07-09-14 07:57 AM
46 12
  1. Doreen Hacker's Avatar

    I have BES 10.2 installed and want to use UDS for Apple Devices as well. But I get no connection to APN Certificate.
    "Connection status failed" for APN Certificate-apn.png

    The certificate is implemented at BES server.

    What can I check?
    05-14-14 09:04 AM
  2. Sith_Apprentice's Avatar
    05-14-14 11:54 AM
  3. Doreen Hacker's Avatar
    It seems to be connection problem. The certificate is in right structure and the rights also correct. telnet for de.bbsecure.com failed.

    From which component I have to reach this address - BES or BBRouter?
    05-15-14 02:10 AM
  4. playsomekiss's Avatar
    05-15-14 06:04 PM
  5. Doreen Hacker's Avatar
    Thanks for this overview. But the missing part for me is which component is the source? Is it the BES in LAN with restrictet internet usability or the BB router at dmz with firewalls between internet. This a two components where I can make configurations for access this addresses
    05-21-14 07:10 AM
  6. Doreen Hacker's Avatar
    I checked the rules in our company. The BES server can reach the addresses across a proxy. The BB router has the firewall rules specified like this.
    "Connection status failed" for APN Certificate-fw1.png
    "Connection status failed" for APN Certificate-fw2.png
    05-22-14 07:54 AM
  7. playsomekiss's Avatar
    So with the proxy in place do you have the proxy file uploaded and set up on the UDS Server?
    05-22-14 08:16 AM
  8. Doreen Hacker's Avatar
    I don't know what you mean with proxy file upload but I have set the configuration for the proxy on uds - with serveradress, port, username and password.
    05-22-14 09:11 AM
  9. playsomekiss's Avatar
    Have you tested with proxy disabled?

    Forget about proxy file, that was s mistake, I meant proxy setting in uds.

    Posted via CB10
    05-23-14 06:02 AM
  10. Doreen Hacker's Avatar
    I can not disable the proxy - its the company proxy.
    05-23-14 06:12 AM
  11. playsomekiss's Avatar
    Proxy on UDS, what happens when you turn it off?
    05-23-14 08:20 AM
  12. Doreen Hacker's Avatar
    Oh ok
    Unfortunately the connection status is still "failed".
    05-23-14 08:46 AM
  13. playsomekiss's Avatar
    Have you seen this KB article in reference to using a router with BES10 in the DMZ?

    KB29748-Configuring the BlackBerry Device Service to connect to an existing BlackBerry Router
    05-23-14 09:41 AM
  14. Doreen Hacker's Avatar
    I think the configuration looks good:
    "Connection status failed" for APN Certificate-unbenannt1.png
    05-28-14 03:58 AM
  15. playsomekiss's Avatar
    That's the BDS console, go to UDS console, under settings, left hand side "proxy"...select "HTTP or HTTPS Proxy, unchecked "Enable proxy"
    Test again.
    If this isn't set up correctly when you are using Proxy connecting to APN will fail.

    Posted via CB10
    05-28-14 02:55 PM
  16. Doreen Hacker's Avatar
    In the link you wrote there is the BB administration service used. ;-)
    Proxy in UDS was enabled - did not run. I turned it off (see your post from 05-23) - did not run.
    Last edited by Doreen Hacker; 06-03-14 at 06:33 AM.
    06-02-14 02:01 AM
  17. playsomekiss's Avatar
    If you cannot telnet from the BES Server to any of these ports below, then you have connectivity issues that are preventing the APN cert from successful connection

    Open CMD Prompt on BES server and run the below commands...
    telnet blackberry.net 3101
    telnet blackberry.com 3101
    telnet bbsecure.com 3101
    telnet blackberry.com 443
    telnet bbsecure.com 443
    telnet blackberry.com 80

    Telnet to the below as well from the Blackberry Server...substitute us below for your country code ...ex: de.bbsecure.com

