Blackberry

TheMSsForum.com: The Microsoft Software Forum

Hi,

I am in the process of setting up Blackberry Enterprise Server. We have an
SBS 2000 box with 2 NICs - the WAN NIC is connected to a Watchguard SOHO 6
firewall and this is then connected to our router.

I have been following the deployment guide, setup the BesAdmin account in
Exchage. I then planned to install BES onto a machine that ran Windows 2003
Server Std without Outlook client installed (as per the book suggested). On
the 5th page of the install wizard, named 'Blackberry Server Communication
Information' I enter the servername, SRP host as 192.168.16.2 (SBS's IP
address as it is the proxy) and the SRP as port 3101.

Now, on the Watchguard I opened up an outbound port TCP 3101 allowed by
192.168.16.2 and this throws back 'Test failed with error code (10061).'
Looking at the Blackberry KB, it suggests that an outbound connection cannot
be made. It requires that the outbound port 3101 should be configured as
'Bi-directional' (?what does this mean?) and I am deperately trying to get
this working but I am stuck! This is when I hit the 'Test Network
Connection' button.

Do I need to setup something in ISA Server Filters? We use GFI MSEC, DSEC
and I have granted srp.eu.blackberry to be excluded from the GFI filter in
ISA.

Please can someone help me as this is really bugging me. Furthermore, help
on creating a custom outbound rule for port 3101 would be helpful on a
Watchguard firewall SOHO6. I am sure I have done it correct, but I need a
second opinion.

Thanks,

skc
Top

Re: Blackberry by Jim

Jim
Thu Oct 14 07:53:01 CDT 2004

I don't have step by step but you may need to open up that port in
ISA. Look at some existing packet filters to confirm. Do you have the
firewall client loaded on the BES? If not you may need to set it up as
a secure nat client. http://www.sbslinks.com/MACINTEGRATION.HTM

Skc <Skc@discussions.microsoft.com> wrote:

>Hi,
>
>I am in the process of setting up Blackberry Enterprise Server. We have an
>SBS 2000 box with 2 NICs - the WAN NIC is connected to a Watchguard SOHO 6
>firewall and this is then connected to our router.
>
>I have been following the deployment guide, setup the BesAdmin account in
>Exchage. I then planned to install BES onto a machine that ran Windows 2003
>Server Std without Outlook client installed (as per the book suggested). On
>the 5th page of the install wizard, named 'Blackberry Server Communication
>Information' I enter the servername, SRP host as 192.168.16.2 (SBS's IP
>address as it is the proxy) and the SRP as port 3101.
>
>Now, on the Watchguard I opened up an outbound port TCP 3101 allowed by
>192.168.16.2 and this throws back 'Test failed with error code (10061).'
>Looking at the Blackberry KB, it suggests that an outbound connection cannot
>be made. It requires that the outbound port 3101 should be configured as
>'Bi-directional' (?what does this mean?) and I am deperately trying to get
>this working but I am stuck! This is when I hit the 'Test Network
>Connection' button.
>
>Do I need to setup something in ISA Server Filters? We use GFI MSEC, DSEC
>and I have granted srp.eu.blackberry to be excluded from the GFI filter in
>ISA.
>
>Please can someone help me as this is really bugging me. Furthermore, help
>on creating a custom outbound rule for port 3101 would be helpful on a
>Watchguard firewall SOHO6. I am sure I have done it correct, but I need a
>second opinion.
>
>Thanks,
>
>skc

Jim B. SBS Community Member
remove the mvp to send email
Top

Re: Blackberry by Ted

Ted
Thu Oct 14 16:25:10 CDT 2004

I was able to get this to work by creating a protocol
rule that allowed port 3101 TCP outbound in ISA. Did not
have to do this both ways. I did define a client set, so
that only the BES is allowed out that port. Pretty much
followed the BES install guide - only difference is you
have the Watchguard, a second firewall in the mix. But I
would definitely look at setting this rule up on the ISA
as well.

After that, can you look at the Watchguard monitor, to
see if maybe it is getting stopped there? You should be
able to see this activity right away, when you try the
test.

