42270members
186184posts

Verifying if Windows Authentication is Enabled

Verifying if Windows Authentication is Enabled

Issue

Windows Authentication must be applied consistently for Security Expert, SOAP and Data Sync Service to work.

Product Line

Security Expert

Environment

  • Security Expert
  • Microsoft Windows

Cause

If Windows Authentication is enabled in Security Expert (this is done during installation with a checkbox) then it must also be enabled in SOAP and Data Sync Service.

Resolution

  • Windows authentication is NOT enabled by default in Security Expert. This is a tick box on Security Expert installation.
  • When you install SOAP you also need to select this (another tick box).
  • However, Data Sync Service (DSS) is created with no options during installation. To enable or check the Windows Authentication setting for Data Sync Service see below.

If installation has already been completed and you need to verify if Windows Authentication is enabled for each component you must follow the steps below.

1. Security Expert Thick Client/Server

There are two options for setting Windows Authentication for Security Expert Thick Client/Server.

Option 1. Edit the Security Expert Data Service config file “SecurityExpertSV.exe.config” using a text editor. This file is located in C:\Program Files (x86)\Schneider Electric\Security Expert. Locate this line:

<netTcpBinding>

<binding name="Binding1" openTimeout="00:10:00" receiveTimeout="00:21:00" sendTimeout="00:21:00" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647"><security mode="None"/>

<readerQuotas maxDepth="32" maxStringContentLength="90000000" maxArrayLength="90000000"
maxBytesPerRead="90000000" maxNameTableCharCount="90000000" />
</binding>
</netTcpBinding>

security mode= “None” denotes that Windows Authentication is not enabled. If Windows authentication has been enabled during installation then this entry will be missing.

Option 2. Rerun the installation process and select “Modify” and then set the enabled flag tick-box or make sure the tick-box is not checked, depending on what is required.

2. Security Expert SOAP

There are also two options for setting Windows Authentication in SOAP.

Option 1. Edit the SOAP service Web.config” file located in C:\inetpub\wwwroot\SecurityExpertSOAPService with a text editor. Locate this line:

<netTcpBinding>
<binding name="Binding1" openTimeout="00:10:00" receiveTimeout="00:21:00" sendTimeout="00:21:00" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647"><security mode="None" />
<readerQuotas maxDepth="2000000" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binding>
</netTcpBinding>

Again, security mode = “None” denotes that Windows Authentication is not enabled. If Windows authentication has been enabled during installation then this entry will be missing.

Option 2. For SOAP you also have the option of uninstalling and reinstalling and selecting the check box (or not) to enable Windows Authentication during the install process. The installer for SOAP currently does not support “modify” or “change” operations.

3. Data Sync Service

Edit two config files using a text editor. Both files are located in C:\Program Files (x86)\Schneider Electric\Data Sync Service.

In “DataSyncServiceConfig.exe.config” locate this line:

<netTcpBinding>

<binding name="NetTcpBinding_IService" openTimeout="00:10:00" receiveTimeout="00:21:00" sendTimeout="00:21:00" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2000000" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="None" />
</binding>
</netTcpBinding>

Again, security mode= “None” denotes that Windows Authentication is not enabled. If Windows authentication has been enabled during installation then this entry will be missing.

In “DataSyncService.exe.config” locate this line:

<netTcpBinding>
<binding name="NetTcpBinding_IService" openTimeout="00:10:00" receiveTimeout="00:21:00" sendTimeout="00:21:00" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2000000" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="None" />
</binding>

Again, security mode= “None” denotes that Windows Authentication is not enabled. If Windows authentication has been enabled during installation then this entry will be missing.

4. Summary

In order to properly run SOAP and Data Sync Service with a Security Expert system there are four config files that must be consistent.

  • SecurityExpertSV.exe.config
  • Web.config
  • DataSyncServiceConfig.exe.config
  • DataSyncService.exe.config

All four must either contain the text <security mode="None" /> or all four must NOT contain that text.

Labels (1)
100% helpful (1/1)