Can't browse HTTPS web sites from Blackberry Device.

EfrenMM
EfrenMM used Ask the Experts™
on
Hi Expert,  Help!

Unable to Browse HTTPS sites from Blackberry Device.

BES Server 4.1.3.14
Windows 2003 SP2
BES for Lotus Notes Domino

MS ISA 2000 configured as Internet Proxy Server (Cache Mode Only).
Can Browse HTTP and HTTPS web sites from the BES Server.

No issues for emails and other services except browsing Secured Web Sites from the Blackberry Device.
Can successfully browse unsecured web sites (HTTP).

Blackberry Devices : 8700 and  8100.
Loaded IT Policy - DEFAULT

Thanks.


Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2007

Commented:
Not sure about this one.

Have you checked the IM support site yet ?

Is this just you or everybody who has a BB device ?

I hope this helps !
This may be a policy setting. I know that browsing in general from BlackBerry's is very limited within our company and HTTPS sites are not supported from the BES. Have you checked with the BES Adminstrator for current policies?

Author

Commented:
Hello Expert,

HTTPS won't work on all the BB devices.  As per RIM Support HTTPS should work on this BES Ver 4.1.3.

BES IT Default Policy is loaded on BB Devices.  Checked all the entries on Default IT Policy and all seems well.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Top Expert 2007

Commented:
Remove and readd the user on the BES server and see if that resolves it.

I hope this helps !

Author

Commented:
Hi Expert,  I did it for a number of times.

Please note that it happened only for HTTPS sites.  There is no problem with HTTP sites.

HTTP/1.1 407 Proxy Authentication Required (ISA Proxy Server Requires Authorization to Fulfill the Request. Access to the Web Proxy Service is Denied).

Please Note the error "Access to the web PROXY SERVICE is Denied"

Thanks.
Gary CutriData & Communications Specialist

Commented:
On your BES server select your MDS server (The yellow icon) and press edit properties in the properties window.  In the MDS properties window ensure that "Allow Untrusted HTTP Connections" is set to true on the HTTPS menu.  Also ensure that "Support HTTP Authentication" is set to True on the HTTP menu.

Author

Commented:
Hello Expert,

It's  all set to true.  Still got the same issue.  Tried to restart the BES Server and the O.S/WIndows 2003.  Please advise.

Thanks.

Commented:
Let me see if I understand.  MDS is correctly contacting the proxy server, but the proxy server is denying access?  Do you have any setting on the proxy server that might cause this? Is there any authentication required for proxy services? Can youput in a protocol monitor or review the proxy logs to confirm that the proxy is receiving the request?

Author

Commented:
Hi Expert, Got this the same error  from wfetch monitor.

HTTP/1.1 407 Proxy Authentication Required (ISA Proxy Server Requires Authorization to Fulfill the Request. Access to the Web Proxy Service is Denied).

Please Note the error "Access to the web PROXY SERVICE is Denied"

I'm confused about this "authentication required for proxy services"  The error came only when you try to browse HTTPS from the BB devices.  Works well for unsecured web sites/http.

I'm utilising GFIMonitor for my ISA 2000 Proxy Server.  I can see that the account authentication is working for BES proxy settings.

Please advise.  Best regards.

Commented:
Your ISA server is set to require PROXY authentication.  Just as a web site can require a uid/pwd, a proxy server like ISA can also require a uid/pwd.  Your BES is not giving a valid uid/pwd for the proxy server.  Talk to whoever set up your ISA.

Author

Commented:
Hello Expert,

Could you please advise what needs to be done to make the BES for valid uid/pwd for the proxy server?

Authentication is configured to ISA Proxy Server.  BES Server Proxy Setting Account is working (besadmin / password).

I can see the besadmin user account activity from ISA Proxy thru the GFI Monitor.  It's working well on HTTP browsing.
Browsing activity from the BB device is logged and monitored on the GFi monitor.
The problem is when you try to browse HTTPS from BB device.

Best regards.

Commented:
I don't understand what you are saying, could you please be clearer?

Author

Commented:
Hi Expert,

What I mean is that when your browse unsecured web from BB device it's all working.
I can see the BES Server user account (besadmin) logs on the ISA Proxy Server.  I'm monitoring the ISA Proxy Logs
using GFI Monitor.

When I tried to Access Secured Web sites (HTTPS) from the BB Device I got this error from the ISA Proxy Logs.

"HTTP/1.1 407 Proxy Authentication Required (ISA Proxy Server Requires Authorization to Fulfill the Request. Access to the Web Proxy Service is Denied)".

Let me know if you need more info.  Thanks.

Commented:
Then, as I said, you need to code the ISA uid/pwd into BES for both HTTP and HTTPS.

Author

Commented:
Hi Expert,

Could you please give me some spoon feeding workarounds to do this?  I'm not yet familiar with this type of setup.

Thanks.

Commented:
I don't have an MDS setup that I am currently administering, so I don't have the screens available to me.  However, I checked around, and here's the detail from KB article DB-00047

Details
To setup the BlackBerry MDS simulator to function behind a proxy, the rimpublic.property file needs to be modified to include that proxy information.

Open the rimpublic.property file. The rimpublic.property file can be found in the following location:
\Program Files\Research In Motion\BlackBerry JDE #.#\MDS\config

Under the [HTTP HANDLER] section add the following:
application.handler.http.proxyHost=hostname

application.handler.http.proxyPort=hostport

To include proxy authentication, add the following under the [HTTP HANDLER] section:
application.handler.http.proxyUser=username

application.handler.http.proxyPass=password


Supporting info:
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB04885&sliceId=SAL_Public&dialogID=15423023&stateId=0%200%2015421324



Support HTTP Authentication = True
HTTP Proxy Enabled = True
Proxy Auto Configuration = False
MDS Authentication Enable = True

Author

Commented:
Hello Expert,  How can I open this rimpublic.property file?  I'm still infant on this.  Thanks.

Author

Commented:
Hi Expert,  Please advise for workaround to open this rimpublic.property file.

Best regards.

Commented:
Just search for it on your MDS box and open it in Notepad.  It is a text file. Note sure which version it applies to, though.

Commented:
FYI, it might be easier to just reconfigure your ISA server to not require auth from your MDS's IP address.

Author

Commented:
Hi Expert, Please help me reconfigure my ISA server not to require authentication from MDS IP Address.

Best regards.

Commented:
That owuld be a separate question for an ISA expert.

Author

Commented:
Hi qwaletee,  I've posted a separate question for this ISA.  Could you please help ask somebody to reply.  I've posted it a couple of weeks ago but no one has taken sometimes to reply. Thanks.

Commented:
I'm sorry, but that's outside my area of expertise.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial