Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® Enterprise Service 10

Reply
Contributor
Huby
Posts: 32
Registered: ‎06-03-2013
My Device: Z10

BES 10.1 UDS Which settings are required

Hi community,

 

did the last settings this morning, but an ipad cannot be activated. Error 3007 Server is not available.

 

Research: What for settings have to be done and what are needed.

 

UDS Console checked:

 

- few user added

- group added, policy added, assigned to the group. Put the user into the group

- smtp server set

- profile created with internal traveler address FQDN

- MS AD settings set, checked connection. User can be added from AD. Jippie

- APN configured and followed the instruction of the config guide from BB, Certificate accepted.

- no push server, no external scep, no gatekeeping server and no proxy server (not needed from the BES10 host)  set.

 

In general, no red exclamation marks detected. So far, so good.

 

Send a activation message to a user account and followed the instructions.


- inserted the signature to an ipad following the url with the SRP-ID. OK.

- checking the xx.bbsecure.com/Sxxxxxxxxx url and the a.m. error occurs.

 

So here are my questions.

 

- is there someting i have forgot to configure?

- is the SSL certificate for the communication module needed? See page 115 ff in the config-guide PDF from BB.

- what about the Bes10 configuration Tool. You CAN (not must!) insert a new certificate for comm.- module. Can i or must i?

- in addition, is a external url or hostname for the BES10 server needed for the communication module? The server is in an AD so i might need a external domain like company.com for this host for the comm.-module

- with bes10.1, RIM network tunnels the connections between device and bes server. But this can only be done if an bes-server initiated connection is launched to the RIM network because the server is inside and does not allow direct connections from outside. For this service, the BB secure connect service is responsible. But how can devices reach the server?

 

When i search the BB KB, i see some entried regarding the 3007 error but i do not know if it belongs to bes 10.1.

 

What i need is a step by step instruction for the configurations which are absolutely needed and for the optional settings like proxy or gatekeeper.

 

Wow, not easy to install.

 

Huby

 

 

 

 

 

Retired
LoneWolf902
Posts: 166
Registered: ‎04-25-2013
My Device: BlackBerry Z10, BlackBerry Q10, Bold 9900

Re: BES 10.1 UDS Which settings are required

Hello Huby,

Thank you for your question regarding activations on UDS for BES 10 versions 10.1.

 

The reason you are getting a 3007 error is because of 2 different reasons, 1 server is not accessible. In BES 10.1 activations are done over 3101 so as long as it is open like BES 5 your should be fine.

 

The second reason is that the communication module is not trusted by the device, this is the most common issue. 

 

In order to activate we need to get the Root CA certificate on the device first by following the below steps.

 

1. On the device using Safari go to https://xx.bbsecure.com/SRPID/ca (the xx should be your country code) 

2. On the device you should be prompted to install a certificate for your server

3. Once that is installed open the BES 10 client on the device 

4. It should be asking for a server address 

5. xx.bbseure.com/SRPID

6. Now your username/password and you should be good to go.

 

Let me know if you have any other questions.

- LW

 

Come follow your BlackBerry Technical Team on twitter! @BlackBerryHelp

Be sure to click Kudos! for those who have helped you.

Click Accept as Solution for posts that have solved your issue(s)!

Contributor
Huby
Posts: 32
Registered: ‎06-03-2013
My Device: Z10

Re: BES 10.1 UDS Which settings are required

[ Edited ]

thank you very much for the answer.

 

I have read that the comm.-module needs a valid ssl certificate. One question.

 

Do i need a FQDN for the server. At the moment we have only a AD hostname like bes10.addomain.domain.

 

Are there ways to give the IIS a (additional) external hostname like bes10.company.com to get an ssl certificate?

I cannot certify an internal AD domain. If i go to the Server certificates in IIS, there are three parts of a certificate. RIM BUDS Core SSL Certificate an two UDS CA Certificates. The first is issued to the wildcard address like *.addomain.domain.

