

administrators and support staff. Each level is responsible for
performing different tasks and has different levels of access to the
corporate network. To improve their efficiency and reduce
potential security and operational risks, the team has decided to
implement administrative roles in the BlackBerry Manager.

1. Using the information in this module and in the section

“Administrative roles and what they can access” on
page 98 of the Administering the BlackBerry Enterprise Server
version 4.1 - Reference Guide, identify the role best suited to
each member of the Information Technology team and
explain why.
2. Using the procedures starting on page 105 in the
Administering the BlackBerry Enterprise Server version 4.1 -
Reference Guide, assign each user to the appropriate role on
your BlackBerry Enterprise Server.

Clyde Warren is the Chief Information Officer and has unlimited

access to the corporate network. All of the Information Technology
staff reports to him and he is responsible for assigning his staff’s
access to the system.

Administrative role: Explanation:

Kate Turner has been assigned as the lead BlackBerry Enterprise

Server administrator. She needs sufficient access to perform all
tasks on the BlackBerry Enterprise Server. She will not be assigning
roles.

Administrative role: Explanation:

60IPES41m5.fm
84
RIM Education Services Managing administrative roles

Mark Murtha is a member of the telecommunications team. The

telecommunications team does not need any system access, but is
responsible for providing end-user handheld support. They are
also responsible for keeping extra handhelds and preparing them
for deployment.

Administrative role: Explanation:

Ming Li is a member of the first tier of support in the help desk. The
help desk supports end users by email and phone, but cannot
change any settings in any corporate system.

Administrative role: Explanation:

60IPES41m5.fm
85
 RIM Education Services Managing administrative roles

Review questions

1. You have a meeting with the Chief Information Officer to

discuss the advantages of implementing administrative roles.
Identify three advantages you could present.
a.

b.

c.

2. As an Enterprise Administrator, Kate Turner can

a. perform all tasks.
b. perform the same tasks as the Security Administrator
except for role administration.
c. not perform tasks, but can view all settings.
d. can only administer the Mobile Data System Services.

60IPES41m5.fm
86
RIM Education Services Managing administrative roles

3. Describe how you would determine which users had been

assigned to the Senior Help Desk role.

1.

2.

3.

60IPES41m5.fm
87
 RIM Education Services Managing administrative roles

Module summary

Objective Summary
Define what an Five administrative roles have been defined, each of
administrative role is. which is mapped to a unique grouping of
administrative functionality that support personnel
access when they log in to the BlackBerry Manager.

See “About administrative roles” on page 80.

Describe the functions • Reduce the security risks.
of administrative • Reduce the operational risks.
roles.
• Better distribute job responsibilities.
• Help support personnel more quickly find the
options they need to perform their tasks.
• Accommodate mobile support personnel.

See “About administrative roles” on page 80.

Describe what options See “Description of the administrative roles” on
each role can access. page 81.
Describe how to The options to administer roles are available through
administer the roles. the Role Administration tab and include listing,
adding and removing administrators.

See “Administering roles” on page 82.

60IPES41m5.fm
88
Module 6: Managing users
This module discusses how to add, configure, and manage
BlackBerry Enterprise Server users.

Objectives
• Describe how to add users to the BlackBerry Enterprise
Server.
• Describe how to manage users.
• Configure a user by setting user properties.
 RIM Education Services Managing users

Adding users to the BlackBerry Enterprise

Server
Before your organization can benefit from using the BlackBerry
Enterprise Server, you must populate the server with users by
selecting them from the messaging server’s Global Address Book.
When you select a user and add them to the BlackBerry Enterprise
Server, you are telling the server to monitor that user’s mailbox on
the messaging server. The BlackBerry Enterprise Server begins
redirecting mail only when the device has been deployed and the
new user has been fully activated.

To add and activate a user, the following must occur:

1. A user purchases a device and contacts their administrator to

begin the provisioning process.
2. The administrator adds the user to the BlackBerry Enterprise
Server. The server begins monitoring the user’s mailbox for
incoming traffic.
3. The administrator deploys a device to the user and creates a
unique encryption key using either the Desktop Manager,
BlackBerry Manager, or Enterprise Activation.
4. The user or the administrator activates the device by entering
the user’s corporate email address and the encryption key into
the device. Once the activation process is complete, the status
of the applications on the device changes from Initializing to
Complete.

60IPES41m6.fm
90
RIM Education Services Managing users

5. The BlackBerry Enterprise Server compresses, encrypts, and

transmits incoming messages to the specified device using the
unique encryption key. The user can send and receive email
messages on their device.

Adding the user

Did You Know To add a user to the BlackBerry Enterprise Server, select a server
The users you want to add and use the Add Users option. You can then add users from the
must already be in the Global messaging server’s Global Address Book. You can select one or
Address Book. more users to add to the BlackBerry Enterprise Server.

Novell GroupWise
Note the following about adding users to the BlackBerry Enterprise
Server on the Novell GroupWise platform:

• The user must first have an email account on the

GroupWise server before they can be added.
• The user must have logged into GroupWise at least once to
ensure an address book has been created for them.

60IPES41m6.fm
91
 RIM Education Services Managing users

Managing users
Did You Know The BlackBerry Enterprise Server allows you to monitor and
If you have not yet assigned a administer each user’s settings and account properties. You can
device to a user, their status access this information at either the domain level or an individual
appears as “Initializing”. user level:

• To access a list of all the users on all BlackBerry Enterprise

Servers, select BlackBerry Domain in the Explorer view
and click the All Users tab.
• To access a list of all the users on a specific BlackBerry
Enterprise Server, select that server in the Explorer view
and click the Users tab.

When you click either the All Users or Users tab, a list of users is
displayed. Once you select a user, you will have access to status
information about them and their account. You will also have
access to tasks you can perform.

User and account status information

When you select a user, you will see important user and account
status information in the lower pane.

60IPES41m6.fm
92
RIM Education Services Managing users

Task menus
When you select a user, you will also see the following options or
task menus in the lower-right pane.

Option or Menu Description

Edit Properties option This option allows you to access the
configuration information for the selected user.
You can use this option to configure a new user
or modify the configuration of an existing user.
Users Account menu This menu includes options you can use to find
users, delete users, add users to administrative
groups, and send users All Points Bulletins
(APBs).

The options in this menu are different

depending on whether you have selected the
Users tab or the All Users tab.
All Users Account menu

Handheld Management This menu includes options you can use to

assign a device to the selected user, assign
software configurations to that device, and
gather statistics on the device.

IT Admin This menu includes options for resending and

assigning IT policies. It also includes many of the
wireless commands administrators can perform
on the selected user’s device.

60IPES41m6.fm
93
 RIM Education Services Managing users

Option or Menu Description

Service Access This menu includes options to manage
activation passwords, configure folder
redirection for the user, and enable or disable
MDS access for the user.

Service Control & Customization This menu includes options to manage Personal
Information Management (PIM) synchronization,
review messages pending for the user’s device,
and gather statistics on the user’s device.

User management tips

You may need to search for a specific user, delete users, or move
users to different servers.

Finding users
Use the Find User option to search for users. If you click the option
with BlackBerry Domain selected, you can search for a user across
all BlackBerry Enterprise Servers. If you click the option with a
specific server selected, you can search for a user on that server.

Deleting users
Use the Delete User option to remove a user from the BlackBerry
Enterprise Server. When you click this option, the user is moved to
the Users Pending Delete tab, where they will stay for the time it
takes the BlackBerry Enterprise Server to process the request.
Generally, users only appear in this list for a few minutes, unless
there is an issue with the deletion. If this happens, you will have
the option to restore the user.

Moving users
You can also move users from one BlackBerry Enterprise Server to
another in the same domain by clicking Move User. To move a user
from one BlackBerry Enterprise Server to another, the two servers
must have a shared database. If they do not have a shared database,
you must export the user and then import them into the other
BlackBerry Enterprise Server.

Note: This option is not available for the Novell GroupWise platform.

60IPES41m6.fm
94
RIM Education Services Managing users

Configuring new users

After adding a user to the BlackBerry Enterprise Server, you need
to configure various options to ensure the user’s account and
device are working the way they want. You may also need to
change the configuration of an existing user as their needs change.

You perform this configuration in one of the following two ways:

• using the task menus

• using the Edit Properties dialog box

Configuring user options through the task menus

One method for configuring users is to use the menu items listed in
the task menus in the lower-right pane. For example, you can
configure folder redirection by clicking the Choose Folders for
Redirection option from the Service Access menu.

This option opens a dialog box you can use to select the folders on
the messaging server from which the BlackBerry Enterprise Server
redirects messages to the device. As a result, you can have email
messages redirected from personal folders the user created on the
messaging server.

60IPES41m6.fm
95
 RIM Education Services Managing users

Configuring user options through Edit Properties

Did You Know You can also configure a user account by selecting a user and
You can also open the User clicking the Edit Properties option to open the user properties
Properties dialog box by dialog box.
double clicking on the user.

The User Properties dialog box is divided into three main sections:
properties, configurable options, and an explanation of the selected
option.

60IPES41m6.fm
96
RIM Education Services Managing users

The properties available here include the following.

Property Description
Redirection Use this property to configure how messages are
redirected from the messaging server to the device.
Filters Use this property to configure personal filters for the
user.
Security Use this property to configure how encryption keys
are generated for the user.
IT Policy Use this property to assign an IT policy to the user.
PIM Sync Use this property to configure PIM synchronization
for the user.
Advanced Use this property to configure advanced settings,
such as mailbox agent id functionality.

Did You Know Within each of these properties, various options exist which you
By configuring message can use to configure the user’s account. For example, within the
forwarding, you can stop Redirection property, you can configure the message forwarding
messages from being rules to control how messages are sent to the user’s device. These
forwarded to a device without rules include the following.
removing the user from the
BlackBerry Enterprise Server. Rule Description
For example, if a user is
traveling out of a wireless Redirect to handheld Set this option to True to redirect messages arriving
coverage area and does not in the user’s mailbox on the messaging server to
want messages forwarded to their device.
their device during that time, Do not redirect when Set this option to True so messages arriving in the
you can turn off message in cradle user’s mailbox are not delivered to the device if the
redirection so the user can device is connected to the computer.
send messages but will not
receive them. The user can re- Do Not Save Sent Set this option to True to prevent messages sent
enable redirection from their Messages from the device from being saved in the messaging
device. server’s Sent Items folder.

Also on the Redirection property, you can enter text in the Auto
Signature field. This text will be added to every message sent from
the user’s device. To do this, double click on the Signature option
and enter the text.

Troubleshooting tip
• The Redirection property displays the user’s email
address if you need to verify it.

60IPES41m6.fm
97
 RIM Education Services Managing users

Lab - Adding users

Using the information outlined in this module and the procedures

starting on page 90 in the Administering the BlackBerry Enterprise
Server version 4.1 - Reference Guide, do the following:

1. Add all of the users in Company X’s global address book.

2. For Katie Tiegs, configure email redirection to redirect
messages to the handheld. Also, configure it so messages saved
on the device are also saved in the user’s mailbox.
3. Configure the following auto signature for Kate Turner:
Email message sent from my BlackBerry device.

60IPES41m6.fm
98
RIM Education Services Managing users

Review questions

1. True or False? When you add a user to the BlackBerry

Enterprise Server, the server starts redirecting email messages
to the user’s device.
2. Complete the following statements:
To access a list of users on one BlackBerry Enterprise Server...

To access a list of all users on all BlackBerry Enterprise Servers

in the domain...

3. Identify the steps required to configure Patrick Moser’s auto

signature to say he is currently out of the office.
1.

2.

3.

4.

5.

60IPES41m6.fm
99
 RIM Education Services Managing users

4. Identify the steps required to find Ming Li at the domain level.

1.

2.

3.

4.

60IPES41m6.fm
100
RIM Education Services Managing users

Module summary

Objective Summary
Describe how to add Use the Add User option to add users from the
users to the messaging server’s Global Address Book.
BlackBerry Enterprise
Server. See “Adding users to the BlackBerry Enterprise
Server” on page 90.
Describe how to • To access all the users on all BlackBerry
manage users. Enterprise Servers, select BlackBerry Domain
and click the All Users tab.
• To access all the users on one specific
BlackBerry Enterprise Server, select the server
and click the Users tab.

When you click either the All Users or Users tab, a

list of the relevant users is displayed. You will also
have access to user and account status information
and user related tasks.

See “Managing users” on page 92.

Configure a user by • Use the task menus to configure various
setting user options to ensure the user’s account and device
properties. are working the way they want.

See “Configuring new users” on page 95.

• Use the User Properties dialog box to configure
various options to ensure the user’s account
and device are working the way they want.

See “Configuring user options through Edit

Properties” on page 96.

60IPES41m6.fm
101
 RIM Education Services Managing users

60IPES41m6.fm
102
Module 7: Managing administrative
groups
This module introduces administrative groups. It includes
descriptions of how to use, configure, manage, and troubleshoot
administrative groups.

Objectives
• Introduce administrative groups.
• Manage administrative groups.
• Add administrative groups.
• Configure group properties.
• Add users to a new group.
• View the users who are part of a group.
• Configure user properties for a group member.
• Edit existing groups.
• Change which users are part of groups.
• Troubleshoot issues with administrative groups.
 RIM Education Services Managing administrative groups

About administrative groups

At the domain level, you can add and configure administrative
groups. Each administrative group is a collection of related users
who share a template of commonly configured properties. Groups
can consist of the following:

• A set of users who share an identical configuration of all

properties. In this case, all properties configured at a group
level are configured the same for all users in the group.
• A set of users who share a subset of properties that are
identically configured. In this case, users have some
properties configured the same as other members of the
group and some properties configured uniquely for them.

What do groups do?

With administrative groups, you can create a template of
properties to increase the speed and consistency with which you
configure users. You can also more easily change the property
settings for multiple users at once rather than doing it for each user
individually. Administrative groups allow administrators to do the
following.

Function Description
Group users according • Group users according to purpose or job
to function function so different properties can be set,
applied, or changed quickly for all members of
the group.
Improve efficiency • Modify how a property is configured for several
users and push this change out simultaneously
to all of them.
• Create a template so new users added to a
group will have all their properties
automatically set to the same values.
Standardize • Standardize how properties are configured
configurations across multiple users by configuring these
properties for the group.
• Create a template so users added to a group
will have all their properties set to the same
values.
Easily move users • Move a number of users to another BlackBerry
Enterprise Server quickly and easily by moving
the group to which they belong.

60IPES41m7.fm
104
RIM Education Services Managing administrative groups

Function Description
Accommodate for • Automatically set the properties for several
users on different users who are not all on the same BlackBerry
BlackBerry Enterprise Enterprise Server by grouping them together
Servers and configuring properties for the group.
Note: For the Microsoft Exchange platform, groups
cannot consist of users from a mixture of 4.0
and 4.1 BlackBerry Enterprise Servers.

60IPES41m7.fm
105
 RIM Education Services Managing administrative groups

Exercise 1: Identifying scenarios for administrative groups

1. You believe your company could benefit from implementing
administrative groups, but the rest of the department is not
sure. Identify three advantages you could present to convince
them using groups is a good idea.
1.

2.

3.

2. During the meeting, a question is raised about why a separate

group is required for the executives. How would you respond?

3. Another question is raised about how administrative groups

could help in the future if your company added offices and
BlackBerry Enterprise Servers around the world. How would
you respond?

60IPES41m7.fm
106
RIM Education Services Managing administrative groups

Managing groups
The BlackBerry Enterprise Server allows you to monitor and
administer each group’s properties.

Accessing lists of groups

You can access a list of the groups which exist on all BlackBerry
Enterprise Servers in one of the following ways:

• Select BlackBerry Domain in the Explorer view and click

the User Groups List tab.
• Select Servers in the Explorer view and click the User
Groups List tab.
• Select User Groups in the Explorer view and click the User
Groups List tab.

60IPES41m7.fm
107
 RIM Education Services Managing administrative groups

Accessing one group

When you click the User Groups List tab, a list of the groups is
displayed. When you select a group from the list, you will have
access to status information about that group, including the group
description, how many users are part of the group, and the
assigned IT policy. You will also have access to tasks you can
perform on the group.

You can also access information about a specific group by selecting

the group from the Explorer view and clicking the Group
Configuration tab.

Group status information

When you select a group, you will see important group
information in the lower pane of the BlackBerry Manager,
including information about the IT policy, redirection settings,
encryption key generation, wireless synchronization, and the auto
signature configured for the group.

60IPES41m7.fm
108
RIM Education Services Managing administrative groups

Task menus
Did You Know When you select a group which contains users, you will see the
Clicking the Move Group to following options and task menus in the lower-right pane.
BES option performs the same
action as if you issued the Option or Menu Description
Move User command on
several users simultaneously. Edit Group Template Click this option to access the configurable
properties for the group.
Copy Properties to Another Click this option to configure a new group by
Group copying the properties from an existing
group.
Group Admin This menu includes options you can use to
create groups, delete groups, update the
users who are part of the group, and modify
the group definition.

Account This menu includes options to move the

group to a different BlackBerry Enterprise
Server and to send an All-Points-Bulletin
(APB) to all group members.

Handheld Management This menu includes options you can use to

assign software configurations to all group
members and gather statistics on their
devices.

MDS Services This menu contains options to manage the

MDS Services for the group.

IT Admin This menu includes options for resending and

assigning IT policies to all group members. It
also includes options to resend the peer-to-
peer key and service books to all group
members.

60IPES41m7.fm
109
 RIM Education Services Managing administrative groups

Option or Menu Description

Service Access This menu includes options to generate and
send an activation password to all group
members, disable redirection, and enable/
disable MDS and the BlackBerry
Collaboration services.

Service Control and This menu includes options to manage

Customization Personal Information Management (PIM)
synchronization, purge messages pending for
the group, and gather statistics on the their
devices.

Group management tips

• You can select multiple groups from a User Group List by
holding down the SHIFT key while selecting. The options
you select or actions you perform are then done for all of
the selected groups.

60IPES41m7.fm
110
RIM Education Services Managing administrative groups

Adding groups to the BlackBerry

Enterprise Server
To add a group to the BlackBerry Enterprise Server, click Create
Group from a User Group List. You can then give the group a
name, configure the group properties, add users to the group, and
configure the user properties.

After you click Create Group, the Group Definition dialog box
opens where you can enter a group name and description.

Group management tips

• To change a group’s name or description, select the group
and click the Modify Group Definition option to open the
Group Definition dialog box.
• Use the Delete Group option to remove a group from the
BlackBerry Enterprise Server. All users must be moved or
deleted before you can delete the group.

60IPES41m7.fm
111
 RIM Education Services Managing administrative groups

Configuring group properties

After adding a group, you need to configure the group properties
to ensure the members’ accounts and devices are working the way
you want. A group’s set of configured properties is called the
group’s template.

You can configure a group and create its template in one of the
following ways:

• using the task menus

• copying the properties from an existing group
• using the Edit Group Template option

Configuring a new group through the task menus

One method for configuring a group is to select a group and use the
menu items listed in the task menus.

Configuring a new group by copying the properties to

another group
To configure a group by copying the properties from another
group, select the group whose template you want to use and click
Copy Properties to Another Group. A dialog box opens where you
will select the new group you are configuring.

60IPES41m7.fm
112
RIM Education Services Managing administrative groups

When you copy properties from another group, the properties of

both groups are merged as follows.

• The value of all properties in the From group are

identically set in the To group.
- If the properties in the From group are not already set
in the To group, they are set in the To group.
- If the properties in the To group are set differently
from the From group, they are reset so they match the
From group.
• Properties which have not been set in the From group, but
have been set in the To group are not changed. The To
group keeps the values of all non-intersecting properties.
• The values in the From group are not changed in any way.

Configuring a new group through the Edit Group

Template option
Did You Know You can also configure a new group by selecting the group and
You can also open the Group clicking the Edit Group Template option to open the Group
Properties dialog box by Properties dialog box.
double clicking on the group.

60IPES41m7.fm
113
 RIM Education Services Managing administrative groups

The Group Properties dialog box is divided into three main

sections: properties, configurable options, and an explanation of
the selected option.

The properties available here include the following.

Property Description
Redirection Use this property to configure how messages are
redirected from the messaging server to the device.
Filters Use this property to configure filters for the group.
Security Use this property to configure how encryption keys
are generated for the group.
IT Policy Use this property to assign an IT policy to the group.
PIM Sync Use this property to configure PIM synchronization
for the group.
MDS Access Control Use this property to configure MDS Access Control
for the group.

60IPES41m7.fm
114
RIM Education Services Managing administrative groups

Adding new users to a new group

Did You Know After configuring a new group, you need to add users to it. By
The users you add to a group selecting the new group and then clicking the Update Group
do not all need to be on the Membership option, the Users tab or All Users tab opens. You can
same BlackBerry Enterprise then select a user and click the Assign to Group option.
Server.

As soon as you add a user to a group, all of the group properties

are applied to the user.

Tips for adding users to groups

• You can select more than one user from the user list and
then click Assign to Group to add all of the users at the
same time.
• To delete a user from a group, select the user on the All
Users tab or the Users tab and click the Remove from
Group option. The group properties will no longer apply
to that user.

60IPES41m7.fm
115
 RIM Education Services Managing administrative groups

Viewing a list of group members

To view a list of all the users that are members of a group, select the
group in the Explorer view and click on the Users tab.

Adding groups to a user list

By selecting View > Choose Columns and opening the Column
Chooser dialog box, you can add the Group Name column to a user
list. Once you add the column, you can sort the users based on
groups. You will also be able to easily see which group each user
belongs to.

60IPES41m7.fm
116
RIM Education Services Managing administrative groups

Configuring the user properties for a new

group member
Each group member can also have properties configured for them
at a user level as described in the previous module.

If you configure specific properties for a user, when the BlackBerry

Enterprise Server applies the properties, the user properties take
precedence. For example, assume you add a new user to a group
which is configured to not save sent messages. If you then set the
user property to save sent messages on the messaging server, the
user property takes precedence and the sent messages will be
saved on the messaging server.

Note: If you add a user with existing user properties to a new group, the
group properties are automatically applied to them. As a result, the
previously configured user properties are reset to match the group
properties. To have the user properties set to a different value, you
must manually reconfigure them.

60IPES41m7.fm
117
 RIM Education Services Managing administrative groups

Lab - Creating and configuring groups

You have been given approval to implement administrative groups

for the following distinct departments:

• Executive
• Legal
• Sales
• Marketing
• Information Technology

Using the information outlined in this module and in the

procedures starting on page 125 in the Administering the BlackBerry
Enterprise Server version 4.1 - Reference Guide, create the necessary
groups and configure them as follows.

1. The Legal group consists of corporate lawyers. All the email

messages sent from their devices are confidential. Set the auto
signature for the Legal group to the following disclaimer:
This email is private and confidential. Please delete
it if you are not the intended recipient.
2. The executives also have confidential messages. Copy the
Legal group settings to the Executive group.
3. Using the following list of employees and departments, add
the employees into the appropriate groups.

Group Members
Executive Clyde Warren
Legal Katie Tiegs
Sales Patrick Moser
Marketing Scott McPherson
Information Technology Ming Li
Kate Turner
Mark Murtha

60IPES41m7.fm
118
RIM Education Services Managing administrative groups

Exercise 2: User properties versus group properties

While the group properties are very similar to the properties
defined for users, there are some differences. By opening the Group
Properties dialog box for one of the groups you have created and
the user properties dialog box for one of the users you created in
the previous module, identify how the properties are different.

60IPES41m7.fm
119
 RIM Education Services Managing administrative groups

Editing the configuration of existing

groups
While it is not recommended that you make a lot of changes to the
configuration of a group, you may sometimes need to change the
properties for an existing group or modify the group template.

You can change the properties for a group in one of the following
three ways:

• You can select a group and then use the menu items listed
in the task menus.
• You can copy the properties from an existing group onto
an existing group. When you do this, the properties in the
To group are changed so they match the intersecting
properties in the From group.
• You can use the Edit Group Template option to either
change the group’s template or change the group’s
properties.

Changing a group template

A group template consists of a set of commonly configured
properties. You may want to change this template, but not push the
change to existing members of the group. After you update the
group template, any new users added to the group have the
changed property applied to them. To update the group template,
in the Group Properties dialog box, change the property and click
OK or Apply.

