1. mwatts716's Avatar
    HI there,

    We are running BES 10.2 with UDS and everything was working fine for the last 9+ months until Friday last week when all of our iOS devices were nearly wiped clean of everything BES at almost the same time. Leaving only the BES 10 client on them. When trying to reactivate they get the profiles installed in the BES 10 client and they show up in the iPhone settings, but 10 seconds later they disappear from the iPhone settings, but the profiles (ActiveSync and WiFi) still remain in the BES 10 client and the client tries to install them again. I have contacted support and am already at level 3, but they don't seem to be helping much.

    Wondering if anyone has seen this before or knows what might have caused it or how to fix it. I know on Thursday one of our IT guys revoked a bunch of old unused APN certs, but the problem occurred Friday at about 11:15 am. Aside from that Java was updated on the BES server on Tuesday and thats about it.

    A few things of note:

    We have iOS and Android devices, Andorids continue to work as expected. We also use the secure work space on tablets only and we were able to reactivate a couple of iPads with SWS, but the iPhones without SWS seem to install the required profiles and then delete them.

    Also of note, our MDM certificate expires next Friday. Thought it was awfully coincidental that this happened exactly two weeks before that cert was set to expire.

    Any help/ideas would be appreciated. Thanks!
    05-23-14 01:46 PM
  2. Sith_Apprentice's Avatar
    HI there,

    We are running BES 10.2 with UDS and everything was working fine for the last 9+ months until Friday last week when all of our iOS devices were nearly wiped clean of everything BES at almost the same time. Leaving only the BES 10 client on them. When trying to reactivate they get the profiles installed in the BES 10 client and they show up in the iPhone settings, but 10 seconds later they disappear from the iPhone settings, but the profiles (ActiveSync and WiFi) still remain in the BES 10 client and the client tries to install them again. I have contacted support and am already at level 3, but they don't seem to be helping much.

    Wondering if anyone has seen this before or knows what might have caused it or how to fix it. I know on Thursday one of our IT guys revoked a bunch of old unused APN certs, but the problem occurred Friday at about 11:15 am. Aside from that Java was updated on the BES server on Tuesday and thats about it.

    A few things of note:

    We have iOS and Android devices, Andorids continue to work as expected. We also use the secure work space on tablets only and we were able to reactivate a couple of iPads with SWS, but the iPhones without SWS seem to install the required profiles and then delete them.

    Also of note, our MDM certificate expires next Friday. Thought it was awfully coincidental that this happened exactly two weeks before that cert was set to expire.

    Any help/ideas would be appreciated. Thanks!
    Which MDM Cert? Your SSL or your APNs?


    If your admin revoked the wrong APNs certificate, this could easily be the cause. Issue a new APNs certificate and use that within the UDS. See if that solves the issue.
    05-23-14 01:47 PM
  3. mwatts716's Avatar
    The SSL cert expires next week. Old APN certs were revoked, and we even issued a new one to be safe and UDS says it's all good.
    Sith_Apprentice likes this.
    05-23-14 02:16 PM
  4. playsomekiss's Avatar
    Check the UDS Core files. In there you should see a reference to the Cert serial Number, you can check it against the serial number you have on the server and make sure they are the same. Like Sith stated, the wrong cert could have been revoked. Also, you might need make sure that in the Apple Push Certificates Portal that the correct MDM cert is there.
    Sith_Apprentice likes this.
    05-23-14 03:56 PM
  5. Sith_Apprentice's Avatar
    Make sure, with the new APNs cert you remove all the users, remove EVERYTHING related to BES/UDS on your devices, and enroll again.
    05-23-14 04:59 PM
  6. mwatts716's Avatar
    Check the UDS Core files. In there you should see a reference to the Cert serial Number, you can check it against the serial number you have on the server and make sure they are the same. Like Sith stated, the wrong cert could have been revoked. Also, you might need make sure that in the Apple Push Certificates Portal that the correct MDM cert is there.
    Sorry what is the path/file I should be looking for?
    05-23-14 05:50 PM
  7. playsomekiss's Avatar
    05-23-14 09:41 PM
  8. maxie2015's Avatar
    Hi,
    we have the same issue and the APN Cert is up to date. Did you find any solution to the issue?

    Regards,
    Max
    06-10-15 10:44 AM
  9. johnnyuk's Avatar
    I have the same issue today! APNS cert expires in 2 weeks time, no changes have been made anywhere but iOS Profiles are deleting themselves from devices.