    Enhanced Licensing Management 443 HTTPS license.blackberry.com
    UDS Core Components 443 HTTPS us.swsmanager.bbsecure.com
    UDS Core Components 443 HTTPS us.swstps.bbsecure.com
    UDS Console 443 HTTPS bss.blackberry.com*
    BlackBerry Dispatcher/Router 3101 TCP (Outbound) us.srp.blackberry.com Refer to KB03735 for region specific IP addresses**
    BlackBerry World for Work 80 HTTP appworld.blackberry.com
    BlackBerry Enrollment 443 HTTPS discoveryservice.blackberry.com
    06-02-14 12:19 PM
  18. Doreen Hacker's Avatar
    Telnet does not run because internet connection goes over proxy.
    My colleague from network sniffed it and the addresses - opend via IE - are not blocked at the proxy.
    So what can I still check?
    06-03-14 09:32 AM
  19. playsomekiss's Avatar
    Time to contact support. They can better help you to resolve by looking into your BES logs. If you check the CORE logs you may be able to see that IP address is being blocked by the proxy.
    06-03-14 12:08 PM
  20. Doreen Hacker's Avatar
    Unfortunately we have no BB support and our partner is a little bit overloaded with all request for this issue.

    In the log there are warn and error message.

    DEBUG,"2014-06-03 00:00:57,899",37,0,"785537c2-f8ed-4c52-af6e-a73089c8e1c0","Started: PUT https://srv14v109.ad.int.kkh.de:9081/dm/tenant/2/device/schedule",
    DEBUG,"2014-06-03 00:00:57,903",37,4,"785537c2-f8ed-4c52-af6e-a73089c8e1c0","Completed: 204 - PUT https://srv14v109.ad.int.kkh.de:9081/dm/tenant/2/device/schedule",
    DEBUG,"2014-06-03 00:00:58,302",18,0,"cd64c8a6-dbde-40b4-a320-5cad10832d89","Started: PUT https://srv14v109.ad.int.kkh.de:9081/dm/tenant/2/device/eassync",
    WARN,"2014-06-03 00:00:58,306",18,0,"cd64c8a6-dbde-40b4-a320-5cad10832d89","Stop processing Eas sync request. Exchange Active sync configuration isn't set up.",

    DEBUG,"2014-06-03 00:30:19,883",29,0,"1ab82e01-12c6-48a6-a7b5-2a7ad51c10ae","Started: PUT https://srv14v109.ad.int.kkh.de:9081/dm/tenant/2/key/directory.ad.command.usersync.performed",
    DEBUG,"2014-06-03 00:30:19,888",29,0,"1ab82e01-12c6-48a6-a7b5-2a7ad51c10ae","Updated Domain ",
    DEBUG,"2014-06-03 00:30:19,893",29,11,"1ab82e01-12c6-48a6-a7b5-2a7ad51c10ae","Completed: 204 - PUT https://srv14v109.ad.int.kkh.de:9081/dm/tenant/2/key/directory.ad.command.usersync.performed",
    ERROR,"2014-06-03 00:30:22,001",34,0,"c2cbb2d8-6549-4831-8f73-a680b4335d0f","Object reference not set to an instance of an object.",
    ,Type: System.NullReferenceException
    ,Message: Object reference not set to an instance of an object.
    ,Source: RIM.BUDS.Framework
    ,TargetSite: "RIM.BUDS.Framework.OperationResult InvokeOperation(System.Object, System.Reflection.MethodInfo, System.Object[])"
    ,StackTrace: at RIM.BUDS.Core.EntityHandlers.TenantHandler.SyncDev icesMetadata(Int32 tenantId) in c:\ec_build\1366222\BUDSServer\source\enterprise\B UDS\Server\Sources\RIM.BUDS.Core\EntityHandlers\Te nantHandler.cs:line 616
    , at RIM.BUDS.Framework.OperationInvoker.InvokeOperatio n(Object handler, MethodInfo operation, Object[] parameters) in c:\ec_build\1366222\BUDSServer\source\enterprise\B UDS\Server\Sources\RIM.BUDS.Framework\OperationInv oker.cs:line 38
    , at RIM.BUDS.Framework.DefaultHttpHandler.InvokeReques tHandler(RequestContext context, Object handler, MethodInfo operation, Object[] parameters) in c:\ec_build\1366222\BUDSServer\source\enterprise\B UDS\Server\Sources\RIM.BUDS.Framework\DefaultHttpH andler.cs:line 501
    , at RIM.BUDS.Framework.DefaultHttpHandler.ProcessReque st(RequestContext requestContext, MethodInfo operation) in c:\ec_build\1366222\BUDSServer\source\enterprise\B UDS\Server\Sources\RIM.BUDS.Framework\DefaultHttpH andler.cs:line 122
    , at System.Web.HttpApplication.CallHandlerExecutionSte p.System.Web.HttpApplication.IExecutionStep.Execut e()
    , at System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean& completedSynchronously)

