How to install BlackBerry Enterprise Server
Express on a SBS 2008 -
Mariette Knap posted on April 18, 2010 14:46
This document and what comes with it are provided as-is with blunt warning: Use at your own risk, buyer
beware.You break your system; you own the resolution as well. We have no liability for what you do, or can't
do, or fail to do with this information. Your entire protection is to start over again with a protected backup, or
from protected system. If you don't want to accept this idea, please don't use this document.
Special thanks to Jason Miller, Les Connor and Michael B. Smith for helping on this article. All are Microsoft
Install Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1
Before we can start with the installation of BESExpress you must install Microsoft Exchange Server MAPI
Client and Collaboration Data Objects 1.2.1. You can download it here:
0A110307611E&displaylang=en. Your server must have Exchange 2007 Service Pack 2 installed and all
rollups. It is best practice to run the SBS 2008 BPA and check the reports before you install BESExpress 5.01.
1. Double click the file you just downloaded “ExchangeMapiCdo” and extract it to a folder of your choice.
2. After it is extracted you will see „Extraction Complete‟ and click OK.
3. Browse to the folder where you extracted the Mapi installer and double click ExchangeMapiCDO to
start the installer.
4. Click Next.
5. Check „I agree‟ and click Next.
6. The installer is ready, click Finish.
Raise Windows Server 2008 Active Directory Domain and Forest Functional Levels.
It seems that the ability to login with a Windows account into BlackBerry Web Desktop Manager is only
possible when you raise the Functional Levels of you domain and forest to Windows Server 2008. Before you
complete this procedure you need to understand what this means, please read:
Understanding Domain and Forest Functionality
Unable to log on to the BlackBerry Administration Service web console when running a mixed
Windows Server 2003 and 2008 domain controller environment
If you have a Windows 2003 Server in your network that is a domain controller, such as in a branch
office, you should will notice that you cannot raise functionality to Windows 2008 level. If you plan to
have a Windows 2003 server that will be a DC do not raise functionality level.
1. Open Active Directory Users and Computers from the Administrative tools.
2. Right click your domain and choose „Raise domain functional level‟.
3. Choose Windows Server 2008 and click Raise.
4. Accept and click OK.
5. Click OK and close the Active Directory Users and Computers MMC.
6. Open Active Directory Domains and Trusts from the Administrative tools
7. Right click „Active Directory Domains and Trusts‟ and choose Raise Forest Functional Level.
8. Choose Windows Server 2008 and click Raise
9. Click OK.
10. Click OK and close the „Active Directory Domains and Trusts‟ MMC.
Create a Windows account and mailbox for the BlackBerry Enterprise Server Express.
1. From the start menu open the Exchange Management Console.
2. Choose Recipient Configuration –> Mailbox and in actions pane „New Mailbox‟.
3. Choose „User Mailbox‟ and then Next.
4. Choose „New User‟ and click next.
5. Fill in First name, Name, User Logon name (both) and give a strong password to the BESadmin. Click
6. Click Browse
7. Choose your server and click OK
8. Check your settings and click New.
9. Make sure you have a green check and click Finish
Configure Exchange Server 2007
1. From the start menu choose the Exchange Management Shell.
2. Type the command to set ViewOnlyAdmin role for Besadmin.
1. add-exchangeadministrator "BESAdmin" -role ViewOnlyAdmin
3. Type the command to assign the ms-Exch-Store-Admin, Receive-As, and Send-As permissions for the
BESadmin account and press enter.
1. get-mailboxserver "ContosoServer" | add-adpermission -user "BESAdmin" -accessrights
ExtendedRight -extendedrights Receive-As, ms-Exch-Store-Admin, Send-As
Configure the computer that will host the BlackBerry Enterprise Server Express.
