How to perform manual provisioning of the BlackBerry Collaboration Service for Microsoft Office Communications Server 2007 R2 or Lync

Article ID: KB28474

Type: Support Content

Last Modified: 05-08-2014

 

Product(s) Affected:

  • BlackBerry Enterprise IM for BlackBerry 10
  • BlackBerry Enterprise Server for Microsoft Exchange
  • BlackBerry Enterprise Server for IBM Domino
CollapseEnvironment
  • BlackBerry Enterprise Server 5.0 SP3 to SP4
  • BlackBerry Enterprise Service version 10.1 to 10.2
  • BlackBerry Collaboration Service 10.1 to 10.2.1
  • Microsoft Office Communications Server 2007 R2
  • Microsoft Lync 2010 to 2013
CollapseOverview

The BlackBerry Collaboration Service in BlackBerry Enterprise Server 5.0 SP3 to SP4 and in BlackBerry Enterprise Service 10 for use with Microsoft Office Communications Server 2007 R2, Lync 2010 or Lync 2013 must be configured for TLS/MTLS communications with the front end pool. To do so, the server hosting the BlackBerry Collaboration Service must be provisioned into Active Directory Trusted Services as a Trusted Application Server. There are two methods available to manually provision the server.

In all cases, these steps will need to be run first:

  1. Stop the BlackBerry Collaboration Service.
  2. Ensure that the service account has RTCComponentUniversalServices or RTCUniversalReadOnlyAdmins group rights.
  3. Locate the RIMPUBLIC.PROPERTY file in <drive>:\Program Files (x86)\Research In Motion\BlackBerry Enterprise Server\BBIM\Servers\instance\config and open with Notepad.
    Note: Due to Windows 2008 Security, it may be necessary to open a command window as Administrator to be able to save this file.
  4. Add this line to the file:
    improxy.RIMMSConnector.autoprovision=false
  5. Save the file.

Method 1: Use the BCSProvisioner or ApplicationProvisioner to create the Trusted Service entry.

  1. Log into the server hosting the BlackBerry Collaboration Service as a user with RTCUniversalServerAdmins group rights.
  2. Browse to <drive>:\Program Files (x86)\Research In Motion\BlackBerry Enterprise Server\BBIM\bin
  3. If using the BCSProvisioner:
    1. Double-click on BCSProvisioner.exe
    2. In the Instant-messaging server pool drop-down, select the desired front end pool to bind to.
    3. In the BlackBerry Collaboration Service server FQDN field, enter the Fully Qualified Domain Name of the server hosting the BlackBerry Collaboration Service.
    4. In the Listening port field, enter 65061.
    5. Click the Provision button.
    6. Start the BlackBerry Collaboration Service.
  4. If using the ApplicationProvisioner:
    1. Double-click on ApplicationProvisioner.exe
    2. In the Application name field, enter RIMMSConnector
    3. Click Find or Create... button.
    4. In the Application pool field, drop it down to see if the local server is already listed. If it is, the server is already provisioned. This tool can be used to remove an existing entry if required. If the local server is already listed, close the Application Provisioner tool and skip the remaining steps.
    5. Click the Add button.
    6. In the OCS Pool FQDN field, click the drop down to select the desired front end pool to bind to.
    7. In the Listening port field, enter 65061.
    8. Beside the Application server Fqdn field is a checkbox labeled Localhost. Click this to automatically populate the local server information.
    9. Do not enable the Load balanced application checkbox.
    10. Click the OK button.
  5. Start the BlackBerry Collaboration Service.

Method 2: Use Lync 2010 or 2013 PowerShell commands to create the Trusted Service entry.

  1. Log into the Lync environment to access Lync PowerShell as a user with RTCUniversalServerAdmins group rights.
  2. Display the available Sites within the Lync environment:
    Get-CsSite
  3. This will return the details of the Trusted Application Pool, if it already exists:
    Get-CsTrustedApplicationPool

    If the command did not return any data, then a Trusted Application Pool does not exist, and needs to be created.
    1. To create a Trusted Application Pool with the name of BESAppPool in Site 1 from the Get-CsSite command above, use this command:
      New-CsTrustedApplicationPool -Identity BESAppPool.example.com -Registrar Registrar:REGISTRAR.example.com -Site 1 -ComputerFQDN fqdn_of_BCS_server.example.com -ThrottleAsServer $true -TreatAsAuthenticated $true
      Adjust the -Site switch as needed based on the information from the Get-CsSite command from step 1.
    2. Create the Trusted Application Entry in the new Pool:
      New-CsTrustedApplication -ApplicationId RIMMSConnector -TrustedApplicationPoolFqdn BESAppPool.example.com -Port 65061
  4. To query the existing Trusted Application list for RIMMSConnector entries:
    Get-CsTrustedApplication | ? { $_.LegacyApplicationName -eq "RIMMSConnector" }
  5. Add any additional BlackBerry Collaboration Service server references to this Trusted Application Pool:
    New-CsTrustedApplicationComputer -Identity fqdn_of_BCS_server.example.com -Pool BESAppPool.example.com
  6. Write the changes to Active Directory:
    Enable-CsTopology
  7. Force or wait for Active Directory Replication to ensure the server hosting the BlackBerry Collaboration Service can access the new data in Active Directory.
  8. Start the BlackBerry Collaboration Service.

Once the Enable-CsTopology command has been run, a Lync administrator can also use the Lync Server Control Panel to view this data.

CollapseAdditional Information

How to use Lync PowerShell commands to remove a BlackBerry Collaboration Service from Trusted Services:

  1. Log into the Lync environment to access Lync PowerShell as a user with RTCUniversalServerAdmins group rights.
  2. Display the available Sites within the Lync environment:
    Get-CsSite
  3. Display the available Trusted Application Pools:
    Get-CsTrustedApplicationPool
  4. Display all existing Trusted Application entries for the BlackBerry Collaboration Service servers:
    Get-CsTrustedApplication | ? { $_.LegacyApplicationName -eq "RIMMSConnector" }
  5. To remove a single BlackBerry Collaboration Service server from an existing pool (Note : a pool must have at least one member) :
    Remove-CsTrustedApplicationComputer -Identity fqdn_of_BCS_server.example.com
  6. To remove a Trusted Application Pool (this step is required if the desire is to remove the last BlackBerry Collaboration Service server from the pool and the pool only holds BlackBerry Collaboration Service servers) :
    1. Locate the pool name from step 3
    2. Enter this command:
      Remove-CsTrustedApplicationPool -Identity BESAppPool.example.com
  7. Write the changes to Active Directory:
    Enable-CsTopology

Note : If Lync PowerShell was used to create the Trusted Service entries, tools like the BCSProvisioner and ApplicationProvisioner will not be able to properly read the Active Directory Trusted Service records due to the existence of a record that represents the Trusted Application Pool. The ApplicationProvisioner is an Office Communications Server 2007 R2 application, and cannot understand the new records created by Lync.

Note : The requirement for RTCComponentUniversalServices group permission has been relaxed. It has been found that the minimum group permission that the service account should have to be able to read the existing Trusted Service Entries is RTCUniversalReadOnlyAdmins.

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.