Installation Guide BES12 Version 12.1 Published: 2015-04-14 SWD-20150414120016788 Contents Preinstallation tasks......................................................................................................... 5 Configure permissions for the service account................................................................................................................... 5 Configuring connections for the BES12 database.............................................................................................................. 5 Specifying database permissions to create the BES12 database................................................................................. 6 Creating a BES12 database using CreateDB...................................................................................................................... 6 Create a BES12 database using CreateDB..................................................................................................................6 CreateDB.properties file ............................................................................................................................................7 Using the BES12 Readiness Tool.......................................................................................................................................9 Configuring database high availability using Microsoft SQL Server AlwaysOn.................................................................... 10 AlwaysOn high availability........................................................................................................................................ 10 Preinstallation tasks.................................................................................................................................................12 Install BES12 and configure support for database high availability............................................................................ 12 How BES12 selects listening ports during installation...................................................................................................... 13 Prerequisites: Installing the BES12 software....................................................................14 Installing the BES12 software......................................................................................... 15 Applications that are installed with BES12.......................................................................................................................15 Install BES12 ................................................................................................................................................................. 15 Installing BES12 in a DMZ............................................................................................................................................... 18 Installing a standalone BlackBerry Router....................................................................... 19 Install a standalone BlackBerry Router............................................................................................................................ 19 Logging in to BES12 for the first time...............................................................................20 Log in to BES12 for the first time..................................................................................................................................... 20 Additional information.................................................................................................... 22 Best practice: Running BES12........................................................................................................................................ 22 Configuring database permissions using Microsoft SQL Server roles.................................................................................22 Configure minimum database permissions for the service account or Microsoft SQL Server account......................... 23 BES12 listening ports......................................................................................................................................................23 Removing the BES12 software........................................................................................................................................ 25 Remove the BES12 software.................................................................................................................................... 25 Remove a BES12 instance from the database.......................................................................................................... 26 Preinstallation tasks Preinstallation tasks 1 Configure permissions for the service account A service account is a Windows account that runs the services for BES12. The service account must be a member of the local Administrators group on the computer that you install BES12 on, and must have the Log on as a service permission. The service account must also have permission to access the Microsoft SQL Server. If your organization's environment includes another EMM solution from BlackBerry, you can use the same service account to install BES12. Otherwise, create a service account in your company directory or a local Windows account on the computer that you want to install BES12 on. Note: If you use Microsoft SQL Server authentication to connect to the BES12 database, the BES12 services run under the Local System account. 1. On the taskbar, click Start > Administrative Tools > Computer Management. 2. In the left pane, expand Local Users and Groups. 3. Navigate to the Groups folder. 4. In the right pane, double-click Administrators. 5. Click Add. 6. In the Enter the object names to select field, type the name of the service account (for example, BESAdmin). 7. Click OK. 8. Click Apply. 