Remote administration commands issued from the Universal Device Service Administrative Console to any iOS device fail to deliver

Article ID: KB33028

Type: Support Content

Last Modified: 10-31-2014

 

Product(s) Affected:

  • BlackBerry Mobile Fusion
  • Universal Device Service
CollapseEnvironment
  • Universal Device Service
CollapseOverview
Remote administration commands issued from the Universal Device Service Administrative Console to any iOS device fail to deliver.
CollapseCause

Cause 1

The Apple Push Notification Service - Client Certificate has expired. This can be verified via the following steps:

Apple Certificate:

  1. Click Start > Run.
  2. Type mmc in and press Enter.
  3. In the Console window select File > Add/Remove Snap-in.
  4. Select the Certificates snap-in and click Add.
  5. Select the Computer Account option and click Next.
  6. Select the Local computer option and click Finish.

View the Communication Logs:

  1. Log in to the Universal Device Service Administration Console
  2. Click the Home tab.
  3. Click on one of the affected iOS users.
  4. Select Lock device.
  5. Select Communication Logs.
  6. The Communication Logs display the following log lines:
    November 5, 2012 4:13:28 PM UTC: action.poke failure
    November 5, 2012 4:13:17 PM UTC: action.lock request

View the Core Service Logs:

The Default Core Log Location is C:\Program Files (x86)\Research In Motion\Universal Device Service\Logs\Core.

The Core Service Logs display the following log lines:

Message: The remote certificate is invalid according to the validation

Cause 2

The Server hosting the Core Module is missing the Entrust Secure Root Certificate option under Trusted Root Certification Authorities.

Cause 3

The Authenticated Users group does not have the Read permission for the Apple Push Notification Service - Client Certificate.

The Core Service Logs display the following log line:

Message: The credentials supplied to the package were not recognized

CollapseResolution

Resolution for Cause 1

Validate that the operating system time on the Server hosting the Universal Device Service is correct.

If the time is accurate but the APNs Certificate Expiry is still older than the operating system time, a new APNs Certificate will need to be requested:

  1. Open the Universal Device Service Administration Console.
  2. Click Settings > APNs Certificate > Renew Certificate.
  3. Refer to the Universal Device Service Administration Guide found here for instructions on Installing the APNs Certificate.

Resolution for Cause 2

On the Core Server, verify if the Entrust Secure Root Certificate option is installed by:

  1. Go to Start > Run.
  2. Type mmc and press Enter.
  3. Click File > Add/Remove Snap-In.
  4. Select the Certificates snap-in and click Add.
  5. Select the Computer account option and click Next.
  6. Select the Local Computer option and click Finish.
  7. Click OK.
  8. Expand Certificates > Trusted Root Certification Authorities and select the Certificates folder folder.
  9. Verify that Entrust.net Certification Authority is listed. If it's not listed, check under the Untrusted Certificates folder as well to see if it is untrusted.
  10. If Entrust.net Certification Authority is listed under Untrusted Certificates, simply copy and paste it into the Trusted Root Certification Authorities folder.
  11. If Entrust.net Certification Authority is not listed anywhere, download the certificate from http://www.entrust.net/ and install it under the Trusted Root Certification Authorities folder.

Resolution for Cause 3

On the Core Server, grant the Authenticated Users group the Read permission to the Apple Push Notification Service - Client Certificate.

  1. Go to Start > Run.
  2. Type mmc and press Enter.
  3. Click on File > Add/Remove Snap-in.
  4. Select the Certificates snap-in and click Add.
  5. Select the Computer account option and click Next.
  6. Select the Local Computer option and click Finish.
  7. Click OK.
  8. Expand Certificates > Personal and select the Certificates folder.
  9. Right-click on Apple Push Notification Service - Client Certificate and select All Tasks > Manage Private Keys.
  10. On the Security tab for the properties of the certificate, click Add.
  11. Type Authenticated Users and click Check Name then OK.
  12. Select the Read check box under the Allow column.
  13. Click Apply then OK.

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.