1. toody's Avatar
    Hi,
    I'm trying to get Blackberry Secure Connect Plus (BSCP) running under iOS with BES12.4 as our Active Sync Server is only reachable via BES
    My testaccount can activate a Android for Work Premium device with BSCP using a gold license
    When the same account activates a iOS device with MDM controls and the same Enterprise Connectivity Profile (BSCP is enabled in the iOS and Android enterprise profile settings) a silver license is used.
    According to Blackberry KB help.blackberry.com/en/bes12/12.4/licensing/jth1452544711410.html a gold license with MDM Activation is necessary to use BSCP under iOS.

    In the BES12 App on the activated iOS Device I'm missing a BSCP VPN profile. If i install the app manually it states that my administrator has not activated BSCP.

    I would have thought that enabling BSCP in enterprise profile and assigning it to a group/user profile leads to an gold activation.

    I also tried enabling perapp vpn and requiring Apps with it's per app vpn profile - before a device activation

    What am I missing? How can I manually assign a Gold License to the iOS Activation Type MDM Controls (which by default uses Silver) in order to fulfill the KB's requirements?
    Superfly_FR likes this.
    02-15-16 08:27 AM
  2. chasdrury's Avatar
    This is interesting - i didn't know you could do this in BES12.4 - with MDM controls can you push an app also to use the BSCP app for connectivity to the intranet - like a browser etc?
    02-15-16 09:35 AM
  3. tekguy26's Avatar
    Based on previous experience, you would think there would be a different kind of activation profile for it, but it doesn't. After spending days on testing, I finally gave up and called it in. First the tech told me that BSCP is not available on iOS. That's when I knew my case was going downhill when I had to tell him that it is on 12.4. The instructions for enabling BSCP on iOS is vague and leaves out some important information.

    Since iOS devices have already been activated using MDM Controls with Silver CALs I asked how would that work? I was told it would just use any available gold license. First off, he was wrong, secondly that would be disastrous if suddenly my Gold license got chewed up. I asked if he was sure that I didn't have to reactivate and was told NO. Anyway, the ONLY useful information I got from them was that it would require a Gold CAL. I figured out the rest on my own.

    I noticed when I downloaded the BSCP app from the store, it still showed Good as the vendor. So I decided to look up "Good for BES" and i saw there was a Good for BES12 client. Just on a hunch, I decided to use that client instead. BINGO. It worked.

    I called them back and they said the BES12 client should be fine and the Good for BES12 client is for use with Good Dynamics (which we aren't using). Needless to say, I left them scratching their heads right now and still have not heard back from them.

    I don't know how they expect their published document on their official website NOT to generate frustrated support calls. Here's a step-by-step.

    This is based on doing an upgrade from 12.3 to 12.4.
    1. Have Gold CALs
    2. Enable BSCP for iOS on the Default Enterprise connectivity profile (or create new)
    3. Add Apps you want to push (Not necessary to push BSCP app)
    4. Assign app directly to user or group
    5. Select the Enterprise connectivity profile to use under Per app VPN
    6. Download Good for BES12 client
    7. Activate like normal


    The BSCP app downloaded automatically for me. I was told this would only occur with a new installation and not an upgrade. If you look at the Device under the user, you will see the Enterprise connectivity profile will be there now. So if you follow the exact same steps but use the original BES12 client, you will see it doesn't appear.

    It's possible this issue does NOT appear if you are installing a brand NEW BES12 12.4 server. For most people, a brand new install wouldn't make sense since you already have uses in production.
    02-24-16 11:15 AM
  4. tekguy26's Avatar
    Just got a reply from BB today. They have acknowledged that you need to use the Good for BES12 client. This would make reactivation necessary.
    02-24-16 11:23 AM
  5. johnnyuk's Avatar
    My problem is that the BSCP VPN won't connect on iOS, whether it's per-app VPN or all apps. No error messages about the VPN connection not working appear. Port 443 and 3101 are open and working for the on-premises BES12 server, other MDM functionality works fine. It does the same thing when I configure it in BES12 Cloud too.

