If you’re going to be installing BlackBerry Enterprise Server (BES) 5.0 on a Windows Server 2008 machine, you better be ready to call technical support or read this blog post at a minimum. I spend 5 hours on the phone with BlackBerry customer support over the course of two days to work out all the installation problems that should have been automated by the installer and documented in the pre-installation guide. I will give Research In Motion support credit for helping me through these problems.
The main different between BES 5.0 and BES 4.1.x is that the administration interface is Java and ActiveX web based only, which irritates me to no end. BES 4.1 gives you a real interface that works without a browser and isn’t dependent on some complicated JBoss+Apache web server setup. This web based aspect of BES 5.0 was the source of some major installation and configuration headaches. With BES 4.1.x, you don’t have to put up with any of this nonsense. The reasoning behind 5.0 using a web administration interface is that now the users can manage their own BlackBerry Enterprise accounts though I really didn’t need this feature.
Just getting the basic preparation work done for a BES 5.0 install is daunting enough because you have to go through this pre-installation guide. That involves setting up a BES service account, the local server permissions, the active directory permissions, the exchange server permissions, and other software that needs to be pre-installed. It gets a bit confusing and I definitely recommend just using the SQL Server 2005 express they include in their BES 5.0 installer and then you don’t have to worry about additional JDBC drivers for remote SQL databases. Don’t bother installing SQL express yourself as it will only make things more complicated. You will need to install the Microsoft Exchange MAPI client before you install BES.
One pre-installation step that is missing is that you need to make sure that IPv6 on Windows Server 2008 is disabled. Un-checking IPv6 in the network interface is not sufficient, and you’ll need to follow the instructions in this Microsoft KB article (Jeremy in the comment section below pointed out that the updated KB article is here) and edit the registry. [NOTE - Disabling IPv6 will break Windows Small Business Server (SBS) which means you don't mix BES with SBS]. Once you’ve done this along with all the other pre-installation procedures above, you can proceed to install BES. Note that during installation, be sure to select BlackBerry Server authentication for the web administration interface and not Active Directory (AD) integrated authentication. BlackBerry technical support couldn’t figure out how to get this working and they told me to reinstall from scratch on a clean machine and don’t use AD authentication for web administration.
There’s more pain after you’ve completed the whole installation. The web administration interface also needs access to the SQL database which doesn’t work out of the box and can frustrate you to no end. Because the BES installer didn’t bother to nail down the SQL ports from dynamic to fixed TCP 1433, the web admin page refuses to come up. You need to go into the SQL Server Configuration Manager and manually set the TCP ports to 1433 as shown below.
Internet Explorer 8.0 in Windows Server 2008 also requires you to enable “compatibility mode” for the administration page and you must also put the administration URL in the trusted site list. The other problem you’ll find is that because the BES 5.0 installer generated its own SSL certificate rather than using the one that is either already on the server or easily obtained in a Windows network environment with a Certificate Authority in place, the browser throws up error messages that it doesn’t trust the SSL certificate. You can fix this by right clicking on Internet Explorer and choose “Run as administrator”. Then you can view the certificate and install it. However, it’s installed in the wrong place in the personal user certificate store and you’ll have to export the certificate and import it into the computer certificate. A better option is to import the certificate into Active Directory trusted certificates using this procedure I wrote up in 2006 and that solves your problem for every computer within the active directory that needs to use the BES web administration page.
Anyhow, it’s all working for me right now and I hope this document helps you avoid the headaches I went through.