Google Apps Connector for BlackBerry Enterprise Server Installation and Administration Guide November 2009 - Version 1.
Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043 www.google.com November 23, 2009 © Copyright 2009 Google Inc. All rights reserved. Google, the Google logo, Google Apps, Google Apps Email, Google Docs, Google Calendar, Google Sites, Google Video, Google Talk, Gmail, Google Message Filtering, Google Message Security, Google Message Discovery, Postini, the Postini logo are trademarks, registered trademarks, or service marks of Google Inc.
Contents Chapter 1: About This Guide.............................................................................. 5 What This Guide Contains .................................................................................... 5 Related Documentation......................................................................................... 5 How to Send Comments About This Guide........................................................... 6 Chapter 2: Introduction...............................................
Change IT Policy................................................................................................. 53 Verify Installation................................................................................................. 56 Chapter 6: Users ............................................................................................... 59 Scale of Users..................................................................................................... 59 Labels/Folders..........................
Chapter 1 About This Guide Chapter 1 What This Guide Contains The Google Apps Connector for BlackBerry Enterprise Server Administration Guide provides information about: • Features of the Google Apps Connector for BlackBerry Enterprise Server. • Architecture of the Google Apps Connector and related components. • Steps for installing the Google Apps Connector on a server. • Activating users. • Troubleshooting the Google Apps Connector.
Document Description Google Apps Deployment for Enterprise The resources here can help IT administrators and other deployment project team members manage the entire deployment process, including planning a pilot, communicating the switch to Google Apps to your organization, migrating legacy data, and training your users. Usler Setup Guide for Googe Apps Connector for BlackBerry Enterprise Server A user guide that describes to end users how to activate and use the Google Apps Connector.
About This Guide 7
Google Apps Connector for BlackBerry Enterprise Server Installation and Administration Guide
Chapter 2 Introduction Chapter 2 About Google Apps Connector for BlackBerry Enterprise Server Google Apps Connector for BlackBerry Enterprise Server wirelessly sends email, calendar events, and contacts from Google Apps to BlackBerry devices using a local installation of BlackBerry Enterprise Server. If you are using a Google Apps account for email, calendar and contacts, use the connector to synchronize with BlackBerry devices and take advantage of the rich features of the BlackBerry Enterprise Server.
Features and Benefits Google Apps Connector for BlackBerry Enterprise Server offers the following features and benefits: • Push Email: Push notification-based synchronization of email between the BlackBerry device and Google Apps, using native BlackBerry applications. • Less than 60 seconds latency for email synchronization. • Sent Mail Sync: Sent Mail messages are automatically redirected to the BlackBerry device by default.
Considerations Note that the current version of the Google Apps Connector for BlackBerry Enterprise Server has the following limitations: • One-way Calendar Sync: Calendar synchronization is limited to one-way synchronization from Google Apps to the BlackBerry device. You cannot accept meeting requests, create new events, or invite new attendees from the BlackBerry device, nor view free/busy details. • Calendar Sync: Only events in your primary user calendar are synced.
Options for Accessing Your Google Apps Information from a BlackBerry In addition to the Google Apps Connector for BlackBerry Enterprise Server, Google offers Gmail for Mobile and Google Sync for BlackBerry to enable access to email, calendar and contacts from a BlackBerry phone. Users may also use IMAP to access email from their native BlackBerry application. Review the details in the chart below to compare these solution and select the one that best meets your needs.
Feature Google Apps Connector for BlackBerry Enterprise Server Google Applications for the BlackBerry BlackBerry email through IMAP Immediate push notification. Gmail for Mobile synchronizes on a schedule roughly every 15 minutes. Push notification. Messages read or deleted on the device are marked read or deleted in Google Apps, and vice versa. Messages read or deleted on the device using Gmail for Mobile are marked read or deleted in Google Apps, and vice versa.
Feature Google Apps Connector for BlackBerry Enterprise Server Global Address List Synchronization Recommended Google Applications for the BlackBerry BlackBerry email through IMAP Yes. No; uses local contacts on device. No; uses local contacts on device. For pilot or production deployments with BlackBerry Enterprise Server to provide push email and calendar synchronization, quick contacts synchronization, rich user experience and central administration features.
