BlackBerry UEM Preinstallation And Preupgrade Tasks User Guide

BlackBerry UEM Preinstallation And Preupgrade Tasks

Product Information

Specifications:

• Version: 12.19
• Release Date: 2023-10-16Z

Product Usage Instructions:

Preinstallation and pre-upgrade tasks
Before installing or upgrading the BlackBerry UEM software, there are some tasks that need to be completed:

• Configure permissions for the service account
• Set an environment variable for the Java location
• Configuring connections for the BlackBerry UEM database

Steps to install BlackBerry UEM
To install BlackBerry UEM, follow these steps:

1. Applications that are installed with BlackBerry UEM
2. Supported upgrade environments
3. Installing or upgrading the BlackBerry UEM software
4. deployer.properties file
5. Installing BlackBerry UEM in a DMZ

Post-upgrade checklist
After upgrading BlackBerry UEM, follow this checklist:

• Creating server groups and installing BlackBerry Connectivity Node instances
• Create a server group

Logging in to BlackBerry UEM for the first time
To log in to BlackBerry UEM for the first time, follow these steps:

• Log in to BlackBerry UEM for the first time

Removing the BlackBerry UEM software
If you need to remove the BlackBerry UEM software, follow these steps:

• Remove the BlackBerry UEM software
• Remove a BlackBerry UEM instance from the database

Rebuilding a BlackBerry UEM server instance
If you need to rebuild a BlackBerry UEM server instance, follow these steps:

• Removing the BlackBerry Connectivity Node software
• Remove the BlackBerry Connectivity Node software
• Remove a BlackBerry Connectivity Node instance from the database
• Rebuilding a BlackBerry Connectivity Node instance

Troubleshooting BlackBerry UEM installation or upgrade
If you encounter any issues during the installation or upgrade process, refer to the troubleshooting section for assistance.

Additional Information
For more information about BlackBerry UEM, refer to the additional information section of the user manual.

FAQ:

• Q: What are the preinstallation tasks for BlackBerry UEM?
  A: The preinstallation tasks for BlackBerry UEM include configuring permissions for the service account, setting an environment variable for the Java location, and configuring connections for the BlackBerry UEM database.

• Q: How do I install BlackBerry UEM?
  A: To install BlackBerry UEM, follow the steps provided in the user manual, which include installing or upgrading the software, configuring necessary files, and setting up server groups and connectivity nodes.

• Q: How do I log in to BlackBerry UEM for the first time?
  A: To log in to BlackBerry UEM for the first time, use the provided login credentials and follow the instructions in the user manual.

• Q: How do I remove BlackBerry UEM from my system?
  A: To remove BlackBerry UEM, follow the steps outlined in the user manual, which include removing the software and associated instances from the database.

• Q: What should I do if I encounter issues during installation or upgrade?
  A: If you encounter any issues during the installation or upgrade process, refer to the troubleshooting section of the user manual for guidance and assistance.

Preinstallation and pre-upgrade tasks

Complete the following tasks, if required, before you install or upgrade to BlackBerry UEM.

Review the Planning Guide.| Yes| Yes
Log into myAccount and download the BlackBerry UEM software under Product Resources > Server Software Download.| Yes| Yes
Configure permissions for the service account| Yes| Yes
Set an environment variable to point to the Java location on each server where you will install UEM.| Yes| Yes
Configure connections for the UEM database| Yes| Yes
Back up the databases| No| Optional
Create or upgrade a UEM database using CreateDB| Optional| Optional
Perform a test upgrade of the UEM database| No| Optional
Activate all BlackBerry Connectivity Nodes| No| Yes
Using the BlackBerry UEM Readiness Tool| Optional| Optional

Note:

• Ensure that you perform a new extraction of the BlackBerry UEM software on every server that you are installing or upgrading BlackBerry UEM on. Do not copy already extracted BlackBerry UEM software from another server.
• When you extract the setup files, ensure that they are not saved to the BlackBerry UEM software installation directory (the default location is C:\Program Files\BlackBerry\UEM). During an upgrade, the setup application removes the contents of the BlackBerry UEM software directory, including its own installation files.
• It is a best practice to take a snapshot of the virtual machines before you upgrade.
• It is a best practice to take a manual backup of the BlackBerry UEM database before you upgrade in case the account that you use for database authentication does not have enough permissions to perform a database backup.
• Consider running the installation or upgrade in unattended mode. For more information, see Install or upgrade BlackBerry UEM using the command prompt window.
• When you run the setup application, use only standard characters to specify values. Unicode characters are not supported.

Configure permissions for the service account
A service account is a Windows account that runs the services for BlackBerry UEM. The service account must be a member of the local Administrators group with default policy settings on the computer that you install BlackBerry UEM on, and must have the Log on as a service permission. The Windows service account must also have permission to access the Microsoft SQL Server unless you are using direct SQL Server authentication.  If your organization’s environment includes another EMM solution from BlackBerry, you can use the same service account to install BlackBerry UEM. Otherwise, create a service account in your company directory or a local Windows account on the computer that you want to install BlackBerry UEM on.
Note : If you use Microsoft SQL Server authentication to connect to the BlackBerry UEM database, the BlackBerry UEM services run under the Local System account.

1. On the taskbar, click Start > Administrative Tools > Computer Management.
2. In the left pane, expand Local Users and Groups.
3. Navigate to the Groups folder.
4. In the right pane, double-click Administrators.
5. Click Add.
6. In the Enter the object names to select field, type the name of the service account (for example, BESAdmin).
7. Click OK.
8. Click Apply.
9. Click OK.
10. On the taskbar, click Start > Administrative Tools > Local Security Policy.
11. In the left pane, expand Local policies.
12. Click User Rights Assignment
13. Configure Log on as a service permission for the service account.

Set an environment variable for the Java location

• BlackBerry UEM requires you to install a JRE 17 implementation on the servers where you will install UEM, and that you have an environment variable that points to the Java home location. For more information about supported JRE versions, see the Compatibility matrix.
• When you begin the installation, UEM verifies that it can find Java. If UEM can’t find Java, the setup application will stop on the requirements panel and you must set an environment variable for the Java location and ensure that the Java bin folder is included in the Path system variable. Note that you must close down the installer at this time and restart it only after the environment variable has been created or updated.
• Visit support.blackberry.com to read article 52117.

Before you begin:

• Ensure that you have installed JRE 17 on the server where you will be installing UEM.
• If you have deployed any discrete plug-ins, such as the BlackBerry Workspaces plug-in for UEM, we recommend that you upgrade the plug-in to the latest version before you upgrade your instance of UEM; otherwise, the plug-in functionality will fail until it is upgraded.

1. Open the Windows Advanced system settings dialog box.
2. Click Environment Variables.
3. Under the System variables list, click New.
4. In the Variable name field, type BB_JAVA_HOME.
5. In the Variable Value field, type the path to the JRE (Java Runtime Environment) folder and click OK.
6. In the System variables list, select Path and click Edit.
7. If the Path doesn’t include the Java bin folder, click New and add %BB_JAVA_HOME%\bin to the Path.
8. Move the %BB_JAVA_HOME%\bin entry high enough in the list that it won’t be superseded by another entry and click OK.

Configuring connections for the BlackBerry UEM database
The BlackBerry UEM database is created using the BlackBerry UEM setup application or by running CreateDB using the command prompt window. BlackBerry UEM can connect to the BlackBerry UEM database
using Windows authentication or Microsoft SQL Server authentication.
You can connect to the BlackBerry UEM database using one of the following:

• The service account that you use to complete the installation process
• Windows administrator account that has create_db role permissions
• Microsoft SQL Server account that you specify during the installation process

Specifying database permissions to create the BlackBerry UEM database
Depending on the database option and the type of authentication that you select, you might need to assign database creator permissions to one of the following:

• The service account that you use to complete the installation process
• Microsoft SQL Server account that you specify during the installation process

Database option Database permission

Install Microsoft SQL                         If you choose Windows authentication, the setup application

Server Express automatically assigns the required database permissions to the service the BlackBerry UEM installation             account

Use an existing Microsoft SQL           You must add the service account or Microsoft SQL Server account to the Server in your organization’s dbcreator server role

environment

Verifying database permissions to upgrade the BlackBerry UEM database
BlackBerry UEM connects to the BlackBerry UEM database on the database server using the login information that you specified during the installation process (Windows authentication or Microsoft SQL Server authentication). If you want to use the setup application to upgrade BlackBerry UEM, the service account or Microsoft SQL Server account must have permissions on the database server.
You can configure database permissions using Microsoft SQL Server roles. You must verify that the service account or Microsoft SQL Server account is a member of the dbcreator server role.

Configuring database permissions using Microsoft SQL Server roles

• The setup application requires the service account or Microsoft SQL Server accounts that it uses during the installation or upgrade process to have permissions on the database server to create or upgrade the BlackBerry UEM database. After the installation or upgrade process is completed, you can change the database permissions for the service account or Microsoft SQL Server account to the minimum permissions that BlackBerry UEM requires to run.
• When you change the database permissions, you can use Microsoft SQL Server security to minimize the operations that the service account or Microsoft SQL Server account can perform on the BlackBerry

Database role Description

db_owner                                         The setup application or CreateDB automatically adds the account that you use to create the BlackBerry UEM database to this role.

