Welcome to the CrackBerry Forums Create Your Account or Ask a Question Answers in 5 minutes - no registration required!
Page 1 of 2 12 LastLast
Results 1 to 25 of 46
Like Tree1Likes
  1. Doreen Hacker's Avatar
    CrackBerry User

    Posts
    68 Posts
    Thread AuthorThread Author   #1  

    Default "Connection status failed" for APN Certificate

    Hello,

    I have BES 10.2 installed and want to use UDS for Apple Devices as well. But I get no connection to APN Certificate.
    "Connection status failed" for APN Certificate-apn.png

    The certificate is implemented at BES server.

    What can I check?
  2. Sith_Apprentice's Avatar
    Mod Team Emeritus

    Posts
    10,164 Posts
    Global Posts
    10,167 Global Posts
    PIN
    Changes way too often
    #2  
    ~S_A
    All views and opinions here are my own, and do not represent any views, opinions, or official communications either actual or implied of my employer.
  3. Doreen Hacker's Avatar
    CrackBerry User

    Posts
    68 Posts
    Thread AuthorThread Author   #3  

    Default

    It seems to be connection problem. The certificate is in right structure and the rights also correct. telnet for de.bbsecure.com failed.

    From which component I have to reach this address - BES or BBRouter?
  4. playsomekiss's Avatar
    CrackBerry User

    Posts
    90 Posts
    #4  
    Sith_Apprentice likes this.
  5. Doreen Hacker's Avatar
    CrackBerry User

    Posts
    68 Posts
    Thread AuthorThread Author   #5  

    Default

    Thanks for this overview. But the missing part for me is which component is the source? Is it the BES in LAN with restrictet internet usability or the BB router at dmz with firewalls between internet. This a two components where I can make configurations for access this addresses
  6. Doreen Hacker's Avatar
    CrackBerry User

    Posts
    68 Posts
    Thread AuthorThread Author   #6  

    Default

    I checked the rules in our company. The BES server can reach the addresses across a proxy. The BB router has the firewall rules specified like this.
    "Connection status failed" for APN Certificate-fw1.png
    "Connection status failed" for APN Certificate-fw2.png
  7. playsomekiss's Avatar
    CrackBerry User

    Posts
    90 Posts
    #7  

    Default

    So with the proxy in place do you have the proxy file uploaded and set up on the UDS Server?
  8. Doreen Hacker's Avatar
    CrackBerry User

    Posts
    68 Posts
    Thread AuthorThread Author   #8  

    Default

    I don't know what you mean with proxy file upload but I have set the configuration for the proxy on uds - with serveradress, port, username and password.
  9. playsomekiss's Avatar
    CrackBerry User

    Posts
    90 Posts
    #9  

    Default

    Have you tested with proxy disabled?

    Forget about proxy file, that was s mistake, I meant proxy setting in uds.

    Posted via CB10
  10. Doreen Hacker's Avatar
    CrackBerry User

    Posts
    68 Posts
    Thread AuthorThread Author   #10  

    Default

    I can not disable the proxy - its the company proxy.
  11. playsomekiss's Avatar
    CrackBerry User

    Posts
    90 Posts
    #11  

    Default

    Proxy on UDS, what happens when you turn it off?
  12. Doreen Hacker's Avatar
    CrackBerry User

    Posts
    68 Posts
    Thread AuthorThread Author   #12  

    Default

    Oh ok
    Unfortunately the connection status is still "failed".
  13. playsomekiss's Avatar
    CrackBerry User

    Posts
    90 Posts
    #13  

    Default

    Have you seen this KB article in reference to using a router with BES10 in the DMZ?

    KB29748-Configuring the BlackBerry Device Service to connect to an existing BlackBerry Router
  14. Doreen Hacker's Avatar
    CrackBerry User

    Posts
    68 Posts
    Thread AuthorThread Author   #14  

    Default

    I think the configuration looks good:
    "Connection status failed" for APN Certificate-unbenannt1.png
  15. playsomekiss's Avatar
    CrackBerry User

    Posts
    90 Posts
    #15  

    Default

    That's the BDS console, go to UDS console, under settings, left hand side "proxy"...select "HTTP or HTTPS Proxy, unchecked "Enable proxy"
    Test again.
    If this isn't set up correctly when you are using Proxy connecting to APN will fail.

    Posted via CB10
  16. Doreen Hacker's Avatar
    CrackBerry User

    Posts
    68 Posts
    Thread AuthorThread Author   #16  

    Default

    In the link you wrote there is the BB administration service used. ;-)
    Proxy in UDS was enabled - did not run. I turned it off (see your post from 05-23) - did not run.
    Last edited by Doreen Hacker; 06-03-2014 at 07:33 AM.
  17. playsomekiss's Avatar
    CrackBerry User

    Posts
    90 Posts
    #17  

    Default

    If you cannot telnet from the BES Server to any of these ports below, then you have connectivity issues that are preventing the APN cert from successful connection

