Difference between revisions of "HowTos/Scalix 11.4.6 And BES Express 5.0.1"

From Scalix Wiki
Jump to: navigation, search
m (added naviagtion to top of page)
 
(No difference)

Latest revision as of 13:11, 14 October 2010

Scalix Wiki -> How-Tos -> Scalix 11.4.6 And BES Express 5.0.1

I've been spending a couple of days trying to set up a reliable and stable configuration for Black Berry Enterprise Express 5.0.1 bound to our Scalix server 11.4.6. Unfortunately there is an extreme lack of documentation and the release notes (http://downloads.scalix.com/rn/scalix-besconnect-1.0.1-GA-releasenotes.html) are missing quite a bit of very useful and mandatory informations. Hope these notes help someone to speed up their process.

What you need

  • A Scalix Server properly configured and running. In my example we're on Scalix 11.4.6 hosted on a CentOS 5.5 with about 100 premium users.
  • A Windows Server to install BlackBerry Enterprise Server on. We have used Windows Server 2003 R2
  • An Active Directory infrastructure. If your windows server is the only windows server in your LAN then you'll have to configure it with dcpromo. In our case we had already AD configured on other Windows servers so the only thing we had to do was to configure this newly created server to properly join the AD domain
  • A Scalix's license for Scalix Connect for Bes 1.0.1 and, of course, the connector itself
  • BlackBerry Enterprise Server Express software for Microsoft Exchange. Refer to Rim's site for registration and download. At the date of this writing I obtained version 5.0.1
  • Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1 you can download from here: http://www.microsoft.com/downloads/details.aspx?FamilyID=E17E7F31-079A-43A9-BFF2-0A110307611E&displaylang=en
  • A licensed Microsoft's Outlook. In the release notes offered by Scalix they say you can go for Outlook 2007 but I was not able to deploy it due to it's conflicts with Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1

Preparing your environment

  • First of all obtain your Scalix's license for Scalix Connect for Blackberry Enterprise Server 1.0.1 and apply it into the SAC
  • On Scalix's server console create your BESAdmin account :
omaddu -n "BESAdmin/company" -p bbpassword -c mboxadmin besadmin

replacing bbpassword with a password of your choice wich you will take note of and company with the node name of your server - you can desume it by running omshowmn

  • Install your Windows Server OS and, like I said, deploy AD on it or simply join it to an existing AD Domain: do a complete Windows Update before proceeding
  • If you have deployed AD on this newly created server then go to Active Directory for Users and Computers otherwise move to any of your AD controllers and do the same.
  • Create a new user named BESAdmin with the same password you have took note of in previous Scalix's account creation. Ensure this new account has Administrator privileges adding it to the Domain Admins group. If you want to be quicker simply create the new account by copying the Administrator built-in account (it will have extra privileges though). Also ensure account password is set to never expire.
  • Logoff
  • Login into the new server (the one you're preparing for BES) using the newly created account BESAdmin. All the remaining part of the procedure has to be completed using this account.
  • Install Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1. After that check for Updates (Windows update)

At this stage Scalix says you should install Outlook 2007. It was impossible for me as OL2007 claims it can't install on previous version of OL. Therefore I decided to go for OL2003. Install it with minimal requirements (disregard all the extra office components, themes, pictures and, most important, do not install Collaboration objects.)

  • After you have set up your OL2003 do a Windows Update: maybe you'll need a couple of cycles (in our case we had an Office service pack and some post service pack hot fixes)
  • Before you step further do check you have only one copy of CDO.DLL installed into C:\Program Files\ExchangeMAPI. Locate it, open it's properties and check it is version 6.5.8165.0 and 758Kb size.
  • Install Scalix Connect for BES. After the setup process completes, again, search for cdo.dll in your C:\Program Files\ directory. You should notice that original cdo.dll in C:\Program Files\ExchangeMAPI has been renamed to mscdo.dll and a new CDO.DLL has been created of size 101Kb and version 1.0.1.9246. This file is the modified CDO library by Scalix and is essential for proper functioning. You'll also find in C:\Program Files\Scalix\Connect a file named sxcdo.dll which is same size and version. Please ensure you have no other file named cdo.dll in any other directory.