This role contains the minimum permissions that the setup application or CreateDB requires to upgrade the BlackBerry UEM database.

Configure minimum database permissions for the service account or Microsoft SQL Server account
You can configure minimum database permissions for the service account or Microsoft SQL Server account that BlackBerry UEM uses to connect to the BlackBerry UEM database.

Before you begin: Add a different Windows account or Microsoft SQL Server account to the db_owner database role for the BlackBerry UEM database.

1. Open the Microsoft SQL Server Management Studio.
2. Expand Microsoft SQL Server > Security > Logins.
3. Right-click the service account or Microsoft SQL Server account. Click Properties.
4. Click User Mapping. Select the BlackBerry UEM database.
5. In the Users mapped to this login section, select bes.
6. In the Database role membership for section, select rim_db_bes_server.
7. Remove all other database role memberships except for rim_db_bes_server and public.
8. Click OK.

Backing up the databases

• The setup application automatically backs up the databases as part of the upgrade process.
• You can also use the backup tool that is a part of Microsoft SQL Server to back up the BlackBerry
• UEM and BlackBerry Control databases. For more information, see the Microsoft documentation for Microsoft SQL Server.

Creating or upgrading a BlackBerry UEM database using CreateDB
Note : You cannot upgrade a BES10 database to a BlackBerry UEM database.

• If your organization’s security policies do not allow applications to have permission to create or upgrade databases, you can run CreateDB on the database server to create a BlackBerry UEM database or upgrade to a BlackBerry UEM database instead of using the setup application. After you create or upgrade to the BlackBerry UEM database using CreateDB, you can run the setup application using a service account that has minimum permissions on the database server.

Create a BlackBerry UEM database using CreateDB
Before you begin: Verify that you configured the correct permissions on the database server.
Note:

• You must run CreateDB from a computer that has the full BlackBerry UEM installation files extracted on it. The computer must be able to connect to the computer that hosts the database server that you want to create or upgrade the BlackBerry UEM database on.
• Ensure you are using the latest supported version of Java. For details, see the BlackBerry UEM Compatibility Matrix.

1. If you use a Windows account to create the BlackBerry UEM database, log in to the computer using a Windows account that has database creator permissions.

2. Copy the BlackBerry UEM installation files to the computer and extract the contents to a folder.
   Do not copy used installation files from another computer. You must re-extract the installation files on each computer.

3. Navigate to \db.

4. Open the CreateDB.properties file in a text editor.

5. Change the file to include information that is specific to your organization’s environment.
   For more information on the contents of the createDB. properties file, see CreateDB.properties file.

6. Save and close the file.

7. Open a command prompt window.

8. Change the directory to \db.

9. Type one of the following commands to create or upgrade a BlackBerry UEM database:

Database Configuration Steps

Create a BlackBerry                           Type CreateDB.bat and install CreateDB.properties. UEM database           Press ENTER.
Upgrade a BlackBerry                         Type CreateDB.bat upgrade CreateDB.properties. UEM database           Press ENTER.

• After you finish: Delete the CreateDB.properties file after you create or upgrade the BlackBerry UEM database.

CreateDB.properties file

• The following properties apply to the CreateDB.properties file, which contains configuration information for CreateDB.

Property Description

Database type (BlackBerry UEM)         This property specifies the type of database for BlackBerry UEM.

By default, the database type property is “configuration.database.ng.type= _SQLSERVER “.

You should not modify this property as it is a default setting.

Database server name (BlackBerry      This property specifies the database server name that hosts the UEM)                                  database to create or upgrade to BlackBerry UEM.

By default, the database server name property is “configuration.database.ng.server= localhost “.

Property Description

Database instance name                     This property specifies the database instance name to create or upgrade (BlackBerry UEM) to BlackBerry UEM.

If you use a Microsoft SQL Server instance name; by default, the database instance name property is

“configuration.database.ng.instance= _Microsoft_SQL_Serverinstance name “.

Note: The default Microsoft SQL Server instance name in the CreateDB.properties file is UEM.

If you use another Microsoft SQL Server instance name than UEM , configure the database instance name property to change UEM to your Microsoft SQL Server instance name.

If you do not use a Microsoft SQL Server named instance, verify that the

_Microsoft_SQL_Serverinstance name value is deleted.

Database port (BlackBerry UEM)         This property specifies the port that the database server uses.

If you use a dynamic port configuration, verify that you have no ports listed for this property.

By default, the database port property uses a dynamic port configuration and you do not need to configure this property.

If you use a static port configuration, configure your database port as “configuration.database.ng.port= _static_portnumber “.

Note: If you specify a static port, leave the database instance name property blank.

Database name (BlackBerry UEM)       This property specifies the name of the Microsoft SQL Server database

for BlackBerry UEM.

By default, the database name property is “configuration.database.ng.name= UEM “.

Authentication type (BlackBerry           This property specifies the authentication type as follows:

UEM)                                                •    Windows authentication – by default, configured as INTEGRATED in this properties file

•        Microsoft SQL Server authentication – can be configured as USER in this properties file

If you use Windows authentication, by default your authentication type is “configuration.database.ng.authenticationtype= INTEGRATED “.

Note: If you use Windows authentication, you do not need to configure a user and password in the createdb.properties file.

If you use Microsoft SQL Server authentication, configure your authentication type as “configuration.database.ng.authenticationtype= USER “.

Property Description

Username and Password                     If you use Microsoft SQL Server database authentication, these

– Microsoft SQL Server properties specify the username and password for the database account authentication (USER) (BlackBerry that has database creator permissions.

UEM)                                                By default, the username property you configure for Microsoft SQL Server authentication (USER) is “configuration.database.ng.user= _username “.

By default, the password property you configure for Microsoft SQL Server authentication (USER) is “configuration.database.ng.password= password “.

Performing a test upgrade of the BlackBerry UEM database
You can perform a test upgrade of the BlackBerry UEM database to help you identify and address issues that might occur during the database upgrade without affecting your production environment. You can also find out how long it takes to upgrade the BlackBerry UEM database.
To perform a test upgrade of the BlackBerry UEM database, complete the following steps:

1. Back up the BlackBerry UEM database.
2. Restore the backup version of the BlackBerry UEM database to a database server that does not host the BlackBerry UEM database.
3. Run CreateDB using the command prompt window.

Perform a test upgrade of the BlackBerry UEM database
This task should be performed by a database administrator with the appropriate permissions to back up, restore, and upgrade the BlackBerry UEM database.

Note : If you do not want to run CreateDB on the database server, you must run it on a computer where BlackBerry UEM is installed. The computer must be able to connect to the computer that hosts the database server if you want to perform a test upgrade of the BlackBerry UEM database on.
Before you begin: Verify that you configured the correct permissions on the database server that you want to perform a test upgrade of the BlackBerry UEM database on.

1. Log in to the computer that hosts the database server for the BlackBerry UEM database.

2. Back up the BlackBerry UEM database.

3. Log in to a computer that hosts a database server if you want to perform a test upgrade of the BlackBerry UEM database on.

4. Restore the backup version of the BlackBerry UEM database.

5. Copy the BlackBerry UEM installation files to the computer.
   Do not copy used installation files from another computer. You must re-extract the installation files on each computer.

6. Extract the contents to a folder on the computer.

7. Navigate to \db.

8. Open the CreateDB.properties file in a text editor.

9. Change the file to include information that is specific to your organization’s environment.
   For more information on the contents of the createDB. properties file, see CreateDB.properties file.

10. Save and close the file.

11. Open a command prompt window.

12. Change the directory to \db.

13. Type CreateDB.bat upgrade CreateDB.properties and press ENTER.

BlackBerry UEM Readiness Tool

You can use the BlackBerry UEM Readiness Tool to check system requirements before you run the BlackBerry UEM setup application. The BlackBerry UEM Readiness Tool is included with the UEM software. You can also download the tool from myAccount
The BlackBerry UEM Readiness Tool checks the following requirements:

• Proxy server setting validation
• Minimum operating system requirements
• JRE version
• Minimum hard disk space
• Secure connection
• SRP connection
• Connection to the BlackBerry Dynamics NOC
• Required ports
• Account permissions
• Database validation

Note :

• The BlackBerry UEM Readiness Tool does not check for Microsoft .NET Framework 4.8.
• The BlackBerry UEM Readiness Tool performs a simple CONNECT to determine that ports are open. It does not validate that traffic will flow properly. For example, the BlackBerry UEM Readiness Tool cannot detect issues related to traffic monitoring, SSL termination, or other systems that might reactively close sessions.

Steps to install BlackBerry UEM

The UEM setup application installs the software and creates a UEM database. For a new installation of UEM, perform the following actions:

Step Action

    Review the port requirements.
     Review the preinstallation and upgrade requirements.
     Complete the preinstallation tasks.
     Install a new BlackBerry UEM instance.
    Log in to BlackBerry UEM.

Applications that are installed with BlackBerry UEM
You can use the BlackBerry UEM installation process to install the following third-party applications:

• Microsoft .NET Framework 4.8 (if it is available in the setup application to enable through the Windows Server Manager)
  Note : If a later version of Microsoft .NET Framework is already installed, the UEM setup application does not install Microsoft .NET Framework 4.8.

