version: WinCC OA 3.18 p10
Hello All,
Active directory login (OS Auth) works quite well when we first set our project (clean db and registration). After a while it stops working and working back again.
We are encountering error regarding to Active directory when we use active directory login, and use wincc oa default login.pnl, WinCC OA able to verify user exists, password and username combination is correct but it is still give us Authentication Error after around 10 second. When I check permissions panel, even though I am member of many groups, WinCC OA showing that I am member of no group.
But when I check with powershell it shows that I am a member of many groups. All firewall settings are off. I don't know what to check more.
I check groups and we can get AD groups OK. I use function verifyOSUser() and my user password combination returns true. The problem is WinCC OA cannot retrieve groups belongs to my username. And as I told the behaviour is not deterministic, sometimes it works, sometimes it does not work.
I want to report this issue.
Thanks
Additional Finding: getOSUserGroups(sUserName) also returns my AD groups and the mapping is correct. So WinCCOA confirm my user and password combination is correct, I belong to many group. But default login.pnl with Active Directory usage returns authentication error??!
Active Directory (OS Auth) Authentication Error with Default Login Panel
- shokkul
- Posts:37
- Joined: Mon Feb 25, 2019 8:50 am
Active Directory (OS Auth) Authentication Error with Default Login Panel
- kilianvp
- Posts:443
- Joined: Fri Jan 16, 2015 10:29 am
Re: Active Directory (OS Auth) Authentication Error with Default Login Panel
How do you start your project? Under which user is "WCCILpmon" running? If you run it as a windows service you have to use an account. Otherwise WinCC OA can not query the AD.
- shokkul
- Posts:37
- Joined: Mon Feb 25, 2019 8:50 am
Re: Active Directory (OS Auth) Authentication Error with Default Login Panel
We are running pmon under functional account. The thing is it works sometimes and sometimes it does not work. And log viewer is not giving any error when login.pnl is giving us Authentication Error.
- dbindernagel
- Posts:161
- Joined: Mon Feb 23, 2015 1:34 pm
Re: Active Directory (OS Auth) Authentication Error with Default Login Panel
Patch 011 has a fix for the function verifyOSUser.
If you cannot, then I would still check if the AD-Server is not reachable sometimes (or takes too long to answer).
It would explain why it is sometimes working and sometimes not.
Can you try installing the latest patch (or at least P011) and see if this helps?The function verifyOSUser() does not return an error when the AD-server can not be reached.
If you cannot, then I would still check if the AD-Server is not reachable sometimes (or takes too long to answer).
It would explain why it is sometimes working and sometimes not.