BES12-Installation Guide

Installation Guide
BES12
Version 12.1
Published: 2015-04-14
SWD-20150414120016788
Contents
Preinstallation tasks......................................................................................................... 5
Configure permissions for the service account................................................................................................................... 5
Configuring connections for the BES12 database.............................................................................................................. 5
Specifying database permissions to create the BES12 database................................................................................. 6
Creating a BES12 database using CreateDB...................................................................................................................... 6
Create a BES12 database using CreateDB..................................................................................................................6
CreateDB.properties file ............................................................................................................................................7
Using the BES12 Readiness Tool.......................................................................................................................................9
Configuring database high availability using Microsoft SQL Server AlwaysOn.................................................................... 10
AlwaysOn high availability........................................................................................................................................ 10
Preinstallation tasks.................................................................................................................................................12
Install BES12 and configure support for database high availability............................................................................ 12
How BES12 selects listening ports during installation...................................................................................................... 13
Prerequisites: Installing the BES12 software....................................................................14
Installing the BES12 software......................................................................................... 15
Applications that are installed with BES12.......................................................................................................................15
Install BES12 ................................................................................................................................................................. 15
Installing BES12 in a DMZ............................................................................................................................................... 18
Installing a standalone BlackBerry Router....................................................................... 19
Install a standalone BlackBerry Router............................................................................................................................ 19
Logging in to BES12 for the first time...............................................................................20
Log in to BES12 for the first time..................................................................................................................................... 20
Additional information.................................................................................................... 22
Best practice: Running BES12........................................................................................................................................ 22
Configuring database permissions using Microsoft SQL Server roles.................................................................................22
Configure minimum database permissions for the service account or Microsoft SQL Server account......................... 23
BES12 listening ports......................................................................................................................................................23
Removing the BES12 software........................................................................................................................................ 25
Remove the BES12 software.................................................................................................................................... 25
Remove a BES12 instance from the database.......................................................................................................... 26
Preinstallation tasks
Preinstallation tasks
1
Configure permissions for the service account
A service account is a Windows account that runs the services for BES12. The service account must be a member of the local
Administrators group on the computer that you install BES12 on, and must have the Log on as a service permission. The service
account must also have permission to access the Microsoft SQL Server.
If your organization's environment includes another EMM solution from BlackBerry, you can use the same service account to
install BES12. Otherwise, create a service account in your company directory or a local Windows account on the computer that
you want to install BES12 on.
Note: If you use Microsoft SQL Server authentication to connect to the BES12 database, the BES12 services run under the
Local System account.
1.
On the taskbar, click Start > Administrative Tools > Computer Management.
2.
In the left pane, expand Local Users and Groups.
3.
Navigate to the Groups folder.
4.
In the right pane, double-click Administrators.
5.
Click Add.
6.
In the Enter the object names to select field, type the name of the service account (for example, BESAdmin).
7.
Click OK.
8.
Click Apply.
9.
Click OK.
10. On the taskbar, click Start > Administrative Tools > Local Security Policy.
11. In the left pane, expand Local policies.
12. Click User rights agreement.
13. Configure Log on as a service permission for the service account.
Configuring connections for the BES12 database
The BES12 database is created using the BES12 setup application or by running CreateDB using the command prompt window.
BES12 can connect to the BES12 database using Windows authentication or Microsoft SQL Server authentication.
5
Preinstallation tasks
You can connect to the BES12 database using one of the following:
•
Service account that you use to complete the installation process
•
Windows administrator account that has create_db role permissions
•
Microsoft SQL Server account that you specify during the installation process
Specifying database permissions to create the BES12 database
Depending on the database option and the type of authentication that you select, you might need to assign database creator
permissions to one of the following:
•
Service account that you use to complete the installation process
•
Microsoft SQL Server account that you specify during the installation process
Database option
Database permission
Install Microsoft SQL Server Express
during the BES12 installation
If you choose Windows authentication, the setup application automatically assigns
the required database permissions to the service account
Use an existing Microsoft SQL Server in
your organization's environment
You must add the service account or Microsoft SQL Server account to the dbcreator
server role
Creating a BES12 database using CreateDB
Note: You cannot upgrade a BES10 database to a BES12 database.