    Any ideas?
    03-24-16 07:09 AM
  6. SeptemberWasp's Avatar
    I had the system on per-app and the VPN would not connect as well.

    I had to enter the apps on the BES from the user or group level and select the "default" VPN option as the default for all my stuff was "none".

    Also the "convert" thing or whatever for the apps simply did not work. I had to delete the apps and install them from the "Work Apps" app and then airplane mode and back.

    After this opening an app that was designated from the BES triggered the VPN and it all worked well. The only thing after that is that I had to airplane/flip the network for any newly installed VPN apps.
    04-12-16 01:27 PM
  7. johnnyuk's Avatar
    I got the VPN to connect eventually by stripping all the profile settings down and starting again from the beginning.

    Now the problem I have is like the original poster here, 9 times out of ten when I activate a device with BSCP it takes a silver license instead of a gold which obviously means it doesn't work.

    The few times I've been able to activate and have it use the correct good licence I've then deactivated, made no changes anywhere, reactivated and oh look back on a silver licence so no go.

    Unimpressive.


    Posted from the CB10 app on my BlackBerry Z30 STA100-2/10.3.2.2789 on O2 UK - Activated on BES10.2.6.28
    04-14-16 07:45 PM
  8. Mike1900's Avatar
    I am having the same issue on 12.4.1, anyone make any progress? I have tried multiple times to activate and it will not grab a gold license.

    Gold licenses available to use for activation
    Device activation set to MDM controls
    Enterprise connectivity set to Enable blackberry secure connect plus
    Email profile to use the Blackberry secure gateway service
    Activating using the Good for BES iOS client
    06-17-16 11:59 AM
  9. Mike1900's Avatar
    Just got off a call with support and they mentioned that the license if a known issue and it will be resolved on 12.5 in that the license is not being enforced. so now we are troubleshooting why BSCP is not running.

    Any help?
    06-17-16 12:18 PM
  10. joinup's Avatar
    Hi there,

    same issue here. I can't get the mail app to use the BSCP. I followed the instructions here and everything is fine, except that the BSCP app always shows "no connection". Any progress here? Call opened at Blackberry.

    Best regards,

    Christoph
    06-22-16 02:02 PM
  11. somierl's Avatar
    Hi,

    Just upgrade from BES 12.1 to 12.5.2.
    Up to now we only used BB10 devices, and our partners took the choice to use iPhones.
    So I enabled Enterprise Connectivity Profile, Enable blackberry secure connect plus, Gateway Service, Email Profile (MDM Activation).
    I can successfully activate iOS devices (using UEM Client, not BES12 Client), connect the VPN BSCP profil, but no connection to our mail server!
    When I tried to update my password in the EAS mail account, I got "Exchange - unable to verify account information".

    I've opened a call to BB since 3 weeks, but nothing in in going on.......

    Regards.
    04-27-17 03:58 AM
  12. Rodney Wilder's Avatar
    Hi,

    Just upgrade from BES 12.1 to 12.5.2.
    Up to now we only used BB10 devices, and our partners took the choice to use iPhones.
    So I enabled Enterprise Connectivity Profile, Enable blackberry secure connect plus, Gateway Service, Email Profile (MDM Activation).
    I can successfully activate iOS devices (using UEM Client, not BES12 Client), connect the VPN BSCP profil, but no connection to our mail server!
    When I tried to update my password in the EAS mail account, I got "Exchange - unable to verify account information".

    I've opened a call to BB since 3 weeks, but nothing in in going on.......

    Regards.
    You have the BlackBerry connectivity app installed on device? What does is say for status? Should be able to grab logs, see its vpn IP address etc. Can you ping an ios vpn device ip from BES server? Should be a 172.16.xx.xx if memory serves.
    Have you tried removing and recreating the rras config on the bes server for the vpn?
    Last edited by Rodney Wilder; 04-27-17 at 07:46 PM.
    04-27-17 06:44 PM
  13. somierl's Avatar
    Thk'x for reply.
    Yes, Connectivity app is installed and show status of "Connected".
    I can ping my iOS device from my BES, and saw the connection in rras console.

