Thanks Pete, It turned out to be a duplicate SPN on another account. So once I removed the duplicate SPN it worked just fine.
I had to use RegEdit to increase logging: HKEY_LOCAL_MACHINE\SOFTWARE\Research In Motion\BlackBerry Enterprise Server\Logging Info\Administration Service - Application Server\DebugLogLevel = 6 HKEY_LOCAL_MACHINE\SOFTWARE\Research In Motion\BlackBerry Enterprise Server\Logging Info\Administration Service - Native Code Container\DebugLogLevel = 6 Then I combed through the BBAS-AS log file and found the following error: *** Start of original stack trace *** com.rim.bes.bas.command.CommandException: CommandException APPLICATION: com.rim.bes.basplugin.activedirectory.InvalidSPNException: _checkAccountForSPN The servicePrincipalName BASPLUGIN111/BESTEST03 is set on more than one account: com.rim.bes.basplugin.activedirectory.InvalidSPNException: _checkAccountForSPN The servicePrincipalName BASPLUGIN111/BESTEST03 is set on more than one account Rene Martinez IT Technical Support Analyst Platform Technologies IT Solutions City of Fort Worth, Texas 817.392.2386 [email protected]<mailto:[email protected]> [cid:[email protected]] This email and responses may be subject to Texas Open Records Laws. Please respond accordingly. From: [email protected] [mailto:[email protected]] On Behalf Of PIERRE (PETE) FAUCHER Sent: Tuesday, July 27, 2010 9:54 AM To: 'A list for BES Admin's to discuss issues, etc.' Subject: Re: [Bes-admins] Configure BES 5.0.2 Single Sign-On Authentication Rene, Coming from Seguin, I thought I'd help a fellow Texan out. Read the entire article to resolve your issue. http://technet.microsoft.com/en-us/library/aa996905(EXCHG.80).aspx -- Sincerely, Pete Faucher Sr. Systems Engineer (H) 610.738.6975 (C) 610.883.6659 [email protected] "I started out with nothing..., ...and I still have most of that left" From: [email protected] [mailto:[email protected]] On Behalf Of Martinez, Rene Sent: Tuesday, July 27, 2010 9:57 AM To: '[email protected]' Subject: [Bes-admins] Configure BES 5.0.2 Single Sign-On Authentication I keep receiving the following error message when I try to configure SSO: "The Microsoft(r) Active Directory(r) account that you specified is not configured to support single sign-on authentication. You must associate a service principal name to the Microsoft Active Directory account before you can add the account to the BlackBerry(r) Administration Service. " I have followed the instruction in the Installation and Configuration Guide and also KB 22717. http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB22717 Has anyone had this problem and successfully gotten past it? Rene Martinez IT Technical Support Analyst Platform Technologies IT Solutions City of Fort Worth, Texas 817.392.2386 [email protected]<mailto:[email protected]> [cid:[email protected]] This email and responses may be subject to Texas Open Records Laws. Please respond accordingly.
<<inline: image001.jpg>>
_______________________________________________ Bes-Admins mailing list [email protected] http://www.dataoutages.com/mailman/listinfo/bes-admins http://www.dataoutages.com http://www.dataoutagenews.com RSS Feed: http://feeds.feedburner.com/Bes-admins --------------------------------- Bes-Admins mailing list is sponsored by Dataoutagenews.com. http://www.dataoutagenews.com