    DEBUG,"2014-06-03 16:31:01,747",57,4,"82f257df-01f3-4db8-a51d-41bb5514402e","Completed: 200 - GET https://srv14v109.ad.int.kkh.de:9081/dm/tenant/2/device/infringe",
    "DEBUG,""2014-06-03 16:31:03,506"",26,0,""a1408ad7-7830-4a97-a6cd-0ca926b5b0c8"",""Started: PUT https://srv14v109.ad.int.kkh.de:9081...nt/2/test/apns User-agent: Apache-HttpClient/4.2.5 (java 1.5)"","
    INFO,"2014-06-03 16:31:03,695",26,0,"a1408ad7-7830-4a97-a6cd-0ca926b5b0c8","Certificate with key '7cfc256e4c33e5dba336fcc02a885716d5addb04' is loaded successfully",
    WARN,"2014-06-03 16:31:04,292",26,0,"a1408ad7-7830-4a97-a6cd-0ca926b5b0c8","APNS test error: RIM.BUDS.ApnsGateway.ApnsConnectionException: APNs Connection Open error ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
    at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.ForceAuthentication(B oolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.ProcessAuthentication (LazyAsyncResult lazyResult)
    at RIM.BUDS.ApnsGateway.ApnsConnection.Open() in c:\ec_build\1366222\BUDSServer\source\enterprise\B UDS\Server\Sources\RIM.BUDS.ApnsGateway\ApnsConnec tion.cs:line 220
    --- End of inner exception stack trace ---
    at RIM.BUDS.ApnsGateway.ApnsConnection.Open() in c:\ec_build\1366222\BUDSServer\source\enterprise\B UDS\Server\Sources\RIM.BUDS.ApnsGateway\ApnsConnec tion.cs:line 234
    at RIM.BUDS.ApnsGateway.ApnsConnection.Test() in c:\ec_build\1366222\BUDSServer\source\enterprise\B UDS\Server\Sources\RIM.BUDS.ApnsGateway\ApnsConnec tion.cs:line 119",

    Is there something to configure for Active Sync? All our users have it active on their exchange accounts and in uds the SMTP server is configured.
    Work Space is enabled and tested succesfully.
    Secure connect service is with failure.
    "Connection status failed" for APN Certificate-secureconnectservicefailure.png
    Last edited by Doreen Hacker; 06-04-14 at 03:17 AM.
    06-04-14 03:05 AM
  21. playsomekiss's Avatar
    06-04-14 08:13 AM
  22. Doreen Hacker's Avatar
    Hi thanks for your google search

    The failures from the first link are exactly the same we have. Web team will check the address
    I do configuration from link 2, but cannot save the last point - so I ask the author for reason.
    Link 3 I will check if server connectivity will run.

    Last edited by Doreen Hacker; 06-05-14 at 11:06 AM.
    06-05-14 09:36 AM
  23. Doreen Hacker's Avatar
    So, the connection is running and APN certificate is successfull cennected. I had to made the change with BB Admin.
    I want to activate an iPhone but get an error downloading certificate via https://de.bbsecure.com/<srpid>/ca.
    The certificate looks not good - the issuer is not found.

    How can I delete this APN from USD an create new certificate (I unfortunately forgot the password for .pfx file to reimport it).

    If I click "Renew certificate" I got a system error.
    06-05-14 11:05 AM
  24. Doreen Hacker's Avatar
    Happy me - I tested several passwords and found the right one to reimport the APN pfx File to personal certifcate store on UDS.
    Now I have the problem that the certification path is with failure - there is the directory given where I saved the pfx file. What should there be to run correctly? How can I change it?
    &quot;Connection status failed&quot; for APN Certificate-certificate.png
    06-06-14 03:11 AM
  25. playsomekiss's Avatar
    06-06-14 04:01 PM
46 12

Similar Threads

  1. Official CB10 App for BB10 Feature Request Thread
    By khehl in forum CrackBerry Apps
    Replies: 53
    Last Post: 02-07-15, 06:23 PM
  2. Replies: 6
    Last Post: 12-27-14, 03:20 PM
  3. My hopes for the Windermere
    By ummie4 in forum BlackBerry Concepts & Dream Devices
    Replies: 45
    Last Post: 06-18-14, 07:22 PM