Google Apps Connector for BlackBerry Enterprise Server Installation and Administration Guide February 2011 - Version 3.
Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043 www.google.com March 4, 2011 © Copyright 2011 Google Inc. All rights reserved. Google, the Google logo, Google Apps, Google Apps Email, Google Docs, Google Calendar, Google Sites, Google Video, Google Talk, Gmail, Google Message Filtering, Google Message Security, Google Message Discovery, Postini, the Postini logo are trademarks, registered trademarks, or service marks of Google Inc.
Contents Chapter 1: About This Guide.............................................................................. 5 What This Guide Contains .................................................................................... 5 Related Documentation......................................................................................... 5 How to Send Comments About This Guide........................................................... 6 Chapter 2: Introduction...............................................
Download All Components.................................................................................. 31 Configure Google Apps Domain ......................................................................... 31 Install Google Apps Connector ........................................................................... 34 Install BlackBerry Enterprise Server Application ................................................. 36 Chapter 6: Installation for BlackBerry Enterprise Server 4.1........................
Chapter 1 About This Guide Chapter 1 What This Guide Contains The Google Apps Connector for BlackBerry Enterprise Server Administration Guide provides information about: • Features of the Google Apps Connector for BlackBerry Enterprise Server. • Architecture of the Google Apps Connector and related components. • Steps for installing the Google Apps Connector on a server. • Activating users. • Troubleshooting the Google Apps Connector.
Document Description Google Apps Deployment for Enterprise The resources here can help IT administrators and other deployment project team members manage the entire deployment process, including planning a pilot, communicating the switch to Google Apps to your organization, migrating legacy data, and training your users. User Setup Guide for Google Apps Connector for BlackBerry Enterprise Server A user guide that describes to end users how to activate and use the Google Apps Connector.
Chapter 2 Introduction Chapter 2 About Google Apps Connector for BlackBerry Enterprise Server Google Apps Connector for BlackBerry Enterprise Server synchronizes email, calendar events, and contacts between Google Apps and BlackBerry devices using a local installation of BlackBerry Enterprise Server. If you are using a Google Apps account for email, calendar and contacts, use the Connector to synchronize with BlackBerry devices and take advantage of the rich features of the BlackBerry Enterprise Server.
Features and Benefits Google Apps Connector for BlackBerry Enterprise Server offers the following features and benefits: • Push Email: Push email between the BlackBerry device and Google Apps, using native BlackBerry applications. • Less than 60 seconds latency for email synchronization. • Sent Mail Sync: Sent Mail messages are automatically redirected to the BlackBerry device by default. • Label/Folder Sync: Synchronize Gmail labels as BlackBerry mail folders.
Considerations Note that the current version of the Google Apps Connector for BlackBerry Enterprise Server has the following limitations: • 24 Hour GAL Updates: New users can take up to 24 hours before they are visible in the Global Access List (GAL). This cannot be manually accelerated. • Calendar Sync: Only events in your primary user calendar are synced. Multiple calendars are not supported. • Contacts Sync: Only contacts within the “My Contacts” label within GMail are synced.
and Backup software. These files are cache files and do not need to be backed up. • Windows Search conflicts: Windows Search attempts to open and index data files, which causes data corruption. Other Options for Accessing Your Google Apps Information from a BlackBerry In addition to the Google Apps Connector for BlackBerry Enterprise Server, Google offers Gmail for Mobile and Google Sync for BlackBerry to enable access to email, calendar and contacts from a BlackBerry phone.
Note: If you are using Google Sync for BlackBerry along with the Google Apps Connector, disable Contact Sync and Calendar Sync on one of the systems. Otherwise, you will see duplicate data. Comparison Chart Compare these solutions in the chart below.
Feature Google Apps Connector for BlackBerry Enterprise Server BlackBerry email through IMAP Calendar Synchronization Yes. Two-way calendar synchronization. Push notification of events that are received via a Calendar invitation e-mail. Calendar items without an invitation are updated every 10 minutes. Google Sync provides calendar synchronization, with updates every 2 hours. No; can use Google Sync. Contacts Synchronization Full two-way contact synchronization every 5 minutes.
