Welcome to Port3101.org : Your BES Connection Mark forums read | View Forum Leaders
Port3101.org : Your BES Connection



Reply
LinkBack (2) Thread Tools Display Modes
KB04293 - How to switch BlackBerry Enterprise Server service accounts
 
  2 links from elsewhere to this Post. Click to view. #1 (permalink)  
Old 12-23-2008, 02:27 PM
hdawg's Avatar
Proprietor
 
Join Date: Nov 2008
Posts: 2,257
Blog Entries: 147
Default KB04293 - How to switch BlackBerry Enterprise Server service accounts

KB04293 - How to switch BlackBerry Enterprise Server service accounts


Environment

  • BlackBerry® Enterprise Server software versions 4.0 to 4.1 for Microsoft® Exchange
  • Microsoft® SQL Server® 2000 and 2005 Standard and Enterprise Editions
  • Microsoft SQL Server 2005 Express Edition
  • Microsoft SQL Server Desktop Engine (MSDE)



Overview

To change the BlackBerry Enterprise Server service account for BlackBerry® Enterprise Server software version 4.0 or 4.1 for Microsoft® Exchange, complete the following tasks:
Summary of Tasks

  1. Create a new service account and mailbox.
  2. Set the local permissions.
  3. Assign the new service account to the Local Administrators group.
  4. Add the appropriate Microsoft Exchange Server permissions.
  5. Add the Send As permission in Microsoft® Active Directory® Users and Computers.
  6. Stop all BlackBerry Enterprise Server services.
  7. Configure BlackBerry Enterprise Server services to log in with the new service account.
  8. Export the Research In Motion® (RIM®) folder from the old service account.
  9. Import the Research In Motion folder to the new service account.
  10. If you have a Microsoft SQL Server, assign the Server roles.
  11. Edit the Messaging Application Programming Interface (MAPI) profile.
  12. Start all BlackBerry Enterprise Server services.

Task 1



Create a new BlackBerry Enterprise Server service account and mailbox. For detailed instructions, see the BlackBerry Enterprise Server for Microsoft Exchange: Installation Guide.

For information on assigning permissions to the BlackBerry Enterprise Server administration account, see KB02276.

Task 2



Depending on where the BlackBerry Enterprise Server is installed, set the local permissions by completing one of the procedures below.
On a member server
If the BlackBerry Enterprise Server is installed on a member server, set the local permissions as follows:
  1. In the Windows® Control Panel, go to Administrative Tools > Local Security Policy.
  2. Expand Local Policies, and then select User Rights Assignment.
  3. Depending on the Windows environment, do one of the following:
    • If using Windows Server® 2003, right-click Allow log on locally, click Properties, and click Add User or Group. Type the domain name of the new service account, and then click OK (see screenshot below).
    • If using Windows Server 2000, right-click Log on locally, and click Properties. Select the Local Policy Setting check box next to the new service account name, and then click OK.
  4. Specify the option Log on as a service.
On a domain controller
If the BlackBerry Enterprise Server is installed on a domain controller, set the local permissions as follows:
Warning: There are performance issues associated with installing the BlackBerry Enterprise Server on a domain controller. This is not a recommended configuration.
  1. In the Windows Control Panel, open Administrative Tools > Domain Controller Security Policy.
  2. Expand Local Policies and then select User Rights Assignment.
  3. Depending on the Windows environment, do one of the following:
    • If using Windows Server 2003, right-click Allow log on locally, click Properties, and click Add User or Group. Type the domain name of the new service account and then click OK.
    • In Windows 2000, right-click Log on locally, and then click Properties. Select the Local Policy Setting check box next to the new service account name and click OK.
  4. Specify the option Log on as a service.