If your organization's security policies do not allow applications to have permissions to create or upgrade databases, you can
run CreateDB on the database server to create a BES12 database or upgrade to a BES12 database instead of using the setup
application. After you create or upgrade to the BES12 database using CreateDB, you can run the setup application using a
service account that has minimum permissions on the database server.
Create a BES12 database using CreateDB
Before you begin: Verify that you configured the correct permissions on the database server.
Note: If you do not want to run CreateDB on the database server, you must run it on a computer that you install BES12 on. The
computer must be able to connect to the computer that hosts the database server.
1.
If you use a Windows account to create the BES12 database, log in to the computer using a Windows account that has
database creator permissions.
2.
Copy the BES12 installation files to the computer.
6
Preinstallation tasks
3.
Extract the contents to a folder on the computer.
4.
Navigate to <extracted_folder>\tools\ext.
5.
Double-click the jre.exe file.
6.
In the Java Setup screen, click Install.
7.
Click Close.
8.
Navigate to <extracted_folder>\tools\ext\UnlimitedJCEPolicy.
9.
Copy all of the files from the UnlimitedJCEPPolicy folder.
10. Navigate to <java_install_dir>\jre7\lib\security.
11. Paste all of the UnlimitedJCEPPolicy folder files in the security folder.
12. Navigate to <extracted_folder>\db.
13. Open the CreateDB.properties file in a text editor.
14. Change the file to include information that is specific to your organization's environment. For more information, see
CreateDB.properties file .
15. Save and close the file.
16. Open a command prompt window.
17. Change the directory to <extracted_folder>\db.
18. Type one of the following commands to create or upgrade to a BES12 database:
Database configuration
Steps
Create a BES12 database
Type CreateDB.bat install CreateDB.properties. Press ENTER.
Upgrade to a BES12 database
Type CreateDB.bat upgrade CreateDB.properties. Press ENTER.
After you finish: Delete the CreateDB.properties file after you create the BES12 database.
CreateDB.properties file
The following properties apply to the CreateDB.properties file, which contains configuration information for CreateDB.
Property
Description
Database type
This property specifies the type of database that integrates with BES12.
By default, the database type property is
"configuration.database.ng.type=SQL_SERVER".
7
Preinstallation tasks
Property
Description
You should not modify this property as it is a default setting.
Database server name
This property specifies the database server name that hosts the database to
create or upgrade to BES12.
By default, the database server name property is
"configuration.database.ng.server=localhost".
Database instance name
This property specifies the database instance name to create or upgrade to
BES12.
If you use a Microsoft SQL Server instance name; by default, the database
instance name property is
"configuration.database.ng.instance=Microsoft_SQL_Server_instance
name".
Note: The default Microsoft SQL Server instance name in the
CreateDB.properties file is BES.
If you use another Microsoft SQL Server instance name than BES, configure
the database instance name property to change BES to your Microsoft SQL
Server instance name.
If you do not use a Microsoft SQL Server named instance, verify that the
Microsoft_SQL_Server_instance name value is deleted.
Database port
This property specifies the port that the database server uses.
If you use a dynamic port configuration, verify that you have no ports listed for
this property.
By default, the database port property uses a dynamic port configuration and
you do not need to configure this property.
If you use a static port configuration, configure your database port as
"configuration.database.ng.port=static_port_number".
Note: If you specify a static port, leave the database instance name property
blank.
Authentication type
This property specifies the authentication type as follows:
•
Windows authentication - by default, configured as INTEGRATED in
this properties file
•
Microsoft SQL Server authentication - can be configured as USER in
this properties file
8
Preinstallation tasks
Property
Description
If you use Windows authentication, by default your authentication type is
"configuration.database.ng.authenticationtype=INTEGRATED".
Note: If you use Windows authentication, you do not need to configure a user
and password in the createdb.properties file.
