Certain Proxy Auto-Configuration file functions fail to parse on BlackBerry 10 smartphones

Article ID: KB33673

Type: Support Content

Last Modified: 07-09-2014

 

Product(s) Affected:

  • Porsche Design P'9982 smartphone from BlackBerry
  • BlackBerry Z30
  • BlackBerry Z10
  • BlackBerry Q10
  • BlackBerry Q5
  • BlackBerry Enterprise Service 10
  • BlackBerry Device Service
CollapseEnvironment
  • BlackBerry 10 OS version 10.0 to 10.2
  • BlackBerry Enterprise Service 10
  • BlackBerry Device Service
  • JI 196541
  • JI 197209
  • JI 203654
  • JI 443624
CollapseOverview

After a proxy profile which utilizes a Proxy Auto-Configuration (PAC) file is applied to the BlackBerry Device Service instance, all requests which should use the PAC to determine routing are instead routed direct (no proxy), leading to one of the following scenarios when requesting resources that reside outside the company network.
 

Scenario 1 - No DIRECT route to external resources

When no DIRECT route to access external resources exists, the request will fail.

These failures will take different forms depending on the application used or the resource requested. For example, opening the Browser in the Work perimeter and attempting to browse to a web site outside the company domain, such as http://www.blackberry.com, displays the following result:

Unknown Network Error
Server returned nothing (no headers, no data)


Scenario 2 - DIRECT route exists to access external resources

When a DIRECT route to access external resources exists, requests will succeed, but will bypass the proxy servers specified in the PAC file. As a result, there will be few to no symptoms on the BlackBerry device, but any security, logging, or routing functions handled by the proxy server will not be performed.

CollapseCause

When the BlackBerry 10 smartphone receives a proxy profile which utilizes a PAC, the PAC is downloaded and stored locally on the BlackBerry 10 smartphone. The PAC is then parsed locally prior to a request being sent to the BlackBerry Device Service MDS Connection Service for processing.

While BlackBerry 10 smartphones support many common functions utilized in PAC files, certain functions are not supported when the proxy profile is assigned at the BlackBerry Device Service instance level. The functions include, but may not be limited to, the following:

  • myIpAddress()
  • dnsResolve()
  • isResolvable()
  • isInNet()

When a PAC containing a non-supported function is parsed by the BlackBerry 10 smartphone, the PAC look up fails, defaulting to the DIRECT (no proxy) routing option.

Connections over an Enterprise Wi-Fi profile or utilizing a VPN profile utilize PAC profiles differently, such that a proxy profile assigned to one of these connection types may be able to use a PAC file containing functions which would fail to parse correctly when assigned to the BlackBerry Device Service instance.

CollapseResolution

This issue has been resolved in BlackBerry 10 OS version 10.2.1 and later.

Note: If this issue is still being experienced on BlackBerry 10 OS version 10.2.1 and later and the PAC file uses functions not listed above, open a ticket with BlackBerry Technical Support Services for further investigation.

CollapseWorkaround

Two options exist to work around this issue.

Workaround 1

Remove the unsupported function call from the PAC file specified in the proxy profile.

Workaround 2

Manually specify a specific proxy server to be used instead of utilizing a PAC to decide routing on a per-host basis.

Note: This may restrict access to resources within the company network if the proxy specified does not allow internal requests. Confirm the settings on the proxy server prior to implementing this workaround.

CollapseAdditional Information

The BlackBerry Device Service Administration Guide found at http://docs.blackberry.com/ contains more information regarding the configuration of proxy profiles, under the "Managing proxy profiles" heading.

Differences between the BlackBerry Device Service and BlackBerry Enterprise Server

The behavior described above differs from the data flow used by BlackBerry Enterprise Service, where requests from the connected BlackBerry smartphones are passed to the MDS Connection Service on the BlackBerry Enterprise Server, and the MDS Connection Service is responsible for parsing the PAC file to route the request correctly. In this scenario, myIpAddress() would return the IP address of the server hosting the MDS Connection Service, which can be correctly used by the PAC file.

As a result, a PAC which functions as expected for a BlackBerry Enterprise Server proxy configuration may not work properly for a BlackBerry Device Service instance.

This article contains information previously documented in KB33676 and KB33446.

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.