Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Enterprise Mobility Server 3.7
  3. BEMS Installation Guide
  4. Prerequisites: Installing and configuring BEMS
  5. Core requirements
  6. Setting up a Windows service account for BEMS

Setting up a 
Windows
 service account for 
BEMS

For the required service account, "BEMSAdmin" is recommended. You can use the same 
Windows
 service account to install all of the 
BEMS
 service modules. For example, bemsadmin@example.com. Make sure the service account has the appropriate administrative privileges for all the 
BEMS
 service modules that you plan to install and configure. Permissions for individual service modules may not require the same privilege level as others. 
If you use the same service account for the 
Connect
 and 
Presence
 services, you must give the service account the RTCUniversalReadOnlyAdmins privilege.

Creating a 
Microsoft Active Directory
 account for the 
BEMS
 service account

"Read Only Domain Controllers" are a feature of the 
Microsoft Active Directory
 software. Read Only Domain Controllers 
Microsoft Active Directory
 servers are not supported for 
BEMS
BEMS
 supports only writable domain controllers.
Set the following attributes for the 
BEMS
 service account:
  • The account for the 
    Connect
     and 
    Presence
     services must be in the same 
    Active Directory
     domain as the 
    BEMS
     server. For more information, visit support.blackberry.com/community to read article 63703.
  • This service account should be a member of local administrator group on the 
    BEMS
     host machine.
  • The account name (UID, distinct from the account password) must be strictly alphanumeric; no special characters are allowed with the exception of: underscore (_), hyphen (-), and period (.). For example, BEMSAdmin.
  • Account Password (distinct from the account name above) must not contain these characters: semicolon (;), at sign (@), slash mark (/), caret (^), and double-quotes (").
  • Password Expires option must be set to Never for this account.

Change the 
BEMS
 service account password

  1. Log on to the 
    BEMS
     server using the updated password.
  2. Open the Services window.
  3. For the 
    Good Technology Common Services
    ,
    • If the Log On As services is Local System, no action is required.
    • If the Log On As services is service account, update the password and click 
      Apply
      . Restart the services.
  4. For the 
    Good Technology Connect
     service and 
    Good Technology Presence
     service,
    • If the Log On As services is Local System, no action is required.
    • If the Log On As services is service account, update the password and click 
      Apply
      . Restart both services.
  5. Log on to the 
    BEMS
     dashboard.
  6. Under 
    BlackBerry Services Configuration
    , click 
    Mail > Microsoft Exchange
    . If the 
    Use Windows Integrated Authentication
     checkbox is clear, and the same service account is used, update the password, run a test, and then save the configuration.
  7. If the 
    Good Technology Connect
     and 
    Good Technology Presence
     services use the same service account, update that password and save the configuration.