BlackBerry Forums Support Community

BlackBerry Forums Support Community (
-   BES Admin Corner (
-   -   Getting MDS to authenticate through proxy (

andersh 09-06-2012 10:41 AM

Getting MDS to authenticate through proxy
Hi All, We have BES 5.0.2 and all our handsets are set to use the MDS browser only. All http traffic goes through our firewall and is proxy chained to a default policy on a cloud based proxy (zscaler) which doesn't allow social networking or streaming media.
All PCs on our network will use this default policy unless their browsers are set up pointing to a cloud hosted pac file, they can then authenticate and get different policies.
What we want to do is keep the default policy as is but let the Blackberry users get social networking so we need the BES to authenticate. I've tried putting in a username, password and proxy string in the proxy mappings section of the MDS connection Service but this doesn't work. If I check the MDAT log for when a web request is made there is an error:

PAC returns: Cannot retrieve Auto Proxy Script for <URL>

Any ideas as to how I can make this work?
Many thanks!

freakinvibe 09-07-2012 03:32 AM

Re: Getting MDS to authenticate through proxy
First thing is to check if you can browse the Internet with Internet Explorer on the BES server using the proxy.

andersh 09-07-2012 10:48 AM

Re: Getting MDS to authenticate through proxy
Yes I can browse from the server - using the default policy (with no pac file settings) and using other policies by using the pac file and authenticating.

freakinvibe 09-10-2012 02:28 AM

Re: Getting MDS to authenticate through proxy
So what are the MDS proxy settings? Are you using the PAC file or are you entering the proxy details directly?

andersh 09-10-2012 06:54 AM

Re: Getting MDS to authenticate through proxy
Tried uploading an image but not allowed to post urls yet...
Basically in the Proxy Mappings section I have .*://.*(:\d*)?(/.*)*(\?.*)? in the url section (default) my username and password for zscaler authentication, proxy type set to PAC and the proxy string we use in IE (can't type this either as it's a URL)
This is how it is set up - since I posted this question I have added the .pc bit at the end of the pac file url (I read somewhere you didn't need it) since I put that back I no longer get the message in the logs however it still doesn't authenticate and I just get the default policy.
The logs don't show any attemt to authenticate but not sure if they would if it worked?
Not really sure if this is a question for Blackberry or zscaler users?!
Thanks for your help so far.

All times are GMT -5. The time now is 01:36 AM.

Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.