[JRV]

BES Exchange 4.1.2 HF1, just installed as an upgrade-in-place to BES 4.0.

MDSS service starts, then stops a few seconds later.

IN BB Manager, if I click on https://<fqdn>:7443/mds, I get this message:

Accept SSL Certificate
Please use the following wizard to install the certificate being offered from the MDS Services server, then press OK.
[OK]

No wizard appears (I'm guessing because Apache isn't running).

When I click OK, I get an error page that says "There are errors in retreiving information from the server. Please refer to the log for more information."

Dunno which of the bazillion BES logs they're referring to, so for now, I'll pass on that! But in the Windows Application log, I see this event:

Event Type: Warning
Event Source: MNGR
Event Category: None
Event ID: 20000
Date: 02/13/2007
Time: 10:10:34 AM
User: N/A
Computer: <server name>
Description:
CMDSAGView: Bad hResult, -2147467261 - Object reference not set to an instance of an object., from AG web service call MDSAGAdminMgmt(testWsAccess - getServerStatus. Asking user to get SSL certificate.)

If I leave the error page up, the "Accept SSL Certificate" message keeps popping up every 10 minutes.

The App log event led me to try Cause 1/Resolution 1 in Unable to connect to BlackBerry MDS Services using HTTPS with no change. I entered the full Distinguished Name for the server as found in ADSIEdit...I hope that's what I was supposed to do.

Cause 2 does not apply; server has multiple drives, but BES is installed to the default location. Nonetheless, verified that default.jks is in the right folder.

When I try to browse the URL with IE7 as in "Import the certificate using Internet Explorer", I just get a page not found error. (Again...Apache not running so not a big surprise, but in the interests of thoroughness!)

4.1 RTM MDSS install was totally hosed--Apache service wasn't even installed. Noted multiple fixes in release notes relating to SP2 Setup of Apache service and MDSS, and installed SP2. SP2 appeared to complete without errors, but MDSS still doesn't work.

I have reinstalled 4.1 SP2; no change.

[dcpuser]

Do you have any proxy settings configured? I don't know how they even relate but if I toggle off Proxy from IE, I can get the certificate to come up and I can install it. However I am also still getting that error that it is unable to retrieve data.

[JRV]

Thanks for your reply. We do have a proxy server; I turned off all proxy settings and it made no difference from either IE or BBM.

[sferical]

Are you using MSDE for your BESmgmt databases?

If so make sure that TCP/IP is enabled for MSDE.

Start > Run SVRNETCN

Enable TCP/IP and restart MSDE

[JRV]

DingDingDingDingDing!! We have a winner!!

We are, in fact, using MSDE, and TCP/IP was, in fact, disabled. In BES 4.0, we were not accessing the database by TCP/IP, but apparently MDSS does. So with TCP/IP enabled, now MDSS stays running, I got the "wizard" the message refers to, and am prompted to log on with MDSS credentials. So that was a key step, and thanks, sferical, for that.

However...I still got the error page. I had to take some additional steps that are not documented AFAIK, so here they are, right or wrong:

1. Create the cert per Unable to connect to BlackBerry MDS Services using HTTPS, substituting the FQDN of your server for <FQDN>. I don't think it matters what the OU and so on are, but I copied mine from the server's DistinguishedName attribute in ADSIEdit just to be anal.
2. Make sure to click View Certificate and click Install to install the cert in your user account's certificate store.
3. Once the cert is installed, open Internet Properties/Content/Certificates.
4. Select the cert on the Trusted Root Certification Authorities tab and export it to a DER-encoded *.CER file.
5. You need to be an admin to do what follows, or else do a Run As and use admin credentials. Start/Run/MMC, then click File/Add/Remove Snap-In. Click Add, choose Certificates and click Add.
6. Click Computer account, Finish and OK.
7. Expand the Trusted Root Certification Authority node, right-click Certificates and click Import
8. Import the *.CER file you just exported.
9. Bump the BlackBerry MDS Services - Apache Tomcat Service

The cert created by the procedure in the RIM KB article is valid for a year.

Hope I didn't leave anything out.

Although now I know that MDSS is not needed to push the DST patch, this turned out to be a useless exercise for me!

[dcpuser]

Tried the steps outlined above and still no luck. It works though via IE so I guess its good enough for me.

[JRV]

Actually, I now know it didn't work for me, either! It only got the correct page to load.

But when I start MDSS from the MDSS page that now displays, it doesn't stay running, and a configuration error event from Apache appears in the Application log. Doesn't work in IE, either.

But since I don't need it for the DST patch, that's as far as I'm going with this project!