Is your Scalix configured for Single Sign On (SSO) ?

This question is absolutely relevant as it's now time to create the MAPI profiles which will be used by BES. If your Scalix's infrastructure is configured for SSO (like our is) as you try to create the two needed profiles (BlackBerryManager and BlackBerryServer), Scalix Connect for BES will try automatically to go for a SSO configuration with success. There should be nothing wrong with it but, in our experience, when Scalix's BESAdmin account (which is configured with mboxadmin privilege) tries to open other users' store under the circumstances of a Kerberos authentication, it will fail and, of course, BES is not able to perform any sync. This goes beyond the boundaries of my comprehension but it also made spend a lot of time trying to debug. Therefore, if you have set up SSO for Scalix, you have to inhibit it for the limited time of the creation of the new profiles: to do so, go to DNS server which is authoritative for your AD domain and delete the C record for scalix-default-mail. We will recreate it later to restore normal operations. To be sure Scalix Connect for BES wont try any SSO, with hands on your Windows Server (the one you're configuring), open a command prompt and do a : 

   ipconfig /flushdns

Also you may try to nslookup for scalix-default-mail and should receive a non existent reply.

Create BES MAPI Profiles (BlackBerryManager and BlackBerryServer)

  • To create these MAPI profiles go in Control Panel and double clic Mail
  • If they exist already, delete the "BlackBerryServer" and "BlackBerryManager" MAPI profiles. This may occur if you're upgrading from a previous version of BES.
  • Create new profiles under the same name. Make sure that you select "Scalix Server" from "Additional Server Types". Enter the name of the Scalix Server you want to connect to, e.g. "scalix.company.com". For Username and Password, use the Authentication Id and Password of the "BESAdmin" user you created before, i.e. "besadmin" and "bbpassword" in the example. Always tick the save password check box. If, during creation of the profiles, you're not prompted for any password than it means Scalix Connect has enabled SSO successfully. This is not good: read above "Is your Scalix configured for Single Sign On (SSO) ?"
  • When done close the Mail cp and exit Control Panel.


Install BlackBerry Enterprise Server Express software

  • The package you have downloaded from Rim's will self extract by default in "C:\Research In Motion\" and will automatically invoke the setup process.
  • Follow the wizard's instructions. During the setup you'll be warned about the fact CDO.DLL appears to be outdated: ignore the warning and step further. You may also be warned about the BESAdmin account do not have "Send As" permissions: ignore it too.
  • Enter your license keys (you'll need a registered license even for BES Express - they will provide it for free) and test connection to SRP address. If your server is behind a firewall you'll have to configure it to allow outbound TCP connections on port 3101.
  • Towards the end of a BES V5 install you will prompted to provide LDAP settings; these should be configured to use the domain controller and not the Scalix server. BES should automatically populate the LDAP settings and only require the password to be entered.
  • Complete the installation and stay at the last panel where you have the option to "Start Services": do not start them yet.

Which version of BES are you on ?

Before starting the services consider the BES version you're installing: if you're installing 4.1.7+ or 5.0.1+ (like me) you absolutely have to do the following. If you're not ... skip this section.