Support If you need help with Google Apps Connector for BlackBerry Enterprise Server, you can use the following resources. Documentation and Support For documentation, support information and help center articles, see the Google Apps Connector for BlackBerry Enterprise Server page in Google Apps Admin Help: http://www.google.com/support/a/bin/answer.
Google Apps Connector for BlackBerry Enterprise Server Installation and Administration Guide
Chapter 3 Architecture Chapter 3 Components The Google Apps Connector for BlackBerry Enterprise Server synchronizes data between Google Apps and a BlackBerry Enterprise Server.
1. Google Apps to the Google Apps Connector The Google Apps Connector synchronizes mail, calendars, and contacts through the Internet to Google Apps. 2. Google Apps Connector to BlackBerry Enterprise Server The BlackBerry Enterprise Server reads data from the Google Apps Connector provider for any changes that should be sent to BlackBerry users. The component also writes any changes to the Connector provider.
Note: During initial activation, the BlackBerry Enterprise Server will only sync the last 5 days of mail, or 200 messages to a BlackBerry device, even though more messages may be contained in the cache. This is a result of BlackBerry Enterprise Server behavior and cannot be changed. Keeping a local cache of the data makes the availability of the server transparent to the BlackBerry Enterprise Server.
Google Apps Connector for BlackBerry Enterprise Server Installation and Administration Guide
Chapter 4 Preparation and Planning Chapter 4 About Preparation For a successful implementation of Google Apps Connector for BlackBerry Enterprise Server, prepare and plan for your installation.
Note: BlackBerry Enterprise Server 5.0 is designed to be tightly integrated with Microsoft Active Directory. If you are installing Google Apps Connector with BlackBerry Enterprise Server 5.0.2, be sure that the server that will host BlackBerry Enterprise Server is joined to a Microsoft Windows Domain, and the local administration user that is used is a domain account.
If your average CPU utilization is approaching 40%, or Committed Memory is approaching 75%, add additional BlackBerry Enterprise Servers or upgrade your system to meet the listed server requirements. BlackBerry Enterprise Server: Up to 500 users The Google Apps Connector for BlackBerry Enterprise Server requires the following if you plan to support more than 250 users (up to 500 users) on a BlackBerry Enterprise server: • A dedicated server. Do not use a server that is being used for other services.
During Installation Network Requirements Run Google Apps Connector from a server on your network. Your network will need: • Ability for the BlackBerry Enterprise Server to initiate an outbound TCP/IP connection to BlackBerry’s server on port 3101. • Ability to make outbound Internet connections to Google on https port 443. By default, the Google Apps Connector uses the proxy settings in the Internet Options control panel applet.
Important: Create a separate user for this setup. Do not use an existing user or an admin account. You can use any Google Apps user as long as you don’t expect to provision that user on your BlackBerry Enterprise Server. All outgoing administrator messages will come from this user. • Enable Two-legged OAuth. • Enable Google Apps Provisioning API. • Enable the Google Apps Sync email service setting. These steps are described in “Configure Google Apps Domain” on page 31.
Multiple Domains If you are using Google Apps with multiple domains, you will need some extra setup. 1. Choose one Google Apps domain as your primary domain for running the Google Apps Connector. Enable the OAuth consumer key for this domain, as you would for a standard installation. Use the OAuth key and secret from the primary domain. 2. For every Google Apps domain that the Connector will access, including the primary domain, take the following steps: a.
Add string values under this key. Foreach string value: • Set the value name to a real valid user email in the company. • Set the value data (optional) to the specific company name that will show up from GAL lookup. You can set as many mappings as you need. Configure Domain For OAuth To host multiple domains Google Apps domains with BlackBerry Enterprise Server using the Google Apps Connector, create an Oauth key and configure it to give each hosted domain the correct permissions.
Migration If you are migrating from an existing BlackBerry server, review the following migration considerations. Using a SQL Server while migrating from Lotus Notes If you are using a remote SQL Server database that was previously used with a setup for BlackBerry Enterprise Server for Lotus Notes, you will need to clear some data from your SQL Server database. For more information, see article KB15788 in the BlackBerry Technical Solution Center.
