The HTTP request is unauthorized with client authentication scheme 'Digest'.

sesa145614_brid · ‎2021-08-25

Hi,

I have a SmartConnector extension Update Processor which worked fine before and suddently I got the following error. I did not change anything, the password remains the same. Do you have any idea what could cause this error.

2021-08-25 17:05:26.6992,Error,Processor,<no principal>,The HTTP request is unauthorized with client authentication scheme 'Digest'. The authentication header received from the server was 'Digest realm="ews@SxWBM",qop="auth",algorithm="SHA-256",nonce="693B5DE4F03FED82FA077138C273380801990ED2701C462DB7E01B2CE575828F1FA7B94F68B320B638B51A4F",opaque="1855AA"'.
The remote server returned an error: (401) Unauthorized.

Server stack trace:
at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory`1 factory)
at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory`1 factory, WebException responseException, ChannelBinding channelBinding)
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Ews.Client.IDataExchange.GetUpdatedAlarmEvents(GetUpdatedAlarmEventsRequest1 request)
at Ews.Client.DataExchangeClient.GetUpdatedAlarmEvents(GetUpdatedAlarmEventsRequest request)
at Ews.Client.EwsClient.ExecuteAndLogCall[TRequest,TResponse](String methodName, TRequest request, Func`2 methodToLog)
at Ews.Client.EwsClient.GetUpdatedAlarmEvents(String lastUpdate, Nullable`1 priorityFrom, Nullable`1 priorityTo, String moreDataRef, String[] types)
at SmartConnector.Extension.CMMS.UpdateProcessor.ProcessAlarmsForWorkOrder(EwsClient clientObj)
,[],
2021-08-25 17:05:26.6992,Info,Processor,<no principal>,Validation Prompt for CMMS Update Processor: MayNotContinue : The HTTP request is unauthorized with client authentication scheme 'Digest'. The authentication header received from the server was 'Digest realm="ews@SxWBM",qop="auth",algorithm="SHA-256",nonce="693B5DE4F03FED82FA077138C273380801990ED2701C462DB7E01B2CE575828F1FA7B94F68B320B638B51A4F",opaque="1855AA"'. ,

Thanks!

Juh

ardak · ‎2021-08-25

Hi,

For how long did this work before failing? Minutes, hours or years? 🙂

A couple of possibilities to look at:

1. If you are using HTTP, you may exhaust EBO sessions if you send a lot of EWS Requests. Try setting upp HTTPS.

2. Double check your EWS user. Make sure that it is (still) on the default domain in EBO. If the default domain is changed, you need to add it to the EWS user string (e.g. "my_domain/my_user" ). If the domain is the default one, this can be omitted.

BR

Armend

Erwin-vd-Zwart · ‎2021-08-25

Digest is a authentication method so if you are doing a http request to a remote URI, i think you need to add a c# class to make that possible

ardak · ‎2021-08-26

Hello Erwin,

Thank you for your input! Not sure if you intended to answer me or the original poster, but:

The smartconnector framework has helper classes which manage authentication. From the log output, it looks to me like these are being used, so digest authentication is probably being used here.

Furthermore, the poster states the extension was working for a while, which makes one of the two suggestions above more plausible.

Thanks again,

Armend

sesa145614_brid · ‎2021-08-26

Hi,

For 1. If you are using HTTP, you may exhaust EBO sessions if you send a lot of EWS Requests. Try setting upp HTTPS.

Do you mean that I just change the Server URL from http to https?

I changed it and also changed my extention EWS sever to use https but not working. Do I need to do anything beside this?

For 2nd solution:

2. Double check your EWS user. Make sure that it is (still) on the default domain in EBO. If the default domain is changed, you need to add it to the EWS user string (e.g. "my_domain/my_user" ). If the domain is the default one, this can be omitted.

Could you give me some screenshots to show me where to verify that?

Thanks!

Juh

ardak · ‎2021-08-26

This is where you can find the domain:

The one with the blue tick mark is the selected default domain.

About HTTP/HTTPS

In the screenshot you attached, you show EBO connecting to a (probably smartconnector?) EWS Server. This is not where the logged errors come from.

It looks like your processor uses EWS to communicate with an external EWS Server, and that's where these errors are coming from. Probably configurable in your code or smartconnector portal.

BR

Armend

sesa145614_brid · ‎2021-08-27

I think changing the following settings fixed my problem.

1. Uncheck Redirect web clients to https

2. Check Allow authentication with MD5 hash

EBO Security Settings.jpg

Thank you Armend!

Juh

ardak · ‎2021-08-27

Great! This means that #1 was the issue. This option make communication between smartconnector and EBO insecure. This may or may not be an issue for your setup.

If you want to switch to HTTPS, which is most likely preferable in a production environment, you need to generate a certificate in EBO if you haven't done so yet, install it on the computer and change the URL for you EBO EWS Server Address in your smartconnector extension to the corresponding HTTPS one.

Best of luck

Armend

The HTTP request is unauthorized with client authentication scheme 'Digest'.

The HTTP request is unauthorized with client authentication scheme 'Digest'.

This is a heading