Task 3



Depending on where the BlackBerry Enterprise Server is installed, add the new BlackBerry Enterprise Server service account to the Local Administrators group on the BlackBerry Enterprise Server by completing one of the procedures below.
On a member server
If the BlackBerry Enterprise Server is installed on a member server, add the new BlackBerry Enterprise Server service account to the Local Administrators group as follows:
  1. Open Administrative Tools > Computer Management, then expand System Tools.
  2. Expand Local Users and Groups (see screenshot below).
  3. Select Groups and then double-click Administrators.
  4. On the Administrators Properties window click Add and type the new BlackBerry Enterprise Server service account name.
  5. Click OK.
  6. Click OK again to close the Administrators Properties window.
On a domain controller
If the BlackBerry Enterprise Server is installed on a domain controller, add the new BlackBerry Enterprise Server service account to the Local Administrators group as follows:
  1. Open Administrative Tools > Active Directory Users and Computers, and then select the Builtin folder.
  2. Double-click Administrators, and then select the Members tab.
  3. Click Add, type the new BlackBerry Enterprise Server service account name and then click OK.
  4. Click OK again.

Task 4

Depending on the Microsoft Exchange environment, add the appropriate Microsoft Exchange Server permissions by completing one of the procedures below.
Microsoft Exchange 2000 and 2003
  1. Open Exchange System Manager.
  2. Right-click the Microsoft Exchange administrative group name and then click Delegate Control.
  3. Click Next and then click Add.
  4. On the Delegate Control window, click Browse (see screenshot below).
  5. On the Select Users, Computers or Groups window, select the new BlackBerry Enterprise Server service account and then click OK.
  6. From the Role drop-down list, select Exchange View Only Administrator and click OK.
  7. Click Next and then click Finish.
  8. Open Exchange System Manager, expand Administrative Groups > First Administrative Group, and select Servers.
  9. Right-click the Microsoft Exchange Server name, select Properties. Select the Security tab and click the Advanced button.
  10. Select the BlackBerry Enterprise Server service account name. If you are not able to locate the BlackBerry Enterprise Server service account name, complete the following steps that will allow you to find and click the BlackBerry Enterprise Server service account:
    1. Click Advanced, and then select the Allow inheritable permissions from parent to propagate to this object check box.
    2. Click Apply and then click OK. You should now be able .
  11. Select the appropriate check boxes to allow permissions for Administer information store, Receive As, and Send As.
  12. Click Apply and then click OK.


Microsoft Exchange 5.5
In Exchange Administrator, turn on the Service Account Admin permission for the new service account in both the Site and Configuration containers. For more information on setting permissions, see the Microsoft Exchange 5.5 documentation.


Microsoft Exchange 2007
  1. Open the Microsoft Exchange Shell by going to Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
  2. To set the Exchange View Only Administrator role, type the following command: add-exchangeadministrator BESAdmin -role ViewOnlyAdmin
    where BESAdmin is the name of the BlackBerry Enterprise Server service account.
  3. To check the Exchange View-Only Administrator role, type the following command: get-exchangeadministrator | Format-List
    The service account should be displayed with a ViewOnlyAdmin role.
  4. To set the Send As, Receive As, and Administer Information Store permissions, type the following command:
    get-mailboxserver server_name | add-adpermission -user BESAdmin -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin
    where server_name is the name of the Microsoft Exchange Server 2007 or Microsoft Exchange Cluster and BESAdmin is the name of the BlackBerry Enterprise Server service account.
  5. To check the Send As, Receive As, and Administer Information Store permissions, type the following command in Exchange Management Shell: get-mailboxserver Exchange2007 | get-ADpermission -user BESAdmin | Format-List
    where Exchange2007 is the name of the Microsoft Exchange Server 2007 or Microsoft Exchange Cluster and BESAdmin is the name of the BlackBerry Enterprise Server service account.

Task 5

In Active Directory Users and Computers, add the Send As permission by completing the following steps:
To grant the Send As permission for a single account on all users in a Microsoft Active Directory domain or container, complete the following steps:
  1. Open Administrative Tools > Active Directory Users and Computers.
  2. From the View menu, select the Advanced Features option. If this option is not selected, the Security page will not be visible for domain and container objects.
  3. Right-click the appropriate domain or container, and then click Properties.
  4. Select the Security tab.
  5. If the BlackBerry Enterprise Server service account that requires the Send As permission is not listed, click Add, and then select the appropriate BlackBerry Enterprise Server service account. Click OK.
  6. Select the BlackBerry Enterprise Server service account and then click Advanced.
  7. Under the Permissions tab select the BlackBerry Enterprise Server service account and then select Edit.
  8. Under the Object tab in the Applies Onto list, select User Objects.
  9. Select the Send As check box (see screenshot below).
  10. Click Apply, and then click OK.
  11. Close the Properties window, and then close Active Directory Users and Computers.
Note: For additional methods of assigning the Send As permission, search for article 912918 in the Microsoft Support Knowledge Base.

