How to Integrate Lync 2010 with Blackberry 5.0 SP3

Lync 2010 BES 5.0 SP3 Integration Guide

Now that RIM has released Service Pack 3 for the Blackberry Enterprise Server (BES) 5 we can now have Lync connectivity on our Blackberries. Let me tell you it works well. It took awhile to get it functioning properly but it was worth it. So if you don’t already have the Service Pack, go hereand get it.Lync integration with the BES requires the the UCAPI 2.0 (package 1, package 2) SQL Native Client, and OCS Core components (Available in OCS 2007 R2 Setup package in i386, do not install Lync 2010 core component which will not work) to be installed. That’s right RIM uses the OCS 2007 R2 components to accomplish the connectivity. If you ask me, this is very smart since the Lync has backward compatibility for OCS 2007 R2 components. This is a two for one deal for RIM. They can support OCS 2007 R2 and Lync using same interfaces.

Once you have the prerequisite packages installed (the installer will tell you it needs them) you can then make a decision on which provisioning method you wish to use. There are two methods and they are described in detail here. I choose to use the automatic method which worked perfectly.

Now go ahead and install the BES or upgrade it. This is out of the scope of this blog; follow the RIM documentation on how to do this.

Next, you’ll have to generate a certificate for the BES. More information can be found in RIM’s knowledge base. Here is the article you’ll want to review. Now you’re probably thinking great. I know what I need in the certificate but how do I create the request? I have a standalone CA in my environment it was quite simple once you know the syntax to use in the certificate request inf file. Here is a sample certificate request inf file for the BES.

Signature=”$Windows NT$”

Subject = “” 
Exportable = TRUE
KeyLength = 1024  
KeySpec = 1
KeyUsage = 0xA0
MachineKeySet = True
ProviderName = “Microsoft RSA SChannel Cryptographic Provider”
ProviderType = 12
RequestType = CMC



A few notes on the above inf file:

  1. Subject must be set to the FQDN of the Lync pool that you will be connecting to in the same format as above.
  2. Setting Exportable to TRUE allows you to export and transport the certificate with the private key to another server later if required or to export it and back it up. Set it to FALSE to disallow this.
  3. SAN must contain the FQDNs of the servers hosting the Lync pool and of the BES server that is providing the Collaboration service. The format must be the same as above.
  4. The sample file is for a standalone or external Certificate Authority. If you are using an Enterprise CA or need more information in general, take a look at this Microsoft knowledge base article. 
Once you have your inf file ready and are ready to submit the request to your CA run the following command the server hosting your BES:
certreq -new “path to your inf file” “path to the request file to generate” If you are running this on a 2008 or 2008 R2 server you will need to run this as an administrator. This should now generate the request file. You can then send that to your CA to have a certificate issued. 
Once you get the certificate back from your CA. You can install it. The easiest way to do this is to open up the MMC and add in the Certificates snap-in, select “Computer account”  and point it the “Local Computer” or another computer so long as it is the server hosting the BES. Now, open Personal, right click and select “All Tasks” and then “Import…” and follow the wizard through and be sure to select the file your CA gave you when prompted. Once the certificate has been imported, click on Certificates under Personal and then right click on the certificate you just imported and hit properties. Now, enter in OCSConnector as the “Friendly Name”. Click OK and you’re done with the certificate set up. The friendly name is essential, the BES seems to look for this so it knows which certificate to use.

Now here is where things went awry for me. I could log into Lync with the Enterprise IM client on my Blackberry and I could send messages but could I receive them or updated presence information? The answer was a resounding no. People that tried to send me messages got a 504 error reported to them in their Lync clients. To begin troubleshooting this, after covering all the basics, I fired up the Lync Logger and logged everything for SIP Stack. The SIP Stack log quickly showed there was a problem communicating with the BES Collaboration Service. The error I was seeing in the Log Analyzer was SIPPROXY_E_CONNECTION_FAILED.