If you use Microsoft SQL Server authentication, configure your authentication
type as "configuration.database.ng.authenticationtype=USER".
Username and Password - Microsoft SQL
Server authentication (USER)
If you use Microsoft SQL Server database authentication, these properties
specify the username and password for the database account that has
database creator permissions.
By default, the username property you configure for Microsoft SQL Server
authentication (USER) is "configuration.database.ng.user=user_name".
By default, the password property you configure for Microsoft SQL Server
authentication (USER) is "configuration.database.ng.password=password".
Using the BES12 Readiness Tool
You can use the BES12 Readiness Tool to check system requirements before you run the BES12 setup application. The BES12
Readiness Tool checks the following requirements:
•
Proxy server setting validation
•
Minimum operating system requirements
•
Minimum hard disk space
•
Secure connection
•
SRP connection
•
Required ports
•
Account permissions
•
Database validation
The BES12 Readiness Tool does not check for the following requirements:
•
Microsoft .NET Framework 4.5
The BES12 Readiness Tool is included with the BlackBerry Enterprise Service 12 software. You can also download the tool from
docs.blackberry.com/BES12tools.
9
Preinstallation tasks
Configuring database high availability using
Microsoft SQL Server AlwaysOn
Before you install BES12, decide if you want to configure high availability for the BES12 database. Database high availability
allows you to retain database service and data integrity if issues occur with the BES12 database.
You can use one of the following Microsoft SQL Server features for database high availability:
•
AlwaysOn Failover Cluster Instances (FCI) for Microsoft SQL Server 2012 or 2014 (Standard Edition)
•
AlwaysOn Availability Groups for Microsoft SQL Server 2012 or 2014 (Enterprise Edition)
•
Database mirroring for Microsoft SQL Server 2008 or 2012
If you want to use an AlwaysOn feature, you must complete configuration steps before you install BES12. This section gives you
instructions for configuring database high availability using AlwaysOn.
You can configure database mirroring any time after you install BES12. For instructions, visit docs.blackberry.com/BES12 to
read the BlackBerry Enterprise Service 12 Configuration Guide.
Note: Microsoft recommends using AlwaysOn because database mirroring will be deprecated in a future version of Microsoft
SQL Server.
AlwaysOn high availability
BES12 supports AlwaysOn using a Failover Cluster Instance (FCI) or availability group. Both methods require a Windows Server
Failover Clustering (WSFC) cluster where independent servers interact to provide a high availability solution for databases. For
more information about WSFC, visit the MSDN Library to see Windows Server Failover Clustering (WSFC) with SQL Server.
Instance-level high availability using an AlwaysOn Failover Cluster Instance
10
Preinstallation tasks
An FCI is an instance of Microsoft SQL Server that is installed across multiple computers (or “nodes”) in a WSFC cluster. The
nodes are members of a resource group, and all nodes have shared access to the BES12 database. One of the nodes has
ownership of the resource group and gives the BES12 components access to the BES12 database. If the node that owns the
resource group becomes unavailable (for example, a hardware or OS failure), a different node takes ownership of the resource
group. As a result, BES12 database service continues with minimal interruption.
For more information, visit the MSDN Library to see AlwaysOn Failover Cluster Instances (SQL Server).
Database-level high availability using an AlwaysOn availability group
11
Preinstallation tasks
To use an availability group, you configure a WSFC cluster with multiple nodes. Each node is a separate computer that has an
instance of Microsoft SQL Server. One of the nodes hosts the primary BES12 database and gives the BES12 components readwrite access. This node is the “primary replica.” The WSFC cluster can have one to eight other nodes, each hosting a secondary
database (a read-only copy of the BES12 database). These nodes are “secondary replicas.”
The primary database synchronizes data with the secondary databases. Data is synchronized with each secondary database
independently. If one secondary database is unavailable, it does not affect the other secondary databases. You can configure
the data synchronization to be asynchronous (delayed synchronization with minimal transaction latency) or synchronous (faster
synchronization with increased transaction latency). Automatic failover requires the primary replica and secondary replicas to
use synchronous-commit mode.