Task 6

Stop all BlackBerry Enterprise Server services by completing the following steps:
  1. Open Administrative Tools > Services.
  2. Right-click each BlackBerry Enterprise Server service and then click Stop for each service.

Task 7

Configure any BlackBerry services that use the old BlackBerry Enterprise Server service account to log in with the new BlackBerry Enterprise Server service account by completing the following steps:
Important:

For BlackBerry Enterprise Server software versions 4.0 to 4.1 Service Pack 4 (4.1.4) do not include the BlackBerry Attachment Service, BlackBerry® Mobile Data System services, Apache Tomcat service, or BlackBerry Instant Messaging Connector in this procedure. These services are always set to the local system.



For BlackBerry Enterprise Server software version 4.1 Service Pack 5 (4.1.5) – 4.1 Service Pack 6 Maintenance Release 2 (4.1.6 MR2) do not include the BlackBerry Attachment Service or BlackBerry Instant Messaging Connector in this procedure. These services are always set to the local system.
  1. Open Administrative Tools > Services, double-click a BlackBerry Enterprise Server service that has a Log On account, and click the Log On tab.
  2. Select the This account option, and then type the new BlackBerry Enterprise Server service account name.
  3. In the Password and Confirm Password fields, type the BlackBerry Enterprise Server service account password.
  4. Click Apply, and then click OK.
  5. Repeat steps 1 to 4 for each of the remaining BlackBerry Enterprise Server services that have a Log On account.

Task 8

Export the Research In Motion folder from the old BlackBerry Enterprise Server service account.
Note: To perform this task, you must be logged on using the account that was initially used to install the BlackBerry Enterprise Server software or service pack.
Warning: The following procedure involves modifying the computer registry. This can cause substantial damage to the Windows operating system. Document and back up the registry entries prior to implementing any changes.
  1. Log in to the old BlackBerry Enterprise Server service account.
  2. In the Registry Editor, go to HKEY_CURRENT_USER\Software\Research In Motion.
  3. Select the Research In Motion folder.
  4. Depending on the Windows environment, do one of the following:
    • For Windows Server 2003, select the File menu, and then click Export.
    • For Windows Server 2000, select the Registry menu, and then click Export Registry File.
  5. Choose a location to save the file, type a file name and click Save.
  6. Close the Registry Editor.

Task 9

Import the Research In Motion folder to the new BlackBerry Enterprise Server service account by completing these steps:
Warning: The following procedure involves modifying the computer registry. This can cause substantial damage to the Microsoft Windows operating system. Document and back up the registry entries prior to implementing any changes.
  1. Log out of the current service account and log in with the new BlackBerry Enterprise Server service account.
  2. Locate the registry file that you saved from Task 8.
  3. Double-click the registry file and it will import to the correct location in the registry.
  4. Open the Registry Editor.
  5. Confirm that the HKEY_CURRENT_USER\Software\Research In Motion directory exists.
  6. Close the Registry Editor.

