Skip to main content

BES Troubleshooting Enterprise Activation

Troubleshooting the enterprise activation process can be broken down into 4 stages – when troubleshooting activation issues, let the process complete or until an error messages appears.



For more help with Enterprise Activation issues – KB13852

 

1.1.1        Stage 1 – Authentication

1.       The BESAdmin creates a new user and assigns an activation password using the Blackberry Manager (4.1.x) or the Blackberry Administration Service (5.0.X). The user list store in the blackberry Configuration Database is updated with the new user name, email address, mailbox information, activation password, activation status and other user account information.

Points of Failure – BAS, Configuration Database

 

2.       The Blackberry Dispatcher assigns the new user to a Blackberry Messaging Agent. The Blackberry Messaging Agent starts to monitor the user’s mailbox on the messaging server for new email messages. An email message containing the ETP.dat file attachment is required to continue the activation process over the Vodafone Network.

Points of Failure – Dispatcher, Messaging Agent

 

3.       The user goes to the Enterprise Activation screen on the blackberry and enters the email address and activation password. The user selects the menu key and clicks Activate. The blackberry displays Activating username@company_name.com

Points of Failure – Device

 

4.       The Blackberry creates an activation request email message that contains the email address, PIN and public key authentication information, based on the activation password typed in by the user. The activation request email message is encrypted and is sent to the RIM Relay over the Vodafone Network.

Points of Failure – Device, Network

 

5.       The RIM Relay receives the activation email message and identifies uit as an activation request. The RIM Relay forwards the email message using SMTP to the email address that was used for the Enterprise Activation screen.

Points of Failure – Antivirus software, spam filters, provisioning, users mailbox, messaging server, network

 

















































































IssueReason Solution
Failure to add user to the BESIncorrect permissions for the BESAdmin accountEnsure the permissions are correct for the BESAdmin account – KB02276
 Incorrect MAPI subsystem installed on the BESEnsure the MAPIsubsystem is equal or higher than the Exchange versions – KB10197

Recreate the MAPI profile – KB10285
 User Data cannot be written to the BB Configuration DatabaseBackup the BB Configuration Database - KB10292 and increase the size - KB10969
An Error has occurred. Please contact your system administrator appears on the BB deviceIncorrect password entered on the EA screenThe activation ETP.dat email message has reached the user’s mailbox and the BES has rejected the activation password and sent the error message to the BB device. The BES will allow 4 more attempts with the current password before a new EA password has to be created.
No EA application exists on the BB deviceThe BB device may not be provision correctlyConfirm that the provisioning of the BB device is correct via XML i.e. Enterprise or Dual provisioned. If necessary, refer to customer services to have the correct tariff applied to the account.
 The BB device may not be registered correctly on the VF networkConfirm that the BB device has in capital letters of either GPRS, EDGE, 3G. And is able to Register Now via the Hosting Routing Table – KB00014
 The BB device may not be running Ver. 4 or later of the device softwareConfirm that the BB device is running ver. 4 or higher of the software. To install BB device software – KB03901
The BB device stops responding at the Activating... status screen for 10 minutes. It then retries every 10 minutes, displaying a status of Retrying... after 40 minutes the process ends with the message The server is not responding. Please contact your System Administrator.

During this stage, the activation email messages do not arrive in the user’s mailbox.
The BB device may not be provision correctlyConfirm that the provisioning of the BB device is correct via XML i.e. Enterprise or Dual provisioned. If necessary, refer to customer services to have the correct tariff applied to the account.
The BB Device is not in a wireless network coverage area.Confirm that the BB device has the correct signal type. Can the BB device send a PIN message to check coverage?
The users has entered in an incorrect email address in the EA screenThe user must retry the EA process with the correct email address.
An activation password was not createdCreate an activation password
The activation email message was moved to another folder than the inbox.Confirm that there are no filtering or forwarding rules on the Messaging Server or the user’s mailbox to a folder other than the inbox.
The user’s mailbox is full.Confirm that the user’s mailbox can receive email messages.

 
The BB device stops responding at the Activating... status screen for 10 minutes. It then retries every 10 minutes, displaying a status of Retrying... after 40 minutes the process ends with the message The server is not responding. Please contact your System Administrator.

During this stage, the activation email messages do not arrive in the user’s mailbox.
The user’s email messages are being routed to a .pst folder or .ost folder.Confirm that the user’s email mailbox is configures to leave a copy of the messages on the Messaging Server.

Personal and Offline folders are inaccessible to the BES.
The ETP.dat message is not reaching the user’s inbox because it is being deleted or modified by a virus scanning application.Confirm that the company’s antivirus software is not rejecting activation email message and that the EPT.dat attachment is not being deleted, flagged or modified.
The ETP.dat attachment is not reaching the user’s inbox because it is being identified as spam.Confirm that the company’s firewall is not filtering email messages from the blackberry,net domain.

