Sponsored Links

Go Back   The Unofficial BlackBerry Support Forum > BlackBerry Enterprise Server > General BES Discussion
Reload this Page Unable to log on to BlackBerry Administration Service due to clock time skew

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 11-05-2009, 01:12 AM
BESadmin's Avatar
Administrator
Join Date: Aug 2006
Posts: 2,006
Images: 827
Unable to log on to BlackBerry Administration Service due to clock time skew
Unable to log on to BlackBerry Administration Service due to clock time skew

Doc ID : KB18177
Last Modified : 05-08-2009
Document Type : Support

Environment
  • BlackBerry® Enterprise Server version 5.0
  • SDR301644
Overview

If a time skew (difference) between the server clock on the computer hosting the BAS-AS and BAS-NCC and the Domain Controller exists, users will not be able to log on to BlackBerry Administration Service and the following error will be reported on the BlackBerry Administration Service page:
The username, password, or domain is not correct. Please correct the entry.
Cause

The error displayed by BlackBerry Administration Service is misleading because the root cause of this problem is that there is a time skew greater than 5 minutes between the clock on the server hosting the BlackBerry Administration Service and the clock of the Domain Controller providing authentication services (KDC role).

The following log line will display in the BAS-AS log file:

{http-<BASName>%2F10.200.26.82-443-1} [com.rim.bes.basplugin.activedirectory.ActiveDirect oryManagerBean] [INFO] [ADAU-1000] {u=SystemUser, t=32681} loginAsLdapUser failed to authenticate LDAP user=besadmin, realm=<Domain>, kdc=<Domain Controller providing KDC services) javax.security.auth.login.LoginException: Clock skew too great (37)

Note: The realm=<Domain> and kdc=<Domain Controller providing KDC services> values will be unique to each environment.

Resolution

Ensure that there is not a clock skew of greater than 5 minutes between the server that hosts the BAS-AS and BAS-NCC and the Domain Controller providing authentication services (KDC). This can be accomplished by making that particular Domain Controller the time source for the server hosting BAS-AS and BAS-NCC or having them synchronize their clocks/time from a common time source.

This can also be resolved by manually eliminating the Clock Skew (changing the time) between the 2 servers so that there is not a Time Skew in excess of 5 minutes.

Note: This issue is not inherent in the BlackBerry Administration Service but it is a result of the time skew in the environment between a Windows Server® and a Domain Controller.
Reply With Quote
Reply

Bookmarks

Tags
administration , bas , blackberry , service

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Service failed to start, generating error 5305 BESadmin Microsoft Exchange 0 18-02-2009 11:11 PM
Duplicate email problems TommyBFZ BlackBerry 8800 Smartphone Discussion 2 09-01-2008 04:03 PM
Redirector transaction failure or Transaction error failure at service BESadmin BIS BlackBerry Desktop Manager 0 28-04-2007 11:15 PM
Transaction error - failure at service is displayed BESadmin General BES Discussion 0 22-04-2007 02:52 PM
Identifying and troubleshooting enterprise activation issues BESadmin General BES Discussion 2 15-03-2007 11:57 PM


All times are GMT +11. The time now is 10:04 AM.

Copyright ©2006 - 2010 BLACKBERRYFORUMS - This website and its members are not affiliated with Research in Motion (RIM). RIM and BlackBerry are Registered Trademarks of Research In Motion

Contact Us - The Unofficial BlackBerry Support Forum - Asia Pacific - Archive - Top

Search Engine Friendly URLs by vBSEO 3.5.1 PL1