Community
Vault Forum
Welcome to Autodesk’s Vault Forums. Share your knowledge, ask questions, and explore popular Vault topics.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Vault Pro 2011 Windows Authentication Problem

13 REPLIES 13
Back to Vault Category
Back to Topic Listing
Reply
Message 1 of 14
kefr
Enthusiast
2175 Views, 13 Replies
‎04-26-2011 01:11 AM
‎04-26-2011 01:11 AM

Vault Pro 2011 Windows Authentication Problem

Hello. I've just installed a Vault Pro server on top of a windows 2008 R2 in our production domain.

I cannot get the windows authentication to work.

 

My understanding is, that if a user that doesn't exist attempts to login, the server's supposed to add the user dynamically. This doesn't happen. 

 

Also I tried to manually import my own user, and I still get told that the windows authentication fails. If I however demote my user I can log in. When doing so I noticed that I didn't by default have access to Vault. I added that manually, and could log in.

I can also log in as a read only user and find and use features. In short, the server works, but Domain users don't.

 

I can't find much easy to understand documentation on the dvd or the internet, so I'm asking here.

 

The server's member of the same domain as my client compuer and user, and there's plenty of connectivity. When logging in I get the following error: 

Windows Authenticationfailed with the data management server. Please make sure you are in the same domain as the management server.

 

Spec stuff:

Fully patched Windows 2008 R2 Standard Server running in ESX on some Proliant DL380 G6 servers. The mashine's been assigned 2 processors and 6GB of memory. The system drive hosts all the adms software and iis. Another drive hosts only the sql database with vault in it. The only other software present on the server is an Fsecure 9 installation (antivirus) and vmware tools. 

The Vault Pro licenses are installed on a seperate server (125 users)

 

I'll attach the server log - where you can see a couple of the login attempts and some exception stuff that I don't truely understand any of.  

 

 

 

Regards,

Kenneth Fritz

ITC Syd

Preview file
13 KB
Report
0 Likes
Reply
13 REPLIES 13
Message 2 of 14
kefr
Enthusiast
in reply to: kefr
‎04-26-2011 05:05 AM
‎04-26-2011 05:05 AM

Update:

The internet revealed this post http://crackingthevault.typepad.com/crackingthevault/2009/12/windows-authentication-not-working.html stating that windows authentication role service must be installed in iis prior to installing vault. The vault server curiously didn't mention this. Anyway. Uninstalled and reinstalled Vault and now I've gotten one step futher.

 

My manually added domain user now works. However other users get the following error when attempting to log in:

 

The username and/or password appears to be invalid. Please try again.

 

We've tried a couple different users all with the same result. One of them was domain admin, so it's not a domain rights issue. 

 

Any help available? 

Report
0 Likes
Reply
Message 3 of 14
ihayesjr
Community Manager
in reply to: kefr
‎04-26-2011 06:37 AM
‎04-26-2011 06:37 AM

See if the attached helps in any way.



Irvin Hayes Jr
Sr. Product Manager
Autodesk, Inc.
Vault - Under the Hood Blog
Preview file
439 KB
Report
0 Likes
Reply
Message 4 of 14
kefr
Enthusiast
in reply to: ihayesjr
‎04-26-2011 07:21 AM
‎04-26-2011 07:21 AM

Had a long look at your guide there. Basicly it does the same stuff I've already done - except in the modern iis you don't need command line tools to assign providers. 

 

Anyway. When I turn on anonymous in the AutodeskDM/Services/WinAuth it'll bitch about that. When I turn off asp.net nothing seems to change. But when I turn off windowns authentication it'll change from complaining about the username to complaining about the windows authentication not working (the first error message here). 

 

In short - your guide details the things I've already done, and it doesn't make a difference. Been playing around so much with the authentication settings now though, that I'm not sure how safe the site is anymore. 

Report
0 Likes
Reply
Message 5 of 14
kefr
Enthusiast
in reply to: kefr
‎04-27-2011 06:32 AM
‎04-27-2011 06:32 AM

Still haven't found any solution. If none of you smart people find one, I'll try to start from scratch and install windows and everything else again - and skip antivirus and windows updates until I've confirmed that the basic vault system works. 

 

ps. here's what the system log looks like when I attempt to log in with a domain user. On the client side it sais the username or password is incorrect.

 

 

Error: Soap Exception ( mesg-id = 634395047925609484 )
Exception: WinAuthUserNotFound [312] 
Stacktrace: 
Server stack trace: 
   at Connectivity.Core.Services.SecurityService.a(IIdentity A_0)
   at Connectivity.Core.Services.SecurityService.WinAuthSignIn(IIdentity identity, String knowledgeVaultName, Boolean readOnly)
   at System.Runtime.Remoting.Messaging.Message.Dispatch(Object target, Boolean fExecuteInContext)
   at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)
Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Connectivity.Core.Services.SecurityService.WinAuthSignIn(IIdentity identity, String knowledgeVaultName, Boolean readOnly)
   at Connectivity.Web.Services.WinAuthService.SignIn(String knowledgeVault)

Error: Soap Exception ( mesg-id = 634395047925609484 )Exception: WinAuthUserNotFound [312] Stacktrace: Server stack trace:    at Connectivity.Core.Services.SecurityService.a(IIdentity A_0)   at Connectivity.Core.Services.SecurityService.WinAuthSignIn(IIdentity identity, String knowledgeVaultName, Boolean readOnly)   at System.Runtime.Remoting.Messaging.Message.Dispatch(Object target, Boolean fExecuteInContext)   at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)
Exception rethrown at [0]:    at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)   at Connectivity.Core.Services.SecurityService.WinAuthSignIn(IIdentity identity, String knowledgeVaultName, Boolean readOnly)   at Connectivity.Web.Services.WinAuthService.SignIn(String knowledgeVault)

 

Report
0 Likes
Reply
Message 6 of 14
ihayesjr
Community Manager
in reply to: kefr
‎04-27-2011 08:09 AM
‎04-27-2011 08:09 AM

Can you log a support request with Autodesk to see if they can support you quicker?




Irvin Hayes Jr
Sr. Product Manager
Autodesk, Inc.
Vault - Under the Hood Blog
Report
0 Likes
Reply
Message 7 of 14
kefr
Enthusiast
in reply to: kefr
‎04-27-2011 08:49 AM
‎04-27-2011 08:49 AM

Our contract only covers "simple" support regarding the use of autodesk software, not the technical stuff. Besides, last time I spoke to autodesk support directly, nobody knew anything about what they were working with. That's one of the reasons we're not paying that technical support anymore - what's the point when the support personel are less knowledgeable than the user asking. 

 

Anyway, if it doesn't work after a reinstall I suppose I'll just pay some consultant from our distributor to do it for us. 

Report
0 Likes
Reply
Message 8 of 14
kefr
Enthusiast
in reply to: kefr
‎04-29-2011 12:47 AM
‎04-29-2011 12:47 AM

Started from scratch on a new virtual mashine.

This time with 12GB memory, 4 cpu cores and 40GB system along with 100GB database storage

 

Have installed a bare windows server, installed iis with all the required roles and vault pro. And it still doesn't work!!!

 

Haven't even installed vmware tools yet

Report
0 Likes
Reply
Message 9 of 14
paul.gunn
Alumni
in reply to: kefr
‎05-02-2011 07:23 AM
‎05-02-2011 07:23 AM

Hi,

 

The winauth user will only be automatically created if its winauth group has been imported into adms and given access to the vault. Otherwise [since vault doesn't know about the user or any of its groups] you would see the error you are posting [WinAuthUserNotFound].

 

Paul

Report
0 Likes
Reply
Message 10 of 14
kefr
Enthusiast
in reply to: kefr
‎05-02-2011 07:45 AM
‎05-02-2011 07:45 AM

We could only select users when importing. I did consider the group thing when I had a CDlight (our distributor) on the systemvia teamviewer. So can you tell me how to import a group at all? 

 

 

Report
0 Likes
Reply
Message 11 of 14
paul.gunn
Alumni
in reply to: kefr
‎05-02-2011 09:11 AM
‎05-02-2011 09:11 AM

Sure -

 

In adms console, if you run tools -> admin, you will see the 'security' tab. On it is both a 'users' and 'groups' button. Click on the 'groups' button and you will see a groups dialog. In the menu there, you can select actions -> import domain group - which will bring up the standard windows dialog to find / select a group. After you select a group and hit OK, it will bring the group into adms and return you to the groups dialog. At that point, you will want to edit the group to assign it the appropriate adms roles and give access to vaults.

 

Hope that makes sense - if you have any questions, let me know.

 

Paul

Report
0 Likes
Reply
Message 12 of 14
kefr
Enthusiast
in reply to: paul.gunn
‎05-03-2011 05:03 AM
‎05-03-2011 05:03 AM

it works! who could've known that the import domain group is only possble once you add a local group and rightclick that one.

 

Now I've still got to find out if it dynamically adds domain users when they become part of one of the groups in question. If that works, the job's done.

 

Thanks for the help.

 

ps. someone @ autodesk might want to create a guide for this at some point. 

Report
0 Likes
Reply
Message 13 of 14
Anonymous
in reply to: paul.gunn
‎06-21-2012 08:40 AM
‎06-21-2012 08:40 AM

Sorry for reviving a dead post. But do I have to do this if I maunally import each user? Also, does it matter if they are in a seperate domain with full trust.

Report
0 Likes
Reply
Message 14 of 14
paul.gunn
Alumni
in reply to: Anonymous
‎06-21-2012 09:13 AM
‎06-21-2012 09:13 AM

Hi,

 

If you import the domain group, all the users will be automatically imported - so you should not need to do this manually. Separate domain should be fine as long as there is a trust relationship.

 

Paul

Report
0 Likes
Reply
Reply

Can't find what you're looking for? Ask the community or share your knowledge.

Post to forums  

Autodesk Design & Make Report

Report a website issue