Blackberry Internet access through ISA proxy server

Posted on 2007-10-18
Last Modified: 2008-11-17
Hi all,

I am using MS ISA Server 2004 with latest service pack at my company. We also have a BES server with version
The problem is that when I enable user authentication on the ISA (for name resolution in Surf Control), Blackberry users trying to access the interget get the following error:
Error Code: 403 Forbidden. The ISA Server denied the specified uniform resource locator (URL) (12202)
Is there any setting I need to enter/change on either the BES or ISA to allow blackberry devices access to the internet? Enabling the user authentication is a must-have for reporting purposes.
Many thanks for any help.
Question by:polonium210
    LVL 63

    Expert Comment

    Not sure, but I would check the RIM support site or open a ticket with them, since this could get very messy.

    I hope this helps !
    LVL 7

    Expert Comment

    In the BlackBerry Manager, go to the Properties of the MDS Connection Service (it has MDS-CS in the name).
    Then go to Proxy
    Proxy Mappings
    Make a new Proxy Mapping (or edit the existing if there is one)
    By "Universal Resource Locator" fill in a the mask for internet pages (it is regular expression) the deault string will wildcard all
    Fill in the Proxy String
    Leave User Name blank (if you like the users to type in their username and password)
    same for password

    If you fill in a Username and Password, all users use the same username/password for autentication.

    BlackBerry Consultant

    Author Comment

    Hi Bob

    many thanks,

    I'd tried this but without success as I wasnt sure about some of the fields. It won't let me add a blank password however? I don't want users to have to log in every time as they will complain, is there any way of preventing this and just allowing transparent authentication?


    LVL 7

    Accepted Solution

    Go in the properties of the MDS Connection Service and go to HTTP. Try Support HTTP Authentication TRUE
    and change the Authentication Timeout.

    For the Proxy Mapping, if you create a new one there is no password (even you see ******)

    Bob Hillesum
    BlackBerry Consultant
    LVL 1

    Expert Comment

    Forced accept.

    EE Admin

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
    This is a short article about OS X KeRanger, and what people can do to get rid of it.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now