06-02-2009, 10:18 PM
|
 |
Proprietor
|
|
Join Date: Nov 2008
Posts: 2,238
|
|
KB10726 - Turn off messaging server storage of BlackBerry master encryption keys
KB10726 - Turn off messaging server storage of BlackBerry smartphone master encryption keys
Environment
- BlackBerry® Enterprise Server software version 4.0 and later
- IBM® Lotus® Domino®
- Microsoft® Exchange
Overview
This article describes how to configure BlackBerry Enterprise Server software version 4.0 and later to store the BlackBerry smartphone master encryption keys in the BlackBerry Configuration Database only.
Important
Versions of BlackBerry® Desktop Software prior to 4.0 do not have access to the BlackBerry Configuration Database. If you prevent the BlackBerry Enterprise Server from storing BlackBerry smartphone master encryption keys on the messaging server, the following issues will occur in BlackBerry® Desktop Manager 4.0 and earlier:
- Valid master encryption keys for BlackBerry smartphones cannot be generated on that BlackBerry Enterprise Server
- Non-functional master encryption keys for BlackBerry smartphones may be regenerated on that BlackBerry Enterprise Server
- No error message displayed when BlackBerry smartphone activation fails under these circumstances
Versions of BlackBerry® Device Software prior to 4.0 do not support wireless enterprise activation. If you prevent the BlackBerry Enterprise Server from storing BlackBerry smartphone master encryption keys on the messaging server, you must use the BlackBerry Manager to generate and regenerate valid master encryption keys for BlackBerry smartphones running versions of BlackBerry Device Software prior to 4.0.
Master encryption key storage
The current BlackBerry smartphone master encryption key is the unique key that the BlackBerry smartphone and the BlackBerry Enterprise Server use to encrypt and decrypt all shared data traffic. With BlackBerry Enterprise Server software version 4.0 and later, the BlackBerry Configuration Database, the messaging server, and the BlackBerry smartphone flash memory store the current BlackBerry smartphone master encryption key in the following locations:
| IBM Lotus Domino | BlackBerry profiles database | key store database in flash memory | BlackBerry Configuration Database | | Microsoft Exchange | email client mailbox | key store database in flash memory | BlackBerry Configuration Database | Configure the BlackBerry Enterprise Server to store master encryption keys in the BlackBerry Configuration Database only
To turn off messaging server storage of master encryption keys, configure the BlackBerry Enterprise Server to store master encryption keys in the BlackBerry Configuration Database only. To perform this task, complete the following steps:
Warning: The following procedure involves modifying the computer registry. This can cause substantial damage to the Microsoft® Windows® operating system. Document and back up the registry entries prior to implementing any changes.
- On the BlackBerry Enterprise Server, open the Registry Editor.
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Research In Motion\BlackBerry Enterprise Server\Agents
- Create a new DWORD value named EncryptionKeysInDB with data set to 1.
- Close the Registry Editor.
- Restart the BlackBerry Enterprise Server to initiate the new master encryption key transfer process.
The BlackBerry Messaging Agent writes the appropriate setting to the messaging server storage location to prevent versions of BlackBerry Desktop Software prior to 4.0 from generating master encryption keys.
Important: Restarting the BlackBerry Enterprise Server will delay message delivery to BlackBerry smartphones. For more information, see KB04789.
__________________
http://blog.port3101.org/hdawg/
The views expressed by me on Port3101 and its affiliated sites are my own and do not necessarily reflect the views of my employer.
|
Linear Mode
