cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Help us improve the PTC Community by taking this short Community Survey! X

Connection issue (works with client, not through Eclipse)

isodius
12-Amethyst

Connection issue (works with client, not through Eclipse)

Hi,

When I installed Integrity Server, I followed the instructions to connect the Integrity security layer to our Active Directory. And it works great. If a user wants to use Integrity, it just enters his usual Windows login and password and it works.

But, if the same user tries to connect the same Integrity Server through the Eclipse module, it fails.

The users faces the following error message:

com.mks.api.response.APIConnectionException: Failed to establish a session: Session not authenticated/authorized

And the Integrity Server log contains the following trace:

ERROR [mksis.IntegrityServer] * * * * ERROR * * * * (0): ICAllowSpecificConnectionPolicy failed the connection. Connection: <IP @>: is not on the list of acceptable machines.

I tried to add the following line to the security properties file:

mks.security.policy.scheme.<IP subnet>=windows_clear

But this doesn't fix the issue. Any advice would be greatly appreciated. Thanks.

romuald

ACCEPTED SOLUTION

Accepted Solutions
awalsh
17-Peridot
(To:isodius)

This sounds like a problem with the API connecting to the Integrity Server. Check the settings in the <server install dir>/config/client/IntegrityClientSite.rc file. The default setting allows only a specific set of IP addresses to connect, so you need to either change the policy to allow all connections, or add in the user's IP address. You can find more information on configuring the API connections here.

Regards,

Ann

View solution in original post

4 REPLIES 4
awalsh
17-Peridot
(To:isodius)

This sounds like a problem with the API connecting to the Integrity Server. Check the settings in the <server install dir>/config/client/IntegrityClientSite.rc file. The default setting allows only a specific set of IP addresses to connect, so you need to either change the policy to allow all connections, or add in the user's IP address. You can find more information on configuring the API connections here.

Regards,

Ann

isodius
12-Amethyst
(To:awalsh)

Thanks Ann, we've made some progresses thanks to you. As we are a very small team and our server is not visible outside, I set the "Allow All Connection" policy.

Now, we're facing a new issue. I setup the Integrity Server security model to authenticate users on our Active Directory server. This works well for people connecting the server with the Integrity client.

But in the IntegrityClientSite.rc, I don't see any "daemon.authenticationPolicy" strategy to match our configuration. Or I make a mistake and it doesn't work like this.

Any idea? Thanks.

romuald

awalsh
17-Peridot
(To:isodius)

Unless you set the authenticationURL, the api connection will use the authentication settings for the Integrity Server as set in the security.properties file. Is the user seeing a new error?

isodius
12-Amethyst
(To:awalsh)

Yes, "connection refused". But he can connect the Server through the official Client without any issue. So the server security model works, it's just connecting through the API seems to work in a different way. Or I'm missing something...

That's probably the way we use the Eclipse module to connect Integrity Server.

Don't hesitate to reply, but I won't be able to answer until the next monday. And thanks for the help.

romuald

Update: we've just seen this concerns a specific user, so we have to investigate on our side. I'll put this thread answered. Thanks Ann.

Announcements


Top Tags