000015326 - Troubleshooting RSA SecurID Software Token for BlackBerry deployment by CT-KIP

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000015326
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: RSA Software Token for BlackBerry
RSA Version/Condition: 3.5.1
IssueThis article provides steps on troubleshooting RSA SecurID software Token for BlackBerry deployment by CT-KIP.
CauseThe RSA SecurID Software Token for BlackBerry deployment using CT-KIP will not work with devices with the embedded library.  Refer to page 28 of the RSA SecurID Software Token for BlackBerry Administrator Guide.

You cannot use Dynamic Seed Provisioning to distribute software tokens to devices running the VPN version of the RSA SecurID Token application.

The IT policy requirement is as follows:

IT Policy NameIT Policies for Automating a Token Import Through CT-KIP
DescriptionNull (default)
TypeServer URL

Specify a server URL for downloading tokens  through Dynamic Seed Provisioning (CT-KIP) so that users do not have to enter the URL in their BlackBerry devices  to import a token. Strings can contain up to 200 characters.  For example, below are the CT-KIP credentials (for the last token distribution by CT-KIP):

  1. The RSA Software Token for BlackBerry token import fails during the first attempt using the CT-KIP download and works fine the second time. The release notes for RSA Software Token 3.0.2 for BlackBerry describes this behavior in the 8700 model. However, this has been noted in other newer models too. This has been resolved in RSA Software Token 3.5 for BlackBerry.
  2. Download RSA Software Token 3.5.1 for BlackBerry.  You can download RSA Software Token 3.5 for BlackBerry devices directly to the BlackBerry device by clicking here
  3. Automatic download of a token to a device using CT-KIP works only one time. If a token is deleted and you try to import the new token, the RSA token application must be launched and the Import Token option should be used.
  4. If there is a problem in downloading application, verify you can launch www.google.com and www.yahoo.com from the same device. Verify that the third-party software installation is allowed on the device. This is disabled on BES server in IT policy.
  5. CT-KIP requests can be configured with http as well. (default request URL works with https). The http URL can be mentioned on BES server IT policy.
  6. The Service Address URL should be sent to end users by email.
Legacy Article IDa50016