Note: If you are just changing the template, do not click Reapply Template.

60IPES41m7.fm
120
RIM Education Services Managing administrative groups

Changing the properties set for a group

You may need to modify how a specific property has been
configured and then push the change to all group members. To do
this, select a group from the User Groups List tab and click Edit
Group Template. The Group Properties dialog box is displayed.
When you change an option, a check box is displayed beside it.
Select this check box and click Reapply Template.

When you click Reapply Template, the new property value is sent
to all the members of the group.

Note: If a group member has the property you changed configured at the
user level, the user property will be overwritten with the new group
property when the template is reapplied. You need to be careful when
reapplying the group template that you are not unintentionally
removing individual user configurations.

60IPES41m7.fm
121
 RIM Education Services Managing administrative groups

Discussion: Changing group properties

As a group, fill out the following table.

Users who receive the

Options Action
change
• Reconfiguring a 1.
group’s
properties.
2.

3.

4.

• Reconfiguring 1.
the group’s
template.
2.

3.

60IPES41m7.fm
122
RIM Education Services Managing administrative groups

Changing group membership

In addition to changing the properties defined for a group, you can
also change which users are part of a group. To do this, click
Update Group Membership. The All Users tab or the Users tab is
displayed where you can select users and then click Assign to
Group or Remove from Group. As soon as you add a user to the
group, the template of group properties is applied to them.

Group membership tips

• If you try to move a user from one group to another, the
user will be moved without warning. As soon as the user is
moved, the template of group properties is applied to
them.
• If the user you add to the group has individual user
properties configured for them and these properties have
been configured at the group level in the new group, the
user properties will be overwritten. To reset the user
properties, you need to reopen the User Properties dialog
box and reconfigure them.

60IPES41m7.fm
123
 RIM Education Services Managing administrative groups

Lab - Changing group properties

During a corporate restructuring, the Marketing and Sales teams

have merged. Using the information outlined in this module and
the procedures starting on page 122 in the Administering the
BlackBerry Enterprise Server version 4.1 - Reference Guide, do the
following.

1. Remove the Marketing administrative group. Describe what

happens.

2. Move Scott McPherson into the Sales group and remove the
Marketing Administrative group. Describe what happens.

3. Now that Scott McPherson is in the Sales group, describe how

you would push the Sales group’s properties to him.

4. During the reconfiguration of the groups, the Information

Technology team decides to implement a new corporate policy
to save all sent messages. Change the Sales group properties so
this policy is implemented for the new group.

60IPES41m7.fm
124
RIM Education Services Managing administrative groups

Troubleshooting administrative groups

Exercise 3: Issues with administrative groups
You have prepared a test on supporting administrative groups that
can be given to newly hired employees and are now filling out the
answer key. For each of the following scenarios, identify whether
the statement is true or false and explain why.

1. An existing user has various user properties configured for

them. The user is added into an existing group whose
properties have already been configured.

Statement True or False?

The group’s properties must
be pushed out to the user
by clicking Reapply
Template.
The properties configured
for the user are
automatically overwritten
by the group properties.
If you want to configure a
user’s properties after
adding them to a group,
you must go into the User
Properties dialog box and
reset them.

2. A new user is added to the BlackBerry Enterprise Server and

then added to an existing group that has various group
properties configured for it. You then go in and configure
various user properties for the user.

Statement True or False?

The properties configured
at a user level are
overwritten by the
properties configured at a
group level.
The group properties are
automatically pushed out
to the user when they are
added to the group.

60IPES41m7.fm
125
 RIM Education Services Managing administrative groups

3. You create a group and add users to it. After adding the users,
you go in and configure the group properties.

Statement True or False?

The group properties are
automatically pushed out
to all members of the
group.
The properties you
configure for the group will
only apply to users added
after you finish the
configuration.

4. You create a group, configure the group properties, and add

users to it. For some of the users, you then configure user
properties. Several months later, you adjust a group property
and reapply the group template.

Statement True or False?

When the template is
reapplied, the user
properties take precedence
over the group properties.
After reapplying the
template, you need to go in
and manually reconfigure
any unique user properties.

5. A user who has specific user properties configured for them is

removed from their group. They are then added to a different
group.

Statement True or False?

The unique user properties
are automatically
overwritten by the group
properties when the user is
added to the group.
For the properties to be
assigned to the user, you
must reapply the group
template.

60IPES41m7.fm
126
RIM Education Services Managing administrative groups

6. You modify an existing group’s properties, but do not reapply

the template. Instead, you just save the changes. Additional
users are subsequently added to the group.

Statement True or False?

The group properties are
pushed out to all members
of the group.
Users first added to the
group and users added to
the group after the change
have identical
configurations at the group
level.
Users added to the group
after the group properties
were changed
automatically receive the
updated template.

Troubleshooting tips
• User properties assigned at an individual user level take
precedence over properties assigned at the group level.
• Whenever a user is added to a group, the group properties
are pushed to that user. All user properties in common
with the group properties will be overwritten.
• Any change to a group property must be pushed to
existing users. New users added after the change
automatically get the updated value.
• A group cannot be deleted if it contains users. All users
must be moved or deleted before the group can be deleted.
• Users can only belong to one administrative group.
• Groups cannot belong to other groups.

60IPES41m7.fm
127
 RIM Education Services Managing administrative groups

Review questions

1. By using administrative groups, you can

a. improve efficiency, standardize configurations, and group
users according to function.
b. define different types of system administrators to better
distribute job responsibilities.
c. administer the BlackBerry Enterprise Server wirelessly.
d. eliminate the need to add users to the BlackBerry
Enterprise Server.

2. Describe the steps you would take to delete the Sales group.
1.

2.

3.

4.

3. The Do not saved messages option setting is changed for the

Information Technology group. Describe the steps you would
take to apply the group property template to all members.
1.

2.

3.

4.

60IPES41m7.fm
128
RIM Education Services Managing administrative groups

Module summary

Objective Summary
Introduce Each administrative group is a collection of related
administrative groups. users who generally share a set of commonly
configured properties.

See “About administrative groups” on page 104.

Manage You can access a list of the groups which exist on all
administrative groups. BlackBerry Enterprise Servers in one of the following
ways:
• Select BlackBerry Domain in the Explorer view
and click the User Groups List tab.
• Select Servers in the Explorer view and click the
User Groups List tab.
• Select the User Groups folder in the Explorer
view and click the User Groups List tab.

See “Managing groups” on page 107.

Add administrative To add a group, you need to click Create Group, give
groups. the group a name, configure group properties, add
users to the group, and configure user properties.

See “Adding groups to the BlackBerry Enterprise

Server” on page 111.
Configure group You can configure a group in one of the following
properties. ways:
• using the task menus
• copying the properties to an existing group
• using the Edit Group Template option

See “Configuring group properties” on page 112.

Add users to new By selecting a group and clicking the Update Group
groups. Membership option, you open a user list. You can
then select a user and click the Assign to Group
option.

See “Adding new users to a new group” on

page 115.

60IPES41m7.fm
129
 RIM Education Services Managing administrative groups

Objective Summary
View a list of the users To view a list of all the users that are members of a
who are part of a group, select the group in the Explorer view and click
group. on the Users tab.

See “Viewing a list of group members” on page 116.

Configuring user After adding a user to a group, you can configure the
properties for a group user properties for that user. User properties take
member. precedence over group properties.

See “Configuring the user properties for a new group

member” on page 117.
Edit existing groups. You can edit a group in one of the following ways:
• using the task menus
• copying the properties to an existing group
• using the Edit Group Template option

See “Editing the configuration of existing groups” on

page 120.
Change which users You can add users to and remove users from groups.
are part of groups. As soon as a user is added to a new group, the group
properties are pushed to them.

See “Changing group membership” on page 123.

Troubleshoot issues See “Troubleshooting administrative groups” on
with administrative page 125.
groups.

60IPES41m7.fm
130
Module 8: Managing data transfer
This module describes how to configure and manage how
information is transferred between the BlackBerry Enterprise
Server and the user’s device.

Objectives
• Describe and configure email prepopulation.
• Describe and configure wireless email reconciliation.
• Describe and configure wireless PIM synchronization.
• Describe wireless calendar synchronization.
• Describe and configure automatic wireless backup.
 RIM Education Services Managing data transfer

About email prepopulation

Did You Know If you remove a user and then add them back to the BlackBerry
Email prepopulation only Enterprise Server or if the user swaps PINs, previously received
occurs when a user is added to messages will not be sent to the device. To solve this problem, you
the BlackBerry Enterprise can configure email prepopulation at the server level. With email
Server or a PIN swap occurs. prepopulation enabled, the BlackBerry Enterprise Server
automatically sends previously received email messages to the
user’s device during activation.

Did You Know Configuring email prepopulation

If you do a security wipe and To configure email prepopulation, open the Server Properties
Enterprise Activation on a dialog box and select the Messaging property.
device, email prepopulation
does not occur.

The following prepopulation options exist.

Option Description
Send headers only Set this option to True to have only the message
headings sent to the device.
Prepopulation By Message Use this option to specify how many days worth of
Age messages the server will send to the device.

The maximum number of days you can enter is 7.

The default number of days is 5.
Prepopulation By Message Use this option to specify how many messages the
Count server will send to the device.

The maximum number of messages you can enter

is 350. The default number of messages is 200.

60IPES41m8.fm
132
RIM Education Services Managing data transfer

Discussion: Email prepopulation

Did You Know 1. Kate Turner is doing testing which involves repeated PIN
You may want to disable swaps of devices. To avoid receiving all of her email
email prepopulation if a user messages every time a PIN swap occurs, she requests
has already backed up their email prepopulation be deactivated. How would this be
previously received messages. done?

Tips for troubleshooting email prepopulation

• Verify the user is on a BlackBerry Enterprise Server.
• Verify the user is using software that is version 4.0 or
higher on both the BlackBerry Enterprise Server and the
device.
• Verify the wireless network is working by confirming the
user can send and receive PIN-to-PIN messages on their
device.
• Determine if more than one user is affected. If more than
one user is affected, the issue is likely with the BlackBerry
Enterprise Server. If only one user is affected, the issue is
likely with the user configuration.
• Determine if the user is part of a group. If they are part of a
group, review the group and user properties to verify the
properties are configured as expected.
• Verify the user (or the group to which the user belongs)
has email prepopulation enabled.

60IPES41m8.fm
133
 RIM Education Services Managing data transfer

Exercise 1: Troubleshooting email prepopulation issues

For each of the following scenarios, identify what could be causing
the problem and what you can check to confirm it is a problem.
Also discuss why the problem occurred.

1. Katie Tiegs calls and says her email messages have not
successfully prepopulated onto her device.
Problem:
a.
Verification:

Discussion:

b.
Verification:

Discussion:

60IPES41m8.fm
134
RIM Education Services Managing data transfer

2. Katie Tiegs calls and says she has duplicate messages on her
device.
Problem:

Verification:

Discussion:

3. Katie Tiegs calls and says she only has old messages on her
device. New messages are not prepopulating to the device.
Problem:

Verification:

60IPES41m8.fm
135
 RIM Education Services Managing data transfer

About wireless email reconciliation

With wireless email reconciliation, the BlackBerry Enterprise
Server automatically reconciles or updates message status between
the messaging server and the user’s device. Email reconciliation is
triggered after 3 to 5 minutes of inactivity on the device, or, if the
device is active, it triggers every 20 minutes or after 100 changes.
The functions of email reconciliation include marking messages as
read or unread and moving or deleting messages.

Did You Know With wireless email reconciliation, the characteristics of the data
Messages that are filed to are updated, but not the data itself. As a result, no actual data
personal folders can be moves between the messaging server and the user’s device. For
reconciled with the device example, if a user moves an email message from one folder to
connected to the user’s another on their computer, during an email reconciliation, the
computer and using the metadata associated with the email message is updated to reflect
BlackBerry Desktop Manager. that it now belongs in a different folder. The message is not,
however, physically moved to that folder.

60IPES41m8.fm
136
RIM Education Services Managing data transfer

Configuring wireless email reconciliation

To configure wireless email reconciliation at the server level, open
the Server Properties dialog box and select the Messaging property.

Did You Know The following wireless email reconciliation options exist.
With the new version of the
BlackBerry Enterprise Server Option Description
software, permanently deleted
email messages are now Wireless Message Set this option to True to enable wireless
reconciled. Reconciliation Enabled email reconciliation.
Hard Deletes Reconciliation Set this option to True to reconcile messages
the user has permanently deleted from their
mailbox on the messaging server.

Hard deletes reconciliation is disabled by

default.

For more information on hard deletes, see

“Hard delete reconciliation support for
Microsoft Exchange” on page 146 in the
Administering the BlackBerry Enterprise
Server version 4.1 - Reference Guide.

60IPES41m8.fm
137
 RIM Education Services Managing data transfer

Reconciliation of hard deleted messages for Microsoft

Exchange
On the Microsoft Exchange platform, a hard delete occurs when a
user uses the Shift-Delete functionality in their mail client to delete
an item. In this case, the BlackBerry Enterprise Server does not
know what happened to the item and will not delete it on the
device. The same condition occurs when an item is deleted from
the Deleted Items folder before the BlackBerry Enterprise Server
has detected its removal from the Inbox.

To support hard delete reconciliation, a Message State Database is

stored in memory. This database will be enabled by default even if
the Hard Deletes Reconciliation option is set to False. In the Server
Properties dialog box, under the Messaging property, you can set
the number of messages monitored per user by setting the Message
State Database Size option.

Note: The Message State Database Size option refer to a number of messages
and not an actual size in terms of bytes.

60IPES41m8.fm
138
RIM Education Services Managing data transfer

Tips for troubleshooting email reconciliation

• Verify the user is on a BlackBerry Enterprise Server.
• Verify the user is using software that is version 4.0 or
higher on the BlackBerry Enterprise Server and on the
device.
• Verify the wireless network is working by confirming the
user can send and receive email messages on their device.
• Determine if the user is part of a group. If they are part of a
group, review their group and user properties to verify the
properties are configured as expected.
• Verify the user (or the group to which the user belongs)
has email reconciliation enabled.
• For the IBM Lotus Domino platform, the read/unread
functionality only works if the user’s mail file templates
and messaging server are version 6.0 or higher.

60IPES41m8.fm
139
 RIM Education Services Managing data transfer

Exercise 2: Troubleshooting email reconciliation issues

For each of the following scenarios, identify what could be causing
the problem and what you can check to confirm it is a problem.
Also discuss why the problem occurred.

1. A user calls in and says the email messages on their device are
not the same messages as on their computer. Identify three
reasons why this may be happening.
1.

2.

3.

2. Why is it important to determine if other users on the same

server can reconcile their email messages successfully?

3. Why is it important to verify a user can communicate via PIN-

to-PIN messaging?

60IPES41m8.fm
140
RIM Education Services Managing data transfer

About wireless PIM synchronization

Remember Wireless PIM synchronization is the full two-way wireless
Wireless PIM synchronization synchronization of the address book, memo, and tasks
does not include the applications. With wireless PIM synchronization, users do not need
synchronization of the to connect their device to their computer to synchronize the data on
calendar. Wireless calendar their device with the data on their computer.
synchronization is performed
using the Messaging Agent With synchronization, actual data is moved between the messaging
and not the BlackBerry server and the device so the information on both is identical. For
Synchronization Service. example, when a user deletes an entry from their address book on
their computer, the entry is removed from the device during the
next synchronization.

There are three ways to control wireless PIM synchronization.

• The administrator can control it using the PIM Sync

property on the BlackBerry Enterprise Server.
- PIM synchronization is enabled on the BlackBerry
Enterprise Server by default.
- Administrators can enable and disable PIM
synchronization at a user, group, and domain level.
• The administrator can control whether or not this
functionality is available at the individual component level
(address book, memo, and tasks) by creating an IT policy
with certain wireless PIM synchronization functionality
enabled or disabled. This policy can be sent out to certain
users or groups.
• The user can control it on their device.

60IPES41m8.fm
141
 RIM Education Services Managing data transfer

Wireless PIM synchronization data flow

With wireless PIM synchronizations, there are two types of data
flow.

Initial wireless PIM synchronization data flow

The PIM synchronization system controls how data is initially
synchronized between the messaging server and the device. As
your instructor discusses the data flow, add the appropriate lines
and numbers to the diagram.

Did You Know The initial PIM synchronization occurs as follows:

While the initial
synchronization may be 1. User receives synchronization service book.
resource-intensive for users - A user activates a new BlackBerry device or upgrades
with a large number of an existing BlackBerry device and receives the
contacts, calendar items, etc., synchronization service book.
follow-on synchronization will
be much less so. 2. BlackBerry device requests configuration.
- The BlackBerry device requests the synchronization
configuration from the BlackBerry Synchronization
Service. The configuration information is designed to
include whether wireless PIM synchronization is
enabled on the BlackBerry Enterprise Server, which

60IPES41m8.fm
142
RIM Education Services Managing data transfer

databases can be synchronized, their synchronization

type, and their conflict resolution settings.
Note: All data sent between the BlackBerry device and the
BlackBerry Enterprise Server is designed to be compressed
and encrypted.
3. Initial synchronization.
Did You Know - The BlackBerry Synchronization service returns the
Once a database is registered configuration information and the databases are
for wireless synchronization, it synchronized based on the information. A
can no longer be synchronized synchronization agent on the BlackBerry device
or restored through the tracks which databases can be synchronized
desktop software. wirelessly. If there is existing data on the BlackBerry
device and the messaging server, the records are
merged, added, or updated during synchronization.
If there is data on only the BlackBerry device or the
messaging server, the data is sent from that location.
Note: No records are deleted during the synchronization process.
4. Messaging server updated.
- If an update needs to be made on the messaging
server, the Messaging Agent forwards that change.
5. Initial synchronization complete.
- Initial synchronization is complete when the data on
the BlackBerry device and the messaging server are
synchronized. Future changes on the BlackBerry
device or the messaging server are synchronized
wirelessly through the PIM synchronization process.
If the BlackBerry device user modifies data on the
BlackBerry device or desktop PIM application during
initial synchronization, the records are synchronized
through the PIM synchronization process after the
initial load is complete.
Note: If the BlackBerry device is connected to a workstation that
has the BlackBerry Handheld Manager installed and running
(either stand-alone or as part of the optional BlackBerry
Desktop Manager), the initial synchronization can take place
through the connection to the BlackBerry Router on the
BlackBerry Enterprise Server rather than over the wireless
network.

60IPES41m8.fm
143
 RIM Education Services Managing data transfer

Incremental wireless PIM synchronization data flow

The wireless PIM synchronization system controls how data is
incrementally symchronized between the messaging server and the
device. As your instructor discusses the data flow, add the
appropriate lines and numbers to the diagram.

The incremental wireless PIM synchronization occurs as follows:

1. User changes data.

- The user saves changes to PIM data or BlackBerry
device settings (for example, a new autotext entry) on
the BlackBerry device or desktop PIM application,
and the change is added to the changelist on the
BlackBerry device or the BlackBerry Enterprise Server
(depending on where the change was made).
2. Changelist sent.
- The changelist, which includes the target PIM
application database and record information, is sent
to the BlackBerry Synchronization Service. Changes
to PIM data are sent immediately (along with other
entries in the changelist for that user). Changes that
are not triggered immediately are sent at the batch
synchronization interval set on the BlackBerry
Enterprise Server. The default interval is every ten
minutes.

60IPES41m8.fm
144
RIM Education Services Managing data transfer

Note: Only a single BlackBerry Enterprise Server or BlackBerry

device changelist per user can be sent wirelessly at one time.
This feature is designed to prevent change collisions.
3. Database entry.
- The BlackBerry Synchronization Service receives the
synchronization request and writes a synchronization
request entry in the SyncRequest table.
4. Sends synchronization data.
- The BlackBerry Synchronization Service sends the
changed records though the BlackBerry Dispatcher to
the device.
5. Messaging server updated.
- If an update needs to be made on the messaging
server, the Messaging Agent forwards that change.
6. Acknowledgement.
- The BlackBerry device acknowledges each record it
receives successfully. For each acknowledged record,
the BlackBerry Synchronization Service removes the
corresponding synchronization request entry from
the SyncRequest table and writes an entry in the
SyncRecordState table. Each PIM database record has
a unique identifier that is mapped to the
corresponding record on the BlackBerry device.
Subsequent changes to a record can be associated
with the corresponding record on the other side.

Configuring wireless PIM synchronization

Did You Know You can configure wireless PIM synchronization at three levels.
If you configure wireless PIM
synchronization at both a Level Access
domain and group or user
level, the domain settings do User You can configure it for an individual user by
not override the group and selecting the user, opening the User Properties
user settings. dialog box, and selecting the PIM Sync property.
Group You can configure it for a group by selecting the
group, opening the Group Properties dialog box, and
selecting the PIM Sync property.
Domain You can configure it for all users by configuring it at
the domain level. To do this, select BlackBerry
Domain from the Explorer view, select the Global
tab, click Edit Properties, and select the Global PIM
Sync property.

60IPES41m8.fm
145
 RIM Education Services Managing data transfer

Within the PIM Sync or Global PIM Sync property, you can enable
or disable wireless PIM synchronization for the address book,
memo, and tasks. You can also configure it for the following:

• Message filters, which synchronizes the personal and

global filters applied to the user.
• Message settings, which synchronizes the folder
redirection settings configured for the user.

For each of these PIM components, you can set the following
options.

Option Description
Synchronization Set this option to True to enable wireless synchronization for the
enabled associated PIM component.
Enabled on Handheld This option displays how PIM synchronization has been set on the
device.

60IPES41m8.fm
146
RIM Education Services Managing data transfer

Option Description
Synchronization type Use this option to configure the direction of the synchronization.
You can set it to one of the following synchronization types:
• Server to Handheld, which synchronizes the data on the
server with the data on the device.
• Handheld to Server, which synchronizes the data on the
device with the data on the server.
• Bidirectional, which compares data on both the device and
the server and synchronizes them.
Note: Server to Handheld and Handheld to Server
synchronization is not available for the message settings or
message filters.
Conflict resolution Use this option to configure what happens if there is a conflict
between the data on the server and the data on the device. You
can set this option to one of the following options:
• Server Wins, which means the server information will
overrule the device information when a conflict occurs.
• Handheld Wins, which means the device information will
overrule the server information when a conflict occurs.

IBM Lotus Domino

On the IBM Lotus Domino platform, the user’s PIM information
can be synchronized in one of the following ways:

• By enabling the user’s roaming profile, provided the user

is running IBM Lotus Domino version 6.0 or later.
• By using the iNotes Template.
• By creating a replica of each user’s Personal Address Book
on a Domino Server that is accessible by the BlackBerry
Enterprise Server using Notes Remote Procedure Call
(NRPC).

In addition, the fields on which the wireless PIM synchronization

can be performed are different for the IBM Lotus Domino platform.

Novell GroupWise
With Novell GroupWise, users do not have just one address book.
As a result, you need to configure which address book is
synchronized wirelessly.

60IPES41m8.fm
147
 RIM Education Services Managing data transfer

Address lookup
Address lookup uses PIM Sync field mapping to determine which
fields are displayed in the lookup results. During wireless PIM
synchronization, the BlackBerry Enterprise Server by default maps
certain fields on the messaging server to fields on the user’s device.
You can change these mappings at the user, group, or domain
level.

Did You Know • To configure the field mappings for users or groups, select
If you set the field mappings a user or a group and click Edit PIM Sync Field Mapping
at the domain level, they do from the Service Control & Customization task menu.
not override the field • To configure the field mappings at a domain level, select
mappings set at a user or the Global tab and click Edit PIM Sync Global Field
group level. Mapping from the Service Control & Customization task
menu.

Once you choose an option, the PIM Sync Field Mapping dialog
opens. You can use this dialog to adjust how fields on the server
map to fields on the device.

60IPES41m8.fm
148
RIM Education Services Managing data transfer

Discussion: Why would you want to change the wireless

PIM synchronization field mappings?

