Issue
Using active directory with Change Control feature does not authenticate when signing
Product Line
EcoStruxure Building Operation
Environment
- Building Operation release 3.1 and above
- Building Operation Enterprise Central
- Building Operation Enterprise Server
- Building Operation SmartX Controllers
Cause
The interaction of Active Directory and Change Control is not clearly defined in the documentation when both are in use. Although Active Directory within Building Operation Domains can use both the Fully Qualified Domain Name (FQDN) and Netbios Windows Domain names it is recommended that only the Netbios Domain name be used if Change Control is implemented.
Refer to EBO Known Issues & Solution topic Change Control and Windows Active Directory not authenticating - Communities (se.com) for updates.
Resolution
When using Active Directory with Change Control only add the Windows Netbios name to the Building Operation Windows domain name entry:
Using the Full DNS Domain Name (examples include - apa.gad.schneider-electric.com ; pss.apa.local etc.) although these will allow user accounts to log on to servers it currently does not work when used to authenticate change control.
The easiest way to identify which domain name to use is to open WorkStation and refer to the name shown next to: Log on as:
Secondly when authenticating change control actions with active directory user accounts, irrespective of the Default Building Operation Domain selected, the user account name must be prefixed with the Windows Domain Name