• Microsoft Visual C++ 2017 Redistributable Package

• Microsoft SQL Server 2017 Express SP1 (if it is selected during the installation process)

• Microsoft SQL Server 2012 Native Client

• RRAS for Windows Server 2012, 2016, 2019, or 2022

If the setup application cannot install RRAS on your computer, you must stop the installation, install it manually, and restart the installation. Windows PowerShell 2.0 or later is required to run RRAS when installing UEM. For more information about installing RRAS manually, visit technet.microsoft.com. If your environment does not require IIS, you can manually uninstall it after installing UEM. If you are installing Microsoft SQL Server 2017 Express SP1, you must uninstall the Microsoft SQL Server 2012 Native Client before you install UEM. If you want to install Microsoft SQL Server 2017 Express SP1 on a computer that does not host BlackBerry UEM, you can copy the UEM installation files to the computer which you want to install Microsoft SQL Server 2017 Express SP1. In the UEM installation files, navigate to the Tools > ext folders and run the sqlexpress.exe file (64-bit).

Supported upgrade environments

When you upgrade to the latest version of BlackBerry UEM, you upgrade the management console and the database.
The following are the supported upgrade paths to UEM version 12.19:

• You can use the setup application to upgrade UEM version 12.17 or later to UEM version 12.19. If you have BES12 version 12.6 or earlier, you must first upgrade all instances to UEM version 12.8.1 (following supported upgrade paths), synchronize the environment, then upgrade to version 12.10, then to version 12.12, then to version 12.14, then to version 12.16, and then to version 12.17  or version 12.18 before you can upgrade to UEM version 12.19.
• If you have Good Control version 4.0 and later and Good Proxy version 4.0 and later, you must first upgrade all instances to UEM version 12.8.1, synchronize the environment, then upgrade to UEM version 12.10, then to version 12.12, then to version 12.14, then to version 12.16, and then to version 12.17 or version 12.18 before you can upgrade to UEM version 12.19.
• You can install UEM and migrate policy sets, connectivity profiles, app groups, app usage (for certificates), and certificates from Good Control (standalone) version 5.0 to UEM.
• You can migrate IT policies, profiles, groups, users, and devices from BES10 to UEM version 12.9, then upgrade or migrate to version 12.11, then to version 12.13, then to version 12.15, then to version 12.17, and then to UEM version 12.19.

Note : For details about supported upgrade paths, visit support.blackberry.com/community to read article 38980. For information about performing Good Control synchronization, visit support.blackberry.com/community to read article 39172.
If you upgrade an environment that has activated BlackBerry Dynamics applications on devices, connections to the application servers, including the mail server, will continue to be supported. For example, the BlackBerry Work application will receive email during the upgrade. BlackBerry Dynamics applications cannot be activated during the upgrade. All servers in the environment must be upgraded before any BlackBerry Dynamics applications can be activated. Upgrade all servers in the environment within 24 hours of the first server upgrade.

Steps o upgrade BlackBerry UEM version 12.17 or later to UEM version 12.19
The BlackBerry UEM version 12.19 setup application upgrades the UEM software and database to UEM version 12.19.
For more information about upgrading a BlackBerry UEM domain that consists of multiple instances of BlackBerry UEM, see Upgrade a domain that consists of multiple instances of BlackBerry UEM.
When you upgrade UEM version 12.17 or later to UEM version 12.19, you perform the following actions:

Step Action

    Review the port requirements.
     Review the preinstallation and upgrade requirements.
     Complete the pre-upgrade tasks.
    Verify the prerequisites.
     Upgrade the BlackBerry UEM software.
     Review the post-upgrade checklist.

Installing or upgrading the BlackBerry UEM software

Install a new BlackBerry UEM instance

• When you run the setup application, use only standard characters to specify values. Unicode characters are not supported.
• If you want to install the device connectivity components only (also known as the BlackBerry Connectivity Node), see Creating server groups and installing BlackBerry Connectivity Node instances.

Before you begin:

• If you install UEM behind a firewall, it cannot connect to the BlackBerry Infrastructure until you configure the proxy server. UEM prompts you the first time you log in to the UEM management console.
• Installing UEM to a mapped network drive is not supported

Note : Do not add any files to the folder that contains the UEM installation files (the default is C:\Program Files\BlackBerry\UEM). During an upgrade, the installer removes the contents of the UEM software directory, including its own installation files.

1. Log in to the computer that you want to install UEM on using the service account.

2. Copy the UEM .zip file to the computer and extract the contents to a folder.
   Do not copy used installation files from another computer. You must re-extract the installation files on each computer.

3. In the UEM installation folder, double-click Setup.exe. If a Windows message appears and requests permission for Setup.exe to make changes to the computer, click Yes.

4. In the Language selection dialog box, select your language.

5. Click OK.

6. In the UEM setup application screen, click Next.

7. In the License Agreement dialog box, perform the following actions:
   a) Select your country or region.
   b) Read the license agreement. To accept the license agreement, select I accept the terms of the license agreement.
   c) Click Next.

8. In the Component selection dialog box, check the boxes for the components you want to install on the computer. Click Next.
   For information about the components, see the Planning content. If you want to install the device connectivity components only (also known as the BlackBerry Connectivity Node), see Creating server groups and installing BlackBerry Connectivity Node instances.

9. In the Installation Requirements dialog box, you can check to see if your computer has met the requirements to install UEM. Click Next.
   The setup application may display a warning that indicates that Microsoft .NET Framework 4.8 is not installed. You can ignore this warning and proceed with the installation. The setup application will automatically
   install Microsoft .NET Framework 4.8 for you if it is not detected on your computer. If a later version of Microsoft .NET Framework is already installed, the UEM setup application does not install Microsoft .NET Framework 4.8.

10. In the Setup type dialog box, select Create a BlackBerry UEM database, and then perform one of the following  actions:

    • Select Install and use Microsoft SQL Server 2017 Express SP1 on this computer if you do not have Microsoft SQL Server installed.
    • If you already have a supported version of Microsoft SQL Server installed, select Use an existing Microsoft SQL Server instance in your organization’s environment.
      You can install the database server on the same computer or use an existing database server in your organization’s environment (local or remote).

11. Click Next.

12. If you selected Use an existing Microsoft SQL Server instance in your organization’s environment, in the  BlackBerry UEM database dialog box, fill out the fields:
    a) In the Microsoft SQL Server name field, type the name of the computer that hosts the database server. If you are using an AlwaysOn FCI, type the SQL Virtual Server Network Name for the WSFC cluster (for example, CompanySQLCluster). If you are using an AlwaysOn availability group, type the Availability Group Listener Virtual Network Name (for example, CompanyListener).
    b) In the Database name field, type a name for the new database.
    c) If you configured the database server to use static ports, select the Static option. If the static port number is not 1433, in the Port field, type the port number.
    d) By default, the setup application uses Windows authentication to connect to the existing database. If you select Microsoft SQL Server authentication, specify a Windows account that has access to the Microsoft SQL Server.
    e) Click Next.

13. In the BlackBerry UEM configuration dialog box, click Next to confirm the UEM host and domain names.

14. In the Folder locations dialog box, perform the following actions:
    a) Specify the location of the installation folder and log file folder.
    b) If you receive a message saying there is not enough space remaining, create extra space to install UEM on your computer.
    c) If you receive a message asking you to create the installation and log file folder locations, click Yes.

15. Click Next.

16. In the Service account dialog box, type the Windows password and click Next.

17. In the Installation summary dialog box, click Install to install UEM.

18. In the Installing dialog box, click Next when the installation is complete.

19. In the Console addresses dialog box, perform one of the following actions:

    • Click Close if you do not want to export your console addresses to a file.
    • Select the Export the console addresses to a file check box and save the file on your computer. Click Close.

After you finish:

• For high availability:
  • You can install an additional BlackBerry UEM instance in the domain to create a high-availability configuration that minimizes service interruptions for device users. For more information about high availability, see the Planning content.
  • If you are using an FCI, use the Failover Cluster Manager tool to manage the FCI and failover settings.
  • If you are using an availability group, use Microsoft SQL Server Management Studio to set up the primary replicas and secondary replicas and to configure failover settings. Visit the MSDN Library to see Getting Started with AlwaysOn Availability Groups and Use the Availability Group Wizard (SQL Server Management Studio). Choose the option to create a full backup for the secondary databases and specify a shared network location that all replicas can access.
• If you want to configure UEM to use a proxy server, see the Configuration content.
• Do not create a shared folder within the installation folder after you install UEM. If you reinstall or upgrade UEM, all of the files and folders in the installation folder are deleted, including the shared folder.
• If an error message for RRAS appears in the Server Manager window, you can disregard it.

Check the ports assigned by the BlackBerry UEM setup application
When you install the first instance of BlackBerry UEM, the setup application assigns the listening ports and stores them in the UEM database. You can run the following script on the database to check the minimum ports that must be open between each UEM instance.
You can change the “WHERE name in” portion of this script to retrieve the port value for any listening port by adding the database name of the port.