Tips for troubleshooting wireless PIM synchronization

• Verify the user is on a BlackBerry Enterprise Server.
• Verify the user is using software that is version 4.0 or
higher on the BlackBerry Enterprise Server and on the
device.
• Verify the wireless network is working by confirming the
user can send and receive email messages on their device.
• Determine if the user is part of a group. If they are part of a
group, review the group and user properties to verify the
properties are configured as expected.
• Verify the user (or the group to which the user belongs)
has wireless PIM synchronization enabled.
• Verify an IT policy is not disabling the wireless PIM
synchronization for the user.
• Verify the BlackBerry Synchronization Service is running.
• Verify the user is not trying to synchronize data on their
device with a personal (.pst) folder in Microsoft Exchange.
• Determine if more than one user is affected. If more than
one user is affected, the issue is likely with the BlackBerry
Enterprise Server. If only one user is affected, the issue is
likely with the user configuration.

60IPES41m8.fm
149
 RIM Education Services Managing data transfer

Exercise 3: Troubleshooting wireless PIM synchronization

Scenario A:
Katie Tiegs calls in to say that when she created a new contact on
her device, it did not show up in her address book in her mailbox.
Identify what you should check and do to resolve this problem.

1.

2.

3.

4.

5.

60IPES41m8.fm
150
RIM Education Services Managing data transfer

Scenario B:
When Katie Tiegs connected her device to her computer and tried
to synchronize her PIM data using Intellisync, she received the
following warning:

Explain what the problem is and how to resolve it.

60IPES41m8.fm
151
 RIM Education Services Managing data transfer

About wireless calendar synchronization

In addition to wireless PIM synchronization, the BlackBerry
Enterprise Server also wirelessly synchronizes the calendar on the
device with the calendar on the messaging server.

Wireless calendar synchronization is enabled by default. There are

two ways to control wireless PIM synchronization.

• The administrator can disable wireless PIM

synchronization by creating an IT policy. This policy can
be sent out to certain users or groups.
• The user can control it on their device.

Wireless calendar synchronization data flow

The PIM synchronization system controls how calendar data is
synchronized between the messaging server and the device. As
your instructor discusses the data flow, add the appropriate lines
and numbers to the diagram.

Data flow to a device

1. A calendar event is created or updated on the messaging

server.
- Microsoft Exchange: The Microsoft Exchange router
delivers the new event to the user's Microsoft

60IPES41m8.fm
152
RIM Education Services Managing data transfer

Exchange mailbox. Microsoft Exchange notifies the

BlackBerry Messaging Agent that a new message has
arrived.
- IBM Lotus Domino: The Lotus Notes router delivers
the new event to the user's Lotus Notes mailbox. The
BlackBerry Messaging Agent polls the user's mailbox
and detects the new event. The default polling
interval is 20 seconds.
- Novell GroupWise: The Novell GroupWise router
delivers the new event to the user's mailbox. The
GroupWise Connector finds the new event during its
next scheduled poll of the user’s mailbox and updates
the Configuration database. When the BlackBerry
Messaging Agent sees the entry in the database, it
retrieves the new event from the GroupWise
messaging server. The default polling interval is 20
seconds.
2. Document reference information is recorded.
- Microsoft Exchange: The BlackBerry Messaging
Agent writes the RefID to the document in Exchange.
- IBM Lotus Domino: The BlackBerry Messaging
Agent creates an entry in the user's State database.
The entry is used to track delivery state and associate
the Unid (applied to the message in Lotus Notes) with
a randomly generated RefId and tag. The BlackBerry
Messaging Agent appends calendar information to
the message.
- Novell GroupWise: The GroupWise Connector
updates the Configuration database with the
GroupWise ID and the Ref ID for the message. When
the BlackBerry Messaging Agent detects the update in
the database, it goes to the GroupWise server and
retrieves the information.
3. The new event is sent to the BlackBerry Dispatcher.
- The BlackBerry Messaging Agent sends the new event
to the BlackBerry Dispatcher.
4. The new event is compressed and encrypted.
- The BlackBerry Dispatcher compresses and encrypts
the first portion of the new event with the user's
encryption key and passes it to the BlackBerry Router
for delivery to the device.
- IBM Lotus Domino: The user’s State database shows
the new event status, which is also written to the
Lotus console and Notes log.

60IPES41m8.fm
153
 RIM Education Services Managing data transfer

5. The new event is sent to the wireless network.

- The BlackBerry Router sends the first portion of the
new event through port 3101 to the BlackBerry
Infrastructure. The BlackBerry Infrastructure then
passes it to the wireless network, which verifies the
PIN belongs to a valid device registered on the
wireless network.
6. A delivery confirmation is returned.
- The wireless network locates the user's device and
delivers the new event. The device sends a delivery
confirmation to the BlackBerry Dispatcher, which
passes it to the BlackBerry Messaging Agent. If the
BlackBerry Enterprise Server does not receive
confirmation within four hours, it resubmits the new
event to the wireless network.
- IBM Lotus Domino: The BlackBerry Messaging
Agent writes the new event’s delivery state to the
user’s State database.
7. The new calendar appointment is written to the calendar
application on the device.

Data flow from a device

60IPES41m8.fm
154
RIM Education Services Managing data transfer

1. The user creates or updates an appointment on their

device.
- The user sends the appointment from the device. The
device looks up the CMIME service book for the
appropriate routing information.
- On the device, the appointment is assigned a RefId.
2. The event is compressed and encrypted.
- The device compresses and encrypts the event using
AES or Triple DES encryption.
3. The event is sent to the BlackBerry Enterprise Server
- The event is sent over the wireless network to the
BlackBerry Infrastructure, which passes the data via
the SRP connection. It then travels through port 3101
to the BlackBerry Enterprise Server.
4. The event is decrypted and decompressed.
- The BlackBerry Dispatcher uses the encryption key to
decrypt and decompress the event. If the event cannot
be decrypted using the user's unique encryption key,
the BlackBerry Enterprise Server ignores the event
and sends an error to the user’s device.
5. On the Lotus Domino platform, an entry is written to the
State database.
- If the event is a new event, the BlackBerry Messaging
Agent creates an entry in the user’s State database. If
the event is an updated event, the BlackBerry
Messaging Agent performs a lookup using the State
database entry to correlate the incoming event to the
original event in the user's mail file.
6. The event is delivered to the user’s mailbox.
- Microsoft Exchange: The BlackBerry Messaging
Agent places the event in the user’s Microsoft
Exchange mailbox.
- IBM Lotus Domino platform: The BlackBerry
Messaging Agent places the event in the user's Notes
mail.box.
- Novell GroupWise: The BlackBerry Messaging Agent
places the event in the user's Novell GroupWise
mailbox.

60IPES41m8.fm
155
 RIM Education Services Managing data transfer

7. The event is copied into the Sent folder.

- The BlackBerry Messaging Agent places a copy of the
event in the user’s Sent Items folder. This step does
not take place if the Don't save a copy to the Sent
Items folder option is enabled in the user’s settings
and that setting is allowed on the BlackBerry
Enterprise Server.
8. The event is routed to the recipients.
- The messaging server router sends the event to the
recipients.

Tips for troubleshooting wireless calendar

synchronization
• Verify the user is on a BlackBerry Enterprise Server.
• Verify the user is using software that is version 4.0 or
higher on the BlackBerry Enterprise Server and on the
device.
• Verify the wireless network is working by confirming the
user can send and receive PIN-to-PIN messages on their
device.
• Determine if more than one user is affected. If more than
one user is affected, the issue is likely with the BlackBerry
Enterprise Server. If only one user is affected, the issue is
likely with the user configuration
• Determine if the user is part of a group. If they are part of a
group, review the group and user properties to verify the
properties are configured as expected.
• Verify an IT policy is not disabling the wireless PIM
synchronization for the user.

60IPES41m8.fm
156
RIM Education Services Managing data transfer

Exercise 4: Troubleshooting wireless calendar

synchronization issues
You are training a new customer support hire on potential issues
that may arise. You have given him a list of questions he could ask
a user who calls in and says their calendar is not synchronizing
correctly.

For each question, identify for the new hire any actions he should
take to retrieve the information needed and add a description of
why he would ask a particular question (that is, what information
he would retrieve with a certain question).

Question Action Discussion

1. Is the user using a Verify the desktop mail client is not using For wireless calendar synchronizaton
local copy of the a local copy of the calendar. to work the BlackBerry Enterprise
calendar? Server must be able to scan your
calendar for updates. If you are using
a local copy of the calendar, the
BlackBerry Enterprise Server will not
be able to scan it.
2. Is Outlook
running on the
BlackBerry
Enterprise Server?

(Exchange only)
3. Is wireless
calendar
synchronization
configured
correctly?

60IPES41m8.fm
157
 RIM Education Services Managing data transfer

Question Action Discussion

4. Is the correct
version of CDO.dll
installed on the
BlackBerry
Enterprise Server?

(Exchange only)
5. Does the
BlackBerry
Enterprise Server
Service Account
have the correct
Exchange
permissions?

(Exchange only)

60IPES41m8.fm
158
RIM Education Services Managing data transfer

Question Action Discussion

6. Can you resolve • •
the MAPI profile
from the
BlackBerry
Enterprise Server
to the Microsoft
Exchange server
the user’s mailbox
is on?

(Exchange only)

60IPES41m8.fm
159
 RIM Education Services Managing data transfer

About automatic wireless backup

Did You Know You can also configure automatic wireless backup on the
Once wireless backup is BlackBerry Enterprise Server at the user or group level. The backup
enabled on the BlackBerry file is stored on the device and sent to the BlackBerry Enterprise
Enterprise Server, data can no Server every 10 minutes where it is stored in the Configuration
longer be backed up with the database. Each user can store up to 1 Mb of data. The BlackBerry
device connected. Enterprise Server restores this data to the device whenever an
Enterprise Activation occurs for the device.

As a result, administrators can wirelessly restore settings and data

at any time, even if the user did not back up their device manually.

Did You Know Review the following table to determine what information is
Administrators have the backed up wirelessly.
ability to audit SMS, PIN, and
call traffic. The audit Backed up
Data
information will be stored in wirelessly?
.csv format. Logging can be
Icon positions Yes
controlled for each of these
items using IT policies. The Font settings Yes
relevant policy group is the
Browser bookmarks Yes
PIM Sync Policy Group.
Personal dictionaries Yes
Note: Personal dictionaries are only available for some device
models.
Saved messages Yes
Messages received on the BlackBerry device before the No
specified prepopulation date
Messages located in folders not set for redirection No
Messages not sent to the device because filters prevented the No
redirection
Ring tones No
Images No
Service books No
Group addresses No
Note: Group addresses created on the device are stored
locally on the device.
MMS messages No
Note: Messages sent by MMS are stored locally on the
BlackBerry device.

60IPES41m8.fm
160
RIM Education Services Managing data transfer

Backed up
Data
wirelessly?
SMS messages No
Note: Messages sent by SMS are stored locally on the
BlackBerry device.
PIN messages No
Note: PIN messages are stored locally on the BlackBerry
device.
RMS databases No
Note: Third-party applications created in J2ME™ are not
backed up.
Wirelessly downloaded third-party applications No

Automatic wireless backup data flow

The Backup system controls how data is backed up to and from the
device. As your instructor discusses the data flow, add the
appropriate lines and numbers to the diagram.

1. The user makes a change on their device.

2. The device queues the change packet for transmission.

60IPES41m8.fm
161
 RIM Education Services Managing data transfer

3. The packet is compressed and encrypted.

- The device compresses and encrypts the packet using
AES or Triple DES encryption.
4. The packet is sent to the BlackBerry Enterprise Server.
- The packet is sent over the wireless network to the
BlackBerry Infrastructure, which passes the data via
the SRP connection. It then travels through port 3101
to the BlackBerry Router and then to the BlackBerry
Dispatcher.
5. The packet is decrypted and decompressed.
- The BlackBerry Dispatcher uses the encryption key
from the Configuration database to decrypt and
decompress the packet. If the packet cannot be
decrypted using the user's unique encryption key, the
BlackBerry Enterprise Server ignores the packet and
sends an error to the user’s device.
6. The packet is sent to the BlackBerry Synchronization
service.
- The BlackBerry Dispatcher recognizes the packet as a
request for an update to a backup. It then passes the
packet to the BlackBerry Synchronization service.
7. The BlackBerry Synchronization service updates the
user’s backup in the Configuration database.

60IPES41m8.fm
162
RIM Education Services Managing data transfer

Configuring automatic wireless backup

This functionality is enabled by default. To view or configure the
options, open the User or Group Properties dialog box and select
the PIM Sync property.

Tips for troubleshooting automatic wireless backup

• Verify the user is on a BlackBerry Enterprise Server.
• Verify the user is using software that is version 4.0 or
higher on the BlackBerry Enterprise Server and on the
device.
• Verify the wireless network is working by confirming the
user can send and receive PIN-to-PIN messages on their
device.
• Determine if more than one user is affected. If more than
one user is affected, the issue is likely with the BlackBerry
Enterprise Server. If only one user is affected, the issue is
likely with the user configuration
• Determine if the user is part of a group. If they are part of a
group, review the group and user properties to verify the
properties are configured as expected.
• Use the Clear PIM Sync Backup Data option from the
Service Control & Customization task menu to delete an
automatic backup for a user.

60IPES41m8.fm
163
 RIM Education Services Managing data transfer

Discussion: Automatic wireless backup troubleshooting

1. Katie Tiegs switches to a new device and, following an
Enterprise Activation, is missing her old PIN messages.
Why?

2. Katie Tiegs calls in and says she is trying to do a restore of

her browser bookmarks using the advanced options of the
BlackBerry Desktop Manager, but the option is grayed out.
Why?

60IPES41m8.fm
164
RIM Education Services Managing data transfer

Lab - Configuring data transfer options

Company X has completed a draft of their corporate BlackBerry

Enterprise Server guidelines and requires changes to the server
configuration.

Using the information in this module and the procedures starting

on page 140 in the Administering the BlackBerry Enterprise Server
version 4.1 - Reference Guide, configure your BlackBerry Enterprise
Server so the following is true:

1. Email prepopulation is set to prepopulate 250 messages.

2. Email reconciliation is configured to reconcile messages that
have been hard deleted.
3. During a survey of user habits, it was determined that the
Information Technology team does not use the task or memo
applications. As a result, they do not need these applications
on their devices. Configure the Information Technology group
so wireless synchronization of those two applications is
disabled.
4. The Sales department also does not use the task or memo
applications. Copy the Information Technology group settings
to the Sales group.
5. As a requirement of Kate Turner's job, she must have her tasks
synchronized wirelessly from the server. Change Kate Turner's
wireless synchronization settings to match this requirement.
6. Because Patrick Moser is rarely at his desk, he needs wireless
PIM synchronization configured so that if there is a conflict,
the device wins. Change his wireless synchronization settings
to meet this requirement.

60IPES41m8.fm
165
 RIM Education Services Managing data transfer

Review questions

1. Describe the difference between the following two terms.

Term Definition
Email reconciliation

Wireless PIM
synchronization

2. True or False? Wireless PIM synchronization synchronizes the

address book, tasks, memo, and calendar applications.

3. Identify three ways of controlling wireless PIM

synchronization.

60IPES41m8.fm
166
RIM Education Services Managing data transfer

Module summary

Objective Summary
Describe and With email prepopulation enabled, the BlackBerry
configure email Enterprise Server automatically prepopulates
prepopulation. previously received email messages from the
messaging server onto the user’s device when the
device is activated.

See “About email prepopulation” on page 132.

Describe and With wireless email reconciliation, the BlackBerry
configure wireless Enterprise Server automatically reconciles or updates
email reconciliation. message status between the messaging server and
the user’s device. The functions of email
reconciliation include marking messages as read or
unread, moving or deleting messages, and filing
messages to personal folders.

See “About wireless email reconciliation” on

page 136.
Describe and Wireless PIM synchronization is the full two-way
configure wireless wireless synchronization of the address book, memo,
PIM synchronization. and tasks applications. With wireless PIM
synchronization, users do not need to connect their
device to their computer to synchronize the data on
their device with the data on their computer.

See “About wireless PIM synchronization” on

page 141.
Describe wireless The BlackBerry Enterprise Server also wirelessly
calendar synchronizes the calendar on the device with the
synchronization. calendar on the messaging server.

See “About wireless calendar synchronization” on

page 152.
Describe and During automatic wireless backup, any settings and
configure automatic preferences on the device not already stored in the
wireless backup. mail system are backed up to the server, including
icon positions, font settings, and browser bookmarks.

See “About automatic wireless backup” on

page 160.

60IPES41m8.fm
167
 RIM Education Services Managing data transfer

60IPES41m8.fm
168
Module 9: Managing filters
This module describes how filters are used and configured within
the BlackBerry Enterprise Server at the user, group, and global
levels.

Objectives
• Distinguish between user, group, and global filters.
• Describe how to create a new filter.
• Explain filter conditions.
• Explain filter actions.
• Configure the default action if no filters apply.
• Explain the importance of filter order.
• Describe how to manage filters.
 RIM Education Services Managing filters

About filters
Filters help users manage the number and types of email messages
they receive on their devices. When an email message arrives on
the messaging server, the BlackBerry Enterprise Server compares it
to the conditions defined in the filters to determine if and how the
message should be forwarded to the user’s device. You can use
filters to block messages from being forwarded to a device or alter
the way in which messages are forwarded.

Did You Know Within the BlackBerry Enterprise Server, the following three levels
Global filters take precedence of filters exist.
over any filter rules defined
through the User or Group Filter type Description Access
Properties dialog box.
User User filters are filter rules set at Select a user and click Edit
an individual user level. These Properties. Choose the Filters
filters apply to the messages property.
being sent to the user for which
they are configured.
Group Group filters are filter rules set at Select a group and click Edit
a group level. These filters apply Group Template Properties.
to the messages being sent to all Choose the Filters property.
members of the group for which
they are configured.
Global Global filters are filters set at a Select a server and click Edit
server level. These filters apply to Properties. Choose the
the messages being sent to all Global Filters property.
users on the server for which they
are configured.

60IPES41m9.fm
170
RIM Education Services Managing filters

Discussion: Reasons for using filters

1. Why would you want to create a filter to block messages?
-
-
-
2. Why would you want to create a filter that changes how a
message is forwarded to the user’s device?
-
-
-

60IPES41m9.fm
171
 RIM Education Services Managing filters

Creating a new filter

To begin filtering messages, you must first create a filter at either
the user, group, or global level. Once you create the filter, you need
to configure the filter conditions and actions and then enable it. To
ensure the filters are redirecting messages as expected, you should
then verify they are in the correct order. The process for creating a
filter is defined below.

Adding a filter
Filters are added in the Filter Rule dialog box by entering a name
for your new filter. You can access this dialog box in one of three
ways.

Level Access
User 1. From the User Properties dialog box, select the
Filters property and double click on the Filter
Rules field. The Filter Rules dialog box opens.
2. Click New to open the Filter Rule dialog box.
Group 3. From the Group Properties dialog box, select the
Filters property and double click on the Filter
Rules field. The Filter Rules dialog box opens.
4. Click New to open the Filter Rule dialog box.

60IPES41m9.fm
172
RIM Education Services Managing filters

Level Access
Global 5. From the Global Properties dialog box, select the
Global Filters property and double click on the
Global Filter Definition field. The Global Filter
Definition dialog box opens.
6. Click New to open the Filter Rule dialog box.

The Filter Rule dialog box contains options to define a filter name,
enable a filter, and configure filter conditions and actions. To finish
adding your new filter, enter a name in the Filter Name field.

60IPES41m9.fm
173
 RIM Education Services Managing filters

Filter conditions
Did You Know After you create the filter, you must define the filter conditions and
If you configure multiple possible actions. The conditions define message characteristics to
conditions for one filter, all of determine if the filter should be applied to the incoming messages.
those conditions must be true The Filter Rule dialog box contains the following options to define
for the message to be filtered. the conditions.

Condition Description
From Enter an email address in this field. The
BlackBerry Enterprise Server filters messages
with this email address in the From field.
Note: Add a “*@” before the address if
using wild cards.
Sent To Enter an email address in this field. The
BlackBerry Enterprise Server filters messages
with this email address in the Sent To field.
Note: Add a “*@” before the address if
using wild cards.
Subject Enter text in this field. The BlackBerry
Enterprise Server filters messages with this
text in the Subject field.
Body Enter text in this field. The BlackBerry
Enterprise Server filters messages with this
text in the Body of the message.

60IPES41m9.fm
174
RIM Education Services Managing filters

Condition Description
Recipient Types Double click on this field. The Recipient
Types dialog box opens where you can select
one of the following recipient types:
• Sent Directly, which filters messages
sent directly to the users.
• Cc, which filters messages on which
the users were carbon copied.
• Bcc, which filters messages on which
the users were blind carbon copied.

Importance When you select an importance from the

drop down list box, the BlackBerry
Enterprise Server filters messages tagged
with that importance. You can select one of
the following:
• None
• Low
• Normal
• High
Sensitivity When you select a sensitivity from the drop
down list box, the BlackBerry Enterprise
Server filters messages tagged with that
sensitivity. You can select one of the
following:
• None
• Normal
• Personal
• Private
• Confidential

60IPES41m9.fm
175
 RIM Education Services Managing filters

Filter actions
Remember After defining the conditions which determine if a message is
A Level 1 notification results filtered, you need to define the action that is then performed on any
in the message being treated messages that are filtered. The actions you can select include the
differently (for example, following.
displaying it in bold text) so
the user can find it more easily Option Description
in the message list. It does not
have anything to do with the Action Set this option to Forward if you want the
high importance or priority BlackBerry Enterprise Server to forward
statuses in the user’s email any messages matching the filter
system. conditions.

If you set it to Hold, any messages

matching the filter conditions will not be
forwarded to the device.
Forwarding options Double click on this field. The Forwarding
Options dialog box opens, where you can
select one of the following:
• Header Only, which forwards the
header of any messages matching
the filter conditions to the user’s
device.
• Level1 Notification, which forwards
any messages matching the filter
conditions to the user’s device with
a Level 1 notification.

60IPES41m9.fm
176
RIM Education Services Managing filters

Enabling a filter
To enable a filter whose conditions and actions you have
configured, set the Enabled field in the Filter Rule dialog box to
True.

60IPES41m9.fm
177
 RIM Education Services Managing filters

Lab - Creating filters

Your company has decided to implement filters to ensure

important corporate communication is delivered to the employees’
devices. They have also asked you to implement filters so these
important corporate communications are not lost on the devices
amongst the other email messages.

Using the information outlined in this module and the procedures

starting on page 164 in the Administering the BlackBerry Enterprise
Server version 4.1 - Reference Guide, do the following:

1. Create a global filter to ensure email messages from Clyde

Warren always go to the employees’ devices.
2. The company recognizes that employees often send and
receive email messages that are not of a business nature. A
corporate policy has been put in place which states that if an
employee is going to send any email messages of a personal
nature to the entire company, they must add "NO BB" to the
subject. The BlackBerry Enterprise Server can then filter
messages to ensure messages such as advertising cookies for
sale or stating someone’s lights are on on the car do not go to
the devices. Create a global filter to accomplish this.
3. The Sales team has asked for a filter specifically for their group.
Create a group filter so any email message whose subject
contains the words "Request for Approval" is forwarded to the
device with a Level 1 Notification.

60IPES41m9.fm
178
RIM Education Services Managing filters

Changing the default if no filters apply

If you are creating a user filter, you can also configure what
happens to messages that do not meet any of the filter conditions
and so will not have any filters applied to them. To do so, in the
user dialog box, set the Forward messages to handheld option.

The Forward messages to handheld option can be set as follows.

Option value Description

True If you set the Forward messages to handheld
option to True, messages that do not have a filter
applied to them are forwarded to the user’s
device.
False If you set the Forward messages to handheld
option to False, messages that do not have a
filter applied to them are not forwarded to the
user’s device.

60IPES41m9.fm
179
 RIM Education Services Managing filters

Filter order
Remember The BlackBerry Enterprise Server applies filters to incoming
The BlackBerry Enterprise messages in the following order:
Server checks messages
against global filters before 1. It checks global filters in the order in which they are listed
checking them against group in the Global Filter Definition dialog box starting at the top
and user filters. of the list and working down.
2. Then it checks group and user filters in the order in which
they are listed in the Filter Rules Definition dialog box
starting at the top of the list and working down.
Note: If a user is part of a group, but has their own filters defined, the
BlackBerry Enterprise Server checks those instead of the group filters. If
a user is part of a group, but does not have their own filters defined,
the BlackBerry Enterprise Server checks the group filters.

