Crackberry – Active Directory Authentication fails on Webconsole

Do you know when at times you have to “fortune” (notice I did not add the prefix of good-) of reminding oneself of the pieces of technology you really don’t like…. well I believe today was one such day.

Great for consumers, often not so great for techs

 

When you hear me say “.. I don’t like Blackberry…” its not because the devices are ugly, cumbersome and ultimately limited and out of date (even though the preceding statement is true). It is really because there are some fundamental pains that any Administrator of such a system has to endure with a smile.

 

I forget to count how many times I have had to solve this similar issue where the AD authentication with the BES database fails… and yes, there are always “mitigating” circumstances that precede such an event, like user deletions, wrong passwords reset, server crashes, techy blunders etc but it is never fun to resolve it once occurred.

 

 

 

 

So here is my account of today’s scenario:

  • Somehow Mr S.Tshabalala became the preferred account BES would try read/write to Exchange with. (I found this out by running the IEMSTest.exe utility found here “c:\Program Files (x86)\Research In Motion\BlackBerry Enterprise Server\Utility”
  • Fixing this by deleting and recreating the MAPI profile(follow this article http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB10285 )
  • I found some EWS Calendar issues after rerunning the IEMSTest.exe utility.
  • Proceeding to the Login issue I found some inconsistencies in the Data base.
    • for some reason I could update the password field but still not login
    • i noticed that the AuthenticationType field was neither a “1″ nor a “0″ for the admin user(1 being AD Auth and 0 being BBAS Auth)
    • this lead me to believe that something must have gone wrong at an earlier attempt to reset passwords
    • I corrected this by manually editing the mode to “0″ (not recommended)
  • This now allowed me to run the right script (find it here) to reset the password to “blackberry”

And There you have it… Logging into the Administration Console with the user: admin and the password: blackberry

Some notes for reference:

  • To reset the password using this script you do NOT have to stop or start services
  • Once the DB has been changed to BBAS authentication it can’t be changed back to AD (I can’t find anything relating to this on the net, but you could escalate to RIM if you deem it important)

I really hope this assists some admins to solve this pain faster than I did.

Cheers