Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® Enterprise Service 10

Reply
Highlighted
Trusted Contributor
Posts: 146
Registered: ‎08-18-2010
My Device: Z10
My Carrier: Vodafone.de

BDS Active Sync and AD Password

Hi there,

 

we are running BDS 6.2 with Exchange2010 and ActiveSync (via email Profile)

I currently have no issues but need to understand something.

 

I mean during activation I need to enter the AD password of the user once. After a couple of days I changed the password of the user in AD and the Z10 was still able to send receive messages.

Without prompting for the new AD password.

 

I am wondering how this is working.

 

Can anybody explain?

 

Thanks,

Hape

 

 

 

Trusted Contributor
Posts: 185
Registered: ‎07-31-2008
My Device: RIM Z10
My Carrier: PLUS (Poland)

Re: BDS Active Sync and AD Password

So. Your BB is connecting with EX by AS. after 6 - 8 hours your password will be changed on AS and then you will be need put your new password Smiley Happy

 

I found this on MS Sites:

 

The issue can be caused by the IIS cache or AD replication problem. Please understand IIS does cache the credentials, until that time the user can log on to his/her mailbox with either the old password or the new password. However, if the user uses a MAPI client (such as Microsoft Outlook, OWA) to access the mailbox or if the user attempts to access other files and resources, the user is only authenticated if he or she uses the new password. This latency exists by design for Internet Information Server (IIS) performance reasons, and is controlled by the following registry setting:

1.Start Registry Editor (Regedt32.exe) on the CAS server.

2.Locate the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters

3.On the Edit menu, click Add Value, and then add the following registry value:
Value Name: UserTokenTTL 
Data Type: REG_DWORD
Value Range: 1 (decimal) (NOTE: This unit is in seconds.)

4. Quit Registry Editor and restart IIS by running “IISreset /noforce”.

5. Repeat the same steps on another CAS server.

Related KB:

Changing the Default Interval for User Tokens in IIS
http://support.microsoft.com/kb/152526

This not make mistakes, who does nothing.
Włodzimierz Lenin

BES 5.0.4,BES 10.2
Trusted Contributor
Posts: 146
Registered: ‎08-18-2010
My Device: Z10
My Carrier: Vodafone.de

Re: BDS Active Sync and AD Password

Hi Tweedle,

 

thanks for response. You are right. This exactrly has happend. After 8hrs I was prompted to Enter my "Account Password".

 

Is there any way to get rid of this popup after a password change in AD? Is there any possibility to reach the same comfort like MAPI-Profile in BES5?

 

Regards,

hape

 

 

Regular Contributor
Posts: 1,453
Registered: ‎08-29-2008
My Device: Blackberry Classic
My Carrier: Swisscom

Re: BDS Active Sync and AD Password

You can use SCEP profiles to avoid AD password entry.
Trusted Contributor
Posts: 146
Registered: ‎08-18-2010
My Device: Z10
My Carrier: Vodafone.de

Re: BDS Active Sync and AD Password

Hi freakinvibe,

 

can you provide me so more info? Does this mean, that I have to create a SCEP profile per user?

 

Regards,

hape