Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® Enterprise Service 10

New Contributor
Posts: 2
Registered: ‎03-08-2013
My Device: BB z10

BES 10 - Doesn't connect to AD properly - Access failed for user adminsitrator

Hello all,


We have a new BES server setup, Version This is on a brand spankin new virtualized 2012 server.

The BES is AD full replication, not read-only.


When we goto login to the blackberry administration service or management service, we have to select "Direct Authentication" instead of "Microsoft Active Directory Authentication" as it gives us an error when we try to login via AD.


The error is: "Access failed for user adminsitrator"


This of course is messed up, and nothing is sync'ing or working properly on the handhelds attached to the BES server. The handhelds are coming back with 'change your AD password' when we connect them to the workspace.



A copy of the log is below, with the domain name removed for obvious reasons.


Any help is appreciated, thanks.




(06/30 17:17:36:244):{http-[DOMAIN NAME]%2F10.0.2.253-38443-5} [com.rim.bes.bas.bwsutil.handlers.GetEncodedUsername] [INFO] [BWS-1001] {u=0, uc=0, o=0, t=0} {bc70f88c-2782-4fde-b72c-3baca225e952} {getEncodedUsername} Getting encoded username for: 'adminsitrator'

(06/30 17:17:36:621):{http-[DOMAIN NAME]%2F10.0.2.253-38443-9} [com.dstc.security.kerberos.jaas.KerberosLoginModule] [ERROR] login failed: Kerberos error creating ticket: com.dstc.security.kerberos.KerberosError: Client not found in Kerberos database
    Error code: 6
    Error message: null
    Client name: null
    Client realm: null
    Client time: null
    Server name: krbtgt/[DOMAIN]
    Server realm: [DOMAIN]
    Server time: Sun Jun 30 17:17:36 ADT 2013

Posts: 91
Registered: ‎05-17-2013
My Device: BlackBerry Z-10

Re: BES 10 - Doesn't connect to AD properly - Access failed for user adminsitrator

Hello amaclellan;


Welcome to the forum and thank you for your question.


Have you confirmed that the password for the affected account has not expired?


Are you able to add an Active Directory account in the BlackBerry Administration Service web console as an administrator?


If you are able to add an Active Directory account as an administrator, are you then able to log out and then log in with the Active Directory account you have just assigned the Administrative Role to?


If you view the list of Administrators through the BlackBerry Administration Service web console, do you see the affected account listed?


If you do not see the account listed, add the account with the Role you wish to give it, log out and attempt to log back in with the affected account.


The list of Roles and their meanings can be found in the BlackBerry Enterprise Service 10 documentation Advanced Administration Guide - BlackBerry Device Service


Let us know if you have any further questions regarding this specific request.