Mixed mode BlackBerry Enterprise Server Environment Considerations In a mixed mode that contains both BlackBerry Enterprise Server 4.1.7 servers and 5.0.2 servers that share the same configuration database, take special consideration to administrative tasks. In a mixed environment, perform all administration tasks should be performed using the BlackBerry Enterprise Server 5.0 BAS web interface. This includes administration tasks on the 4.1.x servers.
Google Apps Connector for BlackBerry Enterprise Server Installation and Administration Guide
Chapter 5 Installation for BlackBerry Enterprise Server 5.0 Chapter 5 About Installation for BlackBerry Enterprise Server 5.0 These installation steps apply to BlackBerry Enterprise Server version 5.0.2. For BlackBerry Enterprise Server 4.1.7 MR 3, please see “Installation for BlackBerry Enterprise Server 4.1” on page 41. Install the Google Apps Connector for BlackBerry Enterprise Server on a dedicated machine in your network.
Extent of Integration with Active Directory During the BlackBerry Enterprise Server 5.0 installation, BlackBerry Enterprise Server prompts you to provide credentials for a user in Active Directory. These credentials must authenticate properly. However, once authenticated, you can determine the visibility that this user has into Active Directory. This will impact some BlackBerry Enterprise Server features.
The Google Apps Connector will work with BAS installed on the same server as BlackBerry Enterprise Server, or with a different server. If you are concerned with performance or capacity, you may wish to consider installing BAS on a separate server. If capacity is not an issue, or you do not expect to use many resources (for instance, during a pilot program), you may wish to install BAS on the same server as BlackBerry Enterprise Server.
The Provisioning API is a feature in Google Apps. The Provisioning API allows other programs such as the Google Apps Connector to read Google Apps account data. OAuth is an open protocol to allow secure API authorization in a simple and standard method from desktop and web applications. The protocol is described at the OAuth website at http:// oauth.net. The user account created in your Google Apps domain is used by the Google Apps Connector and BlackBerry Enterprise Server.
These are the URLs for Email access, Calendar access, Contacts access, Read-only User Provisioning API and Read-only and Calendar Provisioning, respectively. Enter the URLs as a comma-delimited list. 16. Click Authorize. OAuth is now available. 17. Note the OAuth consumer key and OAuth consumer secret. You will need this information during Google Apps Connector configuration. 18. Click User and groups. 19. Click Create a new user to create the BlackBerry Enterprise Server Google Apps user account.
Install Google Apps Connector While installing the connector, use a Windows domain user with local administrative privileges to the server. Do not use the built-in Administrator account on the machine you’ll be installing. Set up server 1. Install Windows Server 2003 or Windows Server 2008, and all applicable service packs and Windows updates. Both 32-bit and 64-bit versions are supported. Note: Be sure to use a clean installation of Windows Server that is not used for any other purpose. 2.
4. From the Start Menu, run Google Apps Connector -> Google Apps Connector Manager. You will see the Google Apps Connector for BlackBerry Enterprises Server Console. 5. Click File Locations and make any changes required. 6. Click Save, then Yes and OK if needed, to return to the main screen. 7. Click Profiles. 8. Enter the Service Email Account you created in Google Apps. 9. Enter your Google Apps Domain OAuth Consumer Key. 10. Enter your Google Apps Domain OAuth Consumer Secret.
11. Click Create Profiles. Note: If Two-legged OAuth is not already enabled, it may take 15 minutes to 24 hours before the OAuth feature takes effect after OAuth is enabled. WARNING: Never delete the BlackBerryServer or BlackBerryManager mail profiles in the Mail Control Panel applet. If you do so, you will need to completely reconfigure the Google Apps Connector, wipe all user devices, and reactivate all users. 12. Click Yes, then click OK on the Success dialog. 13. Reboot the server.
