BlackBerry Forums Support Community

BlackBerry Forums Support Community (http://www.blackberryforums.com/)
-   BES Admin Corner (http://www.blackberryforums.com/bes-admin-corner/)
-   -   Bes Express fetch certificates fail (http://www.blackberryforums.com/bes-admin-corner/263729-bes-express-fetch-certificates-fail.html)

BISAdmin 03-09-2013 08:32 AM

Bes Express fetch certificates fail
 
Hi All,

I installed BES Express on a Windows Small server 2011.
everything works except when i try to fetch certificates.
i get

"an error occurred connecting to the server. please check your server settings and try"

Please help

nobody7290 03-09-2013 05:04 PM

Re: Bes Express fetch certificates fail
 
I dont know this error message. You should explain a little more in detail what happens.

At what point does this happen ?
During installation ?
On the Handheld ?

BISAdmin 03-10-2013 05:05 AM

Re: Bes Express fetch certificates fail
 
Hi,

it happen on the handheld.
i can fetch chain status and lookup contacts but when i try to fetch a certificate i get that error on the handheld.

BISAdmin 03-10-2013 05:27 AM

Re: Bes Express fetch certificates fail
 
Noticed that it fails on all requests to fetch certificates and search sertificates

nobody7290 03-10-2013 06:58 AM

Re: Bes Express fetch certificates fail
 
Did you enter the ldap server infomation in the BES console ?
on servers and components,
expand Blackberry solution topology
component view
MDS-Connection service
cklick on MDS-Connection service,
click edit component
click the LDAP tab.
click the plus sign to add a server.
Enter a name, a description, and the dns name of your DC:389
Enter a username (maybe use the besadmin user) for authentication in the style domainname\username
enter the password
enter the base query like: dc=domain,dc=local which should match your SBS2011 domain.
save all

restart the MDS_CS_1 instance:
click the instance,
klick the restart instance

Then, try again on the Handheld.

does it work then ?

BISAdmin 03-10-2013 11:16 AM

Re: Bes Express fetch certificates fail
 
Hi,

thanks for the input.
after adding :389 (also tried 636 with same effect) i now get:

"The search specified was invalid. Please verify the search criteria and try again"

on the Base Query i already had:
ou=SBSUsers,ou=Users,ou=MyBusiness,dc=NameOfMyDoma in,dc=local
(NameOfMyDomain beeing the real name of my domain)

i save certificates to AD and if i look using a tool (Softerra ldap administrator) i can see the userCertificate

nobody7290 03-10-2013 11:41 AM

Re: Bes Express fetch certificates fail
 
For testing,
Start with
dc=mydomain,dc=local

If that works, you know everything is ok, and then, if you want to narrow the search, then try to make this work.
Posted via BlackBerryForums.com Mobile

BISAdmin 03-10-2013 11:50 AM

Re: Bes Express fetch certificates fail
 
no luck
still the same error
"The search specified was invalid. Please verify the search criteria and try again"

the settings i'm using: port 389
Secure connection enabled : yes
Base Query: DC=mydomain,DC=local

everyone complaining about this error has spaces in the base query but that doesn not apply

nobody7290 03-10-2013 12:31 PM

Re: Bes Express fetch certificates fail
 
Disable the secure connection.

Also, examine the logfiles:
I think, in the /Program Files (x86)/Research in Motrion/Blackberry Enterprise server/logs/
there is the mdat log. AFAIK here are the events of the MDS instance logged (not 100% sure).

akpain 03-11-2013 10:51 AM

Re: Bes Express fetch certificates fail
 
I recently install my BES to work with s/mime

in LDAP I put

server.domain:389
secure: not
besadmin
passwordbesadmin
CN=domain,CN=corp


also I configure the OCSP url

I use this guide
Code:

docs.blackberry.com/en/admin/deliverables/25767/Configuring_how_apps_trusted_conn_to_web_servers_268738_11.jsp
and
Code:

btsc.webapps.blackberry.com/btsc/viewdocument.do?externalId=KB15786&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl
but doesn't work, my error when I fetch is "Internal proxy provider error"

regards

BISAdmin 03-11-2013 03:55 PM

Re: Bes Express fetch certificates fail
 
Hi nobody7290,

i now get "the system cannot find the file specified" for webserver.keystore in the logs...
looking online on how to fix it but i actually don't know if it's a new error or it was there all along...
the fixes online doe not seem te be working any ideas? you have helped me a lot thanks for that

BISAdmin 03-11-2013 04:05 PM

Re: Bes Express fetch certificates fail
 
i foud that "\..\..\webserver\webserver.keystore (The system cannot find the file specified)" already was there long before i stared fixing things

BISAdmin 03-11-2013 04:16 PM

Re: Bes Express fetch certificates fail
 
i moved the keystore and now get

WARNG>:<LAYER = SCM, PushServiceImpl(): net.rim.security.b.b: Keystore was tampered with, or password was incorrect

at least i get something new everytime

nobody7290 03-11-2013 04:37 PM

Re: Bes Express fetch certificates fail
 
does/did the certificate lookup work now, and you have a new problem, or, is this something new?

regarding the certificates: you also can search or fetch a certificate using a Blackberry and setup the connection to the ldap server on the handheld. Dont know, if that helps, because the parameters are the same as when you enter that in the BES console. But maybe worth a try because it could be you get a more understandable error message ?

BISAdmin 03-11-2013 08:39 PM

Re: Bes Express fetch certificates fail
 
hi nobody7290

No i still couldn't fetch certificates, i just finished a re-install because i tried so many things that i couldn't even check te status/ chain/ trust status anymore...

i can check status / trust status but i can't fetch certificates....(even after a re-install)

is it even possible?
fetch certificates using bes express?...
should i just take my losses and install all certificates (pressent en future) on handhelds and just check the status... i'm getting ready to trow in the towel....

i tried your option on the handheld but got the same error. i'll try it tomorrow again with a new pair of eyes

BISAdmin 03-12-2013 05:28 AM

Re: Bes Express fetch certificates fail
 
Quote:

Originally Posted by akpain (Post 1800482)
I recently install my BES to work with s/mime

in LDAP I put

server.domain:389
secure: not
besadmin
passwordbesadmin
CN=domain,CN=corp


also I configure the OCSP url

I use this guide
Code:

docs.blackberry.com/en/admin/deliverables/25767/Configuring_how_apps_trusted_conn_to_web_servers_268738_11.jsp
and
Code:

btsc.webapps.blackberry.com/btsc/viewdocument.do?externalId=KB15786&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl
but doesn't work, my error when I fetch is "Internal proxy provider error"

regards

Did you run the setup using the BESAdmin account?
try using DC=domain,DC=corp

BISAdmin 03-12-2013 06:00 AM

Re: Bes Express fetch certificates fail
 
Hi nobody7290

i got it working on handheld!
my day just starterd great!

after a while i tested using url withoud ldap://
and it worked!!!

thanks for al your help!!


All times are GMT -5. The time now is 12:33 AM.

Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.