How to perform manual provisioning of the BlackBerry Collaboration Service for Microsoft Office Communications Server 2007 R2 or Lync

Article ID: KB28474

Type: Support Content

Last Modified: 07-23-2015

 

Product(s) Affected:

  • BES12
  • BES10
  • BlackBerry Enterprise IM for BlackBerry 10
  • BlackBerry Enterprise Server for Microsoft Exchange
  • BlackBerry Enterprise Server for IBM Domino
  • BlackBerry Enterprise Server for Microsoft Office 365
CollapseEnvironment
  • BlackBerry Enterprise Server 5.0 SP3 to SP4
  • BlackBerry Enterprise Server for Microsoft Office 365
  • BlackBerry Enterprise Service 10 version 10.1 to 10.2
  • BlackBerry Enterprise Service 12 version 12.1 to 12.2
  • BlackBerry Collaboration Service
  • Microsoft Office Communications Server 2007 R2
  • Microsoft Lync 2010 to 2013
CollapseOverview

The BlackBerry Collaboration Service in BlackBerry Enterprise Server 5.0 SP3 to SP4, BlackBerry Enterprise Server for Office 365, and for BlackBerry Enterprise Service 10 and 12, for use with Microsoft Office Communications Server 2007 R2, Lync 2010 or Lync 2013 must be configured for TLS/MTLS communications with the front end pool. To do so, the server hosting the BlackBerry Collaboration Service must be provisioned into Active Directory Trusted Services as a Trusted Application Server. There are two methods available to manually provision the server.

In all cases, these steps will need to be run first:

  1. Stop the BlackBerry Collaboration Service.
  2. Ensure that the service account has RTCComponentUniversalServices or RTCUniversalReadOnlyAdmins group rights.
  3. Locate the RIMPUBLIC.PROPERTY file in <drive>:\Program Files (x86)\Research In Motion\BlackBerry Enterprise Server\BBIM\Servers\instance\config and open with Notepad.
    Note: Due to Windows 2008 Security, it may be necessary to open a command window as Administrator to be able to save this file.
  4. Add this line to the file:
    improxy.RIMMSConnector.autoprovision=false
  5. Save the file.

Note: The BlackBerry Collaboration Service 12 version 12.2 is designed for Manual Provisioning only. There is no need to add the line above to the RIMPUBLIC.PROPERTY file as the Service ignores it and assumes manual provisioning.



Method 1: Use the BCSProvisioner or ApplicationProvisioner to create the Trusted Service entry.

Note: This option is not available for new installations of BlackBerry Collaboration Service 12 version 12.2, as the requirements to use Method 1 require the installation of now deprecated Office Communications Server 2007 R2 Core Components.

  1. Log into the server hosting the BlackBerry Collaboration Service as a user with RTCUniversalServerAdmins group rights.
  2. Browse to <drive>:\Program Files (x86)\Research In Motion\BlackBerry Enterprise Server\BBIM\bin
  3. If using the BCSProvisioner:
    1. Double-click on BCSProvisioner.exe
    2. In the Instant-messaging server pool drop-down, select the desired front end pool to bind to.
    3. In the BlackBerry Collaboration Service server FQDN field, enter the Fully Qualified Domain Name of the server hosting the BlackBerry Collaboration Service.
    4. In the Listening port field, enter 65061.
    5. Click the Provision button.
    6. Start the BlackBerry Collaboration Service service.
  4. If using the ApplicationProvisioner:
    1. Double-click on ApplicationProvisioner.exe
    2. In the Application name field, enter RIMMSConnector
    3. Click Find or Create... button.
    4. In the Application pool field, drop it down to see if the local server is already listed. If it is, the server is already provisioned. This tool can be used to remove an existing entry if required. If the local server is already listed, close the Application Provisioner tool and skip the remaining steps.
    5. Click the Add button.
    6. In the OCS Pool FQDN field, click the drop down to select the desired front end pool to bind to.
    7. In the Listening port field, enter 65061.
    8. Beside the Application server Fqdn field is a checkbox labeled Localhost. Click this to automatically populate the local server information.
    9. Do not enable the Load balanced application checkbox.
    10. Click the OK button.
  5. Start the BlackBerry Collaboration Service service. 

Method 2: Use Lync 2010 or 2013 PowerShell commands to create the Trusted Service entry.

Note: This is the only supported method of provisioning the BlackBerry Collaboration Service 12 version 12.2 servers.

  1. Log into the Lync environment to access Lync PowerShell as a user with RTCUniversalServerAdmins group rights.
  2. Display the available Sites within the Lync environment:
    Get-CsSite
  3. Display the Registrar service for the site to create a Trusted Application Pool in:
    Get-CsSite 1 | Select-Object -ExpandProperty Services
  4. This will return the details of a Trusted Application Pool defined for use by existing BlackBerry Collaboration Service servers, if one already exists:
    Get-CsTrustedApplicationPool | Where-Object {$_.Applications -like "*rimmsconnector*"}