The setup application cannot find the required MAPI libraries installed on this computer. For information about the MAPI libraries that the BlackBerry Enterprise Server requires, see the documentation for the BlackBerry Enterprise Server. If you see this message, click Ignore and continue with installation. This will not affect your installation or performance.
Active Directory Authentication Setup BlackBerry Enterprise Server 5.0 that allows individual BlackBerry Enterprise Server users to log into BAS to perform various administrative processes on their own account. (Historically, BlackBerry Enterprise Server users would have to contact the BlackBerry Enterprise Server administrator to perform these actions.) When a user tries to authenticate against BAS, BAS requires user credentials.
Option Two: BAS Credentials If Active Directory authentication is not something that is important or the prerequisites to support this method of authentication are not desirable, each user can be modified to allow for BAS authentication. In this scenario, each user must be modified in BAS to add the BAS authentication modules. Once that module is added to the user, a user name and password pair must be assigned to the user. Installation for BlackBerry Enterprise Server 5.
Google Apps Connector for BlackBerry Enterprise Server Installation and Administration Guide
Chapter 6 Installation for BlackBerry Enterprise Server 4.1 Chapter 6 About Installation for BlackBerry Enterprise Server 4.1 These installation steps apply to BlackBerry Enterprise Server version 4.1.7 MR 3. For BlackBerry Enterprise Server 5.0.2, please see “Installation for BlackBerry Enterprise Server 5.0” on page 29. Install the Google Apps Connector for BlackBerry Enterprise Server on a dedicated machine in your network.
Download All Components Installing Google Apps Connector requires a number of software packages, service updates, and patches. Before you begin installation, identify and download all the components that you will need so that the rest of installation goes through more quickly. You will need to download and install the following: During the installation steps described in this book, you will install the following: • BlackBerry Enterprise Server for Microsoft Exchange(R) 4.1.7 with Maintenance Release 3.
OAuth is an open protocol to allow secure API authorization in a simple and standard method from desktop and web applications. The protocol is described at the OAuth website at http:// oauth.net. The user account created in your Google Apps domain is used by the Google Apps Connector and BlackBerry Enterprise Server. BlackBerry Enterprise Server will use this account to send e-mails based on the different admin functions available in the BlackBerry Manager application.
These are the URLs for Email access, Calendar access, Contacts access, Read-only User Provisioning API and Read-only and Calendar Provisioning, respectively. Enter the URLs as a comma-delimited list. 15. Click Authorize. OAuth is now available. 16. Note the OAuth consumer key and OAuth consumer secret. You will need this information during Google Apps Connector configuration. 17. Click User and groups. 18. Click Create a new user to create the BlackBerry Enterprise Server Google Apps user account.
Install Google Apps Connector Before you install Google Apps Connector for BlackBerry Enterprise Server, you will create an administrative account and install necessary components. Create Administration Account Before you install the BlackBerry Enterprise Server application, you’ll need a local administrator for installation.
Install Microsoft Outlook 2007 and Service Pack 2 on the machine where you will run the Connector. a. Install Microsoft Outlook 2007 from your standard CD or volume license. b. Download Service Pack 2 here: http://www.microsoft.com/downloads/details.aspx?FamilyID=b444bf18-79ea46c6-8a81-9db49b4ab6e5&displaylang=en Install Time Zone Hotfix Google Apps Connector for BlackBerry Enterprise Server requires the most up-to-date time zone hotfix for Microsoft Windows(R).
4. From the Start Menu, run Google Apps Connector -> Google Apps Connector Manager. You will see the Google Apps Connector for BlackBerry Enterprises Server Console. 5. Click File Locations and make any changes required. 6. Click Save, then Yes and OK if needed, to return to the main screen. 7. Click Profiles. 8. Enter the Service Email Account you created in Google Apps. 9. Enter your Google Apps Domain OAuth Consumer Key. Installation for BlackBerry Enterprise Server 4.
10. Enter your Google Apps Domain OAuth Consumer Secret. 11. Click Create Profiles. Note: If Two-legged OAuth is not already enabled, it may take 15 minutes to 24 hours before the OAuth feature takes effect after OAuth is enabled. WARNING: Never delete the BlackBerryServer or BlackBerryManager mail profiles in the Mail Control Panel applet. If you do so, you will need to completely reconfigure the Google Apps Connector, wipe all user devices, and reactivate all users. 12.