If you configure an availability group for automatic failover and the primary database becomes unavailable, one of the
secondary replicas becomes the primary replica. That replica’s secondary database becomes the primary database. As a result,
BES12 database service continues with minimal interruption.
For more information, visit the MSDN Library to see Overview of AlwaysOn Availability Groups (SQL Server) and AlwaysOn
Availability Groups (SQL Server).
Preinstallation tasks
Before you install BES12, perform the following actions:
•
Create a WSFC cluster. It is recommended to use static port 1433 for the database server. For requirements and
instructions, visit the Technet Library to see Create a Failover Cluster.
•
If you want to use an AlwaysOn FCI:
•
◦
Verify that your environment meets Microsoft requirements. Visit the MSDN Library to see Before Installing
Failover Clustering.
◦
Configure the FCI. Visit the MSDN Library to see Create a New SQL Server failover Cluster (Setup).
If you want to use an AlwaysOn availability group:
◦
Verify that your environment meets Microsoft requirements. Visit the MSDN Library to see Prerequisites,
Restrictions, and Recommendations for AlwaysOn Availability Groups (SQL Server).
◦
Enable the availability groups feature and complete the initial setup tasks, including creating an availability
group listener. You will set up the primary replica and secondary replicas after you install BES12 and create
the BES12 database. Visit the MSDN Library to see Getting Started with AlwaysOn Availability Groups.
Install BES12 and configure support for database high
availability
1.
Verify that your environment meets the requirements for installing BES12. See Prerequisites: Installing the BES12
software.
12
Preinstallation tasks
2.
Follow the instructions in Installing the BES12 software. When you run the setup application:
•
•
3.
On the Database information screen, when you specify the Microsoft SQL Server name, type one of the
following:
◦
If you are using an AlwaysOn FCI, type the SQL Virtual Server Network Name for the WSFC cluster (for
example, CompanySQLCluster).
◦
If you are using an AlwaysOn availability group, type the Availability Group Listener Virtual Network
Name (for example, CompanyListener).
On the Database information screen, it is recommended that you use the Static port option and use the default
port 1433.
Complete any postinstallation tasks described in this guide.
After you finish:
•
If you want to install another BES12 instance connecting to the same BES12 database, repeat these steps.
•
If you are using an FCI, use the Failover Cluster Manager tool to manage the FCI and failover settings.
•
If you are using an availability group, use Microsoft SQL Server Management Studio to set up the primary replica and
secondary replicas and to configure failover settings. Visit the MSDN Library to see Getting Started with AlwaysOn
Availability Groups and Use the Availability Group Wizard (SQL Server Management Studio). Choose the option to
create a full backup for the secondary databases and specify a shared network location that all replicas can access.
How BES12 selects listening ports during
installation
When you install BES12 for the first time, the setup application determines whether default listening ports are available for use.
To review the list of default listening ports and the purpose of each port connection, see BES12 listening ports. If a default port
is not available, the setup application assigns a port value from the range of 12000 to 12999. The setup application stores the
port values in the BES12 database.
When you install an additional BES12 instance in the domain, the setup application retrieves the listening port values from the
database and uses those values for the current installation. If a defined listening port is not available, you receive an error
message stating that you cannot complete the installation until the port is available for use.
For more information about the port connections that you must open in your organization's firewall after you install BES12, visit
docs.blackberry.com/BES12 to read the BlackBerry Enterprise Service 12 Configuration Guide.
13
Prerequisites: Installing the BES12 software
Prerequisites: Installing the BES12
software
2
•
Verify that you opened the necessary ports on your organization's firewall.
•
Verify that you installed all required third-party applications.
•
If you perform the installation process on a computer that has more than one NIC, verify that the production NIC is first
in the bind order in the Windows network settings.
•
If your organization uses a proxy server for Internet access, verify that you have the computer name, port number, and
credentials for the proxy server.
•
When you run the setup application, use only standard characters to specify values. Unicode characters are not
supported.
