Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® Enterprise Service 10

Reply
Contributor
Posts: 13
Registered: ‎06-27-2013
My Device: Blackberry Z10
My Carrier: EE

Upgraded from 10.1 to 10.1.1 Certificate issues...

Hi All,

 

Im hoping someone can point me in the right direction.

 

I had BES10.1 installed and working perfectly on IOS and Andriod.

 

I performed the upgrade to 10.1.1 this morning, which went fine, no errors to report.

 

Once i try to activate an IOS Device, it allows me to install the Cert from gb.bbsecure.com/SRP####/ca, it takes my username and password and installs another Cert which is successful. then when it finalizes the install i get "Enroll profile sending error. Please, contact your administrator"

 

Investigating this in the log files i am given this:

 

INFO,"2013-06-27 09:47:14,906",24,0,"fd2e3e3d-13c2-47dc-afc1-80c66980f106","Enroll: Sending Profile service URL to device, URL: https://gb.bbsecure.com/S#######/ios/profile/2/cff2f416-d039-4852-99a1-861e8a6cb314/English/6.1.4",
DEBUG,"2013-06-27 09:47:14,906",24,0,"fd2e3e3d-13c2-47dc-afc1-80c66980f106","Enroll: Payload:
<?xml version="1.0" encoding="utf-8"?>
<plist>
    <dict>
        <key>PayloadContent</key>
        <dict>
            <key>URL</key>
            <string>https://gb.bbsecure.com/S########/ios/profile/2/cff2f416-d039-4852-99a1-861e8a6cb314/English/6.1.4</...
            <key>DeviceAttributes</key>
            <array>
                <string>UDID</string>
                <string>IMEI</string>
                <string>ICCID</string>
                <string>VERSION</string>
                <string>PRODUCT</string>
            </array>
            <key>Challenge</key>
            <string>challenge</string>
        </dict>
        <key>PayloadDescription</key>
        <string>BlackBerry Enterprise Service 10 Profile</string>
        <key>PayloadDisplayName</key>
        <string>Profile Service</string>
        <key>PayloadIdentifier</key>
        <string>com.rim.mobileconfig.profile-service</string>
        <key>PayloadOrganization</key>
        <string>BlackBerry Enterprise Service 10</string>
        <key>PayloadType</key>
        <string>Profile Service</string>
        <key>PayloadUUID</key>
        <string>d2f59151-f33f-40ab-b4bc-e4b238eca97a</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
    </dict>
</plist>",
FATAL,"2013-06-27 09:47:14,942",24,0,"fd2e3e3d-13c2-47dc-afc1-80c66980f106","Enroll profile sending error. Please, contact your administrator.",
,Type: System.Security.Cryptography.CryptographicException
,Message: Cannot find the certificate and private key for decryption.

 

Please help! Thanks alot

Paul

Contributor
Posts: 13
Registered: ‎06-27-2013
My Device: Blackberry Z10
My Carrier: EE

Re: Upgraded from 10.1 to 10.1.1 Certificate issues...

Just thought id add, i have this running through a Blackberry Router sat in the DMZ.

 

Could it be i need to install the certs on the router too? if so, which certs to i need to put on there?

 

Thanks again

Contributor
Posts: 13
Registered: ‎06-27-2013
My Device: Blackberry Z10
My Carrier: EE

Re: Upgraded from 10.1 to 10.1.1 Certificate issues...

I have done a bit more digging, and it would seem that when i browse to https://gb.bbsecure.com/SRP####/ca it is giving me the cert from the pre-upgrade installation.

 

I have a SSL Core UDS Root cert: *.domain.com "issued by RIM UDS SERVER ROOT_WDEkYlFx" (FROM THE 10.1 INSTALL)

And a matching CA Cert called "RIM UDS SERVER ROOT_WDEkYlFx" (FROM THE 10.1 INSTALL)

 

When i upgraded to 10.1.1 It didnt generated a new SSL Core UDS Cert, but it did generate a new CA Cert called "RIM UDS SERVER ROOT_Ync3I1RW"

 

I beleive the fact that these do not match is where my problem lies... could someone shed some light?

Contributor
Posts: 11
Registered: ‎06-21-2013
My Device: Z10

Re: Upgraded from 10.1 to 10.1.1 Certificate issues...

[ Edited ]

Nearly exactly the same issue here... everything's regarding certificates crashed since update to 10.1.1.... and I've tried so many things and it got even worser ... **bleep** it, looking very unstable at all ... missing the bes5

 

By entering the https://de.bbescure.com/SXXXXXX/ca URL I got now No certificates with key '.....' found in the
store

Contributor
Posts: 13
Registered: ‎06-27-2013
My Device: Blackberry Z10
My Carrier: EE

Re: Upgraded from 10.1 to 10.1.1 Certificate issues...