Install an additional BlackBerry UEM instance
You can install additional BlackBerry UEM instances to create a high- availability domain. Verify that the computer satisfies the system requirements for installing a BlackBerry UEM instance, and complete the necessary preinstallation and post-installation tasks.
When you install additional BlackBerry UEM instances:

• Install each instance on a separate computer.
• In the setup application, on the Setup type screen, select Use an existing BlackBerry UEM database.
• On the Database information screen, specify the information for the BlackBerry UEM database that you created when you installed the original BlackBerry UEM instance.

After you install an additional BlackBerry UEM instance and complete the necessary post-installation tasks, active-active high availability is available in the domain. User and device data is load-balanced across the BlackBerry UEM instances.

Upgrade BlackBerry UEM version 12.17 and later to BlackBerry UEM version 12.19
Before you begin: If you are upgrading multiple instances of BlackBerry UEM, see Upgrade a domain that consists of multiple instances of BlackBerry UEM.
Note : If you’re upgrading your environment in stages, test your environment after each stage of the upgrade to make sure everything is working as expected. If it is not, resolve any issues before proceeding to the next stage of the upgrade.

1. Log in to the computer using the service account that runs the UEM services.

2. Copy the UEM .zip file to the computer and extract the contents to a folder.
   Do not copy used installation files from another computer. You must re-extract the installation files on each computer.

3. Navigate to .

4. In the UEM installation files, double-click setup.exe.
   If a Windows message appears and requests permission for setup.exe to make changes to the computer, click Yes.

5. In the Language selection dialog box, select your language.

6. Click OK.

7. In the UEM setup application screen, click Next to start the upgrade process.

8. In the License Agreement dialog box, perform the following actions:
   a) Select your country or region.
   b) Read the license agreement. To accept the license agreement, select I accept the terms of the license agreement.
   c) Click Next.

9. In the Installation Requirements dialog box, you can check to see if your computer has met the requirements to install UEM. Click Next.
   The setup application may display a warning that indicates that Microsoft .NET Framework 4.8 is not installed. You can ignore this warning and proceed with the installation. The setup application will automatically
   install Microsoft .NET Framework 4.8 for you if it is not detected on your computer. If a later version of Microsoft .NET Framework is already installed, the UEM setup application does not install Microsoft .NET Framework 4.8.

10. In the Service account dialog box, type the Windows password and click Next.

11. In the Installation summary dialog box, click Install.

12. When the upgrade process completes, click Next, then Close.

Upgrade a domain that consists of multiple instances of BlackBerry UEM

CAUTION : If the recommended upgrade path is to upgrade UEM versions in stages, then you must upgrade all instances to the first stage, restart them, and upgrade them all to the second stage. For example, if you are running UEM version 12.11, you must upgrade all instances to version 12.13, then to version 12.15, and then to version 12.17 before you can upgrade them to UEM version 12.19.

If you’re upgrading your environment in stages, test your environment after each stage of the upgrade to make sure everything is working as expected. If it is not, resolve any issues before proceeding to the next stage of the upgrade.

1. If the upgrade path is from BlackBerry UEM version 12.9.1 or earlier, shut down all instances of UEM in the domain.

2. Upgrade one UEM core instance to UEM version 12.19.
   The setup application also backs up and upgrades the UEM database. After the upgrade, the UEM instance starts automatically.
   When you upgrade a core instance, you must use an upgraded management console instance to connect to that core and manage the domain.

3. Upgrade the other UEM core or management console instances. You can upgrade these remaining UEM instances more than one at a time.

4. Upgrade any BlackBerry Connectivity Node-only instances (that contain only the device connectivity components) last. You can upgrade more than one BlackBerry Connectivity Node-only instance at a time.

Install or upgrade BlackBerry UEM using the command prompt window

You can install BlackBerry UEM server software using the command prompt window. Prior to installing the software using this method, you as an individual or on behalf of your company or other entity on whose behalf you are authorized to act must acknowledge your acceptance of the terms and conditions of the BlackBerry Solution License Agreement for your jurisdiction in the manner provided below. Please review the BlackBerry Solution License Agreement for your jurisdiction (“BBSLA”) at the following link: http://us.blackberry.com/legal/blackberry-solution-license- agreement.html prior to installing or using the BlackBerry UEM server software. By acknowledging your acceptance of the BBSLA in the manner provided below or by installing or using the software, you are agreeing to be bound by the terms and conditions of the BBSLA.
You can install or upgrade to BlackBerry UEM using the command prompt window.

1. Download the BlackBerry UEM software.
2. Extract the BlackBerry UEM installation files.
3. Open a text editor in administrator mode.
4. Use the text editor to open the deployer.properties file.
5. Change the deployer.properties file to include information that is specific to your organization’s environment.
6. In a command prompt window, in the directory where you extracted the BlackBerry UEM installation files, type setup.exe –script –iAcceptBESEULA.
   • Add the parameter –installSQL if you want to install a local Microsoft SQL Server database.
   • Add the parameter –showing if you want to see the progress of the installation on the computer screen.

Install the BlackBerry UEM components on separate computers using the command prompt window
You can install BlackBerry UEM server software using the command prompt window. Prior to installing the software using this method, you as an individual or on behalf of your company or other entity on whose behalf you are authorized to act must acknowledge your acceptance of the terms and conditions of the BlackBerry Solution License Agreement for your jurisdiction in the manner provided below. Please review the BlackBerry Solution License Agreement for your jurisdiction (“BBSLA”) at the following link: http://us.blackberry.com/legal/blackberry-solution-license- agreement.html prior to installing or using the BlackBerry UEM server software. By acknowledging your acceptance of the BBSLA in the manner provided below or by installing or using the software, you are agreeing to be bound by the terms and conditions of the BBSLA. After you install BlackBerry UEM on a computer, you can install the BlackBerry UEM management console, the primary BlackBerry UEM components, and the BlackBerry Connectivity Node on separate computers using the command prompt window. For more information about the BlackBerry Connectivity Node, see Creating server groups and installing BlackBerry Connectivity Node instances.

1. Download the BlackBerry UEM software.
2. Extract the BlackBerry UEM installation files.
3. Open a text editor in administrator mode.
4. Use the text editor to open the deployer.properties file.
5. Change the following properties in the deployer.properties file:
   • Add or change information that is specific to your organization’s environment.
   • If you want to install the BlackBerry UEM management console, set the deploy.ui, deploy. core, and deployment.ui.only properties to True, and set the deploy.mdm.ec and deploy.bcn properties to False.
   • If you want to install the primary BlackBerry UEM components, set the deploy. mdm. ec property to True, and set the deploy. ui and deploy.bcn properties to False.
   • If you want to install the BlackBerry Connectivity Node, set the deploy.bcn property to True, and set the deploy.ui and deploy. mdm.ec properties to False.
6. In a command prompt window set to the folder where you extracted the BlackBerry UEM installation files, type setup.exe –script –iAcceptBESEULA.
   Add the parameter –showing if you want to see the progress of the installation on the computer screen when you use the command prompt window.

deployer.properties file
The following properties apply to the deployer.properties file.

The default location for the installation files is C:/Program Files/ BlackBerry/UEM.

logging. common.path| Specify the location for the log files.

The default location for the log files is C:/Program Files/ BlackBerry/UEM/Logs.

db.host1| Specify the name of the database server that hosts the BlackBerry UEM database.

The default entry is localhost.

db.instance| If your environment uses named instances, specify the name of the database instance. If your environment does not use named instances, leave it blank.

The default entry is UEM.

db.port| Specify the port that the database server uses to connect to BlackBerry UEM. For a dynamic port, leave this field blank. For a static port, type the port number.

The default entry is blank.

Note: If you specify a static port, leave the db.instance field blank.

db.static.port.enablement| For a dynamic port, set this field to #. For a static port, leave this field blank.

The default entry is #.

db.name| Specify the name of the BlackBerry UEM database. The default BlackBerry UEM database name is UEM.
Property| Description
---|---
db.authentication.type| For Microsoft SQL Server authentication, type USER. For Windows authentication, type INTEGRATED.

The default entry is INTEGRATED.

db.user| This field is required if you are using Microsoft SQL Server authentication. Specify the username for the Microsoft SQL Server database. Leave this blank if you are using Windows authentication.
db.pass| This field is required if you are using Microsoft SQL Server authentication. Specify the password for the Microsoft SQL Server database. Leave this blank if you are using Windows authentication.
service.account.name| This field is automatically populated
service.account.password| This field is required. Specify the password for the Windows service account.
db. backup.folder| Specify a location for the database backup file. To use the default backup folder, enter a period (.). To skip a database backup, leave this field blank.

The default entry is a period (.).

deploy. bcn| Set to true to install the device connectivity components. The default entry is true.
deploy.mdm.ec| Set to true to install the primary BlackBerry UEM components. The default entry is true.
deploy.ui| Set to true to install the BlackBerry UEM management console. The default entry is true.
deploy.ui.only| Set to true to install the BlackBerry UEM management console. The default entry is true.
ui.port| Specify the port used by the BlackBerry UEM management console. The default port is 443.
start. windows.services| Set to true to start the BlackBerry UEM services after the installation is complete.

Set to false if you do not want the BlackBerry UEM services to start after the upgrade is complete.

The default entry is true.

alternate. machine.fqdn| Optionally, specify an alternate FQDN to represent this computer in the BlackBerry UEM domain.

