apnaguy dot com

New installation of BES-X on SBS 2003 Server.

Installation all went through OK, however cannot administer the BES-X server as IE admin page blank.

Discovered the The BlackBerry Administration Service – Application Server service keeps failing. 

It will start and chew up lots of CPU time & memory but then stop after approx. 1 minute, (BAS-AS.exe will disappear from task manager).

Event Viewer says:

The BlackBerry Administration Service – Application Server service terminated unexpectedly.

BBAS-AS logs mention these which may be of note:

[WARN] Problem starting service jboss:service=RIM_BES_BAS_HA_33879984_SBSSVR
org.jgroups.ChannelException: failed to start protocol stack (03/30 12:39:17:843):{main} [org.jboss.system.ServiceController] [WARN] Problem starting service jboss.cache:service=EJB3EntityTreeCache
org.jgroups.ChannelException: failed to start protocol stack

Resolution:

Although I have found four or five different issues that can cause this, the resolutuion below was hardly documented anywhere on the internet.

I got this working by going into the registry and reserving the following ports: 48858, 48857, 48855, 45588, 49955, 45599

Click Start, click Run, type regedit, and then click OK.

Locate and then click the following subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Right-click ReservedPorts, and then click Modify.

Paste the following at the bottom

48855-48858
45588-45588
49955-49955
45599-45599

Restart the server

I found this after a complete uninstall and reinstall of Blackberry Enterprise Express 5.0.2.

How to configure the BlackBerry MDS Connection Service to enable certificate searching using Lightweight Directory Access Protocol (LDAP) certificate server.

Task 1 – Configure the MDS Connection Service

BlackBerry Enterprise Server 4.1

1. Enter the LDAP certificate server host name.
2. Enter the LDAP certificate server port configured on the LDAP certificate server. The default is 636.
3. Enter the Microsoft® Active Directory® account and password that has permission to query the LDAP certificate server.
4. Enter a default base query.
5. Amend the query limit and data compression settings if necessary.

BlackBerry Enterprise Server version 5.0

1. Open the BlackBerry Administration Service.
2. Navigate to BlackBerry Solution topology > BlackBerry Domain > Component view > Edit (MDS Connection Service) > LDAP.
3. Enter the LDAP certificate server host name and port in the Service URL field in the format:
   • Hostname:Port
4. Set Secure connection enabled to Yes.
5. Click Save All.
6. Navigate to BlackBerry Solution topology > BlackBerry Domain > Component view > Edit (MDS Connection Service) > Configuration sets.
7. Add the LDAP configuration to a new or existing configuration set.
8. Click Save all.
9. Navigate to each BlackBerry MDS Connection Service instance in BlackBerry Solution topology > BlackBerry Domain > Component view > MDS Connection Service > Edit (Servername_MDS-CS_x) > Component Configuration Sets and specify the configuration set that a BlackBerry MDS Connection Service instance will use.
10. Click Save all.

Task 2 – Amend rimpublic.property file

1. In C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\Servers\<SERVER_NAME>\config, open rimpublic.property.
2. Add Adding application.handler.ldap.DEFAULT_USE_SSL_TLS=true.
3. Save.

Task 3 – Restart the BlackBerry MDS Connection Service to allow the changes to MDS_CS and rimpublic.property to apply.

Task 4 – Import company root certificate to the MDS keystore.

Refer to KB11623 – How to add a certificate for the web server to the BlackBerry MDS or BlackBerry MDS Keystore – and add the root certificate to the BlackBerry MDS keystore.

If the root certificate does not contain a CRL distribution point entry it will be necessary to add Intermediate certificates to the BlackBerry MDS keystore.

—————————————————————–

How to add a certificate for the web server to the BlackBerry Mobile Data Service or BlackBerry MDS keystore

Collapse all | Expand all

Jump to: Overview | Environment | Additional Information

Overview

---

The cacerts file is a keystore with certificate authority (CA) certificates, and it includes multiple trusted root CA certificates, such as VeriSign®. For the BlackBerry® Mobile Data System (MDS) or BlackBerry MDS Connection Service to trust a web server, the BlackBerry MDS Connection Service must check that the web server certificate with the certificate authority. If the web server certificate is purchased from a trusted certificate authority, the check is successful because the issuer’s root CA certificate is in the cacerts file by default. If a private certificate authority is used to issue the web site certificate, the check fails and access to the website from the BlackBerry smartphone is either denied or a prompt to trust the certificate appears on the BlackBerry smartphone screen. Any of the following can be done in order to change this behaviour and to allow the BlackBerry smartphone to access the website successfully:

• Import the private certificate authority’s root CA certificate and any relevant intermediate certificates into the cacerts file.
• Import the web server certificate into the cacerts file.

Note: The BlackBerry MDS is included with BlackBerry Enterprise Server 3.6 to 4.0. BlackBerry MDS Connection Service is included with BlackBerry Enterprise Server 4.1 to 4.1 SP7.

To import the certificate into the cacerts file, complete the following tasks:

Task 1 – Check which version of JRE is used by the BlackBerry MDS or BlackBerry MDS Connection Service

As multiple versions of the JRE can be installed on a server, it is necessary to check which version is currently in use by the BlackBerry MDS or BlackBerry MDS Connection Service.

Perform the following steps to do so:

1. Open the Windows Services® snap-in.
2. Open properties of the BlackBerry MDS Connection Service.
3. On General tab in Path to executable find the value of jvmpath parameter. It is populated with a path to the JRE in use. See the following example:jvmpath=”C:\Program Files\Java\jre1.6.0_15\bin\client\jvm.dll”
4. Write down part of the path which points to the JRE installation directory. See the following example:C:\Program Files\Java\jre1.6.0_15

Task 2 – Add a certificate to the BlackBerry MDS or BlackBerry MDS-CS certificate store

Note: The default keystore password is changeit. The aliasname used in the following commands must be unique.

To add a certificate to the BlackBerry MDS or BlackBerry MDS Connection Service certificate store, complete the following steps:

1. Copy the certificatename.cer file to <PATH_FROM_TASK1_STEP4>\lib\security
2. Type the following commands in the command prompt:cd <PATH_FROM_TASK1_STEP4>\bin

   keytool -import -trustcacerts -alias aliasname -file ..\lib\security\certificateName.cer -keystore ..\lib\security\cacerts

3. Check that the cacerts file contains the updated information for the new alias and certificate:

   keytool -list -v -keystore ..\lib\security\cacerts

4. Restart the BlackBerry MDS or BlackBerry MDS Connection Service for the changes to take effect.

• Back to top

Environment

---

• BlackBerry® Enterprise Server 3.6 to 5.0 SP1
• Java® Runtime Environment (JRE)

• Back to top

Additional Information

---

If the following error message appears in the BlackBerry MDS or the BlackBerry MDS log file after accessing an HTTPS site from a BlackBerry smartphone, it might be caused by the web server’s certificate not being added to the cacerts file:

BlackBerry Enterprise Server 3.6 to 4.1 SP5

<MDS-CS_1>:<DEBUG>:<LAYER = IPPP, URL [https://testsite/test.css] SSLException
[sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]>

BlackBerry Enterprise Server 4.1 SP6 to 4.1 SP7

<MDS-CS_SERVERNAME_MDS-CS_1>:<DEBUG>:<LAYER = IPPP, Access Denied: Insecure SSL Request>

*information was provided by blackberry technical solution center.

kb20197 and kb11623

I was looking for ways to show domain controller information and or changing domain controller name and came across a few pages on the net that helped me achieve this.

You can download the kit from windows here:

http://download.microsoft.com/download/3/e/4/3e438f5e-24ef-4637-abd1-981341d349c7/WindowsServer2003-KB892777-SupportTools-x86-ENU.exe

other tools in the kit:

http://technet.microsoft.com/en-us/library/cc773354%28WS.10%29.aspx

this site is awesome for windows related support and how-to’s:

http://www.petri.co.il/windows_2003_domain_rename.htm

http://www.petri.co.il/download_windows_2003_sp1_support_tools.htm

Honestly, this is just for my reference

I have built a new server on VMWare to accommodate the new Blackberry Enterprise Server Express 5.0.1 that was just recently released. I was quite ecstatic to hear RIM was giving this up for free. Since I had a 5 CAL license for Windows 2003 Small Business Server, I setup this on my VM, which also included Exchange Server 2003. Setup was easy, did all the updates to this ancient OS. Then setup the BESX on the same server. Since I only plan to host personal/SOHO domain, this is totally acceptable. Blackberry suggests I can have upto 75 users on this server. The server itself is pretty decent – Xeon, 4GB ECC Ram, Raid5.

Blackberry has this great video tutorial that shows how to set the BESX up in a jiffy.

you can view the video here

Going forward, I had redirected my domains email to the exchange server, this entailed me to purchase anti spam software as it was getting ridiculous with out it.

What I decided to do is activate POP3 Connector which comes with the SBS 2003 OS. The downside was that it only polls every 15 minimum. Boo! Doesnt that defeat having push email to the blackberry?

Well I found a reg edit hack that will accelerate the polling.

You can set the polling interval in the GUI if you view the properties of
the POP3 Connector Manager, and then click the “Scheduling” tab. To set the
polling interval so that polling occurs more frequently than every 15
minutes, you must configure the ScheduleAccelerator registry entry.

1. Locate and then click the following registry subkey:

“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\Network\POP3
Connector”

2. On the “Edit” menu, point to “New”, and then click “DWORD Value”.

3. Type “ScheduleAccelerator” (without the quotation marks) as the entry
name, and then press ENTER.

5. On the “Edit” menu, click “Modify”.

6. In the “Value data” box, click decimal, type the value that you want, and then click
“OK”. To determine the polling interval, the value that is configured on the
“Scheduling” tab in the GUI is divided by the value that you type for the
ScheduleAccelerator entry. For example, if a 15 minute interval is specified
in the GUI and you set the value of the ScheduleAccelerator entry to 3, the
connector will poll ever five minutes.