Its been such a frustrating process.... im with you Tarracta!
Contributor
Posts: 44
Registered: ‎06-26-2013
My Device: 8700
My Carrier: Germany

Re: Upgraded from 10.1 to 10.1.1 Certificate issues...


Buzz001 wrote:

Just thought id add, i have this running through a Blackberry Router sat in the DMZ.

 

Could it be i need to install the certs on the router too? if so, which certs to i need to put on there?

 

Thanks again


The router in 10.1/10.1.1 only serve BDS (and BES5) traffic. Communication modules in DMZ are not longer usable. This should not be the problem.

Contributor
Posts: 13
Registered: ‎06-27-2013
My Device: Blackberry Z10
My Carrier: EE

Re: Upgraded from 10.1 to 10.1.1 Certificate issues...

My comms module is on the same server as BDS etc, not in the DMZ. Only the BB Router is on the DMZ.

 

i think im getting to the bottom of the issue but cannot find a way around it. it would seem the upgrade has installed a new CA Cert, but no matching SSL Cert to go with it.

 

Not sure where to go forward now...

Contributor
Posts: 44
Registered: ‎06-26-2013
My Device: 8700
My Carrier: Germany

Re: Upgraded from 10.1 to 10.1.1 Certificate issues...

[ Edited ]

Buzz001 wrote:

I have done a bit more digging, and it would seem that when i browse to https://gb.bbsecure.com/SRP####/ca it is giving me the cert from the pre-upgrade installation.

 

I have a SSL Core UDS Root cert: *.domain.com "issued by RIM UDS SERVER ROOT_WDEkYlFx" (FROM THE 10.1 INSTALL)

And a matching CA Cert called "RIM UDS SERVER ROOT_WDEkYlFx" (FROM THE 10.1 INSTALL)

 

When i upgraded to 10.1.1 It didnt generated a new SSL Core UDS Cert, but it did generate a new CA Cert called "RIM UDS SERVER ROOT_Ync3I1RW"

 

I beleive the fact that these do not match is where my problem lies... could someone shed some light?


I think this is an error/bug when he generates a new CA Cert. Just take a try and generate an new it policy and a new configuration to deploy. They should signed with/thrue the new CA cert. Deploy and test it.

 


Buzz001 wrote:
FATAL,"2013-06-27 09:47:14,942",24,0,"fd2e3e3d-13c2-47dc-afc1-80c66980f106","Enroll profile sending error. Please, contact your administrator.", ,Type: System.Security.Cryptography.CryptographicException ,Message: Cannot find the certificate and private key for decryption.

 This is also the problem of this error message. The profiles are signed with the "old" CA and do not match with the new CA.

Contributor
Posts: 13
Registered: ‎06-27-2013
My Device: Blackberry Z10
My Carrier: EE

Re: Upgraded from 10.1 to 10.1.1 Certificate issues...

Hi Lineasupport,

 

Thanks for your input.

 

I have just created a new IT Policy, Active Sync Profile and Software xconfig, and im still getting the same error appearing.

 

DEBUG,"2013-06-27 14:28:49,671",105,0,"94516094-8033-4421-93ef-a396e4d29c69","Request User-Agent: BES10 10.1.85 rv:162 (iPhone; iPhone OS 6.1.4; en_GB)",
DEBUG,"2013-06-27 14:28:49,672",105,0,"94516094-8033-4421-93ef-a396e4d29c69","Enrol request, tenantName: default, userName: paulb, language: en-GB, deviceUdid: , deviceHardware: iPhone5,2, deviceOs: 6.1.4, deviceOsFamily: ios",
DEBUG,"2013-06-27 14:28:50,145",105,0,"94516094-8033-4421-93ef-a396e4d29c69","Creating new device id.",
DEBUG,"2013-06-27 14:28:50,194",105,525,"94516094-8033-4421-93ef-a396e4d29c69","HTTP Request Completed: https://gb.bbsecure.com:33443/s#######/enrol",
DEBUG,"2013-06-27 14:29:00,501",98,0,"7b5b68bd-f6e8-4676-9b58-9aa8a2f3feed","DefaultRouteHandler (mdm/{perimeter}/device/swInfo): PUT https://gb.bbsecure.com:33443/mdm/99cb390b-046c-46b5-bc1b-3231b7108940/device/swInfo",
DEBUG,"2013-06-27 14:29:00,501",98,0,"7b5b68bd-f6e8-4676-9b58-9aa8a2f3feed","Request User-Agent: BES10 10.1.85 rv:162 (iPhone; iPhone OS 6.1.4; en_GB)",
DEBUG,"2013-06-27 14:29:00,559",98,0,"7b5b68bd-f6e8-4676-9b58-9aa8a2f3feed","OAuth secret cache miss",
DEBUG,"2013-06-27 14:29:00,625",98,126,"7b5b68bd-f6e8-4676-9b58-9aa8a2f3feed","HTTP Request Completed: https://gb.bbsecure.com:33443/s######/mdm/99cb390b-046c-46b5-bc1b-3231b7108940/device/swInfo",
DEBUG,"2013-06-27 14:29:07,907",98,0,"1d59771d-588b-4188-9b62-b3344f545075","DefaultRouteHandler (mdm/{perimeter}/device/hwInfo): PUT https://gb.bbsecure.com:33443/mdm/99cb390b-046c-46b5-bc1b-3231b7108940/device/hwInfo",
DEBUG,"2013-06-27 14:29:07,907",98,0,"1d59771d-588b-4188-9b62-b3344f545075","Request User-Agent: BES10 10.1.85 rv:162 (iPhone; iPhone OS 6.1.4; en_GB)",
DEBUG,"2013-06-27 14:29:08,013",98,107,"1d59771d-588b-4188-9b62-b3344f545075","HTTP Request Completed: https://gb.bbsecure.com:33443/s########/mdm/99cb390b-046c-46b5-bc1b-3231b7108940/device/hwInfo",
DEBUG,"2013-06-27 14:29:19,690",105,0,"e7eba85d-10ad-41bd-a426-c71f34aa6c58","DefaultRouteHandler (mdm/{perimeter}/device/capabilities): PUT https://gb.bbsecure.com:33443/mdm/99cb390b-046c-46b5-bc1b-3231b7108940/device/capabilities",
DEBUG,"2013-06-27 14:29:19,691",105,0,"e7eba85d-10ad-41bd-a426-c71f34aa6c58","Request User-Agent: BES10 10.1.85 rv:162 (iPhone; iPhone OS 6.1.4; en_GB)",
DEBUG,"2013-06-27 14:29:19,791",105,101,"e7eba85d-10ad-41bd-a426-c71f34aa6c58","HTTP Request Completed: https://gb.bbsecure.com:33443/s########/mdm/99cb390b-046c-46b5-bc1b-3231b7108940/device/capabilities...
DEBUG,"2013-06-27 14:29:26,304",105,0,"db902c17-6e1c-4411-a5b5-4386010729c7","DefaultRouteHandler (mdm/{perimeter}/device/status): PUT https://gb.bbsecure.com:33443/mdm/99cb390b-046c-46b5-bc1b-3231b7108940/device/status",
DEBUG,"2013-06-27 14:29:26,304",105,0,"db902c17-6e1c-4411-a5b5-4386010729c7","Request User-Agent: BES10 10.1.85 rv:162 (iPhone; iPhone OS 6.1.4; en_GB)",
DEBUG,"2013-06-27 14:29:26,405",105,102,"db902c17-6e1c-4411-a5b5-4386010729c7","HTTP Request Completed: https://gb.bbsecure.com:33443/s#######/mdm/99cb390b-046c-46b5-bc1b-3231b7108940/device/status",
DEBUG,"2013-06-27 14:29:35,373",106,6,"7996e60a-5165-44ec-95e6-9d16c7c7d9af","HTTP Request Completed: https://gb.bbsecure.com:33443/S#######/enrol/2/7082bc6f-c9fe-4d6f-9e44-42b61b5663df",
DEBUG,"2013-06-27 14:29:38,295",106,2,"d083787c-7ceb-4216-aa4d-ad030332f500","HTTP Request Completed: https://gb.bbsecure.com:33443/S#########/content/enrollment.css",
DEBUG,"2013-06-27 14:29:38,456",98,15,"43ffbdf3-a4da-4860-8af8-585e9a6076f1","HTTP Request Completed: https://svr-besx01.#########:33443/go/tenant/2/user/3",
DEBUG,"2013-06-27 14:29:39,392",105,2,"a1c5e861-034c-42c5-90f0-ed1736ecf77e","HTTP Request Completed: https://gb.bbsecure.com:33443/S#######/content/site.css",
INFO,"2013-06-27 14:29:48,376",105,0,"f2950c5c-3677-42ed-9605-44925d459736","Detected Apple device OS: 6_1_4",
DEBUG,"2013-06-27 14:29:48,376",105,0,"f2950c5c-3677-42ed-9605-44925d459736","Redirected to Enroll",
DEBUG,"2013-06-27 14:29:48,377",105,71,"f2950c5c-3677-42ed-9605-44925d459736","HTTP Request Completed: https://gb.bbsecure.com:33443/S#######/enrol/2/7082bc6f-c9fe-4d6f-9e44-42b61b5663df",
DEBUG,"2013-06-27 14:29:53,662",105,0,"b75a344c-61e9-467f-8943-3a922c881046","DefaultRouteHandler (ios/enroll/{tenantId}/{deviceGuid}/{language}/{osVersion}): GET https://gb.bbsecure.com:33443/ios/enroll/2/7082bc6f-c9fe-4d6f-9e44-42b61b5663df/English/6.1.4",
DEBUG,"2013-06-27 14:29:53,662",105,0,"b75a344c-61e9-467f-8943-3a922c881046","Request User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 6_1_4 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10B350 Safari/8536.25",
INFO,"2013-06-27 14:29:53,714",105,0,"b75a344c-61e9-467f-8943-3a922c881046","Enroll: Sending Profile service URL to device, URL: https://gb.bbsecure.com/S########/ios/profile/2/7082bc6f-c9fe-4d6f-9e44-42b61b5663df/English/6.1.4",
DEBUG,"2013-06-27 14:29:53,715",105,0,"b75a344c-61e9-467f-8943-3a922c881046","Enroll: Payload:
<?xml version="1.0" encoding="utf-8"?>
<plist>
    <dict>
        <key>PayloadContent</key>
        <dict>
            <key>URL</key>
            <string>https://gb.bbsecure.com/S#######/ios/profile/2/7082bc6f-c9fe-4d6f-9e44-42b61b5663df/English/6.1.4</s...
            <key>DeviceAttributes</key>
            <array>
                <string>UDID</string>
                <string>IMEI</string>
                <string>ICCID</string>
                <string>VERSION</string>
                <string>PRODUCT</string>
            </array>
            <key>Challenge</key>
            <string>challenge</string>
        </dict>
        <key>PayloadDescription</key>
        <string>BlackBerry Enterprise Service 10 Profile</string>
        <key>PayloadDisplayName</key>
        <string>Profile Service</string>
        <key>PayloadIdentifier</key>
        <string>com.rim.mobileconfig.profile-service</string>
        <key>PayloadOrganization</key>
        <string>BlackBerry Enterprise Service 10</string>
        <key>PayloadType</key>
        <string>Profile Service</string>
        <key>PayloadUUID</key>
        <string>6135276a-f99c-4eb4-a672-981d1741bb04</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
    </dict>
</plist>",
FATAL,"2013-06-27 14:29:53,749",105,0,"b75a344c-61e9-467f-8943-3a922c881046","Enroll profile sending error. Please, contact your administrator.",
,Type: System.Security.Cryptography.CryptographicException
,Message: Cannot find the certificate and private key for decryption.