Introduction 15
Google Apps Connector for BlackBerry Enterprise Server Installation and Administration Guide
Chapter 3 Architecture Chapter 3 Components The Google Apps Connector for BlackBerry Enterprise Server synchronizes data between Google Apps and a BlackBerry Enterprise Server.
1. Google Apps to the Google Apps Connector The Google Apps Connector synchronizes mail, calendars, and contacts through the Internet to Google Apps. 2. Google Apps Connector to PST User Cache File The Google Apps Connector reads a PST file for any updates that should be sent to Google Apps. The Google Apps Connector also writes any changes to the same PST file. The PST (Personal Storage Table) file is a standard file format used by Microsoft Outlook and other MAPI clients.
The exact number of users you can support depends on your server hardware and operating system. For more information, see “Server Requirements” on page 21. PST User Cache Files The BlackBerry Enterprise Server uses MAPI to extract mailbox information, usually expecting information from a Microsoft Exchange store. Because of this, the BlackBerry Enterprise Server relies on MAPI-specific properties for messages, folders and other objects.
Google Apps Connector for BlackBerry Enterprise Server Installation and Administration Guide
Chapter 4 Preparation and Planning Chapter 4 About Preparation For a successful implementation of Google Apps Connector for BlackBerry Enterprise Server, prepare and plan for your installation.
BlackBerry Professional Software: Up to 30 Users The Google Apps Connector requires the following if you plan to support fewer than 30 users on a BlackBerry Professional Software server: • A dedicated server. Do not use a server that is being used for other services. • Recommended Hardware Requirements: Intel® Pentium® IV processor (2GHz or greater), 2 GB RAM. • Windows 2003 Server Standard SP2 32bit with language=en. • 500MB of disk space per user, in addition to Windows requirements.
BlackBerry Enterprise Server: Up to 500 users The Google Apps Connector for BlackBerry Enterprise Server requires the following if you plan to support more than 250 users (up to 500 users) on a BlackBerry Enterprise server: • A dedicated server. Do not use a server that is being used for other services. • Recommended Hardware Requirements: Quad Core Intel® Pentium® IV processor (2GHz or greater), 8GB RAM. • Windows 2003 Server Standard SP2 64-bit (or Windows 2003 32-bit Enterprise) with language=en.
Network Requirements Run Google Apps Connector from a server on your network. Your network will need: • Ability for the BlackBerry Enterprise Server to initiate an outbound TCP/IP connection to BlackBerry’s server on port 3101. • Ability to make outbound Internet connections to Google on https port 443 and http port 80. By default, the Google Apps Connector uses the proxy settings in the Internet Options control panel applet.
5. Run the installer for the connector AppsConnector.msi and wait for it to complete. The MSI installer will only show a basic progress bar. There are no UI prompts.
One way to secure the cached user data on the server is to use Microsoft Encrypted File System (EFS), which allows you to specify files or folders to be encrypted. For more information about EFS, see the following Microsoft articles: http://technet.microsoft.com/en-us/library/cc875821.aspx http://technet.microsoft.com/en-us/library/bb457065.
To grant the hosting company's OAuth consumer key access to your domain: 1. Login to the Control Panel for CompanyA.com: https://www.google.com/a/CompanyA.com 2. Click on Advanced Tools 3. Select Manage third party OAuth Client access 4. Enter the OAuth Consumer key name for the hosting company: ConnectorHosting.MyHostCompany.com 5. Enter the URLs you want to grant access to for this OAuth Consumer: https://mail.google.com https://www.google.com/calendar/feeds/ https://google.
Migrate your IT policy from existing BlackBerry Enterprise Server infrastructure into the new infrastructure Information about migrating your IT policy can be found in article KB15908 in the BlackBerry Technical Solution Center. Download the BlackBerry Enterprise Server Resource Kit 4.1.6 for Microsoft Exchange. Use the ITPolicyImportExport.exe to export the existing policy to an XML file. Use the same tool to import the policy XML file into the new BlackBerry Enterprise Server infrastructure.
