Authorization Problem for localhost:8989 no working

Dear GPA community,

I have done a fresh install OpenHISTORIAN, OpenXDA and PQDashboard with WindowsServer 2016 and MSSQL2017 in mixed mode and IIS with Windows Authorization. My problem is that: I can connect and log into localhost:8180 (OpenHistorian) which is working fine, but when I try to connect to localhost:8989 (OpenXDA) I get the User/PWD pop-up box. Although I’m entering my current user information, or even my Administrator user I can not log-in.

Can you please help and lead me onto how to resolve the issue.

Many thanks
Bastian

Hello Bastian,

The openXDA uses Windows Authentication to determine you rights within the application. By default, the BUILTIN\Users group has administrator access, so you should be able to log in just fine with any valid Windows user account. If you are using Internet Explorer or Google Chrome, it should be able to log you in automatically using passthrough authentication. It must be asking for your credentials because it wasn’t able to do that. There are a couple things you can do to try to find the reason.

First, the issue could be that there is an error in the application preventing it from properly authenticating your user account or determine your roles within the application. If that is the case, there should be something in the openXDA.ErrorLog.txt file or the Windows Event Log that would give us more information about what that error might be. The openXDA.ErrorLog.txt file is located in the openXDA installation directory. The Windows Event Log can be viewed by launching the Event Viewer and navigating to Windows Logs > Application.

Second, the response from the web server hosted within openXDA could give us more information about what is going on. The way to do this depends on your browser and/or what tools you have available on your system for sniffing HTTP traffic. For most, the easiest thing to do is open the developer tools in your browser and then use the Network tab to view the requests and responses seen by the browser. If certain HTTP headers are present or missing from the HTTP response, it can help to determine which code module is responsible for the authentication failures.

Thanks,
Stephen

Hello Stephen,

thanks a lot for pointing me to the possibilities and your detailed remote diagnostic. From top down:

  1. same login problem regardless of the browser, I tested IE, Edge, Firefox and Chrome. In all cases a login box with user/pwd is displayed - entering Administrator and PWD is not working
  2. openXDA.ErrorLog.txt does not exit in the XDA-Program Directory
  3. Windows Log:
    User “WINSRV2016\Administrator” login attempt failed. User “WINSRV2016\Administrator” has not been assigned any roles and therefore has no rights. Contact your administrator.
  • 1 0 0 0x90000000000000 18208 Application WINSRV2016
  • User "WINSRV2016\Administrator" login attempt failed. User "WINSRV2016\Administrator" has not been assigned any roles and therefore has no rights. Contact your administrator.

As this is a fresh demo box I have only one Administrator User which I’ve used for both databases historian and XDA, of course in mixed mode.

Hope this gives you an indication how to find / fix the authorization problem.

Thanks
Bastian

Assuming the error in the Windows Event Log is relevant, it would be helpful to know what shows up when you query the following tables in the openXDA database:

SELECT * FROM ApplicationRole
SELECT * FROM SecurityGroup
SELECT * FROM ApplicationRoleSecurityGroup

Those tables look good, so the error in the Windows Event Log is probably not relevant. Have you tried running the openXDA Console application? It uses a different authentication mechanism, but the same authorization mechanism.

works OK

2018-01-26_11h44_23

When you log into the openHistorian interface on localhost:8180, do you check the Use Integrated Windows Authentication checkbox? If not, what happens if you do?

  1. CHECKED - Use Integrated Windows Authentication: Successful login

  2. NOT Checked- Use Integrated Windows Authentication:
    User: Administrator and PWD ==> login Failed

  3. NOT Checked- Use Integrated Windows Authentication:
    User: WINSRV2016\Administrator and PWD
    Checked Use NTLM authentication
    ==> login SUCCESS

The login to xda looks quite different,

Hmm, I don’t get it. If openHistorian works with Integrated Windows Authentication, then there aren’t any issues with the authentication mechanism used by openXDA. If you can log in through the openXDA Console, then openXDA is clearly able to authorize your user account. And if the openXDA.ErrorLog.txt file doesn’t exist, then there also shouldn’t be any errors in openXDA that would be preventing it from authenticating or authorizing you through the webpage. My best suggestion at this point would be to restart the service and see if anything changes.

performed a full shutdown and reboot, but unfortunately no change. XDA doesnt connect.Historian and PQView work fine. is the winsrv2016 with mssql2017 possibly different?

Yes, the operating system and SQL Server version are different from my test environment, but there shouldn’t be anything in openXDA that wouldn’t work properly on those versions. I guess since I still can’t determine whether the authentication or authorization is failing, we could try checking the HTTP messages in the network tab of the browser’s developer tools.

  1. Open your browser.
  2. Type Ctrl+Shift+I to open developer tools.
  3. Click the Network tab.
  4. If you see a button with a green triangle, click that button.
  5. Navigate to localhost:8989 and attempt to log in.
  6. After the login attempt fails, you should see at least one request that returned a status code of 401. Click the very last of these entries.
  7. The important pieces of information here are the response headers and the response body. The information contained in those should help to determine whether authentication or authorization is failing.

Thanks,
Stephen