BlackBerry Forums Support Community

BlackBerry Forums Support Community (http://www.blackberryforums.com/)
-   BES Admin Corner (http://www.blackberryforums.com/bes-admin-corner/)
-   -   Connecting device to local web server (http://www.blackberryforums.com/bes-admin-corner/259483-connecting-device-local-web-server.html)

djoh 05-15-2012 01:49 AM

Connecting device to local web server
 
Hi,

I tried to find similar topics, sorry if this has been addressed before.

I have my BES (10.177.1.38) sitting on the same LAN as my proxy (10.177.1.250) and my webserver (10.177.1.27). I want my device, while connecting through 3G, to access the local webserver.

I tried configuring BES to use my proxy following these steps, but nothing seems to happen:
In the BlackBerry Administration Service, in the Servers and components menu, expand BlackBerry Solution topology> BlackBerry Domain > Component view .
Expand the MDS Connection Service component.
On the Proxy mappings tab, click the URL string
Edit it and specify a proxy server.
Do I need to open different ports on my router ? Anything I misunderstood ?

Thanks in advance,

MisterGriffiths 05-18-2012 09:54 AM

Re: Connecting device to local web server
 
When you say local webserver, do you mean you want all your BlackBerry browser traffic to be router via your internal Proxy Servers or are you trying to access your Intranet from the BlackBerry?

djoh 05-18-2012 09:55 AM

Re: Connecting device to local web server
 
Hi Mister Griffiths,

I'm trying to access my Intranet through my Blackberry, yes.

MisterGriffiths 05-18-2012 10:12 AM

Re: Connecting device to local web server
 
From Memory:

If you require authentication you will need to enable Authentication Support

Navigate to BlackBerry Solution Topology > BlackBerry Domain > Component View > MDS Connection Service

Goto the HTTP Tab and change Authentication Support Enabled to YES


To configure the proxy mappings:

Navigate to BlackBerry Solution Topology > BlackBerry Domain > Component View > MDS Connection Service > <on each server>

Goto the Proxy Mappings Tab and create a new Universal Resource Locator:

Enter the URL for your Intranet (e.g http://intranet.*)
Under Proxy Type, change this to DIRECT as I guess connections to your Intranet would be direct and not go via your Proxy Server.
You can leave the credentials area blank as this will then prompt the user to authenticate when they try to access the Intranet from the device, else you could enter generic credentials if you don't have different areas of your intranet open to specific users.

Note, you need to fix click on the PLUS sign down in the Proxy Type area, then the PLUS up at the URL area.

Once that has been saved into the list, you will then want to move this up the priority list to the top I expect.

Once you have done all that in the BAS, login to the actual MDS CS Server itself and explore to:

\Program Files (x86)\Research In Motion\BlackBerry Enterprise Server\MDS\Servers\instance\config

Open the MDSLogin.conf file and amend any entries for COMPANY.COM to the name of your internal domain (in uppercase I believe). This will pre-populate the domain field when users are asked to authenticate for access from the device.

Restart the MDS-CS Services and you should be good to go.

djoh 05-18-2012 10:21 AM

Re: Connecting device to local web server
 
Wow, that looks very interesting, I'll give it a try Sunday when I get back to work.

I'm using a proxy.pac to define what goes Direct and what goes through the proxy. I tried to configure it while leaving the default Universal Resource Locator, but it didn't change anything.

And yes, the proxy is requiring authentication.

Thanks for your help !

MisterGriffiths 05-18-2012 10:24 AM

Re: Connecting device to local web server
 
Good luck, let us know how you get on.

djoh 05-21-2012 02:33 AM

Re: Connecting device to local web server
 
Hi,

As mentioned earlier, I'm using a proxy.pac.
Does the pac fille needs to be accessible from outside, or only from the BES server ?

Edit: Answer is no, the proxy.pac doesn't need to be accessible from outside. I changed the configuration and I'm now able to access my local servers. Still need to figure out why I cannot access the internet anymore though :-)
I followed those steps to enforce the browser to follow my rules:
To ensure all data travels via the MDS service perform the following I.T Policy changes:

1. Device-Only Items > Enable WAP Config = False. This will remove the carriers WAP browser (i.e. Telstra Business Portal will be removed)

2. Browser Policy Group > MDS Browser Title = <company name> Internet (e.g. BBForums Internet). This clearly identifies the MDS browser to users.

3. Browser Policy Group > Allow IBS Browser = False. This removes the internet browsing service that allows users to bypass the MDS service.

4. Browser Policy Group > MDS Browser Use Separate Icon = True. This ensures a separate icon on the home screen for the MDS browser.

5. Service Exclusivity policy group> Allow Other Browser services = False. This will allow no other browser services except for the BlackBerry Browser to access the web.

MisterGriffiths 05-21-2012 06:17 AM

Re: Connecting device to local web server
 
Your IT Policy configs are all spot-on.

Maybe try without the PAC and just manually configure the proxy mappings to your proxy server, this will at least identify if your MDS server can pass page requests to the proxy.

To do that, it is the same as with setting a proxy mapping for the Intranet, except you retain the default URL of " .*://.*(:\d*)?(/.*)*(\?.*)? " and point the mapping to PROXY, adding the appropriate proxy string (proxyserver:8080)

Ensure this new proxy mapping is a lower priorty than the one for the Intranet.

Don't forget to restart the MDS Service after making the change and it is sometimes a good idea to Clear Browsing Data in the handheld too.

djoh 05-21-2012 06:50 AM

Re: Connecting device to local web server
 
Using PROXY works, all my connections go through it. Just some issues with the authentication, I have tested domain\login, testing login alone now.

