Blackberry Provisioning process

Published on
10,727 Points
5 Endorsements
Last Modified:
Community Pick
When a user’s mailbox is first created and his Blackberry account enabled how do we provision the device and what happens in the background?

Stage 1 – Activation

The user of the BlackBerry device types the email address and activation password in the Enterprise Activation application on the BlackBerry device.
The BlackBerry device creates an encrypted activation message containing an ETP.DAT file and sends it using the wireless network to the user's mailbox.
The ETP.DAT message contains information about the BlackBerry device such as routing information and the device’s activation public keys.
The ETP.DAT message is routed through the BlackBerry® Infrastructure to the users mailbox as a standard message with an attachment.
When the ETP.DAT message is sent, the BlackBerry device displays a status of Activating.

Stage 2 - Encryption verification

When the ETP.DAT message arrives at the messaging server, the BlackBerry Messaging Agent checks the message contents.
The BlackBerry Enterprise Server processes the data attached to the message, first verifying that the encrypted password matches the one set for the BlackBerry device user. If it matches, the BlackBerry Messaging Agent generates a new permanent encryption key using either Triple Data Encryption Standard (Triple DES) or Advanced Encryption Standard (AES) and sends it to the BlackBerry device. The BlackBerry device displays a status of Verifying Encryption.

Stage 3 - Receiving services

The BlackBerry Enterprise Server and the BlackBerry device establish a master encryption key. The BlackBerry device and the BlackBerry Enterprise Server verify their knowledge of the master key to each other.
The BlackBerry device implements the new encryption key and displays the following message: Encryption Verified. Waiting for Services.
The BlackBerry Messaging Agent forwards a request to the BlackBerry Policy Service to generate service books. The BlackBerry Policy Service receives and queues the request, and then sends out an IT policy update to the BlackBerry device.
The BlackBerry device registers that the policy is applied successfully.
The BlackBerry Policy Service generates and sends the service books to the BlackBerry device, which is now able to send messages and displays the Services Received status. The BlackBerry device then displays the following message: Your email address, <user@domain.com> is now enabled. Synchronization service Desktop [S<SRP_Identifier>]

Stage 4 - Slow synchronization

Once the [CMIME] service book has arrived, the BlackBerry device will be able to reconcile messages with the device user's email account. You can configure reconciliation as required. All the service books should arrive at the same time, but only the [CMIME] is required for email reconciliation.
The BlackBerry device registers the receipt of its service books to the BlackBerry Enterprise Server and the activation process completes. The message Activation Complete is shown.
The slow synchronization process begins with a BlackBerry device request, synchronizing data from the calendar first (using the [CICAL] service book) and then the other organizer databases with the BlackBerry device.

For wireless synchronization to occur, the Desktop [SYNC] service book is sent to the BlackBerry device. The [SYNC] service book allows for organizer data synchronization, wireless backup and restores capability, and synchronization of email settings and filters. The process is managed by the BlackBerry Messaging Agent for the Calendar, and the BlackBerry Synchronization Service for the remaining organizer databases.

The appropriate service books and IT policies are sent from the BlackBerry Enterprise Server to the BlackBerry device. The BlackBerry device user is now able to send and receive email messages on the BlackBerry device.

If the BlackBerry device user is configured for wireless organizer data synchronization and wireless backup, the BlackBerry Enterprise Server will send the following data to the BlackBerry device:
Calendar entries
Address Book entries
Email messages
Existing BlackBerry device options that were backed up through automatic wireless backup
When the enterprise activation process is complete, the BlackBerry device displays a status of Activation Complete.

Role of the ETP.DAT message in the enterprise activation process

Once the BlackBerry device user selects Activate in the Enterprise Activation application on the BlackBerry device, the following actions occur:

The ETP.DAT message is sent to the BlackBerry Infrastructure, which forwards it to the email address that was typed in the Enterprise Activation application.
The BlackBerry Enterprise Server, which monitors the BlackBerry device user’s mailbox, picks up the ETP.DAT message. The activation process begins.
The BlackBerry Enterprise Server sends the acknowledgement and encryption information to the BlackBerry device.
The IT policy is sent to the BlackBerry device. Once the BlackBerry Enterprise Server verifies that the policy has been applied successfully, it sends the required service books to the BlackBerry device.
When the BlackBerry Enterprise Server has sent all the required information to the BlackBerry device, the following message is displayed: Your email address “<user@domain.com>” is now enabled
The slow synchronization process begins


1. If we have Multiple Blackberry server then each BB server's connect to Exchange server Via MAPI , using Blackberry service account
2. Blackberry server creates several MAPI threads to connect to exchange server to get any update for the mailbox
3. The Messaging agent scan user mailboxes on an interval and the moment it finds new mail it triggers an event and BES initiates the mail sync task
Author:Firoj Khan
Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.
Get 7 days free