 

Or, the worst case, do i need a complete reinstall of BDS, UDS etc, with a externel hostname like bes10.company.com?

 

Btw. i have done the steps to provide the SRP ID with the mentioned URL. It was successful.

Retired
LoneWolf902
Posts: 166
Registered: ‎04-25-2013
My Device: BlackBerry Z10, BlackBerry Q10, Bold 9900

Re: BES 10.1 UDS Which settings are required

Hello Huby,

 

With BES 10.1 there is no more need for a publicly facing name or SSL certificate. 

 

Everything is done over xx.bbsecure.com now and port 3101 like BES 5. 


Let me know if you have any other questions.

- LW

 

Come follow your BlackBerry Technical Team on twitter! @BlackBerryHelp

Be sure to click Kudos! for those who have helped you.

Click Accept as Solution for posts that have solved your issue(s)!

Contributor
Huby
Posts: 32
Registered: ‎06-03-2013
My Device: Z10

Re: BES 10.1 UDS Which settings are required

OK.... very fast answer. I will try again and tell the results.

 

 

Contributor
Huby
Posts: 32
Registered: ‎06-03-2013
My Device: Z10

Re: BES 10.1 UDS Which settings are required

have done the steps again. Installed the certificate on the device with a browser. It tells that the certificate is valid with a green hook.

 

Then try to connect to xx.bbsecure.com/SRPID with the BES10 client  .... Error 3007 again.

It takes less than a second to get the error message.

 

Because we already successful use BDS on the same server i assume that the connection is fine.

 

I have created an APN certificate as described in the PDF. The common name of this certificate is NOT the server name it is like "BES10 company" with spaces. After half a  day i get the certificate from BB and i merged it followed the description. After that it says that the APN certificate is successfully installed also with a green hook.

 

In the installation guide at page 116 there is a guidance for installing a SSL certificate for the communication module. Do i have to follow it and do i need, beside the APN certificate, a certificate for the communication module? Otherwise, the bbsecure.com/SRPID/ca process from the URL tells me on an iPhone that the certificate is valid. Buit is it the certificate of the comm.-module?

 

Second thing. Because the installation is done in the internal server net, noone can reach the server from outside. I think that one of the services like BB secure connect service is making an outbound initiated connection to BB infrastructure to give or receive any data, right?

 

 

 

Retired
LoneWolf902
Posts: 166
Registered: ‎04-25-2013
My Device: BlackBerry Z10, BlackBerry Q10, Bold 9900

Re: BES 10.1 UDS Which settings are required

Hello Huby,

Yes, the BlackBerry Secure Connect service on the BES 10.1 sever should have access to bbsecure.com over 3101.

 

The communication module does not need a certificate, it gets one created during the install. 

 

Also to confirm you are using gb.bbsecure.com/SRP correct? or swap out GB for US or CA?

 

Let me know if you have any other questions.

- LW

 

Come follow your BlackBerry Technical Team on twitter! @BlackBerryHelp

Be sure to click Kudos! for those who have helped you.

Click Accept as Solution for posts that have solved your issue(s)!

Contributor
Huby
Posts: 32
Registered: ‎06-03-2013
My Device: Z10

Re: BES 10.1 UDS Which settings are required

Thank you very much for your help.

 

I am from germany, so i take the address de.bbsecure.com/S12345678

 

Suddenly, an Android could be activated, an hour before it launched the error 3007 message. What i have done is, switching back the UDS.CommunicationModule Identity from IIS to ApplicationPooIdentity. Have read that this service has to run with the bes-user. After that i have restartet the WWW publishing service (IIS)... thats all.

 

But iPhones cannot be activated. Still the 3007 error. It seems that this devices do not link something eg. a wrong APN certificate. Giving up for today.

 

Thank you very much for your help. Giving an update tomorrow.

New Contributor
chompiras_ar
Posts: 3
Registered: ‎06-12-2013
My Device: Z10

Re: BES 10.1 UDS Which settings are required