Installing BlackBerry UEM in a DMZ

You can install BlackBerry UEM in a DMZ, outside of your organization’s firewall. If you install BlackBerry UEM in a DMZ:

• Verify that you open the required ports on your organization’s firewall.
• Review the Preinstallation and upgrade requirements, including the required DNS configuration tasks.
• Manually stop the BlackBerry Proxy service.

Post-upgrade checklist
Review this checklist after you upgrade to the latest version of BlackBerry UEM.

Item

Confirm that all servers and components have been upgraded to the same version.
Do not manually start any services that are not set to Automatic.
Validate that all UEM services that are set to Automatic are started.
Confirm device connectivity. Device connectivity may be functional after at least one BlackBerry UEM Core server and at least one BlackBerry Connectivity Node are upgraded, but in larger environments, full functionality should not be expected until all servers are fully upgraded.
Launch the UEM management console and validate its functionality. See Logging in to BlackBerry UEM for the first time.
Validate that all installed UEM instances are visible and running (Settings > Infrastructure).
Configure UEM. See the Configuration content.
If you use Knox Mobile Enrollment, confirm that the configuration.json file is up to date. For instructions, see KB 108125.

Creating server groups and installing BlackBerry Connectivity Node instances

• You can install one or more instances of the BlackBerry Connectivity Node to add additional instances of the device connectivity components to your organization’s domain. Each BlackBerry Connectivity Node instance contains the following BlackBerry UEM components: BlackBerry Secure Connect Plus, the BlackBerry Gatekeeping Service, the BlackBerry Secure Gateway, BlackBerry Proxy, and the BlackBerry Cloud Connector.
• You can also create server groups. A server group contains one or more instances of the BlackBerry Connectivity Node. When you create a server group, you specify the regional data path that you want the components to use to connect to the
• BlackBerry Infrastructure. You can associate email and enterprise connectivity profiles with a server group. Any device that is assigned those profiles uses that server group’s regional connection to the BlackBerry Infrastructure when it uses any of the components of the BlackBerry Connectivity Node.
• Optionally, you can designate each BlackBerry Connectivity Node in a server group to handle a single connection type: BlackBerry Secure Connect Plus only, BlackBerry Secure Gateway only, or BlackBerry Proxy only. This frees up server resources to allow fewer servers required for the same number of users or containers.
• For more information about planning for server groups and BlackBerry Connectivity Node instances, see the Planning content.

To create server groups and install one or more instances of the BlackBerry Connectivity Node, perform the following actions:

Step Action

     Create server groups (optional).
     Change the default settings for BlackBerry Connectivity Node instances (optional).
     Install a BlackBerry Connectivity Node instance.
     Activate a BlackBerry Connectivity Node instance.
     Configure proxy settings for a BlackBerry Connectivity Node instance (optional).
     Add a BlackBerry Connectivity Node instance to a server group (optional).

Create a server group
Before you begin: Install an additional BlackBerry Connectivity Node

1. On the menu bar, click Settings > External integration > BlackBerry Connectivity Node setup.

2. Click

3. Type a name and description for the server group.

4. n the Country drop-down list, select the country where one or more instances of the BlackBerry Connectivity Node will be installed. The BlackBerry Connectivity Node instances that are added to the server group will use the selected country’s regional connection to the BlackBerry Infrastructure.

5. By default, the BlackBerry Gatekeeping Service in each BlackBerry Connectivity Node instance is active. If you want gatekeeping data to be managed only by the BlackBerry Gatekeeping Service that is installed with the primary BlackBerry UEM components, select the Override BlackBerry Gatekeeping Service settings check box to disable each BlackBerry Gatekeeping Service in the server group.

6. If you want to use DNS settings for BlackBerry Secure Connect Plus that are different from the default settings that are configured at Settings > Infrastructure > BlackBerry Secure Connect Plus, select the Override DNS servers check box. Perform the following tasks:
   a) In the DNS servers section, click+. Type the DNS server address in dot- decimal notation (for example, 192.0.2.0). Click Add. Repeat as necessary.
   b) In the DNS search suffix section, click+. Type the DNS search suffix (for example, domain.com). Click Add. Repeat as necessary.
   For more information, see Enabling and Configuring Enterprise Connectivity and BlackBerry Secure Connect Plus in the Administration content.

7. If you want to configure logging settings for the BlackBerry Connectivity Node instances in the server group, select the Override logging settings check box. Perform any of the following tasks:
   • In the Server log debug levels drop-down list, select the appropriate log level.
   • If you want to route log events to a syslog server, select the Syslog check box and specify the hostname and port of the syslog server.
   • If you want to specify maximum limits for log file size and age, select the Enable local file destination check box. Specify the size limit (in MB) and the age limit (in days).

8. If you want to designate the BlackBerry Connectivity Node for only one connection type, select the Enable single-service performance mode check box. In the drop-down menu, select the connection type (BlackBerry Secure Connect Plus only, BlackBerry Secure Gateway only, or BlackBerry Proxy only.

9. If you want to specify the BlackBerry Secure Gateway settings for the BlackBerry Connectivity Node instance in the server group, select the Override BlackBerry Secure Gateway settings check box. For iOS devices running iOS 13.0 or later that use modern authentication to connect to Microsoft Exchange Online specify the discovery endpoint and mail server resource.
   a) Select the Enable OAuth for mail server authentication check box.
   b) In the Discovery endpoint field, specify the URL to use for discovery requests using OAuth for authentication. Enter the discovery endpoint in the format https:///.well-known/openid-configuration (for example, https://login.microsoftonline.com/common/.well-known/openid- configuration) or https://login.windows.net/common/.well-known/openid- configuration).
   c) In the Mail server resource field, specify the URL of the mail server resource to use for authorization and token requests using OAuth. For example, https://outlook.office365.com.

10. Click Save.
    After you finish:

    • If you disabled the BlackBerry Gatekeeping Service instances in a server group and you want to enable them again, in Settings > External integration > BlackBerry Connectivity Node setup, select the server group and select the Enable the BlackBerry Gatekeeping Service check box. Each instance must be able to access your organization’s gatekeeping server.
    • Install a BlackBerry Connectivity node instance. You can add an instance to a server group when you activate a BlackBerry Connectivity Node instance or manually in the management console (see Manage server groups).
    • For more information about associating an email profile with a server group, see Create an email profile in the Administration content.
    • For more information about associating an enterprise connectivity profile with a server group, see Enabling and configuring enterprise connectivity and BlackBerry Secure Connect Plus in the Administration content.

Change the default settings for BlackBerry Connectivity Node instances

By default, the BlackBerry Gatekeeping Service in each BlackBerry Connectivity Node instance is active. If you want gatekeeping data to be managed only by the BlackBerry Gatekeeping Service that is installed with the primary BlackBerry UEM components, you can change the default behavior to disable the BlackBerry Gatekeeping Service in each instance. You can specify the default logging settings for all BlackBerry Connectivity Node instances. You can also enable the BlackBerry Secure Gateway settings for all BlackBerry Connectivity Node instances and specify the discovery endpoint and mail server resource that iOS devices that run iOS 13.0 or later must use to authenticate to Microsoft Exchange Online using modern authentication.
The default settings apply to each BlackBerry Connectivity Node instance that is not in a server group. When an instance is part of a server group, it uses the default settings configured for that server group.

1. In the BlackBerry UEM management console, on the menu bar, click Settings > External integration > BlackBerry Connectivity Node setup.

2. Click

3. If you want to disable the BlackBerry Gatekeeping Service in each instance, select the Override BlackBerry Gatekeeping Service settings check box.

4. If you want to configure logging settings, select the Override logging settings check box. Perform any of the following tasks:
   • In the Server log debug levels drop-down list, select the appropriate log level.
   • If you want to route log events to a syslog server, select the Syslog check box and specify the hostname and port of the syslog server.
   • If you want to specify maximum limits for log file size and age, select the Enable local file destination check box. Specify the size limit (in MB) and the age limit (in days).

5.  If you want to specify the BlackBerry Secure Gateway in each instance, select the Override BlackBerry Secure Gateway settings check box. For iOS devices that run 13.0 or later and use modern authentication to connect to Microsoft Exchange Online, complete the following steps to specify the discovery endpoint and mail server resource:
   a) Select the Enable OAuth for mail server authentication check box.
   b) In the Discovery endpoint field, specify the URL to use for discovery requests using OAuth.  Enter the discovery endpoint in the format https:///.well-known/openid-configuration (for example, https://login.microsoftonline.com/common/.well-known/openid-configuration, or https://login.windows.net/common/.well-known/openid- configuration).
   c) In the Mail server resource field, specify the URL of the mail server resource to use for authorization and token requests using OAuth (for example, https://outlook.office365.com).

6.  Click Save.

After you finish: If you disabled the BlackBerry Gatekeeping Service instances and you want to enable them again, select the Enable the BlackBerry Gatekeeping Service check box. Each instance must be able to access your organization’s gatekeeping server.

Prerequisites: Install a BlackBerry Connectivity Node instance

• Verify that the computer is running Windows PowerShell 2.0 or later. This is required for the setup application to install RRAS for BlackBerry Secure Connect Plus and the BlackBerry Gatekeeping Service.
  Note : If the setup application cannot install RRAS on the computer, you must stop the installation, install RRAS manually, and restart the installation.

