“The username, password, or domain is not correct. Please correct the entry” error when trying to log on to BlackBerry Administration Service using Windows Authentication.

Article ID: KB18267

Type: Support Content

Last Modified: 05-02-2014

 

Product(s) Affected:

  • BlackBerry Enterprise Server for Microsoft Exchange
  • BlackBerry Enterprise Server for IBM Lotus Domino
  • BlackBerry Enterprise Server for Novell GroupWise
CollapseEnvironment
  • BlackBerry Enterprise Server 5.0
  • DT 311758
CollapseOverview

While trying to authenticate to BlackBerry Administration Service using a BlackBerry Administration Service administrative account that was added from Microsoft Active Directory, the following error is displayed:

The username, password, or domain is not correct. Please correct the entry.

However, the authentication credentials have passed and are correct.

When viewing the BlackBerry Administration Service Application Server log in C:\Program Files\Research In Motion\BlackBerry Enterprise Server\Logs\<date>, the following is seen:

{http-SERVER.DOMAIN%2Fxx.xx.xx.xxx-xxx-2} [com.rim.bes.basplugin.activedirectory.LdapSearch] [INFO] [ADAU-1001] {u=SystemUser, t=3096} performPagedLDAPSearch problem performing LDAP operation: url=ldap://server.domain.com:389 base=CN=Partitions,CN=Configuration,DC=domain,DC=com filter=(&(objectClass=crossRef)(systemFlags:1.2.840.113556.1.4.803:=3)(|(nETBIOSName=domain)(dnsRoot=domain))) scope=1error=javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]; remaining name 'CN=Partitions,CN=Configuration,DC=domain,DC=com'

CollapseCause

The LDAP user account has Do not require Kerberos preauthentication checked.

This account can be found under the Administration Service – LDAP tab of the BlackBerry Server Configuration panel. All connections to the LDAP Server are made under these credentials.

CollapseResolution

This is a previously reported issue that has been escalated internally to our development team. No resolution time frame is currently available.

CollapseWorkaround

Clear the Do not require Kerberos preauthentication option for the LDAP user within Microsoft Active Directory by completing the following steps:

  1. Open Users and Computers in Microsoft Active Directory and locate the relevant account.
  2. In the user properties, click the Account tab.
  3. Under the Account options section, clear the Do not require Kerberos preauthentication check box and click Apply.
  4. Restart the BlackBerry Administration Service - Application Service and the BlackBerry Administration Service - Native Code Container.

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.