“The username, password, or domain is not correct. Please correct the entry” error when trying to log on to BlackBerry Administration Service using Windows Authentication.

Article ID: KB18267

Type: Support Content

Last Modified: 12-14-2011


Product(s) Affected:

  • BlackBerry Enterprise Server for Novell GroupWise
  • BlackBerry Enterprise Server
  • BlackBerry Enterprise Server for Microsoft Exchange
  • BlackBerry Enterprise Server for IBM Lotus Domino
  • BlackBerry® Enterprise Server 5.0
  • SDR311758

While trying to authenticate to BlackBerry Administration Service using a BlackBerry Administration Service administrative account that was added from Microsoft® Active Directory®, you receive the following error:

The username, password, or domain is not correct. Please correct the entry.

However, the authentication credentials have passed and are correct.

When viewing the BlackBerry Administration Service Application Server log in C:\Program Files\Research In Motion\BlackBerry Enterprise Server\Logs\<date>, you see the following:

{http-SERVER.DOMAIN%2Fxx.xx.xx.xxx-xxx-2} [com.rim.bes.basplugin.activedirectory.LdapSearch] [INFO] [ADAU-1001] {u=SystemUser, t=3096} performPagedLDAPSearch problem performing LDAP operation: url=ldap://server.domain.com:389 base=CN=Partitions,CN=Configuration,DC=domain,DC=com filter=(&(objectClass=crossRef)(systemFlags:1.2.840.113556.1.4.803:=3)(|(nETBIOSName=domain)(dnsRoot=domain))) scope=1error=javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]; remaining name 'CN=Partitions,CN=Configuration,DC=domain,DC=com'

The LDAP user account has "Do not require Kerberos™ preauthentication" checked. This account can be found under the Administration Service – LDAP tab of the BlackBerry Server Configuration panel. All connections to the LDAP Server are made under these credentials.

This is a previously reported issue that has been escalated internally to our development team. No resolution time frame is currently available.


Clear the Do not require Kerberos preauthentication option for the LDAP user within Microsoft Active Directory by completing the following steps:

  1. Open Users and Computers in Microsoft Active Directory and locate the relevant account.
  2. In the user properties, click the Account tab.
  3. Under the Account options section, clear the Do not require Kerberos preauthentication check box and click Apply.
  4. Restart the BlackBerry Administration Service - Application Service and the BlackBerry Administration Service - Native Code Container.


By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.

Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.