Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® Enterprise Service 10

Reply
Regular Contributor
Posts: 83
Registered: ‎05-13-2009
My Device: Not Specified

Re: Windows Authentication & BAS

Why would this thread get moved to an area where people are asking questions regarding other problems? 
Moderator
Posts: 3,743
Registered: ‎10-02-2008
My Device: .
My Carrier: .

Re: Windows Authentication & BAS


Shamrock wrote:
Why would this thread get moved to an area where people are asking questions regarding other problems? 

the post was moved to the same section, but it is now it's own thread

Dany_S                                                                                                       New to the Community click here  
Community Moderator
Likes2.png  AS3.png  CG2.png
Regular Contributor
Posts: 83
Registered: ‎05-13-2009
My Device: Not Specified

Re: Windows Authentication & BAS

Guru III
Posts: 32,134
Registered: ‎06-25-2008
My Device:

I'm rockin the BlackBerry PRIV, Passport, Z30, Z10, Q10, BlackBerry Mini Stereo Speaker, 64 gig PlayBook,BT Headset HS-700

My Carrier: I am on AT&T. Please edit your Personal Profile with your DEVICE TYPE, DEVICE OS and Carrier

Re: Windows Authentication & BAS

[ Edited ]
The release notes have been posted but MR1 has knot been released yet.
Message Edited by knottyrope on 06-01-2009 11:20 AM

 




Click here to Backup the data on your BlackBerry Device! It's important, and FREE!


Click "Accept as Solution" if your problem is solved. To give thanks, click thumbs up
Click to search the Knowledge Base at BTSC and click to Read The Fabulous Manuals

BESAdmin's, please make a signature with your BES environment info.


SIM Free BlackBerry Unlocking FAQ
Follow me on Twitter @knottyrope


Want to thank me? Buy my KnottyRope App here


BES 12 and BES 5.0.4 with Exchange 2010 and SQL 2012 Hyper V


Regular Contributor
Posts: 83
Registered: ‎05-13-2009
My Device: Not Specified

Re: Windows Authentication & BAS

I used this KB article; KB18197 and KB18161 to finally solve my issue.  Turns out that the account you use for LDAP has to be easily hack-able.
New Member
Posts: 2
Registered: ‎04-10-2009
My Device: Not Specified

Re: Windows Authentication & BAS

Hi there,

 

I found this online and it fixed my AD authentication problems. The DC that was detected during BAS install was seemingly the only one that it wanted to use for LDAP. ( I tried to point it to another DC during install but it would not keep my changes). Changing it after the install was complete resulted in AD authentication problems.

 

Unable to administer the BlackBerry Administration Service after using the BlackBerry Server Configuration tabs
Doc ID : KB18161
Last Modified : 05-11-2009
Document Type : Support



Environment
  • BlackBerry® Enterprise Server version 5.0
  • SDR299265



Overview

After editing the LDAP Password field on the Administration Service - LDAP tab in the BlackBerry Server Configuration tool,  Administrators can no longer log into the BlackBerry Administration Service console using Windows (Microsoft® Active Directory®) Authentication.




Cause

For security reasons, the LDAP password is hashed before being stored in the BlackBerry Configuration Database. This ensures that it cannot be accessed and used directly from the Microsoft® SQL Server®. To use the password, the BlackBerry Administration Service must retrieve the password from the Hash value that was created when the password was inserted into the BlackBerry Configuration Database. When the password is edited on the BlackBerry Server Configuration screen, it is put in the database in plain text, instead of the Hashed value. Because the BlackBerry Administration Service automatically attempts to retrieve the password from Hash, it does not understand the plain text password. This prevents the BlackBerry Administration Service from authenticating against Microsoft Active Directory, and therefore from authenticating other users for login.




Resolution

This is a previously reported issue and is currently under investigation to be resolved in a later release of the BlackBerry Enterprise Server. There is no known resolution at this time.




WorkaroundTo work around the issue, perform one of the following options:

Option 1
  1. On the server where the BlackBerry Administration Service is installed, navigate to this directory:

    <drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS\bin

  2. Run the following command:

    basUtility "C:\Program Files\Java\jre1.5.0_15" "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS" encode "<LDAP Password>" > C:\Output.txt

  3. Open the text file created in Step 2.
  4. Copy the hashed version of the password to your Microsoft SQL Server.
  5. Run the following SQL Query against the BlackBerry Configuration Database:

    update BASAuthenticationCredentials set password = '<contents of output.txt>' where AuthenticationType LIKE '1'

  6. Restart the BlackBerry Administration Service services.
  7. Log in to the BlackBerry Administration Service using Microsoft Active Directory.

Option 2

Install the BlackBerry Administration Service again.

New Developer
Posts: 6
Registered: ‎07-02-2009
My Device: Not Specified

Re: Windows Authentication & BAS

I had a similar problem with a remote SQL setup and used "Option 3"  to fix it. I found it faster, easier and less complex. 

Option 3 

1. Go to BlackBerry Server Configuration > Administration Service - LDAP > LDAP Login credentials

2. Enter another users name and password (I used a basic test user in our domain)

3. Verify and select OK

4. Wait a minute or two (found a delay in updating database)

5. Go back and enter original users name and password

6. Verify and select OK

7. Go back and try to log into the BlackBerry Administration Service console. 

 

Worked for me, hope it helps.

 

 

 

 

New Contributor
Posts: 2
Registered: ‎07-28-2009
My Device: Not Specified

Re: Windows Authentication & BAS

[ Edited ]

I'm tester and trying to create test environment to test BB application on 5.0 version. I'm using VmWare Server 2.0 and two virtual machines. Using freshly created domain on Server 2003 x64 + Exchange 2007 and trying to make BES work on Server 2008 x64.

Getting this situation. Tried both KB from this discussion. Clock problem resolved. Inability of BES management tool to hash password in MD5 also resolved.

Still, I'm getting this error on Administration page for domain (+all other possible rights) admin: "The username, password, or domain is not correct. Please correct the entry."

Last line in BES AS log is

(07/28 08:28:31:356):{main} [org.jboss.system.server.Server] [INFO] JBoss (MX MicroKernel) [4.3.0.GA (build: SVNTag=JBPAPP_4_3_0_GA date=200801031548)] Started in 3m:35s:442ms

It is after unsuccessful attempt to log in administration console.

Could you please clarify which rights must I have to log to Administration console? Or how can I fix this? I'm typing full domain name in field, like company.com, ami doing it right? If any information you need I can provide it to you.

I'm very sorry for style of this comment, as I'm not kinda fluent in English, but could you please test release versions of BlackBerry EnterPrise Server on clean systems?

I just need one account to test one BB application. Still, I lost all this day to resolve this problem after clean installation instead of actual testing.

 

upd. For some reason BES not accepted domain Administrator credentials. I logged under another user.

Message Edited by boomman on 07-29-2009 02:26 AM