Chapter 5 Installation Chapter 5 About Installation Install the Google Apps Connector for BlackBerry Enterprise Server on a dedicated machine in your network. For System Requirements, see “Server Requirements” on page 21 and “Network Requirements” on page 24. Configure Google Apps Domain Before you install the Google Apps Connector, prepare your Google Apps domain to work with the BlackBerry Enterprise Server.
To confirm the Google Apps Sync setting, enable the Provisioning API and Two-legged OAuth, and add the BlackBerry Enterprise Server user 1. In a Web browser, go to your Google Apps control panel. the URL is http://www.google.com/a/cpanel/[domain] where [domain] is your domain name, such as example.com. 2. Log in as the Google Apps Administrator for your domain. 3. In the Google Apps control panel, click the Service Settings tab and select Email. 4.
Install BlackBerry Enterprise Server Application Create Administration Account Before you install the BlackBerry Enterprise Server application, you’ll need a local administrator for installation. Create either an Active Directory account or local server Windows account, then add this user to the local “Administrators” group on the server where BlackBerry Enterprise Server will be installed. If you already have a local administrator you want to use, you can skip this step.
http://www.microsoft.com/downloads/details.aspx?FamilyID=e17e7f31-079a-43a9bff2-0a110307611e&DisplayLang=en 2. Run ExchangeMapiCdo.exe. 3. Click Ok to extract the files to the desktop, then open the desktop folder ExchangeMapiCdo. 4. Run ExchangeMapiCdo.msi. 5. Click Next on the Welcome screen.
6. Click “I Agree” to accept the license agreement and click Next. 7. Click Finish to close the installation. To install the Microsoft time zone hotfix Information about the Microsoft time zone hotfix can be found here: http://support.microsoft.com/kb/955839/ 1. Download the update for your server from the Microsoft server. 2. After you have downloaded the update, run the update.
2. Select your Country/Region. 3. Read the license agreement. If you accept the terms, click “I accept the terms in the license agreement” for the Blackberry software license. Click Next. 4. Select Setup Type: Blackberry Enterprise Server. 5. Select Blackberry Collaboration Service: None. Click Next. 6. Read the license agreement for the Apache license. If you accept the terms, click “I accept”.
7. Click Next. System Information is displayed. Review this information then click Next again.
8. Enter the password for the BlackBerry Enterprise Server administrator account and click Next. 9. Select the database option you wish to use. If you are using MSDE 2000, select “Yes, I want to install MSDE 2000 locally”. Otherwise, select “No, I want to use a remote Microsoft SQL Server.
10. Click Next to review the Installation Summary, then click Next again to continue.
11. Click Yes when prompted to restart. 12. After the reboot log in with the same Administrator account to continue the installation.
13. Wait for the BlackBerry Enterprise Server installation to continue the installation process. If the installation program does not run within a minute or so, run Setup.exe again to continue installation.
14. Click Next on the Database Settings Screen.
15. Click Yes to create the BESMgmt database.
16. Click OK on the successful database creation dialog. 17. Enter your BlackBerry Enterprise Server CAL key and click Next.
18. Click Test Network Connection and verify communication is successful. Click Next.
19. Enter your SRP ID and Authentication Key provided by Research in Motion. 20. Click Validate SRP Key and ID. Confirm that the SRP Key and ID work. 21. Click OK on the dialog for SRP Key and ID validation. Click Next. 22. Click OK on the Warning to go to the profile creation dialog.
23. On the Microsoft Exchange Server profile creation screen enter None for the Exchange Server and click OK.
24. Click Next four times to skip WLAN SRP configuration, WLAN OTA Activation configuration, Secure Password configuration and Proxy Information. 25. Click Start Service and verify all services started successfully, then click Finish. 26. Download the Service Pack 6 Interim Security Software Update 4 from the BlackBerry download site: bes_as_fix_324730_4.1.6.zip If you are using BlackBerry Professional Software, download Update 4 for BlackBerry Professional Software here: bes_as_fix_324730_4.1.4.zip 27.
Note: Research In Motion may issue newer Maintenance Releases for BlackBerry Enterprise Server. For the latest supported release, see the Google Apps Connector Help Center article. If you are using BlackBerry Professional Software, download service pack B for BlackBerry Professional Software here: bpsx_414B.exe 29. Read the release notes for the Maintenance Release, then run the installation.
http://www.microsoft.com/downloads/details.aspx?FamilyID=b444bf18-79ea-46c68a81-9db49b4ab6e5&displaylang=en 6. Run office2007sp2-kb953195-fullfile-en-us.exe. 7. Read the license agreement. If you accept the terms, click “Click here to accept the Microsoft Software License Terms.” 8. Click Continue. 9. Click OK on “The installation is complete” dialog. Install the Connector After you have installed BlackBerry Enterprise Server, you will install the Google Apps Connector.
7. From the Start Menu, run Google Apps Connector -> Google Apps Connector Manager. You will see the Google Apps Connector for BlackBerry Enterprises Server Console.
8. Click File Locations. 9. If you wish to use a GAL Files Location, PST File Location or Log File Location that is different from the default, enter the path you wish to use. 10. Click Save, then Yes and OK if needed, to return to the main screen. 11. Click Profiles. 12. Enter the Service Email Account you created in Google Apps.
13. Enter your Google Apps Domain OAuth Consumer Key. 14. Enter your Google Apps Domain OAuth Consumer Secret. 15. Click Create Profiles. Note: If Two-legged OAuth is not already enabled, it make take 15 minutes to 24 hours before the OAuth feature takes effect after OAuth is enabled. WARNING: Never delete the BlackBerryServer or BlackBerryManager MAPI mail profiles in the Mail Control Panel applet.
The default GAL path for 64-bit Windows is: C:\Program Files (x86)\Google Apps Sync\GAL The GAL XML file is a one-time snapshot of the current users in your Google Apps domain. Run this process on a regular basis to capture new changes. For most domains, a daily update is recommended. You can also run this command with command line arguments so that you can run the tool by script or command line.
Change IT Policy After you have installed your connector, change your IT Policy to disable Memopad and Task Wireless Synchronization. These features are not supported in the Google Apps Connector. 1. Open the BlackBerry Manager application.
2. In BlackBerry Manager, click Edit Properties on the right side of the screen. 3. Click IT Policy in the menu to the left. 4. Double-click IT Policies to open your IT polices.
5. Click the policy you are using, or create a new policy, and click Properties. 6. In Properties on the left-hand menu, select PIM Synchronization policy group. 7. Set Disable Memopad Wireless Synchronization to True. 8. Set Disable Task Wireless Synchronization to True. 9. Click Apply, then click OK three times and exit the application.
Verify Installation After you have completed installation, launch Outlook to perform the initial GAL import. If the configured Google Apps Connector account is not enabled you will see the following Outlook balloon message: Error Synchronizing. Your email account is not enabled to sync emails to Outlook. If this happens, contact your domain admin to enable Google Apps Sync for Microsoft Outlook for your domain and restart Microsoft Outlook. To verify installation using Microsoft Outlook 1.
9. If prompted with a Welcome page, uncheck all options and click Next. Then select “I don’t want to use Microsoft Update” and click Finish. 10. If prompted for Instant Search feature in Outlook, check “Do not show this message again” and then click No. 11. In the menu bar, select Tools -> Address Book. You should see a list of all users based on your Global Address List. For large domains it might take a few minutes to complete the import process. 12. Close Outlook. 13.
Google Apps Connector for BlackBerry Enterprise Server Installation and Administration Guide
Chapter 6 Users Chapter 6 Scale of Users The Google Apps Connector for BlackBerry Enterprise Server is designed to support up to 500 users. If you need to add more than this number of users, install additional servers. The exact number of users you can support depends on your server hardware and operating system. For more information, see “Server Requirements” on page 21. Labels/Folders Google Apps allows users to tag mail using labels instead of folders.
To create a BlackBerry Enterprise Server User 1. From the Start menu, launch BlackBerry Enterprise Server -> BlackBerry Manager. 2. Click on your server. 3. In the right pane, click the Users tab. 4. In the bottom right tasks area, click Add Users. 5. Double-click on the users you want to add to BES and click OK. The users will be added to the Users list. 6. Right click on the User and select Set Activation Password. 7.