9. Click OK. 10. On the taskbar, click Start > Administrative Tools > Local Security Policy. 11. In the left pane, expand Local policies. 12. Click User rights agreement. 13. Configure Log on as a service permission for the service account. Configuring connections for the BES12 database The BES12 database is created using the BES12 setup application or by running CreateDB using the command prompt window. BES12 can connect to the BES12 database using Windows authentication or Microsoft SQL Server authentication. 5 Preinstallation tasks You can connect to the BES12 database using one of the following: • Service account that you use to complete the installation process • Windows administrator account that has create_db role permissions • Microsoft SQL Server account that you specify during the installation process Specifying database permissions to create the BES12 database Depending on the database option and the type of authentication that you select, you might need to assign database creator permissions to one of the following: • Service account that you use to complete the installation process • Microsoft SQL Server account that you specify during the installation process Database option Database permission Install Microsoft SQL Server Express during the BES12 installation If you choose Windows authentication, the setup application automatically assigns the required database permissions to the service account Use an existing Microsoft SQL Server in your organization's environment You must add the service account or Microsoft SQL Server account to the dbcreator server role Creating a BES12 database using CreateDB Note: You cannot upgrade a BES10 database to a BES12 database. If your organization's security policies do not allow applications to have permissions to create or upgrade databases, you can run CreateDB on the database server to create a BES12 database or upgrade to a BES12 database instead of using the setup application. After you create or upgrade to the BES12 database using CreateDB, you can run the setup application using a service account that has minimum permissions on the database server. Create a BES12 database using CreateDB Before you begin: Verify that you configured the correct permissions on the database server. Note: If you do not want to run CreateDB on the database server, you must run it on a computer that you install BES12 on. The computer must be able to connect to the computer that hosts the database server. 1. If you use a Windows account to create the BES12 database, log in to the computer using a Windows account that has database creator permissions. 2. Copy the BES12 installation files to the computer. 6 Preinstallation tasks 3. Extract the contents to a folder on the computer. 4. Navigate to <extracted_folder>\tools\ext. 5. Double-click the jre.exe file. 6. In the Java Setup screen, click Install. 7. Click Close. 8. Navigate to <extracted_folder>\tools\ext\UnlimitedJCEPolicy. 9. Copy all of the files from the UnlimitedJCEPPolicy folder. 10. Navigate to <java_install_dir>\jre7\lib\security. 11. Paste all of the UnlimitedJCEPPolicy folder files in the security folder. 12. Navigate to <extracted_folder>\db. 13. Open the CreateDB.properties file in a text editor. 14. Change the file to include information that is specific to your organization's environment. For more information, see CreateDB.properties file . 15. Save and close the file. 16. Open a command prompt window. 17. Change the directory to <extracted_folder>\db. 18. Type one of the following commands to create or upgrade to a BES12 database: Database configuration Steps Create a BES12 database Type CreateDB.bat install CreateDB.properties. Press ENTER. Upgrade to a BES12 database Type CreateDB.bat upgrade CreateDB.properties. Press ENTER. After you finish: Delete the CreateDB.properties file after you create the BES12 database. CreateDB.properties file The following properties apply to the CreateDB.properties file, which contains configuration information for CreateDB. Property Description Database type This property specifies the type of database that integrates with BES12. By default, the database type property is "configuration.database.ng.type=SQL_SERVER". 7 Preinstallation tasks Property Description You should not modify this property as it is a default setting. Database server name This property specifies the database server name that hosts the database to create or upgrade to BES12. By default, the database server name property is "configuration.database.ng.server=localhost". Database instance name This property specifies the database instance name to create or upgrade to BES12. If you use a Microsoft SQL Server instance name; by default, the database instance name property is "configuration.database.ng.instance=Microsoft_SQL_Server_instance name". Note: The default Microsoft SQL Server instance name in the CreateDB.properties file is BES. If you use another Microsoft SQL Server instance name than BES, configure the database instance name property to change BES to your Microsoft SQL Server instance name. If you do not use a Microsoft SQL Server named instance, verify that the Microsoft_SQL_Server_instance name value is deleted. Database port This property specifies the port that the database server uses. If you use a dynamic port configuration, verify that you have no ports listed for this property. By default, the database port property uses a dynamic port configuration and you do not need to configure this property. If you use a static port configuration, configure your database port as "configuration.database.ng.port=static_port_number". Note: If you specify a static port, leave the database instance name property blank. Authentication type This property specifies the authentication type as follows: • Windows authentication - by default, configured as INTEGRATED in this properties