• Use a Windows account with permissions to install and configure software on the computer that will host the BlackBerry Connectivity Node.

• Verify that the following outbound ports are open in your organization’s firewall so that the BlackBerry Connectivity Node components (and any associated proxy servers) can communicate with the BlackBerry Infrastructure (region.bbsecure.com):

  • 443 (HTTPS) to activate the BlackBerry Connectivity Node
  • 3101 (TCP) for all other outbound connections

• Set an environment variable for the Java location

Install a BlackBerry Connectivity Node instance
You must install each BlackBerry Connectivity Node instance on a separate computer. Perform the following steps for each instance you want to install.
Before you begin: Review the Prerequisites: Install a BlackBerry Connectivity Node instance.

1. Log in to the computer that you want to install the BlackBerry Connectivity Node instance on.
   Unless you are installing the BlackBerry Connectivity Node instance in a DMZ, it is best practice to use the same service account that was used to install the primary BlackBerry UEM components.

2. Copy the UEM installation files to the computer.
   Do not copy used installation files from another computer. You must re-extract the installation files on each computer.

3. In the UEM installation folder, double-click Setup.exe. If a Windows message appears and requests permission for Setup.exe to make changes to the computer, click Yes.

4.  In the Language selection dialog box, select your language.

5. Click OK.

6. In the UEM setup application screen, click Next.

7. In the License Agreement dialog box, select your country or region, then review and accept the license agreement.

8. Click Next.

9.  In the Component selection dialog box, clear the Management console and Primary components check boxes, and select the Device connectivity components check box.
   For information about the components that will be installed, see the Architecture content and the Planning content.

10. Click Next.

11. In the Installation Requirements dialog box, you can check to see if your computer has met the requirements to install the BlackBerry Connectivity Node. Click Next.
    The setup application may display a warning that indicates that Microsoft .NET Framework 4.8 is not installed. You can ignore this warning and proceed with the installation. The setup application will automatically install Microsoft .NET Framework 4.8 for you if it is not detected on your computer. If a later version of  Microsoft .NET Framework is already installed, the UEM setup application does not install Microsoft .NET Framework 4.8.

12. In the BlackBerry UEM configuration dialog box, confirm the hostname. Click Next.

13. In the Folder locations dialog box, perform the following actions
    a) Specify the location of the installation folder and log file folder.
    b) If you receive a message saying there is not enough space remaining, create extra space to install the BlackBerry Connectivity Node.
    c) If you receive a message asking you to create the installation and logs folder locations, click Yes.

14. Click Next.

15. In the Service Account dialog box, type the password for the service account. Click Next.

16. In the Installation summary dialog box, click Install.

17. In the Installing dialog box, click Next when the installation is complete.

18. In the Console addresses dialog box, you can select the Export the console addresses to a file check box to save the address of the BlackBerry Connectivity Node console (http://localhost:8088) to a text file on your computer.
    You can open the BlackBerry Connectivity Node console at any time from the Start menu.

19. Click Close. If you choose to save the address of the console, specify the location.

After you finish: Activate a BlackBerry Connectivity Node instance.

Activate a BlackBerry Connectivity Node instance

• To activate a BlackBerry Connectivity Node instance, you must generate and download an activation file from the UEM management console and upload it to the BlackBerry Connectivity Node console. The activation process connects that instance to the primary UEM components.
• The activation file is valid for 60 minutes only after you download it. If you generate and download multiple activation files, only the latest file is valid. If you need to activate multiple instances of the BlackBerry Connectivity Node, complete the steps below for each instance.
• When you configure a new BlackBerry Connectivity Node, the first packet is not encrypted (non-SSL) and is used to establish encrypted (SSL) communications. All subsequent packets are encrypted (SSL). If your organization has a firewall rule for port 443 that allows only SSL packets, you must set a firewall exception for the initial activation of the BlackBerry Connectivity Node. You can remove the exception after activation.

1. In the UEM management console, on the menu bar, click Settings > External integration > BlackBerry Connectivity Node setup.

2. Click

3. If you want to add the BlackBerry Connectivity Node instance to an existing server group when you activate it, in the Server group drop-down list, click the appropriate server group.

4. Click Generate.

5. Save the activation file to the computer that hosts the BlackBerry Connectivity Node.

6. On the computer that hosts the BlackBerry Connectivity Node, open the BlackBerry Connectivity Node console from the Start menu or open a browser window and navigate to http://localhost:8088.

7. Select a language from the drop-down list. Click Next.

8. Optionally, you can do any of the following

   • If you want to use a proxy setting other than the default (port 443) to connect to the BlackBerry Infrastructure (.bbsecure.com) to activate the BlackBerry Connectivity Node, click the “here” link to configure the proxy settings and enter the information for the enrollment proxy.
     The proxy must be able to access port 443 to the BlackBerry Infrastructure. You cannot change the enrollment proxy setting after you activate the BlackBerry Connectivity Node.

   • If you want to send data through an HTTP proxy before it reaches the BlackBerry Dynamics NOC, click the “here” link. Click Enable HTTP proxy and configure the proxy settings. You cannot change the proxy settings once they are saved.
     The proxy must be able to access port 443 to the BlackBerry Dynamics NOC.

   • You have the option of configuring other proxy settings at this point. For more information about the available proxy options, see Configure proxy settings for a BlackBerry Connectivity Node instance.

9. Type a name for the BlackBerry Connectivity Node. Click Next.

10. .Click Browse. Navigate to and select the activation file.

11. Click Activate.
    If you want to add a BlackBerry Connectivity Node instance to an existing server group when you activate it, your organization’s firewall must allow connections from that server over port 443 through the BlackBerry Infrastructure (.bbsecure.com) to activate the BlackBerry Connectivity Node and to the same bbsecure.com region as the main BlackBerry Connectivity Node instance.

To view the status of a BlackBerry Connectivity Node instance, in the UEM management console, on the menu bar, click Settings > External integration > BlackBerry Connectivity Node setup.
After you finish:

• Optionally, Configure proxy settings for a BlackBerry Connectivity Node instance.
• To add a BlackBerry Connectivity Node instance to a server group, or remove an instance from a server group, see Manage server groups.
• For instructions for configuring the BlackBerry Gatekeeping Service, see the Configuration content.
• For instructions for configuring BlackBerry Proxy and creating clusters, see the Configuration content. For more information about configuring connectivity for BlackBerry Dynamics apps, see Setting up network connections for BlackBerry Dynamics apps in the Administration content.
• For instructions for enabling BlackBerry Secure Connect Plus, see Enabling and Configuring Enterprise Connectivity and BlackBerry Secure Connect Plus in the Administration content.

Configure proxy settings for a BlackBerry Connectivity Node instance
You can configure the components of the BlackBerry Connectivity Node to send data through a TCP proxy server (transparent or SOCKS v5) before it reaches the BlackBerry Infrastructure.

1. On the computer that hosts the BlackBerry Connectivity Node, open the BlackBerry Connectivity Node console from the Start menu or open a browser and navigate to http://localhost:8088.
2. Click General settings > Proxy.

3. Perform any of the following tasks:
   Task Steps

   Send data through a            a. Select the Proxy server option.

SOCKS v5 proxy server b. Select the Enable SOCKS v5 check box. (no authentication)    c. Click +.

to the BlackBerry d. Type the IP address or hostname of the SOCKS v5 proxy server. Click Add.

Infrastructure e. Repeat steps 3 and 4 for each SOCKS v5 proxy server that you want to

configure.

f. In the Port field, type the port number.

g. Click Save.

Send data by performing any of the following tasks:

a transparent proxy      •    In the BlackBerry Connectivity Node fields, type the FQDN or IP address and server to the BlackBerry port number of the proxy server.

Infrastructure     •    In the Device connectivity components fields, type the FQDN or IP address

and port number of the proxy server. This setting applies to the BlackBerry Gatekeeping Service and the BlackBerry Secure Gateway.

•        In the BlackBerry Secure Connect Plus fields, type the FQDN or IP address and port number of the proxy server.

4. Click Save.

Manage server groups
You can add a BlackBerry Connectivity Node instance to a server group at any time, or remove an instance from a server group at any time. If you add an instance to a server group, that instance uses the settings that have been configured for that server group (for example, the components of that instance will use the specified regional connection to the BlackBerry Infrastructure). If you remove an instance from a server group, that instance uses the default settings that are configured on the BlackBerry Connectivity Node setup screen (see Change the default settings for BlackBerry Connectivity Node instances).

1. In the BlackBerry UEM management console, on the menu bar, click Settings > External integration > BlackBerry Connectivity Node setup.
2. Select a BlackBerry Connectivity Node instance.
3. Perform one of the following tasks:
   a) To add an instance to a server group, click . Select the appropriate server group. Click OK.
   b) To remove an instance from a server group, click . In the confirmation dialog box, click OK.

Logging in to BlackBerry UEM for the first time

The first time that you log in to the management console after you install BlackBerry UEM, you must enter your organization name, SRP ID, and SRP authentication key.
CAUTION : Do not reuse the SRP ID from previous BES5, BES10, BES12, or BlackBerry UEM instances when you install a new instance of BlackBerry UEM. You can view the SRP ID and authentication key for your BES10 and BlackBerry UEM instances in myAccount, under My Organization > Servers.

