BlackBerry Enterprise Server 5 installation nightmares
If you’re going to be installing BlackBerry Enterprise Server (BES) 5.0 on a Windows Server 2008 machine, you better be ready to call technical support or read this blog post at a minimum. I spend 5 hours on the phone with BlackBerry customer support over the course of two days to work out all the installation problems that should have been automated by the installer and documented in the pre-installation guide. I will give Research In Motion support credit for helping me through these problems.
The main different between BES 5.0 and BES 4.1.x is that the administration interface is Java and ActiveX web based only, which irritates me to no end. BES 4.1 gives you a real interface that works without a browser and isn’t dependent on some complicated JBoss+Apache web server setup. This web based aspect of BES 5.0 was the source of some major installation and configuration headaches. With BES 4.1.x, you don’t have to put up with any of this nonsense. The reasoning behind 5.0 using a web administration interface is that now the users can manage their own BlackBerry Enterprise accounts though I really didn’t need this feature.
Just getting the basic preparation work done for a BES 5.0 install is daunting enough because you have to go through this pre-installation guide. That involves setting up a BES service account, the local server permissions, the active directory permissions, the exchange server permissions, and other software that needs to be pre-installed. It gets a bit confusing and I definitely recommend just using the SQL Server 2005 express they include in their BES 5.0 installer and then you don’t have to worry about additional JDBC drivers for remote SQL databases. Don’t bother installing SQL express yourself as it will only make things more complicated. You will need to install the Microsoft Exchange MAPI client before you install BES.
One pre-installation step that is missing is that you need to make sure that IPv6 on Windows Server 2008 is disabled. Un-checking IPv6 in the network interface is not sufficient, and you’ll need to follow the instructions in this Microsoft KB article (Jeremy in the comment section below pointed out that the updated KB article is here) and edit the registry. [NOTE - Disabling IPv6 will break Windows Small Business Server (SBS) which means you don't mix BES with SBS]. Once you’ve done this along with all the other pre-installation procedures above, you can proceed to install BES. Note that during installation, be sure to select BlackBerry Server authentication for the web administration interface and not Active Directory (AD) integrated authentication. BlackBerry technical support couldn’t figure out how to get this working and they told me to reinstall from scratch on a clean machine and don’t use AD authentication for web administration.
There’s more pain after you’ve completed the whole installation. The web administration interface also needs access to the SQL database which doesn’t work out of the box and can frustrate you to no end. Because the BES installer didn’t bother to nail down the SQL ports from dynamic to fixed TCP 1433, the web admin page refuses to come up. You need to go into the SQL Server Configuration Manager and manually set the TCP ports to 1433 as shown below.
Internet Explorer 8.0 in Windows Server 2008 also requires you to enable “compatibility mode” for the administration page and you must also put the administration URL in the trusted site list. The other problem you’ll find is that because the BES 5.0 installer generated its own SSL certificate rather than using the one that is either already on the server or easily obtained in a Windows network environment with a Certificate Authority in place, the browser throws up error messages that it doesn’t trust the SSL certificate. You can fix this by right clicking on Internet Explorer and choose “Run as administrator”. Then you can view the certificate and install it. However, it’s installed in the wrong place in the personal user certificate store and you’ll have to export the certificate and import it into the computer certificate. A better option is to import the certificate into Active Directory trusted certificates using this procedure I wrote up in 2006 and that solves your problem for every computer within the active directory that needs to use the BES web administration page.
Anyhow, it’s all working for me right now and I hope this document helps you avoid the headaches I went through.
This is sadly typical. We stopped trying to use VMServer on our 2008 machines. Why? Because version 1 is not 2008 compatible, and version 2 replaces the native app frontend with a Java app server monstrosity that does not seem to work on most machines I tried it on. I really didn’t feel like troubleshooting Apache/Tomcat issues just to be able to run my VMs, especially with Hyper-V a few mouse clicks away. Instead, I used Hyper-V and simply used SCVMM to convert the VMs over. I also got to use SCVMM to do a P2V conversion, which was pure pleasure compared to my expectations.
J.Ja
Hello George… Do you know if many of this problems would apply for BES 5 running on Lotus Domino???
My guess is that it would apply to BES5 for Lotus Domino.
All the suggestions that I made (other than pre-installing the Microsoft Exchange MAPI client should apply to the Lotus version. I would definitely disable IPv6 and manually set the SQL ports to 1433. I’m pretty sure they’ll be using much of the same code other than the connectors to Exchange and Active Directory.
@Justin James
What do you mean VMServer? Who makes that?
