05-26-2009, 05:19 PM
|
 |
Proprietor
|
|
Join Date: Nov 2008
Posts: 2,238
|
|
KB10971 - "Error 401: Unauthorized Access" when attempting to browse https sites
KB10971 - "Error 401: Unauthorized Access" when attempting to browse to secure web sites using BlackBerry Browser
Environment
- BlackBerry® Enterprise Server version 4.0 to 4.1
Overview
BlackBerry smartphone users receive the following error message when attempting to connect to a web page that requires HTTP authentication:
Unsupported Authentication Scheme
Error 401: Unauthorized Access
If HTTP and Verbose HTTP logging is turned on, the BlackBerry MDS Service logs (also known as MDAT logs) display the following lines:
[169]:::, USERID = , CONNECTIONID = , HTTPTRANSMISSION = You are not authorized to view this page>
[169]:::, USERID = , CONNECTIONID = , HTTPTRANSMISSION = You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept.>
Cause
There are two potential causes for this problem.
Cause 1
The Support HTTP Authentication option is set to False in the BlackBerry MDS Properties. Hypertext Transfer Protocol (HTTP) Authentication is required to connect and log into some web sites. If the BlackBerry® Mobile Data System (BlackBerry MDS), BlackBerry® Mobile Data Service or BlackBerry MDS Connection Service does not have the Support HTTP Authentication property set to True under HTTP in the BlackBerry MDS properties, then the BlackBerry smartphone will be unable to connect to web sites that require HTTP authentication.
Note: BlackBerry Mobile Data Service is specific to BlackBerry Enterprise Server version 4.0. BlackBerry Mobile Data System is specific to BlackBerry Enterprise Server version 4.1 and later.
Cause 2
The Internet Information Services (IIS) Web server is not configured for Basic Authentication.
Resolution
Complete the appropriate resolution from the list below.
Cause 1
The Support HTTP Authentication option is set to False in the BlackBerry MDS Properties.
Resolution
Set the Support HTTP Authentication property to True under the HTTP properties for BlackBerry MDS Services.
Cause 2
The Internet Information Services (IIS) Web server is not configured for Basic Authentication.
Resolution
Modify the MDSLogin.conf and krb5.conf files to configure Kerberos™ authentication.
- The krb5.conf file contains Kerberos configuration information, including the locations of Key Distribution Centers (KDCs) and administration servers for the necessary Kerberos realms, defaults for the current realm, and for Kerberos applications and mappings of hostnames on to Kerberos realms.
- The MDSLogin.conf file is used to define how BlackBerry MDS logs in to network services.
These configuration files contain certain values that can be modified to influence the login behavior used by the BlackBerry MDS Connection Service. For example, if an administrator wishes to configure the BlackBerry MDS Connection Service to support authentication, the krb5.conf file includes some lines that must be edited to include certain required information, such as the Kerberos realm. The MDSLogin.conf file needs to have the domain that is being used specified in the MDS_Default section. Additionally, the BlackBerry Enterprise Server needs to be told to support authentication via a configuration setting located in the BlackBerry Manager.
For more information on configuring the BlackBerry MDS to use Kerberos authentication, see KB15642.
Additional Information
This error can also occur if the IIS Web server is not configured for Basic Authentication.
Kerberos authentication can be configured in this circumstance by appropriately modifying the MDSLogin.conf and KRB5.conf files.
Note: A restart of the BlackBerry MDS services is required after making these changes.
__________________
http://blog.port3101.org/hdawg/
The views expressed by me on Port3101 and its affiliated sites are my own and do not necessarily reflect the views of my employer.
|
Linear Mode