Log in to BlackBerry UEM for the first time
Before you begin: Verify that you have the BlackBerry UEM SRP identifier and SRP authentication key available.
If the setup application is still open, you can access the management console directly from the Console addresses dialog box.
Note : You may be prompted to provide the IP address and port number of a TCP proxy server.
Note : If you receive an error message that your SRP ID cannot be used with the BlackBerry UEM instance you installed, visit support.blackberry.com/community to read article 37117.

1. In the browser, type https:///admin, where is the FQDN of the computer that hosts the management console. The default port for the management console is port 443.
2. In the Username field, type admin.
3. In the Password field, type password.
4. Click Sign in.
5. In the Server location drop-down selection, select the country of the computer that has BlackBerry UEM installed on it, and click Next.
6. Type the name of your organization, the SRP identifier, and the SRP authentication key.
7.  Click Submit.
8. Change the temporary password to a permanent password.
9. Click Submit.

After you finish:

• When you log in to the management console, you can choose to complete or close the Welcome to BlackBerry UEM dialog box. If you close the dialog box, it will not appear during subsequent login attempts.

Removing the BlackBerry UEM software
You can use the uninstall application to remove the BlackBerry UEM software from a server. The uninstall application can also remove the log files for the existing installation.
The uninstall application removes the software from the local server, but it does not do the following:

• Remove the BlackBerry UEM server from the BlackBerry UEM database
• Remove the database instance that hosts the BlackBerry UEM database
• Remove the BlackBerry UEM database
• Deregister the components from the BlackBerry Dynamics NOC

Therefore, before you reinstall the BlackBerry UEM software, you must remove the BlackBerry UEM instance from the management console. When you remove a BlackBerry UEM instance from the management console, the BlackBerry Control and BlackBerry Proxy instances are deregistered from the BlackBerry Dynamics NOC. This is a necessary step for decommissioning.
Note : If this installation was originally BES12 version 12.5 or earlier before you reinstall, visit visit
support.blackberry.com/community to read article 45102.
Note : If the BlackBerry UEM instance is connected to your Google Cloud or Google Workspace domain, you must remove the Google domain connection before you uninstall BlackBerry UEM.

Remove the BlackBerry UEM software
Important: When you decommission a BlackBerry UEM node or legacy BlackBerry Dynamics server, make sure that active containers have contacted the new nodes to obtain an updated connectivity profile before the old nodes are removed. Bring up the new nodes and keep the old nodes running for a transitional period. For example, if you set the connectivity verification period to 30 days and the inactivity threshold to 60 days, allow 60 days for the transition to complete.
Before you begin:

• If you have it configured, remove the Google domain connection. For more information, see the Configuration content.
• If you are troubleshooting, back up the following data before decommissioning:
  • \Program Files\BlackBerry\UEM\Logs
  • BlackBerry UEM database

1. On the taskbar, click Start > Control Panel > Programs > Programs and Features.
2. Click Uninstall a program.
3. Click BlackBerry UEM.
4. Click Uninstall.
5. If the uninstall application prompts you to restart the computer to finish removing the BlackBerry UEM software, click OK.

After you finish: You can remove third-party software that the setup application installed during the BlackBerry UEM installation process (for example, you can remove the JRE software from the computer).

Remove a BlackBerry UEM instance from the database
If you uninstall a BlackBerry UEM instance, you must complete the following steps to remove the data for that instance from the BlackBerry UEM database. If you do not, the BlackBerry UEM log files indicate that the instance that you removed is not available.
Before you begin:

• Uninstall the BlackBerry UEM connectivity software.
• Make sure you are logged on as a user that has permission to remove the instance. (By default, the Security Administrator or Enterprise Administrator role.)

1. On the menu bar, click Settings > Infrastructure > Instances.
2. For the BlackBerry UEM instance that you removed, click 
3. Click Delete.

Rebuilding a BlackBerry UEM server instance

• You can rebuild a BlackBerry UEM instance after a hardware or other failure.
• If possible, you should restore the BlackBerry UEM instance using a server snapshot or image.
• If no server snapshot or image exists, remove the BlackBerry UEM instance information from the BlackBerry UEM database before you reinstall it. (For more information, see Remove a BlackBerry UEM instance from the database.)
• After you have removed the BlackBerry UEM instance from the database, install the instance on the new server.

Removing the BlackBerry Connectivity Node software
You can use the uninstall application to remove the BlackBerry UEM connectivity software from a server. The uninstall application can also remove the log files for the existing installation.
The uninstall application removes the software from the local server, but it does not do the following:

• Remove the BlackBerry Connectivity Node instance from the BlackBerry UEM database
• Remove the database instance that hosts the BlackBerry UEM database
• Remove the BlackBerry UEM database
• Deregister the components from the BlackBerry Dynamics NOC

Therefore, before you reinstall the BlackBerry UEM connectivity software, you must remove the BlackBerry Connectivity Node instance from the management console. When you remove a BlackBerry Connectivity
Node instance from the management console, the BlackBerry Proxy instance is deregistered from the BlackBerry Dynamics NOC. This is a necessary step for decommissioning.
Note : If you upgraded a Good Proxy server to a BlackBerry Connectivity Node instance, the BlackBerry
Proxy service will be registered with the BlackBerry Dynamics NOC. Before you can properly remove
the BlackBerry Connectivity Node, you must activate it, and then remove it. See Activate a BlackBerry Connectivity Node instance.

Remove the BlackBerry Connectivity Node software
Before you begin: If you are troubleshooting, back up \Program Files\BlackBerry\UEM\Logs before decommissioning.

1. On the taskbar, click Start > Control Panel > Programs > Programs and Features.
2.  Click Uninstall a program.
3. Click BlackBerry UEM.
4. Click Uninstall.
5. If the uninstall application prompts you to restart the computer to finish removing the BlackBerry UEM software, click OK.

After you finish: You can remove third-party software that the setup application installed during the BlackBerry UEM installation process (for example, you can remove the JRE software from the computer).

Remove a BlackBerry Connectivity Node instance from the database
If you uninstall a BlackBerry Connectivity Node instance, you must complete the following steps to remove the data for that instance from the BlackBerry UEM database. If you do not, the BlackBerry UEM log files indicate that the instance that you removed is not available.
Before you begin:

• Uninstall the BlackBerry UEM connectivity software.
• Make sure you are logged on as a user that has permission to remove the instance. (By default, the Security Administrator or Enterprise Administrator role.)

1. On the menu bar, click Settings > External integration > BlackBerry Connectivity Node setup.
2. Select the checkbox beside the BlackBerry Connectivity Node that you want to remove.
3. Click
4. Click Delete.

Rebuilding a BlackBerry Connectivity Node instance

You can rebuild a BlackBerry Connectivity Node after a hardware failure or other failure. If possible, restore the BlackBerry Connectivity Node using a server snapshot or image.

Troubleshooting BlackBerry UEM installation or upgrade

• In some cases, you might need to troubleshoot a BlackBerry UEM installation or upgrade issue. Some isolated cases may require you to return to the previous version of the software and then retry the upgrade. The approach to take depends on the current state of your environment and the BlackBerry UEM software versions involved in the upgrade.
• For detailed information about troubleshooting BlackBerry UEM installation and upgrade, visit support.blackberry.com/kb to read article 49655.

**Additional information

**

Best practice: Running BlackBerry UEM

Best practice Description

Do not change the startup type for        When you install or upgrade to BlackBerry UEM, the setup application the BlackBerry UEM services. configures the startup type for the BlackBerry UEM services as either

automatic or manual.

To avoid errors in BlackBerry UEM, do not change the startup type for the BlackBerry UEM services.

Do not change the account                 When you install or upgrade BlackBerry UEM, the setup application information for the BlackBerry UEM configures the account information for the BlackBerry UEM services. services. Do not change the account information for BlackBerry UEM unless the

BlackBerry UEM documentation specifies that you can.

BlackBerry UEM Configuration Tool
If your organization plans to support more than 500 users, use the BlackBerry UEM Configuration Tool to calculate the number of SRP IDs you require. After you install BlackBerry UEM, run the BlackBerry UEM Configuration
Tool to import the SRPs into the BlackBerry UEM database before you add or migrate users. The BlackBerry UEM Configuration Tool is included with the BlackBerry UEM software. You can also download the tool
from myAccount.
The BlackBerry UEM Configuration Tool allows you to:

• Update or change the following BlackBerry UEM database properties:
• Microsoft SQL Server name
• Database name
• Port configuration database authentication
• Windows username
• Windows password
• Calculate the number of SRP IDs required for BlackBerry UEM based on the projected total number of users
• Import extra SRP IDs into the BlackBerry UEM database

For more details on the BlackBerry UEM Configuration Tool, visit support.blackberry.com/community to read article 36443.
For more information about obtaining and importing SRP IDs, visit support.blackberry.com/community to read article 36435.

