Unauthorized exception when reading/writing dsets on server in spaces (AD auth)

kamkef · September 13, 2019, 2:23pm

Hi,

after the server upgrade and the enabling of Windows auth in our spaces I can no longer access dsets in the space if a process is executed on the server.

Server is running with an AD service user, that is also allowed to access the spaces. Local file access on the server is also working.

I have no problem in the Desktop client when running the same processes (with the same connectors)

dgudkov · September 13, 2019, 5:53pm

Can you please provide more details:

What kind of error message do you see (a screenshot would be very helpful)?
Are you accessing dset files on a shared network folder?
When you’re running the same process in Desktop - are you running it on the same machine as Server and under the same Windows account that is used by the Sever service?

kamkef · September 14, 2019, 7:12am

The error occurs, when using a Export Dataset / Import Dataset actions with a server connector.

When running / scheduling the process in the server. the following messages are in space log file on the server:

09/13/2019 10:48:28 AM 000013 ERROR Action “Export dataset” in table “Create Baseline” in project “xxx.morph”: Unauthorized
09/13/2019 10:48:28 AM 000014 ERROR Action “Import dataset” in table “Previous results to calculate delta” in project “xxx.morph”: Unauthorized

The dataset files are on a local drive on the server
The desktop process runs locally on my machine with a different user, but accesses the dset using the server connector (no files are stored locally on the desktop)
The user, that is used to run the server with, is added to the space security though

ckononenko · September 16, 2019, 10:26am

Hi,
Seems that for some reason, server didn’t send AD credentials for authorization. This may be due to some AD/DNS configuration.
That also could be happen if your server is using an externally bonded public ip address(e.g. like AWS do) but locally runs under another ip address (private).

Could you please try to modify your server data connector (located at server space) and change the host value to “localhost” ? That should fix “Unauthorized” error. (But if you’re using SSL it could raise SSL cert error)

Also, you can try to change server dataconnector host to the computer DNS name, which could be found in Active Directory Users and Computers on your Domain Controller computer.

kamkef · September 17, 2019, 7:00pm

Hi,

yes, using localhost/the host DNS solved the problem.
Thanks.

ckononenko · September 18, 2019, 1:05pm

Hi,

Another possible solutions:
Solution A.
On your Domain DNS server configure an Alias (CNAME) record in Forward lookup zone. Alias “FQDN” should be the same as your desired server host, and “FQDN for target host” should be pointed to the computer with EasyMorph Server in your Active Directory.

On a computer with EasyMorph Server make sure that required dns server is used, flush dns cache (“ipconfig /flushdns”) and restart EasyMorph Server Windows Service.

Solution B.
On a computer that runs your EasyMorph Server open Computer Properties and change Full Computer Name to desired server host. Restart server computer.
Solution B has multiple silde effects: EasyMorh Server license signature will be changed (Sever becomes unlicensed), other services and clients may stop working. .