• Article for your preferred language does not exist. Below is international version of the article.

Article ID: 115551, created on Feb 15, 2013, last review on Feb 9, 2015

  • Applies to:
  • Operations Automation 5.4

Symptoms

Various BlackBerry provisioning tasks fail in Parallels Operation Automation (POA) with the error message BESUserAdmin Error. User not authorized to perform the operation, as in the following example:

Task name    Update statuses of BlackBerry accounts for service #101
Output    Provisioning request failed. Unknown error 0x80131500 [<response><errorContext description="BESUserAdmin Error. User not authorized to perform the operation. Error code: -1." code="0x80131500" executeSeqNo="1"><errorSource namespace="BESProvider" procedure="getUser"/></errorContext></response>]

Cause

In most cases, the pem_admin account is misconfigured on the BES servers.

Resolution

To resolve the issue:

  1. Make sure that the password of the pem_admin AD domain user has not expired.

  2. Make sure that you can log into the BlackBerry Enterprise Server (BES) as the pem_admin AD domain user.

  3. Make sure that you can run the BlackBerry Administration Service (BAS) while logged into the server as the pem_admin domain user.

  4. Make sure that you can log into the BAS as pem_admin using the password of the pem_admin AD domain user.

  5. If BAS requires you to change the password of the pem_admin user, change it to the password of the pem_admin AD domain user.

  6. Make sure that the password expiration period of the pem_admin user in the BAS is set to a large value, not to the default 365 days:

    • In the BAS, on the Servers and components menu, click BlackBerry Solution topology > BlackBerry Domain > Component view.
    • Click BlackBerry Administration Service.
    • Click the Edit component.
    • In the Security settings section, set the password age of the pem_admin user in BAS to 100 years.
    • Click Save all.
  7. Check if the pem_admin user in the BAS is included in the Administrators group and include the user in the group if necessary:

    • Log in to the BAS as pem_admin.
    • Go to Group > Manage groups > View group (Administrators).
    • Add the pem_admin to the Administrators group (if the user is absent from the group).

    Example: pic

  8. check the log C:\Program Files\Research In Motion\BlackBerry Enterprise Server\yyyy-mm-dd\hostname_BBAS, it could contain the following error:

    com.rim.bes.bas.usermanager.CouldNotFindExternalAuthenticatorIdException: Message: 'LOGIN ERROR:  findExternalAuthenticatorIdLocal failed to login as LDAP user com.rim.bes.bas.pluginmanager.InvalidAuthenticationException: Message: 'LOGIN ERROR:  loginAsLdapUser exception during authentication com.rim.bes.bas.util.BASCouldNotCompleteRequestRollbackException: getAuthenticationCredentialsLocal stored password could not be decrypted', nested exception: 'getAuthenticationCredentialsLocal stored password could not be decrypted'', nested exception: 'Message: 'LOGIN ERROR:  loginAsLdapUser exception during authentication com.rim.bes.bas.util.BASCouldNotCompleteRequestRollbackException: getAuthenticationCredentialsLocal stored password could not be decrypted', nested exception: 'getAuthenticationCredentialsLocal stored password could not be decrypted''
    at com.rim.bes.basplugin.activedirectory.ActiveDirectoryManagerBean.findExternalAuthenticatorIdLocal(ActiveDirectoryManagerBean.java:601)
    

    This situation may occur if the credentials for the LDAP access account set in your Blackberry configuration are incorrect, or if the password contains a special symbol. Please review the following article to fix the issue: http://btsc.webapps.blackberry.com/btsc/viewdocument.do?externalId=KB18161&sliceId=2&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl

Search Words

BlackBerry User Administration Client Version 4.1.2.8

createBesAccountHandler on OBJREF:Exchange:0:getBESServiceProviderDummy

Update statuses of BlackBerry accounts for service

0x80131500

failed

Credentials have not previously been set using the -set_client_auth

Update statuses of BlackBerry accounts for service #100

caea8340e2d186a540518d08602aa065 5356b422f65bdad1c3e9edca5d74a1ae ac82ce33439a9c1feec4ff4f2f638899 2554725ed606193dd9bbce21365bed4e e12cea1d47a3125d335d68e6d4e15e07

Email subscription for changes to this article
Save as PDF