Author Topic: Problems accessing a repository via WAN for ADS Users (Read 5450 times)

PeterHeintz · « **on:** May 09, 2016, 08:14:26 pm »

We have a MSSQL repository based in Germany and some users in India. For that model is security enabled and the users are imported from our ADS.
Currently users in India have problems to login. They are often (not always) asked to insert there passwords but even inserted correct they do not get access to the repository.
I assume this is some kind of network/timeout problem.

I have already contacted Sparx support but maybe somebody in the forum has an idea on how to isolate the problem.

Geert Bellekens · « **Reply #1 on:** May 09, 2016, 08:44:19 pm »

In general, if there is network issue and you can't reach the database you get a generic password popup dialog i.s.o. actually telling you there is a problem with the connectivity.

Entering a password of course doesn't resolve the connectivity issue.

Geert

PeterHeintz · « **Reply #2 on:** May 09, 2016, 10:59:41 pm »

Yes, but I am looking for something what enables me to activate my local or indian IT.
Some kind of log that in best case indicated who is not responding.
Far too often I got feedback that all works find for each party but it does not work as a whole.

Glassboy · « **Reply #3 on:** May 10, 2016, 07:45:38 am »

Quote from: PeterHeintz on May 09, 2016, 10:59:41 pm

Yes, but I am looking for something what enables me to activate my local or indian IT.
Some kind of log that in best case indicated who is not responding.
Far too often I got feedback that all works find for each party but it does not work as a whole.

What you describe is a Kerberos authentication failure between the client PC and the MSSQL database. The why depends on what your underlying network and AD topology is. The people having the failure should be logging a call with their local support, as root cause analysis has to start from their end and work back to the SQL server.

PeterHeintz · « **Reply #4 on:** May 10, 2016, 05:31:59 pm »

I am quite sure that SQL server is not involved in that.
It is only somehow a problem with ADS and the internal EA security, using the windows authentication.
The thing is, that the users are logged in there machine with their account. So local IT may argue “login works” and therefore it is an EA problem.
This is why I am looking for something that might show that a request involved in the authentication needs e.g. too long.

Glassboy · « **Reply #5 on:** May 11, 2016, 08:13:05 am »

Quote from: PeterHeintz on May 10, 2016, 05:31:59 pm

I am quite sure that SQL server is not involved in that.
It is only somehow a problem with ADS and the internal EA security, using the windows authentication.
The thing is, that the users are logged in there machine with their account. So local IT may argue “login works” and therefore it is an EA problem.
This is why I am looking for something that might show that a request involved in the authentication needs e.g. too long.

Which is why you have to test from the client that's failing. There's all sorts of things that it could be, from the client's DNS having a partial SRV record to token bloat to a routing problem.

Sparx Systems Forum

News: