01-29-2014 12:45 PM - edited 01-29-2014 12:46 PM
since a lot of time we are deploying a BES 5 organisation with ca. 100 user. Now my boss would like to test an android device with secured work space as he holds the solution for a very smart one. My problem is, I cannot get it working. On a virtual Windows 2008 R2 server i’ve made a new, fresh installation of BES 10.2. Everything went fine, consoles are working etc, but I am stuck at the point on find no way out.
1. My first question – How do i configure the ActiveSync Profile in the UDS, shall I point to my internal Exchange CAS server or to our OWA server which accepts ActiveSync connections? I’ve read all the manuals available and found no info.
I’ve tried to configure it to connect to our CAS server, created policies, added a user and sent an activation email. I’ve installed BES10 client on a new Android Smartphone, opened in browser the link provided and the message stating the certificate has been installed appeared. Now I open BES10 client, enter the server link an see the details to the certificate saying Trusted: NO. (no idea why) I can accept certificate and see prepopulated my domain user name and can enter my password. At least I accept administration and get the device activated.
Now I see 4 areas. WorkApps, Profiles, IT Policy and About. „About“ tells me the device is activated, „Profile“ shows me my profile for ActiveSync being configured manual (what does it mean?), if i click profile, I can see domain data and a button below saying „Setup“. If I choose it , it opens trivial Android window to configure accounts. Now what? What for so I need the whole story? Why not configure Exchange account directly?
2. My second question is - Where do I find my emails? What are the further steps if any? I googled and googled and found nothing! Not a video, neither a description nor documented steps. It’s so frustrating!
I’m affraid either I am missing some important piece of information or some misconfiguration of the ActiveSync profile on UDS occured. The problem, the biggest problem in my opinion is the lack of the configuration information provided. Those docs I found on the BB website are all pretty mixed and describe partially things I’m not able to found on server and which are probably gone after BES 10.2 has been released. Docs are very inconsistent and as a long time BES 4 and 5 user and administrator I find it very disappointing.
I hope somebody can help me.
Solved! Go to Solution.
01-29-2014 01:13 PM
I'm sorry, I did forget to add that the other problem is that a new device I activated is being reported as nort compliant. The report states the device is rooted, but this is wrong as, firstly, this is a new device unboxed yesterday evening and secondly, same happens to another, my private device which is neither rooted nor somehow manipulated. Both devices run different Android versions and coming from different manufacturer.
I'm rockin the BlackBerry Passport, Z30, Z10, Q10, BlackBerry Mini Stereo Speaker, 64 gig PlayBook, BlackBerry Wireless Headset HS-700
01-29-2014 01:20 PM
what OS are they on?
BESAdmin's, please make a signature with your BES environment info.
BES 12 and BES 5.0.4 with Exchange 2010 and SQL 2012 Hyper V
01-29-2014 04:04 PM
BES10 runs on Windows Server 2008 R2 Standard, Adroid versions - one device Android 4.1.2 and the other Andoid 4.0.4.
I've reseted the first device to factory defaults, then tried to activate it again. The activation went the same way, the certificate was shown as not trusted, but the profile was created. In case I start the Workspace MGR app installed directly from Play Store, I receive a message stating: "A work space cannot be set up on a device that is rooted"
02-03-2014 11:27 AM
Well, so far no updates and no success reports. By the way, can anyone please tell me if and when do I need TouchDown installed on an Android device? As I can see, this additional App requieres additional license. Am I correct?
02-10-2014 03:23 AM - edited 02-10-2014 04:03 AM
that´s right. You need additional license for TouchDown.
Normaly you don't need it for the android devices. You need it only if you don't use secure work space. BES 10.2 should support Android 2.3 and upper version.
We have problems, too. We fixed it with this configuration:
1. Serveradress: you should configure it without the parameter /traveler
2. Uncheck the box for "Enable Notes Traveler support for the work space"
03-03-2014 12:42 PM
unfortunately we are not using Domino, but MS Exchange sever. I have Blackberry native Q10 devices working so far, but still feeling trapped with Android.
From what I can find in the Internet, there is no need for TouchDown when using SWS (Secured Workspace), but can not configure it as all my test smartphone are recognized as rooted (they are not), on Crackberry.com website I found information that in case of SWS, I should install Work Connect also, but if I visit Google Play there is NO an app with such a name. It's so frustrating!
Please, does anybody managed to get SWS working in an Android device, please point me where do I get step-by-step instructions how to do that and please tell me which client is being used in this case when processing emails?
03-05-2014 07:54 AM - edited 03-05-2014 07:55 AM
I've just tested it and it's working. I have a Samsung S3 with Android 4.3 and I configured it in the following way:
In the BES 10 UDS console I created some ne profiles:
- IT policy (disabled the camera, only for testing what will happen)
- MS ActiveSync (I am connecting with the Exchange server directly via HTTPS)
- Compliance (disabled "Jailbroken or rooted devices")
- Activation type ("Work and personal" because it is a private phone)
- Work Space IT policy
After binding the profiles to my user account I've installed the "BES10 Client" and registered with the server. After some time the app asked me to install the following apps:
- BES10 MGR
- Work Connect
Meanwhile the app asked me for a new password for the lock screen of the device and some time later for a new Work Space password (shown with a blue background). After that I got a short howto for configuring the app in the correct way: Alway open addresses, answer phone calls and so on with the Work Connect app.
And some minutes later my mail account was synchronized with the Work Space, as well as contacts and the calendar.
The next step was to check if my device would be detected as rooted, too. I activated "Jailbroken and rooted device" in the compliance profile (prompt for compliance and untrust) and waited until the profile was enrolled. And my device was not detected as rooted.
Hopefully this will help you to find your problem...
03-06-2014 09:40 AM
I will try it again tomorrow with another device. Thank you for the description of the single steps, that was exactly what I was missing before.