Welcome to Port3101.org : Your BES Connection Mark forums read | View Forum Leaders
Port3101.org : Your BES Connection



Reply
LinkBack Thread Tools Display Modes
KB17950 - "The username, password, or domain is not correct. Please correct the ...
 
  #1 (permalink)  
Old 08-30-2009, 11:55 AM
hdawg's Avatar
Proprietor
 
Join Date: Nov 2008
Posts: 2,257
Blog Entries: 147
Default KB17950 - "The username, password, or domain is not correct. Please correct the ...

KB17950 - "The username, password, or domain is not correct. Please correct the entry" error when trying to authenticate to BlackBerry Web Desktop Manager


Environment

  • BlackBerry® Enterprise Server version 5.0
  • SDR312881



Overview

While trying to authenticate to BlackBerry Web Desktop Manager using a BlackBerry user account that was added from Microsoft® Active Directory®, you receive the error The username, password, or domain is not correct. Please correct the entry. However, the authentication credentials have passed and are correct.
When viewing the BlackBerry Administration Service Application Server log, located in C:\Program Files\Research In Motion\BlackBerry Enterprise Server\Logs\ , you see the following:

{http-SERVER.DOMAIN.COM%2F10.9.12.93-443-2} [com.rim.bes.basplugin.activedirectory.LdapSearch] [INFO] [ADAU-1001] {u=SystemUser, t=3767} performPagedLDAPSearch problem performing LDAP operation: url=ldap://server.domain.com:389 base=CN=Partitions,CN=Configuration,DC=domain,DC=com filter=(&(objectClass=crossRef)(systemFlags:1.2.840.113556.1.4.803:=3)(|(nETBIOSName=dsnet)(dnsRoot=dsnet))) scope=1error=javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))]]



Cause

The BlackBerry Administration Service is unable to perform a reverse address lookup, or receives invalid results for the reverse lookup.
Cause 1
The server that hosts the Lightweight Directory Access Protocol (LDAP) BlackBerry Administrative Service is trying to get a Kerberos™ ticket for, does not have a reverse Domain Name System (DNS) entry (PTR record) that resolves to the principal name registered in Microsoft Active Directory. For example, a PTR record may resolve an Internet Protocol (IP) address to ldapserver.domain.com, however the servicePrincipalName attribute on the server object in Microsoft Active Directory will not have an entry for ldap/ldapserver.domain.com. It could be that the reverse zone was manually created and configured to match a disjointed name space.
Cause 2
On the computer that hosts the BlackBerry Administration Service, there is an entry in the C:\Windows\System32\drivers\etc\hosts file that points to the IP address of the LDAP server, but references an incorrect host name. For example, an organization's LDAP server is ldapserver.domain.com with an IP address of 192.168.2.1, but the hosts file on the BlackBerry Administration Service computer has an entry such as the following:
192.168.2.1 .domain.com



Workaround

Cause 1
The server that hosts the Lightweight Directory Access Protocol (LDAP) BlackBerry Administrative Service is trying to get a Kerberos ticket for, does not have a reverse Domain Name System (DNS) entry (PTR record) that resolves to the principal name registered in Active Directory
Workaround 1
Edit the PTR record in DNS for the IP address of the LDAP server so that it matches the name registered in Active Directory. Kerberos needs to locate the principal name to a servicePrincipalName attribute in Active Directory so the key distribution center can issue a ticket for the LDAP service.
Cause 2
On the computer that hosts the BlackBerry Administration Service, there is an entry in the C:\Windows\System32\drivers\etc\hosts file that points to the IP address of the LDAP Server, but references an incorrect host name.
Workaround 2

1. Open C:\Windows\System32\drivers\etc\hosts in a text editor like notepad
2. Comment the invalid line from the hosts file by placing a # before the IP address as indicated below, and save the file:
#192.168.2.1 .domain.com

3. Open a command prompt and type ipconfig /flushdns in order to flush the local DNS cache.
4. Restart the BlackBerry Administration Service
__________________
http://blog.port3101.org/hdawg/
Reply With Quote
Sponsored Links
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
KB19200 - “The username, password, or domain is not correct. Please correct the ... hdawg Featured BlackBerry KB Articles 0 08-17-2009 06:01 PM
KB15983 - The Internet ID or Password is not correct. Please re-enter hdawg Featured BlackBerry KB Articles 0 08-16-2009 07:17 PM
KB16413 - Caller ID does not display the correct information when placing a call hdawg Featured BlackBerry KB Articles 0 07-30-2009 02:12 PM
KB17949 - Username, password, or domain is not correct. ... error with BAS hdawg Featured BlackBerry KB Articles 1 07-02-2009 06:14 AM
KB13718 - Correct order to start and stop BlackBerry services Si Featured BlackBerry KB Articles 1 06-19-2009 07:22 PM


All times are GMT -4. The time now is 10:32 PM.
Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2018, vBulletin Solutions, Inc.


 

SEO by vBSEO 3.3.2 PL2