BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 03-23-2009, 05:40 PM   #1 (permalink)
Talking BlackBerry Encyclopedia
 
sniffs's Avatar
 
Join Date: May 2008
Model: 8310
PIN: N/A
Carrier: AT&T
Posts: 230
Post Thanks: 1
Thanked 0 Times in 0 Posts
Default OCS Authentication issues (yes I've searched!)

Please Login to Remove!

Ok, OCS was working fine.. then I think one of my engineers changed something and now I'm seeing this.. (of course I'm going to strangle them..)

<2009-03-23 13:41:30.185 PDT>:[2562]:<BBIM_NVMAILBB1_BBIM_1>:<INFO >:<LAYER = BBIM, DEVICEPIN = 243799e0, USERID = u4f, SIP URI = [email address]>
<2009-03-23 13:41:30.185 PDT>:[2563]:<BBIM_NVMAILBB1_BBIM_1>:<INFO >:<LAYER = BBIM, DEVICEPIN = 243799e0, USERID = u4f, Account = [email address]>
<2009-03-23 13:41:30.185 PDT>:[2564]:<BBIM_NVMAILBB1_BBIM_1>:<DEBUG>:<LAYER = SCM, EVENT = ScheduleJob, JobPool = IMLoginJobPool, queueLength = 0, availableThreads = 4>
<2009-03-23 13:41:30.185 PDT>:[2565]:<BBIM_NVMAILBB1_BBIM_1>:<DEBUG>:<LAYER = BBIM, EVENT = ReceivedFromDevice, SRPID = S80353178, DEVICEPIN = 243799e0, USERID = u4f, TAG = F4794468, SIZE = 354>
<2009-03-23 13:41:30.216 PDT>:[2566]:<BBIM_NVMAILBB1_BBIM_1>:<INFO >:<LAYER = BBIM, DEVICEPIN = 243799e0, USERID = u4f, Integrated Authentication fails due to invalid username/password or incorrect config/krb5.conf. URL = https://server1.com.lan:443/iwa/logon.html>
<2009-03-23 13:41:30.263 PDT>:[2567]:<BBIM_NVMAILBB1_BBIM_1>:<DEBUG>:<LAYER = SCM, EVENT = FinishJob, name = IMLoginJobPool-Thread-5, timeSpent(ms) = 78, JobPool = IMLoginJobPool, queueLength = 0, availableThreads = 4>
<2009-03-23 13:41:33.498 PDT>:[2568]:<BBIM_NVMAILBB1_BBIM_1>:<WARNG>:<LAYER = BBIM, DEVICEPIN = 243799e0, USERID = u4f, CWA Server -> IM Proxy failure event = code=18100, subCode=2, detail=Sign-in to OCS failed, reason=Session not found, stackTrace=null>
<2009-03-23 13:41:33.498 PDT>:[2569]:<BBIM_NVMAILBB1_BBIM_1>:<DEBUG>:<LAYER = BBIM, DEVICEPIN = 243799e0, USERID = u4f, TAG = 1943995343, EVENT = OUTGOING, TYPE = 2, METHOD = writeLoginResponse, RESULT = 304, SIZE = 10>
<2009-03-23 13:41:33.498 PDT>:[2570]:<BBIM_NVMAILBB1_BBIM_1>:<DEBUG>:<LAYER = BBIM, EVENT = CreatedQueue, DEVICEPIN = u4f>


Has anyone seen this? IIS and CWA are both set to IWA logon.. I'm not seeing any FW blocks..users can log into officecomm on the PC as well as CWA.. just cannot login via the BB Client.
__________________
Your lack of planning is not my emergency.

Last edited by sniffs : 03-23-2009 at 05:42 PM.
Offline  
Old 03-24-2009, 10:40 AM   #2 (permalink)
Knows Where the Search Button Is
 
Join Date: Feb 2007
Model: 9700
Carrier: Telus
Posts: 41
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

This is what I had replied to someone a long time ago when I was setting ours up...

