The BlackBerry Enterprise Server Express Edition offers businesses the ability to enable their staff to use BlackBerry devices to receive push-based email from an existing Microsoft Exchange installation - both standalone Exchange servers and the Microsoft Small Business Server product.
A free download from the BlackBerry web site, the solution is not limited to any set number of users and requires only that users have a BlackBerry data tariff on their SIM card with their network operator.
A 10,000 user CAL is supplied with the download by default:
BES Express is based on the full BES 5.0.1 MR1 product code, and as such offers much (but not all) of the same functionality:
The following features are NOT available in BES Express:
At the time of writing, BES Express is only available in English.
BES Express is not compatible with Lotus Domino or Novell Groupwise installations.
Microsoft Exchange Messaging Server
Microsoft Exchange System Tools
The following hotfix is required on the Microsoft Exchange 2003 server to provide Unicode support for calendars (ie Simplified Chinese and Japanese language characters) - http://support.microsoft.com/?kbid=913643
If using Exchange 2003, the following update is also required on the BES server to resolve a known issue with certain Chinese language characters - http://support.microsoft.com/?kbid=923537
(Up to 500 users)
(Up to 1000 users)
Any of the following database management systems are supported:
If using a database system earlier than SQL 2005 SP3, the following hotfix should be installed on the database server - http://support.microsoft.com/?kbid=960082
In order to provide support for audio attachments, Windows Media Player 9 or later is required on the BES.
Internet Explorer 6 or later is required to access the web administration console.
The BES requires outbound-initiated, bi-directional access to the Internet on TCP port 3101 as well as access to DNS.
RIM recommend operating up to a maximum of 75 users if the BES Express software is being installed directly onto the Exchange server itself. On a standalone server, BES Express can support up to 2,000 users. Multiple BES Express servers can be deployed in the same BlackBerry domain.
NOTE - this article assumes an Exchange 2003 installation, visit the BES Express section for articles on installing the solution against Exchange 2007 or 2010 (http://ukblog.im-mobility.com/blackberry-enterprise-server-express)
If installing the BES Express software on the Exchange server itself, the Exchange server should NOT itself also be a domain controller. This does not apply to the Small Business Server 2003 product, but if a dedicated server is available as an option, this should be considered for scalability.
Create a domain user account called BesAdmin
On the Exchange server, in the Active Directory Users and Computers console, create a domain user called "BesAdmin" and assign it an Exchange mailbox. Set the user account password to never expire.
Send an email to the BesAdmin user to initialise the Exchange mailbox.
Assign the BesAdmin user local administrative rights
On the server that is to host the BES Express, make the BesAdmin domain user a member of the local administrator group. NOTE - the BES Express server will first need to have been added to the Domain if not done already.
To do this, on the BES Express server, right click on the icon for My Computer and select Manage. Browse to Local Users and Groups --> Groups --> Administrators and add the BesAdmin user:
Assign the BesAdmin user "log on as a service" rights
On the BES Express server, also assign the BesAdmin domain user account "log on as a service" rights. To do this, select Administrative Tools --> Local Security Policy --> User Rights Assignment --> Log on as a service and add the BesAdmin user:
Assign Exchange View-Only Administrator rights to the BesAdmin user
On the Exchange server, make the BesAdmin user an Exchange View-Only administrator. Launch the Exchange System Manager and browse to Administrative Groups. Right click on the Administrative Group that the BesAdmin user is to have access to and select Delegate Control:
If you don't see the Administrative Groups displayed, right click on the Domain and select properties. Select the option to display Administrative Groups:
Close the Exchange System Manager and re-launch it. Add the BesAdmin user as an Exchange View-Only Administrator in the Delegate Control wizard:
Assign "Send As", "Receive As" and "Administer Information Store" rights to the BesAdmin user
Within the Exchange System Manager, right click on the entry for the Exchange server and select Properties. Click on the Security tab.
Add the BesAdmin user and tick the options to allow "Send As", "Receive As" and "Administer Information Store" rights to the user:
Assign "Send As" rights on the domain to the BesAdmin user
Within the Active Directory Users and Computers console, open the View menu and select the option to display Advanced Features.
Right click on the domain and select Properties. Click on the Security tab:
Click on the Advanced button:
Click on Add and type in the name of the BesAdmin user:
Select the option to Apply Onto User Objects.
Scroll down to the bottom and tick the option to enable Send As rights:
To force all of the above changes to take effect on the domain, it may be worth running a group policy update. On the Exchange server click Start --> Run and issue the command "gpupdate /force"
Install the Exchange MAPI CDO 1.2.1 package / Exchange System Manager
NOTE this step is only required if the BES Express software is being installed onto a server other than the Exchange server. If the Exchange server itself is being used to host the BES Express software, then all of the required MAPI components are already present.
If installing BES Express on a separate server, then a form of MAPI is required to enable Exchange connectivity. There are two choices when installing BES Express for use with Exchange 2003: the Exchange Management Tools (the Exchange System Manager) can be installed from the Exchange 2003 installation media and then brought up to the same service pack level as the Exchange 2003 server; or alternatively the Microsoft Exchange MAPI CDO 1.2.1 package can be installed for a 'lighter-weight' installation.