file • Microsoft SQL Server authentication - can be configured as USER in this properties file 8 Preinstallation tasks Property Description If you use Windows authentication, by default your authentication type is "configuration.database.ng.authenticationtype=INTEGRATED". Note: If you use Windows authentication, you do not need to configure a user and password in the createdb.properties file. If you use Microsoft SQL Server authentication, configure your authentication type as "configuration.database.ng.authenticationtype=USER". Username and Password - Microsoft SQL Server authentication (USER) If you use Microsoft SQL Server database authentication, these properties specify the username and password for the database account that has database creator permissions. By default, the username property you configure for Microsoft SQL Server authentication (USER) is "configuration.database.ng.user=user_name". By default, the password property you configure for Microsoft SQL Server authentication (USER) is "configuration.database.ng.password=password". Using the BES12 Readiness Tool You can use the BES12 Readiness Tool to check system requirements before you run the BES12 setup application. The BES12 Readiness Tool checks the following requirements: • Proxy server setting validation • Minimum operating system requirements • Minimum hard disk space • Secure connection • SRP connection • Required ports • Account permissions • Database validation The BES12 Readiness Tool does not check for the following requirements: • Microsoft .NET Framework 4.5 The BES12 Readiness Tool is included with the BlackBerry Enterprise Service 12 software. You can also download the tool from docs.blackberry.com/BES12tools. 9 Preinstallation tasks Configuring database high availability using Microsoft SQL Server AlwaysOn Before you install BES12, decide if you want to configure high availability for the BES12 database. Database high availability allows you to retain database service and data integrity if issues occur with the BES12 database. You can use one of the following Microsoft SQL Server features for database high availability: • AlwaysOn Failover Cluster Instances (FCI) for Microsoft SQL Server 2012 or 2014 (Standard Edition) • AlwaysOn Availability Groups for Microsoft SQL Server 2012 or 2014 (Enterprise Edition) • Database mirroring for Microsoft SQL Server 2008 or 2012 If you want to use an AlwaysOn feature, you must complete configuration steps before you install BES12. This section gives you instructions for configuring database high availability using AlwaysOn. You can configure database mirroring any time after you install BES12. For instructions, visit docs.blackberry.com/BES12 to read the BlackBerry Enterprise Service 12 Configuration Guide. Note: Microsoft recommends using AlwaysOn because database mirroring will be deprecated in a future version of Microsoft SQL Server. AlwaysOn high availability BES12 supports AlwaysOn using a Failover Cluster Instance (FCI) or availability group. Both methods require a Windows Server Failover Clustering (WSFC) cluster where independent servers interact to provide a high availability solution for databases. For more information about WSFC, visit the MSDN Library to see Windows Server Failover Clustering (WSFC) with SQL Server. Instance-level high availability using an AlwaysOn Failover Cluster Instance 10 Preinstallation tasks An FCI is an instance of Microsoft SQL Server that is installed across multiple computers (or “nodes”) in a WSFC cluster. The nodes are members of a resource group, and all nodes have shared access to the BES12 database. One of the nodes has ownership of the resource group and gives the BES12 components access to the BES12 database. If the node that owns the resource group becomes unavailable (for example, a hardware or OS failure), a different node takes ownership of the resource group. As a result, BES12 database service continues with minimal interruption. For more information, visit the MSDN Library to see AlwaysOn Failover Cluster Instances (SQL Server). Database-level high availability using an AlwaysOn availability group 11 Preinstallation tasks To use an availability group, you configure a WSFC cluster with multiple nodes. Each node is a separate computer that has an instance of Microsoft SQL Server. One of the nodes hosts the primary BES12 database and gives the BES12 components readwrite access. This node is the “primary replica.” The WSFC cluster can have one to eight other nodes, each hosting a secondary database (a read-only copy of the BES12 database). These nodes are “secondary replicas.” The primary database synchronizes data with the secondary databases. Data is synchronized with each secondary database independently. If one secondary database is unavailable, it does not affect the other secondary databases. You can configure the data synchronization to be asynchronous (delayed synchronization with minimal transaction latency) or synchronous (faster synchronization with increased transaction latency). Automatic failover requires the primary replica and secondary replicas to use synchronous-commit mode. If you configure an availability group for automatic failover and the primary database becomes unavailable, one of the secondary replicas becomes the primary replica. That replica’s secondary database becomes the primary database. As a result, BES12 database service continues with minimal interruption. For more information, visit the MSDN Library to see Overview of AlwaysOn Availability Groups (SQL Server) and AlwaysOn Availability Groups (SQL Server). Preinstallation tasks Before you install BES12, perform the following actions: • Create a WSFC cluster. It is recommended to use static port 1433 for the database server. For requirements and instructions, visit the Technet Library to see Create a Failover