Exchange Server | Murat Bilici

"Empower your knowledge"

Unable to administer the BlackBerry Administration Service after using the BlackBerry Server Configuration tabs

Environment

  • BlackBerry® Enterprise Server version 5.0
  • SDR299265

Overview
After editing the LDAP Password field on the Administration Service – LDAP tab in the BlackBerry Server Configuration tool, Administrators can no longer log into the BlackBerry Administration Service console using Windows (Active Directory) Authentication.
Cause
For security reasons the LDAP password is hashed before being stored in the BlackBerry Configuration Database. This ensures that it cannot be accessed and used directly from Microsoft® SQL Server®. In order to use the password the BlackBerry Administration Service must retrieve the password from the Hash value that was created when the password was inserted into the BlackBerry Configuration Database. When the password is edited on the BlackBerry Server Configuration screen, it is put in the database in plain text, instead of the Hashed value. Because the BlackBerry Administration Service automatically attempts to retrieve the password from Hash, it does not understand the plain text password. This prevents the BlackBerry Administration Service from authenticating against Microsoft® Active Directory and therefore from authenticating other users for login.

Resolution
This is a previously reported issue and is currently under investigation to be resolved in a later release of the BlackBerry Enterprise Server. There is no known resolution at this time.

Workaround
To work around the issue, perform one of the following options:

Option 1

  1. On the server where the BlackBerry Administration Service is installed, navigate to this directory:
    <drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS\bin
  2. Run the following command:
    basUtility “C:\Program Files\Java\jre1.5.0_15″ “C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS” encode “<LDAP Password>” C:\Output.txt
  3. Open the text file created in Step 2.
  4. Copy the hashed version of the password to your Microsoft SQL Server.
  5. Run the following SQL Query against the BlackBerry Configuration Database:
    update BASAuthenticationCredentials set password = ‘<contents of output.txt>’ where AuthenticationType LIKE ’1′
  6. Restart the BlackBerry Administration Service services.
  7. Log in to the BlackBerry Administration Service using Microsoft Active Directory.

 

Option 2

Install the BlackBerry Administration Service again.

Categories: Blackberry Server