This article provides steps on troubleshooting RSA SecurID software Token for BlackBerry deployment by CT-KIP.
The RSA SecurID Software Token for BlackBerry deployment using CT-KIP will not work with devices with the embedded library. Refer to page 28 of the RSA SecurID Software Token for BlackBerry Administrator Guide.
You cannot use Dynamic Seed Provisioning to distribute software tokens to devices running the VPN version of the RSA SecurID Token application.
The IT policy requirement is as follows:
IT Policy Name
IT Policies for Automating a Token Import Through CT-KIP
Specify a server URL for downloading tokens through Dynamic Seed Provisioning (CT-KIP) so that users do not have to enter the URL in their BlackBerry devices to import a token. Strings can contain up to 200 characters. For example, below are the CT-KIP credentials (for the last token distribution by CT-KIP):
The RSA Software Token for BlackBerry token import fails during the first attempt using the CT-KIP download and works fine the second time. The release notes for RSA Software Token 3.0.2 for BlackBerry describes this behavior in the 8700 model. However, this has been noted in other newer models too. This has been resolved in RSA Software Token 3.5 for BlackBerry.
Automatic download of a token to a device using CT-KIP works only one time. If a token is deleted and you try to import the new token, the RSA token application must be launched and the Import Token option should be used.
If there is a problem in downloading application, verify you can launch www.google.com and www.yahoo.com from the same device. Verify that the third-party software installation is allowed on the device. This is disabled on BES server in IT policy.
CT-KIP requests can be configured with http as well. (default request URL works with https). The http URL can be mentioned on BES server IT policy.
The Service Address URL should be sent to end users by email.