To wipe the BlackBerry device Before you proceed, use BlackBerry Desktop Manager to back up your device to protect against any data loss. If you are migrating a BlackBerry device from an existing BlackBerry environment, you will need to take additional steps. For more information, see “Migration” on page 27. 1. On your BlackBerry device home screen press the menu button to display all applications. 2. Open the Options application. 3. Select Security Options. 4. Select General Settings. 5.
Google Apps Connector for BlackBerry Enterprise Server Installation and Administration Guide
Chapter 7 Troubleshooting Chapter 7 About Troubleshooting This chapter details common problems and troubleshooting methods for Google Apps Connector for BlackBerry Enterprise Servers. If your users are experiencing a problem with their BlackBerry connection to Google Apps, use this chapter to help with troubleshooting. In most cases, there is a solution that will resolve most problems.
3. Open the BlackBerryServer profile. 4. Browse through user account details to troubleshoot what is happening. Note: The MFCMAPI utility is a third-party utility designed for troubleshooting. Information about MFCMAPI is included for your information in this book. For further information, support, issues, or questions about MFCMAPI, see the MFCMAPI product page at http:// mfcmapi.codeplex.com/.
2009-06-17T15:37:16:0920 8dc E:Install MSI34!RegisterServiceW @ 240 > Failed with 0x8007007e, last successful line = 230. Remove Conflicting Libraries Another very common source of problems are library conflicts. Check for any of the following files. If any file on this list exists, remove the file or disable the file by renaming the file with the extension “.bak” at the end. If you already have a backup, you can just delete the file.
If you are using antivirus software, configure your software to exclude scanning the PST cache files by excluding *.PST or the cache directory. For information on how to do this, see your antivirus documentation. Launch Outlook and wait for the Global Address List to synchronize If you are having installation problems, sometimes loading Microsoft Outlook on the server that is running the connector will synchronize the Global Address List and fix the problem. 1.
Verify the user is receiving Enterprise activation e-mails in their Gmail account. In a web browser, check the user’s Gmail account to see if there is a message from RIM with subject “RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2”. In particular, check the Spam folder in Gmail, and if the message is in the Spam folder, move the message to Inbox. Also, search in GMail for current or previous activation e-mails.
BlackBerry device activates but only a limited number of services appear to initialize. For example, it only shows only Calendar databases initializing for activation. Use BlackBerry Desktop Manager to reset the device to Factory Defaults and try the activation again. For more information on how to do this, see article KB17215 in the BlackBerry Technical Solution Center.
7. Double-click BlackBerryServer. 8. Look for user account in question within the list under heading Display Name with a PR_SERVICE_NAME of: “GSync_Delegate” WARNING: Never delete the primary MAPI profile entry with a PR_SERVICE_NAME of: “GSync” 9. Right-click the specific user entry and select Delete Service. 10. Close all MFC MAPI Windows After you have removed the entry, add the user again as usual, using the BlackBerry Manager application.
How can I see messages from other labels/folders? By default, when you activate a device, user will only see messages from your Inbox and Sent Items. If you want to see new messages from other folders/labels, users can redirect other folders to the BlackBerry device as well. To redirect a folder: 1. In the BlackBerry email application, go to Options -> Email settings. 2. Click the Menu button. 3. Select Folder Redirection. You will see a view of the folders in your mailbox. 4.
Test Confirmation Email You can test mail flow for any device with a confirmation email. To send a confirmation email, send the user a test message with “” in the subject. The device will automatically reply once the device receives the message. This will allow you to test connectivity, and act as a test for how quickly the device can receive and reply to a message. For more information, see the BlackBerry knowledge base article KB01056.
Multiple Agents If you are seeing consistent performance problems, you may be able to improve performance by enabling multiple BES Agent processes.
Log Files There are two sets of logs that are important for the Google Apps Connector: the tracing logs for the Google Apps Connector and the Research In Motion BlackBerry Enterprise Server software logs. The BlackBerryAgent process contains the core trace logs for the Google Apps Connector. If you are gathering logs to escalate a case to Google support, please provide all the Google Apps Sync logs as well as BlackBerry Server logs for the date when the problem occurred.
