Link to home
Create AccountLog in
Avatar of reirembar
reirembar

asked on

Blackberry users do not get corporate email after ISP change

Hi everyone,
Our company recently changed ISP and since then the blackberry users have lost their connection to the corporate email. The public IP that the BB server is mapped to is different. Users of iphone and android smartphones are able to get their email in their mobile devices without a problem. We already opened TCP 3101 and TCP 443 to outbound initiated bidirectional communication to our BES server from specific IP addresses as  described on Blackberry kb34193 and kb03735. Nothing have changed in the server itself.  All BB services in the server are up and running. Any ideas?
Avatar of E C
E C
Flag of United States of America image

Are you able to wipe one of the blackberrys, then send a new activation code?
ASKER CERTIFIED SOLUTION
Avatar of John Gobert
John Gobert
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of reirembar
reirembar

ASKER

Hi jpgobert,
Even when I know little about BB I knew that all the data goes through RIM and I did not had an explanation for the problem since nothing was changed in the BES (neither Exchange) other than the traffic being blocked in the firewall. However, I looked for the ip address for the SRP connection (216.9.242.33 and 68.171.242.33) and opened those holes in the firewall on TCP 3101. The problem did not go away. I even opened TCP 443 port for traffic coming from specific ip addresses that belong to blackberry and the situation did not change.
After I read your comment I opened Blackberry Server Configuration/Blackberry Router and I tested network connection just to check the IP address that the server was trying to connect to. It happened to be different to the ones that I opened holes for (206.51.26.33 and 204.187.87.33). I opened port TCP 3101 for those address as well and the email started to flow. I wonder whether I should go back now and close some of the holes that I opened but the users are getting the email now. What do you think? Thanks for your help.
Glad you got that worked out!!

I don't know what make/model firewall you use but you should consider setting up your rules based on the DNS name srp.us.blackberry.com.  That way you won't have to worry about changes to IP's over time.

Definitely close any holes you made that aren't needed.  The best practice with firewall policies is to never, ever have anything allowed that isn't absolutely necessary.