
09-02-2009, 10:44 PM
|
 |
Proprietor
|
|
Join Date: Nov 2008
Posts: 2,257
|
|
KB04690 - IT Policy Error status
KB04690 - IT Policy Error status
Environment
- BlackBerry® Enterprise Server version 4.0
- BlackBerry smartphones
- IBM® Lotus® Domino®
- Microsoft® Exchange
- Novell® GroupWise®
Background
IT policy keys are read from the GlobalSettings table in the configuration database each time the BlackBerry Policy Service needs to sign a policy. These keys let the BlackBerry smartphone confirm that the policy key came from its database.
The ServerConfigHistory table keeps a history of policy key changes, but it is periodically updated by a Structured Query Language (SQL) script that removes the oldest entries in the table after a specified number of days. Therefore, a query of the database does not recover a complete history of changes. Additionally, the ServerConfigHistory does not archive the previous versions of the policy key; it only records the current version.
Overview
When the BlackBerry Enterprise Server cannot access the active IT policy key, only users with the current policy key are able to receive IT Policies and applications on their BlackBerry smartphones.
Cause
During routine operations, the BlackBerry Enterprise Server references the active IT policy key in the SQL configuration database to confirm its authenticity. If it is unable to communicate with the configuration database, it generates a new policy key.
Note: This issue should occur infrequently, because when the Policy service fails to read the keys, it attempts to commit a new key to the database within a short period of time.
If running Microsoft® SQL Server® 2000, complete the following steps to confirm the policy key change:
- Open the SQL Query Analyzer.
- Connect to the SQL Server hosting the BESMgmt database (where BESMgmt is the default name).
- Select the BESMgmt database in the left pane.
- Type the following query in the top pane, and clickRun: SELECT * FROM ServerConfigHistory WHERE Details='PolicyPublicKey,PolicyPrivateKey'
- If any entries are returned from this query, note the ChangeDateTime value for each occurrence. These values indicate when the keys were changed.
If you are running Microsoft SQL Server Desktop Engine (MSDE), complete the following steps to confirm the policy key change:
- Open a command prompt.
- Type osql -E -d -q "SELECT ChangeDateTime FROM ServerConfigHistory WHERE Details='PolicyPublicKey,PolicyPrivateKey'"
- If any entries are returned from this query, note the ChangeDateTime value for each occurrence. These values indicate when the keys were changed.
Resolution
For Microsoft Exchange or IBM Lotus Domino, apply BlackBerry Enterprise Server version 4.0 Service Pack 3, Hot Fix 2.
For Novell GroupWise, apply BlackBerry Enterprise Server version 4.0 Service Pack 3.
Additional Information
When the policy key is changed, the following event is logged in the BlackBerry Enterprise Server Messaging Agent (MAGT) log: [40000] (10/17 08:36:48):{0x16C0} SCS::AddDigitalSignatureToPolicy - Successfully created the Policy key
The following are examples of events that may be written to the BlackBerry Enterprise Server when a SQL connectivity issue occurs prior to the event above: [10249] (10/15 23:57:03):{0x1258} GetAppControlPolicy: COM Error 0x80004005 - Unspecified error - Source: "Microsoft OLE DB Provider for SQL Server" - Description "Connection failure" - Command "_^‹Ý]‹MU‹ëù"
[10249] (10/15 23:57:03):{0x1258} SCS::GetBESVersion(): COM Error 0x80004005 - Unspecified error - Source: "Microsoft OLE DB Provider for SQL Server" - Description "Connection failure" - Command "select BESVersion from ServerConfig where id = 12"
[10249] (10/15 23:57:03):{0x1258} GetPrimaryPolicyKeys: COM Error 0x80004005 - Unspecified error - Source: "Microsoft OLE DB Provider for SQL Server" - Description "Connection failure" - Command "_^‹Ý]‹MU‹ëù"
[10226] (10/15 23:57:03):{0x1258} COM Error 0x426520 in AddPrimaryPolicyKeysToDB - Connection failure - Unspecified error
[10224] (10/15 23:57:03):{0x1258} Database error in AddPrimaryPolicyKeysToDB (err=0x80004005, native err=0) - Connection failure
[20000] (10/15 23:57:03):{0x1258} SCS::AddDigitalSignatureToPolicy - Failed to write the Policy Keys to the Database.
If a BlackBerry smartphone with an outdated key fails to decrypt messages as a result of this problem, the following event is written to the BlackBerry Enterprise Server Policy (POLC) logs, and is reported in the Application log: [20000] (10/31 11:52:41):{0x91C} SCS::GetValidP2PKeyBlobFromDB - Failed to Get Peer To Peer Key Sequence.
|