Results 1 to 8 of 8

We are unable to access HTTPS web sites from our blackberry handheld devices. Have tried ... Server Admins forum

  1. #1
    luke_miggs's Avatar
    luke_miggs no está en línea Stack level 1
    Join Date
    Aug 2007
    Posts
    4

    Question BES Access to Secure HTTPS Web Sites

    Advertisement



    We are unable to access HTTPS web sites from our blackberry handheld devices. Have tried it on various devices, various users and various web sites but all come back with errors.

    At first our devices were receiving the below error ;

    "HTTP Error 403: Forbidden

    You are not authorized to view this page...."

    Since then we have had a new proxy server. To allow internet access via our new server I changed the proxy mappings to point to a PAC file (which our Internet Explorer Browsers are now also using) and although it has improved browsing on the handhelds, we still cannot access HTTPS sites. Error message is now ;

    "HTTP Error 400: Bad Request

    The server could not understand the page request, or was unable to process it for some reason..."


    vodafone have told us that we may be blocking access to HTTPS sites and that we need to allow this access in Blackberry Manager. I've trawled the settings and Policies but can't see what option to change? I've even used the default policy for myself but this wont allow access to HTTPS sites either.

    Any help or advice appreciated!!

    thanks


    We are running BES server with Lotus Domino. BES v4.1.2.25.

  2. #2
    KeNNethX's Avatar
    KeNNethX no está en línea Stack level 3
    Join Date
    Mar 2006
    Posts
    241
    First...are you trying to access the page from the BlackBerry Browser not the Internet Browser? on newer models...it appears as only one icon, but if the defaults are not set to BlackBerry Browser and are trying to access and internal page you won't be able to get to it. If not that then try looking (BlackBerry Manager) in your MDS properties...in the left pane it will look something like SERVERNAME_MDS-CS_1 on the right in the Tasks box click Edit Properties and check there. HTTPS is there and also HTTP authentication...if you have a page that would require authentication. Hope this helps.
    When in Doubt, Pop the Battery Out!

  3. #3
    luke_miggs's Avatar
    luke_miggs no está en línea Stack level 1
    Join Date
    Aug 2007
    Posts
    4

    Post HTTPS access

    I'm using the blackberry browser and trying to access external web pages..... These web pages work fine from our PC's just not the Handhelds via the BES. I've looked in the properties and the only options are to allow untrusted sites (HTTPS/TLS)... How do we add sites to the trusted list?

    Also, not sure if this helps but in the MDAT Log the following warnings appear .... (note that IPs and server names have been removed/amended)..... ;


    "... 11:14:40.084 BST>:[4281]:<MDS-Server-2>:<DEBUG>:<LAYER = IPPP, EVENT = Receiving, TAG = 1915172643, DEVICEPIN = 2540ae8e, USERID = u279, VERSION = 16, CONNECTIONID = 1192274869, SEQUENCE = 0, TYPE = CONNECTION-REQUEST, CONNECTIONHANDLER = https, PROTOCOL = TCP, PARAMETERS = [blackberry.paperiq.com:443], SIZE = 1047>
    11:14:40.084 BST>:[4282]:<MDS-Server-2>:<DEBUG>:<LAYER = IPPP, EVENT = CreatedReceivingQueue, USERID:CONNECTIONID = u279:1192274869, ReceivingQueueSize = 1>
    11:14:40.084 BST>:[4283]:<MDS-Server-2>:<DEBUG>:<LAYER = IPPP, EVENT = StartExecuting, TAG = 1915172643, DEVICEPIN = 2540ae8e, USERID = u279, VERSION = 16, CONNECTIONID = 1192274869, SEQUENCE = 0, TYPE = CONNECTION-REQUEST, CONNECTIONHANDLER = https, PROTOCOL = TCP, PARAMETERS = [blackberry.paperiq.com:443], SIZE = 1047>
    ...
    ...
    11:14:40.099 BST>:[4288]:<MDS-Server-2>:<DEBUG>:<LAYER = IPPP, PAC returns: 10.1.2.3:80;10.1.2.4:80;10.1.2.5:80;10.1.2.6:80 for https://blackberry.paperiq.com/pen.aspx>
    11:14:40.099 BST>:[4289]:<MDS-Server-2>:<WARNG>:<LAYER = IPPP, Invalid HTTP Proxy Server: null proxy1.domain.co.uk80>
    11:14:40.115 BST>:[4290]:<MDS-Server-2>:<WARNG>:<LAYER = IPPP, Invalid HTTP Proxy Server: null proxy2.domain.co.uk:80>
    11:14:40.115 BST>:[4291]:<MDS-Server-2>:<WARNG>:<LAYER = IPPP, Invalid HTTP Proxy Server: null proxy3.domain.co.uk:80>
    11:14:40.115 BST>:[4292]:<MDS-Server-2>:<WARNG>:<LAYER = IPPP, Invalid HTTP Proxy Server: null proxy4.domain.co.uk:80>....."

    The same PAC file is in use for HTTP sites and it works fine.....Does this help give an indication into the issue?

  4. #4
    KeNNethX's Avatar
    KeNNethX no está en línea Stack level 3
    Join Date
    Mar 2006
    Posts
    241
    ~via BB (wap.pinstack.com)~ hmmm. I don't experience with proxy servers, as we don't use them. There must be an option somewhere for allowing those proxy servers. I would keep poking around there. If I find anything I will post it here.

  5. #5
    KeNNethX's Avatar
    KeNNethX no está en línea Stack level 3
    Join Date
    Mar 2006
    Posts
    241
    After looking at BB Manager I see a place to map proxy setting...in that same area I mentioned earlier...Is that helpful?
    When in Doubt, Pop the Battery Out!

  6. #6
    luke_miggs's Avatar
    luke_miggs no está en línea Stack level 1
    Join Date
    Aug 2007
    Posts
    4
    Thanks for advice and yes I have got a little further in my investigations...!

    I've noted that the listening port for HTTPS (8443) doesn't appear to be open on our BES server. 8080 (for HTTP traffic) is open and is opened when the MDS service is started but 8443 isn't.? Not entirely sure how/when/why this port should open but it's something else to look into.... Can anyone tell me at which point 8443 (listening port for TLS/HTTPS) should be opened???

    Or any more info on the workings of these ports would help...

  7. #7
    luke_miggs's Avatar
    luke_miggs no está en línea Stack level 1
    Join Date
    Aug 2007
    Posts
    4
    Can you tell me what the format should be for Username ? E.G domain\username?

  8. #8
    chatster18's Avatar
    chatster18 no está en línea Stack level 5
    Join Date
    Nov 2006
    PIN/ID
    ASK
    Posts
    1,121
    Ya I would try:

    user.name@domain.com

    or domain\user.name

    I think you will get the same results from each, since you are telling it to authenticate you based on your domain rights that are not specific to your device/browser you are using.

    let us know.
    it's always greener with the other carrier...

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •