Suddenly, I can not login to BAS or WDM at all - BES Express 5.0.3

albracco · 02-02-2012

I have had this running without issues for about a year. It's 5.0.3 SP1 on a Windows 2003 Enterprise server running with Exchange 2003 Enterprise (all latest service packs). I needed to add a new BB user and discovered that I can not login with the bb admin AD account. I know the password is correct, because I can log into the server with those credentials.The message I get is:

The username, password or domain is not correct. please correct the entry.

I can not login using the blackberry admin service credentials either - same error...

II have researched various solutions found on the web with no luck. Many require you to be able to login to BAS in at least one way.

Naturally, the new BB I need to add is for the CEO of the company...

Can anyone offer any suggestions?

Here is what is in the log file after a failed login attempt:

BBAS-AS-01

(02/01 18:58:48:047):{http-EXCH.MYDOMAIN.LOCAL%2F192.168.24.7-3443-6} [com.rim.bes.basplugin.activedirectory.LDAPSearch] [INFO] [ADAU-1001] {u=SystemUser, t=9331} performPagedLDAPSearch problem performing LDAP operation: url=ldap://mydc.mydomain.local:3268 base= filter=(&(objectClass=user)(objectCategory=person)(|(sAMAccountName=bbadmin)(userPrincipalName=bbadmin))) scope=2

I also tried to install 5.0.3 MR2, which failed. The installer log file showed this:

server/domain [/MYDOMAIN]
[30000] (02/01 19:21:19.841):{0x3640} [SystemData]: Found a user domain DC at [192.168..24.8].
[30000] (02/01 19:21:19.841):{0x3640} [SystemData]: Querying GC's by forest/domain/site [MYDOMAIN.LOCAL/MYDOMAIN.LOCAL/Default-First-Site] for user GC discovery
[10000] (02/01 19:21:19.841):{0x3640} PerformDNSQuery succeeded for query [_gc._tcp.Default-First-Site._sites.MYDOMAIN.LOCAL/SRV]
[10000] (02/01 19:21:19.841):{0x3640} PerformDNSQuery found 2 SRV record(s) for query [MYDOMAIN.LOCAL/SRV]
[10000] (02/01 19:21:19.841):{0x3640} PerformDNSQuery found 5 total record(s) for query [MYDOMAIN.LOCAL/SRV]
[30000] (02/01 19:21:19.841):{0x3640} BindToAnADDomain succesfully bound the user [] on the ADsPath [LDAP://mydc.mydomain.local/rootDSE] using [ADsGetObject]
[30000] (02/01 19:21:19.841):{0x3640} ValidateGC2 returning accepts domains - GC[mydc.mydomain.local], GCdomain[mydomain.local], supplied dom [MYDOMAIN.LOCAL]
[30000] (02/01 19:21:19.841):{0x3640} ValidateGC2 returning true - serv [mydc.mydomain.local], supplied dom [MYDOMAIN.LOCAL]
[30000] (02/01 19:21:19.841):{0x3640} [SystemData]: Found a total of [1] eligible servers during user GC discovery
[30000] (02/01 19:21:19.841):{0x3640} [SystemData]: Found a user domain GC at [mydc.mydomain.local].
[30000] (02/01 19:21:19.841):{0x3640} attempting GetDCInfoEx for server/domain [mydc.mydomain.local/]
[30000] (02/01 19:21:19.856):{0x3640} GetDCInfoEx successfully determined values [Name[mydc.mydomain.local] Addr[192.168.24.6] Domain[YMYW.LOCAL] Forest[MYDOMAIN.LOCAL] Site[Default-First-Site] SB[DC=MYDOMAIN,DC=LOCAL] PDC=0 GC=1 IsValid=1 NatRetCode=0 LDAPRetCode=0 ET=0 ] for server/domain [mydc.mydomain.local/]
[30000] (02/01 19:21:19.856):{0x3640} [SystemData]: Finish InitActiveDirectoryInfo. GC validity is [1]
[10000] (02/01 19:21:19.856):{0x3640} [CSystemDataCon::ValidatePassword]: Failed to logon with given credentials.
[40000] (02/01 19:21:34.575):{0x3640} LoginInfoDlg executes DisableControls.
[30000] (02/01 19:21:34.575):{0x3640} Setting value to uninitialized data container [CSystemDataCon].
[30000] (02/01 19:21:34.575):{0x254C} Password was successfully validated.
[30000] (02/01 19:21:34.575):{0x3640} Leaving LoginInfoDlg
[40000] (02/01 19:21:34.575):{0x3640} LoginInfoDlg executes EnableControls.
[30000] (02/01 19:21:34.575):{0x3640} Step ShowLoginInfoDlg completed successfully
[30000] (02/01 19:21:34.575):{0x3640} Starting step ShowInstallDlg
[30000] (02/01 19:21:34.591):{0x3640} Entering init dialog for InstallMRDlg
[30000] (02/01 19:21:35.435):{0x26F8} Starting step RunInstall
[30000] (02/01 19:21:35.435):{0x26F8} Component [Java Cryptography Extension] is not installing. Skipping validation.
[10000] (02/01 19:21:35.435):{0x26F8} [CDBComp::ValidateServerName]: Server name cannot be empty
[30000] (02/01 19:21:35.435):{0x26F8} Step RunInstall failed
[10000] (02/01 19:21:35.435):{0x26F8} [CInstallStepSeq::RunInstall]: Product validation failed.

albracco · 02-02-2012

BTW, the MR install fails right after it comes up and asks for the password to my MYDOMAIN\Administrator account... So again, issue is suthentication-related...

knottyrope · 06-25-2008

MR and Service Packs need to be installed with BESAdmin service account or BES will break.

The password issue is a common one.

start with this KB

Article ID: KB17894

Click "Accept as Solution" if your problem is solved. To give thanks, click thumbs up
Click to search the Knowledge Base at BTSC and click to Read The Fabulous Manuals
BESAdmin's, please make a signature with your BES environment info. BlackBerry Unlocking FAQ

albracco · 02-02-2012

Thanks, but two things: I don't have any of the errors shown in that article in my logs. Second, when trying to install an MR, it does not give me the option to change the username. MYDOMAIN\Administrator is prepopulated and greyed out.

Al

knottyrope · 06-25-2008

did you login as BESAdmin?

Click "Accept as Solution" if your problem is solved. To give thanks, click thumbs up
Click to search the Knowledge Base at BTSC and click to Read The Fabulous Manuals
BESAdmin's, please make a signature with your BES environment info. BlackBerry Unlocking FAQ

albracco · 02-02-2012

If I do that, the setup.exe won't even run. Gives me a "cannot find file or path or you may not have permissions" type messages.

knottyrope · 06-25-2008

was BES installed as BESAdmin? are the blackberry services running as BESAdmin?

Click "Accept as Solution" if your problem is solved. To give thanks, click thumbs up
Click to search the Knowledge Base at BTSC and click to Read The Fabulous Manuals
BESAdmin's, please make a signature with your BES environment info. BlackBerry Unlocking FAQ

albracco · 02-02-2012

Yes and Yes. System has been running without any problems for a year.

albracco · 02-02-2012

Still can't login.

I stopped all BB services, removed all instances of java, re-installed BES express as the BESadmin. Same problem - I still can't login. Here are some errors from the BAS log. These appear right after a reboot, before even trying to login to the Administrator console. Strange thing is, after a failed login attempt, nothing appears in the log about it. Also, there are several references to DNS, but we have no problems with DNS elsewhere on the domain. All DCs and GCs are pingable by name. Anyway, here's what we see in the BAS log:

*** Start of original stack trace ***

com.rim.bes.basplugin.activedirectory.CouldNotGetE xchangeGCInfoException: Message: 'LOGIN ERROR: _getExchangeGCInfo Failed to get Global Catalog server name for domain YMYW.LOCAL com.rim.bes.basplugin.activedirectory.CouldNotGetG CInfoException: Message: 'getGCHost could not get global catalog information from DNS, javax.naming.ServiceUnavailableException: DNS server failure [response code 2]; remaining name '_ldap._tcp.Default-First-Site._sites.gc._msdcs.YMYW.LOCAL'', nested exception: 'DNS server failure [response code 2]'', nested exception: 'Message: 'getGCHost could not get global catalog information from DNS, javax.naming.ServiceUnavailableException: DNS server failure [response code 2]; remaining name '_ldap._tcp.Default-First-Site._sites.gc._msdcs.YMYW.LOCAL'', nested exception: 'DNS server failure [response code 2]''
at com.rim.bes.basplugin.activedirectory.ActiveDirect oryManagerBean._getExchangeGCInfo(ActiveDirectoryM anagerBean.java:2392)
at com.rim.bes.basplugin.activedirectory.ActiveDirect oryManagerBean._getActiveDirectoryGSSServiceParame ters(ActiveDirectoryManagerBean.java:3789)
at com.rim.bes.basplugin.activedirectory.ActiveDirect oryManagerBean.getActiveDirectoryGSSServiceParamet ersLocal(ActiveDirectoryManagerBean.java:3758)

