Can’t login to BES 5.0 BAS Web Console
Rob | July 22, 2009We have been making the move from Microsoft ActiveSync to Blackberry Enterprise Server over the past few weeks and months, today was the first real handset rollout and it didn’t get off to the best start. The first handset to be connected failed and when my messaging administrator went to review the BES configuration he could not login using the web console.
After some poking about we found that the issue was down to a ‘known issue’ which BlackBerry have published here.
The message being presented was: “The username, password, or domain is not correct. Please correct the entry.”” wheather we used Active Directory authentication or the local account. The reason being that the LDAP password is hashed before being stored in the BlackBerry Configuration Database, however, in our instance, this had been stored in plain text, therefore, when the BAS was passing the password hashed, the two did not match. BlackBerry claim this occurs when the password is edited on the BlackBerry Server Configuration screen, however, we found this changed randomly.
Currently there is no known fix but the workaround is to do the following:
- Navigate to the “Program Files\Research In Motion\BlackBerry Enterprise Server\BAS\bin” directory
- Run the following command “basUtility “C:\Program Files\Java\jre1.5.0_15” “C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS” encode “<LDAP Password>” > C:\<Anything>.txt
- Open the txt file you’ve created and copy the password which should be in a hashed format.
- Open SQL and backup the ‘BlackBerry Configuration’ database
- Now check the password in BASAuthenticationCredentials row of the ‘BlackBerry Configuration’ database and you should see that it is stored in plain text.
- Replace the plain text password with the hashed one you exported from BES in step 2.
- Restart the BAS services.
Once done you should now be able to login.