Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® Enterprise Service 10

Reply
New Contributor
Posts: 5
Registered: ‎11-10-2009
My Device: Not Specified

BAS login fails on BES 5.0.2

I just performed a fresh install of BES on a Win2008 R2 x64 server with Domino 8.5.1FP3 in a Win2003 AD environment. Installation went fine, but we are unable to log in to the BAS. I have already verified that the "admin" account is created and has a hashed PW in the BESMgmt DB. The main issue I am seeing is from the BBAS log (in red):

 

(11/09 11:06:25:066):{http-ADMNLTS006.WRK.ADS.PHA.PHILA.GOV%2F10.64.7.158-443-2} [com.rim.bes.basplugin.activedirectory.LDAPSearch] [INFO] [ADAU-1001] {u=SystemUser, t=3371} performPagedLDAPSearch problem performing LDAP operation: url=ldap://admnwrk003.wrk.ads.pha.phila.gov:3268 base=ldap://admnwrk003.wrk.ads.pha.phila.gov:389 filter=(&(objectClass=user)(objectCategory=person)(|(sAMAccountName=besadmin)(userPrincipalName=besadmin))) scope=2

 

For some reason BAS is not getting the correct values for the base of the LDAP lookup. I used the Query option to check if  everything was correct during the 5.0 install (having already read that the Verify button will mess up the DB). When I went to apply the SP2 upgrade, the user domain field was populated with the LDAP base information (User account is generic for LDAP queries in our environment). It would not let me proceed past this point, indicating there was an error in the setup log. 

 

 

[30000] (11/09 10:24:17.802):{0x2FC} <5>Nov 09 10:24:17 ADMNLTS006  {0xF38} 0838: (#30000) BindToAnADDomain could not bind the user [DC=wrk,DC=ads,DC=pha,DC=phila,DC=gov\pgpldap] on the ADsPath [LDAP://DC=wrk,DC=ads,DC=pha,DC=phila,DC=gov/rootDSE] using [ADsOpenObject], native return code [80005000]
[30000] (11/09 10:24:17.802):{0x2FC} <3>Nov 09 10:24:17 ADMNLTS006  {0xF38} 0839: (#10000) ADSettings failed to validate user creds during bind with - user[pgpldap] domain[DC=wrk,DC=ads,DC=pha,DC=phila,DC=gov] pwd[XXXXXXXX] - code [103]
[30000] (11/09 10:24:17.802):{0x2FC} <3>Nov 09 10:24:17 ADMNLTS006  {0xF38} 0840: (#10000) ADSettings failed to validate user creds - user[pgpldap] domain[DC=wrk,DC=ads,DC=pha,DC=phila,DC=gov] pwd[XXXXXXXX] - code[2]
[30000] (11/09 10:24:17.802):{0x2FC} <5>Nov 09 10:24:17 ADMNLTS006  {0xF38} 0841: (#30000) ADSettings::InitPub result is [0], IsInited=[1] - U/D/P[pgpldap/DC=wrk,DC=ads,DC=pha,DC=phila,DC=gov/XXXXXXXX] GC[] CES[1110],
[30000] (11/09 10:24:17.802):{0x2FC} <5>Nov 09 10:24:17 ADMNLTS006  {0xF38} 0842: (#30000) [PIPTOOL]: AD Settings container was loaded
[30000] (11/09 10:24:17.802):{0x2FC} <5>Nov 09 10:24:17 ADMNLTS006  {0xF38} 0843: (#30000) [PIPTOOL]: Main dialog attempting to initialize BASAdminSettings container
[30000] (11/09 10:24:17.802):{0x2FC} <5>Nov 09 10:24:17 ADMNLTS006  {0xF38} 0844: (#30000) CBASAdministrativeAccountCon::RequiredByInstallConfiguration returning [1]
[30000] (11/09 10:24:17.802):{0x2FC} <5>Nov 09 10:24:17 ADMNLTS006  {0xF38} 0845: (#30000) BASAdministrativeAccount result is [1]
[30000] (11/09 10:24:17.802):{0x2FC} <5>Nov 09 10:24:17 ADMNLTS006  {0xF38} 0846: (#30000) BASAdministrativeAccount located a BAS Administrative account during Init but does not support updates so it is setting default values
[30000] (11/09 10:24:17.802):{0x2FC} <5>Nov 09 10:24:17 ADMNLTS006  {0xF38} 0847: (#30000) BASAdministrativeAccount sets authentication method to [1]
[30000] (11/09 10:24:17.802):{0x2FC} <5>Nov 09 10:24:17 ADMNLTS006  {0xF38} 0848: (#30000) BASAdministrativeAccount sets user current account to [1]
[30000] (11/09 10:24:17.802):{0x2FC} <5>Nov 09 10:24:17 ADMNLTS006  {0xF38} 0849: (#30000) BASAdministrativeAccount Init result is [0], IsInited=[1] - Mode=1, UseCurrAcct=1, WinUser[], WinDom[], BASUser[admin], BASPwd[<NIL>], BASPwdCon[<NIL>], AE[1]CES[1],

 