    Open CMD Prompt on BES server and run the below commands...
    telnet blackberry.net 3101
    telnet blackberry.com 3101
    telnet bbsecure.com 3101
    telnet blackberry.com 443
    telnet bbsecure.com 443
    telnet blackberry.com 80

    Telnet to the below as well from the Blackberry Server...substitute us below for your country code ...ex: de.bbsecure.com

    Enhanced Licensing Management 443 HTTPS license.blackberry.com 68.171.242.252
    UDS Core Components 443 HTTPS us.swsmanager.bbsecure.com 216.9.242.246
    UDS Core Components 443 HTTPS us.swstps.bbsecure.com 216.9.242.247
    UDS Console 443 HTTPS bss.blackberry.com 68.171.232.36*
    BlackBerry Dispatcher/Router 3101 TCP (Outbound) us.srp.blackberry.com Refer to KB03735 for region specific IP addresses**
    BlackBerry World for Work 80 HTTP appworld.blackberry.com
    BlackBerry Enrollment 443 HTTPS discoveryservice.blackberry.com 68.171.232.35
  18. Doreen Hacker's Avatar
    CrackBerry User

    Posts
    68 Posts
    Thread AuthorThread Author   #18  

    Default

    Telnet does not run because internet connection goes over proxy.
    My colleague from network sniffed it and the addresses - opend via IE - are not blocked at the proxy.
    So what can I still check?
  19. playsomekiss's Avatar
    CrackBerry User

    Posts
    90 Posts
    #19  

    Default

    Time to contact support. They can better help you to resolve by looking into your BES logs. If you check the CORE logs you may be able to see that IP address is being blocked by the proxy.
  20. Doreen Hacker's Avatar
    CrackBerry User

    Posts
    68 Posts
    Thread AuthorThread Author   #20  

    Default

    Unfortunately we have no BB support and our partner is a little bit overloaded with all request for this issue.

    In the log there are warn and error message.

    Level,Date,Thread,Duration,CID,Message,Exception
    DEBUG,"2014-06-03 00:00:57,899",37,0,"785537c2-f8ed-4c52-af6e-a73089c8e1c0","Started: PUT https://srv14v109.ad.int.kkh.de:9081/dm/tenant/2/device/schedule",
    DEBUG,"2014-06-03 00:00:57,903",37,4,"785537c2-f8ed-4c52-af6e-a73089c8e1c0","Completed: 204 - PUT https://srv14v109.ad.int.kkh.de:9081/dm/tenant/2/device/schedule",
    DEBUG,"2014-06-03 00:00:58,302",18,0,"cd64c8a6-dbde-40b4-a320-5cad10832d89","Started: PUT https://srv14v109.ad.int.kkh.de:9081/dm/tenant/2/device/eassync",
    WARN,"2014-06-03 00:00:58,306",18,0,"cd64c8a6-dbde-40b4-a320-5cad10832d89","Stop processing Eas sync request. Exchange Active sync configuration isn't set up.",

    DEBUG,"2014-06-03 00:30:19,883",29,0,"1ab82e01-12c6-48a6-a7b5-2a7ad51c10ae","Started: PUT https://srv14v109.ad.int.kkh.de:9081/dm/tenant/2/key/directory.ad.command.usersync.performed",
    DEBUG,"2014-06-03 00:30:19,888",29,0,"1ab82e01-12c6-48a6-a7b5-2a7ad51c10ae","Updated Domain ",
    DEBUG,"2014-06-03 00:30:19,893",29,11,"1ab82e01-12c6-48a6-a7b5-2a7ad51c10ae","Completed: 204 - PUT https://srv14v109.ad.int.kkh.de:9081/dm/tenant/2/key/directory.ad.command.usersync.performed",
    ERROR,"2014-06-03 00:30:22,001",34,0,"c2cbb2d8-6549-4831-8f73-a680b4335d0f","Object reference not set to an instance of an object.",
    ,Type: System.NullReferenceException
    ,Message: Object reference not set to an instance of an object.
    ,Source: RIM.BUDS.Framework
    ,TargetSite: "RIM.BUDS.Framework.OperationResult InvokeOperation(System.Object, System.Reflection.MethodInfo, System.Object[])"
    ,StackTrace: at RIM.BUDS.Core.EntityHandlers.TenantHandler.SyncDev icesMetadata(Int32 tenantId) in c:\ec_build\1366222\BUDSServer\source\enterprise\B UDS\Server\Sources\RIM.BUDS.Core\EntityHandlers\Te nantHandler.cs:line 616
    , at RIM.BUDS.Framework.OperationInvoker.InvokeOperatio n(Object handler, MethodInfo operation, Object[] parameters) in c:\ec_build\1366222\BUDSServer\source\enterprise\B UDS\Server\Sources\RIM.BUDS.Framework\OperationInv oker.cs:line 38
    , at RIM.BUDS.Framework.DefaultHttpHandler.InvokeReques tHandler(RequestContext context, Object handler, MethodInfo operation, Object[] parameters) in c:\ec_build\1366222\BUDSServer\source\enterprise\B UDS\Server\Sources\RIM.BUDS.Framework\DefaultHttpH andler.cs:line 501
    , at RIM.BUDS.Framework.DefaultHttpHandler.ProcessReque st(RequestContext requestContext, MethodInfo operation) in c:\ec_build\1366222\BUDSServer\source\enterprise\B UDS\Server\Sources\RIM.BUDS.Framework\DefaultHttpH andler.cs:line 122
    , at System.Web.HttpApplication.CallHandlerExecutionSte p.System.Web.HttpApplication.IExecutionStep.Execut e()
    , at System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean& completedSynchronously)

