Blackberry Enterprise Activation Demystified

 

I have been involved with a lot of BES activation issues for my customers & have a few notes that I turned into the attached document for a ready reference. This document not only discusses the complete process but also lists common error & the KB article numbers to resolve these issues.

 

I hope this provides some help while troubleshooting BES enterprise activation issues.

 

some of these solutions have been picked up from Blackberry knowledge base, but the Idea here was to keep these information at one place for complete reference

 

 

 =======================================================================

 

The wireless enterprise activation process allows the administrator to activate a BlackBerry smartphone for a BlackBerry Enterprise Server. The administrator can use the wireless enterprise activation process to manage encryption and service records.

1. Prerequisites for the wireless enterprise activation process

Before starting the wireless enterprise activation process, verify the following:

• The wireless service provider has activated a service for the BlackBerry smartphone with the BlackBerry Enterprise Server service class
• The BlackBerry smartphone user account has been added to the BlackBerry Enterprise Server
• The BlackBerry Enterprise Server has been correctly configured to access the BlackBerry smartphone user's mailbox.

            For information on the BlackBerry Enterprise Server administration account         permissions,             see KB02276.

• An activation password has been set for the BlackBerry smartphone user account

After the prerequisites are met, the BlackBerry Enterprise Server monitors the mailbox for new messages, including the ETP.DAT activation message that is sent from the BlackBerry smartphone.

The following scenario outlines the wireless enterprise activation process:

            1. A BlackBerry smartphone user receives a new BlackBerry smartphone and      contacts the administrator to activate the BlackBerry smartphone.

            2. The administrator sets the wireless enterprise activation password on the          BlackBerry smartphone user's account and communicates it to the BlackBerry smartphone user.

            Note: Before the BlackBerry smartphone user activates the BlackBerry        smartphone,             BlackBerry® Manager displays the status of Initializing.

 

 

 

 

2. The wireless enterprise activation process

This section provides an overview of the four phases of the wireless enterprise activation process.

Phase 1 – Activation

1. On the BlackBerry smartphone in the Enterprise Activation screen, the BlackBerry smartphone user types the email address and activation password.
2. The BlackBerry smartphone creates an encrypted activation message that contains an ETP.DAT file and sends it to the BlackBerry smartphone user's mailbox.

            Note: The ETP.DAT message contains routing information and the BlackBerry      smartphone's activation public keys. The ETP.DAT message is routed through       the BlackBerry Infrastructure to the BlackBerry smartphone user's mailbox as          a standard message with an attachment.

Phase 2 – Encryption verification

1. When the ETP.DAT message arrives at the messaging server, the BlackBerry Messaging Agent checks the content.
2. The BlackBerry Enterprise Server processes the data that is attached to the message. It verifies that the encrypted password matches the one set for the BlackBerry smartphone user. If it matches, the BlackBerry® Messaging Agent generates a new permanent encryption key using either Triple Data Encryption Standard (Triple DES) or Advanced Encryption Standard (AES), and sends it to the BlackBerry smartphone.

            Note: The BlackBerry smartphone displays the status of Verifying Encryption.

Phase 3 – Receiving services

1. The BlackBerry Enterprise Server and the BlackBerry smartphone establish a master encryption key. The BlackBerry smartphone and the BlackBerry Enterprise Server both verify receipt of the master key.
2. The BlackBerry smartphone implements the new encryption key and displays the following message:

            Note: The BlackBerry smartphone account status displays the status                        of Encryption Verified. Waiting for Services.

3. The BlackBerry Messaging Agent forwards a request to the BlackBerry® Policy Service to generate service books.
4. The BlackBerry Policy Service receives and queues the request and sends out an IT policy update to the BlackBerry smartphone.
5. The BlackBerry smartphone registers that the IT policy has been applied successfully.
6. The BlackBerry Policy Service generates and sends the service books to the BlackBerry smartphone, which is now able to send messages.

            Note: The BlackBerry smartphone displays a status of Services Received.

7. The BlackBerry smartphone then displays the following message: Your email address, mailto:user@domain.com is now enabled. Synchronization service Desktop [<SRP_Identifier>]

Phase 4 – Slow synchronization

1. Once the [CMIME] service book arrives on the BlackBerry smartphone, the BlackBerry smartphone is able to reconcile messages with the BlackBerry smartphone user's email account. The BlackBerry smartphone user can configure reconciliation as required. All service books should arrive at the same time, but only the [CMIME] service book is required for email message reconciliation.
2. The BlackBerry smartphone registers the receipt of the service books to the BlackBerry Enterprise Server and the activation process is completed.

            Note: The BlackBerry smartphone displays the status of Activation Complete.

3. The calendar data is synchronized using the [CICAL] service book before other organizer data is synchronized.
4. The Desktop [SYNC] service book is sent to the BlackBerry smartphone. The Desktop [SYNC] service book allows for organizer data synchronization, wireless backup and restore capability, and synchronization of email settings and filters.

            Note: The BlackBerry Messaging Agent manages wireless synchronization of        calendar data, and the BlackBerry Synchronization Service manages wireless         synchronization of other organizer data. The BlackBerry Enterprise Server sends   the appropriate service books and IT policies to the BlackBerry smartphone. The         BlackBerry smartphone user is now able to send and receive email messages on            the BlackBerry smartphone.

