BlackBerry Forums Support Community

BlackBerry Forums Support Community (http://www.blackberryforums.com/)
-   BES Admin Corner (http://www.blackberryforums.com/bes-admin-corner/)
-   -   Blackberry / OCS CWA 2007 (http://www.blackberryforums.com/bes-admin-corner/147943-blackberry-ocs-cwa-2007-a.html)

demar 09-01-2008 07:06 AM

Blackberry / OCS CWA 2007
 
Hi,
I’m trying to configure Blackberry to work with OCS CWA 2007 without positive result.
Blackberry Collaboration services Settings (Connection):
  • Host = cwa.domain.net
  • Port = 443
  • Transport protocol = HTTPS
When I try to connect from the RIM Server to the OCS CWA 2007 Server (internet Explorer) all work fine.

OCS CWA 2007 Settings:
  • Virtual Server Type = Internal
  • Authentication = Windows Authentication

On the RIM Server I can see following error in the log-file:
“Cannot contact CWA server at _https://cwa.domain.net:443/forms/logon.html version of CWA cannot be determined due to IOException trying to contact host: java.io.IOException: Duplicate extensions not allowed>”

Thank you
Regards
demar

penguin3107 09-01-2008 12:14 PM

What version and service pack is the BES?

demar 09-01-2008 12:19 PM

Sp6

hugheser 09-02-2008 03:13 PM

We got that error until we enabled FBA and Windows Auth. After that, it worked. If we had either of those selected without the other, it didn't work.

demar 09-03-2008 02:02 AM

I activated Forms Authentication. Still the same Problem.
On the “old” (2005) CWA you have to enable ajax (h t t p : / / w w w .microsoft.com/technet/prodtechnol/office/livecomm/library/cwa/planningdeployment/cwapdp_4.mspx).
Is it also necessary on the new CWA (2007)?
The ajax.dll on the CWA 2007-Server is no more available!

penguin3107 09-03-2008 05:17 AM

Wirelessly posted (Breaking Ball)

No, it's not necessary with OCS 2007.

demar 09-29-2008 06:07 AM

I have the solution!
The BES cannot build a secure connection (HTTPS) if the configured name for the connection with the CWA Server is not defined as “Subject” on the certificate. If you have multiple “names” on the certificate, the CWA Server (that is configured on the BES for the connection) must be defined as “Subject” in the certificate and not as ”Subject Alternative Name”!

sniffs 10-16-2008 05:53 PM

What cert should we be looking for? We see 3 certs and have checked all 3..

We're getting this same issue.

Also, in that "Forms" folder, there is no logon.html file.. The folder is actually blank. Is it supposed to be?

demar 10-17-2008 01:32 AM

Certificate:
1. Public Key Length 1024 Bits (not 2048)
2. No Subject Alternative Name
3. Enhanced Key Usage (also Client Authentication)
4. No intermediate signing authority.

It is not completely clear what solved the problem, but the order of liklihood is 2, 4, 1, 3.


The Forms folder is empty that is right.

robgptx 02-17-2009 03:15 PM

if the configured name for the connection with the CWA Server is not defined as xxx8220;Subjectxxx8221; on the certificate. If you have multiple xxx8220;namesxxx8221; on the certificate, the CWA Server (that is configured on the BES for the connection) must be defined as xxx8220;Subjectxxx8221; in the certificate and not as xxx8221;Subject Alternative Namexxx8221;!

Where do I go to find this?

demar 02-18-2009 02:22 AM

Open the Certificate Properties > Detail Tab:

Subject and Subject Alternative Name

robgptx 02-18-2009 09:19 AM

Is this on the BES or on the OCS server?

demar 02-18-2009 09:21 AM

Ocs Cwa.

robgptx 02-18-2009 10:21 AM

Still not working. I have don what you have said, but device won't connect. Any other suggestions.

robgptx 02-18-2009 10:31 AM

This is what its showing in the logs now.

Cannot contact CWA server at; version of CWA cannot be determined due to IOException trying to contact host: Remote host closed connection during handshake

2009-02-18 10:05:56.953 EST:99, CWA server version could not be identified.


All times are GMT -5. The time now is 09:12 AM.

Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.