Did You Know Once a message meets the conditions of a filter, the BlackBerry
Filters configured through the Enterprise Server performs the action in that filter immediately and
messaging server are applied does not check any other filters. As a result, the order of your
before any filters configured global filters list is extremely important.
on the BlackBerry Enterprise
Server.
Filter order tips
• The BlackBerry Enterprise Server checks messages against
global filters before checking them against group and user
filters.
• If you have a very restrictive filter with many conditions,
list it first to ensure it is processed. Otherwise, the criteria
of a more general filter will be met and the restrictive filter
will not be processed.
• The order of filters and the options defined in them can
cause problems and result in email messages not being
forwarded to a user’s device.

60IPES41m9.fm
180
RIM Education Services Managing filters

Reordering filters
To reorder your filters, in the Global Filter Definition or Filter Rules
Definition dialog boxes, highlight the filter you want to move and
click one of the following options:

• Make First
• Move Up
• Move Down
• Make Last

60IPES41m9.fm
181
 RIM Education Services Managing filters

Managing filters
As organizations grow and business conditions evolve, you may
need to modify or delete existing filters.

• To modify a filter, in the Global Filter Definition or Filter

Rules Definition dialog boxes, select the filter you want to
modify and click Properties. The Filter Rule dialog box
opens where you can adjust filter conditions and actions as
required.
• To delete a filter, in the Global Filter Definition or Filter
Rules Definition dialog boxes, select the filter you want to
modify and click Remove.
• If you have modified the filter properties for a group, you
need to push those changes out to the members of that
group.

60IPES41m9.fm
182
RIM Education Services Managing filters

Lab - Adjusting filter order

You have been asked to attend an emergency meeting to discuss

issues with the message filtering. It has been discovered that
messages sent from Clyde Warren with the subject “NO BB” are
still being delivered to the users’ devices.

Using the information outlined in this module and the procedures

starting on page 170 in the Administering the BlackBerry Enterprise
Server version 4.1 - Reference Guide, reorder the filters to ensure the
messages are no longer being forwarded.

60IPES41m9.fm
183
 RIM Education Services Managing filters

Exercise 1: Filter conditions and actions

Assume the following filters have been created on the BlackBerry
Enterprise Server for Clyde Warren. The filters appear in the Filter
Rule dialog box in the order they are listed here.

• Filter A:

Filter name Yan Wang

Filter condition • From: Yan Wang
• Recipient Types: Sent directly
Filter action • Forward message with a Level 1 notification

• Filter B:

Filter name BlackBerry

Filter condition • Subject: BlackBerry
• Recipient Types: Sent directly
Filter action • Do not forward the message to the device

• Filter C:

Filter name CC’d Messages

Filter condition • Recipient Types: Cc
Filter action • Forward header only

• Filter D:

Filter name To Messages

Filter condition • Recipient Types: Sent directly
Filter action • Forward message to the device

• If none of the filters apply, the message will not be

forwarded to the device.

60IPES41m9.fm
184
RIM Education Services Managing filters

The following email messages have arrived in Clyde’s mailbox. For

each email message, identify which filter is applied and what
happens to the message.

Filter
Message The message is...
applied
1. To: Clyde Warren
From: Yan Wang
Subject: Blackberry
Body: Hello World
2. To: Mark Murtha
CC: Clyde Warren
From: Katie Tiegs
Subject: Lunch
Body: Hello World
3. To: Technical Support
Distribution List
From: Admin
Subject: New Guidelines
Body: Hello World
4. To: Clyde Warren
CC: Katie Tiegs
From: User1
Subject: Blackberry
Body: Hello World
5. To: Clyde Warren
CC: Katie Tiegs
From: Yan Wang
Subject: Hi
Body: Hello World
6. To: Mark Murtha
BCC: Clyde Warren
From: Patick Moser
Subject: Check it out
Body: Hello World
7. CC: Clyde Warren
From: Yan Wang
Subject: FYI
Body: Hello World
8. CC: Clyde Warren
From: Mark Murtha
Subject: Blackberry
Body: Hello World

60IPES41m9.fm
185
 RIM Education Services Managing filters

Filter
Message The message is...
applied
9. To: Clyde Warren
From: Mark Murtha
Subject: Greetings
Body: Hello World
10. To: Mark Murtha
BCC: Clyde Warren
From: Yan Wang
Subject: See below
Body: Hello World

60IPES41m9.fm
186
RIM Education Services Managing filters

Review questions

1. Define the following two terms.

Term Definition
Filter conditions

Filter actions

2. The order of the filters is important because

a. if you need to create new filters, they are appended to the
bottom of the list and are applied in order.
b. when filters are applied top to bottom, only one filter is
applied.
c. general filters are applied before restrictive filters.
d. users can only assign five personal filters.

60IPES41m9.fm
187
 RIM Education Services Managing filters

Module summary

Objective Summary
Distinguish between • User filters are filter rules set at an individual user
user, group, and level.
global filters. • Group filters are filter rules set at a group level.
• Global filters are filters set at a global level.

See “About filters” on page 170.

Describe how to See “Creating a new filter” on page 172.
create a new filter.
Explain filter The filter conditions define message characteristics to
conditions. determine if the filter should be applied to the incoming
messages.

See “Filter conditions” on page 174.

Explain filter actions. After defining the conditions which determine whether
or not a filter is applied to a message, you need to
define the action that is then performed on the
message.

See “Filter actions” on page 176.

Configure the default In the User Properties dialog box, set the Forward
action if no filters messages to handheld option to define what happens to
apply. messages that do not meet any of the message
conditions and will not have any filters applied to them.

See “Changing the default if no filters apply” on

page 179.
Explain the The order in which the filters appear in the Global Filter
importance of filter Definition and Filter Rules Definition dialog boxes
order. determine the order in which the filters are applied.

If a message meets the conditions of a filter, the action

in that filter is immediately applied by the server and no
other filters are checked. After checking global filters,
the BlackBerry Enterprise Server moves on to the group
and user filters and checks them.

See “Filter order” on page 180.

60IPES41m9.fm
188
RIM Education Services Managing filters

Objective Summary
Describe how to As organizations grow and business conditions evolve,
manage filters. you may want to modify or delete existing filters.

See “Managing filters” on page 182.

60IPES41m9.fm
189
 RIM Education Services Managing filters

60IPES41m9.fm
190
Module 10: Managing IT policies
This module introduces IT policies and explains how to administer
and troubleshoot them.

Objectives
• Describe IT policies.
• Explain when IT policies can be used.
• Describe IT policy data flow.
• Create and assign IT policies.
• Change IT policies.
• Troubleshoot and resolve issues with IT policies.
 RIM Education Services Managing IT policies

About IT policies
An IT policy is a collection of rules the administrator uses to set
various functionality for the device and the Desktop Manager
software. These rules can define many factors, including how email
messages are handled and which functions the user can use.

Did You Know There are two types of IT policies as described below.
Best practice recommends
that you do NOT change the Type Description
Default policy. Consider the
Default policy to be a basic Default policy • It is a base policy that all new users are assigned
template. to when they are added to the BlackBerry
Enterprise Server.
• It is the minimal level of control you can impose
on a user.
• It is configured to automatically set the default
setting of each applicable rule immediately.
Customized policy • You can create customized policies to address the
needs of different users.
• For example, you can create a policy to enforce a
higher level of security on the devices of users
who are routinely out of the office.
• You can have a separate IT policy for each user,
but it is not considered best practice.

Users can be assigned to a customized policy instead of the default

policy, but each user can be assigned to one policy at a time.

IT policy distribution
IT policies are a function of the BlackBerry Domain. As a result, the
same policies are available to all users within the organization,
whether they reside on the same or separate BlackBerry Enterprise
Servers. You can set IT policies at a domain level or for individual
groups and users.

Some policy settings are synchronized and assigned to the device

over the air (OTA). As a result, administrators who need to
facilitate large deployments can easily change IT policies on a
corporate-wide level without users having to connect their devices.

You can configure the BlackBerry Enterprise Server to push IT

policies to the assigned groups or users at a pre-determined
interval. Using an automatic resend interval ensures the device is
always functioning with the most current IT policies. It also ensures
a device gets the policy change, even if it has been turned off or is
out of coverage during the initial send period.

60IPES41m10.fm
192
RIM Education Services Managing IT policies

IT policy data flow

The Policy system controls how IT policies are pushed to the
device. As your instructor discusses the data flow, add the
appropriate lines and numbers to the diagram.

1. An IT policy is assigned using the BlackBerry Manager at the

user, group, or domain level.
Did You Know 2. The BlackBerry Policy Service sends the updated policy to the
The BlackBerry Policy Service BlackBerry Dispatcher.
checks for changes to policy 3. The BlackBerry Dispatcher encrypts the policy using the
definitions every 15 minutes. encryption key from the Configuration database.
4. The BlackBerry Router routes the policy through the
BlackBerry Infrastructure to the wireless network.
5. The policy is received and applied on the BlackBerry device.

60IPES41m10.fm
193
 RIM Education Services Managing IT policies

Creating IT policies
It may be necessary to create multiple IT policies within an
organization to suit the environment and security needs of the
organization.

After creating the IT policy, you will then need to assign a name to
the policy and set all applicable policy items and values. Once you
set all policy items and values, you can assign the policy to users or
groups.

To create an IT policy at the domain level, open the Global

Properties dialog box and select the IT Policy property. Double
click on the IT Policies field to open the IT Policies dialog box and
click New to open the New Policy dialog box. From there, you can
give the new policy a name and select and set policy items and
values.

60IPES41m10.fm
194
RIM Education Services Managing IT policies

Available IT policies
Did You Know The BlackBerry Enterprise Server has a number of available IT
For a full list of available IT policies you can select and apply to the default, individual, or
policies, refer to the Technical group policies. A sample of the IT policies available in the New
Knowledge Center. Policy dialog box are as follows:

• Device-Only Items (such as Allow PIN-to-PIN Messages)

• Browser Policy Group
• Global Items (such as Allow Phone, Allow Browser, and
Auto Signature)
• Password Policy Group
• PIM Sync Policy Group
• Bluetooth Policy Group
• BlackBerry Messenger Policy Group

60IPES41m10.fm
195
 RIM Education Services Managing IT policies

Assigning IT policies
You can assign IT policies to groups or users.

• Assigning an IT policy to a group

To create greater efficiencies in administration of the
BlackBerry Enterprise Server, IT policies can be assigned
to members of a group which have the same policy
requirements.
To do this, select a group and click the Assign IT Policy
option from the IT Admin task menu. A dialog box opens
and prompts you to select the IT policy you want to apply.
• Assigning an IT policy to a user
To assign an IT policy to a user, select the user and click
the Assign IT Policy option from the IT Admin task menu.
A dialog box opens and prompts you to select the IT policy
you want to apply.

As soon as you assign a policy to a user or a group, the BlackBerry

Enterprise Server pushes that policy out to them.

60IPES41m10.fm
196
RIM Education Services Managing IT policies

Lab - Creating new IT policies

Kate Turner and Clyde Warren recently attended the Wireless

Enterprise Symposium and were made aware of the advantages of
configuring device settings using IT policies.

1. Using the information from this module and in the

Administering the BlackBerry Enterprise Server version 4.1 -
Reference Guide, select the IT policy items that would achieve
the following results:
a. Executives should have some security configured, but
generally do not need restrictive policy items.
b. Administrators on the Information Technology team who
generally work on campus and are less likely to lose their
device off-campus should have more restrictive policy
items than the Executives.
c. Sales employees travel frequently and have sensitive data
on their device. As a result, they need fairly restrictive
policy items, but not as restrictive as the regular
employees.
d. Regular employees need to be very restricted. They to be
able to work with email messages, but not the browser or
the phone.

Function IT policy rule Value

Executive

Administrators

Sales employees

60IPES41m10.fm
197
 RIM Education Services Managing IT policies

Function IT policy rule Value

Regular
employees

2. After selecting the IT policy items, use the BlackBerry Manager

to assign these policies to the appropriate users or groups.

60IPES41m10.fm
198
RIM Education Services Managing IT policies

Changing IT policies
The IT policy functionality of the BlackBerry Enterprise Server is
designed to be flexible in that you can edit IT policies at both the
domain and user level.

To change them at a domain level, open the Global Properties

dialog box and select the IT policy property.

There are additional policy rules you can set for a specific user. To
access these, open the User Properties dialog box and select the IT
Policy property.

60IPES41m10.fm
199
 RIM Education Services Managing IT policies

Applying IT policy changes

The BlackBerry Policy Service monitors for changes to IT policies
defined at the domain level. When a change occurs, the BlackBerry
Enterprise Server automatically sends out the IT policy to all users
associated with it.

The BlackBerry Enterprise Server will also send out IT policies to a

user when the user activates their device.

60IPES41m10.fm
200
RIM Education Services Managing IT policies

Managing IT policies
• To view a list of all the users in the domain and the IT
policies they have been assigned to, open the Global
Properties dialog box and select the IT Policy property.
You can then use the IT Policy to User Mapping option to
open a dialog box listing the users and IT policies.
Did You Know
From this dialog box, you can
also change the IT policy
assigned to the user by
clicking in the radio button.

• If an IT policy is no longer needed, you can remove it.

Before you delete a policy, you must remove all users from
it.

60IPES41m10.fm
201
 RIM Education Services Managing IT policies

Troubleshooting IT policies
• Verify the device can receive messages or use the web
browser . If the device is unable to perform these
functions, it may not have network connectivity. As a
result, IT policies cannot be transmitted to the device
either.
• The BlackBerry Policy service must be running for the IT
policies to be sent to the device. The BlackBerry Policy
service status can be viewed in Component Services from
the administrative computer’s Control Panel.
The illustration below indicates the BlackBerry services
running on the BlackBerry Enterprise Server. Note the
BlackBerry Policy service status is Started.

• You can also review BlackBerry Policy Service specific

logs. Logs are discussed in a later module.

Log name Identifier Description

BlackBerry Policy POLC This log records the
Service communications between
the BlackBerry Policy
Service and the
BlackBerry Dispatcher.

60IPES41m10.fm
202
RIM Education Services Managing IT policies

• When you select a user, IT policy status information is

displayed in the lower part of the window. Use this
information to determine the status of an IT policy change
for a specific user.

The values available in the IT Policy Status field are as

follows:

Status Description
Pending New data is waiting to be sent to the device.
Processing The BlackBerry Enterprise Server is sending the
changes to the user.
Sent The IT policy has been wirelessly sent to the device
and/or desktop, but the user has not yet received
the change.
Received The device and/or desktop has received the change,
but has not yet returned an error or success message
indicating that the change has been made.
Applied Successfully The device and/or desktop has received and
successfully applied the change.
Error An error has occurred when the change was
processed, sent, received, or applied.
Timed Out The IT policy change has timed out after seven days
because the user has either turned off their device or
is not in an area of sufficient wireless coverage.

60IPES41m10.fm
203
 RIM Education Services Managing IT policies

Review questions

1. Which of the following IT policies should be selected for a

policy designed to meet the needs of a sales representative who
spends 90% of their time making calls to customers? Suggest
policy values as well.

Select Policy Suggested Value

Allow Phone
Local Country Code
Allow outgoing calls when locked
Put Auto Signature
Show Application Loader

2. What is an IT policy? Choose the most appropriate answer.

a. An IT policy is a collection of server rules the
administrator sets.
b. An IT policy holds the license agreements and expiry dates
for all handhelds.
c. An IT policy is a collection of rules the administrator uses
to set defaults for the device and desktop manager
software.
d. An IT policy is a set of rules that filters messages.

60IPES41m10.fm
204
RIM Education Services Managing IT policies

Module summary

Objective Summary
Describe IT policies. An IT policy is a collection of rules that the
BlackBerry Enterprise Server Adminstrator uses to set
defaults for the device and desktop manager
software.

See “About IT policies” on page 192.

Explain when IT See “About IT policies” on page 192.
policies can be used.
Describe IT policy See “IT policy data flow” on page 193
data flow.
Create and assign IT You can create policies at the domain level or at the
policies. user level.

You will then need to assign a name to the policy

and set all applicable policy items and values. Once
you set all policy items and values, you can assign
the policy to users or groups

See “Creating IT policies” on page 194

Change IT policies. The IT policy functionality of the BlackBerry
Enterprise Server is designed to be flexible in that
you can edit IT policies at both the domain and user
level.

See “Changing IT policies” on page 199.

Troubleshoot and See “Troubleshooting IT policies” on page 202.
resolve issues with IT
policies.

60IPES41m10.fm
205
 RIM Education Services Managing IT policies

60IPES41m10.fm
206
Module 11: Managing the devices
This module describes how to manage the BlackBerry devices,
including deployment, monitoring, and administration.

Objectives
• Describe device management.
• Describe how to deploy devices.
• Describe how to troubleshoot wireless Enterprise
Activation issues.
• Discuss how to control which devices are allowed to
activate.
• Describe how to manage device software.
• Describe how to manage devices.
• Describe how to monitor devices.
 RIM Education Services Managing the devices

About device management

In addition to performing administrative activities on the
BlackBerry Enterprise Server, you may need to perform
administrative activities on the users’ devices using the BlackBerry
Manager console.

For example, you may need to do the following:

• Fully control the initial user experience by loading and

provisioning multiple BlackBerry devices for simultaneous
deployment.
• Activate a user’s device wirelessly.
• Load software configurations and applications from a
central location onto a user’s device.
• Modify or delete software configurations from a user’s
device.
• Manage third-party applications on a user’s device.
• Send commands to a user’s device wirelessly in response
to issues or requests.
• View the status information and properties relating to a
device.

60IPES41m11.fm
208
RIM Education Services Managing the devices

Deploying devices
As described before, once you have added a user to the BlackBerry
Enterprise Server, the server will monitor that user’s mailbox on
the messaging server for incoming mail. For the server to redirect
messages to the user’s device, however, you must deploy a device
to the user as shown in the following process.

There are three ways to deploy a device to a user.

60IPES41m11.fm
209
 RIM Education Services Managing the devices

Deploying devices using the BlackBerry Desktop

Manager
Did You Know Once a user is added to the BlackBerry Enterprise Server, the user
The user must connect their can connect their device to their computer and open the BlackBerry
device to a port on their Desktop Manager.
computer before they can
access and configure it. If the connected BlackBerry device is not already assigned to the
user, the user is asked if they want to assign the device to their
account. If the user clicks Yes, an encryption key is generated and
the associated user data, such as IT policies and service books, is
sent from the BlackBerry Enterprise Server to the device.

Note: With Novell GroupWise, you cannot deploy devices using the
BlackBerry Desktop Manager.

Deploying devices using the BlackBerry Manager

Did You Know To deploy a device, the administrator can also connect it to the
For more information on BlackBerry Enterprise Server’s administration computer and use
service books, see “Service the BlackBerry Manager to assign it to a user.
books” on page 11 in the
Administering the BlackBerry To do this, you must have a device connected to the administration
Enterprise Server version 4.1 - computer in one of the following ways:
Reference Guide.
• an enabled serial port
• an enabled USB port

Did You Know Once you have the device connected through an enabled port, you
In a real world environment, a can select a user on the All Users tab or the Users tab. From the
device connected by USB port Handheld Management task menu, you can then click Assign
to the administration Handheld.
computer will be immediately
detected and added by
BlackBerry Manager. The
classroom environment often
uses a Virtual Machine
environment and additional
work is required.

Once a device PIN has been associated with a user, the server
generates an encryption key and sends any associated user data,
such as IT policies and service books to the device.

60IPES41m11.fm
210
RIM Education Services Managing the devices

Deploying devices through Enterprise Activation

Remember The third method for deploying devices is for the administrator to
Wireless Enterprise Activation initiate a wireless Enterprise Activation. With wireless Enterprise
is optional. You can still Activation, an encryption key is created and used to activate the
provision devices by physically device in one of the following ways.
connecting them.

Method Description Access

Manual activation • The administrator manually 1. Select a user from the All
password generation sets an activation password. Users tab or the Users tab.
(Shared Secret • The administrator gives the 2. From the Service Access
method) user the activation menu, click Set Activation
information verbally and the Password.
user self-provisions the device.
• The administrator can set a
timeout period on the
password, so if the user does
not activate the device within
that period, the BlackBerry
Enterprise Server resets the
password and the
administrator has to generate
a new one.
Automatic activation • The administrator has the 1. Select a user from the All
password generation BlackBerry Enterprise Server Users tab or the Users tab.
generate a password and send 2. From the Service Access
it to the user’s email account menu, click Generate and
on the messaging server. Email Activation Password.
• The user self-provisions the
device using the information
in the email message.
• With this option, the
administrator will not be able
to set a password manually; it
will always be generated
automatically.

60IPES41m11.fm
211
 RIM Education Services Managing the devices

Discussion: Advantages and disadvantages of each

deployment method
Discuss and note the advantages/disadvantages of each
deployment method.

Method Advantages Disadvantages

Desktop Manager

BlackBerry Manager

Enterprise Activation

60IPES41m11.fm
212
RIM Education Services Managing the devices

Enterprise Activation process

Did You Know After a user receives a new BlackBerry device and contacts their
For Novell GroupWise, you Information Technology department to activate it, data flows
must assign an address book through the Enterprise Activation process as described below.
to a user before Enterprise Enterprise Activation involves the Policy system, the PIM
Activation can occur. synchronization system, and the Backup system. As your instructor
discusses the data flow, add the appropriate lines and numbers to
the diagram.

1. Administrator adds the user.

- The administrator adds the user to the BlackBerry
Enterprise Server using the BlackBerry Manager. The
server begins monitoring the user’s mailbox on the
messaging server.
2. Administrator creates an activation password.
Did You Know - The administrator uses the BlackBerry Manager to set
You can configure the or create a temporary wireless activation password
activation password using the for the user account and securely communicates the
Set Activation Password password to the user.
option in the IT Admin task
Note: The security of the Enterprise Activation process lies with the
menu.
secure communication of the password.
- The password applies to that user account only and
becomes invalid in the following situations:

60IPES41m11.fm
213
 RIM Education Services Managing the devices

- A device is activated on the account using the

password.
- Five unsuccessful activation attempts are made on
the account with the device.
- The user fails to activate the device within the
expiry window.
3. User initiates wireless activation.
Did You Know - The user opens the Enterprise Activation application
The option to access the on the BlackBerry device and enters the appropriate
Enterprise Activation corporate email address and wireless activation
application is still present on a password.
previously activated device. 4. Device sends secure packet.
When Enterprise Activation
occurs, though, the user will - The device sends a secure packet to the wireless
be prompted to wipe the network. This packet contains the device’s PIN,
device. routing information about the device, and the device
activation public keys.
5. BlackBerry Infrastructure sends email message.
- The wireless network passes the packet to the
BlackBerry Infrastructure, which sends an activation
request email message to the SMTP address. This
email message contains an attached ETP .dat file with
the information sent from the device.
Did You Know 6. The messaging server receives the email message.
If mutiple ETP.dat files are - The messaging server receives the email message
arriving in the user’s mailbox from the BlackBerry Infrastructure. The BlackBerry
on the messaging server, the Messaging Agent monitors the messaging server and
BlackBerry Enterprise Server takes a copy of the attached ETP.dat file when it
and the messaging server are arrives. It then deletes the email message from the
not communicating. messaging server.
7. BlackBerry Messaging Agent sends activation response.
- The BlackBerry Messaging Agent sends the device an
activation response through the BlackBerry
Dispatcher and the BlackBerry Router. This response
contains routing information about the BlackBerry
Enterprise Server and its public keys.
8. BlackBerry Enterprise Server compares the activation
password.
- The BlackBerry Enterprise Server compares the
activation password sent from the administrator and
the hash of the of the password sent from the device
in the ETP .dat file. It then adds the device’s PIN.