>-----Original Message-----
>I don't have step by step but you may need to open up
that port in
>ISA. Look at some existing packet filters to confirm. Do
you have the
>firewall client loaded on the BES? If not you may need
to set it up as
>a secure nat client.
http://www.sbslinks.com/MACINTEGRATION.HTM
>
>Skc <Skc@discussions.microsoft.com> wrote:
>
>>Hi,
>>
>>I am in the process of setting up Blackberry Enterprise
Server. We have an
>>SBS 2000 box with 2 NICs - the WAN NIC is connected to
a Watchguard SOHO 6
>>firewall and this is then connected to our router.
>>
>>I have been following the deployment guide, setup the
BesAdmin account in
>>Exchage. I then planned to install BES onto a machine
that ran Windows 2003
>>Server Std without Outlook client installed (as per the
book suggested). On
>>the 5th page of the install wizard, named 'Blackberry
Server Communication
>>Information' I enter the servername, SRP host as
192.168.16.2 (SBS's IP
>>address as it is the proxy) and the SRP as port 3101.
>>
>>Now, on the Watchguard I opened up an outbound port TCP
3101 allowed by
>>192.168.16.2 and this throws back 'Test failed with
error code (10061).'
>>Looking at the Blackberry KB, it suggests that an
outbound connection cannot
>>be made. It requires that the outbound port 3101
should be configured as
>>'Bi-directional' (?what does this mean?) and I am
deperately trying to get
>>this working but I am stuck! This is when I hit
the 'Test Network
>>Connection' button.
>>
>>Do I need to setup something in ISA Server Filters? We
use GFI MSEC, DSEC
>>and I have granted srp.eu.blackberry to be excluded
from the GFI filter in
>>ISA.
>>
>>Please can someone help me as this is really bugging
me. Furthermore, help
>>on creating a custom outbound rule for port 3101 would
be helpful on a
>>Watchguard firewall SOHO6. I am sure I have done it
correct, but I need a
>>second opinion.
>>
>>Thanks,
>>
>>skc
>
>Jim B. SBS Community Member
>remove the mvp to send email
>.
>
Top

Re: Blackberry by Skc

Skc
Fri Oct 15 03:13:06 CDT 2004

Ted,

Can you explain what you mean by "...I did define a client set..." as I have
created an outbound rule in ISA but I do not understand the above statement.

I will look at the Watchguard logs and try again.

Skc

"Ted" wrote:

> I was able to get this to work by creating a protocol
> rule that allowed port 3101 TCP outbound in ISA. Did not
> have to do this both ways. I did define a client set, so
> that only the BES is allowed out that port. Pretty much
> followed the BES install guide - only difference is you
> have the Watchguard, a second firewall in the mix. But I
> would definitely look at setting this rule up on the ISA
> as well.
>
> After that, can you look at the Watchguard monitor, to
> see if maybe it is getting stopped there? You should be
> able to see this activity right away, when you try the
> test.
>
> >-----Original Message-----
> >I don't have step by step but you may need to open up
> that port in
> >ISA. Look at some existing packet filters to confirm. Do
> you have the
> >firewall client loaded on the BES? If not you may need
> to set it up as
> >a secure nat client.
> http://www.sbslinks.com/MACINTEGRATION.HTM
> >
> >Skc <Skc@discussions.microsoft.com> wrote:
> >
> >>Hi,
> >>
> >>I am in the process of setting up Blackberry Enterprise
> Server. We have an
> >>SBS 2000 box with 2 NICs - the WAN NIC is connected to
> a Watchguard SOHO 6
> >>firewall and this is then connected to our router.
> >>
> >>I have been following the deployment guide, setup the
> BesAdmin account in
> >>Exchage. I then planned to install BES onto a machine
> that ran Windows 2003
> >>Server Std without Outlook client installed (as per the
> book suggested). On
> >>the 5th page of the install wizard, named 'Blackberry
> Server Communication
> >>Information' I enter the servername, SRP host as
> 192.168.16.2 (SBS's IP
> >>address as it is the proxy) and the SRP as port 3101.
> >>
> >>Now, on the Watchguard I opened up an outbound port TCP
> 3101 allowed by
> >>192.168.16.2 and this throws back 'Test failed with
> error code (10061).'
> >>Looking at the Blackberry KB, it suggests that an
> outbound connection cannot
> >>be made. It requires that the outbound port 3101
> should be configured as
> >>'Bi-directional' (?what does this mean?) and I am
> deperately trying to get
> >>this working but I am stuck! This is when I hit
> the 'Test Network
> >>Connection' button.
> >>
> >>Do I need to setup something in ISA Server Filters? We
> use GFI MSEC, DSEC
> >>and I have granted srp.eu.blackberry to be excluded
> from the GFI filter in
> >>ISA.
> >>
> >>Please can someone help me as this is really bugging
> me. Furthermore, help
> >>on creating a custom outbound rule for port 3101 would
> be helpful on a
> >>Watchguard firewall SOHO6. I am sure I have done it
> correct, but I need a
> >>second opinion.
> >>
> >>Thanks,
> >>
> >>skc
> >
> >Jim B. SBS Community Member
> >remove the mvp to send email
> >.
> >
>
Top