Installation and Configuration Guide

Local Navigation

Configuring a Microsoft Exchange 2010 messaging environment

Create a Windows account that has a Microsoft Exchange 2010 mailbox

You must create a Windows® account with a Microsoft® Exchange 2010 mailbox so that the Windows account can authenticate with the Microsoft® Exchange Server.

Before you begin: If you want free/busy lookups to work in Microsoft® Outlook® 2003 and earlier, you must configure Microsoft Exchange 2010 to support Microsoft Outlook 2003 and earlier by creating a public folder database. For more information about supporting Microsoft Outlook 2003 and earlier, visit http://support.microsoft.com to read article 555851 and visit http://technet.microsoft.com to read articles 123694, 124270, 397221, and 691120.
  1. On the computer that hosts Microsoft Exchange, log in using an administrator account that has the permission to create accounts.
  2. Open the Microsoft Exchange Management Console.
  3. Create an account and mailbox that you name BESAdmin.
  4. To permit the BlackBerry® Enterprise Server to check if a BlackBerry device user has permission to access a public folder, assign the Owner permission for all public folders to the administrator account.
After you finish:
  • To verify that you created the Windows account, log in to a computer using the Windows account.
  • Verify that the Windows account is not a member of the Domain Administrators group in Microsoft® Active Directory®.
  • Verify that BlackBerry device users have Read permissions and Visible permissions to public folders.
  • To permit BlackBerry device users to check the availability of meeting participants using BlackBerry® Device Software 4.5 or later, configure the Schedule+ Free/Busy information for the system public folder. For more information, visit http://technet.microsoft.com to read articles 629523 and 691129.
Back To Top

Configure Microsoft Exchange 2010 permissions for the Windows account

Before you begin:

Verify the domain name in Microsoft® Active Directory®. When you set the permissions, you must match the domain name in Microsoft Active Directory.

  1. On a computer that hosts the Microsoft® Exchange Management Shell, open the Microsoft Exchange Management Shell.
  2. Type Get-MailboxDatabase | Add-ADPermission -User "BESAdmin" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin.
  3. Type Add-RoleGroupMember "View-Only Organization Management" -Member "BESAdmin".
  4. Do one of the following:
    • To set the permissions at the organizational unit level, type the following command:

      Add-ADPermission -InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As -User "BESAdmin" -Identity "OU=<organizational_unit>,DC=<domain_1>,DC=<domain_2>,DC=<domain_3>"

      For example, if the organizational unit is Texas and the domain name is example.organization.net, type Texas for <organizational_unit>, example for <domain_1>, organization for <domain_2>, and net for <domain_3>.

    • To set the permissions at the common name level, type the following command:

      Add-ADPermission -InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As -User "BESAdmin" -Identity "CN=<common_name>,DC=<domain_1>,DC=<domain_2>,DC=<domain_3>"

      For example, if the common name is Users and the domain name is example.organization.net, type Users for <common_name>, example for <domain_1>, organization for <domain_2>, and net for <domain_3>.

    In each command, <domain_1>, <domain_2>, and <domain_3> form the internal Microsoft Active Directory domain (if internal and external domain names are different). You can contact your Microsoft Active Directory administrator for information about distinguished names.

After you finish: If you create a mailbox database for Microsoft® Exchange, repeat step 2.
Back To Top

Increase the maximum number of connections to the Address Book service in Microsoft Exchange 2010

By default, Microsoft® Exchange 2010 limits the maximum number of connections from the BlackBerry® Enterprise Server to the Address Book service to 50. To permit the BlackBerry Enterprise Server to run, you must increase the number of permitted connections to a large value (for example, 100,000).