    I tried to create a new email profile, enterprise connectivity profile : not better
    Attached Thumbnails BES12.4 + Secure Connect Plus VPN under iOS with MDM Controls gets Silver activated instead of Gold?-copy-img_0006.png  
    04-28-17 01:48 AM
  14. somierl's Avatar
    I tried to recreate RRAS Config, changing IP address of the adapter to 172.17.0.1 (KB000037354), still the same.
    I've installed on the iPhone an IP Ping app : I'm able to ping my mail server!
    It's completely crazy....
    04-28-17 03:53 AM
  15. Rodney Wilder's Avatar
    I tried to recreate RRAS Config, changing IP address of the adapter to 172.17.0.1 (KB000037354), still the same.
    I've installed on the iPhone an IP Ping app : I'm able to ping my mail server!
    It's completely crazy....
    So your ios devices are seeing internal network through the vpn. That's good.
    Can your browser bring up web page on internal network server? I'm assuming your eas server is internal on network and that is the one you pinged.
    Logs on the eas show connection attempts?
    Last edited by Rodney Wilder; 04-28-17 at 05:10 PM.
    04-28-17 02:38 PM
  16. somierl's Avatar
    Yes you're right, our eas server is internal.
    No connection attempt, I see nothing in log files (perhaps I search in the wrong place).
    In OWA / Mobile device, the device does not appeared.
    I don't have tried internal web browser, I will do it next Tuesday.

    I don't have enough skills in Exchange to debug this problem.
    04-28-17 05:27 PM
  17. Rodney Wilder's Avatar
    Yes you're right, our eas server is internal.
    No connection attempt, I see nothing in log files (perhaps I search in the wrong place).
    In OWA / Mobile device, the device does not appeared.
    I don't have tried internal web browser, I will do it next Tuesday.

    I don't have enough skills in Exchange to debug this problem.
    Let's take a step back. If you take an ios device not activated on bes, connect it to internal network via company wifi and setup the email direct manually to the eas as you would any personal device, does it work that way?
    04-28-17 09:02 PM
  18. somierl's Avatar
    I can't test this : it's a small firm (50 users), they don't have work wifi.
    04-29-17 01:28 AM
  19. Rodney Wilder's Avatar
    I can't test this : it's a small firm (50 users), they don't have work wifi.
    Can you temporarily setup a cheap consumer access point inside the network?
    04-29-17 01:13 PM
  20. somierl's Avatar
    I just spent several hours in different tests...and got it worked.
    Config :
    - Enterprise profile : BSCP enabled + VPN Connected + No Proxy Profile
    - Email profile : no BSGS

    This is the only way I can get emails on iOS.
    05-03-17 09:21 AM

Similar Threads

  1. Sung to the tune of 'Ben'
    By Rustybronco in forum Rehab & Off-Topic Lounge
    Replies: 1
    Last Post: 02-15-16, 03:17 PM
  2. I am Stuck with my Q10 won't boot or do anything.
    By Jitukali in forum BlackBerry Q10
    Replies: 5
    Last Post: 02-15-16, 11:08 AM
  3. BES 12 Cloud Connector couldn't be Activated, how can I get it working?
    By CrackBerry Question in forum BlackBerry Secure UEM & Productivity Suites
    Replies: 0
    Last Post: 02-15-16, 08:01 AM
  4. BES12.4 + Secure Connect Plus VPN under iOS with MDM Controls gets Silver activated instead of Gold?
    By CrackBerry Question in forum BlackBerry Secure UEM & Productivity Suites
    Replies: 1
    Last Post: 02-15-16, 07:42 AM
  5. BES 12 Android activation failure, how can I get it working?
    By CrackBerry Question in forum BlackBerry Secure UEM & Productivity Suites
    Replies: 2
    Last Post: 02-15-16, 02:47 AM
LINK TO POST COPIED TO CLIPBOARD