Support Centre

Find articles, help and advice.

Welcome, Guest Login

Support Center

BES - LDAP authentication failing on BES 3.6 with Windows Server 2012

Last Updated: Jun 01, 2018 10:23AM UTC
BES is unable to authenticate users via LDAP when connection to Windows Server 2012. When BES is communicating with active directory to authenticate a user, a handshake is made between the BES server and Active Directory server. The following error would be caused by a unsupported cipher.


A problem has been indentified with LDAP authentication on BES 3.6 and below where the Java version is less than 1.7.0_131. You will see the following error in the $PPLOG/Catalina_Log:

Error:   Bind not created: The following error occured : 
           javax.naming.CommunicationException: simple bind failed: <FQDNofActiveDirectory>:636                        [Root exception is Connection reset]
          KeyUsage does not allow digital signatures


The solution in this case would be to upgrade Java to a later version that supports the ciphers in use within Active Directory on windows server 2012. Versions of Java at 1.7.0_131 or above will be OK.

Please see below instructions for upgrading Java on Solaris

1. Source JAVA JDK 1.7.0_131 or above for SPARC Solaris and unpack the archive in /opt/java

2. Edit the following file /home/ppadmin/.cshrc. 
Locate the following line:

setenv JAVA_HOME /opt/java/<current java version>

and change to:

setenv JAVA_HOME /opt/java/<new java version>

In the same file, locate the following line:

set path = ( /opt/java/<old java version>/bin $ISSHOME/bin $PPHOME/bin $DEVOPS/bin $PPHOME/Integrations/bin $dbbin /usr/bin /usr/ucb /etc /usr/etc /opt/OV/bin )

and change to:

set path = ( /opt/java/<new java version>/bin $ISSHOME/bin $PPHOME/bin $DEVOPS/bin $PPHOME/Integrations/bin $dbbin /usr/bin /usr/ucb /etc /usr/etc /opt/OV/bin )

3. Edit the following file: $PPHOME/cfg/variables.cfg
Locate the following lines:

setenv JAVA_HOME /opt/java/<old java version>
setenv JAVACMD /opt/java/<old java version>/bin/java

And change to:

setenv JAVA_HOME /opt/java/<new java version>
setenv JAVACMD /opt/java/<new java version>/bin/java

4. Recycle BES. 
Note: This command requires root/sudo privilege.

Stop BES

sudo /opt/ISS/POWERpack/bin/ppServer stop

Start BES
sudo /opt/ISS/POWERpack/bin/ppServer start

5. Once BES has been restarted, test logging into BES using LDAP

6. Check for any integrations using the old version of java and update the JAVA_HOME variable for each.

ps -ef | grep <old java version>

Note: The integration scripts in $PPHOME/Integrations/IntegrationName/bin is copied to the $PPHOME/Integrations/bin when you run the install script for the integration; so any changes made to the running script in $PPHOME/Integrations/bin would be over written.

Contact Us
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found