60IPES41m11.fm
214
RIM Education Services Managing the devices

9. Establishes and confirms keys.

- The BlackBerry Enterprise Server and the BlackBerry
device establish a master encryption key. Both the
BlackBerry Enterprise Server and the device confirm
their knowledge of the master key to one another. If
master key confirmation succeeds, the activation
proceeds and all further communication is encrypted.
10. Sends service books.
- The BlackBerry Policy Service sends the user’s IT
policy and appropriate service books (for example,
messaging service book, wireless calendar service
book, browser service book, SYNC service book, and
other service books) to the device to allow the user to
send and receive message.
Did You Know 11. Loads data.
To avoid transmitting large - If the user is configured for wireless PIM
amounts of user data over the synchronization and wireless backup, the BlackBerry
wireless network, you can Synchronization Service triggers the following data to
connect the device to the be sent to the device:
computer and use the
BlackBerry Router and - calendar entries
BlackBerry Handheld - address book entries
Manager. To do this, use an IT
policy to force the initial load - tasks
of user data (calendar, address - memos
book, etc.) to occur using this
wired connection. - prepopulating email messages
- existing BlackBerry device options backed up
through the automatic wireless backup feature on
the BlackBerry Desktop Manager

60IPES41m11.fm
215
 RIM Education Services Managing the devices

Lab - Activating your device using the BlackBerry Enterprise Server

Use the information in this module and the procedures on page 189
in the Administering the BlackBerry Enterprise Server version 4.1 -
Reference Guide to assign a device to Scott McPherson.

60IPES41m11.fm
216
RIM Education Services Managing the devices

Troubleshooting wireless Enterprise

Activation issues
When troubleshooting isses with wireless Enterprise Activation,
review the Enterprise Activation issue table on page 196 in the
Administering the BlackBerry Enterprise Server version 4.1 - Reference
Guide.

Tips for troubleshooting wireless Enterprise

Activation issues
• Verify the user has been added to a BlackBerry Enterprise
Server.
• Verify the user is using software that is version 4.0 or
higher on the BlackBerry Enterprise Server and on the
device.
• Verify the wireless network is working by confirming the
user can send and receive email messages on their device.
• Verify the user is in an area of coverage.
• Verify the user can communicate via PIN-to-PIN
messaging.
Did You Know • Determine if more than one user is affected. If more than
For the Novell GroupWise one user is affected, the issue is likely with the BlackBerry
platform, you must assign an Enterprise Server. If only one user is affected, the issue is
address book to the user likely with the user configuration.
before performing an • If mutiple ETP.dat files are arriving in the user’s mailbox
Enterprise Activation for them. on the messaging server, the BlackBerry Enterprise Server
and the messaging server are not communicating.

60IPES41m11.fm
217
 RIM Education Services Managing the devices

Exercise 1: Troubleshooting wireless Enterprise Activation

issues
You are training a new hire on potential issues that may arise. You
have given him a list of questions he could ask a user who is having
issues with Enterprise Activation.

For each question, identify for the new hire any actions he should
take to retrieve the information needed and add a description of
why he would ask a particular question (that is, what information
he would retrieve with a certain question).

Question Action Discussion

1. Has the user • •
entered the
correct email
address and
password in the
activation screen
on the BlackBerry
device?
2. Did the corporate •
firewall, anti-virus,
or spam filter
software modify
the Enterprise
Activation request
email message?
3. Does the user • •
have inbox rules
that may have
filed the
activation request
email in a
personal folder
(.pst)?

60IPES41m11.fm
218
RIM Education Services Managing the devices

Controlling which devices can activate on

the BlackBerry Enterprise Server
By using an Enterprise Service Policy, you can control which users
and devices can activate on a BlackBerry Enterprise Server. When
enabled, the Enterprise Service Policy forces the BlackBerry
Enterprise Server to perform two types of validation.

Validation type Description

device validation The BlackBerry Enterprise Server will validate an
individual device during Enterprise Activation, a PIN
change, or a device capabilities change.
user validation The BlackBerry Enterprise Server will validate all
users when the server starts up, when the Enterprise
Service Policy feature is enabled, or if changes are
made to the lists of acceptable devices.

For each of these two types of validation, the BlackBerry Enterprise

Server can check the device or the user against the following:

• PIN
• PIN range
• Manufacturer
• Model

During validation, the BlackBerry Enterprise Server checks the

device or the user against lists of valid PINs, manufacturers, or
models. The BlackBerry Enterprise Server populates the
manufacturer and model lists.

The following occurs if validation fails:

• If an unauthorized device is found, the BlackBerry

Enterprise Server disables the user’s device by resetting its
PIN.
• If an unauthorized user attempts to use the BlackBerry
services, they receive a “failure at service” error on their
device.

60IPES41m11.fm
219
 RIM Education Services Managing the devices

Configuring an Enterprise Service Policy

Disabled by default, you can enable this feature at a domain, group,
and user level. To configure an Enterprise Service Policy, you need
to do the following.

For more infomation, refer to “Enable Enterprise Service Policy” on

page 198 in the Administering the BlackBerry Enterprise Server version
4.1 - Reference Guide.

60IPES41m11.fm
220
RIM Education Services Managing the devices

Managing software on the devices

After the initial activation of the device, you may need to add or
remove software. You do this using either through Application
Loader application from the BlackBerry Desktop Software or by
using various options and task menus available in the BlackBerry
Manager.

BlackBerry Manager console

When managing the software configurations through the
BlackBerry Manager console, the relevant options can be found in
the following locations:

• With BlackBerry Domain selected in the Explorer view,

click the Software Configurations tab.
• On the All Users tab or the Users tab, select a user and
open the Handheld Management task menu.
• On the User Groups List, select a group and open the
Handheld Management task menu.
• In the Explorer view, select Local Ports (Handheld
Management).

The options available in these locations include the following.

Option Description Access

Load Handheld Use this option to select a Local Ports
configuration to load onto the (Handheld
device connected to the selected Management)
port.
Load Handheld Use this option to launch a wizard to Local Ports
(Interactive) walk you through the loading of (Handheld
software configurations and Management)
applications on the device
connected to the selected port.
Assign Software Use this option to assign a software Handheld
Configuration configuration to a user or group and Management task
load the software configuration on menu
to the assigned devices.
Add New Use this option to add a new Software
Configuration software configuration. Configurations tab
Edit Configuration Use this option to edit an existing Software
software configuration. Configurations tab

60IPES41m11.fm
221
 RIM Education Services Managing the devices

Option Description Access

Copy Configuration Use this option to copy an existing Software
configuration. Configurations tab
Delete Configuration Use this option to delete an existing Software
configuration. Configurations tab
Manage Application Use this option to create and modify Software
Policies application control policies. Configurations tab
Application control policies control
the third-party application
functionality for a user.

60IPES41m11.fm
222
RIM Education Services Managing the devices

Managing the devices wirelessly

In addition to managing the software configurations and
applications, you may need to perform various wireless
administrative tasks. You can access the options to perform these
tasks from the following locations:

• On the All Users tab or the Users tab, select a user and
open the IT Admin or the Service Control & Customization
task menu.
• On the User Groups List, select a group and open the IT
Admin or the Service Control & Customization task menu.

The options available in these locations include the following.

Option Description Access

Set Password and Click this option to first lock the IT Admin task
Lock Handheld device and then prompt the user to menu
accept or decline the new password.
Note: This option does not apply to
groups.
Set Owner Click this option to set the owner IT Admin task
Information information stored on the device. menu
Note: This option does not apply to
groups.
Erase Data and Click this option to disable the IT Admin task
Disable Handheld device and delete all information menu
stored on it.
Note: This option does not apply to
groups.
Resend Peer-To-Peer Click this option to resend the PIN- IT Admin task
Key to-PIN encryption key after it has menu
been updated.
Resend Service Book Click this option to resend the IT Admin task
service book to the device. menu
Purge Pending Click this option to clear messages Service Control &
Messages pending for a user. Customization
task menu

60IPES41m11.fm
223
 RIM Education Services Managing the devices

Managing connected devices

In addition to performing wireless administrative tasks, you may
need to perform tasks on a device connected to the administration
computer. You can access the appropriate options from the
following location:

• In the Explorer view, select Local Ports (Handheld

Management).

The available options include the following:

Option Description Access

View Handheld Use this option to view the hardware, Local Ports
Properties software, applications, and service books (Handheld
installed on a connected device. You can Management)
also see the status of the device.
Wipe Handheld Use this option to delete the data from the Local Ports
File System device connected to the selected port. (Handheld
Wiping the handheld file system will not Management)
delete the device software, just the data
used by the device applications.
Nuke Handheld Use this option to delete everything from Local Ports
the device, including the device software (Handheld
and applications. Management)
Note: Nuke a handheld only as the last
effort for correcting certain rare
encryption errors. You may be able
to reprogram the device with the
Application Loader from the Desktop
Manager or with a command line
interface. Be sure to consider all
other alternatives before initiating a
nuke event.
Purge Pending Click this option to clear messages pending Service Control &
Messages for a user. Customization
task menu

60IPES41m11.fm
224
RIM Education Services Managing the devices

Exercise 2: Identify which options will resolve the

following scenarios.
1. Clyde Warren has been travelling in an area of no coverage
for the last two weeks. You know he is arriving home later
today and will be upset when two weeks worth of
messages start arriving on his device all at once.
Option:

Explanation:

2. Katie Tiegs has called to say she has left her device at a
restaurant. She is on her way to pick it up, but is worried
about some sensitive data she has on the device.
Option:

Explanation:

3. Clyde Warren has just received the newest BlackBerry

device. He has sent his old device back through internal
mail.
Option:

Explanation:

60IPES41m11.fm
225
 RIM Education Services Managing the devices

4. Katie Tiegs has lost her device while on a business trip.

Option:

Explanation:

60IPES41m11.fm
226
RIM Education Services Managing the devices

Monitoring devices
To administer the device effectively, you may need to review its
status information and monitor it to make sure there are no issues.
Gathering device statistics helps you review handheld activity and
detect any interference with message flow to and from a user’s
device.

When you select a user from the All Users tab or the Users tab or
select a port with a connected device from the Local Ports tab, the
status information for the user or device is displayed in the lower-
half of the window.

The BlackBerry Enterprise Server also has device monitoring

options in the following locations:

• On the All Users tab or the Users tab, select a user and
open the Handheld Management or the Service Control &
Customization task menu.
• On the User Groups List, select a group and open the
Handheld Management or the Service Control &
Customization task menu.
• In the Explorer view, select Local Ports (Handheld
Management).

The available options include the following:

Option Description Access

View Handheld Use this option to view the properties of Local Ports
Properties the connected device, including hardware, (Handheld
software, capabilities, status, service Management)
books, applications, and modules.
Retrieve Summary Use this option to retrieve a status Local Ports
Properties summary for the connected device. (Handheld
Management)
Export Asset Summary Use this option to export status and Handheld
Data summary information for the selected Management task
user’s device to a text or .csv file for menu
viewing.

60IPES41m11.fm
227
 RIM Education Services Managing the devices

Option Description Access

Update Configuration Use this option to compare the software Handheld
Check Status configurations and applications actually Management task
installed on the selected user’s device menu
with the configurations and applications
defined for the user.

The following configuration information is

available when you click this option:
• Configuration Status - the overall
status of the user’s defined software
configuration with respect to the
software installed on their device.
• System Status - the status of the
device’s current device software with
respect to the user’s defined
software configuration.
• Application Status - the status of the
device’s current third-party
applications with respect to the
user’s defined software
configuration.
You can also identify the devices that are
not running the most recent or desired
version of device software.

In addition to clicking the View Handheld Properties option, you

can also open the User Properties dialog box for the user assigned
to the device. The handheld properties will show up in the
properties list.

60IPES41m11.fm
228
RIM Education Services Managing the devices

Configuring automatic handheld management

Another option for monitoring a device is to enable automatic
handheld management for a user. If enabled, the current status
information for the device is sent during a wireless PIM
synchronization to the BlackBerry Manager.

To enable this, open the User or Group Properties dialog box, select
the PIM Sync property, and set the Enable Wireless Device
Management for this user field to True.

Once enabled, you can see this status information by selecting a

user and looking at the information in the lower half of the
BlackBerry Manager window.

60IPES41m11.fm
229
 RIM Education Services Managing the devices

Configuring Auto BCC addresses

Configuring an Auto BCC Address is another way to monitor the
messages being sent from a device and ensure they are delivered
successfully. When you configure one or more auto blind carbon
copy (BCC) addresses, a copy of every message sent from the
devices on the BlackBerry Enterprise Server is stored in a single
mailbox. As a result, you do not have to check individual recipients
to monitor handheld message flow and can easily detect
interruptions in handheld traffic.

To configure auto BCC addresses, open the Server Properties

dialog box and select the Messaging property.

Auto BCC address tips

• Auto BCC addresses only receive copies of messages sent
from handheld devices and not messages sent from the
email client.
• Auto BCC addresses are concealed from the recipient of
the original message.
• The Auto BCC feature is necessary to comply with North
American SEC (Securities and Exchange Commission)
standards.

60IPES41m11.fm
230
RIM Education Services Managing the devices

Lab - Monitoring devices

Using the information in this module and the procedures starting

on page 217 in the Administering the BlackBerry Enterprise Server
version 4.1 - Reference Guide, gather the following information for
the device assigned to Scott McPherson:

1. Pending messages
2. Filtered messages
3. Device software version
4. Device type
5. Memory available
6. Assigned IT policy

60IPES41m11.fm
231
 RIM Education Services Managing the devices

Review questions

1. For each of the following deployment methods, provide a

description.

Method Description
Deploy the device using the •
BlackBerry Enterprise Server.
Deploy the device using the •
BlackBerry Desktop
Manager.
Deploy the device using •
wireless Enterprise
Activation.

2. To view the hardware, software, and status of a connected

device, you would perform which of the following?
a. Open Retrieve Summary properties.
b. In the Explorer View, select Local Ports.
c. A user cannot view the hardware, software, and status at
the same time.
d. Click View Handheld Properties.

60IPES41m11.fm
232
RIM Education Services Managing the devices

3. To determine if the software installed on a user’s device is the

expected software for that device, you would select which
option?
a. Update Configuration Check Status
a. Update Configuration Status
b. Update Software Configuration
c. Update Device Software

60IPES41m11.fm
233
 RIM Education Services Managing the devices

Module summary

Objective Summary
Describe device Device management involves the following:
management. • Fully control the initial user experience by
loading and provisioning multiple BlackBerry
devices for simultaneous deployment.
• Wirelessly activate a user’s device.
• Load software configurations and applications
onto a user’s device from a central location.
• Modify or delete software configurations from
a user’s device.
• Manage third-party applications on a user’s
device.
• Wirelessly send commands to a user’s device in
response to issues or requests.
• View the status information and properties
relating to a device.
See “About device management” on page 208.
Describe how to There are three ways you can assign a device to a
deploy devices. user and create the provisioning password or unique
encryption key.
• The user can use the BlackBerry Desktop
Manager.
• The administrator can connect the device to
the BlackBerry Enterprise Server and activate it
through the BlackBerry Manager console.
• The administrator can perform a wireless
Enterprise Activation.

See “Deploying devices” on page 209.

Describe how to See “Troubleshooting wireless Enterprise Activation
troubleshoot wireless issues” on page 217.
Enterprise Activation
issues.
Discuss how to By using an Enterprise Service Policy, you can control
control which devices which users and devices can activate on a BlackBerry
are allowed to Enterprise Server.
activate.
See “Controlling which devices can activate on the
BlackBerry Enterprise Server” on page 219.

60IPES41m11.fm
234
RIM Education Services Managing the devices

Objective Summary
Describe how to After the initial activation of the device, you may
manage device need to add or remove software from the device. Use
software. the Software Configuration tab, the Handheld
Management task menu, or the Local Ports tab to do
this.

See “Managing software on the devices” on

page 221.
Describe how to After getting a user up and running on their device,
manage devices. you may need to use the BlackBerry Enterprise Server
to manage the software on the device, send wireless
commands, or troubleshoot issues. The user can also
perform some device management by using the
BlackBerry Desktop Software applications.

See “Managing software on the devices” on

page 221, “Managing the devices wirelessly” on
page 223, and “Managing connected devices” on
page 224.
Describe how to To effectively administer the device, you may need to
monitor devices. review its status information and monitor it to make
sure there are not any issues. Gathering device
statistics helps you review handheld activity and to
detect any interference with message flow to and
from a user’s handheld.

See “Monitoring devices” on page 227.

60IPES41m11.fm
235
 RIM Education Services Managing the devices

60IPES41m11.fm
236
Module 12: Administering the BlackBerry
Attachment Service
This module describes the BlackBerry Attachment Service. It
includes information about how to configure, manage, and
troubleshoot it.

Objectives
• Describe the BlackBerry Attachment Service.
• Describe the network architecture of the BlackBerry
Attachment Service.
• Configure the BlackBerry Attachment Service.
• Troubleshoot issues with the BlackBerry Attachment
Service.
 RIM Education Services Administering the BlackBerry Attachment Service

About the BlackBerry Attachment Service

The BlackBerry Attachment Service is a component of the
BlackBerry Enterprise Server which converts email message
attachments into a format users can view on their devices. It uses a
proprietary data format to interpret, convert, and preserve the
format of these attachments.

Additional functions and features of the Attachment Service

include the following.

Function Description
Displays document Document links are recognized by the Attachment
links Service within documents even if the complete
attachment is not retrieved from the server. As a
result, users can jump to a specific part of a document
without having to first download all of the
attachment to the device. For example, it recognizes
table of contents, hyperlinks, and bookmarks.
Tracks changes BlackBerry devices with color screens can display new
or changed text which has been added to a document
using the Microsoft track changes feature.
Displays images The Attachment service supports several image
formats. The images are resized to fit on the device
screen, and users can pan, zoom, and rotate these
images. The Attachment Service also supports an
enlarge all or a full image display.
Displays Microsoft® The Attachment service supports Show Slide, Show
PowerPoint slide Text, Show Both, View, and Save options when looking
presentations at PowerPoint slides.
Supports Windows The BlackBerry Attachment Service now supports the
Metafile (.wmf) files Windows Metafile (.wmf) format for embedded
images in Microsoft Office documents and standalone
images.
Supports web When using the browser application on the device,
document viewing the Attachment Viewer allows users to view
supported document MIME types when valid URLs
from web pages point to documents. Supported
document types include:
• Microsoft Word
• Microsoft Excel
• Microsoft PowerPoint
• Adobe® PDF
• Corel® WordPerfect®

60IPES41m12.fm
238
RIM Education Services Administering the BlackBerry Attachment Service

Function Description
Preserves document • For documents, it preserves font styles, bullets,
formats indentation, tables, bookmarks, and hyperlinks.
• For spreadsheets, it preserves font styles, bullets,
indentation, tables, bookmarks, and hyperlinks.
• It preserves Unicode character mapping for
Java™-based devices only.
Supports audio The Attachment Service now supports .wav files. It
attachments also supports re-sampling of original audio data using
Audio Compression Manager (ACM), for the following
audio attachment types (compression rates in
brackets):
• .mp3 (1:15)
• DSP TruesSpeech (1:20)
• Microsoft ADPCM
• u-Law/a-Law (1:2)
• OKI ADPCM2

Note: Color formatting and style information displays only on those

BlackBerry devices with color screens.

Attachment Service supported file formats

• Microsoft Word documents
• Microsoft Excel spreadsheets
• Microsoft PowerPoint presentations (.pps and .ppt files)
• Corel WordPerfect documents
• Adobe PDFs
• Embedded images within MS Word (Java 16Mb only)
• text files
• .zip files
• .html files
• .jpg, .jpeg files
• .bmp files
• .gif files
• .png files
• .tif, .tiff files
• .wmf files
• .wav files

60IPES41m12.fm
239
 RIM Education Services Administering the BlackBerry Attachment Service

• .mp3 files
• DSP TruesSpeech
• Microsoft ADPCM
• u-Law/a-Law
• OKI ADPCM2

60IPES41m12.fm
240
RIM Education Services Administering the BlackBerry Attachment Service

BlackBerry Attachment Service network

architecture
The BlackBerry Attachment Service consists of the following
components.

Component Description Server information

BlackBerry The BlackBerry Connector is The BlackBerry Connector
Connector responsible for controlling the resides on the BlackBerry
connections between the Enterprise Server.
BlackBerry Messaging Agent and
the BlackBerry Attachment Service
when attachments are requested
on the BlackBerry device.
BlackBerry The BlackBerry Attachment Server The BlackBerry Attachment
Attachment Server is designed to control the retrieval, Server can reside on either
distillation, and conversion of the BlackBerry Enterprise
attachment data. It also controls Server or on a separate
which attachment types you plan server.
to support in your environment.

The BlackBerry Enterprise Server maintains a link to the messages

stored on the corporate messaging server. The Attachment Service
uses this link to access attachments directly from the messaging
server. The Attachment Service communicates directly with the
BlackBerry Enterprise Server over the TCP/IP connection with no
inbound or outbound connections through the firewall. By default,
the Attachment Service uses the following ports to communicate
with the BlackBerry Enterprise Server, but you can use any valid
TCP/IP ports.

Port Description
1900 This port is used to submit documents and then
return the converted content.
1999 This port is used for administration and monitoring
purposes.
2000 This port is used to monitor the background
processing of large attachments.

60IPES41m12.fm
241
 RIM Education Services Administering the BlackBerry Attachment Service

Attachment viewing data flow

The Attachment system controls how data flow occurs when a user
attempts to view an attachment on their device. As your instructor
discusses the data flow, add the appropriate lines and numbers to
the diagram.

Did You Know 1. Message with attachment arrives.

The BlackBerry Messaging - A user receives a message with a supported
Agent verifies the attachment attachment on their device.
is a valid format for
conversion. If the format is not - The user clicks Open Attachment to view the
valid, the Open Attachment attachment on the device.
menu item does not appear 2. Sends request.
on the device. - The request is sent using the CMIME service book
from the device’s Attachment Viewer to the
BlackBerry Messaging Agent, which invokes the
BlackBerry Attachment Service over port 1900.

60IPES41m12.fm
242
RIM Education Services Administering the BlackBerry Attachment Service

3. BlackBerry Attachment Service retrieves document.

- The BlackBerry Attachment Service retrieves the
document in binary format from the BlackBerry user’s
mailbox using the BlackBerry Messaging Agent’s link
to the messaging server.
4. BlackBerry Attachment Service distills document.
- The BlackBerry Attachment Service extracts the
document content, layout and appearance, and
navigation information. The information is organized,
stored, and linked in an efficient, proprietary
Document Object Model (DOM) in a binary XML
style.
- The BlackBerry Attachment Service conversion
process formats the document for the device and
converts it to Universal Content Stream (UCS) format.
This formatting is based on the request for content
(for example, page and paragraph information or
search words) and the available BlackBerry device
information (for example, screen size, display, or
available space).
5. BlackBerry Attachment Service sends data to the BlackBerry
Messaging Agent.
- The BlackBerry Attachment Service sends the UCS
data to the Messaging Agent over a TCP/IP
connection to port 2000.
6. BlackBerry Messaging Agent sends attachment to the
BlackBerry Dispatcher.
- The BlackBerry Messaging Agent sends the converted
attachment to the BlackBerry Dispatcher.
- The BlackBerry Dispatcher encrypts the first portion
of the attachment with the user encryption key from
the Configuration database, compresses it, and passes
it to the BlackBerry Router for delivery to the device.
7. BlackBerry Router sends attachment to the wireless network.
- The BlackBerry Router sends the first portion of the
attachment over port 3101 to the wireless network,
which verifies the PIN belongs to a valid BlackBerry
device registered on the wireless network.

60IPES41m12.fm
243
 RIM Education Services Administering the BlackBerry Attachment Service

8. Returns confirmation.
- The wireless network locates the device and delivers
the attachment. The device sends delivery
confirmation to the BlackBerry Dispatcher, which
passes it to the Messaging Agent. If the BlackBerry
Enterprise Server does not receive confirmation
within four hours, it resubmits the attachment data to
the wireless network.
9. Decrypts and decompresses.
- The device uses the user encryption key to decrypt
and decompress the attachment so the user can view
it by selecting a section from the table of contents or
viewing the full attachment.

