How to run BB10 UDS Service via DMZ without direct connection

Since the BES10 Service finally received the Version 10.1.1/2, the installation and configuration was anyways just only one big trouble.

Whilst people are now able to install everything whithout the modification of local TCP ports and additonal components, the BDS is running like a charm from scratch, als well as the UDS can be used without a big problem – if you’re able to connect the relevant machine directly to the Internet.

For everybody who has the requirement to go through a DMZ, the UDS does of course give you the possibility to connect through a “TCP Proxy” which would be obviously also located in you DMZ.  So far, BlackBerry does not offer any option “out of the box” to implement such feature.

bes10-1

Since you might have already installed you dedicated BlackBerry Router on a Windows Server 2008 R2 in your DMZ, here is how you connect the UDS to it’s relevant components at the BlackBerry site:

1. On your BlackBerry Router server, please open a command prompt with adminstrative permission and enter the following command:

netsh interface portproxy add v4tov4 listenport=3102 listenaddress=10.10.1.45 connectport=3101 connectaddress=216.9.242.244

Please note, the IP mentioned for listenaddress is just an example and needs replacement by the one you are using on your BB RoutersServer. The connect address is the one you receive by doing a nslookup on de.bbsecure.com (in our case de.bbsecure.com) and requires also to be exchanged.

To make sure your setting is valid, please run “netstat -a” to see whether the server is now listening on port tcp 3102. There is no reboot required to enable it!

2. On your BlackBerry Router Server, go to the firewall settings and open port TCP 3102 for incoming connections.

3. On your Firewall to the DMZ, please open Port TCP 3102 directing to the IP you’ve set as the listenaddress in step 1.

4. On your UDS Server, open the hosts file and enter the following lines:

10.10.1.45 de.bbsecure.com
10.10.1.45 ca.swsmanager.bbsecure.com

Same as before, the ip address must match to the one you are using on your BlackBerry Router server in the DMZ.

5. In the UDS Settings, please enter the following credentials into the “Secure TCP” Service field:

Address: 10.10.1.45
Port: 3102

bes10-2

Same as before, please modify to your needs.

 

 

 

6. On your BlackBerry UDS Server, please restart the Service “Secure Connect”

bes10-3

 

 

7. Done. If you are now running the test to connect to the certificate Service, the green tick should appear and your ready to run your UDS Service through the BB Router Server in the DMZ.

bes10-4

 

11 Kommentare »»

  1. ekki – #

    Comment – 05. März 2014 – 11:51

    Das ist faszinierend. Der Blackberry-Support konnte mir genau diese Information seit Juli 2013 nicht geben. Herzlichen Dank, ich liebe das Netz für solche Seiten.
    cheers

    ekki

  2. francois – #

    Comment – 06. März 2014 – 13:58

    Thanks for the tutorial.
    But on my UDS Settings, after have modified the Secure Connect Settings (proxy enabled and port 3102) it reminds in the main screen status:
    on the left side
    Secure Connect Server:
    fr.bbsecure.com
    fr.bbsecure.com/myproxy@ip:3101
    Port:3101
    on the right side
    Proxy
    Server In Use: true
    myproxy@ip Port:3102

    and connection failed.

    Any idea on ths issue ? Best Regards
    françois

  3. lhaake – #

    Comment – 06. März 2014 – 14:09

    Francois,

    If the routing component on your “Router Server” in the DMZ is configured correctly, you should be able to do a

    telnet routeraddress 3102

    which results in a command prompt windows with blinking cursor.

    As an addon to the article, I have to state that we are no more using this feature as the vendor mentioned it will not be supported. Since the UDS is anyways very often a pain, it is hard to use such workaround without the acceptance of the developing company.

  4. francois – #

    Comment – 06. März 2014 – 14:13

    Thanks for your answer.
    telnet routeraddress 3102 is running ok.
    In regard of your answer, I will look for another solution. (or leave UDS…)

  5. francois – #

    Comment – 07. März 2014 – 11:53

    Hello Ihaake,

    I didn’t find any solution.
    You wrote “..we are no more using this feature..”, that means that you don’t use UDS?

  6. lhaake – #

    Comment – 07. März 2014 – 16:21

    Hi Francois,

    No, it should mean we do no use the TCP Proxy option and sometimes also no http proxy anymore. It turned out that whenever there was soemthing like this inbetween the UDS and the BlackBerry infrastructure, something did not work.

    In detail I have exactly one customer who is really happy with using UDS with iOS devices and almost not even one who uses it with Android. Whilst evaluating the solution, it turned out that due to the very modified Android software, many devices do not work properly.

    Whats your status now?

  7. francois – #

    Comment – 10. März 2014 – 09:51

    Hi Ihaake,

    Status is at the same point: ‘Connection with BCP failed’. No network access denied, but no communication!

    I don’t know if RIM will bring a solution, but at this time, I will wait.

    Many Thanks.
    François.

  8. Doreen – #

    Comment – 05. Juni 2014 – 15:26

    Hello,

    I did the changes on BB Router and host address file. The telnet to routeraddress 3102 is successfull. But I cannot change the proxy configuration at secure connect service. The error “The system encountered an error and could not save the changes.” occures.

    Any ideas?

    Regards, Doreen

  9. Doreen – #

    Comment – 05. Juni 2014 – 15:49

    Oh yey – test it with another User (the “big admin”) an now it runs!!!!

    Fantastic :)

  10. Matías Bueno – #

    Comment – 16. September 2014 – 14:38

    Hola!
    Despues de pelear con el soporte local de BB que exigia la apertura del puerto 3101 hacia internet encontré su post solucionó todo.
    Genios! Muchas Gracias!

  11. Linus – #

    Comment – 19. September 2014 – 20:53

    De nada:-) Estén atentos, Blackberry parece volver.

Schreibe einen Kommentar.

XHTML (Du kannst diese Elemente nutzen): <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>