Before you begin: You must complete this task if the messaging server that the BlackBerry Enterprise Server uses is Microsoft Exchange 2010. If the messaging server is Microsoft Exchange 2010 SP1, you can change the MaxSessionsPerUser settings using client throttling policies.
  1. On the computer that hosts the Microsoft Exchange CAS server, in <drive>:\Program Files\Microsoft\Exchange Server\V14\Bin, in a text editor, open the microsoft.exchange.addressbook.service.exe.config file.
  2. Change the value of the MaxSessionsPerUser key to 100000.
  3. Save and close the file.
  4. Restart the Address Book service.
Back To Top

Turn off client throttling in Microsoft Exchange 2010

By default, Microsoft® Exchange 2010 uses client throttling policies to track the bandwidth that each Microsoft Exchange user consumes and enforce bandwidth limits as necessary. The policies affect the performance of the BlackBerry® Enterprise Server, so you should turn off client throttling for the Windows® account that has a Microsoft Exchange mailbox.
  1. On a computer that hosts the Microsoft Exchange Management Shell, open the Microsoft Exchange Management Shell.
  2. Type New-ThrottlingPolicy BESPolicy.
  3. Type the following command: Set-ThrottlingPolicy BESPolicy -RCAMaxConcurrency $null -RCAPercentTimeInAD $null -RCAPercentTimeInCAS $null -RCAPercentTimeInMailboxRPC $null -EWSMaxConcurrency $null -EWSPercentTimeInAD $null -EWSPercentTimeInCAS $null -EWSPercentTimeInMailboxRPC $null -EWSMaxSubscriptions $null -EWSFastSearchTimeoutInSeconds $null -EWSFindCountLimit $null
  4. Type Set-Mailbox "BESAdmin" -ThrottlingPolicy BESPolicy.
Back To Top

Configure a management role for Microsoft Exchange Web Services

If you want the BlackBerry® Enterprise Server to use Microsoft® Exchange Web Services to manage calendars on BlackBerry devices, you must configure a management role for Microsoft Exchange Web Services in Microsoft Exchange 2010.

For more information about configuring the BlackBerry Enterprise Server to use Microsoft Exchange Web Services, see the BlackBerry Enterprise Server Administration Guide.

  1. On a computer that hosts the Microsoft Exchange Management Shell, open the Microsoft Exchange Management Shell.
  2. Type New-ManagementRoleAssignment -Name "BES Admin EWS" -Role ApplicationImpersonation -User "BESAdmin".
Back To Top

Configure the BlackBerry Enterprise Server to run without public folders

If you did not install any public folders in Microsoft® Exchange, you must configure the BlackBerry® Enterprise Server to run without public folders by changing a registry key.
  1. On each computer that hosts the BlackBerry Enterprise Server, click Start > Run.
  2. In the Open field, type regedit.
  3. Click OK.
  4. Perform one of the following actions:
    • If you are running a 32-bit version of Windows®, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Messaging Subsystem\CDO.
    • If you are running a 64-bit version of Windows, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Messaging Subsystem.

  5. If the CDO registry key does not exist, create a registry key that you name CDO.
  6. In the CDO registry key, if the DWORD value does not exist, create a DWORD value that you name Ignore No PF.
  7. Change the DWORD value to 1.
  8. Click OK.
Back To Top

Permit meeting requests from outside of your organization when using Microsoft Exchange Web Services for Microsoft Exchange 2010

By default, the BlackBerry® Enterprise Server uses Microsoft® Exchange Web Services to manage calendars on BlackBerry devices. Each time you add a new Microsoft Exchange mailbox, you must configure the calendar settings in Microsoft Exchange to permit BlackBerry device users to receive meeting requests from outside of your organization when using Microsoft Exchange Web Services.

  1. On a computer that hosts the Microsoft Exchange Management Shell, open the Microsoft Exchange Management Shell.
  2. For each Microsoft Exchange Server that hosts users, type the following command: Get-Mailbox | Set-CalendarProcessing -ProcessExternalMeetingMessages $true
Back To Top
Previous topic: Preinstallation tasks

Was this information helpful? Send us your comments.