5. If the BlackBerry smartphone is configured for wireless organizer data synchronization and wireless backup, the BlackBerry Enterprise Server sends the following data to the BlackBerry smartphone:
   • Calendar entries
   • Address book entries
   • Tasks
   • Memos
   • Messages
   • Existing BlackBerry smartphone options that were backed up through automatic wireless backup

            Note: When the wireless enterprise activation process is complete, the        BlackBerry smartphone displays a status of Activation Complete.

 

3. Importance of the ETP.DAT message in the wireless enterprise activation process

During the wireless enterprise activation process, the BlackBerry smartphone sends an ETP.DAT message, which contains activation information, to an activation email address stored on the BlackBerry smartphone.

After the BlackBerry smartphone user selects the Activate option on the Enterprise Activation screen on the BlackBerry smartphone, the following occurs:

1. The ETP.DAT message is sent to the BlackBerry Infrastructure, which forwards it to the email address that was specified in the Enterprise Activation section.
2. The BlackBerry Enterprise Server, which monitors the BlackBerry smartphone user's mailbox, picks up the ETP.DAT message. The wireless enterprise activation process begins.
3. The BlackBerry Enterprise Server sends the acknowledgment and encryption information to the BlackBerry smartphone.
4. The IT policy is sent to the BlackBerry smartphone.
5. When the BlackBerry Enterprise Server verifies that the IT policy has been applied successfully, it sends the required service books to the BlackBerry smartphone.
6. When the BlackBerry Enterprise Server sends all the required information to the BlackBerry smartphone. The following message appears on the BlackBerry smartphone.

Your email address mailto:user@domain.com is now enabled

7. The slow synchronization process begins.

 

 

 

 

4. Identifying and troubleshooting issues with the Enterprise Activation process

 

 

Enterprise activation stage	Knowledge base articles
Stage 1 – Activation The BlackBerry® smartphone generates an ETP.DAT message and sends it to the BlackBerry smartphone user's mailbox over the wireless network. (03/10 10:27:28.014):{0x1AEC}{ian.dundas@example.net} Queuing DATA fromnetwork@etp1006.etp.na.blackberry.net, Tag=-903057656, EntryId=2604425	Please contact your system administrator errors     KB04829 – The BlackBerry smartphone displays An error has occurred. Please contact your administrator     KB13458 – The BlackBerry smartphone continually displays Activating or Retrying during the enterprise activation process     KB13468 – BlackBerry Enterprise Server is not responding or an error has occurred     KB04982 – The Please Contact Your System Administrator error message appears during the enterprise activation process The enterprise activation process stops at the Activating or Retrying status     KB13840 – The enterprise activation process stops responding at the Activating stage     KB13841 – The enterprise activation process stops at the Activating or Retrying stage User not started errors     KB10321 – The OpenDatabase() failed. User not started error message appears     KB13842 -The User <BlackBerry_smartphone_user_name> not started error message appears
Stage 2 – Verifying encryption The BlackBerry Messaging Agent generates a new permanent encryption key and sends it to the BlackBerry smartphone. [40000] (05/21 06:51:39):{0x14D4} {ian.dundas@example.net} Generating 3DES key (this is based on server setting) [40000] (05/21 06:51:39):{0x14D4} *** OTAKEYGEN *** sending KEY_ACCEPT transID = 2077103732	Contact service administrator errors     KB13843 – The Activation error: Contact Service Administrator error message appears
Stage 3 – Receiving services The BlackBerry Policy Service receives a request to generate service books and then sends an IT policy update to the BlackBerry smartphone. BlackBerry Messaging Agent; Sending Service Book request to the BlackBerry Policy Service [40000] (05/21 06:51:45):{0x1AA8}{ian.dundas@example.net} *** OTAKEYGEN *** Queuing service book data to Policy Server Policy Service; IT policy sent to the BlackBerry smartphone [40000] (05/21 06:51:49):{0xE1C} SCS::CheckITPolicyInGroup – Queuing SET_ITPOLICY_REQUEST request for UserId=2573	IT Policy Rejected error     KB04533 – The IT Policy Rejected error message appears The enterprise activation process stops at Waiting for services status     KB03410 – The wireless enterprise activation process stops     KB04327 – The BlackBerry smartphone stops responding at the Waiting for Services stage     KB10798 – The enterprise activation process stops responding at the Waiting for Services stage
Stage 4 – Slow synchronization The BlackBerry smartphone can now send and receive messages. If wireless organizer data synchronization and wireless backup options are configured correctly, the appropriate organizer data is sent to the BlackBerry smartphone. Slow synchronization starts after the BlackBerry Synchronization Service receives the request from the BlackBerry Dispatcher. [46046] (05/21 06:52:24):{0×1294} [SYNC-DSession] Received "GetConfig" command from device. [Last, First:2573] The Following log line indicates that Slow Synchronization has Completed [36023] (05/21 07:05:36):{0x12AC} [SYNC-DSession] *** SLOWSYNC COMPLETE *** [Last, First:2573]	The enterprise activation process stops at 0%     KB03964 – The enterprise activation process stops at 0% in the slow synchronization process The enterprise activation process stops at 11%     KB10496 – The enterprise activation process stops at 11% in the slow synchronization process The slow synchronization process stops responding at the Initializing stage     KB13847 – The slow synchronization process does not start     KB13849 – Messages are delivered although the enterprise activation process is incomplete The enterprise activation process stops during the slow synchronization stage     KB13461 – The enterprise activation process stops during the slow synchronization process

 

 

BlackBerry Enterprise Server