    If the command did not return any data, then a Trusted Application Pool does not exist for BlackBerry Collaboration Service servers, and needs to be created.
    1. To create a Trusted Application Pool with the name of BESAppPool in Site 1 from the Get-CsSite command above, use this command:
      New-CsTrustedApplicationPool -Identity BESAppPool.example.com -Registrar Registrar:REGISTRAR.example.com -Site 1 -ComputerFQDN fqdn_of_BCS_server.example.com -ThrottleAsServer $true -TreatAsAuthenticated $true -RequiresReplication $false
      Adjust the -Site switch as needed based on the information from the Get-CsSite command from step 1.
    2. Create the Trusted Application Entry in the new Pool:
      New-CsTrustedApplication -ApplicationId RIMMSConnector -TrustedApplicationPoolFqdn BESAppPool.example.com -Port 65061
  5. To query the existing Trusted Application list for RIMMSConnector entries:
    Get-CsTrustedApplication | ? { $_.LegacyApplicationName -eq "RIMMSConnector" }
  6. Add any additional BlackBerry Collaboration Service server references to this Trusted Application Pool:
    New-CsTrustedApplicationComputer -Identity fqdn_of_BCS_server.example.com -Pool BESAppPool.example.com
  7. Write the changes to Active Directory:
    Enable-CsTopology
  8. Force or wait for Active Directory Replication to ensure the server hosting the BlackBerry Collaboration Service can access the new data in Active Directory.
  9. Start the BlackBerry Collaboration Service.

Once the Enable-CsTopology command has been run, a Lync administrator can also use the Lync Server Control Panel to view this data.


For BlackBerry Collaboration Service 12 version 12.2, the service requires the GRUU string that is created when the service is provisioned needs to be manually populated in the RIMPUBLIC.PROPERTY file. Additional information is available in KB37115 and KB37193.

To determine and list all GRUU items for the TrustedApplication:

  1. To list the available sites:
    Get-CsSite
  2. To list the Trusted Application Pools:
    Get-CsTrustedApplicationPool
    Review the PoolFqdn and Applications properties.
  3. To list the Computer GRUUs within a specific pool:
    $a = Get-CsTrustedApplication -Identity "<PoolFqdn>/<Applications>"
    $a.ComputerGruus | fl

    For example:
    $a = Get-CsTrustedApplication -Identity "BESAppPool.example.com/urn:application:rimmsconnector"
    $a.ComputerGruus | fl
  4. Review the output:
    Fqdn : bcsserver1.example.com
    Gruu : sip:bcsserver1.example.com@example.com;gruu;opaque=srvr:rimmsconnector:xxxxxxxxxxxxxxxxxxxxxxxx

Once the Gruu string has been gathered for the specific server's fully qualified domain name (copied and pasted into Notepad for example), then that information can be pasted into the BlackBerry Collaboration Service server's RIMPUBLIC.PROPERTY file. Each instance of the BlackBerry Collaboration Service requires it's own unique Gruu string, as each server must be individually provisioned as a Trusted Application Server in the Lync environment.

  1. Log into the server hosting the   BlackBerry Collaboration Service
  2. Open a   Command Prompt  window with   Run As Administrator  priveleges
  3. Navigate to this folder:
    cd C:\Program Files\BlackBerry\BlackBerry Collaboration Service\BBIM\Servers\instance\config
  4. Open the   rimpublic.property  file with a text editor:
    notepad.exe rimpublic.property
  5. Add this line to the file with the correct gruu string:
    improxy.gruu=sip:bcsserver1.example.com@example.com;gruu;opaque=srvr:rimmsconnector:xxxxxxxxxxxxxxxxxxxxxxxx
  6. Close the text editor to save and exist
  7. Start the   BlackBerry Collaboration Service  service
CollapseAdditional Information

To determine the list of available services (like the Registrar):

  1. To list the available sites:
    Get-CsSite
  2. To list the Services for a selected site:
    Get-CsSite 1 | Select-Object -ExpandProperty Services

To determine the list of available pools for a given site:

  1. To list the available sites:
    Get-CsSite
  2. To list the Pools for a selected site:
    Get-CsSite 1 | Select-Object -ExpandProperty Pools

How to use Lync PowerShell commands to remove a BlackBerry Collaboration Service from Trusted Services:

  1. Log into the Lync environment to access Lync PowerShell as a user with RTCUniversalServerAdmins group rights.
  2. Display the available Sites within the Lync environment:
    Get-CsSite
  3. Display the available Trusted Application Pools:
    Get-CsTrustedApplicationPool
  4. Display all existing Trusted Application entries for the BlackBerry Collaboration Service servers:
    Get-CsTrustedApplication | ? { $_.LegacyApplicationName -eq "RIMMSConnector" }
  5. To remove a single BlackBerry Collaboration Service server from an existing pool (Note: a pool must have at least one member):
    Remove-CsTrustedApplicationComputer -Identity fqdn_of_BCS_server.example.com
  6. To remove a Trusted Application Pool (this step is required if the desire is to remove the last BlackBerry Collaboration Service server from the pool and the pool only holds BlackBerry Collaboration Service servers) :
    1. Locate the pool name from step 3
    2. Enter this command:
      Remove-CsTrustedApplicationPool -Identity BESAppPool.example.com
  7. Write the changes to Active Directory:
    Enable-CsTopology

Note: If Lync PowerShell was used to create the Trusted Service entries, tools like the BCSProvisioner and ApplicationProvisioner will not be able to properly read the Active Directory Trusted Service records due to the existence of a record that represents the Trusted Application Pool. The ApplicationProvisioner is an Office Communications Server 2007 R2 application, and cannot understand the new records created by Lync.

Note: The requirement for RTCComponentUniversalServices group permission has been relaxed. It has been found that the minimum group permission that the service account should have to be able to read the existing Trusted Service Entries is RTCUniversalReadOnlyAdmins.

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.