Those that are getting the error "incorrect config in krb5.conf blah blah blah" and have no proxy configured for MDS. Try opening the file krb5.conf with notepad. Change what it tells you to change. I think it looked like this by default

[libdefaults]
default_tkt_enctypes = des-cbc-md5 ; or des-cbc-crc
default_tgs_enctypes = des-cbc-md5 ; or des-cbc-crc

[realms]
# change COMPANY.COM to your Kerberos realm
# change KDC:88 to the hostname:port of KDC
COMPANY.COM = {
kdc = HOSTNAME:88
}

We changed "company.com and hostname" to our relevant information.
So company.com becomes your domain.com and KDC:88 becomes your primary domain controller:88

Restarted the service and voila. Now RIM needs to post some documents up so this doesn't have to be so hard.

Oh, and that file is located in c:\Program Files\Research In Motion\BlackBerry Enterprise Server\BBIM\Servers\BESSERVERNAME\config
Offline  
Old 03-24-2009, 02:51 PM   #3 (permalink)
Talking BlackBerry Encyclopedia
 
sniffs's Avatar
 
Join Date: May 2008
Model: 8310
PIN: N/A
Carrier: AT&T
Posts: 230
Post Thanks: 1
Thanked 0 Times in 0 Posts
Default

well that krb5.conf file was never configured for my first BES and it was working fine.

We've got IWA and FB auth enabled, we have a CWA server and a CWAr2 server. The CWA server was working fine then something changed.. my system engineer is trying to integrate OCS with Cisco Call manager and he swears he didnt make any changes to CWA/OCS.

If I tell the BES to point to the R2 server, I get a different set of errors.. I get the error that CWA failed to return a cwaTicket response.. according to the RIM KB doc, IWA needs to be turned on.

It says to turn it on in the Blackberry Enterprise Server and then just below it says to turn it on on the Office Communicator 2007 server. Do they mean the CWA server or the backend server? and do they mean specifically the CWA authentication tab in the config? or in IIS?
__________________
Your lack of planning is not my emergency.
Offline  
Old 03-24-2009, 04:25 PM   #4 (permalink)
Knows Where the Search Button Is
 
Join Date: Feb 2007
Model: 9700
Carrier: Telus
Posts: 41
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

All I know is that when we migrated to OCS 2007, thats what had to be done. If you do a search for krb5.conf, you'll find some threads.

Other than that you lost me. Sounds like you were mucking with the web site in IIS. My best guess...there is more than one problem here. Have you even tried entering in your values to the file? Or just forgot about it because it was "working before"
Offline  
Old 03-26-2009, 11:44 AM   #5 (permalink)
Knows Where the Search Button Is
 
Join Date: Sep 2006
Model: 9700
Carrier: Rogers
Posts: 39
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

krb5.conf needs to be setup for AD authentication.
Offline  
Old 04-15-2009, 08:50 AM   #6 (permalink)
Thumbs Must Hurt
 
blueshockeynut's Avatar
 
Join Date: Jan 2008
Model: 8310
PIN: N/A
Carrier: AT&T
Posts: 53
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Just as an update for everyone trying to run OCS 2007 R2, it is not officially supported by RIM at this point, probably not till SP1 or SP2 of BES 5.0, the reason being is Microsoft pulled out support for AJAX in R2, I know both RIM and Microsoft are working on this issue, currently if you have an R2 enviorment, you have to setup an R1 CWA server for OCS to work on the Blackberry.

JB
__________________
Never Quit.
Never do the expected.
Never rest on your laurels.
Never think great is good enough.
NEVER FOLLOW.
Offline  
Old 04-29-2009, 09:43 AM   #7 (permalink)
Thumbs Must Hurt
 
Join Date: Jan 2005
Model: 8300
Carrier: Vodafone
Posts: 56
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Ocs 2007 R2

That's the exact issue we have. We want to federate so i upgraded to OCS 2007 R2 as the natting and the like becomes a let easier with R2.

Now oour BB's are not connecting.

Thanks for the tip. I'll install a R1 CWA server for now.
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.