I meant VMWare Server, one of the free offerings from VMWare. It was late.
J.Ja
@Justin James
Ah, I didn’t think anyone used that any more (sorry Tom). VMware ESXi 4.0 is free so I didn’t think anyone would bother with VMware. ESXi 4.0 isn’t that bad, though Hyper-V has far superior disk and network throughput. An official shootout will be forthcoming from me.
I’m not sure if I agree with your assessment of the BES 5.0 interface. It wasn’t moved to a web interface so users can manage their own BlackBerry Enterprise accounts. That’s not true at all. The Web Desktop manager (the user’s interface into device management) is part of BES 5.0, but it was released for 4.1 as well a while ago. That’s a replacement for the BlackBerry Desktop Manager application, not the BAS. There is no expectation that users will use the BAS interface to manage anything. The purpose of the web interface was to remove the requirement that additional software be installed on admin and help desk personnel’s PC’s. The admin can be anywhere, even a public kiosk with the appropriate access, and administer the BES.
I didn’t see any Java in the BAS interface, it’s ActiveX only for the USB driver needed when configuring a physical device. Beyond that it’s straight HTML. If you’re not going to do anything with physical devices, you can forgo the whole ActiveX stuff and it will work just fine.
Steelcloud has your solution fast and cheap.
I just ran through the BES 5.0 setup using a fresh install of Windows Server 2008 SP2 with SQL 2008 and I had no problems. I ran the setup installer as an administrator and I was looked in with the BesAdmin account. I had previously installed all of the required componets, made sure that my SQL server Firewall ports were open, and made the Besadmin account a SQL admin.
I did all of that too, which was in the documentation. However, the documentation said nothing about disabling IPv6 and manually changing the SQL listening ports in SQL 2005 Express. Furthermore, the first time I tried installing BES 5 on a machine that already had SQL 2008 express installed was a nightmare since the installer insisted on installing SQL 2005 Express on top of SQL 2008 Express. I spent 5 hours on the support lines with RIM and they finally told me to nuke the install with SQL 2008 and start from scratch on a machine with no SQL installed.
I followed all these steps and couldn’t log into BAS. Tried re-installing, called RIM Support and no help.
The error in the BBAS-AS log:
KDC has no support for encryption type 14.
Go into AD, select the BES Service\Admin user and select the check box ‘Use DES encryption types for this account’.
Did that and I am able to log in. Hope this helps.
We support BES/BESe/BIS or whatever the SMB version is called as part of our services we provide to clients. BlackBerry is undoubtedly the worst product we support and we dread the call from clients that tells us that their BB doesn’t work. We have a well-worn procedure to install the BB server so that it works with MS Exchange but it seems that every installation is different and fraught with problems.
I don’t know what to attribute it to, but it is a huge problem. Perhaps it is because BB is overengineered for a small business. The fact that 4.x doesn’t work with 2008 is a problem as well.
All I know is that if there was an alternative, I would take it. Having to pay for support outside of the 90 day timeframe is a hassle as well. We can usually get at support because a lot of the problems can be traced to installation, but we waste SO much time. And time is money.
I beg clients not to buy BlackBerrys. As bad as Windows Mobile’s interface is, I can have it up and running in 5 minutes. iPhone? Same. And… they just keep on working. Have a problem with your BB? Pull the battery out and put it back in. Oh… nice, you are getting mail again. Would anyone put up with that kind of performance from Apple or Microsoft?
Anyway, I don’t expect anything better from RIM in the future.
Just my two cents worth!
Randy
Having used a windows mobile phone in the past, I had to pull the battery much more often than I ever have had to on my BlackBerry. The only reason I ever need to pull the battery is due to slow/sluggish performance (and even then it’s because i run beta device software on mine). I’ve never ran into problems installing BES 5.0 or 4.1 as long as I’ve followed the install guide.
I’m not sure if this was due to the resent update to 5.0, but i have no problem using SQL 2008 standard edition.
As the software on the devices catches up to take full advantage of BES 5.0 features, i would recommend BlackBerry for any and all of our enterprise/corporate customers.
The link to the KB artcle no longer works. Is 929852 the correct one?
http://support.microsoft.com/kb/929852 for the updated link
I must say thank you! I got my BES 5 running with the help of this article. I am running it on Windows Server 2003 though. The big thing was the SQL ports for me! Also KB article 929852 is correct. Thanks again!
BES installation on our Windows Server 2008 crash the moment you try click on the intallation button. 2008 has been around for quite a while and one would have expected RIM to have sorted out the issues. Agree that getting windows mobile and nokia mobile interfaces working with exchange is a 5 minute job and rock solid. Wont have BB in our company.