    Posted from the CB10 app on my BlackBerry Z30 STA100-2/10.3.1.2576 on O2 UK - Activated on BES10.2.5.6
    06-15-15 08:05 AM
  10. johnnyuk's Avatar
    Also of note, our MDM certificate expires next Friday. Thought it was awfully coincidental that this happened exactly two weeks before that cert was set to expire.
    This has happened exactly two weeks before APNS cert expiry for us too! This can't be a coincidence. Something external has happened or there is a bad cert related bug somewhere.

    Posted from the CB10 app on my BlackBerry Z30 STA100-2/10.3.1.2576 on O2 UK - Activated on BES10.2.5.6
    06-15-15 08:19 AM
  11. maxie2015's Avatar
    I've got it fixed last week with assistance of Blackberry support. The problem was the expired SSL certificate(RIM BUDS Core SSL Certificate) . The issue began exactly 2 weeks before expiration. Users could activate a secure work space again, but in 2 weeks it was not possible anymore. The expired certificate was on the BES server in local computer certificates, IIS (UDS.Communication and Core Modules - bindings), in ...\RIM.BUDS.Gui\ssl\keystore, in ...\RIM.BUDS.Gui\ssl\cacerts and in SQL DB - dbo.kvp_certificate. We changed it to new self-signed from domain CA. Probably you don’t need to change it in all modules, but the BES support was not sure and I did the change in all of them… If you do it without support case(I do not recommend it) you can try begin with UDS.Communication-Bindings and test the activation. If you change the certificate in IIS Core module you have to also change it in keystore and cacerts. Otherwise you cannot login to UDS console anymore. For SQL DB we used the script (BB support was not sure why we do that, but we did it as well…):
    UPDATE kvp_certificate SET value = 'Fingerprint of the new certificate'
    WHERE [id_key] = (SELECT ID FROM [key_definition] WHERE name = 'generic.x.store.thumbprint') AND
    [id_certificate] in (SELECT value FROM sys_global WHERE [key]='certificate.ca.id_certificate')
    Usefull tool for working with files - keystore and cecert was portecle-1.7.
    Another possible solution for the issue that I’ve got from BB support could be server update(my current ver. is 10.2.3), but I could not find any changes in SSL certificates in release notes to MR4 or MR5. Also the ver. 12 is still not option for me because of licenses.
    Last edited by maxie2015; 06-16-15 at 07:29 AM.
    06-16-15 04:18 AM
  12. johnnyuk's Avatar
    I've got it fixed last week with assistance of Blackberry support. The problem was the expired SSL certificate(RIM BUDS Core SSL Certificate) .
    So how did it come about that there's an expired cert in there? Is it BlackBerry's fault or yours/ours?

    I've just sent all my logs and screen shots off to BlackBerry so let's see what they come back with for me.

    Posted from the CB10 app on my BlackBerry Z30 STA100-2/10.3.1.2576 on O2 UK - Activated on BES10.2.5.6
    06-16-15 02:36 PM
  13. johnnyuk's Avatar
    This problem with the expired RIM Buds Core SSL Certificate causing iOS MDM profiles to vanish during activation seems to have gone away around 3-4 weeks ago. I haven't made any changes to my BES10 sever or been able to renew the certificate on the server in any way.

    I have no explanation for why it has started working correctly again.

    Has BlackBerry removed the requirements for this certificate to be valid from the activation process in the BES12 client as a work around, possibly due to the unexpected certificate expiry impacting on so many customers?

    Posted from the CB10 app on my BlackBerry Z30 STA100-2/10.3.2.2204 on O2 UK - Activated on BES10.2.5.6
    08-03-15 12:19 PM
  14. Canadajoe902's Avatar
    Is there a step-by-step to resolve this issue? I am experiencing the same issue now two weeks before the cert expires. All end users have lost their profiles on their iPhones. ?? Frustrating...
    07-30-16 02:06 PM

Similar Threads

  1. Emails disappearing
    By squashthatfly in forum BlackBerry Z30
    Replies: 10
    Last Post: 07-19-14, 07:08 PM
  2. Problem Adding iOS & Android BBM Contacts
    By baggangberry in forum General BBM Chat
    Replies: 7
    Last Post: 07-03-14, 11:21 PM
  3. Proudly Canadian? WestJet's New App for iOS & Android Only!
    By budsfan1970 in forum News & Rumors
    Replies: 197
    Last Post: 06-19-14, 02:05 PM
  4. Endomondo - for Km, change your profile info
    By Easy-G in forum BlackBerry 10 Apps
    Replies: 2
    Last Post: 05-23-14, 07:21 AM
  5. Why Google created apps for iOS?
    By menshawy in forum BlackBerry 10 Apps
    Replies: 3
    Last Post: 05-18-14, 04:12 PM
LINK TO POST COPIED TO CLIPBOARD