Cluster. • If you want to use an AlwaysOn FCI: • ◦ Verify that your environment meets Microsoft requirements. Visit the MSDN Library to see Before Installing Failover Clustering. ◦ Configure the FCI. Visit the MSDN Library to see Create a New SQL Server failover Cluster (Setup). If you want to use an AlwaysOn availability group: ◦ Verify that your environment meets Microsoft requirements. Visit the MSDN Library to see Prerequisites, Restrictions, and Recommendations for AlwaysOn Availability Groups (SQL Server). ◦ Enable the availability groups feature and complete the initial setup tasks, including creating an availability group listener. You will set up the primary replica and secondary replicas after you install BES12 and create the BES12 database. Visit the MSDN Library to see Getting Started with AlwaysOn Availability Groups. Install BES12 and configure support for database high availability 1. Verify that your environment meets the requirements for installing BES12. See Prerequisites: Installing the BES12 software. 12 Preinstallation tasks 2. Follow the instructions in Installing the BES12 software. When you run the setup application: • • 3. On the Database information screen, when you specify the Microsoft SQL Server name, type one of the following: ◦ If you are using an AlwaysOn FCI, type the SQL Virtual Server Network Name for the WSFC cluster (for example, CompanySQLCluster). ◦ If you are using an AlwaysOn availability group, type the Availability Group Listener Virtual Network Name (for example, CompanyListener). On the Database information screen, it is recommended that you use the Static port option and use the default port 1433. Complete any postinstallation tasks described in this guide. After you finish: • If you want to install another BES12 instance connecting to the same BES12 database, repeat these steps. • If you are using an FCI, use the Failover Cluster Manager tool to manage the FCI and failover settings. • If you are using an availability group, use Microsoft SQL Server Management Studio to set up the primary replica and secondary replicas and to configure failover settings. Visit the MSDN Library to see Getting Started with AlwaysOn Availability Groups and Use the Availability Group Wizard (SQL Server Management Studio). Choose the option to create a full backup for the secondary databases and specify a shared network location that all replicas can access. How BES12 selects listening ports during installation When you install BES12 for the first time, the setup application determines whether default listening ports are available for use. To review the list of default listening ports and the purpose of each port connection, see BES12 listening ports. If a default port is not available, the setup application assigns a port value from the range of 12000 to 12999. The setup application stores the port values in the BES12 database. When you install an additional BES12 instance in the domain, the setup application retrieves the listening port values from the database and uses those values for the current installation. If a defined listening port is not available, you receive an error message stating that you cannot complete the installation until the port is available for use. For more information about the port connections that you must open in your organization's firewall after you install BES12, visit docs.blackberry.com/BES12 to read the BlackBerry Enterprise Service 12 Configuration Guide. 13 Prerequisites: Installing the BES12 software Prerequisites: Installing the BES12 software 2 • Verify that you opened the necessary ports on your organization's firewall. • Verify that you installed all required third-party applications. • If you perform the installation process on a computer that has more than one NIC, verify that the production NIC is first in the bind order in the Windows network settings. • If your organization uses a proxy server for Internet access, verify that you have the computer name, port number, and credentials for the proxy server. • When you run the setup application, use only standard characters to specify values. Unicode characters are not supported. • If you want to install BES12 on the same computer as BES10, the setup application may identify that you must remove your static JRE version or install a newer, dynamic JRE version. Install the latest JRE 1.7 family version before you run the setup application. 14 Installing the BES12 software Installing the BES12 software 3 Applications that are installed with BES12 You can use the BES12 installation process to install the following third-party applications: • Microsoft .NET Framework 4.5 (if it is available in the setup application to enable through the Windows Server Manager) • Microsoft Visual C++ 2008 SP1 Redistributable Package • Microsoft Visual C++ 2010 Redistributable Package • Microsoft SQL Server 2012 Express SP2 (if it is selected during the installation process) • Microsoft SQL Server 2012 Express SP2 Native Client For more information about the JRE version that is installed with BES12, see the BES12 Compatibility Matrix. If you want to install Microsoft SQL Server 2012 Express SP2 on a computer that does not host BES12, you can copy the BES12 installation files to the computer that you want to install Microsoft SQL Server 2012 Express SP2 on. In the BES12 installation files, navigate to the Tools and ext folders and run the sqlexpress.exe file (64-bit). Install BES12 When you run the setup application, use only standard characters to specify values. Unicode characters are not supported. Before you begin: • If you are upgrading from BES5 to BES12 during this installation, verify that the BES5 database is at BES5 version 5.0.4 MR10 or later. • If you install BES12 behind a firewall, it cannot connect to the BlackBerry Infrastructure until you configure the proxy server. BES12 prompts you the first time you log in to the BES12 management console. • Installing BES12 or specifying the location of BES12 log files to a mapped network drive is not supported. Note: Any files that you add to the installation folder will be deleted automatically when you reinstall or upgrade BES12. 