  • Open notepad
  • Copy and paste the following code
 Windows Registry Editor Version 5.00

 [HKEY_LOCAL_MACHINE\SOFTWARE\Research In Motion\BlackBerry Enterprise Server\Agents]
 "CreateCDOProfile"=dword:00000000
  • Save the document as CDOProfile.reg on your desktop
  • Double click it and merge it into the registry

The reason for that is explained here : http://www.besadmin.info/KB21413. In these versions the creation of CDO Profiles is improved by the means of MAPI32.DLL rather than by CDO.DLL. But Scalix Connect for BES relies only on CDO.DLL. Therefore, if you do not apply this registry setting, you will encounter problems like these: any calendar change performed on the portable device wont be replicated in Scalix and, susequently, in Outlook; you will find the event log of your BES' Windows Serve flooded by entries sourced from Black Berry with event ID 20265 (MAPIMailbox::HandleObjectModifiedNotification - OpenEntry (0x80004005) failed) - event ID 20717 (MailboxManager::CreateProfile (BES_CDO_5588_3) - ConfigureMsgService (80040115) - Ensure that IPv6 is disabled on the Exchange Server or configure the BES to use the closest global catalog server) - event ID 20455 (MAPIMailbox::CheckUserOriginatedItem - OpenEntry (0x80004005) failed, RefId=-1722410989, MsgFolderId=-6, FolderId=-2)

Start BES' services

  • Hit "start Services" button on last BES wizard's page. This phase is quite resource intensive so expect your CPU to top for a few seconds
  • When done close the BES wizard.


Test BES<-->Scalix connectivity

  • On you server open a command prompt and cd to "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\Utility"
  • Run IEMSTest.exe
  • In the POP up window choose the BlackBerryServer profile and hit Ok
  • A second window appears with a list of your Scalix's users. Select one and hit Ok
  • You should receive an output like this:
         BlackBerry Enterprise Server Utility - IEMSTest.exe (IExchangeManageStore), Version 1.0
         Copyright (c) Research In Motion, Ltd. 1999. All rights reserved.
         Opening Default Message Store Mailbox - BESAdmin
         {BESAdmin@yourdomain.com} Unable to find user in AD

         DOE JOHN: Opening message store using
                 John Doe /host-scx/cn=DOE\ JOHN
                 /o=host-scx.yourdomain.com/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=host-scx.yourdomain.com/cn=Microsoft Private MDB
         DOE JOHN: Mailbox opened successfully
         DOE JOHN: Root Folder opened successfully
         DOE JOHN: Folder created successfully
         DOE JOHN: Test folder deleted successfully
         DOE JOHN: MAPI test completed successfully
         DOE JOHN: CDO Server Name: host-scx.yourdomain.com
         DOE JOHN: CDO Mailbox DN: John Doe /host-scx/cn=DOE\ JOHN
         DOE JOHN: CDO logon successful
         DOE JOHN: Get default calendar folder successful
         DOE JOHN: Get calendar folder name successful: 'Calendar'
         DOE JOHN: CDO test completed successfully
         DOE JOHN: Failed to check Active Directory for Send As permissions (80070057)
  • The last warning can be safely ignored, but if you have other errors than it's better to reread from top.


You're now ready to access your BES services web pages on you server : Webconsole (https://yourserver-fqdn-name:3443/webconsole/login) to manage users and devices. Login using besadmin/password. To BB enable Scalix's users simply access the Create User section, hit Search and you'll be prompted with the complete list of configured Scalix's users.

In our environment everything now works fine and two-ways sync works like a charm.

Note : If you have previously deleted your scalix-default-mail C record in Active Directory DNS ... it's now time to recreate it.

Webdesktop - AD Integration yet to fix

Managing and binding of devices to users is beyond the scope of this writing. Nevertheless you should know that binding can be performed by an Administrator (using webconsole) or by users' themselves using Webdesktop (they have to be previously imported into BES using Webconsole). However if your users authenticate using AD (which is by default in BES for Exchange) you'll find that they can not log in. The reason is this: BES AD connector looks for legacyExchangeDN attribute to be valued in AD for the authenticating user but if you do not have Exchange installed ... you do not have this attribute valued. Most likely, if you're reading this, you have Scalix, not Exchange. I am working on it ... maybe a script populating proper attributes from Scalix's schema will do the trick.

Well ... that's all for now.

Retrieved from "https://www.scalix.com/wiki/index.php?title=HowTos/Scalix_11.4.6_And_BES_Express_5.0.1&oldid=5059"