Has anyone had any luck configuring BES behind an ISA box?
I get error 10060 (connection failed) when initiating the connection from the blackberry server. I set up an access rule allowing TCP 3101 both ways between the ISA box and Blackberry's SPA's. No luck.
RE: Blackberry Enterprise Server - 13.Sep.2005 4:21:00 AM
We have added the following definitions and rules to the ISA Proxy server:
-Protocol definition Name : BlackBerry Enterprise Server
Connection : Port : 3101 Protocol : TCP Direction : Outbound
- Client address set Name : BlackBerry server Address : addr. of BES server
- Protocol rule Name : BlackBerry Action : Allow Protocol : BlackBerry Enterprise server Schedule : Always Client Addr. : BlackBerry server
Running the test on our BES server gave the following result:
C:\temp>bbsrptest -host srp.eu.blackberry.net Attempting to connect to srp.eu.blackberry.net (188.8.131.52), port 3101 Sending test packet Waiting for response Receiving response Checking response Successful
I've run BES 3.5, 3.6, and now 4.0 for sometime behind my ISA2000 box.
I remember toying with this one for quite sometime and I don't remember why, but I created a IP Packet Filter for TCP/Fixed/3101 for Local and Remote. That's all that was needed. I'm currently running 4.0 with no problems.
This is funny because I'm setting up the BES rule on my new ISA2k4 boxes at this very moment.
RE: Blackberry Enterprise Server - 23.Sep.2005 2:56:00 PM
There is an issue with BES for one of their servers. If you are on a support call they will deny it til the cows come home. Depending on your configuration for DNS do ipconfig /flushdns and nbtstat -RR on the client then re-run the test. not the IP addresses that pass and those that fail. Each time you run the test you'll find that the ip changes if you do the flush dns and wins cash...and that it only fails on one specific IP.... we have the same issue and got tired of arguing with them...the BES software will keep retrying and eventually will find a different server and work.
If it's working at all and only failing for that test then you have duplicated the issue we experienced both direct connecting and behind ISA/Proxy.. jer
BES 4.0 uses bidirectional on 3101 only. You need to make sure that your rule does not restrict the request to just the srp.ca.blackberry.net or srp.na.blackberry.net the BES software defaults to. Once you create a protocol for the traffic on port 3101 and create a rule to allow that traffic anywhere you will be in business.
However, Even since I installed this BES Server behind my ISA 2004 box my Firewall Service locks up intermittently and I have never experienced this behaviour before. I am positive the BES server is causing this. I just need a way to prove it.
Has anyone else got a BES 4.0 Server working without issues behind an ISA 2004 Server?
From: San Diego
I tried using port 3101 in many ways. Finally - I used an outbound rule using the TCP protocol I created - From ALL Networks - To All networks and did not specify a port - So Everything goes out... That worked.
When I specified only port 3101 - It Did Not Work?? !!! To get on with the install - I Specified the TCP protocol and the To: = External.
I Disabled the Published incoming rule and it still works. I disabled the Specific Outgoing rule - 3101 and it still works... Next I will work with support to find out why all ports works and what they say - 3101 does not!