Issue
Windows Authentication must be applied consistently for Security Expert, SOAP, and Data Sync Service to work.
Product Line
Security Expert
Environment
- Security Expert
- Microsoft Windows
Cause
If Windows Authentication is enabled in Security Expert (this is done during installation with a checkbox) then it must also be enabled in SOAP and Data Sync Service.
Resolution
- Windows authentication is NOT enabled by default in Security Expert. This is a tick box on Security Expert installation.
- When you install SOAP you also need to select this (another tick box).
- However, Data Sync Service (DSS) is created with no options during installation. To enable or check the Windows Authentication setting for Data Sync Service, see below.
If installation has already been completed and you need to verify if Windows Authentication is enabled for each component you must follow the steps below.
There are two options for setting Windows Authentication for Security Expert Thick Client/Server.
Option 1. Edit the Security Expert Data Service config file “SecurityExpertSV.exe.config” using a text editor. This file is located in C:\Program Files (x86)\Schneider Electric\Security Expert. Locate this line:
<netTcpBinding>
<binding name="Binding1" openTimeout="00:10:00" receiveTimeout="00:21:00" sendTimeout="00:21:00" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647"><security mode="None"/>
<readerQuotas maxDepth="32" maxStringContentLength="90000000" maxArrayLength="90000000"
maxBytesPerRead="90000000" maxNameTableCharCount="90000000" />
</binding>
</netTcpBinding>
security mode= “None” denotes that Windows Authentication is not enabled. If Windows authentication has been enabled during installation then this entry will be missing.
Option 2. Rerun the installation process and select “Modify” and then set the enabled flag tick-box or make sure the tick-box is not checked, depending on what is required.
There are also two options for setting Windows Authentication in SOAP.
Option 1. Edit the SOAP service “Web.config” file located in C:\inetpub\wwwroot\SecurityExpertSOAPService with a text editor. Locate this line:
<netTcpBinding>
<binding name="Binding1" openTimeout="00:10:00" receiveTimeout="00:21:00" sendTimeout="00:21:00" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647"><security mode="None" />
<readerQuotas maxDepth="2000000" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binding>
</netTcpBinding>
Again, security mode = “None” denotes that Windows Authentication is not enabled. If Windows authentication has been enabled during installation then this entry will be missing.
Option 2. For SOAP you also have the option of uninstalling and reinstalling and selecting the check box (or not) to enable Windows Authentication during the install process. The installer for SOAP currently does not support “modify” or “change” operations.
Edit two config files using a text editor. Both files are located in C:\Program Files (x86)\Schneider Electric\Data Sync Service.
In “DataSyncServiceConfig.exe.config” locate this line:
<netTcpBinding>
<binding name="NetTcpBinding_IService" openTimeout="00:10:00" receiveTimeout="00:21:00" sendTimeout="00:21:00" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2000000" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="None" />
</binding>
</netTcpBinding>
Again, security mode= “None” denotes that Windows Authentication is not enabled. If Windows authentication has been enabled during installation then this entry will be missing.
In order to properly run SOAP and Data Sync Service with a Security Expert system, there are four config files that must be consistent.
- SecurityExpertSV.exe.config
- Web.config
- DataSyncServiceConfig.exe.config
- DataSyncService.exe.config
All four must either contain the text <security mode="None" /> or all four must NOT contain that text.