1. Log in to the computer that you want to install BES12 on using the service account. 2. In the BES12 installation folder, double-click Setup.exe. If a Windows message appears and requests permission for Setup.exe to make changes to the computer, click Yes. 3. In the Java Setup screen, click Install. 15 Installing the BES12 software 4. Click Close. 5. In the BES12 setup application screen, click Next. 6. In the License agreement dialog box, perform the following actions: 7. a. Select your country or region. b. Read the license agreement. To accept the license agreement, select I accept the terms of the license agreement. c. Click Next. In the Installation requirements dialog box, you can check to see if your computer has met the requirements to install BES12. Click Next. The setup application may display a warning that indicates that Microsoft .NET Framework 4.5 is not installed. You can ignore this warning and proceed with the installation. The setup application will automatically install Microsoft .NET Framework 4.5 for you if it is not detected on your computer. 8. In the Setup type dialog box, perform one of the following actions: • For a new installation of the BES12 software, select Create a new domain. Select Install and use Microsoft SQL Server 2012 Express Edition on this computer if you do not have Microsoft SQL Server installed. • If you already have a supported version of Microsoft SQL Server installed, select Use an existing Microsoft SQL Server instance in your organization’s environment. You can install the database server on the same computer or use an existing database server in your organization's environment (local or remote). • To upgrade an existing BES5 database to BES12, or to use an existing BES12 database, select Use an existing domain. For more information about how to upgrade from BES10 to BES12, visit docs.blackberry.com/BES12 to read the BlackBerry Enterprise Service 12 Planning Guide. 9. Click Next. 10. In the Database information dialog box, fill out the fields depending on the setup type you selected: Setup type Steps Create a new domain and install Microsoft SQL Server 2012 Express 1. Type the Windows password. 2. Click Next. 1. In the Microsoft SQL Server name field, type the name of the computer that hosts the database server. 2. In the Database name field, type a name for the database you are upgrading, or a name for the new database. 3. If you configured the database server to use static ports, select the Static option. If the static port number is not 1433, in the Port field, type the port number. Create a new domain and use an existing Microsoft SQL Server instance 16 Installing the BES12 software Setup type Use an existing domain Steps 4. By default, the setup application uses Windows authentication to connect to the existing database. If you select Microsoft SQL Server authentication, specify a Windows account that has access to the Microsoft SQL Server. 5. Click Next. 1. In the Microsoft SQL Server name field, type the name of the computer that hosts the database server. 2. In the Database name field, type a name for the database you are upgrading, or a name for the new database. 3. If you configured the database server to use static ports, select the Static option. If the static port number is not 1433, in the Port field, type the port number. 4. By default, the setup application uses Windows authentication to connect to the existing database. If you select Microsoft SQL Server authentication, specify a Windows account that has access to the Microsoft SQL Server. 5. Click Next. If you are installing BES12 on a computer that already has an instance of BES5, the setup application automatically completes the fields in the Database information dialog box. 11. In the Folder locations dialog box, perform the following actions: a. Specify the location of the installation folder and log file folder. b. If you receive a message saying there is not enough space remaining, create extra space to install BES12 on your computer. c. If you receive a message asking you to create the installation and logs folder locations, click Yes. 12. Click Next. 13. In the Installation summary dialog box, click Install to install BES12. 14. In the Installing dialog box, click Next when the installation is complete. 15. In the Console addresses dialog box, click Close. After you finish: Note: Do not create a shared folder within the installation folder after you install BES12. If you reinstall or upgrade BES12, all of the files and folders in the installation folder will be deleted, including the shared folder. 17 Installing the BES12 software • If you performed an upgrade from BES5 to BES12, restart the BES5 BlackBerry Administration Service - Application Server service. • If you performed an upgrade from BES5 to BES12, review the BES5 roles. • You can install more than one BES12 instance in the domain to create a high availability configuration that minimizes service interruptions for BlackBerry 10, iOS, Android, and Windows Phone device users. For more information about high availability, visit docs.blackberry.com/BES12 to read the BlackBerry Enterprise Service 12 Configuration Guide. Installing BES12 in a DMZ You can install BES12 in a DMZ, outside of your organization's firewall. To install BES12, see Install BES12 . If you install BES12 in a DMZ, verify that you open the required ports on your organization's firewall. For more information about port requirements, visit docs.blackberry.com/BES12 to see the BlackBerry Enterprise Service 12 Configuration Guide. 