How to activate a BlackBerry on a BES

By IsaacKendall on 27 Sep 2011 02:13 pm EDT

Exploring the ways to activate your BlackBerry on a BES

Enterprise Activation - Complete

Back when the new BB7 devices launched I wrote an article about the Enterprise Activation application compatibility issues with OS7. The article stirred up quite a bit of controversy and some really "interesting" comments, some of which told me that there is a need for some clarification on the different methods of activating a BlackBerry on a BlackBerry Enterprise Server (BES).

So let's look at the many options for activating on a BES and what actually occurs duing this mysterious Enterprise Activation. Are you sitting comfortably? Than we'll begin.

Activating your BlackBerry on a BES

Wired Activation

This is the old school way to activate a BlackBerry on a BES. Prior to version 4.0 this was the only way to activate. In order to activate a BlackBerry via the USB cable you will need your BlackBerry connected and either BlackBerry Desktop Software (DM) or BlackBerry Web Desktop Manager (WDM). If you're unfamiliar with WDM, it was introduced with BES 5.0 and it allows you to do many of the housekeeping parts of the standard DM but without the need of installing any software. WDM won't allow you to reload an OS but you can provision a new BlackBerry on the BES yourself and even initiate a device wipe.

The downside to WDM is that it requires a LAN connection to the BES. This means you must be either local behind the corporate firewall or have VPN access. This is generally not a problem for standard corporate users but for users like myself who are on a hosted Exchange BES solution, we get VPN access. To use WDM you will be given a local internal IP from the IT department which you plug into your web browser from inside the corporate firewall and login with you standard active directory credentials.

Web DM screenshot

Standard DM offers you the option to connect from outside the corporate firewall using Remote Procedure Call over HTTPS. OK for those who don't have an MCSC, RPC over HTTPS is just a secure MAPI connection from your PC  to the exchange server without the need of a dedicated VPN connection. This is useful to reduce bandwidth on a company with many remote users. Instead of a constant data connection via VPN you can operate Outlook in a cached mode and periodically query the exchange server for data requests. Translation more users can efficiently access the mail server remotely.

If you have your Outlook configured for RPC of HTTPS the BlackBerry DM software will use the same connection to allow your BlackBerry connect to the BES and allow for a cable activation. At this point one may want to ask why would a cable connection be required?

Why not just wireless activate? Imagine you lost your BlackBerry while traveling. Your carrier sends you a new device to your hotel and now you want to activate on the BES. If this happened overseas that would be a serious roaming bill. My carrier, Rogers charges $30/mb for data roaming - I find that option to be unacceptable. So the cable activation is quite necessary here. What if you are in a 2G only coverage area? If you're on AT&T that is a real possibility and that could take quite some time depending on the size of your information store.

Desktop Manager


Wireless Activation

As mentioned previously, wireless activation was introduced back with BES 4.0 and what a welcome addition this was! Imagine not having to live tethered to a USB cable for provisioning your BlackBerry. I've also been in corporate environments where it's been necessary to activate 50 to 100 devices at the same time, the USB option is simply unrealistic for this.

Although data usage applies, most would agree that this is the preferred activation method. When RIM first introduced the BES Express last year carriers were blocking the ability to do a wireless activation if you didn't subscribe to the higher cost BES data plans. Thankfully RIM decided to end that madness and introduced the Enterprise Activation App back in March.

But some may ask, if you don't have a secure connection the BES how does this mysterious type of activation happen? Great question! Let's look at how it happens.

The very first step is to obtain an Enterprise Activation password from your BES Admin.

Next step is to access the Enterprise Activation screen.

  • OS 4.0 and 5.0 under Options, Advanced Options
  • OS 6.0+ using Universal Search type "Enterprise Activation" and tap on the wrench
  • If you don't have a BES data plan download the Enterprise Activation App from App World and tap on it from the home screen

Next is to enter your corporate email address and assigned password in the appropriate fields. Click "Activate"

EA Screen

The next process happens behind the scenes. Your BlackBerry will simply send an email to the address you typed. It will be a very bizzare looking email which will mean nothing except to the BES.

Network EPT.dat

As long as the password your BES admin provided you was correctly entered into the activation screen you will quickly see the activation process begin to unfold. 

Activation in Progress 1

The BlackBerry and the BES will exchange a common key that each will hold for data encryption and decryption. Once the email is setup all the services will begin downloading.

Activation Process 2

At this point you can sit back and relax, the BlackBerry will do all the work from here out. If you are activating as a brand new BES user the process will be very quick as you have little or no data to populate. If you are an existing BES user it could take some time, especially for databases like Phone Call Logs and Address Book.