Just a note for you on one small requirement we overlooked when attempting to install this. BES 5.0 is not supported to run on the same box you have Exchange running on, it is small print in the setup guide. Also, we had an issue when installing as well with the java version 6 update 15 portion. Kept crashing with a msiexec pop up window, giving me a list of all the switches that can be used with msexec. Had to go into the BES setup folder and install their java manually instead of letting the BES installer do it, then the installer recognized the correct version of java was installed and didn’t try again.
Attempting to install to Windows Server 2008, Exchange 2010;
Hi George,
The reason you couldn’t get integrated Active Directory authentication to work for the BAS was more-than-likely because the BASAdmin account you created (or, any account you specified for BAS Administration) was not in the base search DN you’d specified during the installation. If the BAS administration account is not within the specified base search DN the installer won’t be able to find and verify it.
Just thought I’d drop a line to say “thanks” for this article. We are currently running an evaluation of BES 5 installed on Windows Server 2008, and experienced the issue of not being able to connect to the web console. After finding the article and following the suggestions it is now working fine, so once again thanks.
One more thing I figured out myself: I did all of this and still could not get the web console going. I then went into IE options and re-set its configuration to the default settings (what you get on a fresh install). That worked.
Hi, i followed your post to the letter but im unable to open the BAS? The log file shows a java error “socket is closed” do you have any info on how to troubleshoot this issue?
Regards
I installed this software on a 2003 server and followed all the steps mentioned about. I can not get the web interface to open up. Everything in the BB configuration utility checks out fine. I have been serching the net for solutions but am not having any success. Any suggestions? I feel like I am missing something obvious.
I have what I consider a very staright forward setup. 2003 Servers, one with Exchange 2003 standard all service packed up – it is DC and GC, but this is a small business
Followed the pre installation tutorial, followed the installation closely and fully documented the various steps.
No Admin Console.
Followed all the various Authentication type How-to’s e.g. Webkey stores, IE fixes, changed the admin account and checked that BAS-AS goes to >300mb, checked the AS log files had the various tampered key issues – solved them,
No Admin console
Thought I was losing my mind, ran an IQ check.
Utterly removed removed BES501 Express and SQL server including registry cleanup
and Re-installed
No Admin Console.
This Software is trash of the highest order. Try the complimentary support ticket – Greyed out – Tried ‘Contact us’ – Bounced back, can’t communicate with me but I might like to try some paid support – Can’t wait For Blackberry Rep to contact me.
Conversation will not require any words with more than one syllable.
@George Ou
Hi George, thanks for this thread, you’re right bb server installation ist like a neverending nightmare
Be careful with disabling ipv6 on server 2008 sbs when intalling bes 5.0.1 express
exchange 2007 on sbs 2008 needs ipv6 for operation. if you turn it off and restart, the server will stop at “applying computer settings”. if the server starts anyway, exchange services would be down.
I have to agree with Randy completely. We have a long list of clients that can’t give up BB’s, and they waste countless dollars on engineering BES installations. We hate 90% of the installations, and always recommend a solution with Windows Mobile or iPhone. At best a BB costs them hundreds (likely thousands) of dollars setting everything up; whereas even reasonably ‘smart hands’ can set up an iPhone in minutes.
Hi everyone. I am working on a solution that will replace the BES Web UI garbage. I am furious too about BES poorly written Web UI and I am now more than determined to provide a solution. We are in 2nd phase of development now and we’ll go beta by end July or early August 2010!!!!
After reading this i am pretty nervous about my implementation – i have BPS 4.1 running (with a few glitches) but mostly it works. (after teh 3rd attempt)
now i need to install BES Express 5 for the extra features i will install on a VM Machine 2k8 is there anything apart from the above that i should be carefull of.
THANKS A MILLION for publishing this, George. I was about to start an installation and you have really saved me considerable hearthache. I wish more folks would share their knowledge like this.
Mike
George, Very nice indeed. I blew away my first install of BES Express 5 and followed your pre req’s here, now working a charm after some other little tweaks.
Thanks!
@ian0x0r
Good to hear that these recommendations still work.
I too have had issues with installing on SBS2003 – mine though came from it locking up half-way througth the install and now I cannot get it to finish – any ideas? Also can someone please email me a email address for BB Support for this problem.
Thanks.
John
Thanks for this post! That IP6 issues has been killing me. Seems to me that RIM needs to get off their @$$es and fix the application and streamline this setup process.