I wanted to share with you all a few hurdles I had to overcome when installing BES 5.0.2 on Windows 2008 R2. It required a call to RIM to ultimately fix, and I am sharing the script that they provided with you all.
We started with 5.0.0 on a Windows 2008 R2 server, and after installation, the services would not start. Edited service dependencies in the registry to remove "NtLmSsp", which does not exist on 2008 R2. The services came up successfully. Knowing that 5.0.0 is not compatible with 2008 R2, I proceeded with the 5.0.2 upgrader that is provided online. Then more problems occurred. Had to download the VeriSign Trust Network and manually add the certs to the Trusted Root CA store of the PC. The file is available here: http://www.verisign.com/support/roots.html. There is a ZIP file of all of them. Had to choose "Show physical stores" and load them all into the Local Computer store. Then Java would install during the upgrade to 5.0.2. Our servers do not have access to the internet, nor can they run Windows Update, and I chose this route rather than installing the Root CA Update pack from MSFT. Once 5.0.2 was up and running, I tried to log in to BAS, and could not. During installation, I chose LDAP authentication and not local BAS authentication (I wish I would have chosen BAS auth as it would have saved me a couple hours on a late night). Dug up a script that uses a sproc to create a local BAS admin account. The sproc can be found here: http://smsbeley.blogspot.com/2010/04/reset-bes-5-bas-admin-password.html After running that, I was successfully able to log in to BAS using the new "backdoor" account. It surprises me that they call the password a "hash" when it is a really weak encrypted string (and can be decoded using basUtility.bat). Once I logged in, the next step was for me to configure LDAP auth, then received this error message: http://docs.blackberry.com/en/admin/deliverables/16619/BlackBerry_Administration_Service_KIL_1020298_11.jsp If you create the BlackBerry Configuration Database using the createdb.exe tool, the BlackBerry Administration Service displaysthe following exception when accessing Server and components > BlackBerry Solution Topology > BlackBerry DomainComponent view > BlackBerry Administration Service : "The application has encountered a system error. Please report thiserror to the System Administrator. (EXCEPTION-com.rim.bes.bas.servicemanager.ServiceNotFoundException)". (CHD 356069) Workaround: Contact RIM Technical Support. It was about 2AM at this point (a few hours outside of my approved change window), and I gave up. I called RIM later in the week and sent them about 400MB of logs and a backup of our database. They provided this script, which removes a malformed auth provider that was screwing up the integrity of the database: DELETE FROM BASAuthenticationCredentials WHERE CredentialIdentifier = 'AD' AND AuthenticatorIdentifier = 111 What's funny is I was going to get in there and delete the 'AD:' credentialIdentifier, but I am glad that I did not. That's the one that must stay, the 'AD' one needs to go. So, Bes5.0.2 is now alive and well on our 2008R2 installation, except for one more minor problem: I can't see "messaging configuration" for users in BAS anymore. Last week it worked, this week it does not. So, going to have to call RIM again and find out why. Also, RIM provided me a direct download link to a full installation of BES 5.0.2, which I used on the FT node and it was installed and running in about 10 minutes. Sure beats having to install 5.0.0, hack the registry, then upgrade to SP2. I would recommend contacting RIM to obtain this version for any of you considering using 2008R2 as the OS for BES. Thanks, Dave Denmark Senior Systems Engineer | System Services Seattle Children's 206-987-2643 OFFICE 206-469-5291 PAGER [email protected] OFFICE 6901 Sand Point Way NE, Seattle, WA 98115 MAIL M/S S-124, PO Box 50020, Seattle, WA 98145 WWW seattlechildrens.org<http://seattlechildrens.org/> CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information protected by law. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
_______________________________________________ Bes-Admins mailing list [email protected] http://www.dataoutages.com/mailman/listinfo/bes-admins http://www.dataoutages.com http://www.dataoutagenews.com RSS Feed: http://feeds.feedburner.com/Bes-admins --------------------------------- Bes-Admins mailing list is sponsored by Dataoutagenews.com. http://www.dataoutagenews.com