60IPES41m12.fm
244
RIM Education Services Administering the BlackBerry Attachment Service

Configuring the BlackBerry Attachment

Service
Remember Use the BlackBerry Server Configuration tool to configure the
You can install the BlackBerry Attachment Service. To access this tool, select Start >
Attachment Service on a Programs > BlackBerry Enterprise Server > BlackBerry Server
separate computer to increase Configuration. When the tool opens, click the Attachment Server
scalability, architectural tab.
efficiency, and control of the
attachment service.

Using this tool, you can configure the following:

• BlackBerry Attachment Service Connector properties

• BlackBerry Attachment Server properties
• supported attachment formats and distillers
• maximum file size for a distiller

60IPES41m12.fm
245
 RIM Education Services Administering the BlackBerry Attachment Service

Configuring the Attachment Service Connector

properties
To configure the Connector properties, select Connector
Configuration from the drop down list box.

The Connector properties you can configure include the server

name, server submit port, server result port, polling time, and
supported attachment extensions. For more information on these
properties, see page 240 in the Administering the BlackBerry
Enterprise Server version 4.1 - Reference Guide.

60IPES41m12.fm
246
RIM Education Services Administering the BlackBerry Attachment Service

Configuring BlackBerry Attachment Server properties

To configure the Connector properties, select Attachment Server
from the drop down list box.

The Attachment Server properties you can configure include the

submit port, result port, configuration port, and document caching.
For more information on these properties, see page 243 in the
Administering the BlackBerry Enterprise Server version 4.1 - Reference
Guide.

60IPES41m12.fm
247
 RIM Education Services Administering the BlackBerry Attachment Service

Setting supported attachment formats and distillers

To view an attachment on the BlackBerry device, the attachment
format must be included in the Distillers Settings list and a distiller
for that format must be installed.

All supported distillers (one distiller for each supported file

format) are enabled by default. A check mark signifies the distiller
is enabled. Disabling a distiller file means any attachments in the
format converted by that distiller will not be supported. For
example, if you turn off the .pdf distiller, Adobe .pdf attachments
are no longer supported on the BlackBerry device.

Note: If you turn off a distiller, you should also remove the file extension for
documents converted by that distiller from the Format Extension field
in the Connector Configuration screen.
The following file formats are supported by default.

File extension Format

.pdf Adobe Acrobat versions 1.1, 1.2, 1.3, 1.4
.xls Microsoft Excel versions 97, 2000, 2003, XP
.pps, .ppt Microsoft PowerPoint versions 97, 2000, 2003, XP
.doc, .dot Microsoft Word versions 97, 2000, 2003, XP

60IPES41m12.fm
248
RIM Education Services Administering the BlackBerry Attachment Service

File extension Format

.wpd Corel WordPerfect versions 6.0, 7.0, 8.0, 9.0(2000)
.txt ASCII text
.html, .htm HTML
.zip ZIP archives
.bmp, .jpg, .jpeg, images
.gif, .png, .tif, .tiff
.wmf Windows Metafile
.wav, .mp3 audio

Configuring the maximum file size for a distiller

Did You Know You can also change the maximum file size for each distiller setting.
If an attachment exceeds the The recommended file size is based on the following:
defined size, the BlackBerry
device user should receive a • the number of BlackBerry device users on the BlackBerry
“Document Conversion Failed. Enterprise Server
Retry” message and an • the number of BlackBerry device users requesting
“Attachment Size Exceeds attachments
Specific Value” message
appears in the BlackBerry • the definition of a reasonable response time
Enterprise Server log file. • server hardware
• document complexity

A BlackBerry Enterprise Server environment experiencing the

following demands meets the definition of a heavy usage
environment:

• Multiple users requesting conversions for large or complex

attachments (especially .pdf and ASCII text files larger
than 2 MB).
• Multiple users requesting the same large or complex
documents in the same time frame (0 to 10 minutes) while
large conversions are being processed.
• Multiple BlackBerry device users requesting different
documents in the same time frame (0 to 10 minutes) while
large conversions are being processed.

See page 249 in the Administering the BlackBerry Enterprise Server

version 4.1 - Reference Guide for more information on the
recommended file size for each type of distiller.

60IPES41m12.fm
249
 RIM Education Services Administering the BlackBerry Attachment Service

Tips for configuring the BlackBerry Attachment

Service
• You can only modify BlackBerry Connector configuration
settings on the computer on which the BlackBerry
Enterprise Server is also installed.
• If the BlackBerry Attachment Service is installed on a
remote machine, you can only configure certain settings on
that machine. On the BlackBerry Attachment Service
machine, the BlackBerry Attachment Service server
options should be visible. On the BlackBerry Enterprise
Server, the BlackBerry Connector Configuration options
should also be visible.
• You can modify BlackBerry Attachment Service server
settings only on the computer on which you installed the
BlackBerry Attachment Service.
• The Attachment Service connects to the BlackBerry
Enterprise Server you define when you configure the
service.

60IPES41m12.fm
250
RIM Education Services Administering the BlackBerry Attachment Service

Lab - Configuring BlackBerry Attachment Service properties

The employees of your company are heavy attachment users. They

regularly send very large attachments that may cause issues with
BlackBerry users. The new BlackBerry Enterprise Server policy
states that to limit system usage, you must limit attachment sizes.

Using the information outlined in this module and the procedures

starting on page 243 in the Administering the BlackBerry Enterprise
Server version 4.1 - Reference Guide, configure the Attachment
Service as follows:

• The maximum supported image attachment size is 2000

KB.
• Microsoft Excel attachments cannot be viewed on
BlackBerry devices.
• The maximum number of documents cached by the
BlackBerry Attachment Service is 25.

60IPES41m12.fm
251
 RIM Education Services Administering the BlackBerry Attachment Service

Troubleshooting the Attachment Service

You have several different options for troubleshooting issues with
the BlackBerry Attachment Service.

Testing the BlackBerry Attachment Service

The BlackBerry Configuration Panel allows you to test whether a
remote or local attachment service is functioning.

To test the attachment server, open the BlackBerry Server

Configuration tool and click the Attachment Server tab. From the
Configuration Option drop-down list, select Test Attachment
Service.

Using the options here, you can configure a test of the Attachment
Service. See page 251 in the Administering the BlackBerry Enterprise
Server version 4.1 - Reference Guide for more information on these
options.

When you submit a test, one of the following results will occur:

• If document conversion is successful, the status bar

displays Success, and the text pane shows the first part of
the converted content.
• If document conversion is unsuccessful, an error code
appears.

60IPES41m12.fm
252
RIM Education Services Administering the BlackBerry Attachment Service

BlackBerry Attachment Service error codes

If extended logging is enabled for the Attachment Service, error
messages appear in the BlackBerry Messaging Agent log when the
BlackBerry Attachment Service fails to retrieve attachments.

See page 253 in the Administering the BlackBerry Enterprise Server

version 4.1 - Reference Guide for more information on these error
codes.

Attachment Server logs

You can review the Attachment Server specific logs. Logs will be
discussed in more detail in a later module.

Did You Know

Log identifiers can be
configured. As a result, when Log name Identifier Description
viewing these logs, the
identifier may not appear as BlackBerry Attachment ASRV • This log records the flow of
listed here. Service attachments and attachment
queries from the BlackBerry
Enterprise Server.
• This log also records data
connections to and from the
BlackBerry Enterprise Server.
BlackBerry Attachment ACNV • This log records conversion results
Conversion to the BlackBerry Attachment
Service.

Tips for troubleshooting the Attachment Service

• Verify the Attachment Service is running.
• Verify the following BlackBerry Enterprise Server services
are running:
- BlackBerry Messaging Agent service
- BlackBerry Dispatcher service
- BlackBerry Attachment service
- BlackBerry Router service
• Verify the user is using software that is version 4.0 or
higher on the BlackBerry Enterprise Server and on the
device.
• Determine if more than one user is affected. If more than
one user is affected, the issue is likely with the BlackBerry
Enterprise Server. If only one user is affected, the issue is
likely with the user configuration

60IPES41m12.fm
253
 RIM Education Services Administering the BlackBerry Attachment Service

Exercise 1: Testing the Attachment Service

To test the Attachment Service on your BlackBerry Enterprise
Server, use the three files provided by your instructor and complete
the information below.

Document 1

File name: _______________________________

Was the document conversion successful?

Yes _________ No _________

If No, what was the reason for the failure?

___________________________________________________________

___________________________________________________________

Document 2

File Name: _______________________________

Was the document conversion successful?

Yes _________ No _________

If No, what was the reason for the failure?

___________________________________________________________

___________________________________________________________

Document 3

File Name: _______________________________

Was the document conversion successful?

Yes _________ No _________

If No, what was the reason for the failure?

___________________________________________________________

___________________________________________________________

60IPES41m12.fm
254
RIM Education Services Administering the BlackBerry Attachment Service

Exercise 2: Troubleshooting Attachment Service issues

You are training a new hire on potential issues that may arise. You
have given him a list of questions he could ask a user who is having
issues opening attachments.

For each question, identify for the new hire any actions he should
take to retrieve the information needed and add a description of
why he would ask a particular question (i.e. what information he
should gain with a particular question).

Question Action Discussion

1. Are the port
settings for the
BlackBerry
Connector and
the BlackBerry
Attachment
Service
configured
consistently?
2. Is the remote
BlackBerry
Attachment
Service bound to
the correct ports?

3. Does the Format

List Extensions
contain file
extensions
associated with
an attachment
distiller that is
disabled?

4. Are there
attachment file
size restrictions
that are too
limiting?

60IPES41m12.fm
255
 RIM Education Services Administering the BlackBerry Attachment Service

Review questions

1. Fill in the description of the following two Attachment Service

components.

Component Description
BlackBerry
Connector
BlackBerry
Attachment Server

2. True or False? The BlackBerry Connector can only be installed

on the BlackBerry Enterprise Server. The BlackBerry
Attachment Server can be installed on either the BlackBerry
Enterprise Server or a remote machine.
3. For each of the following ports, identify its purpose.

Port Description
1900
1999
2000

4. When you disable a distiller file,

a. attachments are no longer viewable on the device.
b. any attachments in the format converted by that distiller
will no longer be supported.
c. the distiller file can only be added to the server again by
stopping and restarting the Attachment Services service.
d. you must restart the BlackBerry Enterprise Server.

60IPES41m12.fm
256
RIM Education Services Administering the BlackBerry Attachment Service

5. Enter the steps required to open the BlackBerry Server

Configuration tool and test the Attachment Service on
server03, on server port 1900, on configuration port 1999, and
with an output format of text.
1.
2.
3.
4.
5.
6.
7.
8.

60IPES41m12.fm
257
 RIM Education Services Administering the BlackBerry Attachment Service

Module summary

Objective Summary
Describe the The BlackBerry Attachment Service is a component
BlackBerry of the BlackBerry Enterprise Server which converts
Attachment Service. email message attachments into a format users can
view on their devices. It uses a proprietary data
format to interpret, convert, and preserve the format
of these attachments.

See “About the BlackBerry Attachment Service” on

page 238.
Describe the network The BlackBerry Attachment Service consists of the
architecture of the following two components:
BlackBerry • BlackBerry Connector
Attachment Service.
• BlackBerry Attachment Server
See “BlackBerry Attachment Service network
architecture” on page 241.
Configure the Use the BlackBerry Attachment Service
BlackBerry Configuration tool to configure the BlackBerry
Attachment Service. Attachment Service.

Using this tool, you can configure the following:

• BlackBerry Attachment Service Connector
properties
• BlackBerry Attachment Server properties
• supported attachment formats
• supported distillers
• maximum file size for a distiller

See “Configuring the BlackBerry Attachment Service”

on page 245.
Troubleshoot issues See “Troubleshooting the Attachment Service” on
with the BlackBerry page 252.
Attachment Service.

60IPES41m12.fm
258
Module 13: Administering the BlackBerry
MDS Connection Service
This module introduces the BlackBerry Mobile Data System™ and
the BlackBerry MDS Connection Service. It also describes how to
manage and configure the BlackBerry MDS Connection Service.

Objectives
• Introduce the BlackBerry Mobile Data System.
• Describe how data flows through the BlackBerry MDS
Connection Service.
• Describe how to manage the BlackBerry MDS Connection
Service.
• Troubleshoot issues with the Blackberry MDS Connection
Service.
 RIM Education Services Administering the BlackBerry MDS Connection Service

Introducing BlackBerry Mobile Data

System
The BlackBerry Mobile Data System (MDS) version 4.1 is the next
generation of BlackBerry Mobile Data Service version 4.0.
BlackBerry MDS version 4.1 uses standards-based integration
methods to mobilize enterprise applications and back-end systems,
including XML Web Services, Simple Object Access Protocol
(SOAP), and Web Services Description Language (WSDL). This
allows software to interoperate, regardless of programming
language, platform, or operating system.

BlackBerry MDS architecture

BlackBerry MDS is divided into the following three areas:

• BlackBerry MDS developer tools

BlackBerry MDS is capable of producing feature-rich
applications and providing a device-friendly interface to
corporate data servers, corporate Intranet and public
Internet content. These applications are developed with
the following three tools:
- BlackBerry MDS Studio
- BlackBerry Java Developer Environment
- Browser Development Tools
• BlackBerry device MDS software
BlackBerry devices are capable of running MDS v4.1
applications and displaying the feature-rich content they
provide. The following items must be installed on the
device:
- BlackBerry MDS Runtime
- BlackBerry Java Virtual Machine
- BlackBerry Browser

60IPES41m13.fm
260
RIM Education Services Administering the BlackBerry MDS Connection Service

• BlackBerry Enterprise Server

BlackBerry MDS consists of five services on the BlackBerry
Enterprise Server.BlackBerry MDS consists of five services
on the BlackBerry Enterprise Server.

Service Description
BlackBerry MDS • It accepts and responds to push requests from
Connection Service server-side push applications that reside
behind the corporate firewall.
• It uses standard Internet protocols such as
HTTP or TCP/IP.
BlackBerry MDS • It supports web services and other standard
Application mechanisms for integrating wireless
Integration Service applications with existing enterprise
applications and systems.
• It manages the transmission of application
data messages between BlackBerry MDS and
data sources.
BlackBerry MDS • It controls which BlackBerry MDS applications
Provisioning Service users can download to BlackBerry devices.
• It supports application discovery from a
BlackBerry device.
• It manages wireless transmission and use on
BlackBerry devices.
BlackBerry MDS Data • It converts existing server-side content and
Optimization Service data for efficient wireless transmission and use
on BlackBerry devices.
BlackBerry MDS • It centralizes the application lifecycle
Administrative and management, including the following:
Management Service • centralized push installation
• upgrade
• removal

60IPES41m13.fm
261
 RIM Education Services Administering the BlackBerry MDS Connection Service

A conceptual overview of BlackBerry MDS is as follows:

The BlackBerry MDS components diagram is as follows:

The remainder of this module will focus on the configuration and

administration of BlackBerry MDS Connection Services. For more
information on the remaining services, refer to the BlackBerry
Technical Knowledge Center.

60IPES41m13.fm
262
RIM Education Services Administering the BlackBerry MDS Connection Service

BlackBerry MDS Connection Service

The BlackBerry MDS Connection Service provides the BlackBerry
Browser and third party Java applications with access to the
Internet and online corporate data and applications.

The BlackBerry MDS Connection Service uses the same encryption

standard that is used for email messages and other BlackBerry
data. It performs the following major functions for the BlackBerry
Enterprise Server:

• pull requests
• push requests
• authentication
• access control

Pull requests
BlackBerry MDS Connection Service manages BlackBerry Browser
and Java application requests to provide BlackBerry device
applications with secure access to HTTP, HTTPS, or TCP content
on the Internet or intranet.

60IPES41m13.fm
263
 RIM Education Services Administering the BlackBerry MDS Connection Service

Pull request data flow

The following occurs when a user opens the BlackBerry Browser on
the BlackBerry device. As your instructor discusses the data flow,
add the appropriate lines and numbers to the diagram.

1. Content request
- A user requests intranet or Internet content on the
device.
- The request is routed using the IPPP service book
over port 3101 to the BlackBerry Enterprise Server on
which the BlackBerry device user’s account resides.
The BlackBerry Enterprise Server sends the request to
the BlackBerry MDS Connection Service over port
3200.
2. Retrieves content
- The BlackBerry MDS Connection Service creates an
HTTP session for the user and attempts to retrieve the
requested content from the application server.
3. Submits content
- Once the content is retrieved, the BlackBerry MDS
Connection Service converts the content for viewing
on the device and sends it to port 3200 on the
BlackBerry Enterprise Server.

60IPES41m13.fm
264
RIM Education Services Administering the BlackBerry MDS Connection Service

4. Encrypts and compresses

- The BlackBerry Dispatcher encrypts the content with
the user's encryption key from the Configuration
database, compresses it, and sends it to the
BlackBerry Router for delivery to the device.
5. Sends to the wireless network
- The BlackBerry Router sends the content over port
3101 to the wireless network, which verifies the PIN
belongs to a valid device registered on the wireless
network.
6. Returns confirmation
- The wireless network locates the device and delivers
the content. The device sends a delivery confirmation
to the BlackBerry Router. If the BlackBerry MDS
Connection Service does not receive the confirmation
within the flow control timeout limit, it sends a
cancellation to the wireless network for the pending
content.
7. Arrives on the device
- The device decrypts and decompresses the content so
the user can view it. The appropriate BlackBerry
application detects the supported content and
displays it.

60IPES41m13.fm
265
 RIM Education Services Administering the BlackBerry MDS Connection Service

Attachment request data flow

The following occurs when a user requests an attachment from the
BlackBerry Browser on the device. As your instructor discusses the
data flow, add the appropriate lines and numbers to the diagram.

1. Content request
- A user requests a link from a web page using the
Browser on the device. The supported document
types include Microsoft Word, Microsoft Excel,
Microsoft PowerPoint, Adobe PDF, Corel
WordPerfect, and ASCII text.
- The BlackBerry device looks up the IPPP service book
for the routing information to the BlackBerry
Enterprise Server.
2. Delivered to the BlackBerry Infrastructure
- The request is compressed and encrypted, and then
transmitted to the wireless network. The wireless
network then delivers the request to the BlackBerry
Infrastructure.

60IPES41m13.fm
266
RIM Education Services Administering the BlackBerry MDS Connection Service

3. Delivered to the BlackBerry Enterprise Server

- The BlackBerry Infrastructure checks the routing
information and tries to deliver the request to the
appropriate BlackBerry Enterprise Server.
4. BlackBerry Router
- The BlackBerry Router receives the request and
delivers it to the BlackBerry Dispatcher which
maintains the connection for the SRP ID.
5. Decrypts and decompresses
- The BlackBerry Dispatcher decrypts and
decompresses the request and forwards it to the
BlackBerry MDS Connection Service.
6. Link downloaded
- The BlackBerry MDS Connection Service receives the
request and downloads the data from the application
server. Once completely downloaded, the request is
forwarded to the BlackBerry Attachment Service.
7. Conversion
- The BlackBerry Attachment Service converts the
request to a format that can be read by the device and
compresses it. Average compression rates are
approximately 90%.
8. Content sent to the BlackBerry Router
- The BlackBerry MDS Connection Service sends the
content to the BlackBerry Dispatcher.
- The BlackBerry Dispatcher compresses the content,
encrypts it with the user's encryption key from the
Configuration database, and sends it to the
BlackBerry Router for delivery to the device.
9. Content sent to the wireless network
- The BlackBerry Router sends the content over port
3101 to the wireless network, which verifies the PIN
belongs to a valid device registered on the wireless
network.
10. Displayed
- Once 2 to 3 kB of information have been delivered to
the device, it is decrypted and decompressed. The
Attachment Viewer displays the content for the user.
By default, the maximum BlackBerry MDS supported
file size is 250 kB.

60IPES41m13.fm
267
 RIM Education Services Administering the BlackBerry MDS Connection Service

Push requests
Did You Know The BlackBerry MDS Connection Service accepts and responds to
Only one BlackBerry push requests from a server-side push application provided the
Enterprise Server with application server is behind the corporate firewall. It permits
BlackBerry MDS Connection applications to do the following:
Service can be designated as a
BlackBerry MDS Push Server. • Push data based on the recipient’s email address.
• Push data to custom BlackBerry device applications or to
the BlackBerry Browser, browser cache, or message list.
• Define the length of time that push data persists.

Did You Know To do this, you must define a BlackBerry MDS Push Server. This
For browser content server manages data sent from the corporate server via custom
development information, see push applications to one or more specified devices. The BlackBerry
the BlackBerry Wireless MDS Push Server accesses the same configuration database settings
Handheld Browser 4.0 as the other BlackBerry Enterprise Servers. It can look up device
Content Developer Guide, and information (for instance, which BlackBerry Enterprise Server the
the BlackBerry Browser 4.0 specified BlackBerry device resides on, PIN, and other information)
Feature and Technical to redirect content to the appropriate BlackBerry Enterprise Server.
Overview. Both documents are The server then forwards the content to the recipient.
available from the BlackBerry
Technical Knowledge Center. The server can limit the scope of custom applications for
developers and administrators so each custom push application
only ever needs to communicate with one BlackBerry Enterprise
Server with BlackBerry MDS enabled.

60IPES41m13.fm
268
RIM Education Services Administering the BlackBerry MDS Connection Service

Push request data flow

The following occurs when a custom push application tries to send
data to the device. As your instructor discusses the data flow, add
the appropriate lines and numbers to the diagram.

1. Sends request
- A custom push application which resides on the
application server behind the corporate firewall sends
an HTTP POST request to the BlackBerry MDS
Connection Service central push server over the web
server listen port (default 8080). The application
specifies the BlackBerry Enterprise Server host name
and the BlackBerry MDS Connection Service web
server connection listen port.
2. Configuration database lookup
- The central BlackBerry MDS Service push server
checks the Configuration database for the following
information about the recipients defined in the push
application:
- the BlackBerry Enterprise Server on which the
user’s account resides
- the PIN associated with the recipient’s email
address
- whether the recipient’s account is enabled

60IPES41m13.fm
269
 RIM Education Services Administering the BlackBerry MDS Connection Service

3. Returns response
- The BlackBerry MDS Connection Service responds to
the push application to acknowledge it is processing
the request. It then closes the connection.
4. Routes to recipients
- The central BlackBerry MDS Service push server
routes the content to the push server connection listen
port (default 8080).
5. Content sent to the BlackBerry Router
- The BlackBerry MDS Connection Service sends the
content to the BlackBerry Dispatcher.
- The BlackBerry Dispatcher compresses the content,
encrypts it with the user's encryption key from the
Configuration database, and sends it to the
BlackBerry Router for delivery to the device.
6. Content sent to the wireless network
- The BlackBerry Router sends the content over port
3101 to the wireless network, which verifies the PIN
belongs to a valid device registered on the wireless
network.
7. Returns confirmation
- The wireless network locates the device and delivers
the content. The device sends a delivery confirmation
to the BlackBerry Enterprise Server. If the BlackBerry
MDS Connection Service does not receive
confirmation within the flow control timeout limit, it
sends a cancellation to the wireless network for the
pending content.
8. Detects content
- The device application listens on the port number
specified in the push application (for example, the
BlackBerry Browser listens for push application
connections on port 7874). It detects the inbound
content and displays it when the user invokes it.

Authentication
BlackBerry MDS Connection Service is viewed as a Virtual Private
Network connection to corporate intranets and application servers.
BlackBerry users are required to authenticate before accessing
corporate intranet content.

60IPES41m13.fm
270
RIM Education Services Administering the BlackBerry MDS Connection Service

The following corporate sign-on authentication schemes are

supported:

• Basic Authentication
• NT LAN Manager (NTLM)
• Lightweight Third-Party Authentication (LTPA)
• Kerberos
• Two factor Authentication (RSA SecurID)

Two factor Authentication (RSA SecurID)

The service has been upgraded to support RSA SecurID
authentication as an additional layer of authorization to access
content served by BlackBerry MDS Connection Service. Support for
this method includes Authentication, New PIN mode, and Next
token mode.

Two factor authentication includes the following limitations:

• When the BlackBerry MDS restarts, all users must log in

again to authenticate with the BlackBerry Enterprise
Server.
• SecurID authentication is supported in the Internet
Protocol Proxy Protocol (IPPP) layer. All BlackBerry MDS
related applications must use IPPP to make use of SecurID
authentication.
• Authentication is device-based in BlackBerry MDS. As a
result, the device remains authenticated even if given to a
different user before the timeout occurs.