Once it works fine, I'll either give one more try at the proxy.pac file, or will do the routing myself, using the URL to *.mydomain.com.

djoh 05-21-2012 07:30 AM

Re: Connecting device to local web server
 
MisterGriffiths, your help is precious !

Some applications have issues with the Authentication (twitter, facebook, ...).
Can I configure in a way that:
*.mydomain.com goes through my network (direct in the sense, not through the proxy)
Everything else goes as before, not through my network, not through proxy

Thanks

MisterGriffiths 05-21-2012 07:46 AM

Re: Connecting device to local web server
 
Quote:

Originally Posted by djoh (Post 1778214)
MisterGriffiths, your help is precious !

Some applications have issues with the Authentication (twitter, facebook, ...).
Can I configure in a way that:
*.mydomain.com goes through my network (direct in the sense, not through the proxy)
Everything else goes as before, not through my network, not through proxy

Thanks

My friend, you have just hit the same obstacle Ive hit recently. I'm told that the newer versions of apps such as Facebook and Twitter have had their APIs changed and are now considered more of a consumer app.

If you run version 2.0.0.11 of Twitter you should be fine running it through the MDS. From version 2.0.0.16 onwards, I've found it impossible to get it to work through the MDS and Proxy. We have spent days testing and reconfiguring our test lab but nothing we do on the handheld, MDS or Proxy seems to work. We then ran out of time so we are now considering allowing devices to just use BIS for Internet and BES(MDS) for Intranet.

One thing you will likely find though, if you run the device over wifi, then Twitter (even the latest versions) will work. I'm not clever enough to know why this is but somehow, even with our locked down devices, Twitter authentication is able to occur if the device is using wifi.

We regard to Facebook. I have not actually had issue with this app running through the MDS. When you first lauch the app you have to trust the certificate on the handheld. We do also have a few other things configured on our MDS which may be helping this. We have an 'Allow Untrusted Servers' Configuration Set for HTTPS on the MDS. We also have the 'application.handler.tls.preventUnmatchedDomainNam e=false' added to the rimpublic.property file on the MDS.

djoh 05-21-2012 07:54 AM

Re: Connecting device to local web server
 
Wow, I see !

I'm not interested to have all my traffic go through my network, I was quite satisfied with the direct connection to Internet.
I just need that, when a user clicks on a link in an email that points to our Intranet, the page opens the way it should.

Should I give up ?

MisterGriffiths 05-21-2012 08:01 AM

Re: Connecting device to local web server
 
In which case, you need to just leave the proxy mapping for your Intranet on the MDS and reverse those IT Policy items you configured.

Device-Only Items > Enable WAP Config = False or True (up to you really. If you get charged separately for WAP you may want to leave it disabled)

2. Browser Policy Group > MDS Browser Title = <company name> (might want to name this <company name> Intranet or something. To be honest it doesn't really matter on newer handhelds as the device will decide what browser method to use depending on the speed it gets responses to page requests and if it gets an DNS errors)

3. Browser Policy Group > Allow IBS Browser = True. (you will want to activate the BIS Browser)

4. Browser Policy Group > MDS Browser Use Separate Icon = True. (yep, leave this as is)

5. Service Exclusivity policy group> Allow Other Browser services = True. (you will want to allow the other Browser service to be able to use BIS)

djoh 05-21-2012 08:05 AM

Re: Connecting device to local web server
 
That's what I was doing, glad to see I finally understand something in this :-)

Just one simple question, do I need to restart the BB Policy service and do a battery plug ?
When does the policy apply, how long does it take ?

MisterGriffiths 05-21-2012 08:11 AM

Re: Connecting device to local web server
 
If your BES configuration is pretty much out of the box, then the Policy will automatically be sent to the devices after you make a change.

Forgive me for I forget what the default time is for the automatic resending the IT Policy.

Pick a user with that resolved policy and then look at the Tasks that are running for that user. You should see an IT Policy Task which eventually should be showing as Task: Installing & Status: Success.

You can resend the IT Policy manually to one or more users if necessary.

djoh 05-21-2012 09:10 AM

Re: Connecting device to local web server
 
Having two browsers seem good, I have to wait for the MDS config to be pushed, still doing some testing.
I just hope that the mobile will understand which browser to use when I click on a link (anything *.mydomain.com by My Browser, all the others by the IBS browser)

Thanks a lot for your help, you saved me a lot of time.
Lots of karma for you.

MisterGriffiths 05-21-2012 09:17 AM

Re: Connecting device to local web server
 
Karma always gratefully received.

Might also be worth setting some of the BlackBerry Balance IT Policy Settings.

These are under Personal Devices tab within the policy settings.

There are a few self explanatory policies available.

djoh 05-22-2012 01:54 AM

Re: Connecting device to local web server
 
No luck so far - without the policy, the MDS browser is unable to open intranet links.

I tried using PROXY, DIRECT and PAC, I always get the DNS error message from Blackberry server.
It's like it's chosing to use the IBS over MDS, unless I force it to use MDS...

EDIT: found the MDS Browser Domains option, which allow the admin to define domains for which the MDS browser is used. Sounds like what I need !

djoh 05-22-2012 02:12 AM

Re: Connecting device to local web server
 
Ok all working now !

MDS Blackberry Browser was the way to go.
So I added .mydomain.com in it, and I configured the Proxy mapping to proxy.pac. This way, I have only my Intranet going to my network, everything else is direct to Internet from IBS !

MisterGriffiths 05-22-2012 03:57 AM

Re: Connecting device to local web server
 
Good stuff.


All times are GMT -5. The time now is 03:35 AM.

Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.