---------------------

*** end of original stack trace ***

com.rim.bes.basplugin.activedirectory.CouldNotGetE xchangeGCInfoException: Message: 'LOGIN ERROR: _getExchangeGCInfo Failed to get Global Catalog server name for domain YMYW.LOCAL com.rim.bes.basplugin.activedirectory.CouldNotGetG CInfoException: Message: 'getGCHost could not get global catalog information from DNS, javax.naming.ServiceUnavailableException: DNS server failure [response code 2]; remaining name '_ldap._tcp.Default-First-Site._sites.gc._msdcs.YMYW.LOCAL'', nested exception: 'DNS server failure [response code 2]'', nested exception: 'Message: 'getGCHost could not get global catalog information from DNS, javax.naming.ServiceUnavailableException: DNS server failure [response code 2]; remaining name '_ldap._tcp.Default-First-Site._sites.gc._msdcs.YMYW.LOCAL'', nested exception: 'DNS server failure [response code 2]''
at com.rim.bes.basplugin.activedirectory.ActiveDirect oryManagerBean._getExchangeGCInfo(ActiveDirectoryM anagerBean.java:2392)
at com.rim.bes.basplugin.activedirectory.ActiveDirect oryManagerBean._getActiveDirectoryGSSServiceParame ters(ActiveDirectoryManagerBean.java:3789)
at com.rim.bes.basplugin.activedirectory.ActiveDirect oryManagerBean.getActiveDirectoryGSSServiceParamet ersLocal(ActiveDirectoryManagerBean.java:3758)

---------------------------------

Caused by: com.rim.bes.basplugin.activedirectory.CouldNotGetG CInfoException: Message: 'getGCHost could not get global catalog information from DNS, javax.naming.ServiceUnavailableException: DNS server failure [response code 2]; remaining name '_ldap._tcp.Default-First-Site._sites.gc._msdcs.YMYW.LOCAL'', nested exception: 'DNS server failure [response code 2]'
at com.rim.bes.basplugin.activedirectory.ActiveDirect oryDCLocator.getGCHost(ActiveDirectoryDCLocator.ja va:329)
at com.rim.bes.basplugin.activedirectory.ActiveDirect oryManagerBean._getExchangeGCInfo(ActiveDirectoryM anagerBean.java:2384)
... 189 more
Caused by: javax.naming.ServiceUnavailableException: DNS server failure [response code 2]; remaining name '_ldap._tcp.Default-First-Site._sites.gc._msdcs.YMYW.LOCAL'

--------------------

Theses messages repeat at the end of the log file:

(02/09 15:24:11:484):{WorkManager(2)-50} [com.rim.bes.bas.jobmanager.JobManagerBean] [DEBUG] [BBAS-200] {u=SystemUser, t=1487} Exit bean JobManagerBean.executeTimerJobsLocal
(02/09 15:24:11:501):{WorkManager(2)-50} [com.rim.bes.bas.jobmanager.JobManagerBean] [DEBUG] [BBAS-200] {u=SystemUser, t=1489} Enter bean JobManagerBean.executeTimerJobsLocal
(02/09 15:24:11:501):{WorkManager(2)-50} [com.rim.bes.bas.jobmanager.JobManagerBean] [DEBUG] [BBAS-200] {u=SystemUser, t=1489} Exit bean JobManagerBean.executeTimerJobsLocal
(02/09 15:24:11:501):{WorkManager(2)-50} [com.rim.bes.bas.jobmanager.JobManagerBean] [DEBUG] [BBAS-200] {u=SystemUser, t=1491} Enter bean JobManagerBean.executeTimerJobsLocal
(02/09 15:24:11:501):{WorkManager(2)-50} [com.rim.bes.bas.jobmanager.JobManagerBean] [DEBUG] [BBAS-200] {u=SystemUser, t=1491} Exit bean JobManagerBean.executeTimerJobsLocal
(02/09 15:30:10:765):{WorkManager(2)-53} [com.rim.bes.bas.jobmanager.JobManagerBean] [DEBUG] [BBAS-200] {u=SystemUser, t=1576} Enter bean JobManagerBean.processDeliveredTasksTimeoutLocal
(02/09 15:30:10:765):{WorkManager(2)-53} [com.rim.bes.bas.jobmanager.JobManagerBean] [DEBUG] [BBAS-200] {u=SystemUser, t=1576} Exit bean JobManagerBean.processDeliveredTasksTimeoutLocal

knottyrope · 06-25-2008

is SQL browser running?

Click "Accept as Solution" if your problem is solved. To give thanks, click thumbs up
Click to search the Knowledge Base at BTSC and click to Read The Fabulous Manuals
BESAdmin's, please make a signature with your BES environment info. BlackBerry Unlocking FAQ

BlackBerry® Professional Software and BlackBerry® Enterprise Server Express

Suddenly, I can not login to BAS or WDM at all - BES Express 5.0.3

Re: Suddenly, I can not login to BAS or WDM at all - BES Express 5.0.3

Re: Suddenly, I can not login to BAS or WDM at all - BES Express 5.0.3

Re: Suddenly, I can not login to BAS or WDM at all - BES Express 5.0.3

Re: Suddenly, I can not login to BAS or WDM at all - BES Express 5.0.3

Re: Suddenly, I can not login to BAS or WDM at all - BES Express 5.0.3

Re: Suddenly, I can not login to BAS or WDM at all - BES Express 5.0.3

Re: Suddenly, I can not login to BAS or WDM at all - BES Express 5.0.3

Re: Suddenly, I can not login to BAS or WDM at all - BES Express 5.0.3

Re: Suddenly, I can not login to BAS or WDM at all - BES Express 5.0.3