Optionally, the service can also proxy user credentials as well as

cache cookies for the period of time you define.

Access Control
The BlackBerry MDS Connection Service assigns roles to the
devices and push initiators that control activity through BlackBerry
MDS Connection Service. You can do the following:

• Limit the push requests from push initiators to specific

users.
• Restrict the servers the users can access.

60IPES41m13.fm
271
 RIM Education Services Administering the BlackBerry MDS Connection Service

Accessing corporate data

The BlackBerry MDS Connection Service works with both pull and
push-based applications to provide users with web content and
corporate data on their devices.

The three common request types are as follows.

Source Push/Pull Example

Browser Pull • HTML web content request
Custom enterprise or Pull • Requests for corporate data
third-party application from back-end databases
• Intranet content
Custom Enterprise or Push • Database updates, such as
third-party independent inventory changes pushed to
software vendor (ISV) BlackBerry devices
• Custom browser pages
pushed to BlackBerry devices

60IPES41m13.fm
272
RIM Education Services Administering the BlackBerry MDS Connection Service

What you can access wirelessly

The BlackBerry MDS Connection Service takes advantage of the
existing BlackBerry Enterprise Server architecture to allow
BlackBerry device users to access data wirelessly. This data
includes the following:

• Custom corporate databases and intranet resources

• Network and Systems management
• HTML web content, including URL links to supported
document types
• Customer Relationship Management (CRM) information
- Customer contact information
- Appointment history
- Customer contact (email, phone calls, etc.) history
- Customer notes
- Email and other customer contact history
• Enterprise Resource Planning (ERP) applications
- Expense reporting and time sheets
- Inventory look-up
- Sales order status and details
• Corporate reports
- Reports can be pushed out to BlackBerry device users
for immediate access

60IPES41m13.fm
273
 RIM Education Services Administering the BlackBerry MDS Connection Service

Discussion: MDS implementation

With your instructor, brainstorm possible BlackBerry MDS
solutions.

Use/Implementation Description
Weather Given a specific location, display the current
weather conditions, and weather forecast.

Note: You can find a reference to third-party application developers from the
BlackBerry Partner Solutions page. This page is available at
www.BlackBerry.com/ThirdParty.

60IPES41m13.fm
274
RIM Education Services Administering the BlackBerry MDS Connection Service

Disabling BlackBerry MDS Connection

Service
Did You Know By default, the BlackBerry MDS Connection Service is enabled on
When the BlackBerry MDS the server and for all groups and users. You can disable it at the
Connection Service is server level and at the group or user level.
disabled, the BlackBerry
Collaboration Service is At the server level, click the Mobile Data Services tab and select
disabled as well. Both are Stop Service.
considered external services.

At the group or user level, select the group or user and click
Disable MDS and IM Access from the Service Access task menu.

60IPES41m13.fm
275
 RIM Education Services Administering the BlackBerry MDS Connection Service

Configuring the BlackBerry MDS

Connection Service
To access the statistics and properties for the BlackBerry MDS
Connection Service, select a server in the Explorer view and click
the Mobile Data Services tab.

From here, you can view statistics on the BlackBerry MDS

Connection Service in the lower part of the screen. You can also
configure various properties for it by clicking Edit Properties to
open the MDS Properties dialog box.

The following options are available for configuration from the

BlackBerry MDS Connection Service properties window.

Option Description
General It allows you to view connection information and
configure ports for BlackBerry MDS Connection
Service flow control. The host name and port cannot
be edited.
Local Access Control It allows you to control the traffic to and from
BlackBerry MDS Connection Service. The option
provides you with more granular control of
BlackBerry device users accessing content via either
a pull or push model.

60IPES41m13.fm
276
RIM Education Services Administering the BlackBerry MDS Connection Service

Option Description
HTTP It allows you to define how BlackBerry MDS
Connection Service handles authentication, cookie
storage, timeouts and redirects.
Proxy It allows you to define how BlackBerry MDS
Connection Service uses a proxy server for
communication with an intranet. This option allows
companies to use normal web filtering rules for
external URLs and allows BlackBerry device users to
access the intranet.
LDAP It allows you to define the LDAP server settings and
defines how to handle query requests. Use the LDAP
option to configure LDAP parameters if LDAP
queries are to be made from the BlackBerry device.
OCSP It allows you to configure certificate handling and
defines how to handle OCSP responders.
TLS/HTTPS It allows you to configure security for BlackBerry
MDS Service connections. This option contains
settings that define whether BlackBerry MDS
Connection Service should encrypt requests that are
sent to untrusted servers using either HTTPS or TLS.
Push/PAP It allows you to define how BlackBerry MDS
Connection Service handles push requests and
submissions using PAP. Using this option, set push
submissions settings can be set as follows:
• store push submissions in the database
• purge submissions older than the specified
time
• set the time between operations
RSA Authentication It allows you to configure RSA SecurID two factor
authentication.
Stats It allows you to define how BlackBerry MDS
Connection Service should gather statistics such as:
• size of history in days
• length of interval
• how often to save history
• how long to keep history
Logs It allows definition of the log detail level.

60IPES41m13.fm
277
 RIM Education Services Administering the BlackBerry MDS Connection Service

Configuring RSA authentication

The BlackBerry MDS Connection Service contains an entry in the
properties field to configure RSA SecurID two factor
authentication.

60IPES41m13.fm
278
RIM Education Services Administering the BlackBerry MDS Connection Service

Configuring BlackBerry MDS Connection

Service proxy settings
A proxy server can limit an organization’s outside visibility to a
single IP address, as well as optimizing network resources by
caching commonly requested pages.

The BlackBerry MDS Connection Service can be configured to use a

specific proxy server when a BlackBerry user accesses a specific
URL from the device.

The following BlackBerry MDS Connection Service properties are

recommended steps to configure BlackBerry MDS Connection
Service to use a proxy server:

• Configure proxy server settings

• Assign a URL to a proxy server (or group of proxy servers)
• Configure a URL to bypass the proxy server

Configure proxy server settings

If the BlackBerry MDS Connection Service is linked to a corporate
proxy, specified internal URLs can be routed directly to bypass the
corporate proxy. Companies can then use normal web filtering
rules for external URLs and also allow BlackBerry users to access
the intranet. Previously, this functionality could only be done by
using Proxy Auto-Config (PAC) files.

Proxy server settings are available in the MDS Properties dialog

box by selecting the Proxy property.

60IPES41m13.fm
279
 RIM Education Services Administering the BlackBerry MDS Connection Service

To configure the proxy server, set the following options.

Option Description
Host Name It specifies the host name or IP address for the URL.
Port It specifies the port number for the URL.
SSL Port It specifies the proxy SSL port number for the URL.
This is optional (if supported by your proxy server)
and specifies the BlackBerry device’s connection to
an HTTPS site through an end-to-end TLS
connection.

Assign a URL to a proxy server

In order to meet the organization’s network configuration, it may
be necessary to assign a URL to a proxy server (or a group of proxy
servers). In the MDS Properties dialog box, set the HTTP Proxy
Enabled option to True.

The following information will be required for configuration:

• Host name and/or the IP address for the default proxy

server
• Port number for the default proxy server
• URL path name

Configure a URL to bypass the proxy server

It may be necessary to bypass a certain URL to avoid the traffic
going through the proxy server, such as the corporate internal
resources.

60IPES41m13.fm
280
RIM Education Services Administering the BlackBerry MDS Connection Service

Configuring BlackBerry MDS Connection

Service access rules
BlackBerry Enterprise Server administrators can control which
application servers are allowed to push content to BlackBerry
devices, as well as control the application servers that a BlackBerry
user can access using BlackBerry MDS Connection Service. This
functionality provides administrators with more control over
content BlackBerry device users’ can access via either a pull or push
model.

To do this, you need to create a rule that will deny access to a

specific URL. As a first step, you must create the rule that will deny
access to the specified URL and then you will add BlackBerry
device users to that rule.

60IPES41m13.fm
281
 RIM Education Services Administering the BlackBerry MDS Connection Service

Lab - Configuring BlackBerry MDS Connection Service properties

Using the information in this module and the procedures starting

on page 256 in the Administering the BlackBerry Enterprise Server
version 4.1 - Reference Guide, do the following:

1. The corporate policy for web browsing restricts access to the

Internet. Users are only able to access the intranet. Create a
Mobile Data Service access rule to restrict users to the intranet.
2. The Executive group has made themselves exempt from the
corporate web policy. Create an access role for the Executive
group that enables them to get to any web site.
3. To ensure the Sales group's devices are only used for business
purposes, it has been decided the Sales group will not have
access to the BlackBerry Browser. As a result, you need to
disable MDS for the Sales group.

60IPES41m13.fm
282
RIM Education Services Administering the BlackBerry MDS Connection Service

Troubleshooting BlackBerry MDS

Connection Service issues
To troubleshoot issues with the BlackBerry MDS Connection
Service, you can enable logging from the MDS Properties dialog
box.

Parameter Description
SRP logging enabled This parameter determines if activity on the SRP
network layer is recorded. The default value is True.
IPPP logging enabled This parameter determines if activity on the IPPP
network layer is recorded. The default value is True.
UDP logging enabled This parameter determines if activity on the UDP
network layer is recorded. The default value is True.
GME logging enabled This parameter determines if activity on the GME
network layer is recorded. The default value is True.
HTTP logging enabled This parameter determines if HTTP headers of the
response message are recorded in the log files.
Response messages are sent from the web server
when users retrieve content from the Internet and
corporate Intranet. The default value is False.
Verbose HTTP logging This parameter determines if HTTP headers and the
enabled body of the response message are recorded in the
log files. The default value is False.

60IPES41m13.fm
283
 RIM Education Services Administering the BlackBerry MDS Connection Service

Parameter Description
TLS logging enabled This parameter determines if activity is recorded
when encrypted data is sent to and from the origin
web server using Transport Layer Security (TLS). The
default value is False.
OCSP logging This parameter determines if activity is recorded
enabled when retrieving the certificate revocation status from
the Online Certificate Status Proocol IOCSP) server.
The default value is False.
LDAP logging This parameter determines if requests to access a
enabled user profile or certificate from the LDAP directory are
recorded. The default value is False.
CRL logging enabled This parameter determines if activity is recorded
when downloarding certificate revocation lists from
the CRL servers. The default value is False.
PGP logging enabled This parameter determines if activity is recorded
when downloarding certificate revocation lists from
the PGP servers. The default value is False.

60IPES41m13.fm
284
RIM Education Services Administering the BlackBerry MDS Connection Service

Exercise 1: Troubleshooting BlackBerry MDS Connection

Service issues
You are preparing a job aid to give to employees new to the
Information Technology team. This job aid contains questions
relating to issues with the BlackBerry MDS Connection Service.
You add information on any actions the employee would need to
take to retrieve the information needed and a description of why
the question is relevant.

1. Is the BlackBerry MDS Connection Service connected to the

BlackBerry Enterprise Server?

Action:

Discussion:

60IPES41m13.fm
285
 RIM Education Services Administering the BlackBerry MDS Connection Service

2. Is BlackBerry MDS Connection Service enabled on the

BlackBerry Enterprise Server, the BlackBerry device user
account, and the BlackBerry device?
Action:

Discussion:

3. Is proxy configuration required in the BlackBerry device user’s

environment?
Action:

Discussion:

60IPES41m13.fm
286
RIM Education Services Administering the BlackBerry MDS Connection Service

4. Are BlackBerry device users blocked from accessing a specific

site?
Action:

Discussion:

60IPES41m13.fm
287
 RIM Education Services Administering the BlackBerry MDS Connection Service

Review questions

1. Which of the following statements best describes the

BlackBerry MDS Connection Service? (Select all that apply.)

a. It allows administrators to control which application

servers are allowed to push content to BlackBerry devices.
b. It allows specific URLs to be directly routed, bypassing the
corporate proxy.
c. It allows companies to use normal web filtering rules for
external URLs.
d. It allows BlackBerry device users to access a corporate
intranet.

2. The BlackBerry MDS Connection Service supports which of the

following authentication schemes? (Select all that apply)

a. Basic
b. Biometric
c. Kerberos
d. LTPA
e. NTLM
f. Smart Card

3. List three questions you might ask if a BlackBerry device user

was experiencing a BlackBerry MDS Connection Service issue.

60IPES41m13.fm
288
RIM Education Services Administering the BlackBerry MDS Connection Service

Module summary

Objective Summary
Introduce BlackBerry BlackBerry Mobile Data System version 4.1 is the
Mobile Data System. next generation of BlackBerry Mobile Data Service
version 4.0 to mobilize data and applications.

See “Introducing BlackBerry Mobile Data System” on

page 260.
Describe how data • See “Pull request data flow” on page 264.
flows through the • See “Attachment request data flow” on
BlackBerry MDS page 266.
Connection Service.
• See “Push request data flow” on page 269.
Describe how to BlackBerry MDS Connection Service can be enabled
manage the and disabled at the server, group, or user level.
BlackBerry MDS
Connection Service. See “Disabling BlackBerry MDS Connection Service”
on page 275.
Troubleshoot issues See “Troubleshooting BlackBerry MDS Connection
with the BlackBerry Service issues” on page 285.
MDS Connection
Service.

60IPES41m13.fm
289
 RIM Education Services Administering the BlackBerry MDS Connection Service

60IPES41m13.fm
290
Module 14: Administering the BlackBerry
Collaboration Service
This module describes the BlackBerry Collaboration Service which
provides the instant messaging functionality to the BlackBerry
Enterprise Server.

Objectives
• Describe the BlackBerry Collaboration Service.
• Describe how data flows through the BlackBerry
Collaboration Service.
• Describe how to manage the BlackBerry Collaboration
Service.
 RIM Education Services Administering the BlackBerry Collaboration Service

About the BlackBerry Collaboration

Service
Did You Know The BlackBerry Collaboration Service provides instant messaging
BlackBerry devices running services to the BlackBerry Enterprise Server and BlackBerry
version 3.8 or higher assigned wireless devices. The following instant messaging solutions are
to a BlackBerry Enterprise supported on the BlackBerry Enterprise Server:
Server version 4.1 will support
instant messaging. • Microsoft Live Communications Server (LCS)
• IBM Sametime
• Novell GroupWise Messenger

When installing these solutions, only one solution can be installed

at a time on the BlackBerry Enterprise Server and on each device.

The instant messaging solutions consist of the following:

Component Description
BlackBerry • The BlackBerry Collaboration Service is the
Collaboration Service server-side component of the instant messaging
solutions.
• It connects the BlackBerry Enterprise Server with
the Instant Messaging Server (Microsoft LCS,
IBM Sametime, or Novell GroupWise Messenger)
to provide communication between the two.
• The BlackBerry Collaboration Service
communicates with the Instant Messaging Server
using the public APIs and protocols defined by
Microsoft, IBM, and Novell.
Instant Messaging The Microsoft LCS, IBM Sametime, or Novell
clients GroupWise Messenger client software is included on
the CD with the BlackBerry Enterprise Server software.

Once the BlackBerry Collaboration Service is installed,

the administrators can push the client components out
over the air to specific users or groups of users.

Instant messages are converted to a Research In Motion®

proprietary protocol for transport between the BlackBerry
Enterprise Server and the BlackBerry device. Since the BlackBerry
Collaboration Service is built on the BlackBerry MDS
infrastructure, all messages sent between the BlackBerry Enterprise
Server and the device are AES or Triple DES encrypted.

60IPES41m14.fm
292
RIM Education Services Administering the BlackBerry Collaboration Service

BlackBerry Collaboration Service data flow

The Collaboration system controls how data flow occurs when a
user is using instant messaging on their device.

Start an instant messaging session on a BlackBerry device

As your instructor discusses the data flow, add the appropriate
lines and numbers to the diagram.

1. Log in to the instant messaging application.

- A user logs in to the instant messaging application on
their BlackBerry device. The BlackBerry device
compresses and encrypts the user ID and password.
They are then sent using the BBIM service book
through port 3101 on the firewall to the BlackBerry
Router and the BlackBerry Dispatcher.
2. BlackBerry Dispatcher sends the request to the
BlackBerry Collaboration Service.
- The BlackBerry Dispatcher forwards the request to
the BlackBerry Collaboration Service using port 3200.
If the BlackBerry Collaboration Service is located on a
remote computer, the request remains compressed
and encrypted using a RIM-proprietary protocol.

60IPES41m14.fm
293
 RIM Education Services Administering the BlackBerry Collaboration Service

3. BlackBerry Collaboration Service checks for available

sessions.
- The BlackBerry Collaboration Service reads the
Configuration database to check if the maximum
number of sessions has been reached. If the number
has been reached, it performs one of the following
actions:
- If the configured maximum number of sessions or
timeout limit is reached, it logs out idle sessions.
- If there are no idle sessions, it sends a Server Busy
(309) status message to the BlackBerry device and
rejects the login request.
- If the number of sessions equals the number of
sessions supported by the instant messaging API,
it sends a Failed (300) status message to the
BlackBerry device and rejects the login request.
Note: A more descriptive, localized status message appears on the
BlackBerry device.
4. BlackBerry Collaboration Service checks the user’s
access.
- The BlackBerry Collaboration Service reads the
Configuration database to check if the user has
permission to use instant messaging services.
5. BlackBerry Collaboration Service connects to the instant
messaging server.
- Microsoft LCS: The BlackBerry Collaboration Service
places the request in the local queue for the Microsoft
LCS connector. The Microsoft Messaging Queueing
(MSMQ) software version 3.0 running on the Instant
Messaging server sends the request in Extensible
Messaging and Presence Protocol (XMPP) format
over an encrypted TLS connection to the Microsoft
LCS connector.
- IBM Sametime: The BlackBerry Collaboration Service
starts an encrypted proxy connection over TCP/IP
using the Sametime APIs, reformats the request from
the RIM-proprietary protocol format into one the
Sametime API supports, and sends the request. By
default, the BlackBerry Collaboration Service starts
this connection using port 1533, but you can specify a
custom port.
- Novell GroupWise Messenger: The BlackBerry
Collaboration Service starts an encrypted (SSL) proxy
connection over TCP/IP using the GroupWise APIs,
reformats the request from the RIM-proprietary

60IPES41m14.fm
294
RIM Education Services Administering the BlackBerry Collaboration Service

protocol format into one the GroupWise Messenger

supports, and sends the request.
6. Instant Messenging server accepts the connection.
Did You Know - Microsoft LCS: The Microsoft LCS connector creates
An enterprise level certificate a connection. It then creates an RTC client object for
is required to use the TLS the session, which maintains an open TLS connection
transportation protocol. between the instant messaging application and the
Microsoft LCS for the duration of the session. TLS is
the default transport protocol. You can set TCP as the
transport protocol, but TCP requires more dedicated
connections for each session, so fewer sessions are
supported.
The Microsoft LCS connector returns the acceptance,
with the RTC client object to the local queue on the
Collaboration Service.
- IBM Sametime: The IBM Sametime server accepts the
connection.The IBM Sametime server accepts the
login request from the BlackBerry device. The IBM
Sametime server starts a dedicated TCP/IP
connection for the session and starts listening for
requests from the BlackBerry device for the session.
- Novell GroupWise Messenger: The GroupWise
Messenger server accepts the connection and accepts
the login request from the BlackBerry device. The
GroupWise Messenger starts a dedicated TCP/IP
connection for the session and starts listening for
requests from the BlackBerry device for the session.
7. BlackBerry Collaboration Service returns the acceptance
to the BlackBerry device.
- The BlackBerry Collaboration Service returns the
acceptance in encrypted and compressed format
through the BlackBerry Dispatcher to the BlackBerry
device. It creates a cache of the connectivity
information to sustain the session for the user.
8. The user’s session is active.
- The user can now start a conversation, set availability
status, or synchronize their contact list.

60IPES41m14.fm
295
 RIM Education Services Administering the BlackBerry Collaboration Service

Managing the BlackBerry Collaboration

Service
You can manage the BlackBerry Collaboration Service using the
BlackBerry Manager.

Enabling and disabling the BlackBerry Collaboration

Service
Did You Know By default, BlackBerry Collaboration Service is enabled for all
Disabling BlackBerry MDS groups and all users. You can enable or disable BlackBerry
Services for a group or user Collaboration Service at the group or user level using the Service
also disables the BlackBerry Access task menu.
Collaboration Service for that
user. Select the group or user in the list and click Disable MDS and IM
Access to disable the service.

60IPES41m14.fm
296
RIM Education Services Administering the BlackBerry Collaboration Service

Configuring the BlackBerry Collaboration Service

To access the statistics and properties for the BlackBerry
Collaboration Service, select a server in the Explorer view and click
the Instant Messaging Services tab.

From here, you can view statistics on the BlackBerry Collaboration

Service in the lower part of the screen. You can also configure
various properties for them by clicking Edit Properties to open the
Instant Messaging Properties dialog box.

60IPES41m14.fm
297
 RIM Education Services Administering the BlackBerry Collaboration Service

Did You Know When configuring the BlackBerry Collaboration Service, you may
When you change the want to look at the following options.
configuration of the
BlackBerry Collaboration Option Description
Service, you do not need to
restart the service for the Inactivity timeout This option sets the maximum time in milliseconds
change to take effect. At this that an Instant Messaging session can be inactive
time, the Instant Messaging before it is ended.
proxy server will log all users Idle timeout This option sets the maximum device idle time in
out and log them back in with seconds before a timeout occurs. The default is
the new configuration. 86,400 seconds.
Maximum It controls the maximum number of simultaneous
Simultaneous instant message sessions per user. The default is
Sessions 2000.

Troubleshooting tips
• To view the statistics associated with the BlackBerry
Collaboration Service, select a server in the Explorer view
and click the Instant Messaging Services tab. From here,
you can view statistics on the BlackBerry Collaboration
Service in the lower part of the screen.
• If you need to troubleshoot an issue, you can click the
Clear Statistics option.

• In the Instant Messaging Properties dialog box, you can

use the Logs property to enable logging for the BlackBerry
Collaboration Service.

60IPES41m14.fm
298
RIM Education Services Administering the BlackBerry Collaboration Service

Review questions

1. True or False? Three instant messaging services can be

installed on the BlackBerry Enterprise Server at the same time.
2. True orFalse? It is possible to integrate up to five Instant
Messaging profiles (email addresses) when using Instant
Messaging on your device.
3. List and describe the two components of the BlackBerry
Collaboration Service.

60IPES41m14.fm
299
 RIM Education Services Administering the BlackBerry Collaboration Service

Module summary

Objective Summary
Describe the The BlackBerry Collaboration Service provides
BlackBerry instant messaging services to the BlackBerry
Collaboration Service. Enterprise Server and BlackBerry wireless devices.
The following instant messaging solutions will be
supported:
• Microsoft LCS
• IBM Sametime
• GroupWise Messenger

See “About the BlackBerry Collaboration Service” on

page 292.
Describe how The Collaboration system controls how data flow
messages flow occurs when a user is using an instant messenger on
through the their device.
BlackBerry
Collaboration Service. See “BlackBerry Collaboration Service data flow” on
page 293.
Describe how to To access statistics and properties for the Instant
manage the Messaging Services, select a server in the Explorer
BlackBerry view and click the Instant Messaging Services tab.
Collaboration Service.
See “Managing the BlackBerry Collaboration Service”
on page 296.

60IPES41m14.fm
300
Module 15: Troubleshooting the
BlackBerry Enterprise Server
This module describes how to monitor and troubleshoot the
BlackBerry Enterprise Server. It talks about the BlackBerry
Enterprise Server logs, troubleshooting utilities, and how to
send notices to users when necessary.

Objectives
• Introduce BlackBerry Enterprise Server logging.
• Describe how to use BlackBerry Enterprise Server logs to
troubleshoot.
• Describe other BlackBerry Enterprise Server utilities for
monitoring and troubleshooting.
• Send notices to users.
• Troubleshoot messaging issues.
 RIM Education Services Troubleshooting the BlackBerry Enterprise Server

BlackBerry Enterprise Server logs

Log files can be used to help identify specific errors or can be used
to aid in tracing a message through the BlackBerry Enterprise
Server infrastructure to help identify where the process is breaking
down.