,Source: System.Security
,TargetSite: "CMSG_SIGNER_ENCODE_INFO CreateSignerEncodeInfo(System.Security.Cryptography.Pkcs.CmsSigner, Boolean)"
,StackTrace:    at System.Security.Cryptography.Pkcs.PkcsUtils.CreateSignerEncodeInfo(CmsSigner signer, Boolean silent)
,   at System.Security.Cryptography.Pkcs.SignedCms.Sign(CmsSigner signer, Boolean silent)
,   at System.Security.Cryptography.Pkcs.SignedCms.ComputeSignature(CmsSigner signer, Boolean silent)
,   at RIM.BUDS.Communication.iOS.ProfileServices.MessageSigner.Sign(Byte[] input, X509Certificate2 signerCertificate, X509Certificate2 caCertificate) in c:\ec_build\1130696\BUDSServer\source\enterprise\BUDS\Server\Sources\RIM.BUDS.Communication.iOS\ProfileServices\MessageSigner.cs:line 37
,   at RIM.BUDS.Communication.iOS.ProfileServices.Handlers.EnrollHandler.DoEnroll(Boolean isDeviceClient, Int32 tenantId, Int32 userId, String deviceGuid, String hash, String language, String osVersion) in c:\ec_build\1130696\BUDSServer\source\enterprise\BUDS\Server\Sources\RIM.BUDS.Communication.iOS\ProfileServices\Handlers\EnrollHandler.cs:line 126
DEBUG,"2013-06-27 14:29:53,754",105,95,"b75a344c-61e9-467f-8943-3a922c881046","HTTP Request Completed: https://gb.bbsecure.com:33443/S######/ios/enroll/2/7082bc6f-c9fe-4d6f-9e44-42b61b5663df/English/6.1....

Contributor
Posts: 44
Registered: ‎06-26-2013
My Device: 8700
My Carrier: Germany

Re: Upgraded from 10.1 to 10.1.1 Certificate issues...

Is you problem solved?

The error
====
FATAL,"2013-06-27 14:29:53,749",105,0,"b75a344c-61e9-467f-8943-3a922c881046","Enroll profile sending error. Please, contact your administrator.",
,Type: System.Security.Cryptography.CryptographicException
,Message: Cannot find the certificate and private key for decryption.
====
show the problem, but i do not know how to fix it without reinstallation. i would try to install an passive node, its possible this installation fix it.