/*+---------------------------------------------------------------------------
* Support Script: BASAuthentication.sql
* Created: 07/09/2009
* Tracked via :
* Description: The script performs a stored procedure to create or edit
* the BAS administrator user account. (admin)
*
* Instructions for running script:
* 1. Backup database
* 2. Edit items under the editing section. (By default none required)
* 3. Run the script on the BES configuration database
*+--------------------------------------------------------------------------*/
DECLARE
@DisplayName VARCHAR(256),
@Authentication VARCHAR(256),
@AuthenticatorTypeId INT,
@AuthenticatorInstanceId INT,
@ExternalAuthenticatorId VARCHAR(255),
@EncryptedPassword VARCHAR(256)
/************************************************************
Start of editing required section
*************************************************************/
SET @DisplayName = 'System Administrator' -- Display name (Not always used)
SET @Authentication = 'BAS' -- 'BAS' for BAS authentication
SET @EncryptedPassword = '2951a982f568f15567b7c6e0e50990b9' -- Encrypted string of password 'blackberry'
/************************************************************
End of editing required section
*************************************************************/
IF @Authentication LIKE 'BAS'
BEGIN
SET @AuthenticatorTypeId = 0 -- Set to 0 for BAS
SET @AuthenticatorInstanceId = 0 -- Set to 0 for BAS
SET @ExternalAuthenticatorId = NULL
EXEC SetUpBASorADAuthentication @DisplayName, @AuthenticatorTypeId, @AuthenticatorInstanceId, @ExternalAuthenticatorId, @EncryptedPassword
END
GO
Friday, April 23, 2010
Reset BES 5 BAS admin password
Use the following SQL script to add a user called admin to your Blackberry Enterprise Server (works with Express, too) version 5.x. Password is blackberry.
Wednesday, April 14, 2010
Windows Update fails with 8000FFFF
This is reposted from Brad Rutkowski's Blog because it is a very good solution!
Quick Solution: Check the permissions on the root of C: and ensure that BUILTIN\Users have Read access.
Quick Solution: Check the permissions on the root of C: and ensure that BUILTIN\Users have Read access.
Long Story:
8000FFFF == E_UNEXPECTED, not very helpful…
Had a client where windows update was continually failing with the error code 8000FFFF. When looking in the Windows Update log we’d see errors like this:
WARNING: PTError: 0x80248014
Handler FATAL: CBS called Error with 0x8000ffff, <— Checked the CBS.log file but that didn’t give any clues.
Handler FATAL: Error source is 106.
DnldMgr Error 0x8000ffff occurred while downloading update; notifying dependent calls.
AU # WARNING: Download failed, error = 0x8000FFFF
AU # WARNING: Download failed, error = 0x8000FFFF
AU WARNING: BeginInteractiveInstall failed, error = 0x8024000C
CltUI WARNING: AU directive Interactive Progress is exiting due to error 8024000C
And in the event viewer upon each run we’d see these events:
Log Name: Application
Source: ESENT
Date: 7/2/2008 3:05:16 PM
Event ID: 491
Task Category: General
Level: Error
Keywords: Classic
User: N/A
Computer: XXXX
Description:
Catalog Database (1560) Catalog Database: An attempt to determine the minimum I/O block size for the volume "C:\" containing "C:\Windows\system32\CatRoot2\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).
Log Name: Application
Source: Microsoft-Windows-CAPI2
Date: 7/2/2008 3:05:16 PM
Event ID: 257
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: XXXX
Description:
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032.
After seeing this data I did a stare and compare between my root permissions and his and found that he’d modified the c:\ permissions on his system:
His machine:
c:\temp\xcacls c:
C:\ NT AUTHORITY\SYSTEM:(OI)(CI)F
BUILTIN\Administrators:(OI)(CI)F
Mine:
C:\>xcacls c:\
c:\ BUILTIN\Administrators:F
BUILTIN\Administrators:(OI)(CI)(IO)F
NT AUTHORITY\SYSTEM:F
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
BUILTIN\Users:(OI)(CI)R <— This is the key one missing that was causing the headache.
NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)C
NT AUTHORITY\Authenticated Users:(special access:)
FILE_APPEND_DATA
The Cryptographic Services runs under “Network Service” which would require Users to have read access. I added BUILTIN\Users with read access to C and all worked again.
Hopefully this post will guide others with similar issues to the solution quickly.
Subscribe to:
Posts (Atom)