Ok...re-installed BES. I'm able to login using the BAS Admin login I created during the install. Thanks for your assistance, John. I don't know if this is MR2 - it's the demo download at this point as we're within 60 days of buying the software.
New (perhaps not really new) problem - it appears that LDAP lookups are not happening. If I try to log in to the Web Desktop, no matter which user I try in my organization, the login does not authenticate. I'm not sure which log to look in to see if there are errors, but on the DC (WS2k8R2), I am seeing Kerberos-Key-Distribution-Center error 14 messages. Sean Rector, MCSE ________________________________ From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Monday, September 28, 2009 4:19 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Are you running MR2? I believe there was an similar issue from MR1 but I can't recall if it was both auth methods or just LDAP.. Just a guess, but possibly reinstall BAS... Last ditch effort try resetting the local pwd..Backup your DB up first... http://supportforums.blackberry.com/rim/board/message?board.id=bes5&message.id=844&query.id=3326021#M844 " Log into the BES server itself Open SQL administrator Go to the BESMgmt database Expand tables Open the dbo.BASUsers table If you have not created any other admin users, and chances are you did not if you are reading this, the last user listed will be the system admin user Scroll right to the LoginPassword collumn Paste this hash into that field - 431d615b2de61fb1 - this will change your BAS login to "berry" Now log in with that password and go to Manage Users and click on search to populate you list Click on the System Administrator user and select edit user Click on the wrench to the right of the user and type in your new password, then click the green check mark tot he right MOST IMPORTANT - click SAVE ALL at the bottom Now you are all set to log out and back in with your new secure password " Out of curiosity, your LDAP cfg is fine/validates on the BES cfg tool? Do you have any users activated on this server? If so, can they log into the BAS interface via ldap? Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Monday, September 28, 2009 12:01 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Yes. Right on both questions... Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Monday, September 28, 2009 2:59 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service But you mentioned you are using the AD login in your OP? So have you selected BAS from the drop down and tried that local acct? Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Monday, September 28, 2009 11:50 AM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Yes...and it won't accept that - with nothing noted in the BAS AS log. Sean Rector, MCSE From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Monday, September 28, 2009 2:42 PM To: MS-Exchange Admin Issues Subject: RE: 1st BES Install - can't login to Administration Service Did you create the local admin pwd? In BES 5.0, the svc account model for interactive and management logon has changed....by default, unless you are upgrading and had set the permissions there, the svc account has no BAS rights. Do you remember the local Admin pwd? It prompted you for it during the install. Thanks, JB From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Monday, September 28, 2009 11:31 AM To: MS-Exchange Admin Issues Subject: 1st BES Install - can't login to Administration Service BES 5.0 - on Windows Server 2003 Std. When I try to log in using the admin account I specified in the setup process returns "The username, password, or domain is not correct. Please correct the entry." I'm using Active Directory for the login method - which I specified and verified in the setup wizard. When I check the DC (Server 2008 R2), I see the following Event ID: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 9/28/2009 2:26:17 PM Event ID: 4768 Task Category: Kerberos Authentication Service Level: Information Keywords: Audit Failure User: N/A Computer: VOA-NOR-DC01.vaopera.net Description: A Kerberos authentication ticket (TGT) was requested. Account Information: Account Name: sean.rector.adm Supplied Realm Name: VAOPERA.NET User ID: NULL SID Service Information: Service Name: krbtgt/VAOPERA.NET Service ID: NULL SID Network Information: Client Address: 10.0.0.45 Client Port: 3420 Additional Information: Ticket Options: 0x0 Result Code: 0xe Ticket Encryption Type: 0xffffffff Pre-Authentication Type: - Certificate Information: Certificate Issuer Name: Certificate Serial Number: Certificate Thumbprint: Certificate information is only provided if a certificate was used for pre-authentication. Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" /> <EventID>4768</EventID> <Version>0</Version> <Level>0</Level> <Task>14339</Task> <Opcode>0</Opcode> <Keywords>0x8010000000000000</Keywords> <TimeCreated SystemTime="2009-09-28T18:26:17.831284900Z" /> <EventRecordID>7226755</EventRecordID> <Correlation /> <Execution ProcessID="940" ThreadID="1680" /> <Channel>Security</Channel> <Computer>VOA-NOR-DC01.vaopera.net</Computer> <Security /> </System> <EventData> <Data Name="TargetUserName">sean.rector.adm</Data> <Data Name="TargetDomainName">VAOPERA.NET</Data> <Data Name="TargetSid">S-1-0-0</Data> <Data Name="ServiceName">krbtgt/VAOPERA.NET</Data> <Data Name="ServiceSid">S-1-0-0</Data> <Data Name="TicketOptions">0x0</Data> <Data Name="Status">0xe</Data> <Data Name="TicketEncryptionType">0xffffffff</Data> <Data Name="PreAuthType">-</Data> <Data Name="IpAddress">10.0.0.45</Data> <Data Name="IpPort">3420</Data> <Data Name="CertIssuerName"> </Data> <Data Name="CertSerialNumber"> </Data> <Data Name="CertThumbprint"> </Data> </EventData> </Event> Your help is appreciated! Sean Rector, MCSE Information Technology Manager Virginia Opera Association E-Mail: sean.rec...@vaopera.org<mailto:sean.rec...@vaopera.org> Phone: (757) 213-4548 (direct line) {*} {+}