•
If you want to install BES12 on the same computer as BES10, the setup application may identify that you must remove
your static JRE version or install a newer, dynamic JRE version. Install the latest JRE 1.7 family version before you run
the setup application.
14
Installing the BES12 software
Installing the BES12 software
3
Applications that are installed with BES12
You can use the BES12 installation process to install the following third-party applications:
•
Microsoft .NET Framework 4.5 (if it is available in the setup application to enable through the Windows Server
Manager)
•
Microsoft Visual C++ 2008 SP1 Redistributable Package
•
Microsoft Visual C++ 2010 Redistributable Package
•
Microsoft SQL Server 2012 Express SP2 (if it is selected during the installation process)
•
Microsoft SQL Server 2012 Express SP2 Native Client
For more information about the JRE version that is installed with BES12, see the BES12 Compatibility Matrix.
If you want to install Microsoft SQL Server 2012 Express SP2 on a computer that does not host BES12, you can copy the BES12
installation files to the computer that you want to install Microsoft SQL Server 2012 Express SP2 on. In the BES12 installation
files, navigate to the Tools and ext folders and run the sqlexpress.exe file (64-bit).
Install BES12
When you run the setup application, use only standard characters to specify values. Unicode characters are not supported.
Before you begin:
•
If you are upgrading from BES5 to BES12 during this installation, verify that the BES5 database is at BES5 version
5.0.4 MR10 or later.
•
If you install BES12 behind a firewall, it cannot connect to the BlackBerry Infrastructure until you configure the proxy
server. BES12 prompts you the first time you log in to the BES12 management console.
•
Installing BES12 or specifying the location of BES12 log files to a mapped network drive is not supported.
Note: Any files that you add to the installation folder will be deleted automatically when you reinstall or upgrade BES12.
1.
Log in to the computer that you want to install BES12 on using the service account.
2.
In the BES12 installation folder, double-click Setup.exe. If a Windows message appears and requests permission for
Setup.exe to make changes to the computer, click Yes.
3.
In the Java Setup screen, click Install.
15
Installing the BES12 software
4.
Click Close.
5.
In the BES12 setup application screen, click Next.
6.
In the License agreement dialog box, perform the following actions:
7.
a.
Select your country or region.
b.
Read the license agreement. To accept the license agreement, select I accept the terms of the license agreement.
c.
Click Next.
In the Installation requirements dialog box, you can check to see if your computer has met the requirements to install
BES12. Click Next.
The setup application may display a warning that indicates that Microsoft .NET Framework 4.5 is not installed. You can
ignore this warning and proceed with the installation. The setup application will automatically install Microsoft .NET
Framework 4.5 for you if it is not detected on your computer.
8.
In the Setup type dialog box, perform one of the following actions:
•
For a new installation of the BES12 software, select Create a new domain. Select Install and use Microsoft SQL
Server 2012 Express Edition on this computer if you do not have Microsoft SQL Server installed.
•
If you already have a supported version of Microsoft SQL Server installed, select Use an existing Microsoft SQL
Server instance in your organization’s environment. You can install the database server on the same computer
or use an existing database server in your organization's environment (local or remote).
•
To upgrade an existing BES5 database to BES12, or to use an existing BES12 database, select Use an existing
domain.
For more information about how to upgrade from BES10 to BES12, visit docs.blackberry.com/BES12 to read the
BlackBerry Enterprise Service 12 Planning Guide.
9.
Click Next.
10. In the Database information dialog box, fill out the fields depending on the setup type you selected:
Setup type
Steps
Create a new domain and install
Microsoft SQL Server 2012 Express
1.
Type the Windows password.
2.
Click Next.
1.
In the Microsoft SQL Server name field, type the name of the computer
that hosts the database server.
2.
In the Database name field, type a name for the database you are
upgrading, or a name for the new database.
3.
If you configured the database server to use static ports, select the Static
option. If the static port number is not 1433, in the Port field, type the port
number.
Create a new domain and use an
existing Microsoft SQL Server instance
16
Installing the BES12 software
Setup type
Use an existing domain
Steps
4.
