BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 07-31-2008, 02:52 PM   #1 (permalink)
New Member
 
Join Date: May 2008
Model: 8320
PIN: N/A
Carrier: T-Mobile
Posts: 2
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default BES 4.1.6 and OCS 2007

Please Login to Remove!

I am having an issue with authentication. =/
I have OCS 2007 with BES 4.1.6 and bb client 2.1.10

I have tried anonymous access enabled on the IIS site, no good
I have tried all sorts of different options on krb5.conf, no good

an additional difficulty i have is that my internal domain is different than the external and i want users to be able to login with their emails, not an internal suffix.

anyway, everything works via the web access portal and office communicator 2007.

i have changed the kerb5.conf to be .com and .lan. no success. same errors.

--------- kerb5.conf ---------
[libdefaults]
default_tkt_enctypes = des-cbc-md5 ; or des-cbc-crc
default_tgs_enctypes = des-cbc-md5 ; or des-cbc-crc

[realms]
# change COMPANY.COM to your Kerberos realm
# change KDC:88 to the hostname:port of KDC
company.lan = {
kdc = DomainController:88
}
--------- kerb5.conf ---------

---------- BBIM_01 ---------
SIP URI = myusername[at]company.com>
Account = company.lan\myusername>
Integrated Authentication fails due to invalid username/password or incorrect config/krb5.conf. ocs.company.lan:443/iwa/logon.html>
CWA Server -> IM Proxy failure response = CwaRequestFailedResponseType, rid = null>
CWA signon exception for ocs.company.lan:443/iwa/logon.html = CWA server did not return a cwaTicket in signon response>
---------- BBIM_01 ---------

-------BBIM Settings -------
Blackberry Collaboration Services Version: 4.1.6.26
Default Domain Name: company.lan
Host: ocs.company.lan
Port:443
Transport protocol: 1
-------BBIM Settings -------

--- OCS Server IIS logs with Anonymous Authentication Enabled ---
2008-07-31 06:48:45 W3SVC OCS_SERVER_IP POST /iwa/logon.html - 443 - BES_SERVER_IP MDS_4.1.6.26+(MSIE) 200 5 0
2008-07-31 06:48:45 W3SVC OCS_SERVER_IP POST /forms/logon.html - 443 - BES_SERVER_IP MDS_4.1.6.26+(MSIE) 200 0 0
--- OCS Server IIS logs with Anonymous Authentication Enabled ---

--- OCS Server IIS logs with Anonymous Authentication Disabled ---
2008-07-31 06:13:28 W3SVC OCS_SERVER_IP POST /iwa/logon.html - 443 - BES_SERVER_IP MDS_4.1.6.26+(MSIE) 401 2 2148074254
2008-07-31 06:13:28 W3SVC OCS_SERVER_IP POST /forms/logon.html - 443 - BES_SERVER_IP MDS_4.1.6.26+(MSIE) 200 0 0
--- OCS Server IIS logs with Anonymous Authentication Disabled ---

for those who are getting errors on /forms/logon.html. i think it tries both iwa (Integrated Windows authentication) and Form-based authentication. however i believe the bb client cannot use forms based authentication and you need to disable this in OCS 2007.

if i go to the /iwa/logon.html via a web browser on the network i get prompted for a username and password. i enter the same info as my bb client and it works fine. i get the success ticket.

note: i had to remove https:// because i dont have enough posts to insert links =/
any ideas?
Offline  
Old 08-07-2008, 01:10 PM   #2 (permalink)
New Member
 
Join Date: Oct 2007
Model: 8830
PIN: N/A
Carrier: Verizon
Posts: 3
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

georgedavid,

I was having the exact same issue until I created an internal virtual server on the OCS 2007 CWA server and checked both Windows Authentication and Form-based Authentication under the CWA Authentication Tab.
Offline  
Old 12-26-2008, 09:53 PM   #3 (permalink)
New Member
 
Join Date: Nov 2005
Location: Wilmington, DE
Model: 7230
Carrier: Verizon
Posts: 8
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by selbon View Post
georgedavid,

I was having the exact same issue until I created an internal virtual server on the OCS 2007 CWA server and checked both Windows Authentication and Form-based Authentication under the CWA Authentication Tab.
Did you install this in addtion to an external virtual server or did you delete the existing one you have and create a new one?

Could you please give more detail on your configuration.

Thanks!
Offline  
Old 12-30-2008, 07:00 PM   #4 (permalink)
New Member
 
Join Date: Nov 2008
Location: San Jose, CA
Model: 9530
OS: 4.7.0.122
PIN: N/A
Carrier: Verizon
Posts: 6
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Simply install a new Virtual Server with unique ports that you specificy on the BES to connect on.
Offline  
Old 01-13-2009, 11:54 AM   #5 (permalink)
Thumbs Must Hurt
 
Join Date: Dec 2005
Location: Toronto
Model: 7290
Carrier: Rogers
Posts: 57
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Are we talking about IIS->WebSite Properties->Security Tab or is there a specific Authentication TAB within OCS2007 interface? The only TAB i found on the OCS2007 is the one that has NTLM and Kerberos
Offline  
Old 05-04-2009, 08:55 AM   #6 (permalink)
New Member
 
Join Date: Mar 2006
Model: 8900
Carrier: AT&T
Posts: 2
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

By any chance did you ever get this working? I am running in to the exact same issue. Anything in particular I can look for to get this working?
Offline  
Old 05-04-2009, 09:29 AM   #7 (permalink)
Knows Where the Search Button Is
 
hugheser's Avatar
 
Join Date: Mar 2007
Model: 9000
Carrier: AT&T
Posts: 40
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by selbon View Post
georgedavid,

I was having the exact same issue until I created an internal virtual server on the OCS 2007 CWA server and checked both Windows Authentication and Form-based Authentication under the CWA Authentication Tab.
This is what I did to get it working as well. The important thing was to have both checked.
__________________
Brian
BES 5.0.1 for Exchange on Exchange 2007
Offline  
Old 05-05-2009, 08:29 AM   #8 (permalink)
New Member
 
Join Date: Oct 2008
Model: 8120
PIN: N/A
Carrier: Cable & Wireless
Posts: 4
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

make sure your CWA is NOT R2. It seems Microsoft removed AJAX from R2!!! You will need to install an instance of CWA R1 for Enterprise IM to work in OCS.
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.