I've found RSA to be a pretty solid company in my few years of dealing with them as a vendor, even after the buy out from EMC. I've predominantly used their RSA ACE/Server offering for two-factor authentication for remote access via Citrix. Their management interface is a little medieval looking, with the screen that cannot dock to maximize your desktop, and the 'have to close the current window to do any other management activity' feature. Also I've had trouble getting the RSA Agent Host running in a WLBS environment. Having said that its usable, and I'm pretty tolerant of interface inadequacies.
We typically distribute SecurID hard tokens which, in conjunction with a username, password, and a user created PIN, our users can log into their Citrix portal remotely. We've deployed a few SecurID software tokens which entails a software install on their Blackberry devices. This has worked great for most of our users, specifically those who travel and invariably forget their hard tokens (they cling onto their Blackberries more so then their wedding rings). With RIM releasing the Curve, or 8300, through AT&T recently, we had to perform some reinstalls on users devices. Normally its not a problem as we define per user software configuration policies on our BES, so when a user gets a new device the software just gets downloaded and installed on that device and we push the license to the device from the BES.
After deploying the software to a couple of 8300's there appeared Java exception errors when attempting to launch the software on the device. Normally this means resetting the device firewall and rebooting the device; the usual RIM troubleshooting procedure. Unfortunately that didn't work for this issue. The version of the SecurID application we've been using, and that has to date been the only available version from RSA, is 2.0. We found that when the BES tries to push this version to the device, we received a messaging saying 'Downgrade Required', but it was not clear exactly what needed to be downgraded. It turned out that a version of the SecurID supporting library (SecurIDLib.cod) comes pre-loaded on the 8300. This library is version 2.1. As mentioned, we are installing version 2.0, as given to us from RSA. So, conclusively, the BES was telling us the SecurIDLib component on the device needed to be downgraded before the version of the SecurID application we were trying to install would work. Using a test device, we manually connected the device to a Windows XP desktop running Blackberry Desktop Manager 4.2, explicitly removed the 2.1 version of the SecurIDLib component, rebooted the device, installed our downloaded 2.0 version, rebooted the device again, and finally allowed the application access through the devices firewall. After this hoop jumping exercise, the software worked without a problem.
Afterwards I called RSA and asked for an explanation. The engineer I dealt with offered me a patched version of the software, however this version was NOT documented to fix this particular issue and its version was 2.0.1. I've not yet tried it but suspect it will not fix the problem.
What a project that was! Hopefully others will not have to go through the same troubleshooting pain I did.
Subscribe to:
Post Comments (Atom)
3 comments:
Yes, since Curve was introduced - we've been doing the same remove RSA 2.1.0/reinstall 2.0.x. RSA/EMC released softoken 2.1.1 (early Sept '07) and I believe it should install on the pre-loaded devices without issue, however I'm seeing mixed results. You've anything to report on this later version for BB 8300/8320/8820?
Thanks,
BES Admin
CLE, OH
Unfortunately not. We've just been using this process and haven't reviewed it for any newer rev's lately. If we do I'll make a brief posting.
what happend is RSA gave RIM a piece of code that worked with all Blackberries at the time. RIM decided to integrate it with new blackberries out of the box. Problem is, RIM later changed the OS and that broke the RSA component, but they still shipped them with the now incompatible RSA component. So for new Blackberries, you need to rip out the pre-installed RSA stuff, then obtain the latest token from RSA and install it. then it will work fine.
Post a Comment