Topic
[KB808]PcVue & Active Directory – Account name or password incorrect
| Applies to:
PcVue 11.0 and later. |
||
|
|
||
| Summary:
Unable to login to PcVue using Active Directory credentials when using Windows Server 2008 R2, Windows Server 2012 R2 or running in a Remote Desktop Services environment. |
||
|
|
||
| Details:
The Windows account used to start PcVue must have, as a minimum, browsing rights on the Active Directory domain or PcVue will be not able to check if the user account exists and which groups are linked. If this condition is not met all username & password combinations will produce an error similar to The account name or password is incorrect. To correct this behavior it is necessary to ask the Domain Administrator to grant, as a minimum, read only permissions for the container where the PcVue users are listed. In the following example, PcVue is started from a Remote Desktop Client using Domain User’s credentials, and users are included inside an Organizational Unit called Scada.
Details of user Remoto01: The goal is to grant permission, for Domain Users or at least for users who belongs to the SCADA group, to access the Active Directory in read mode. If you have Administrator credentials you can do it using the Active Directory Users and Computers window. First of all, in the View menu, enable Advanced features.
Then, right click on your domain name (in this example it is testarc.local) and choose Properties. Then select the Security tab and click the Advanced button.
To reduce the complexity of the procedure – in this example we allowed rights to all domains elements. Anyway is not a bad idea to reduce the access only to the necessary sub-groups – for example only for the Organizational Unit called Scada instead of giving it to all directories. To do so, right click on the Organizational Unit instead of doing it for the whole domain. Now, on the first Permission tab, click the Add button at the bottom. A new window will appears, then click Select a principal. Then, in the next tab, you have to choose the username used to launch PcVue or the groups to which all PcVue users belongs. In this example it can be Domain Users or, better, SCADA. Be careful here, because, for security reasons it’s better to reduce as much as possible the exposure of the Active Directory service. In this window, you can use the Advanced button to easily locate the security objects to include. If you’re unsure, click Check Names to see which of them are recognized by Windows and which are not. Click OK to close it. Now in this window select. Type: Allow Then, in Permissions, tick List contents and Read all properties Click OK and close all windows. It’s done. If you still have issues, you can check Effective Permission using the tool located in the previous tab. |
||
|
|
||
|
Created on: 29 Nov 2015 Last update: 13 May 2024