How to Switch BlackBerry Enterprise Server Service Accounts For Microsoft Exchange

Article ID: KB04293

Type: Support Content

Last Modified: 05-15-2013

 

Product(s) Affected:

  • BlackBerry Enterprise Server for Microsoft Exchange
  • BlackBerry Professional Software
CollapseEnvironment
  • BlackBerry Enterprise Server 4.0 to 5.0 SP4 for Microsoft Exchange
  • BlackBerry Enterprise Server Express 5.0 to 5.0 SP4 for Microsoft Exchange
  • BlackBerry Professional Software
  • Microsoft SQL Server 2000, 2005, 2008 Standard and Enterprise Edition
  • Microsoft SQL Server 2005 and 2008 Express Edition
  • Microsoft SQL Server Desktop Engine (MSDE)
CollapseOverview

To change the BlackBerry Enterprise Server service account for the BlackBerry Enterprise Server for Microsoft Exchange, complete the following tasks:

  1. Create a new BlackBerry Enterprise Server service account and mailbox in Microsoft Active Directory.
  2. Set the local permissions.
  3. Stop all BlackBerry Enterprise Server services.
  4. Configure BlackBerry Enterprise Server services to log in with the new service account.
  5. Export the Research In Motion folder from the old service account.
  6. Import the Research In Motion folder to the new service account.
  7. If using a Microsoft SQL Server, assign the Server roles.
  8. Edit the Messaging Application Programming Interface (MAPI) profile.
  9. Start all BlackBerry Enterprise Server services.
  10. Create an Administrator account for the BlackBerry Administration Service.
  11. Change Active Directory settings on the BlackBerry Server Configuration panel.

Task 1

Create a new BlackBerry Enterprise Server service account and mailbox in Microsoft Active Directory. For detailed instructions, refer to the BlackBerry Enterprise Server Installation and Configuration Guide.

Note: The BlackBerry Enterprise Server service account should be a domain user, with no extra permissions aside from the ones listed in the following steps.


Task 2

Set the permissions for the new service account on the local computer, in Active Directory, and in Microsoft Exchange. For detailed steps, see KB02276.


Task 3

Stop all BlackBerry Enterprise Server services by completing the following steps:

  1. Open Administrative Tools > Services.
  2. Right-click each BlackBerry Enterprise Server service and then click Stop for each service.

Task 4

Configure any BlackBerry services that use the old BlackBerry Enterprise Server service account to log in with the new BlackBerry Enterprise Server service account by completing the following steps:

Note: For BlackBerry Enterprise Server 4.0 to 4.1 SP4 do not include the BlackBerry Attachment Service, BlackBerry Mobile Data System services, Apache Tomcat service, or BlackBerry Instant Messaging Connector in this procedure. These services are always set to the local system.

Note: For BlackBerry Enterprise Server 4.1 SP5 to 5.0 SP4 do not include the BlackBerry Attachment Service or BlackBerry Instant Messaging Connector in this procedure. These services are always set to the local system.

  1. Open Administrative Tools > Services, double-click a BlackBerry Enterprise Server service that has a Log On as the BlackBerry service account, and click the Log On tab.
  2. Select the This account option, and then type the new BlackBerry Enterprise Server service account name.
  3. In the Password and Confirm Password fields, type the BlackBerry Enterprise Server service account password.
  4. Click Apply, and then click OK.
  5. Repeat steps 1 to 4 for each of the remaining BlackBerry Enterprise Server services that have a Log On as the Blackberry service account.

Task 5

Export the Research In Motion folder from the old BlackBerry Enterprise Server service account.

Note: To perform this task, log on using the account that was initially used to install the BlackBerry Enterprise Server software or service pack.

Note: If the BlackBerry Administration Service console or BlackBerry Enterprise Server components are installed on a remote server, export the Research In Motion folder from those servers under the same registry path.

Warning: The following procedure involves modifying the computer registry. This can cause substantial damage to the Windows operating system. Document and back up the registry entries prior to implementing any changes.

  1. Log in to the old BlackBerry Enterprise Server service account.
  2. In the Registry Editor, go to HKEY_CURRENT_USER\Software\Research In Motion
  3. Select the Research In Motion folder.
  4. Depending on the Windows environment, do one of the following:
    • For Windows Server 2003 and Windows Server 2008, select the File menu, and then click Export.
    • For Windows Server 2000, select the Registry menu, and then click Export Registry File.
  5. Choose a location to save the file, type a file name and click Save.
  6. Close the Registry Editor.

Task 6

Import the Research In Motion folder to the new BlackBerry Enterprise Server service account by completing these steps:

Note: If there are remote components, import the registry key to the respective servers.