The BlackBerry Enterprise Server event logs are used for proactive
monitoring and for troubleshooting server and user issues. The
BlackBerry Enterprise Server events are written to text files called
debug logs, which are stored on the BlackBerry Enterprise Server
host machine. By default, each BlackBerry Enterprise Server
component is designed to create a daily debug log file compiling
transaction logs for that date.

To view a list of the BlackBerry Enterprise Server logs, see page 292
in the Administering the BlackBerry Enterprise Server version 4.1 -
Reference Guide.

Locating BlackBerry Enterprise Server logs

By default, you can find the BlackBerry Enterprise Server logs
listed by date in the following location, although the default log file
location can be changed during the installation process:

C:\Program Files\Research In Motion\BlackBerry

Enterprise Server\Logs\<date>

To view these logs, go to the directory and click on a specific server

file.

By default, BlackBerry Enterprise Server log files are named

according to server name, service, and date:

servername_component_instance #_yyyymmdd_log #.txt.

Remember For instance, to view BlackBerry Messaging Agent log entries for
The location and name of the events which occurred for the first agent on ServerX on May 21,
.txt file assumes the 2005, go to the following file:
administrator has not altered
the names of the log entries. C:\Program Files\Research In Motion\BlackBerry
Enterprise Server\Logs\20050521\
ServerX_MAGT_01_20050521_0001.txt file

• Daily log file folder - This field allows you to specify

whether daily logs are stored in separate folders.

60IPES41m15.fm
302
RIM Education Services Troubleshooting the BlackBerry Enterprise Server

BlackBerry Enterprise Server log format

See the text below for an example of how a typical debug log entry
is displayed.

Each entry in a debug log file is composed of four sections.

Log section Description

Event ID The Event ID indicates the level (severity) of the
debug log entry. Event IDs fit into one of five
categories.
• [10000] = Error
• [20000] = Warning
• [30000] = Informational
• [40000] = Debug
• [50000] = Other
Date/Time The Date/Time section indicates the date and time
that a particular BlackBerry Enterprise Server event
occurred.
Thread ID The Thread ID specifies which particular thread
performed any given BlackBerry Enterprise Server
event.
Description The Description details thread activity and describes
the nature of the BlackBerry Enterprise Server event
being logged.

60IPES41m15.fm
303
 RIM Education Services Troubleshooting the BlackBerry Enterprise Server

Configuring logging for BlackBerry Enterprise Server

You can enable logging and configure various BlackBerry
Enterprise Server logging parameters in the BlackBerry Server
Configuration tool. To open the tool, go to Start > Programs >
BlackBerry Enterprise Server > BlackBerry Server Configuration.
When the tool opens, click the Logging tab.

Note In the text box at the top of the dialog box, you change the location
Changes made to logging where the log files are kept. The following options are available for
parameters do not take effect configuring logging.
until the affected service is
restarted. Note: When reconfiguring logging options, you must stop and restart the
services for the changes to take effect.

Option Description
Log file prefix Use this field to change the prefix attached to the
log files.
Create daily log folder Select this option to have the BlackBerry Enterprise
Server create separate folders for each of the daily
logs.
<log type> daily file Set this option to True to configure the BlackBerry
Enterprise Server to keep daily log files for the
associated log type.

60IPES41m15.fm
304
RIM Education Services Troubleshooting the BlackBerry Enterprise Server

Option Description
<log type> level This field allows you to specify the level of
BlackBerry Enterprise Server event you want written
to your log files (Debug, Informational, Warning,
Error, or Other).

These log levels are inclusive. For example, if you set

4 as a log level, it will also include 1,2, and 3.
<log type> size (MB) This field allows you to specify a maximum size (in
megabytes) for debug log files. The value in this field
is 0 (unlimited) by default.

When a debug log file reaches the specified size limit

(e.g., 500 kilobytes), no additional BlackBerry
Enterprise Server transactions will be written to the
debug log file.
<log type> auto-roll This field specifies whether a new log file is created
when a component is restarted or the maximum file
size is reached.
<log type> maximum The field specifies the maximum log age in days. If
daily file age enabled, log files are deleted after they exceed the
age. When set to 0, no limit is enforced.

Discussion: Log options

1. Is there a reason why you would enable auto aging?

2. What setting can you change if you have limited hard

drive space?

3. What are the implications of putting the logs on a network

share?

60IPES41m15.fm
305
 RIM Education Services Troubleshooting the BlackBerry Enterprise Server

Lab - Configuring logging options

Using the information outlined in this module and the procedures

starting on page 292 in the Administering the BlackBerry Enterprise
Server version 4.1 - Reference Guide, configure your company’s
BlackBerry Enterprise Server so the following is true:

1. BlackBerry Enterprise Server logs can be found in the

folder C:\BESlogs.
2. The logging age is 7 days.
3. The maximum size for the BlackBerry Manager log file is
200 MB.
4. The default log level for all messaging related components
is set to 4.
Note: When reconfiguring logging options, you must stop and restart the
services for the changes to take effect.

60IPES41m15.fm
306
RIM Education Services Troubleshooting the BlackBerry Enterprise Server

Troubleshooting messaging issues with

BlackBerry Enterprise Server logs
BlackBerry Enterprise Server logs can potentially be very useful
when trying to resolve a messaging issue. When troubleshooting an
issue, several log files can be used, including the BlackBerry
Messaging Agent, BlackBerry Dispatcher, and BlackBerry Router
logs.

Identifying errors in BlackBerry Enterprise Server logs

Message filtered
When a message is filtered, an entry appears in the BlackBerry
Messaging Agent log.

In the example below, the user received an email message which

was filtered by a filter called Test Filter.

Sample BlackBerry Messaging Agent log entry

[40423] (06/03 14:48:59):{0x10D8}
{[email protected]} Queuing new mail through
notification (external). EntryId=43

[40724] (06/03 14:48:59):{0x668}

{[email protected]} Get record key for this MAPI
object, EntryId=43

[40435] (06/03 14:48:59):{0x668}

{[email protected]} Queuing new mail through
notification. EntryId=43. Msgs Pending 0

[30085] (06/03 14:49:00):{0x668}

{[email protected]} New mail has arrived,
EntryId=43

[40512] (06/03 14:49:00):{0x668}

{[email protected]} Message filtered according to
filter Test Filter

[30092] (06/03 14:49:00):{0x668}

{[email protected]} Message filtered, EntryId=43

[30080] (06/03 14:49:00):{0x668} Total Msgs Filtered 1

60IPES41m15.fm
307
 RIM Education Services Troubleshooting the BlackBerry Enterprise Server

Tracing a message in BlackBerry Enterprise Server

logs
To trace a message through BlackBerry Enterprise Server log files,
you need to know the RefID of the message. This RefID can be
found on the BlackBerry device by opening a message and typing
ALT + View. Once you have the RefID, it will make it much easier
to search through the logs for the desired RefID.

In the example below, the BlackBerry device user received an email

message on their device.

Sample BlackBerry Messaging Agent log entry

[40423] (06/03 14:30:10):{0x10D8}
{[email protected]} Queuing new mail through
notification (external). EntryId=42

[40724] (06/03 14:30:10):{0x668}

{[email protected]} Get record key for this MAPI
object, EntryId=42

[40435] (06/03 14:30:10):{0x668}

{[email protected]} Queuing new mail through
notification. EntryId=42. Msgs Pending 0

[30085] (06/03 14:30:10):{0x668}

{[email protected]} New mail has arrived,
EntryId=42

[40287] (06/03 14:30:10):{0x668}

{[email protected]} Queuing message, RefId=-
1120079135, FolderId=-3, EntryId=42, Posted=06/03 14:30:04,
Delivered=06/03 14:30:08

[30066] (06/03 14:30:10):{0x668} Total Msgs Pending 1

[30081] (06/03 14:30:10):{0x668}

{[email protected]} Sending message to device,
size=178, EntryId=42, RefId=-1120079135, TransactionId=-
1029660422, Tag=30

[40279] (06/03 14:30:10):{0x668}

{[email protected]} SubmitToRelaySendQ, Tag=30

[40000] (06/03 14:30:10):{0x3E8} [BIPP] Send data, Tag=30

[40000] (06/03 14:30:13):{0x608} [BIPP] Received status

DELIVERED, Tag=30

[30096] (06/03 14:30:13):{0x668} Total Msgs forwarded to

Handhelds 2

[30097] (06/03 14:30:13):{0x668}

{[email protected]} Message has been delivered to
device, Tag=30, EntryId=42

[30066] (06/03 14:30:13):{0x668} Total Msgs Pending 0

60IPES41m15.fm
308
RIM Education Services Troubleshooting the BlackBerry Enterprise Server

Sample BlackBerry Dispatcher log entry

[40000] (06/03 14:30:10):{0x1328} [BIPP] (T98146716_001)
Received datagram (30:178)

[30222] (06/03 14:30:10):{0x1174} {student04} MTH:

contentType=CMIME, sizeOTA=138, sizeOTW=144, TransactionId=-
1029660422, Tag=33

[30310] (06/03 14:30:10):{0x1174} {student04} Forwarding

internal data to device, contentType=CMIME,
routing=T98146716, device=4003E0AA, size=176, cmd=0x3,
ack=0, TransactionId=-1029660422, intTag=30, Tag=33,
Submit=1

[40279] (06/03 14:30:10):{0x1174} {student04}

SubmitToRelaySendQ, Tag=33

[40000] (06/03 14:30:10):{0x1418} [SRP] Send data, Tag=33,

Submit=1, Size=176

[40000] (06/03 14:30:10):{0x1418} [SRP] EVENT=Send_DATA,

VERSION=2, TAG=33, SIZE=176

[40000] (06/03 14:30:13):{0x1018} [SRP]

EVENT=Receive_STATUS, VERSION=2, TAG=33, STATUS=1

[40000] (06/03 14:30:13):{0x1018} [SRP] Received status

DELIVERED, Tag=33, AckRequired=0

[30368] (06/03 14:30:13):{0x1008} {student04} Packet has been

delivered to device, Tag=33

[30388] (06/03 14:30:13):{0x1008} [BIPP] {student04}

Forwarding status to BES Agent, intTag=30, extTag=33

[40644] (06/03 14:30:13):{0x1328} [BIPP] (T98146716_001)

Datagram DELIVERED, intTag=30, status=1

[40000] (06/03 14:30:13):{0x1328} [SRP] EVENT=Send_STATUS,

VERSION=1, TAG=30, STATUS=1

Sample BlackBerry Router log entry

[40000] (06/03 14:30:10):{0x10CC}
[SERVICE_RELAY_SESSION:T98146716:005f81f8] Service V2 GME
packet received. DESTINATION=4003E0AA, CONTENT=CMIME,
TAG=33, RELAYROUTABLE=true, LENGTH=176

[40000] (06/03 14:30:13):{0x10CC}

[SERVICE_RELAY_SESSION:T98146716:005f81f8] (relay) Clear
service transaction. TAG=33

60IPES41m15.fm
309
 RIM Education Services Troubleshooting the BlackBerry Enterprise Server

Lab - Analyzing BlackBerry Enterprise Server logs

1. Using the BlackBerry Enterprise Server log files provided by

your instructor, identify the approximate time when the
BlackBerry Enterprise Server started.

2. Using the BlackBerry Enterprise Server log files provided by

your instructor, identify at least 5 events that occurred on the
BlackBerry Enterprise Server. Note the time it occurred and the
associated Event ID.
1.

2.

3.

4.

5.

60IPES41m15.fm
310
RIM Education Services Troubleshooting the BlackBerry Enterprise Server

Command line utilities

In addition to the BlackBerry Enterprise Server logs, there are
several command line utilities provided with the BlackBerry
Enterprise Server software you can use to help diagnose or resolve
an issue. These utilities include the following:

• BBSRPTest.exe
• HandheldCleanup.exe (Microsoft Exchange only)
• IEMSTest.exe (Microsoft Exchange only)

These utilities are stored typically in the following directory:

C:\Program Files\Research In Motion\BlackBerry Enterprise

Server\Utility\

BBSRPTest.exe
Did You Know To function correctly, the BlackBerry Enterprise Server needs to
You can use this utility on a maintain a persistent connection to the SRP host. If the BlackBerry
computer other than the BES Enterprise Server is running but not connected to the SRP host, you
by specifying the SRP host can run the BBSRPTest.exe utility to help figure out why. When
when running the utility. For run, the utility tries to establish a connection with the SRP host and
example: BBSRPTest -host if it is unable to do so, returns an error.
srp.na.blackberry.net
Running BBSRPTest.exe
1. From a command prompt, switch to the directory on which the
installed utilities are stored.
2. Type BBSRPTest.exe to run the utility.

The utility checks the BlackBerry Enterprise Server’s SRP host

and confirms whether or not the SRP connection to the wireless
network exists.

HandheldCleanup.exe
Important The HandheldCleanup.exe tool is designed to retrieve and update
This utility is only available on configuration information for BlackBerry Enterprise Servers and
the Microsoft Exchange BlackBerry device users.
platform.
The HandheldCleanup.exe tool is typically used after a BlackBerry
device user mailbox has been moved from one Exchange server to
another.

60IPES41m15.fm
311
 RIM Education Services Troubleshooting the BlackBerry Enterprise Server

Running HandheldCleanup.exe
1. From a command prompt, switch to the directory on which the
installed utilities are stored.
2. Type a command at the command prompt in the following
format:
HandheldCleanup.exe -flag <optional arguments>.
For additional information on the optional arguments, see
page 299 the Administering the BlackBerry Enterprise Server
version 4.1 - Reference Guide.

IEMSTest.exe
Important The IEMSTest.exe tool is designed to test if the BlackBerry Service
This utility is only available on Account can successfully open, write a file to, and delete the file
the Microsoft Exchange from a user’s mailbox in Microsoft Exchange. A successful test
platform. indicates the BlackBerry Enterprise Server service account has the
required permissions to access the user’s mailbox. An unsuccessful
test indicates the BlackBerry Enterprise Server service account has
not been granted the required permissions.

Running IEMSTest.exe
1. From a command prompt, switch to the directory on which the
installed utilities are stored.
2. At the command prompt, type IEMSTest.exe. The
IEMSTest.exe tool prompts for a MAPI Profile.
3. Select the correct BlackBerry Enterprise Server MAPI profile
from the drop-down list and click OK.
The IEMSTest.exe utility connects to the Microsoft Exchange
Server to check permissions.

60IPES41m15.fm
312
RIM Education Services Troubleshooting the BlackBerry Enterprise Server

Exercise 1: Running the BlackBerry Enterprise Server

troubleshooting utilities
Using the information in this module and starting on page 296 in
the Administering the BlackBerry Enterprise Server version 4.1 -
Reference Guide, perform the following actions on your BlackBerry
Enterprise Server.

1. Run BBSRPTest.exe to verify if your BlackBerry Enterprise

Server can connect to the SRP host.

What was the result?

2. If running on a Microsoft Exchange BlackBerry Enterprise

Server, use the HandheldCleanup.exe utility to verify if any
users have been moved from one Exchange server to another.

What was the result?

3. If running on a Microsoft Exchange BlackBerry Enterprise

Server, use IEMSTest.exe to verify your BlackBerry Service
Account has sufficient permissions.

What was the result?

60IPES41m15.fm
313
 RIM Education Services Troubleshooting the BlackBerry Enterprise Server

Troubleshooting device issues

If problems occur with the devices, there are several options you
can use to try and resolve them. Access these options in the
following locations:

• On the All Users tab or the Users tab, select a user and
open the Account or Service Control & Customization task
menu.
• On the User Groups List, select a group and open the
Account or Service Control & Customization task menu.

The available options include the following.

Option Description Access

Purge Pending Click this option to clear messages Service Control &
Messages pending for a user. Customization task
menu
Clear In-Cradle Flag Click this option to resume normal Account task menu
message flow to a user’s device if a
user becomes locked in the In-Cradle
forwarding turned off status.

This can occur if the network

connection is dropped while the
user’s device is connected. In this
case, the BlackBerry Desktop
Manager will continue to manage
the handheld as though it were
connected (regardless of whether
the user disconnects the device), and
messages will not be forwarded to
the user’s device.
Note: This option does not apply to
groups.
Clear Statistics Click this option to completely clear Service Control &
a user’s statistics. On some Customization task
occasions (usually in situations menu
where you need to troubleshoot
technical difficulties), it may be
helpful to clear user statistics.

60IPES41m15.fm
314
RIM Education Services Troubleshooting the BlackBerry Enterprise Server

Notifying users
If there is an issue on the BlackBerry Enterprise Server that you
need to notify users about, you have the option of sending an All
Points Bulletin (APB). You can send APBs to all users on all servers
in the BlackBerry Domain, all users on one server, all users in a
group, or just one user.

When sending out an APB, you have the following options:

Option Description
By Email It sends the message to the mailboxes of all users on
the selected BlackBerry Enterprise Servers.
By PIN It sends the message using the unique PIN of each
user’s handheld on the selected BlackBerry
Enterprise Server.
Send to all users It sends the message to all users on the selected
BlackBerry Enterprise Servers.
Send to selected users It sends the message directly to the selected users
only.

To send an APB, click Send Message from the Account task menu
at the domain, server, user, or group level.

60IPES41m15.fm
315
 RIM Education Services Troubleshooting the BlackBerry Enterprise Server

Discussion: Sending out an APB

1. Why would an administrator want to send a message
directly to the devices via PIN instead of email message?

2. What happens if PIN-to-PIN messaging is turned off in IT

policy settings when you send a PIN-to-PIN APB?

60IPES41m15.fm
316
RIM Education Services Troubleshooting the BlackBerry Enterprise Server

Lab - Notifying users

After all of the configuration and system changes that have

happened recently in your company’s environment, a decision has
been made to reboot the BlackBerry Enterprise Server this evening.

Using the information in this module and the procedures starting

on page 302 in the Administering the BlackBerry Enterprise Server
version 4.1 - Reference Guide, send an All Points Bulletin by PIN to
the users to inform them of the reboot.

60IPES41m15.fm
317
 RIM Education Services Troubleshooting the BlackBerry Enterprise Server

Using the Technical Knowledge Center

When troubleshooting issues, a valuable source of information is
the Technical Knowledge Center (TKC).

1. To log into the technical Knowledge Centre, go to http://

www.blackberry.com/support.
2. From the Technical Knowledge Centre, click Public
Technical Knowledge Centre.

Exercise 2: Using the TKC

1. Find the Technical Knowledge Center Quick Reference
Guide. What are the five types of Support Knowledge Base
Articles?
1.
2.
3.
4.
5.
2. Find the Top 10 Troubleshooting tips for BlackBerry
devices. What is the first item this document recommends
you check for?

3. Find user documentation on the BlackBerry Enterprise

Server Resource Kit. Which folder is it contained in?

4. Find the “BlackBerry troubleshooting workflow”. Which

folder is it contained in?

5. After running BBSRPTest.exe, you receive error 10054.

What are two causes of this error?

60IPES41m15.fm
318
RIM Education Services Troubleshooting the BlackBerry Enterprise Server

6. After running HandheldCleanup.exe, you receive error

8004010f. What is this the cause of this error?

7. Several decision trees exist which you can use when

troubleshooting issues. Find the decision tree you could
use if a user could not send or receive messages. How did
you access it?
1.
2.

60IPES41m15.fm
319
 RIM Education Services Troubleshooting the BlackBerry Enterprise Server

Troubleshooting messaging issues

It is important that you are able to troubleshoot and resolve issues
with messages.

Exercise 3: Troubleshooting issues

1. Katie Tiegs has called in to say she cannot send or receive any
email messages from her device. Identify what you should
check and do to resolve this problem.

60IPES41m15.fm
320
RIM Education Services Troubleshooting the BlackBerry Enterprise Server

60IPES41m15.fm
321
 RIM Education Services Troubleshooting the BlackBerry Enterprise Server

2. If a user can receive messages, but cannot send any messages,

what else could you do in addition to the actions from #1 to
resolve the problem?

60IPES41m15.fm
322
RIM Education Services Troubleshooting the BlackBerry Enterprise Server

3. Katie Tiegs calls in and says that her Enterprise Activation has
failed. Identify what you should check and do to resolve this
problem.

60IPES41m15.fm
323
 RIM Education Services Troubleshooting the BlackBerry Enterprise Server

Exercise 4: Tracing the flow of data for each system

Use the following diagram and the BlackBerry Enterprise Server

components to trace the data flow for the system assigned to you
by your instructor. Identify any potential points of failure.

If you need to refer back to the system data flows, you can find
them on the following pages:

• Messaging system: “To a device” on page 29

• Messaging system: “From a device” on page 32
• PIM synchronization system: “Initial wireless PIM
synchronization data flow” on page 142
• PIM synchronization system: “Incremental wireless PIM
synchronization data flow” on page 144
• PIM synchronization system: Wireless Calendar
synchronization, “Data flow to a device” on page 152
• PIM synchronization system: Wireless Calendar
synchronization, “Data flow from a device” on page 154
• Backup system: “Automatic wireless backup data flow” on
page 161
• Policy system: “IT policy data flow” on page 193
• MDS system: “Pull request data flow” on page 264
• MDS system: “Attachment request data flow” on page 266
• MDS system: “Push request data flow” on page 269
• Attachment system: “Attachment viewing data flow” on
page 242
• Collaboration system: “BlackBerry Collaboration Service
data flow” on page 293

Bonus: Trace the data flow for the Enterprise Activation

process.

60IPES41m15.fm
324
RIM Education Services Troubleshooting the BlackBerry Enterprise Server

60IPES41m15.fm
325
 RIM Education Services Troubleshooting the BlackBerry Enterprise Server

60IPES41m15.fm
326
RIM Education Services Troubleshooting the BlackBerry Enterprise Server

60IPES41m15.fm
327
 RIM Education Services Troubleshooting the BlackBerry Enterprise Server

60IPES41m15.fm
328
RIM Education Services Troubleshooting the BlackBerry Enterprise Server

60IPES41m15.fm
329
 RIM Education Services Troubleshooting the BlackBerry Enterprise Server

Review questions

1. Identify the folder in which BlackBerry Enterprise Server logs

are stored by default.

2. Every BlackBerry Enterprise Server log has the following four

sections:
a. User Name, Date/Time, Administrator, and Description
b. Date/Time, Thread ID, User Name, and Description
c. Event ID, Date/Time, Thread ID, and Description
d. Event ID, Administrator, Date/ Time, and Thread ID

3. Identify which tool is used to configure logging for the

BlackBerry Enterprise Server.

60IPES41m15.fm
330
RIM Education Services Troubleshooting the BlackBerry Enterprise Server

Module summary

Objective Summary
Introduce BlackBerry The BlackBerry Enterprise Server event logs are used
Enterprise Server for proactive monitoring and for troubleshooting
logging. server and user issues. The BlackBerry Enterprise
Server events are written to text files called debug
logs, which are stored on the BlackBerry Enterprise
Server host machine.

See “BlackBerry Enterprise Server logs” on page 302.

Describe how to use BlackBerry Enterprise Server logs can potentially be
BlackBerry Enterprise very useful when trying to resolve a messaging issue.
Server logs to When troubleshooting an issue, several log files can
troubleshoot. be used, including the BlackBerry Messaging Agent,
BlackBerry Dispatcher, and BlackBerry Router logs.

See “Troubleshooting messaging issues with

BlackBerry Enterprise Server logs” on page 307.
Describe other There are several command line utilities provided
BlackBerry Enterprise with the BlackBerry Enterprise Server software that
Server utilities for you can use to help diagnose or resolve an issue.
monitoring and These utilities include the following:
troubleshooting. • BBSRPTest.exe
• HandheldCleanup.exe (Microsoft Exchange
only)
• IEMSTest.exe (Microsoft Exchange only)
See “Command line utilities” on page 311.
Send notices to users. If there is an issue on the BlackBerry Enterprise
Server that you need to notify users about, you have
the following options:
• All Points Bulletin (APB)
See “Notifying users” on page 315.
Troubleshoot See “Troubleshooting messaging issues” on
messaging issues. page 320.

60IPES41m15.fm
331
 RIM Education Services Troubleshooting the BlackBerry Enterprise Server

60IPES41m15.fm
332