How to configure the BlackBerry Administration Service 5.0 SP3 or SP4 to support proxy authentication

Article ID: KB25252

Type: Support Content

Last Modified: 04-22-2013

 

Product(s) Affected:

  • BlackBerry Enterprise Server for Microsoft Exchange
  • BlackBerry Enterprise Server for IBM Domino
CollapseEnvironment
  • BlackBerry Enterprise Server 5.0 SP3 and SP4 for Microsoft Exchange
  • BlackBerry Enterprise Server 5.0 SP3 and SP4 for IBM Lotus Domino
  • Windows Server 2003 to 2008
CollapseOverview

In BlackBerry Enterprise Server 5.0 SP3 and SP4, the BlackBerry Administration Service is capable of detecting a proxy server automatically, and is also capable of authenticating against the proxy server using several different methods.

Connectivity to a proxy server is supported when the BlackBerry Administration Service needs to update Vendor.xml files, Device.xml files, and information about the BlackBerry Device Software bundles from the BlackBerry Infrastructure. The following includes the four mechanisms the BlackBerry Administration Service supports for proxy discovery and authentication (only one needs to be configured):

  • Manual proxy selection for a BlackBerry Administration Service machine instance.
  • Manual proxy selection for the Windows account that runs the BlackBerry Administration Service.
  • Selection of a PAC file to select a proxy server automatically.
  • Configuration of the BlackBerry Administration Service to use the Web Proxy Auto discovery Protocol (WPAD) to select a proxy server automatically.

 
Method 1) Manual proxy selection for a BlackBerry Administration Service machine instance

The BlackBerry Administration Service supports the manual selection of a proxy server for a machine hosting the BlackBerry Administration Services. These proxy settings are stored in the WinHTTPSettings binary registry value located at:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

Every 60 minutes, the BlackBerry Administration Service will check the WinHTTPSettings registry value to see if a proxy server has been specified. If it finds one, it will then forward and HTTP request to the proxy requesting access to blackberry.com over port 443. While performing this HTTP request, updated copies of the Vendor.xml and Device.xml files will be requested. If the preferred approach to configuring proxy settings is to store them in the WinHTTPSettings value, then this can be accomplished by:

On Windows Server 2003, complete the following:

  1. Click on Start, Run, and then type cmd and press Enter.
  2. At the command prompt do one of the following:
    1. If no proxy server has been specified in Windows Internet Explorer, type: proxycfg.exe -p <proxy_server>:<port> 
    2. If a proxy server was already configured in Windows Internet Explorer, type: proxycfg.exe -u

On Windows Server 2008, complete the following:

  1. Open a command prompt as Administrator.
  2. Type the following at a command prompt:
    1. If host is a 32-bit operating system: netsh winhttp set proxy <proxy_server>:<port>
    2. If host is a 64-bit operating system: %systemroot%\SysWow64\netsh winhttp set proxy <proxy_server>:<port>

Note for Windows 2008:

To c heck current proxy settings for WinHTTP, open Command Prompt (Run As Administrator) and complete the following:

  • For 32-bit system, type netsh winhttp show proxy then press Enter
  • For 64-bit system, type %systemroot%\SysWow64\netsh winhttp show proxy then press Enter.

To set WinHTTP to default proxy settings, open Command Prompt (Run As Administrator), and complete the following:

  • For 32-bit system, type netsh winhttp reset proxy then press Enter.
  • For 64-bit system, type %systemroot%\SysWow64\netsh winhttp reset proxy then press  Enter.

 
Method 2) Manual proxy selection for the Windows account that runs the BlackBerry Administration Service

The second option that the BlackBerry Administration Service supports is the ability to manually specify a proxy setting via Windows Internet Explorer for the service account running the BlackBerry Administration Services. To configure these settings, complete the following steps:

  1. On the computer that hosts the BlackBerry Administration Service, log in using the Windows account that runs the BlackBerry Administration Service.
  2. Open Windows Internet Explorer.
  3. Click Tools > Internet Options.
  4. On the Connections tab, click LAN settings.
  5. Select Use a proxy server for your LAN.
  6. In the Address field, type the address for the proxy server.
  7. In the Port field, type the port number for the proxy server.
  8. Click OK.
  9. Click OK.

 
Method 3) Selection of a PAC file to select a proxy server automatically

The third stage in detecting a proxy server is to detect if a PAC file has been provided within the service account's Windows Internet Explorer proxy settings. To configure a mapping to a PAC file for the service account, please complete the following steps:

  1. On the computer that hosts the BlackBerry Administration Service instance, log in using the Windows account that runs the BlackBerry Administration Service.
  2. Open Internet Explorer.
  3. Click Tools > Internet Options.
  4. On the Connections tab, click LAN settings.
  5. Select Use automatic configuration script.
  6. In the Address field, type the URL for the PAC file.
  7. Click OK.
  8. Click OK

 
Method 4) Configuration of the BlackBerry Administration Service to use the Web Proxy Auto discovery Protocol (WPAD) to select a proxy server automatically

The fourth stage of the proxy discovery and authentication process is to attempt to locate a proxy server by leveraging the Web Proxy Auto discovery protocol (WPAD). The BlackBerry Administration Service will leverage DHCP or DNS to find the location of a PAC file to be used when querying a proxy. To configure the BlackBerry Administration Service to support the use of the WPAD protocol, complete the following steps:

  1. On the computer that hosts the BlackBerry Administration Service, at the command prompt, navigate to the folder that contains the Traittool.exe file (for example:C:\Research In Motion\BlackBerry Enterprise Server 5.0.3\Tools ).
  2. Type TraitTool.exe -global -trait BASIsProxyWPADOptionEnabled -set 1 then press Enter.

To turn off the ability for the BlackBerry Administration Service to use WPAD, complete the following:

  1. On the computer that hosts the BlackBerry Administration Service, at the command prompt, navigate to the folder that contains the Traittool.exe file (for example: C:\Research In Motion\BlackBerry Enterprise Server 5.0.3\Tools ).
  2. Type TraitTool.exe -global -trait BASIsProxyWPADOptionEnabled -erase then press Enter.
CollapseAdditional Information

For more information on configuring the Web Proxy Auto discovery Protocol within an enterprise environment, see Automatic Discovery for Firewall and Web Proxy Clients.

For more information on configuring WinHTTP proxy settings via proxycfg.exe, see Netsh.exe and ProxyCfg.exe Proxy Configuration Tools.

For more information on configuring WinHTTP proxy settings via netsh winhttp, see Netsh Commands for Windows Hypertext Transfer Protocol (WINHTTP).

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.