Log Description Outlook MFCMAPI Folder for Outlook, which is used to sync the GAL. Folder for MFC MAPI (if you are using MFC MAPI). BlackBerry Enterprise Server Logs BlackBerry Enterprise Server logs are stored by date. By default, BlackBerry Enterprise Server logs are found in the BlackBerry log directory for the day.
Log Description MAGT BlackBerry Agent log. If you are using multiple agents, you will see multiple logs, each with a different value for [AGENT]. A user's mailbox is assigned to a specific agent, usually between 1 and 5. To review the logs for a specific user, first determine the user’s Agent ID via the BlackBerry Manager tool. Once you know the Agent ID, find the corresponding log that contains the details regarding this user.
X-Google-Backends: /bns/wa/borg/wa-airbus/bns/gmail/v.caribou-server/ 128:9802,wafw4:9411,/bns/wa/ccc/caribou/prod/layer2-gfe/26,pxd25:443 X-Google-Service: gmail,gmproxy 2009-06-24T21:57:50.968-07:00 550 E:Network gsync32!OAuthLogin::TryAuthorizeRequest @ 280 (dSmith@example.com)> Authentication error: url=https://mail.google.com/a/example.com/r/ ?view=config, user=JSmith%40example.com If this error occurs, troubleshoot your Oauth settings: 1. Verify the OAuth consumer key is correct in the logs. 2.
2009-06-23T13:57:00.405-07:00 12ac E:Sync gsync32!GLookSyncHelper::DownloadCalendarSyncIssue @ 831 (jsmith@example.com)> Translating from GCal to Outlook failed with 0x80070057. GCal event is: AtomId: http://www.google.com/calendar/feeds/jsmith%40example.
Log Events You Can Ignore The following log events or errors represent normal functionality. You can ignore these errors in the log files. Common Application Event Logs These common BlackBerry events from the Application log entries are safe to ignore.
Date: 6/24/2009 Time: 10:59:25 PM User: N/A Computer: %BESSERVER% Description: {jsmith@example.
[30000] (06/24 22:12:56.843):{0xBF4} [Alarm::ActivateAlarm] Queuing alarm: | BlackBerry Messaging Agent BES-VM-41 Agent 1 (Application Event Log on BES-VM-41) | 06/24/2009 22:12:51 (AFFF509E) -> GetFreeBusyFolder HrOpenExchangePublicStore (0x800b0001) [30000] (06/24 22:12:56.
[30000] (06/24 22:18:18.843):{0xBF4} [Alarm::ActivateAlarm] Queuing alarm: | BlackBerry Messaging Agent BES-VM-41 Agent 1 (Application Event Log on BES-VM-41) | 06/24/2009 22:18:15 (AFFF5015) -> {jsmith@example.com} MsgMemStateDb::AddMessageState - EntryId is invalid [30000] (06/24 22:18:18.843):{0xBF4} [Alarm::ActivateAlarm] Queuing alarm: | BlackBerry Messaging Agent BES-VM-41 Agent 1 (Application Event Log on BES-VM-41) | 06/24/2009 22:18:16 (AFFF5015) -> {jsmith@example.
Google Apps Connector for BlackBerry Enterprise Server Installation and Administration Guide
Appendix A Custom GAL Files Appendix A About GAL Files The GAL generator provided with the Google Apps Connector will create a static Global Address List device and email addresses, using the Google Provisioning API. You can build a custom GAL file to include other extended information: name, company, department, title, address, phone number, and email address. This chapter includes details on how to do this, as well as sample files.
Available fields for the GAL include: displayname, givenname, surname, company, department, title, address (work and home), phone (work, home, mobile and other), email, syncid and deleted. XML Field Description type Always set to profile. Example: displayname Full name of contact, to display in GAL. Example: Joe User givenname Personal given name of contact.
XML Field Description email Contact’s email address. Example: juser@example.com deleted Set to true to remove contact, false otherwise. Example: false Custom GAL Considerations: • The value must be a unique value for each user. • To remove a user from the GAL, do not remove the XML file entry.
false 86 Google Apps Connector for BlackBerry Enterprise Server Installation and Administration Guide