1. Start Active Directory Users and Computers from the Start Menu.
2. Select the hive Builtin and double click „Administrators‟.
3. Choose the tab „Members‟ and click Add.
4. Type „besadmin‟ and click „Check Names‟.
5. Click OK.
6. Click „Apply‟ and then „OK‟.
7. Open Group Policy Management from the Administrative Tools.
8. Right click the „Default Domain Controllers Policy‟ and choose „Edit‟.
9. Choose Computer Configuration –> Windows Settings –> Security Settings –> Local Policies –> User
Rights Assignment and double right click in the right pane „Allow log on locally‟.
10. Click „Add User or Group‟.
11. Click Browse
12. Type in the box „besadmin‟ and click „Check Names‟.
13. Click „OK‟.
14. As you see the BESAdmin account is now listed. Click „Apply‟ and „OK‟.
15. Scroll down and double click „Log on as a service‟.
16. Check „Define these policy settings‟ and click „Add User or Group‟.
17. Click „Browse‟.
18. Type in the box „besadmin‟ and click „Check Names‟.
19. Click „OK‟.
20. Click „OK‟.
21. The „besadmin‟ account is now listed. Click „Apply‟ and „OK‟. Close the Group Policy Management
Configure the database server and run the BlackBerry Enterprise Server Express setup application.
You should download BESExpress here: http://na.blackberry.com/eng/services/business/server/express/. It is
free but RIM only asks you to register. After registration RIM will send you a download URL and CAL keys.
WARNING! Very Important! Logoff from the server and logon with the BESAdmin account you just
created. If you fail to do this everything else will fail
1. Verify that you are logged on as the BESAdmin. Open the start menu and see if BESAdmin is the user
who is logged on to your server.
2. Run the download, it will unzip the contents into a folder of your choice and start setup automatically.
3. Again you are warned to check if the current user is BESAdmin. If it is click „Continue Installation‟.
4. Fill in User name, Organization, choose the country and accept the license agreement. Click „Next‟.
5. Choose „Create a BlackBerry Configuration Database‟ and click Next.
6. Choose the defaults and click Next.
7. You must not see any warnings here. Click Next.
8. A default SBS 2008 installation already has SQL 2005 as you can see in this screenshot. You can choose
to install the BlackBerry database into the SBSMonitoring instance but it seems to be best practice to
create a dedicated instance. The BESExpress installer does that for you and names it BlackBerry as you
can also see in the screenshot.
We choose to install SQL Server 2005 Express Edition, this will create a new instance called
BlackBerry in which the Configuration Database will be created for BlackBerry. Click Next.
9. Fill in the password and the name for your server.
10. Review your settings and click „Install‟.
11. Click Yes to restart the server. After the server has restarted login with the BESAdmin account.
12. Once restarted and logged in as BESAdmin choose Next.
13. After awhile you are asked to create the BESMgmt database. Choose Yes.
14. The database is created. If a window pops up that a Java update should be installed ignore that and
15. The database has been created, click OK.
16. Fill in the CAL key, SRP Identifier and Authentication key. If you have difficulties understanding what
numbers/keys where to fill in please study the screenshot below.
17. Fill in the name of your server and click Check Name.
18. Click Apply and OK.
19. Type a password and click Next.
20. It is important to understand that you use the same account as you installed your server with. You
should not use the BESAdmin here!
21. In this case I use a non AD account that will be able to manage BlackBerry accounts.
22. Almost done. Click Start Services.
23. All services are started and click Next.
24. Click Finish.
Configure the Firewall on your SBS 2008 to allow access to the BlackBerry Administration Service and
the Web Desktop Manager.
There are two ways of doing this. You can choose to configure the Firewall with your mouse or use „netsh‟. We
will show you both.
1. With netsh it is really easy. Open a command prompt and choose „Run as administrator‟.
2. Type netsh firewall add portopening TCP 3443 "BESExpress Management Port" and hit enter.
1. netsh firewall add portopening TCP 3443 "BESExpress Management Port"
3. Now we will use the mouse. Open the Control Panel and choose „Allow a program through Windows
4. Aha, there is the rule we created with netsh. Now, if you did not use netsh you would click „Add Port‟
and add port 3443 for the BESExpress Management Port.