Well that in a nutshell is how a BlackBerry Activates on a BES. In an article in the near future I'll share a couple of fun hacks that can be done with the Enterprise Activation screen. 

Reader comments

How to activate a BlackBerry on a BES


The address book takes forever in wireless activation. Wonder what the bottleneck is in getting the data since I have done wireless activation numerous times, even in the middle of the night when the BES is not being actively used, and it still takes forever for the address book to download (everything else is slow as well, but isn't that large so not as noticeable). I watch the network activity indicators during wireless activation and data doesn't just flow constantly - it stops and starts and comes in small bits and pieces. Any ideas why?

When you have odd character symbols in your address book you run the risk of it not completing correctly or completely. This may have been fixed in later releases as I haven't seen the issue come up for a while now. But a while ago, it was the bane of my existence... most of the time it's painless and fast. ~5 minutes to complete an activation wirelessly for new users. A little longer for existing users with bigger address books and messages (although how many messages to back-fill is a setting you can configure).

How do you configure how many messages to back-fill? Is this a setting on the phone or in the BES software? Is this something that I need to talk to my IT department about?

It's in your BES server software.
Tell your IT Dept to change the setting under;
Server and Components (BES 5)
Blackberry Domain - Server View - Blackberry Enterprise Server - *_EMAIL
Messaging tab
Prepopulation by message count, or # of Days, send headers or full message

I should already know the answer to this, but I feel I'm missing something. I'm a BES admin. I use wireless activation to set up devices for all my users. Does a wired activation go faster? Can I use a wired activation to set up someone else's device? Or does using desktop manager just allow you to activate a device for the account that's signed in to the manager?

With the device connected, go into the BES Admin Service Webpage (https://yourserver.domain/webconsole/login) you can then click on the "Attached Devices" area on the left, choose "Manage Device" and "Assign" the device to a user (any user).

I don't know if it's faster but you don't have to worry about a low wireless signal.


Of the hundreds of BlackBerry devices I've activated, I never perform a wired activation. By doing it OTA, I guarantee that the wireless provider has setup the account properly, as well as give it a good stress test. Always had perfect results, as long as AT&T remembers to put the MTN on a corporate data plan ($45) rather than a personal data plan ($30). That happens all the time.

hi great write up i did learn a lot from this and wanted to get into BES more

one thing though, actually you could always do wireless activation on a BES Express although they locked it to not to Over-The-Air on the software package, you can still fool the phone as all devices need to have all functionality, but when you add the appropriate data bolt on with your carrier (BIS, BES X, BES) it tells the phone what options it wants and what it doesnt.

step 1 - turn the radio off (manage connections and untick all boxes)
this means it cant get the package info from your carrier when you activate

step 2 - security wipe (options, advanced options, security wipe, enter 'blackberry' to confirm)
this will now revert your phone to how it came off the production line and it will have the option for wireless activation still preloaded in the options and it will still recognise it as it cannot contact your carrier or RIM

step 3 - after it has rebooted make sure radio is still off and none of your connections are on

step 4 - go to options, advanced options, wireless activation and enter in the details of your email and the activation password from your bes x admin console and press enter

it will now go "radio is not on, you must activate for wireless activation" select yes boom it will start activating.

then it will also activate with your carrier after already activating on your BES so none the wiser and you have managed to wirelessly activate your phone still :)

RIM Platinum Partner : o2 Data Centre of Excellence

Business Communications Solution Provider
part of Mobile Telecoms Tech Team

Thank you so much for the nice guide.

But I have the problem, that i tried to activate via Cable and wireless. Nothing is working.
The Mail has been sent with the .dat file and than nothing happens. A few Minutes later an Error Message appears, where I'm able to retry it or to cancel it.

Anybody an solution?
The BlackBerry had an BIS Solution and now an BES on the Simcard. Same User.
Perhaps I should erase the device? In that case, can I make an backup, erase the device, activate the device and load the backup again on it?

Thank you for your help

Regards from Austria!


We had huge problems with our provider, Vodafone, not creating a tarriff that is specific to our organisation. We ended up with devices constantly being dual provisioned, effectively trying to talk to the BES and BIS infrastructures at the same time. This orevents the device from activating or if already activated and becomes dual provisioned can cause all manner of authentication issues and email delivery problems. A quick call to the provider to find out if that specific connection is Enterprise only will help here. If it is dual within five minutes of making the request it should activate fine.

Has anyone experienced any problems with this since the outage last week?
I have a Bold 9930 on Verizon, which quit getting e-mails last week. numerous battery pulls later, I still haven't been able to get work e-mail. IT dept doesn't seem to be able to help yet.