BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 10-07-2009, 10:54 AM   #1 (permalink)
New Member
 
Join Date: Apr 2007
Model: 8800
PIN: N/A
Carrier: Cingular
Posts: 7
Post Thanks: 0
Thanked 0 Times in 0 Posts
Exclamation Device Password being reset

Please Login to Remove!

I have a user that has had their device locked and password reset on 2 different occasions. I am trying to figure out if there is some type of event logged in one of the BES logs when an administrator sends the command to lock the device and reset password. I have poured over the logs but everything is pretty generic and somewhat cryptic. I am unable to determine exactly when this command is being issued. I would appreciate any help on this.
Offline  
Old 10-12-2009, 08:27 AM   #2 (permalink)
x14
BlackBerry Extraordinaire
 
Join Date: Jul 2005
Location: NYC
Model: 9800
OS: 6.0.0.546
Carrier: AT&T
Posts: 2,344
Post Thanks: 0
Thanked 17 Times in 16 Posts
Default

If the password is being from BES you would see it in the user detail screen. It would have these status.

Password Sent:
Password Received:
__________________
Exchange 2007/BES 5.0.2 MR2
Offline  
Old 03-19-2010, 07:46 AM   #3 (permalink)
Knows Where the Search Button Is
 
Join Date: Feb 2007
Location: Virginia
Model: 9630
OS: 4.1.7
Carrier: Verizon
Posts: 21
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

I'm having the same issue with about 5 different users now.

They receive the message "Administrator has reset your password". With me being the only admin and not having sent the command to the device, it has me baffled atm. I have looked through the logs and have found nothing so far.

Any ideas what might be pushing this command out to random devices?

Last edited by Mather : 03-19-2010 at 07:48 AM.
Offline  
Old 03-19-2010, 11:24 AM   #4 (permalink)
Thumbs Must Hurt
 
wistowg's Avatar
 
Join Date: Apr 2006
Location: Leeds, UK
Model: 9900
Carrier: O2
Posts: 50
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

OTA password resets are recorded in the Policy log and you'll see an entry as below. Note that the user ID is erroneous. It isn't the ID of the user having their p/w reset and it isn't the ID of the Administrator doing the reset. The user ID in the policy log will be different as there is a different User-ID table for the policy service. RIM publish a script you can run against the database that will allegedly return the required information. Search for KB19251.

>>>>example from Policy log

[40000] (03/18 17:12:22.381):{0x25F4} {<emailaddress>, PIN=XXXXXXXX, UserId=973}SCS::ScheduleCommand - Queuing SET_PASSWORD_REQUEST request
[40000] (03/18 17:12:22.381):{0x25C8} {<emailaddress>, PIN=XXXXXXXX, UserId=973}RequestHandler::DoWork - Processing SET_PASSWORD_REQUEST request
[30000] (03/18 17:12:22.396):{0x25C8} {<emailaddress>, PIN=XXXXXXXX, UserId=973}RequestHandler::FormatGMETransactionFor Device - Sending SET_PASSWORD_REQUEST request to device, contentType=ITADMIN, size=52, RefId=0, TransactionId=-9223372035585907877, SRPID=XXXXXXXX, Tag=36558
[40000] (03/18 17:12:22.396):{0x25C8} {<emailaddress>, PIN=XXXXXXXX, UserId=973}RequestHandler::SendData - Submit ToRelaySendQ, PIN=XXXXXXXX, Tag=36558
[40000] (03/18 17:12:22.396):{0x25C0} [BIPP] Send data, Tag=36558
[40000] (03/18 17:12:22.396):{0x25C8} {<emailaddress>, PIN=XXXXXXXX, UserId=973}RequestHandler::DoWork - Completed SET_PASSWORD_REQUEST request
Offline  
Old 03-31-2010, 11:41 AM   #5 (permalink)
Knows Where the Search Button Is
 
Join Date: Feb 2007
Location: Virginia
Model: 9630
OS: 4.1.7
Carrier: Verizon
Posts: 21
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

I found the log entries no problem. But, what I'm trying to figure out is what is causing the command to be sent in the first place since I'm not sending the password reset command out to the device.
Offline  
Old 03-31-2010, 02:35 PM   #6 (permalink)
Knows Where the Search Button Is
 
Join Date: Oct 2006
Location: SoCal
Model: 9600
Carrier: Verizon
Posts: 38
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

FWIW, I've seen this, and don't think the command is actually being sent from the BES. Mostly older Curve devices. Seems to happen to many of them right after we apply the IT policy that forces a password in the first place.
Offline  
Old 04-01-2010, 06:41 AM   #7 (permalink)
Knows Where the Search Button Is
 
Join Date: Feb 2007
Location: Virginia
Model: 9630
OS: 4.1.7
Carrier: Verizon
Posts: 21
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

I'm running only 9630's and 9000's on BES, but that seems to be the case looking at the last applied times for the IT policy and Password status.
__________________
Mather

BES 4.1.7 for Exchange Windows 2003 Server
Offline  
Old 04-02-2010, 07:29 PM   #8 (permalink)
BlackBerry Elite
 
knottyrope's Avatar
 
Join Date: Jan 2008
Location: Massachusetts
Model: Z30
OS: 10.2.1
PIN: t of blood has been taken
Carrier: AT&T-US with I dee ten tee errors
Posts: 6,557
Post Thanks: 256
Thanked 260 Times in 246 Posts
Default

Had a user claimed his device wiped today on a 8520
__________________
irony : many old timer posters have de-evolved into the trolls they once fought
I am on http://supportforums.blackberry.com
BES 10 running sweet for my Z30, Z10 and Q10
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.