Confirm that the company’s anti spam software is not flagging the activation email message and modifying its title, contents or the ETP.dat attachment.

Confirm that the users email application is not moving the activation email message to the default junk email message folder.

 

 

1.1.2        Stage 2 - Encryption Verification

1.       On arrival in the user’s mailbox, the Blackberry Messaging Agent identifies the new activation request email message and removes it from the user’s mailbox. The Blackberry Messaging Agent recognises the EPT.dat attachment in the activation request email message and begins the authentication process.

Points of Failure – Messaging Agent, Messaging Server, Users Mailbox

 

2.        The Blackberry Messaging Agent compares the authentication key received in the activation request email message with the authentication key generated from the activation password and stored in the Blackberry Configuration Database. If the authentication keys match, the blackberry Messaging Agent notifies the Blackberry device that the activation request has been received. The Blackberry Messaging Agent and the Blackberry device then generate their encryption keys that will be used to encrypt and decrypt all data

Points of Failure – Blackberry device, Messaging Agent

 

 


























IssueReason Solution
The BB device stops responding at the Activating... status screen for 10 minutes. It then retries every 10 minutes, displaying a status of Retrying... after 40 minutes the process ends with the message The server is not responding. Please contact your System Administrator.

During this stage, the activation email messages with the ETP.dat attachment appear in the user’s mailbox.
The BES does not receive the UDP notification for the new email message from the Messaging Server.Confirm that there BES can communicate with the Messaging Server
Incorrect MAPI subsystem installed on the BES.Ensure the MAPIsubsystem is equal or higher than the Exchange versions – KB10197

Recreate the MAPI profile – KB10285

 
The BESAdmin account does not have the correct permissions to access the user’s mailbox and retrieve the ETP.dat activation email message.Ensure the BESAdmin account permissions are correct for the users mailbox – KB10823

The EPT.dat activation email message must arrive in the user’s mailbox before the BESAdmin account is notified is notified that the email message has been received.
An Error has occurred. Please contact your system administrator appears on the BB deviceThe Enterprise Service Policy has restricted which BB devices can be activated on the BESConfirm that the Enterprise Service Policy allows the BB device to be activated on the BES

 

 

1.1.3        Stage 3 - Receiving services

3.       At this stage, the BES and the Blackberry device have established an encryption key and have verified their knowledge of the encryption key to each other. The Blackberry device now displays the message Encryption Verified. Waiting for Services. All data between the BES and the Blackberry device from now on is compressed and encrypted using this encryption key.

4.       The Blackberry Messaging Agent forwards the request to the Blackberry Policy Service to generate the service books. The Blackberry Policy Service adds the unique authentication key that the Blackberry Domain uses to sign IT policy data and then forwards the IT policy data through the Blackberry Dispatcher to the Blackberry Router and then to the Blackberry device. The Blackberry Policy Service waits for confirmation from the Blackberry device that the IT policy has been applied successfully.

Points of Failure – Configuration database, Messaging Agent, Policy Service, Blackberry device

 

5.       The Blackberry device applies the IT policy and sends a confirmation to the BES. The IT policy applied to the Blackberry device. The IT policy applied to the Blackberry device is now in a read-only state and can be modified only by IT policy updates sent from the same Blackberry Domain.

Points of Failure – Blackberry device

 

6.       When the Blackberry Policy Service receives the confirmation that the IT policy has been applied successfully, the Blackberry Policy Service generates and sends the service books to the Blackberry device.

Points of Failure – Configuration database, Policy Service, Blackberry device

 

7.       The Blackberry device receives the service books and displays the following message Services Received. Your email address, username@company_name.com is now enabled. At this point the users can send and receive email messages on the Blackberry device.

Points of Failure – Blackberry device

 


























IssueReason Solution
The BB device stops responding at Waiting for Services...The BB Policy Service or the BB Synchronisation Service is not started or responding.Confirm that the BB Policy Service and the BB Synchronisation Service are started or restart the services if required.
The BB Policy Service is processing the service books and the IT policy.Allow sufficient time for the BB Policy Service to process the service books and the IT policy.
Another user with the same PIN is active in the BB Configuration Database.Remove the duplicate user account from the BES.
IT Policy Rejected. Please wipe handheld and try again appears on the BB device.The BB device was previously active on another BES and has a conflicting IT policy.

This happens when the previous BES and the current BES do not share the same BB configuration database.
The user must delete all data using the Security Wipe option on the BB device to allow the new BES to overwrite the IT policy from the previous BES.

