[ddever2]

I have a user that has had their device locked and password reset on 2 different occasions. I am trying to figure out if there is some type of event logged in one of the BES logs when an administrator sends the command to lock the device and reset password. I have poured over the logs but everything is pretty generic and somewhat cryptic. I am unable to determine exactly when this command is being issued. I would appreciate any help on this.

[x14]

If the password is being from BES you would see it in the user detail screen. It would have these status.

Password Sent:
Password Received:

[Mather]

I'm having the same issue with about 5 different users now.

They receive the message "Administrator has reset your password". With me being the only admin and not having sent the command to the device, it has me baffled atm. I have looked through the logs and have found nothing so far.

Any ideas what might be pushing this command out to random devices?

[wistowg]

OTA password resets are recorded in the Policy log and you'll see an entry as below. Note that the user ID is erroneous. It isn't the ID of the user having their p/w reset and it isn't the ID of the Administrator doing the reset. The user ID in the policy log will be different as there is a different User-ID table for the policy service. RIM publish a script you can run against the database that will allegedly return the required information. Search for KB19251.

>>>>example from Policy log

[40000] (03/18 17:12:22.381):{0x25F4} {<emailaddress>, PIN=XXXXXXXX, UserId=973}SCS::ScheduleCommand - Queuing SET_PASSWORD_REQUEST request
[40000] (03/18 17:12:22.381):{0x25C8} {<emailaddress>, PIN=XXXXXXXX, UserId=973}RequestHandler::DoWork - Processing SET_PASSWORD_REQUEST request
[30000] (03/18 17:12:22.396):{0x25C8} {<emailaddress>, PIN=XXXXXXXX, UserId=973}RequestHandler::FormatGMETransactionFor Device - Sending SET_PASSWORD_REQUEST request to device, contentType=ITADMIN, size=52, RefId=0, TransactionId=-9223372035585907877, SRPID=XXXXXXXX, Tag=36558
[40000] (03/18 17:12:22.396):{0x25C8} {<emailaddress>, PIN=XXXXXXXX, UserId=973}RequestHandler::SendData - Submit ToRelaySendQ, PIN=XXXXXXXX, Tag=36558
[40000] (03/18 17:12:22.396):{0x25C0} [BIPP] Send data, Tag=36558
[40000] (03/18 17:12:22.396):{0x25C8} {<emailaddress>, PIN=XXXXXXXX, UserId=973}RequestHandler::DoWork - Completed SET_PASSWORD_REQUEST request

[Mather]

I found the log entries no problem. But, what I'm trying to figure out is what is causing the command to be sent in the first place since I'm not sending the password reset command out to the device.

[jimbob_]

FWIW, I've seen this, and don't think the command is actually being sent from the BES. Mostly older Curve devices. Seems to happen to many of them right after we apply the IT policy that forces a password in the first place.

[Mather]

I'm running only 9630's and 9000's on BES, but that seems to be the case looking at the last applied times for the IT policy and Password status.

[knottyrope]

Had a user claimed his device wiped today on a 8520