    DEBUG,"2014-06-03 16:31:01,747",57,4,"82f257df-01f3-4db8-a51d-41bb5514402e","Completed: 200 - GET https://srv14v109.ad.int.kkh.de:9081/dm/tenant/2/device/infringe",
    "DEBUG,""2014-06-03 16:31:03,506"",26,0,""a1408ad7-7830-4a97-a6cd-0ca926b5b0c8"",""Started: PUT https://srv14v109.ad.int.kkh.de:9081...nt/2/test/apns User-agent: Apache-HttpClient/4.2.5 (java 1.5)"","
    INFO,"2014-06-03 16:31:03,695",26,0,"a1408ad7-7830-4a97-a6cd-0ca926b5b0c8","Certificate with key '7cfc256e4c33e5dba336fcc02a885716d5addb04' is loaded successfully",
    WARN,"2014-06-03 16:31:04,292",26,0,"a1408ad7-7830-4a97-a6cd-0ca926b5b0c8","APNS test error: RIM.BUDS.ApnsGateway.ApnsConnectionException: APNs Connection Open error ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
    at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.ForceAuthentication(B oolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.ProcessAuthentication (LazyAsyncResult lazyResult)
    at RIM.BUDS.ApnsGateway.ApnsConnection.Open() in c:\ec_build\1366222\BUDSServer\source\enterprise\B UDS\Server\Sources\RIM.BUDS.ApnsGateway\ApnsConnec tion.cs:line 220
    --- End of inner exception stack trace ---
    at RIM.BUDS.ApnsGateway.ApnsConnection.Open() in c:\ec_build\1366222\BUDSServer\source\enterprise\B UDS\Server\Sources\RIM.BUDS.ApnsGateway\ApnsConnec tion.cs:line 234
    at RIM.BUDS.ApnsGateway.ApnsConnection.Test() in c:\ec_build\1366222\BUDSServer\source\enterprise\B UDS\Server\Sources\RIM.BUDS.ApnsGateway\ApnsConnec tion.cs:line 119",


    Is there something to configure for Active Sync? All our users have it active on their exchange accounts and in uds the SMTP server is configured.
    Work Space is enabled and tested succesfully.
    Secure connect service is with failure.
    "Connection status failed" for APN Certificate-secureconnectservicefailure.png
    Last edited by Doreen Hacker; 06-04-2014 at 04:17 AM.
  21. Doreen Hacker's Avatar
    CrackBerry User

    Posts
    68 Posts
    Thread AuthorThread Author   #22  

    Default

    Hi thanks for your google search

    The failures from the first link are exactly the same we have. Web team will check the address
    I do configuration from link 2, but cannot save the last point - so I ask the author for reason.
    Link 3 I will check if server connectivity will run.

    regards
    Last edited by Doreen Hacker; 06-05-2014 at 12:06 PM.
  22. Doreen Hacker's Avatar
    CrackBerry User

    Posts
    68 Posts
    Thread AuthorThread Author   #23  

    Default

    So, the connection is running and APN certificate is successfull cennected. I had to made the change with BB Admin.
    I want to activate an iPhone but get an error downloading certificate via https://de.bbsecure.com/<srpid>/ca.
    The certificate looks not good - the issuer is not found.

    How can I delete this APN from USD an create new certificate (I unfortunately forgot the password for .pfx file to reimport it).

    If I click "Renew certificate" I got a system error.
  23. Doreen Hacker's Avatar
    CrackBerry User

    Posts
    68 Posts
    Thread AuthorThread Author   #24  

    Default

    Happy me - I tested several passwords and found the right one to reimport the APN pfx File to personal certifcate store on UDS.
    Now I have the problem that the certification path is with failure - there is the directory given where I saved the pfx file. What should there be to run correctly? How can I change it?
    &quot;Connection status failed&quot; for APN Certificate-certificate.png
  24. playsomekiss's Avatar
    CrackBerry User

    Posts
    90 Posts
    #25  

    Default

    Did you do these steps?
    http://btsc.webapps.blackberry.com/b...ListHelperImpl


    Posted via CB10
Page 1 of 2 12 LastLast

Similar Threads

  1. Official CB10 App for BB10 Feature Request Thread
    By khehl in forum CrackBerry Apps
    Replies: 48
    Last Post: 10-22-2014, 04:02 PM
  2. My hopes for the Windermere
    By ummie4 in forum BlackBerry Concepts & Dream Devices
    Replies: 45
    Last Post: 06-18-2014, 08:22 PM
  3. Replies: 5
    Last Post: 05-15-2014, 05:48 AM

Posting Permissions