[30000] (11/09 10:24:17.802):{0x2FC} <5>Nov 09 10:24:17 ADMNLTS006  {0xF38} 0838: (#30000) BindToAnADDomain could not bind the user [DC=wrk,DC=ads,DC=pha,DC=phila,DC=gov\pgpldap] on the ADsPath [LDAP://DC=wrk,DC=ads,DC=pha,DC=phila,DC=gov/rootDSE] using [ADsOpenObject], native return code [80005000][30000] (11/09 10:24:17.802):{0x2FC} <3>Nov 09 10:24:17 ADMNLTS006  {0xF38} 0839: (#10000) ADSettings failed to validate user creds during bind with - user[pgpldap] domain[DC=wrk,DC=ads,DC=pha,DC=phila,DC=gov] pwd[XXXXXXXX] - code [103][30000] (11/09 10:24:17.802):{0x2FC} <3>Nov 09 10:24:17 ADMNLTS006  {0xF38} 0840: (#10000) ADSettings failed to validate user creds - user[pgpldap] domain[DC=wrk,DC=ads,DC=pha,DC=phila,DC=gov] pwd[XXXXXXXX] - code[2][30000] (11/09 10:24:17.802):{0x2FC} <5>Nov 09 10:24:17 ADMNLTS006  {0xF38} 0841: (#30000) ADSettings::InitPub result is [0], IsInited=[1] - U/D/P[pgpldap/DC=wrk,DC=ads,DC=pha,DC=phila,DC=gov/XXXXXXXX] GC[] CES[1110],[30000] (11/09 10:24:17.802):{0x2FC} <5>Nov 09 10:24:17 ADMNLTS006  {0xF38} 0842: (#30000) [PIPTOOL]: AD Settings container was loaded[30000] (11/09 10:24:17.802):{0x2FC} <5>Nov 09 10:24:17 ADMNLTS006  {0xF38} 0843: (#30000) [PIPTOOL]: Main dialog attempting to initialize BASAdminSettings container[30000] (11/09 10:24:17.802):{0x2FC} <5>Nov 09 10:24:17 ADMNLTS006  {0xF38} 0844: (#30000) CBASAdministrativeAccountCon::RequiredByInstallConfiguration returning [1][30000] (11/09 10:24:17.802):{0x2FC} <5>Nov 09 10:24:17 ADMNLTS006  {0xF38} 0845: (#30000) BASAdministrativeAccount result is [1][30000] (11/09 10:24:17.802):{0x2FC} <5>Nov 09 10:24:17 ADMNLTS006  {0xF38} 0846: (#30000) BASAdministrativeAccount located a BAS Administrative account during Init but does not support updates so it is setting default values[30000] (11/09 10:24:17.802):{0x2FC} <5>Nov 09 10:24:17 ADMNLTS006  {0xF38} 0847: (#30000) BASAdministrativeAccount sets authentication method to [1][30000] (11/09 10:24:17.802):{0x2FC} <5>Nov 09 10:24:17 ADMNLTS006  {0xF38} 0848: (#30000) BASAdministrativeAccount sets user current account to [1][30000] (11/09 10:24:17.802):{0x2FC} <5>Nov 09 10:24:17 ADMNLTS006  {0xF38} 0849: (#30000) BASAdministrativeAccount Init result is [0], IsInited=[1] - Mode=1, UseCurrAcct=1, WinUser[], WinDom[], BASUser[admin], BASPwd[<NIL>], BASPwdCon[<NIL>], AE[1]CES[1],

 

I don't know what else to try here, and I can't seem to locate either the registry keys or SQL tables where this LDAP information is stored. Has anyone else encountered anything like this or know where I need to make changes?

Guru III
Posts: 32,134
Registered: ‎06-25-2008
My Device:

I'm rockin the BlackBerry PRIV, Passport, Z30, Z10, Q10, BlackBerry Mini Stereo Speaker, 64 gig PlayBook,BT Headset HS-700

My Carrier: I am on AT&T. Please edit your Personal Profile with your DEVICE TYPE, DEVICE OS and Carrier

Re: BAS login fails on BES 5.0.2

See if this pertains to you.

http://www.blackberry.com/btsc/KB23927

 




Click here to Backup the data on your BlackBerry Device! It's important, and FREE!


Click "Accept as Solution" if your problem is solved. To give thanks, click thumbs up
Click to search the Knowledge Base at BTSC and click to Read The Fabulous Manuals

BESAdmin's, please make a signature with your BES environment info.


SIM Free BlackBerry Unlocking FAQ
Follow me on Twitter @knottyrope


Want to thank me? Buy my KnottyRope App here


BES 12 and BES 5.0.4 with Exchange 2010 and SQL 2012 Hyper V


Highlighted
New Contributor
Posts: 5
Registered: ‎11-10-2009
My Device: Not Specified

Re: BAS login fails on BES 5.0.2

Located both of those Windows Updates and uninstalled them. Rebooted and the BAS login page comes up but no logins are working. Still seeing the wrong "base" field in the BBAS-AS log:

 

(11/15 10:11:10:291):{http-DCTRBES001.wrk.ads.pha.phila.gov%2F10.64.7.163-443-1} [com.rim.bes.basplugin.activedirectory.LDAPSearch] [INFO] [ADAU-1001] {u=SystemUser, t=2710} performPagedLDAPSearch problem performing LDAP operation: url=ldap://admnwrk001.wrk.ads.pha.phila.gov:3268 base=ldap://admnwrk003.wrk.ads.pha.phila.gov:389 filter=(&(objectClass=user)(objectCategory=person)(|(sAMAccountName=BESAdmin)(userPrincipalName=BESAdmin))) scope=2