7. Quit Registry Editor

Ran across this blog that shows how to make a tethered blackberry or even a internet stick and make your laptop a wifi hotspot.

Easily Turn Windows 7 Computer Into WiFi Hotspot to Share Wireless Internet Connection

great soft mod tutorial for will soft mod…

http://wiibrew.org

http://gwht.wikidot.com/ios249 for the ios installation.

I’d like to share my near loss experience with my blog.
So I was looking for a Coach collar for my new pup and on ebay these are near non-existent. So google got me some results, one of which was from iOffer.com. Looked kind of shady to start, but being the conscious consumer I am, thought i’d play it out, and if I felt confident of this transaction, i’d bite the bullet. It was a $35 risk.
After offering to buy the item, I asked the seller if they had any ebay feedback and I can review as paypal does not guarantee anything outside of ebay. I got a reply back saying that not to worry and she promises to ship the item today with tracking #, and that she is a paypal verified member for the last 7years, and also that paypal guarantees the transaction too. Well, thats all I needed is some assurance from the seller, NOT!
I went to the paypal forums site and low and behold, there are many many articles of fraud within iOffer. Many on yahoo answers as well. Just for shits and giggles, I went to pay the invoice (well not quite), I wanted to see if any info showed about this 7 years experienced seller. Notta! – This account is unable to accept any funds. LOL!! need i say more.

So, the saying still stands, if its too good to be true, it is!
PS. Seller Information
thedepot (7)
cheezyspizza@verizon.net
Chris Ettehadieh
1721 Glen Keith Blvd
Baltimore, MD 21234
also got a reply from guccimom@verizon.net

disclaimer: I have not proven that this may be a fraudulent seller, but all investigation points to this conclusion; thats good enough for me, anything more concrete would be a suckers bet.

I wanted to share my experience on getting UMA to work on a non rogers branded blackberry, partularly the 8900 Curve.

i found alot of help on the usual forums blackberryforums.com and crackberry.com.

you need to get to the escreen of your phone. you do this by pushing the alt + caps + h keys all at once. You will see a screen called Help Me!

Using your computer go to:

http://absolous.wavegap.com/projects/escreen/

–update on above link… seems that BB is cracking down on these generators. I was lucky to find another one on a blog.

http://xxx.zibri.org/2009/08/hidden-things-are-usually-best.html

Enter the information from your blackberry on the computer EXACTLY as it appears.

Once you get the unlock code, enter it on your phone, remember to use the alt button to enter the code.

I am pretty much fast tracking this how to as lots of info is mentioned on the aforementioned sites.

The settings once youre in the right screen>

mobile network engineering screens/utilities/session manager,

This is going to be a quick post regarding the newly released Blackberry 8520. Let me first say that I am quite disappointed in the features list of this phone. I was quite ecstatic when i heard a new curve is out, but after reading my favorite forums (blackberryforums.com, crackberried.com, boygeniusreport.com) I decided not to purchase this phone. Sure they added the trackpad that replaces the ball, but they still have a substandard lcd screen (which is the same as the old 83×0 Curve), a substandard 2.0 MP camera (non auto focus) – with NO FLASH — are you kidding me?? Currently this is the only 85xx series phone out as they phase out the rest of the 83xx series phones. So this one comes with wifi (UMA support) but thats about it. Sure its beefed up under the hood, but my suspicion is RIM is getting rid of their spare parts from the 83xx series phone. Understood its for the mid level consumer, and they cant make all the BB’s all cadillacs, some of them still have to be the chevy’s and the pontiacs.

I was checking on craigslist for this phone and they are running at approx $400 bnib. I have an old 8300 that is also listed for $300, so firstly, I am surprised how well these phones hold their value, and secondly, ill wait until the 85xx comes down in price (when the 83xx is obsolete) to keep one as a spare in case I lose my daily use phones.

Ill leave it at that.

Research in Motion has recently announced the Canadian company will be releasing a couple of new smart phones. The Bold (2) 9700 and Storm 2.

I dont hold much interest in the Storm 2 as I am not a fan of touch screen.

I currently own the Bold 9000 and also the Curve 8900. These are two of the best phones built by the Canadian smart phone maker in my opinion. However, this new 9700 will and has caught many peoples attention. Why you ask? Just think of the two phones I own meshed into one! The Bold 9000 is supplied by my work and since I didnt want to have 2 phones strapped to my waist, I opted to get the 8900 Curve. The 8900 stays in my pocket (this is for my personal/own business). I always wished that the curve would have 3G and the Bold be a bit smaller like the curve…. low and behold, the new 9700 Bold!!! Needless to say that I am very excited. The camera on the 8900 Curve is phenomenal. The camera on the Bold 9000 sucks! I can hammer on the Bold 9000 keyboard faster than on the curve 8900; i have read from boy genius reports that the keyboard on the 9700 has been improved.. better than the 8900, similar to the Bold— in the 8900 form factor…

Once I pick this baby up I will post some pics and do a write up on it.