Posted on

Blackberry Administration Service Page not found

New installation of BES-X on SBS 2003 Server.

Installation all went through OK, however cannot administer the BES-X server as IE admin page blank.

Discovered the The BlackBerry Administration Service – Application Server service keeps failing.

It will start and chew up lots of CPU time & memory but then stop after approx. 1 minute, (BAS-AS.exe will disappear from task manager).

Event Viewer says:

The BlackBerry Administration Service – Application Server service terminated unexpectedly.

BBAS-AS logs mention these which may be of note:

[WARN] Problem starting service jboss:service=RIM_BES_BAS_HA_33879984_SBSSVR
org.jgroups.ChannelException: failed to start protocol stack (03/30 12:39:17:843):{main} [org.jboss.system.ServiceController] [WARN] Problem starting service jboss.cache:service=EJB3EntityTreeCache
org.jgroups.ChannelException: failed to start protocol stack

Resolution:

Although I have found four or five different issues that can cause this, the resolutuion below was hardly documented anywhere on the internet.

I got this working by going into the registry and reserving the following ports: 48858, 48857, 48855, 45588, 49955, 45599

Click Start, click Run, type regedit, and then click OK.

Locate and then click the following subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Right-click ReservedPorts, and then click Modify.

Paste the following at the bottom

1433-1434
3443-3443
4070-4071
48855-48858
45588-45588
49955-49955
45599-45599

Restart the server

I found this after a complete uninstall and reinstall of Blackberry Enterprise Express 5.0.2.

Posted on

How to configure BlackBerry MDS Connection Service to perform certificate searches using LDAPS

How to configure the BlackBerry MDS Connection Service to enable certificate searching using Lightweight Directory Access Protocol (LDAP) certificate server.

Task 1 – Configure the MDS Connection Service

 

BlackBerry Enterprise Server 4.1

  1. Enter the LDAP certificate server host name.
  2. Enter the LDAP certificate server port configured on the LDAP certificate server. The default is 636.
  3. Enter the Microsoft® Active Directory® account and password that has permission to query the LDAP certificate server.
  4. Enter a default base query.
  5. Amend the query limit and data compression settings if necessary.

 

BlackBerry Enterprise Server version 5.0

  1. Open the BlackBerry Administration Service.
  2. Navigate to BlackBerry Solution topology > BlackBerry Domain > Component view > Edit (MDS Connection Service) > LDAP.
  3. Enter the LDAP certificate server host name and port in the Service URL field in the format:
    • Hostname:Port
  4. Set Secure connection enabled to Yes.
  5. Click Save All.
  6. Navigate to BlackBerry Solution topology > BlackBerry Domain > Component view > Edit (MDS Connection Service) > Configuration sets.
  7. Add the LDAP configuration to a new or existing configuration set.
  8. Click Save all.
  9. Navigate to each BlackBerry MDS Connection Service instance in BlackBerry Solution topology > BlackBerry Domain > Component view > MDS Connection Service > Edit (Servername_MDS-CS_x) > Component Configuration Sets and specify the configuration set that a BlackBerry MDS Connection Service instance will use.
  10. Click Save all.

 

Task 2 – Amend rimpublic.property file

  1. In C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\Servers\<SERVER_NAME>\config, open rimpublic.property.
  2. Add Adding application.handler.ldap.DEFAULT_USE_SSL_TLS=true.
  3. Save.

Task 3 – Restart the BlackBerry MDS Connection Service to allow the changes to MDS_CS and rimpublic.property to apply.

Task 4 – Import company root certificate to the MDS keystore.

Refer to KB11623 – How to add a certificate for the web server to the BlackBerry MDS or BlackBerry MDS Keystore – and add the root certificate to the BlackBerry MDS keystore.

If the root certificate does not contain a CRL distribution point entry it will be necessary to add Intermediate certificates to the BlackBerry MDS keystore.