 

1.1.4        Stage 4 – Slow Synchronisation

8.       The slow synchronisation process begins. The Blackberry device requests the synchronisation configuration information from the Blackberry Synchronisation Service, the configuration information indicates whether wireless data synchronisation on the BES is turn on and which PIM databases can be synchronised. The configuration information also provides database synchronisation types (one way or two way) and conflict resolution settings.

Points of Failure – Synchronisation Service, Blackberry device

 

9.       The Blackberry Synchronisation Service returns the configuration information and synchronises the databases in the Blackberry device.

Points of Failure – Configuration Database, Blackberry device, users’ mailbox, Synchronisation Service

 

10.   The slow synchronisation process is complete when all the databases are synchronised between the Blackberry device and the BES. The blackberry device displays Activation Complete and the user account status displays Completed in the BAS console.

 








































IssueReason Solution
The EA process only completes the synchronisation process of the Calendar database.The BB Synchronisation Service is not started or responding.Confirm that the BB Synchronisation Service are started or restart the services if required.

Confirm that the MS XML parser is installed.
The BES has network connection issues with the MS SQL Server.Confirm that there are no network connectivity issues between the BES and the BB Configuration Database.
Not all databases synchronised successfully – Address Book appears on the BB device.Due to requirements for contact information, some entries in the Address Book application might have been skipped.Confirm that all contacts have a first name, last name or company name. When a contact entry is missing information in all 3 fields then the entry is not synchronised and this error message is displayed on the BB device.
PIM databases are not synchronised after the enterprise activation process has finished.The IT policy is disabling wireless bulk load, PIM synchronisation or individual PIM applications.Confirm that the IT policy allows for wireless synchronisation of PIM applications.
The EA process stops responding and the slow synchronisation process cannot complete.Content Protection is enabled on the BB Device.Turn off Content Protection before stating the EA process again.
Multiple users are attempting the slow synchronisation process at the same time.If Multiple users are attempting the slow synchronisation process at the same time, then it may take long to complete depending on BES settings and workload and the Messaging Server performance.
The Desktop [SYNC] service is corrupt.Delete and undelete the Desktop [SYNC] service books – if necessary resend from the BES.

Comments

Popular posts from this blog

Windows 7 Offline files will not go Online when connected to network

Issue Several laptop users move between networks, domain, home, etc and when they attempt to access DFS shares explorer status is working offline.  The issue only resolves it self after a reboot. Connecting directly to the share works and i am able to ping network resources.  This behavior occurs for VPN users as well. Possible Causes "slow-link mode". In win7 (with default settings) a client will enter slow-link mode if the latency to the server is above 80ms. In slow-link mode all writes are made to the local cache and a background sync only happens every 6 hours.  Depending on your connection the default slow link detection speed is 64,000 bps On client computers running Windows 7 or Windows Server 2008 R2, a shared folder automatically transitions to the slow-link mode if the round-trip latency of the network is greater than 80 milliseconds, or as configured by the "Configure slow-link mode" policy. After transitioning a folder to the slow-link mode, Offline Fil

SCCM Client Certificate (PKI) Value is None

SCCM Client Certificate (PKI) Value is None Stopping WMI service Stopping CCMExec SC Delete any sccm services (ccmexec, smstsmgr, cmecservice, ccmsetup) Delete C:\windows\ccm, C:\windows\ccmsetup, C:\windows\ccmcache, C:\Windows\SMSCFG.ini Go into regedit and remove: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCMSetup HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS Then restart WMI, and reinstall the client. You shouldn't need a reboot to complete this. Once this has been done the client will install and pick up the cert. https://www.windows-noob.com/forums/topic/12644-sccm-2012-client-certificate-pki-value-is-none/

SCCM Unknown computer not able to see Task Sequences after installing Current Branch 1702

Soon after installing SCCM CB 1702 we were unable to see Task Sequences deployed to the unknown collection. This issue was identified as a random system taking the GUID of the 'x64 Unknown Computer (x64 Unknown Computer)' record. As a result it was now a known GUID; as we were only deploying Task Sequences to the Unknown collection none were made available. 'x64 Unknown Computer (x64 Unknown Computer)' record 'x86 Unknown Computer (x86 Unknown Computer)' record To get the GUID of your unknown systems open SQL management studio and run the following command: --Sql Command to list the name and GUID for UnknownSystems record data select ItemKey, Name0,SMS_Unique_Identifier0 from UnknownSystem_DISC Using the returned GUID (SMS_Unique_Identifier0) we can find the hostname that has been assigned the 'x64 Unknown Computer (x64 Unknown Computer)' GUID by running the query below. --x64 Unknown Computers select Name0,SMS_Unique_Identifier0,Decommissioned0 from Sys