In this article I shall use the MAPI CDO package - this is available for download from our FTP site HERE (Exchange 2003 / 2007).
Run the installer and accept the license agreement:
Now you're ready to install the BES Express software.
NOTE - if you do choose to install the Exchange System Manager on the BES Express server then there are further configuration steps required.
The Exchange System Manager does not include the CDO.dll system file required for calendar access, this file must be copied to the BES Express server from the Exchange server.
By default this file will be located on the Exchange server in the "C:\Program Files\Exchsvr\Bin" directory. Copy the file to the "C:\Windows\System32" directory on the BES Express server.
Once copied across, register the CDL.dll file by launching the command prompt. Change to the C:\Windows\System32 directory and issue the following command:
If successful, the following window will be displayed:
LOG INTO THE BES EXPRESS SERVER AS THE BESADMIN USER!
Launch the BES Express installer, you will be prompted to confirm that you are indeed logged in as the correct user:
Click Continue Installation:
Choose your country and read the license agreement. Select the option to accept if you agree to the terms and conditions:
Select the option to Create a BlackBerry Configuration Database:
Select the option to install a BlackBerry Enterprise Server:
Verify that all pre-requisite checks are completed successfully, paying attention to any warnings or failures:
In this article I am allowing the BES Express installer to install a local copy of SQL Server Express, if you intend to use a dedicated SQL Server, select this option and enter the details of the server address:
Enter the password for the BesAdmin account and enter in a name for the BES Express server: this name can be a 'friendly' one and is used to identify it in the Web Administration interface:
If you are warned that the server does not have sufficient free disk space available, free up some space before continuing:
A summary of the installation options will be displayed:
Click Install, the required components will now be installed, this process may take a while. When complete you will be prompted to reboot the server:
Click Yes. Once rebooted, log back in as the BesAdmin user. The installation will resume automatically:
Enter a name for the Configuration Database - this should ideally be left at the default unless specifically required. Click Next:
You will be prompted to create the database, click Yes:
When created, click OK:
Enter in the 10,000-user CAL, SRP key and SRP authentification key you were supplied along with the BES Express download. Verify connectivity to the RIM Relay on TCP port 3101. Click Next:
The MAPI connection settings will now be required, enter in the name of the Exchange server as well as the BesAdmin user account mailbox. Click OK:
Enter in the name you wish to use for the Administration web site. Again this should be left at the default if you are unsure as to what this means. Any name you choose should be resolvable via DNS if not using the default option.
Enter in a password for the SSL certificate - this is generated automatically by the installer and assigned to the Apache-based administration web site (the site does not run within IIS). The certificate is generated based on the name entered.
By default the administration web site runs on port 3443 - this can be altered if desired but again leave this value at the default unless specifically required. Click Next:
Enter in the details of the BesAdmin user account again and click Next:
Specify whether you wish access to the administration web site to be authenticated based on Active Directory credentials, or whether you want to use the built-in BlackBerry Administration Service authentication. If you select the second option, enter in a password for the default admin account.
NOTE - if you select BlackBerry Administration Service authentication, the default admin username is "ADMIN", NOT "BESADMIN".
Select the option to Start Services and verify that all services start successfully:
You will be reminded what the address is to access the administration web site. Click Finish.
The software is now installed and ready to use. To access the web administration site, a link will have been added to the Programs folder on the Start menu:
Selecting the link will launch the default browser on the server (which needs to be Internet Explorer 6 or later):
Log in ether as the BesAdmin user (using Windows authentication) or as the Admin user (using BlackBerry authentication):
Add the web site to the Trusted Sites group in the Internet Explorer security options area:
And add the web site certificate to the trusted certificate authority folder:
In the Administration web site, select the option to Create a user:
Selecting Search will display a list of all available users:
Tick the user(s) you want to add and click Continue:
Select the BES Server the users should be added to (you'll only have one option) and click Next. The users will now be added to the BES Server.
To associate a device to a user, the BlackBerry handheld itself can be connected directly to the BES Express server via USB. In the Administration web site browse to Devices --> Attached Devices --> Overview:
When the device is connected, its PIN details will be displayed:
Select the option to Assign current device to a user. Select the user you want to associate the device with:
The device will now be associated to the user and will automatically activate itself and begin to download user mailbox data.
If you encounter any problems adding or activating users, first verify that all BlackBerry services have started and are running correctly:
The commonest cause of problems when troubleshooting issues with a BES installation is that the correct permissions have not been assigned to the BesAdmin user on the domain and the Exchange server as detailed above.
Included with the BES Express software is a utility called "IEMSTEST" which can verify the BesAdmin user's access to specific user mailboxes.
The utility lives in the C:\Program Files\Research In Motion\BlackBerry Enterprise Server\Utility folder and needs to be run at the command line:
Select the BlackBerryServer MAPI profile when prompted:
Select the user account you wish to query:
The permissions will be tested:
As you can see from the above screenshot this test has indicated that the BesAdmin account does not have Send As rights on my James Liddiard user account. Once I verify my permissions, re-running the test indicates that all test have passed successfully: