BlackBerry Enterprise Server 5 installation nightmares
If you’re going to be installing BlackBerry Enterprise Server (BES) 5.0 on a Windows Server 2008 machine, you better be ready to call technical support or read this blog post at a minimum. I spend 5 hours on the phone with BlackBerry customer support over the course of two days to work out all the installation problems that should have been automated by the installer and documented in the pre-installation guide. I will give Research In Motion support credit for helping me through these problems.
The main different between BES 5.0 and BES 4.1.x is that the administration interface is Java and ActiveX web based only, which irritates me to no end. BES 4.1 gives you a real interface that works without a browser and isn’t dependent on some complicated JBoss+Apache web server setup. This web based aspect of BES 5.0 was the source of some major installation and configuration headaches. With BES 4.1.x, you don’t have to put up with any of this nonsense. The reasoning behind 5.0 using a web administration interface is that now the users can manage their own BlackBerry Enterprise accounts though I really didn’t need this feature.
Just getting the basic preparation work done for a BES 5.0 install is daunting enough because you have to go through this pre-installation guide. That involves setting up a BES service account, the local server permissions, the active directory permissions, the exchange server permissions, and other software that needs to be pre-installed. It gets a bit confusing and I definitely recommend just using the SQL Server 2005 express they include in their BES 5.0 installer and then you don’t have to worry about additional JDBC drivers for remote SQL databases. Don’t bother installing SQL express yourself as it will only make things more complicated. You will need to install the Microsoft Exchange MAPI client before you install BES.
One pre-installation step that is missing is that you need to make sure that IPv6 on Windows Server 2008 is disabled. Un-checking IPv6 in the network interface is not sufficient, and you’ll need to follow the instructions in this Microsoft KB article and edit the registry. Once you’ve done this along with all the other pre-installation procedures above, you can proceed to install BES. Note that during installation, be sure to select BlackBerry Server authentication for the web administration interface and not Active Directory (AD) integrated authentication. BlackBerry technical support couldn’t figure out how to get this working and they told me to reinstall from scratch on a clean machine and don’t use AD authentication for web administration.
There’s more pain after you’ve completed the whole installation. The web administration interface also needs access to the SQL database which doesn’t work out of the box and can frustrate you to no end. Because the BES installer didn’t bother to nail down the SQL ports from dynamic to fixed TCP 1433, the web admin page refuses to come up. You need to go into the SQL Server Configuration Manager and manually set the TCP ports to 1433 as shown below.
Internet Explorer 8.0 in Windows Server 2008 also requires you to enable “compatibility mode” for the administration page and you must also put the administration URL in the trusted site list. The other problem you’ll find is that because the BES 5.0 installer generated its own SSL certificate rather than using the one that is either already on the server or easily obtained in a Windows network environment with a Certificate Authority in place, the browser throws up error messages that it doesn’t trust the SSL certificate. You can fix this by right clicking on Internet Explorer and choose “Run as administrator”. Then you can view the certificate and install it. However, it’s installed in the wrong place in the personal user certificate store and you’ll have to export the certificate and import it into the computer certificate. A better option is to import the certificate into Active Directory trusted certificates using this procedure I wrote up in 2006 and that solves your problem for every computer within the active directory that needs to use the BES web administration page.
Anyhow, it’s all working for me right now and I hope this document helps you avoid the headaches I went through.
This is sadly typical. We stopped trying to use VMServer on our 2008 machines. Why? Because version 1 is not 2008 compatible, and version 2 replaces the native app frontend with a Java app server monstrosity that does not seem to work on most machines I tried it on. I really didn’t feel like troubleshooting Apache/Tomcat issues just to be able to run my VMs, especially with Hyper-V a few mouse clicks away. Instead, I used Hyper-V and simply used SCVMM to convert the VMs over. I also got to use SCVMM to do a P2V conversion, which was pure pleasure compared to my expectations.
J.Ja
Hello George… Do you know if many of this problems would apply for BES 5 running on Lotus Domino???
My guess is that it would apply to BES5 for Lotus Domino.
All the suggestions that I made (other than pre-installing the Microsoft Exchange MAPI client should apply to the Lotus version. I would definitely disable IPv6 and manually set the SQL ports to 1433. I’m pretty sure they’ll be using much of the same code other than the connectors to Exchange and Active Directory.
@Justin James
What do you mean VMServer? Who makes that?
I meant VMWare Server, one of the free offerings from VMWare. It was late.
J.Ja
@Justin James
Ah, I didn’t think anyone used that any more (sorry Tom). VMware ESXi 4.0 is free so I didn’t think anyone would bother with VMware. ESXi 4.0 isn’t that bad, though Hyper-V has far superior disk and network throughput. An official shootout will be forthcoming from me.
I’m not sure if I agree with your assessment of the BES 5.0 interface. It wasn’t moved to a web interface so users can manage their own BlackBerry Enterprise accounts. That’s not true at all. The Web Desktop manager (the user’s interface into device management) is part of BES 5.0, but it was released for 4.1 as well a while ago. That’s a replacement for the BlackBerry Desktop Manager application, not the BAS. There is no expectation that users will use the BAS interface to manage anything. The purpose of the web interface was to remove the requirement that additional software be installed on admin and help desk personnel’s PC’s. The admin can be anywhere, even a public kiosk with the appropriate access, and administer the BES.
I didn’t see any Java in the BAS interface, it’s ActiveX only for the USB driver needed when configuring a physical device. Beyond that it’s straight HTML. If you’re not going to do anything with physical devices, you can forgo the whole ActiveX stuff and it will work just fine.
Steelcloud has your solution fast and cheap.
I just ran through the BES 5.0 setup using a fresh install of Windows Server 2008 SP2 with SQL 2008 and I had no problems. I ran the setup installer as an administrator and I was looked in with the BesAdmin account. I had previously installed all of the required componets, made sure that my SQL server Firewall ports were open, and made the Besadmin account a SQL admin.
I did all of that too, which was in the documentation. However, the documentation said nothing about disabling IPv6 and manually changing the SQL listening ports in SQL 2005 Express. Furthermore, the first time I tried installing BES 5 on a machine that already had SQL 2008 express installed was a nightmare since the installer insisted on installing SQL 2005 Express on top of SQL 2008 Express. I spent 5 hours on the support lines with RIM and they finally told me to nuke the install with SQL 2008 and start from scratch on a machine with no SQL installed.
I followed all these steps and couldn’t log into BAS. Tried re-installing, called RIM Support and no help.
The error in the BBAS-AS log:
KDC has no support for encryption type 14.
Go into AD, select the BES Service\Admin user and select the check box ‘Use DES encryption types for this account’.
Did that and I am able to log in. Hope this helps.
We support BES/BESe/BIS or whatever the SMB version is called as part of our services we provide to clients. BlackBerry is undoubtedly the worst product we support and we dread the call from clients that tells us that their BB doesn’t work. We have a well-worn procedure to install the BB server so that it works with MS Exchange but it seems that every installation is different and fraught with problems.
I don’t know what to attribute it to, but it is a huge problem. Perhaps it is because BB is overengineered for a small business. The fact that 4.x doesn’t work with 2008 is a problem as well.
All I know is that if there was an alternative, I would take it. Having to pay for support outside of the 90 day timeframe is a hassle as well. We can usually get at support because a lot of the problems can be traced to installation, but we waste SO much time. And time is money.
I beg clients not to buy BlackBerrys. As bad as Windows Mobile’s interface is, I can have it up and running in 5 minutes. iPhone? Same. And… they just keep on working. Have a problem with your BB? Pull the battery out and put it back in. Oh… nice, you are getting mail again. Would anyone put up with that kind of performance from Apple or Microsoft?
Anyway, I don’t expect anything better from RIM in the future.
Just my two cents worth!
Randy
Having used a windows mobile phone in the past, I had to pull the battery much more often than I ever have had to on my BlackBerry. The only reason I ever need to pull the battery is due to slow/sluggish performance (and even then it’s because i run beta device software on mine). I’ve never ran into problems installing BES 5.0 or 4.1 as long as I’ve followed the install guide.
I’m not sure if this was due to the resent update to 5.0, but i have no problem using SQL 2008 standard edition.
As the software on the devices catches up to take full advantage of BES 5.0 features, i would recommend BlackBerry for any and all of our enterprise/corporate customers.
The link to the KB artcle no longer works. Is 929852 the correct one?
http://support.microsoft.com/kb/929852 for the updated link
I must say thank you! I got my BES 5 running with the help of this article. I am running it on Windows Server 2003 though. The big thing was the SQL ports for me! Also KB article 929852 is correct. Thanks again!
BES installation on our Windows Server 2008 crash the moment you try click on the intallation button. 2008 has been around for quite a while and one would have expected RIM to have sorted out the issues. Agree that getting windows mobile and nokia mobile interfaces working with exchange is a 5 minute job and rock solid. Wont have BB in our company.
Just a note for you on one small requirement we overlooked when attempting to install this. BES 5.0 is not supported to run on the same box you have Exchange running on, it is small print in the setup guide. Also, we had an issue when installing as well with the java version 6 update 15 portion. Kept crashing with a msiexec pop up window, giving me a list of all the switches that can be used with msexec. Had to go into the BES setup folder and install their java manually instead of letting the BES installer do it, then the installer recognized the correct version of java was installed and didn’t try again.
Attempting to install to Windows Server 2008, Exchange 2010;