By default, the setup application uses Windows authentication to connect
to the existing database. If you select Microsoft SQL Server
authentication, specify a Windows account that has access to the
Microsoft SQL Server.
5.
Click Next.
1.
In the Microsoft SQL Server name field, type the name of the computer
that hosts the database server.
2.
In the Database name field, type a name for the database you are
upgrading, or a name for the new database.
3.
If you configured the database server to use static ports, select the Static
option. If the static port number is not 1433, in the Port field, type the port
number.
4.
By default, the setup application uses Windows authentication to connect
to the existing database. If you select Microsoft SQL Server
authentication, specify a Windows account that has access to the
Microsoft SQL Server.
5.
Click Next.
If you are installing BES12 on a computer that already has an instance of BES5, the setup application automatically
completes the fields in the Database information dialog box.
11. In the Folder locations dialog box, perform the following actions:
a.
Specify the location of the installation folder and log file folder.
b.
If you receive a message saying there is not enough space remaining, create extra space to install BES12 on your
computer.
c.
If you receive a message asking you to create the installation and logs folder locations, click Yes.
12. Click Next.
13. In the Installation summary dialog box, click Install to install BES12.
14. In the Installing dialog box, click Next when the installation is complete.
15. In the Console addresses dialog box, click Close.
After you finish:
Note: Do not create a shared folder within the installation folder after you install BES12. If you reinstall or upgrade BES12, all of
the files and folders in the installation folder will be deleted, including the shared folder.
17
Installing the BES12 software
•
If you performed an upgrade from BES5 to BES12, restart the BES5 BlackBerry Administration Service - Application
Server service.
•
If you performed an upgrade from BES5 to BES12, review the BES5 roles.
•
You can install more than one BES12 instance in the domain to create a high availability configuration that minimizes
service interruptions for BlackBerry 10, iOS, Android, and Windows Phone device users. For more information about
high availability, visit docs.blackberry.com/BES12 to read the BlackBerry Enterprise Service 12 Configuration Guide.
Installing BES12 in a DMZ
You can install BES12 in a DMZ, outside of your organization's firewall. To install BES12, see Install BES12 .
If you install BES12 in a DMZ, verify that you open the required ports on your organization's firewall. For more information about
port requirements, visit docs.blackberry.com/BES12 to see the BlackBerry Enterprise Service 12 Configuration Guide.
18
Installing a standalone BlackBerry Router
Installing a standalone BlackBerry
Router
4
The BlackBerry Router is an optional component that you can install in a DMZ outside your organization's firewall. The
BlackBerry Router connects to the Internet to send data between BES12 and devices that use the BlackBerry Infrastructure.
The BlackBerry Router functions as a proxy server and can support SOCKS v5 (no authentication).
Note: If your current environment contains a TCP proxy server, you do not need to install the BlackBerry Router for BES12.
Install a standalone BlackBerry Router
Before you begin: Make sure you have the name of the SRP host. The SRP host name is usually <country
code>.srp.blackberry.com (for example, us.srp.blackberry.com). To verify the SRP host name for your country, visit the SRP
Address Lookup page.
Note: Installing the BlackBerry Router on a computer that hosts any components that manage BlackBerry OS devices is not
supported.
A standalone BlackBerry Router instance is hosted on a computer that does not host any other BES12 components.
1.
Download and extract the BES12 Installation .zip file on your computer.
2.
From the extracted BES12 installation files, open the router folder.
3.
Extract the setupinstaller .zip file from the router folder. This .zip file contains an Installer folder that has the Setup.exe
file to install the BlackBerry Router using the Command Prompt application.
4.
Go to Start > All Programs > Accessories > Command Prompt.
5.
Right-click the Command Prompt application and select Run as administrator.
6.
Navigate to the location of the BlackBerry Router Setup.exe file using the Command Prompt application.
7.
In the command prompt window, type Setup.exe -srphost <srphostname> (for example, Setup.exe -srphost
ca.srp.blackberry.com).
19
Logging in to BES12 for the first time
Logging in to BES12 for the first time
5
The first time that you log in to the management console after you install BES12, you must enter your organization name, SRP
ID, and SRP authentication key.