18 Installing a standalone BlackBerry Router Installing a standalone BlackBerry Router 4 The BlackBerry Router is an optional component that you can install in a DMZ outside your organization's firewall. The BlackBerry Router connects to the Internet to send data between BES12 and devices that use the BlackBerry Infrastructure. The BlackBerry Router functions as a proxy server and can support SOCKS v5 (no authentication). Note: If your current environment contains a TCP proxy server, you do not need to install the BlackBerry Router for BES12. Install a standalone BlackBerry Router Before you begin: Make sure you have the name of the SRP host. The SRP host name is usually <country code>.srp.blackberry.com (for example, us.srp.blackberry.com). To verify the SRP host name for your country, visit the SRP Address Lookup page. Note: Installing the BlackBerry Router on a computer that hosts any components that manage BlackBerry OS devices is not supported. A standalone BlackBerry Router instance is hosted on a computer that does not host any other BES12 components. 1. Download and extract the BES12 Installation .zip file on your computer. 2. From the extracted BES12 installation files, open the router folder. 3. Extract the setupinstaller .zip file from the router folder. This .zip file contains an Installer folder that has the Setup.exe file to install the BlackBerry Router using the Command Prompt application. 4. Go to Start > All Programs > Accessories > Command Prompt. 5. Right-click the Command Prompt application and select Run as administrator. 6. Navigate to the location of the BlackBerry Router Setup.exe file using the Command Prompt application. 7. In the command prompt window, type Setup.exe -srphost <srphostname> (for example, Setup.exe -srphost ca.srp.blackberry.com). 19 Logging in to BES12 for the first time Logging in to BES12 for the first time 5 The first time that you log in to the management console after you install BES12, you must enter your organization name, SRP ID, and SRP authentication key. Log in to BES12 for the first time Before you begin: Verify that you have the organization name, SRP identifier, and SRP authentication key available. If the setup application is still open, you can access the management console directly from the Console addresses dialog box. Note: You may be prompted to provide the IP address and port number of the BlackBerry Router or a TCP proxy server. 1. In the browser, type https://<server_name>:<port>/admin, where <server_name> is the FQDN of the computer that hosts the management console. The default port for the management console is port 443. 2. Do one of the following: 3. • If you upgraded the database from BES5 to BES12, verify that you have restarted the BlackBerry Administration Service services. Click OK. • If you did not upgrade a BES5 database, click OK. Click OK when you receive a reminder to restart the BlackBerry Administration Service services if you have upgraded the database from BES5 to BES12. If you have not upgraded the database from BES5 to BES12, you can ignore the reminder. 4. In the Username field, type admin. 5. In the Password field, type password. 6. Click Sign in. 7. In the Server location drop-down selection, select the country of the computer that has BES12 installed on it. 8. Click Next. 9. Type the name of your organization, the SRP identifier, and the SRP authentication key. 10. Click Submit. 11. You will be prompted to change your password. 12. Change the temporary password to a permanent password. 13. Click Submit. 20 Logging in to BES12 for the first time After you finish: When you log in to the management console, you can choose to complete or close the Welcome to BES12 dialog box. If you close the dialog box, it will not appear during subsequent login attempts. 21 Additional information Additional information 6 Best practice: Running BES12 Best practice Description Do not change the startup type for the BES12 services. When you install or upgrade to BES12, the setup application configures the startup type for the BES12 services as either automatic or manual. To avoid errors in BES12, do not change the startup type for the BES12 services. Do not change the account information for the BES12 services. When you install or upgrade BES12, the setup application configures the account information for the BES12 services. Do not change the account information for BES12 unless the BES12 documentation specifies that you can. Do not manually restart the BlackBerry Work Connect Notification Service. You can manually restart the BlackBerry Affinity Manager service, which controls the restart of the BlackBerry Work Connect Notification Service. Configuring database permissions using Microsoft SQL Server roles The setup application requires the service account or Microsoft SQL Server account that it uses during the installation or upgrade process to have permissions on the database server to create or upgrade the BES12 database. After the installation or upgrade process completes, you can change the database permissions for the service account or Microsoft SQL Server account to the minimum permissions that BES12 requires to run. When you change the database permissions, you can use Microsoft SQL Server security to minimize the operations that the service account or Microsoft SQL Server account can perform on the BES12 database. The Microsoft SQL Server roles that are required by the setup application and BES12 are as follows: Database role Description db_owner The setup application or CreateDB automatically adds the account that you use to create the BES12 database to this role. 22 Additional information Database role Description This role contains the minimum permissions that the setup application or CreateDB requires to upgrade the BES12 database. Configure minimum database permissions for the service account or Microsoft SQL Server account You can configure minimum database permissions for the service account or Microsoft SQL Server account that BES12 uses to connect to the BES12 database. Before you begin: Add a different Windows account or Microsoft SQL Server account to the db_owner database role for the BES12 database. 