Legal notice

©2023 BlackBerry Limited. Trademarks, including but not limited to BLACKBERRY, BBM, BES, EMBLEM Design, ATHOC, CYLANCE and SECUSMART are the trademarks or registered trademarks of BlackBerry Limited, its subsidiaries and/or affiliates, used under license, and the exclusive rights to such trademarks are expressly reserved. All other trademarks are the property of their respective owners. Patents, as applicable, are identified at: www.blackberry.com/patents.
This documentation including all documentation incorporated by reference herein such as documentation provided or made available on the BlackBerry website provided or made accessible “AS IS” and “AS AVAILABLE” and without condition, endorsement, guarantee, representation, or warranty of any kind by BlackBerry Limited and its affiliated companies (“BlackBerry”) and BlackBerry assumes no responsibility for any typographical, technical, or other inaccuracies, errors, or omissions in this documentation. In order to protect BlackBerry’s proprietary and confidential information and/or trade secrets, this documentation may describe some aspects of BlackBerry technology in generalized terms. BlackBerry reserves the right to periodically change information that is contained in this documentation; however, BlackBerry makes no commitment to provide any such changes, updates, enhancements, or other additions to this documentation to you in a timely manner or at all.
This documentation might contain references to third-party sources of information, hardware or software, products or services including components and content such as content protected by copyright and/or third-party websites (collectively the “Third Party Products and Services”). BlackBerry does not control, and is not responsible for, any Third Party Products and Services including, without limitation the content, accuracy, copyright compliance, compatibility, performance, trustworthiness, legality, decency, links, or any other aspect of Third Party Products and Services. The inclusion of a reference to Third Party Products and Services in this documentation does not imply endorsement by BlackBerry of the Third Party Products and Services or the third party in any way.
EXCEPT TO THE EXTENT SPECIFICALLY PROHIBITED BY APPLICABLE LAW IN YOUR JURISDICTION, ALL CONDITIONS, ENDORSEMENTS, GUARANTEES, REPRESENTATIONS, OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, ANY CONDITIONS, ENDORSEMENTS, GUARANTEES, REPRESENTATIONS OR WARRANTIES OF DURABILITY, FITNESS FOR A PARTICULAR PURPOSE OR USE, MERCHANTABILITY, MERCHANTABLE QUALITY, NON-INFRINGEMENT, SATISFACTORY QUALITY, OR TITLE, OR ARISING FROM A STATUTE OR CUSTOM OR A COURSE OF DEALING OR USAGE OF TRADE, OR RELATED TO THE DOCUMENTATION OR ITS USE, OR PERFORMANCE OR NON-PERFORMANCE OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICES REFERENCED HEREIN, ARE HEREBY EXCLUDED. YOU MAY ALSO HAVE OTHER RIGHTS THAT VARY BY STATE OR PROVINCE. SOME JURISDICTIONS MAY NOT ALLOW THE EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES AND CONDITIONS. TO THE EXTENT PERMITTED BY LAW, ANY IMPLIED WARRANTIES OR CONDITIONS RELATING TO THE DOCUMENTATION TO THE EXTENT THEY CANNOT BE EXCLUDED AS SET OUT ABOVE, BUT CAN BE LIMITED, ARE HEREBY LIMITED TO NINETY (90) DAYS FROM THE DATE YOU FIRST ACQUIRED THE DOCUMENTATION OR THE ITEM THAT IS THE SUBJECT OF THE CLAIM. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, IN NO EVENT SHALL BLACKBERRY BE LIABLE FOR ANY TYPE OF DAMAGES RELATED TO THIS DOCUMENTATION OR ITS USE, OR PERFORMANCE OR NON-PERFORMANCE OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICES REFERENCED HEREIN INCLUDING WITHOUT LIMITATION ANY OF THE FOLLOWING DAMAGES: DIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, INDIRECT, SPECIAL, PUNITIVE, OR AGGRAVATED DAMAGES, DAMAGES FOR LOSS OF PROFITS OR REVENUES, FAILURE TO REALIZE ANY EXPECTED SAVINGS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, LOSS OF BUSINESS OPPORTUNITY, OR CORRUPTION OR LOSS OF DATA, FAILURES TO TRANSMIT OR RECEIVE ANY DATA, PROBLEMS ASSOCIATED WITH ANY APPLICATIONS USED IN CONJUNCTION WITH BLACKBERRY PRODUCTS OR SERVICES, DOWNTIME COSTS, LOSS OF THE USE OF BLACKBERRY PRODUCTS OR SERVICES OR ANY PORTION THEREOF OR OF ANY AIRTIME SERVICES, COST OF SUBSTITUTE GOODS, COSTS OF COVER, FACILITIES OR SERVICES, COST OF CAPITAL, OR OTHER SIMILAR PECUNIARY LOSSES, WHETHER OR NOT SUCH DAMAGES WERE FORESEEN OR UNFORESEEN, AND EVEN IF BLACKBERRY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, BLACKBERRY SHALL HAVE NO OTHER OBLIGATION, DUTY, OR LIABILITY WHATSOEVER IN CONTRACT, TORT, OR OTHERWISE TO YOU INCLUDING ANY LIABILITY FOR NEGLIGENCE OR STRICT LIABILITY.

THE LIMITATIONS, EXCLUSIONS, AND DISCLAIMERS HEREIN SHALL APPLY: (A) IRRESPECTIVE OF THE NATURE OF THE CAUSE OF ACTION, DEMAND, OR ACTION BY YOU INCLUDING BUT NOT LIMITED TO BREACH OF CONTRACT, NEGLIGENCE, TORT, STRICT LIABILITY OR ANY OTHER LEGAL THEORY AND SHALL SURVIVE A FUNDAMENTAL BREACH OR BREACHES OR THE FAILURE OF THE ESSENTIAL PURPOSE OF THIS AGREEMENT OR OF ANY REMEDY CONTAINED HEREIN; AND (B) TO BLACKBERRY AND ITS AFFILIATED COMPANIES, THEIR SUCCESSORS, ASSIGNS, AGENTS, SUPPLIERS (INCLUDING AIRTIME SERVICE PROVIDERS), AUTHORIZED BLACKBERRY DISTRIBUTORS (ALSO INCLUDING AIRTIME SERVICE PROVIDERS) AND THEIR RESPECTIVE DIRECTORS, EMPLOYEES, AND INDEPENDENT CONTRACTORS. IN ADDITION TO THE LIMITATIONS AND EXCLUSIONS SET OUT ABOVE, IN NO EVENT SHALL ANY DIRECTOR, EMPLOYEE, AGENT, DISTRIBUTOR, SUPPLIER, INDEPENDENT CONTRACTOR OF BLACKBERRY OR ANY AFFILIATES OF BLACKBERRY HAVE ANY LIABILITY ARISING FROM OR RELATED TO THE DOCUMENTATION.
Prior to subscribing for, installing, or using any Third Party Products and Services, it is your responsibility to ensure that your airtime service provider has agreed to support all of their features. Some airtime service providers might not offer Internet browsing functionality with a subscription to the BlackBerry® Internet Service. Check with your service provider for availability, roaming arrangements, service plans, and features. Installation or use of Third Party Products and Services with BlackBerry’s products and services may require one or more patents, trademarks, copyright, or other licenses in order to avoid infringement or violation of third-party rights. You are solely responsible for determining whether to use Third Party Products and Services and if any third-party licenses are required to do so. If required you are responsible for acquiring them. You should not install or use Third Party Products and Services until all necessary licenses have been acquired. Any Third Party Products and Services that are provided with BlackBerry’s products and services are provided as a convenience to you and are provided “AS IS” with no express or implied conditions, endorsements, guarantees, representations, or warranties of any kind by BlackBerry and BlackBerry assumes no liability whatsoever, in relation thereto. Your use of Third Party Products and Services shall be governed by and subject to you agreeing to the terms of separate licenses and other agreements applicable thereto with third parties, except to the extent expressly covered by a license or other agreement with BlackBerry. The terms of use of any BlackBerry product or service are set out in a separate license or other agreement with BlackBerry applicable thereto. NOTHING IN THIS DOCUMENTATION IS INTENDED TO SUPERSEDE ANY EXPRESS WRITTEN AGREEMENTS OR WARRANTIES PROVIDED BY BLACKBERRY FOR PORTIONS OF ANY BLACKBERRY PRODUCT OR SERVICE OTHER THAN THIS DOCUMENTATION. BlackBerry Enterprise Software incorporates certain third-party software. The license and copyright information associated with this software is available at http://worldwide.blackberry.com/legal/thirdpartysoftware.jsp.
BlackBerry Limited
2200 University Avenue East
Waterloo, Ontario
Canada N2K 0A7
BlackBerry UK Limited
Ground Floor, The Pearce Building, West Street,
Maidenhead, Berkshire SL6 1RL
United Kingdom
Published in Canada

References

• Website Domain Names, Online Stores & Hosting | Domain.com
• BlackBerry Public Knowledge Base
• support.blackberry.com/community
• BlackBerry Public Knowledge Base
• Microsoft Learn: Build skills that open doors in your career
• BlackBerry – Intelligent Security. Everywhere.
• login.microsoftonline.com/common/.well-known/openid-configuration
• login.windows.net/common/.well-known/openid-configuration
• Sign in to Outlook

Read User Manual Online (PDF format)

Download This Manual (PDF format)

Download this manual  >>