Chapter 7 Users Chapter 7 Scale of Users The Google Apps Connector for BlackBerry Enterprise Server is designed to support up to 500 users per server. If you need to add more than this number of users, you will need to install additional servers. The exact number of users you can support depends on your server hardware and operating system. For more information, see “Server Requirements” on page 19. Labels/Folders Google Apps allows users to tag mail using labels instead of folders.
For documentation for your users, see the Google Apps Connector for BlackBerry Enterprise Server User Guide. To create a BlackBerry Enterprise Server User in 4.1.7: 1. From the Start menu, launch BlackBerry Enterprise Server -> BlackBerry Manager. 2. Click on your server. 3. In the right pane, click the Users tab. 4. In the bottom right tasks area, click Add Users. 5. Double-click on the users you want to add to BlackBerry Enterprise Server and click OK. The users will be added to the Users list. 6.
Note: Activate the device soon after the activation message is created. If you do not activate within the specified time limit, your activation will expire. The default time limit is 48 hours. To delete Google Sync from the BlackBerry device (if needed) 1. On your BlackBerry device home screen press the menu button to display all applications. 2. Open the Options application. 3. Select Advanced Options entry. 4. Select the Applications entry.
2. Open the Options application. 3. Select Activation Options. 4. Select Enterprise Activation. 5. Enter the primary e-mail address associated with your Google Apps account. 6. Enter the BlackBerry activation password you were provided by your BlackBerry administrator. This is a separate password from your Google Apps password. 7. Press the menu button and select Activate. 8. If your radio is off you will be prompted to enable the radio, select Turn Radio On.
Chapter 8 Troubleshooting Chapter 8 About Troubleshooting This chapter details common problems and troubleshooting methods for Google Apps Connector for BlackBerry Enterprise Servers. If your users are experiencing a problem with their BlackBerry connection to Google Apps, use this chapter to help with troubleshooting. In most cases, there is a solution that will resolve standard problems.
To investigate issues using the MFCMAPI utility: 1. Connect to your Google Apps Connector server with a remote desktop console session with the command line flag: • mstsc /console (for Windows XP SP2) • mstsc /admin (for XP SP3/Vista/Windows 7) 2. Launch MFCMAPI. 3. Open the BlackBerryServer profile. 4. Browse through user account details to troubleshoot what is happening. Note: The MFCMAPI utility is a third-party utility designed for troubleshooting.
AppsConnector.MSI fails during installation The MSI installation will fail if the software prerequisites have not been meet. Typically you should receive an error dialog explaining the reason for the installation failure. If the software prerequisites have been met, check the installation log files. See for more information.
If no e-mail is being received, then the device most likely is not enabled in the BlackBerry Enterprise Server Data service. If the device was not previously connected to a BlackBerry Enterprise Server system before this is the most likely cause of the problem. Contact BlackBerry to set up a BlackBerry Enterprise Server data plan assigned to the device. Make sure you have set an activation password for the account in BlackBerry Enterprise Manager.
The user's cache file is not being created after adding the user to BlackBerry Enterprise Server. This most often occurs when a BlackBerry administrator force-purges a user from BlackBerry Enterprise Manager. When a user is purged, the Google Apps Connector does not get notification of these event. When the user is then re-added to the system, some Google Apps Connector still retains the old configuration for the user and does not create a new cache for the account.
For more information on how to upgrade the device OS, see article KB03621 in the BlackBerry Technical Solution Center. Devices If your users report problems with using their BlackBerry device with the Google Apps Connector, check the following list of common problems and solutions. A user is seeing duplicate contacts on their device. If a user gets duplicate contacts, check to see if the user has Google Sync installed on the BlackBerry device as well as Google Apps Connector.
