Access denied: Insecure SSL Request
 

Anyone see this message this AM on their user's devices? I only ask as I am speaking to RIM and was told many other Admins are calling with the same 'known' issue today. I've been escalated to Tier 3 and as I wait for an answer, I thought I might ask the forum to see if anyone has already jumped through these hoops. The only change, the recent Windows push this week that were applied last night.

The server returned the following error: "Access denied: Insecure SSL Request". Your MDS has been configured to deny SSL requests to servers that have certificates which are untrusted or expired. Try using Device Side SSL which can be modified in your TLS options. Contact your system administrator with any questions.

It pops up when my users unlock their device or when they are going through their emails.

BES 4.1.6
Exchange 03 / 07

I am getting the same errors and it just started this morning. Any luck finding an answer yet?

Thanks

They had me change TLS and HTTPS settings to TRUE as a temporary fix. Apparently, it does not address everyone's issue, but mine has been changed for an hour and so far, it seems to have worked. *fingers crossed*

This did not help my 5.0 environment as you have to specific the server that handles the TLS/HTTPS authentication.

I sent them logs of my 4.1.6 and 5.0 logs as well as my device logs and was told it will be escalated.

More to come as I find out.

tbinder
Any chance you guys use Wireless Continuity agent (EMS) from MessageOne/Dell on your devices?

AT&T had me make the same changes. We use email continuity agent from Message Labs, but it is Messageone.

This is the last notification:

The maintenance is progressing as expected and we expect to announce limited availability of service within the next five hours.

Current system status:
- EAS Web UI / EMS Continuity: The web console will be inaccessible at multiple points.
- EAS Archive: All services will be unavailable. Emails will queue on the VaultBox waiting for transfer to datacenter.
- EAS Security: Email security will continue to be transmitted, received, and processed as normal. Messages will be quarantined as normal, but users will be unable to view quarantine.
- Outlook Extension & Wireless Continuity: All services will be unavailable and may generate error messages.

At the conclusion of this maintenance, the datacenter will be running the latest release EAS 6.5.1.

Release Notes - 6.5 Datacenter & Client software release notes:

Release Notes - 6.5.1:



We will continue to provide updates on our progress throughout this maintenance. The next update will be sent no later than 7pm CST (Nov 21, 1am GMT).

If you have any questions or concerns, please contact the EAS Support team at +1 (888) 367-0777.

Thank you,

SunGard Support Team
+1 (888) 367-0777

Note: This notification sent to users on your EAS proactive maintenance distribution list.


So it looks like this is expected.

Yup confirmed. I wish I got that notification earlier.

Yeah; got a lot of traffic about these on another board I participate in recently. Research In Motion totally screwed up on this one.

The issue you are seeing is due to a flaw in the library used by the BES library to resolve Subject Alternative Name (SAN) website certificates. Basically, these are website certificates that have more than one domain name listed on a single website certificate. Kinda like Google.com/GMail.com/etc.

For more info on SAN certificates, go to Wikipedia and search for "Subject_Alternative_Name"

So basically, the failure is on RIM's product. This is admitted by RIM in their KB articles: KB20477 & KB20833

Not to spoil the outcome, but below are RIM's recommended solutions to patch the libraries and resolve the error:

1) Upgrade to BlackBerry Enterprise Server version 4.1.7 MR2
2) Upgrade to BlackBerry Enterprise Server version 5.0 SP1 MR3 or higher
3) Upgrade to BlackBerry Enterprise Server version 5.0 SP2