Log in to BES12 for the first time
Before you begin: Verify that you have the organization name, SRP identifier, and SRP authentication key available.
If the setup application is still open, you can access the management console directly from the Console addresses dialog box.
Note: You may be prompted to provide the IP address and port number of the BlackBerry Router or a TCP proxy server.
1.
In the browser, type https://<server_name>:<port>/admin, where <server_name> is the FQDN of the computer that hosts
the management console. The default port for the management console is port 443.
2.
Do one of the following:
3.
•
If you upgraded the database from BES5 to BES12, verify that you have restarted the BlackBerry Administration
Service services. Click OK.
•
If you did not upgrade a BES5 database, click OK.
Click OK when you receive a reminder to restart the BlackBerry Administration Service services if you have upgraded the
database from BES5 to BES12.
If you have not upgraded the database from BES5 to BES12, you can ignore the reminder.
4.
In the Username field, type admin.
5.
In the Password field, type password.
6.
Click Sign in.
7.
In the Server location drop-down selection, select the country of the computer that has BES12 installed on it.
8.
Click Next.
9.
Type the name of your organization, the SRP identifier, and the SRP authentication key.
10. Click Submit.
11. You will be prompted to change your password.
12. Change the temporary password to a permanent password.
13. Click Submit.
20
Logging in to BES12 for the first time
After you finish: When you log in to the management console, you can choose to complete or close the Welcome to BES12
dialog box. If you close the dialog box, it will not appear during subsequent login attempts.
21
Additional information
Additional information
6
Best practice: Running BES12
Best practice
Description
Do not change the startup type for the
BES12 services.
When you install or upgrade to BES12, the setup application configures the startup
type for the BES12 services as either automatic or manual.
To avoid errors in BES12, do not change the startup type for the BES12 services.
Do not change the account information
for the BES12 services.
When you install or upgrade BES12, the setup application configures the account
information for the BES12 services.
Do not change the account information for BES12 unless the BES12
documentation specifies that you can.
Do not manually restart the BlackBerry
Work Connect Notification Service.
You can manually restart the BlackBerry Affinity Manager service, which controls
the restart of the BlackBerry Work Connect Notification Service.
Configuring database permissions using
Microsoft SQL Server roles
The setup application requires the service account or Microsoft SQL Server account that it uses during the installation or
upgrade process to have permissions on the database server to create or upgrade the BES12 database. After the installation or
upgrade process completes, you can change the database permissions for the service account or Microsoft SQL Server account
to the minimum permissions that BES12 requires to run.
When you change the database permissions, you can use Microsoft SQL Server security to minimize the operations that the
service account or Microsoft SQL Server account can perform on the BES12 database. The Microsoft SQL Server roles that are
required by the setup application and BES12 are as follows:
Database role
Description
db_owner
The setup application or CreateDB automatically adds the account that you use to
create the BES12 database to this role.
22
Additional information
Database role
Description
This role contains the minimum permissions that the setup application or CreateDB
requires to upgrade the BES12 database.
Configure minimum database permissions for the service
account or Microsoft SQL Server account
You can configure minimum database permissions for the service account or Microsoft SQL Server account that BES12 uses to
connect to the BES12 database.
Before you begin: Add a different Windows account or Microsoft SQL Server account to the db_owner database role for the
BES12 database.
1.
Open the Microsoft SQL Server Management Studio.
2.
Expand Microsoft SQL Server > Security > Logins.
3.
Right-click the service account or Microsoft SQL Server account. Click Properties.
4.
Click User Mapping. Select the BES12 database.
5.
In the Users mapped to this login section, select bes.
6.
Remove all other database role memberships except public.
7.
Click OK.
BES12 listening ports
When you install BES12 for the first time, the setup application determines whether the following default listening ports are
available for use. If a default port is not available, the setup application assigns a port value from the range of 12000 to 12999.
The setup application stores the port values in the BES12 database.