Task 10

Note: If you are using MSDE, skip Task 10 and go to Task 11.
If you have a Microsoft SQL Server 2000, assign the Server roles by completing the following steps:
  1. In the SQL Enterprise Manager, go to Microsoft SQL Servers/SQL Server Group/<SQL_server_name>.
  2. Expand the Microsoft SQL Server and expand security.
  3. Right-click Logins and click New Login.
  4. On the General tab, click the button next to the Name field, as shown below:
  5. Select the new service account name from the Names list, click Add, and click OK.
  6. From the Server Roles tab, select Server Administrators and Database Creators from the Server Role list. Note: If you are running BlackBerry Enterprise Server software version 4.1, add the System Administrators role to add BlackBerry smartphone users in a role-based administration environment. For instructions, see the BlackBerry Enterprise Server for Microsoft Exchange: System Administration Guide.
  7. On the Database Access tab, select the check box for the BlackBerry Configuration Database (for example, BESMgmt).
  8. In the Database Roles for list, select the db_owner check box.
If you have a Microsoft SQL Server 2005, assign the Server roles by completing the following steps:
  1. In the SQL Enterprise Manager/Management Studio, go to Microsoft SQL Servers/SQL Server Group/<SQL_server_name>.
  2. Expand the Microsoft SQL Server and expand security.
  3. Right-click Logins and click New Login.
  4. On the General tab, click the button next to the Name field.
  5. Select the new service account name from the Names list, click Add, and click OK.
  6. From the Server Roles tab, select Server Administrators and Database Creators from the Server Role list. Note: If you are running BlackBerry Enterprise Server software version 4.1, add the System Administrators role to add BlackBerry smartphone users in a role-based administration environment. For instructions, see the BlackBerry Enterprise Server for Microsoft Exchange: System Administration Guide.
  7. On the User Mapping tab, select the check box for the BlackBerry Configuration Database (for example, BESMgmt).
  8. In the Database Roles for list, select the public and db_owner check box and click OK.

Task 11

Edit the MAPI profile by completing these steps:
  1. Make sure that BlackBerry Manager is closed.
  2. Click Start > Programs > BlackBerry Enterprise Server > BlackBerry Server Configuration.
  3. On the BlackBerry Server tab, click Edit MAPI Profile.
  4. In the Mailbox field, type the new BlackBerry Enterprise Server service account mailbox name.
  5. Click Apply and click OK.

Task 12

Start all BlackBerry Enterprise Server services by completing the following steps:
  1. In BlackBerry Manager, right-click the BlackBerry Enterprise Server name, and then select Service Control > Start Service for each of the following services in the following order:
    • BlackBerry Router
    • BlackBerry Dispatcher
    • BlackBerry Controller
    • all other BlackBerry Enterprise Server services
  2. After starting the services, close BlackBerry Manager. Note: BlackBerry Enterprise Server services can also be started in Administrative Tools > Services.
Important: Restarting certain BlackBerry Enterprise Server services will delay email message delivery to BlackBerry smartphones. For more information, see KB04789.



Additional Information

Note that if your organization uses a single domain or multiple domains that are trusted in a Microsoft Exchange organization, one BlackBerry Enterprise Server service account is sufficient to manage the BlackBerry Enterprise Server.
__________________
http://blog.port3101.org/hdawg/
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 05-25-2009, 09:10 PM
hdawg's Avatar
Proprietor
 
Join Date: Nov 2008
Posts: 2,257
Blog Entries: 147
Default

updated
__________________
http://blog.port3101.org/hdawg/
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On


LinkBacks (?)
LinkBack to this Thread: http://www.port3101.org/featured-blackberry-kb-articles/144-kb04293-how-switch-blackberry-enterprise-server-service-accounts.html
Posted By For Type Date
Bug 45712 &ndash; How to switch BlackBerry Enterprise Server service accounts with ZCB This thread Refback 04-18-2010 07:40 PM
Help with strange error log - BlackBerryForums.com : Your Number One BlackBerry Community This thread Refback 06-18-2009 03:53 PM

Similar Threads
Thread Thread Starter Forum Replies Last Post
KB04293 - How to switch BlackBerry Enterprise Server service accounts hdawg Featured BlackBerry KB Articles 0 06-02-2009 09:13 AM
KB05127 - How to update the BlackBerry Enterprise Server service account password Si Featured BlackBerry KB Articles 0 03-20-2009 03:53 AM
KB17054 - Assigning permissions for the BlackBerry Enterprise Server service account hdawg Featured BlackBerry KB Articles 1 02-08-2009 12:46 PM
KB02276 - Assigning permissions for a BlackBerry Enterprise Server service account hdawg Featured BlackBerry KB Articles 0 02-08-2009 12:44 PM
KB15376 - Use the BlackBerry Enterprise Server User Admininstration Tool service.... Si Featured BlackBerry KB Articles 0 01-19-2009 09:56 AM


All times are GMT -4. The time now is 11:43 AM.
Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2019, vBulletin Solutions, Inc.


 

SEO by vBSEO 3.3.2 PL2