Then I remembered, OCS 2007 R2 has problems running on Server 2008 R2! Our brand new BES was running on Server 2008 R2 no less. I quickly searched my bookmarks for all those KB articles I had saved knowing I would need them again one day. The first one that everyone should review is the OCS 2007 R2 on Server 2008 R2 Supportability document. In there it makes reference to requiring a hot fix for Windows. This is not required if you’re running Server 2008 R2 with Service Pack 1 on your BES server. Next, you need to update the OCS 2007 R2 components on the server. I suggest using the ServerUpdateInstaller package which can be found here. It will automatically detect which updates you need, download them and install them.

After all this, Lync/Enterprise IM on the Blackberry connectivity worked flawlessly. One last thing, if you need the Enterprise IM client for your Blackberry, grab it from RIM here. Enjoy your brand new Lync connectivity!

BlackBerry BES Agents & Single Exchange Server lookup if mailbox gets moved from DB1 to DB2 within Same Exchange Server….. What caused BB handheld to

Moving Exchange users within the same Exchange server from DB to another DB will break handheld device and you will end up removing the user from BB server and adding it back again to get it working.

The reason why BB will end up not working is related the way how BES does scan to Exchange server. BES uses DN ( distinguish name of the Exchange server ) to scan mailboxes, hence moving users within same exchange server will end up causing BB agents to hose up and not working. ( DN is the same, BB agents will end up mapping to MB which they think the user is located on even you move the MB for same user to another DB within same exchange server.

It basically isn’t smart enough to identify new DB location for the same user, due to LDAP lookup starts with DN of the Exchange server which is not changing and stops there………..

So do we have to assign the static agent for the BB users before we move them within the same exchange server or afterwards? Here Jeff Bakin comes to rescue (-:

  • Got to put users on a static agent after you move their mailboxes
  • When you assign a static agent, it tells BES to do a MAPI rescan of the user, and thus finding the user in the new storage group. If you static agent the user before you move the MB, then the static agent will do the MAPI rescan, find the same mailbox location, then mailbox will get moved, and BES will break anyway.

To assign BlackBerry device users to a static mailbox agent, complete the following steps:

  1. In BlackBerry Manager, select a BlackBerry device user to be assigned to a static agent.
  2. Click Edit Properties.
  3. In the Properties screen, select Advanced.
  4. Set Enable Static Mailbox Agent to true.
  5. Set Mailbox Agent ID to a value between 200-399.

Of course if you are moving users within two different Exchange servers you don’t have to worry about this (-:

Exchange 2010 and BES Support

I just found out couple minutes ago fallowing article showing the BES and Exchange 2010 support , click here to read more,,,,,

BlackBerry® Enterprise Server v5.0 with Service Pack 1 and Maintenance Release 1 is now fully certified with Microsoft® Exchange 2010 and BlackBerry® Technical Support Services are readily available……

All existing BlackBerry Enterprise Server customers running v5.0 are eligible for this maintenance release at no cost……

Difference between BIS and BES

BIS – (For individuals and small businesses)

The BlackBerry Internet Solution provides a wireless solution tailored to meet the needs of individual users and small and medium-sized businesses (SMB). The BlackBerry Internet Service, a component of the BlackBerry Internet Solution, allows wireless connectivity to Internet-based email and other applications. The architecture for BlackBerry Internet Service,
including Internet browsing functionality, is shown in the diagram below: BlackBerry Internet Service leverages centrally hosted wireless gateways, allowing users to access up to 10 supported email accounts and Internet browsing functionality* without the need to install and manage a BlackBerry Enterprise Server.


The BlackBerry Enterprise Solution allows the wireless extension of corporate email and applications with the BlackBerry Enterprise Server™, an important component of the solution, and would be managed by the organisations own internal I.T. department. The typical architecture of the BlackBerry Enterprise Solution is shown in the diagram below: The BlackBerry Enterprise Server is installed and managed behind the corporate firewall and includes integrated support for extending corporate messaging solutions, including Microsoft Exchange, IBM Lotus Domino and Novell GroupWise. The BlackBerry Enterprise Server also acts as a wireless gateway allowing the BlackBerry Browser and custom applications on the BlackBerry device to connect to corporate applications and web servers, as well as to Internet-based web servers.