When you install an additional BES12 instance in the domain, the setup application retrieves the listening port values from the
database and uses those values for the current installation. If a defined listening port is not available, you receive an error
message stating that you cannot complete the installation until the port is available for use.
Port
Purpose
1610
The port that the BES12 Core uses to provide SNMP monitoring data.
1620
The port that the BES12 Core uses to send SNMP notifications in an IPv4 environment.
23
Additional information
Port
Purpose
3202
The port that the active BlackBerry Affinity Manager listens on for RCP connections from
the BlackBerry Dispatcher.
3203
The port that the BlackBerry Dispatcher listens on for BIPPe connections from the
BlackBerry MDS Connection Service.
8000
The ports that BES12 Self-Service and the management console listen on for HTTPS
connections.
443
If 443 is not available, the setup application tries to use port 8008. If port 8008 is not
available, the setup application assigns a port value from the range of 12000 to 12999.
8085
The port that the active BlackBerry Affinity Manager listens on for REST notifications.
8091
The secure SSL port that the BlackBerry Work Connect Notification Service listens on.
8093
The port that the administration console uses to connect to the BES12 Core.
8448
The port that is used for internal communication between the BES12 Core and the
management console and BES12 Self-Service.
8881
The port that BES12 uses to receive management requests for BlackBerry 10 devices.
The connection uses mutual authentication with ECC certificates.
8882
The port that BES12 uses to receive enrolment requests for BlackBerry 10 devices.
8883
The port that BES12 uses to receive enrolment requests for iOS, Android, and Windows
Phone devices.
8884
The port that BES12 uses to receive management requests for iOS, Android, and
Windows Phone devices. The connection uses mutual authentication with RSA
certificates.
8885
An additional port that BES12 uses to receive management requests for iOS devices. The
connection uses mutual authentication with RSA certificates.
8887
The port that BES12 uses for authenticated connections to check the status of BES12
instances.
8900
The secure SSL port that the BlackBerry Gatekeeping Service listens on.
10080
The HTTP port that the BlackBerry MDS Connection Service listens on for enterprise push
data.
24
Additional information
Port
Purpose
10443
The HTTPS port that the BlackBerry MDS Connection Service listens on for enterprise
push data. This port is used when you turn on push encryption.
18084
The port that applications can use to send data to the BlackBerry Web Services.
38082
The port that the BES12 Core listens on to route email notification traffic through the
BlackBerry Infrastructure to the APNs for iOS devices.
38083
The port that the BES12 Core listens on for migration requests when you move devices
from BES10 to BES12.
38085
The port that supports Secure Work Space traffic from iOS and Android devices through
the BES12 Core and BlackBerry Infrastructure to connect to work resources.
38086
The port that your organization’s TCP proxy server or the BlackBerry Router listens on for
data that BES12 sends to the APNs.
Removing the BES12 software
You can use the uninstall application to remove the BES12 software from a computer. The uninstall application can also remove
the log files for the existing installation.
The uninstall application does not remove the BES12 database from the database server and it does not remove the database
instance that hosts the BES12 database.
CAUTION: You cannot uninstall BES12 and continue to use BES5 after you have upgraded from BES5 to BES12. If you uninstall
BES12 after the upgrade, BES5 will not function correctly.
Remove the BES12 software
1.
On the taskbar, click Start > Control Panel.
2.
Click Uninstall a program.
3.
Click BES12.
4.
Click Uninstall.
5.
If the uninstall application prompts you to restart the computer to finish removing the BES12 software, click OK.
After you finish: You can remove third-party software that the setup application installed during the BES12 installation process
(for example, you can remove the JRE software from the computer).
25
Additional information
Remove a BES12 instance from the database
If you uninstall a BES12 instance, you must complete the following steps to remove the data for that instance from the BES12
database. If you do not, the BES12 log files indicate that the instance that you removed is not available.
Before you begin: Uninstall a BES12 instance.
1.
On the menu bar, click Settings.
2.
In the left pane, click Infrastructure > BES12 instances.
3.
For the BES12 instance that you removed, click
4.
Click Delete.
.
26