Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® Enterprise Service 10

Reply
Highlighted
Contributor
Posts: 28
Registered: ‎06-12-2012
My Device: Z10
My Carrier: TIM Italy
Accepted Solution

Certificate download: The remote server returned an error: (401) Unauthorized.

Hello!
I'm testing a 60-days BES 10.1 and I can activate BB10 devices. What I can't do is activate Android and iOS because when I go to https://it.bbsecure.com/Sxxxxxxxx/ca it returns this error:
Code:
<errorResponse>
 <errorCode>2007</errorCode>
 <errorString>User not authorized for requested core server operation.</errorString>
 <errorStringAuxiliary>The remote server returned an error: (401) Unauthorized.</errorStringAuxiliary>
</errorResponse>
I noticed that if I disconnect the BES server, this page returns an "unavailable" page, so it looks like the issue is with our Windows 2008 R2 server permissions. Have I missed something? Was your installation smooth or did you have to change some default permissions, please?
I also tried to use a wildcard certificate published by a certification authority, but no avail. By the way - I don't know if it's normal - in IIS bindings for UDS.CommunicationModule I see port 33443, not the standard 443, but maybe this is as expected.

Thanks for your time!
Contributor
Posts: 14
Registered: ‎01-21-2009
My Device: Z10 + Q10 + BB Bold + Android
My Carrier: O2

Re: Certificate download: The remote server returned an error: (401) Unauthorized.

Hi Mate

 

try this work around.. See article

 

Unable to activate an Android or iOS device after installing Universal Device Service

http://www.blackberry.com/btsc/KB31152

 

Regards
Singh

If your issue is resolved, put a checkmark in the green box that contains the resolution.OR
If that information was really helpful - Give it a Kudos..
Contributor
Posts: 28
Registered: ‎06-12-2012
My Device: Z10
My Carrier: TIM Italy

Re: Certificate download: The remote server returned an error: (401) Unauthorized.

Hi Singh!

 

Thanks for the tip: it came out that the issue was with the Core Module Password, probably it contained unwanted characters. After several attempts I was forced to delete BES 10 databases and reinstall everything, but now it seems to work! Waiting for the Apple Push certificate for final test, but it looks like it'sdone. Thanks again!

Trusted Contributor
Posts: 184
Registered: ‎09-01-2010
My Device: Not Specified

Re: Certificate download: The remote server returned an error: (401) Unauthorized.

Hello Singh,

 

KB31152 is not available anymore.

I have the same error with my BES 10.1

 

I have BES10.1 and Exchange 2007 sp2.

I can successfully activate Z10 device.

 

I have generated APNs certificate request and get certificate from Apple . When I try to activate Android or iPhone device, the certificate link from activation email doesn't work (https://ca.bbsecure.com/C#########/ca):

 

1) What common name I should use when I create APNs certificate request for Apple?

      Should it be server BES 10.1 FQDN or mail.domain.com from SSL certificate for regular ActiveSync\OWA

 

2) When Android or iPhone try to download certificate, are they going to download them directly from my BES10.1 server? How can I check why they can't download certificate?

 

Thank you

Contributor
Posts: 28
Registered: ‎06-12-2012
My Device: Z10
My Carrier: TIM Italy

Re: Certificate download: The remote server returned an error: (401) Unauthorized.

Hi Mario.

 

Refer to Google cache copy of the KB article until it's available: http://webcache.googleusercontent.com/search?q=cache:HQlsoBFhrZwJ:www.blackberry.com/btsc/KB31152+&c...

Are you facing exactly my problem? If so, what I did was going to the Server Configuration Tool and changing the Core Module password. It came out there was an error with it (an unspecified error has occurred changing your password) and I wasn't able to change it again. Even reinstalling the BES it failed at the very last steps, and in the logs it was reported a failure changing the password. Apparently, the password I chose was either too long or with unwanted characters, but BES didn't stop me when I chose it.

 

About your other questions, I chose a mnemonic common name like mdm.domain.com but I hadn't had a change to test the activation on iOS devices (while I did on Android).

I guess the certificate is downloaded from the server, because if you disconnect it from your network and try to go to https://ca.bbsecure.com/C#########/ca you should get a 404 error, different from the usual unauthorized error.

 

Hope this helps,

Luca

Trusted Contributor
Posts: 184
Registered: ‎09-01-2010
My Device: Not Specified

Re: Certificate download: The remote server returned an error: (401) Unauthorized.

Hello autopole,

 

Yes, you are right, I got "The webpage cannot be found" HTTP 404, whe I try to go to th elink to download  certificate

https://ca.bbsecure.com/C#########/ca

But my server is connected to the network and  IIS "UDS.CommunicatiomModule" nad "UDS.CoreModule" are running and all outgoing ports are open on Firewall.

What i did wrong, what should I check?

 

Thank you

Contributor
Posts: 28
Registered: ‎06-12-2012
My Device: Z10
My Carrier: TIM Italy

Re: Certificate download: The remote server returned an error: (401) Unauthorized.

OK, so I understand your problem is different than mine, since you always get the 404 error page regardless the BES is up or down. Is the SRP ID in the URL the same as yours? I've read that it happened that it was different in some (old) cases.

I guess you already tried, for testing purposes, to allow all the outbound traffic from BES to External and to disable local software firewalls.

Trusted Contributor
Posts: 184
Registered: ‎09-01-2010
My Device: Not Specified

Re: Certificate download: The remote server returned an error: (401) Unauthorized.

Hello autopole,

yes you are right, the SRP and number in URL are different.

I will try to call RIM.

 

Thank you