—————————————————————–

How to add a certificate for the web server to the BlackBerry Mobile Data Service or BlackBerry MDS keystore

CollapseOverview

The cacerts file is a keystore with certificate authority (CA) certificates, and it includes multiple trusted root CA certificates, such as VeriSign®. For the BlackBerry® Mobile Data System (MDS) or BlackBerry MDS Connection Service to trust a web server, the BlackBerry MDS Connection Service must check that the web server certificate with the certificate authority. If the web server certificate is purchased from a trusted certificate authority, the check is successful because the issuer’s root CA certificate is in the cacerts file by default. If a private certificate authority is used to issue the web site certificate, the check fails and access to the website from the BlackBerry smartphone is either denied or a prompt to trust the certificate appears on the BlackBerry smartphone screen. Any of the following can be done in order to change this behaviour and to allow the BlackBerry smartphone to access the website successfully:

  • Import the private certificate authority’s root CA certificate and any relevant intermediate certificates into the cacerts file.
  • Import the web server certificate into the cacerts file.

Note: The BlackBerry MDS is included with BlackBerry Enterprise Server 3.6 to 4.0. BlackBerry MDS Connection Service is included with BlackBerry Enterprise Server 4.1 to 4.1 SP7.

To import the certificate into the cacerts file, complete the following tasks:

Task 1 – Check which version of JRE is used by the BlackBerry MDS or BlackBerry MDS Connection Service

As multiple versions of the JRE can be installed on a server, it is necessary to check which version is currently in use by the BlackBerry MDS or BlackBerry MDS Connection Service.

Perform the following steps to do so:

  1. Open the Windows Services® snap-in.
  2. Open properties of the BlackBerry MDS Connection Service.
  3. On General tab in Path to executable find the value of jvmpath parameter. It is populated with a path to the JRE in use. See the following example:jvmpath=”C:\Program Files\Java\jre1.6.0_15\bin\client\jvm.dll”
  4. Write down part of the path which points to the JRE installation directory. See the following example:C:\Program Files\Java\jre1.6.0_15

Task 2 – Add a certificate to the BlackBerry MDS or BlackBerry MDS-CS certificate store

Note: The default keystore password is changeit. The aliasname used in the following commands must be unique.

To add a certificate to the BlackBerry MDS or BlackBerry MDS Connection Service certificate store, complete the following steps:

  1. Copy the certificatename.cer file to <PATH_FROM_TASK1_STEP4>\lib\security
  2. Type the following commands in the command prompt:cd <PATH_FROM_TASK1_STEP4>\bin

    keytool -import -trustcacerts -alias aliasname -file ..\lib\security\certificateName.cer -keystore ..\lib\security\cacerts

  3. Check that the cacerts file contains the updated information for the new alias and certificate:

    keytool -list -v -keystore ..\lib\security\cacerts

  4. Restart the BlackBerry MDS or BlackBerry MDS Connection Service for the changes to take effect.
ExpandEnvironment
  • BlackBerry® Enterprise Server 3.6 to 5.0 SP1
  • Java® Runtime Environment (JRE)
CollapseAdditional Information

If the following error message appears in the BlackBerry MDS or the BlackBerry MDS log file after accessing an HTTPS site from a BlackBerry smartphone, it might be caused by the web server’s certificate not being added to the cacerts file:

BlackBerry Enterprise Server 3.6 to 4.1 SP5

<MDS-CS_1>:<DEBUG>:<LAYER = IPPP, URL [https://testsite/test.css] SSLException
[sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]>

BlackBerry Enterprise Server 4.1 SP6 to 4.1 SP7

<MDS-CS_SERVERNAME_MDS-CS_1>:<DEBUG>:<LAYER = IPPP, Access Denied: Insecure SSL Request>

*information was provided by blackberry technical solution center.

kb20197 and kb11623

Posted on

Windows 2003 + Active Directory Support Tools

I was looking for ways to show domain controller information and or changing domain controller name and came across a few pages on the net that helped me achieve this.

You can download the kit from windows here:

http://download.microsoft.com/download/3/e/4/3e438f5e-24ef-4637-abd1-981341d349c7/WindowsServer2003-KB892777-SupportTools-x86-ENU.exe

other tools in the kit:

http://technet.microsoft.com/en-us/library/cc773354%28WS.10%29.aspx

this site is awesome for windows related support and how-to’s:

http://www.petri.co.il/windows_2003_domain_rename.htm

http://www.petri.co.il/download_windows_2003_sp1_support_tools.htm

Honestly, this is just for my reference 🙂