1. Open the Microsoft SQL Server Management Studio. 2. Expand Microsoft SQL Server > Security > Logins. 3. Right-click the service account or Microsoft SQL Server account. Click Properties. 4. Click User Mapping. Select the BES12 database. 5. In the Users mapped to this login section, select bes. 6. Remove all other database role memberships except public. 7. Click OK. BES12 listening ports When you install BES12 for the first time, the setup application determines whether the following default listening ports are available for use. If a default port is not available, the setup application assigns a port value from the range of 12000 to 12999. The setup application stores the port values in the BES12 database. When you install an additional BES12 instance in the domain, the setup application retrieves the listening port values from the database and uses those values for the current installation. If a defined listening port is not available, you receive an error message stating that you cannot complete the installation until the port is available for use. Port Purpose 1610 The port that the BES12 Core uses to provide SNMP monitoring data. 1620 The port that the BES12 Core uses to send SNMP notifications in an IPv4 environment. 23 Additional information Port Purpose 3202 The port that the active BlackBerry Affinity Manager listens on for RCP connections from the BlackBerry Dispatcher. 3203 The port that the BlackBerry Dispatcher listens on for BIPPe connections from the BlackBerry MDS Connection Service. 8000 The ports that BES12 Self-Service and the management console listen on for HTTPS connections. 443 If 443 is not available, the setup application tries to use port 8008. If port 8008 is not available, the setup application assigns a port value from the range of 12000 to 12999. 8085 The port that the active BlackBerry Affinity Manager listens on for REST notifications. 8091 The secure SSL port that the BlackBerry Work Connect Notification Service listens on. 8093 The port that the administration console uses to connect to the BES12 Core. 8448 The port that is used for internal communication between the BES12 Core and the management console and BES12 Self-Service. 8881 The port that BES12 uses to receive management requests for BlackBerry 10 devices. The connection uses mutual authentication with ECC certificates. 8882 The port that BES12 uses to receive enrolment requests for BlackBerry 10 devices. 8883 The port that BES12 uses to receive enrolment requests for iOS, Android, and Windows Phone devices. 8884 The port that BES12 uses to receive management requests for iOS, Android, and Windows Phone devices. The connection uses mutual authentication with RSA certificates. 8885 An additional port that BES12 uses to receive management requests for iOS devices. The connection uses mutual authentication with RSA certificates. 8887 The port that BES12 uses for authenticated connections to check the status of BES12 instances. 8900 The secure SSL port that the BlackBerry Gatekeeping Service listens on. 10080 The HTTP port that the BlackBerry MDS Connection Service listens on for enterprise push data. 24 Additional information Port Purpose 10443 The HTTPS port that the BlackBerry MDS Connection Service listens on for enterprise push data. This port is used when you turn on push encryption. 18084 The port that applications can use to send data to the BlackBerry Web Services. 38082 The port that the BES12 Core listens on to route email notification traffic through the BlackBerry Infrastructure to the APNs for iOS devices. 38083 The port that the BES12 Core listens on for migration requests when you move devices from BES10 to BES12. 38085 The port that supports Secure Work Space traffic from iOS and Android devices through the BES12 Core and BlackBerry Infrastructure to connect to work resources. 38086 The port that your organization’s TCP proxy server or the BlackBerry Router listens on for data that BES12 sends to the APNs. Removing the BES12 software You can use the uninstall application to remove the BES12 software from a computer. The uninstall application can also remove the log files for the existing installation. The uninstall application does not remove the BES12 database from the database server and it does not remove the database instance that hosts the BES12 database. CAUTION: You cannot uninstall BES12 and continue to use BES5 after you have upgraded from BES5 to BES12. If you uninstall BES12 after the upgrade, BES5 will not function correctly. Remove the BES12 software 1. On the taskbar, click Start > Control Panel. 2. Click Uninstall a program. 3. Click BES12. 4. Click Uninstall. 5. If the uninstall application prompts you to restart the computer to finish removing the BES12 software, click OK. After you finish: You can remove third-party software that the setup application installed during the BES12 installation process (for example, you can remove the JRE software from the computer). 25 Additional information Remove a BES12 instance from the database If you uninstall a BES12 instance, you must complete the following steps to remove the data for that instance from the BES12 database. If you do not, the BES12 log files indicate that the instance that you removed is not available. Before you begin: Uninstall a BES12 instance. 1. On the menu bar, click Settings. 2. In the left pane, click Infrastructure > BES12 instances. 3. For the BES12 instance that you removed, click 4. Click Delete. . 26
© Copyright 2024