Warning: The following procedure involves modifying the computer registry. This can cause substantial damage to the Windows operating system. Document and back up the registry entries prior to implementing any changes.

  1. Log out of the current service account and log in with the new BlackBerry Enterprise Server service account.
  2. Locate the registry file saved from Task 5.
  3. Double-click the registry file and it will import to the correct location in the registry.
  4. Open the Registry Editor.
  5. Confirm that the HKEY_CURRENT_USER\Software\Research In Motion directory exists .
  6. Close the Registry Editor.

Task 7

Note: If using Microsoft SQL Server Desktop Engine (MSDE), skip Task 7 and go to Task 8.

If using a Microsoft SQL Server 2000, assign the Server roles by completing the following steps:

  1. In the SQL Enterprise Manager, go to Microsoft SQL Servers/SQL Server Group/<SQL_server_name>.
  2. Expand the Microsoft SQL Server and expand security.
  3. Right-click Logins and click New Login.
  4. On the General tab, click the dotted button next to the Name field.
  5. Select the new service account name from the Names list, click Add, and click OK.
  6. From the Server Roles tab, select Server Administrators and Database Creators from the Server Role list.

    Note: If running BlackBerry Enterprise Server 4.1 or 5.0, add the Administrators role to add BlackBerry smartphone users in a role-based administration environment. For instructions, see the BlackBerry Enterprise Server for Microsoft Exchange: System Administration Guide.

  7. On the Database Access tab, select the check box for the BlackBerry Configuration Database (for example, BESMgmt).
  8. In the Database Roles for <BlackBerry_Configuration_Database_name> list, select the db_owner check box.

If using a Microsoft SQL Server 2005 or 2008, assign the Server roles by completing the following steps:

  1. Open SQL Enterprise Manager/Management Studio, go to Microsoft SQL Servers/SQL Server Group/<SQL_server_name>.
  2. Expand Microsoft SQL Server and expand Security.
  3. Right-click Logins and click New Login.
  4. On the General tab, click the button next to the Name field.
  5. Select the new service account name from the Names list, click Add, and click OK.
  6. On the Server Role list, select Server Administrators and Database Creators.

    Note: If running BlackBerry Enterprise Server 4.1, add the Administrators role to add BlackBerry smartphone users in a role-based administration environment. For instructions, see the BlackBerry Enterprise Server for Microsoft Exchange: System Administration Guide.

  7. On the User Mapping tab, select the check box for the BlackBerry Configuration Database (for example, BESMgmt).
  8. In the Database Roles for <BlackBerry_Configuration_Database_name> list, select the public and db_owner check box and click OK.

Task 8

Edit the Messaging Application Programming Interface (MAPI) profile by completing these steps:

  1. Make sure BlackBerry Manager is not open.
  2. Click Start > Programs > BlackBerry Enterprise Server > BlackBerry Server Configuration.
  3. On the BlackBerry Server tab, click Edit MAPI Profile.
  4. In the Mailbox field, type the new BlackBerry Enterprise Server service account mailbox name.
  5. Click Apply and click OK.

Task 9

Start all BlackBerry Enterprise Server services by completing the following steps:

  1. Open Administrative Tools > Services.
  2. Right-click each BlackBerry service and then click Start in the following order:
  • BlackBerry Router
  • BlackBerry Dispatcher
  • BlackBerry Controller
  • All other BlackBerry Enterprise Server services

Important: Restarting certain BlackBerry Enterprise Server services delays email message delivery to BlackBerry smartphones. For more information, see KB04789.


Task 10

For BlackBerry Enterprise Server 5.0 and later only

Create an administrator account for the new created BlackBerry Service Account on the BlackBerry Administration Service. For more information, see KB22415.


Task 11

For BlackBerry Enterprise Server 5.0 and later only

  1. Open the BlackBerry Server Configuration panel, by going to Start > Programs > BlackBerry Enterprise Server > BlackBerry Server Configuration.
  2. Select the Administration Service - AD Settings tab.
  3. Update username and password.
CollapseAdditional Information
Notes:
  • If an organization uses a single domain or multiple domains that are trusted in a Microsoft Exchange environment, one BlackBerry Enterprise Server service account is sufficient to manage the BlackBerry Enterprise Server.
  • All BlackBerry Enterprise Server services in BlackBerry Enterprise Server 5.0 run as the BlackBerry Enterprise Server service account in Task 7.
  • The full permissions for the new service account may not be viewed when the command to view the permissions is run. Go to the Microsoft Support website and search for "KB 272153" for more information.
  • To switch service account for BlackBerry Enterprise Server 5.0 to 5.0 SP3, which uses BAS authentication, login to the BlackBerry Administration Service with the original service account and add the new service account to the administrator users to be able to login with the new service account.

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.