Welcome to Port3101.org : Your BES Connection Mark forums read | View Forum Leaders
Port3101.org : Your BES Connection



Reply
LinkBack (2) Thread Tools Display Modes
KB18161 - Unable to administer the BlackBerry Administration Service
 
  2 links from elsewhere to this Post. Click to view. #1 (permalink)  
Old 05-14-2009, 10:01 AM
Cheese Sammich's Avatar
Super Moderator
 
Join Date: Dec 2008
Location: Long Island
Posts: 232
Default KB18161 - Unable to administer the BlackBerry Administration Service

KB18161 - Unable to administer the BlackBerry Administration Service after using the BlackBerry Server Configuration tabs

Environment

  • BlackBerry® Enterprise Server software version 5.0
  • SDR299265



Overview

After editing the LDAP Password field on the Administration Service - LDAP tab in the BlackBerry Server Configuration tool, Administrators can no longer log into the BlackBerry Administration Service console using Windows (Microsoft® Active Directory®) Authentication.





Cause

For security reasons, the LDAP password is hashed before being stored in the BlackBerry Configuration Database. This ensures that it cannot be accessed and used directly from the Microsoft® SQL Server®. To use the password, the BlackBerry Administration Service must retrieve the password from the Hash value that was created when the password was inserted into the BlackBerry Configuration Database. When the password is edited on the BlackBerry Server Configuration screen, it is put in the database in plain text, instead of the Hashed value. Because the BlackBerry Administration Service automatically attempts to retrieve the password from Hash, it does not understand the plain text password. This prevents the BlackBerry Administration Service from authenticating against Microsoft Active Directory, and therefore from authenticating other users for login.
If you are experiencing this issue, the following log line appears in the BAS-AS log file:

[WARN] [BBAS-2015] {u=1, uc=-1, o=0, t=150975} _getExternalAuthenticatorId could not find external authenticator identifier - com.rim.bes.bas.usermanager.CouldNotFindExternalAuthenticatorIdException: Message: 'LOGIN ERROR: findExternalAuthenticatorIdLocal failed to login as LDAP user com.rim.bes.bas.pluginmanager.InvalidAuthenticationException: Message: 'LOGIN ERROR: loginAsLdapUser exception during authentication com.rim.bes.bas.util.BASCouldNotCompleteRequestRollbackException: getAuthenticationCredentialsLocal stored password could not be decrypted', nested exception: 'getAuthenticationCredentialsLocal stored password could not be decrypted'', nested exception: 'Message: 'LOGIN ERROR: loginAsLdapUser exception during authentication com.rim.bes.bas.util.BASCouldNotCompleteRequestRollbackException: getAuthenticationCredentialsLocal stored password could not be decrypted', nested exception: 'getAuthenticationCredentialsLocal stored password could not be decrypted''





Resolution

This issue has been resolved in BlackBerry Enterprise Server 5.0 Maintenance Release 1.

To apply Maintenance Release 1 complete the following steps:
  1. Log in as the BlackBerry service account.
  2. Click on Start > Run > Services.msc.
  3. Stopall BlackBerry Services.
  4. Double-click bes500mr1.msp to install Maintenance Release 1.
  5. Start all BlackBerry Services.

    Important: Restarting certain BlackBerry Enterprise Server services will delay email message delivery to BlackBerry smartphones. For more information, see KB04789

    For more information about Maintenance Release 1 see the Release Notes.
To ensure the password gets put into the database as the correct hashed value, complete the following steps:
  1. Click on Start > Programs > BlackBerry Enterprise Server > BlackBerry Server Configuration.
  2. Click on the Administration Service - LDAP tab.
  3. Enter the LDAP password for the corresponding LDAP user account.
  4. Click Verify.
  5. Click Apply and OK.
  6. Restartthe BlackBerry Administration Service - Native Code Container service.

    Note: Restarting the "BlackBerry Administration Service - Native Code Container" service will also restart the "BlackBerry Administration Service - Application Server service."



Workaround

To work around the issue, perform one of the following options:

Option 1
  1. On the server where the BlackBerry Administration Service is installed, navigate to the following directory from a command prompt:

    :\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS\bin
  2. Run the following command:

    basUtility "C:\Program Files\Java\jre1.5.0_15" "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS" encode "" > C:\Output.txt
  3. Open the text file created in Step 2.
  4. Copy the hashed version of the password to your Microsoft SQL Server.
  5. Run the following SQL Query against the BlackBerry Configuration Database:

    update BASAuthenticationCredentials set password = '' where AuthenticationType LIKE '1'
  6. Restart the BlackBerry Administration Service services.
  7. Log in to the BlackBerry Administration Service using Microsoft Active Directory.
Option 2

Install the BlackBerry Administration Service again.
__________________
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 05-26-2009, 07:11 PM
Otto's Avatar
Proprietor
 
Join Date: Nov 2008
Location: Atlanta, GA
Posts: 2,033
Blog Entries: 14
Default

FYI, this symptom should result in the following error message in the BBAS-AS log file:

java.lang.NumberFormatException: Illegal embedded minus sign

I didn't see this mentioned in the KB or on Google, so I figured it best to start the indexing here
__________________
BCSA (4.1, 5.0) | BCSD (4.1, 5.0)

The views expressed by me on Port3101.org are my own and do not necessarily reflect the views of my employer.
Reply With Quote
  #3 (permalink)  
Old 07-15-2009, 08:32 AM
Otto's Avatar
Proprietor
 
Join Date: Nov 2008
Location: Atlanta, GA
Posts: 2,033
Blog Entries: 14
Default

Just to note, this was resolved in MR1.
__________________
BCSA (4.1, 5.0) | BCSD (4.1, 5.0)

The views expressed by me on Port3101.org are my own and do not necessarily reflect the views of my employer.
Reply With Quote
  #4 (permalink)  
Old 09-21-2009, 09:05 PM
hdawg's Avatar
Proprietor
 
Join Date: Nov 2008
Posts: 2,257
Blog Entries: 147
Default

updated
__________________
http://blog.port3101.org/hdawg/
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On


LinkBacks (?)
LinkBack to this Thread: http://www.port3101.org/featured-blackberry-kb-articles/986-kb18161-unable-administer-blackberry-administration-service.html
Posted By For Type Date
ICTdesk.net: BES 5.0 cannot log into BlackBerry Administration Service This thread Refback 01-13-2010 04:27 PM
Unable to Login with Active Directory Authentication This thread Refback 10-19-2009 08:29 AM

Similar Threads
Thread Thread Starter Forum Replies Last Post
KB18670 - Unable to access the BlackBerry Administration Service hdawg Featured BlackBerry KB Articles 0 07-06-2009 10:36 PM
KB18177 - Unable to log on to BlackBerry Administration Service due to clock time ... hdawg Featured BlackBerry KB Articles 0 05-26-2009 11:50 AM
KB17644 - Unable to log in to the BlackBerry Administration Service or BlackBerry WDM hdawg Featured BlackBerry KB Articles 0 05-26-2009 01:02 AM
KB17894 - Unable to log on to the BlackBerry Administration Service web console Cheese Sammich Featured BlackBerry KB Articles 0 05-14-2009 10:05 AM
BlackBerry Administration Service / AD AUthentication Cheese Sammich Port 3101: The BES Admin Bar & Grill 1 05-14-2009 09:55 AM


All times are GMT -4. The time now is 08:14 AM.
Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2019, vBulletin Solutions, Inc.


 

SEO by vBSEO 3.3.2 PL2