You can enable “Hide Filed Messages” to change your Inbox display. With this setting on, messages in other folders will disappear from the Inbox after the message is read. Changes in Google Apps don’t appear on the BlackBerry device, or vice versa The Connector does not synchronize all data immediately. Email messages normally send within about a minute. Other types of data can take longer to synchronize. Check the BlackBerry device after an hour to see if data has synchronized.
To send a confirmation email, send the user a test message with “” in the subject. The device will automatically reply once the device receives the message. This will allow you to test connectivity, and act as a test for how quickly the device can receive and reply to a message. For more information, see the BlackBerry knowledge base article KB01056.
Multiple Agents If you are seeing consistent performance problems, you may be able to improve performance by enabling multiple Agent processes.
Log Files There are two sets of logs that are important for the Google Apps Connector: the tracing logs for the Google Apps Connector and the Research In Motion BlackBerry Enterprise Server software logs. The BlackBerryAgent process contains the core trace logs for the Google Apps Connector. If you are gathering logs to escalate a case to Google support, please provide all the Google Apps Sync logs as well as BlackBerry Server logs for the date when the problem occurred.
Log Description Outlook MFCMAPI Folder for Microsoft Outlook. Folder for MFC MAPI (if you are using MFC MAPI). BlackBerry Enterprise Server Logs BlackBerry Enterprise Server logs are stored by date. By default, BlackBerry Enterprise Server logs are found in the BlackBerry log directory for the day.
Log Description MAGT BlackBerry Agent log. If you are using multiple agents, you will see multiple logs, each with a different value for [AGENT]. A user's mailbox is assigned to a specific agent, usually between 1 and 5. To review the logs for a specific user, first determine the user’s Agent ID via the BlackBerry Manager tool. Once you know the Agent ID, find the corresponding log that contains the details regarding this user.
X-Google-Backends: /bns/wa/borg/wa-airbus/bns/gmail/v.caribou-server/ 128:9802,wafw4:9411,/bns/wa/ccc/caribou/prod/layer2-gfe/26,pxd25:443 X-Google-Service: gmail,gmproxy 2009-06-24T21:57:50.968-07:00 550 E:Network gsync32!OAuthLogin::TryAuthorizeRequest @ 280 (dSmith@example.com)> Authentication error: url=https://mail.google.com/a/example.com/r/ ?view=config, user=JSmith%40example.com If this error occurs, troubleshoot your Oauth settings: 1. Verify the OAuth consumer key is correct in the logs. 2.
2009-06-23T13:57:00.405-07:00 12ac E:Sync gsync32!GLookSyncHelper::DownloadCalendarSyncIssue @ 831 (jsmith@example.com)> Translating from GCal to Outlook failed with 0x80070057. GCal event is: AtomId: http://www.google.com/calendar/feeds/jsmith%40example.
Log Events You Can Ignore The following log events or errors represent normal functionality. You can ignore these errors in the log files. Common Application Event Logs These common BlackBerry events from the Application log entries are safe to ignore.
Date: 6/24/2009 Time: 10:59:25 PM User: N/A Computer: %BESSERVER% Description: {jsmith@example.
[30000] (06/24 22:12:56.843):{0xBF4} [Alarm::ActivateAlarm] Queuing alarm: | BlackBerry Messaging Agent BES-VM-41 Agent 1 (Application Event Log on BES-VM-41) | 06/24/2009 22:12:51 (AFFF509E) -> GetFreeBusyFolder HrOpenExchangePublicStore (0x800b0001) [30000] (06/24 22:12:56.
[30000] (06/24 22:18:18.843):{0xBF4} [Alarm::ActivateAlarm] Queuing alarm: | BlackBerry Messaging Agent BES-VM-41 Agent 1 (Application Event Log on BES-VM-41) | 06/24/2009 22:18:15 (AFFF5015) -> {jsmith@example.com} MsgMemStateDb::AddMessageState - EntryId is invalid [30000] (06/24 22:18:18.843):{0xBF4} [Alarm::ActivateAlarm] Queuing alarm: | BlackBerry Messaging Agent BES-VM-41 Agent 1 (Application Event Log on BES-VM-41) | 06/24/2009 22:18:16 (AFFF5015) -> {jsmith@example.
