As long as Coresight is not running on port 443 (can check within IIS), I wouldn't think that's the issue.
The message you see in the command window seems to indicate that we don't have proper permissions to access the databases. Have you been able to confirm that this user is able to access the PI Data Archive and/or AF servers configured?
Is this a new installation? If not, has any testing ever been done previously?
Here's a PI Square thread that may help, and has some links to a few resources that we can check / keep in mind throughout: Authorization has been denied for this request
Thanks for the response.
I have been able to confirm that this user is able to access both the PI Data Archive and AF Servers using AF Explorer, DataLInk, ProcessBook, AF Builder, and SMT.
This is a relatively new installation for testing and learning to use both AF SDK and WEBAPI. I have successfully used and extended the AF Wrapper to be able to search down the AF tree to be able to display Children and the values of the child attributes relative to the context of the PRocessBook display. This user can access Coresight, create Coresight displays with PI data, and traverse the AF tree.
Now, I am moving on to use the WEBAPI and to create new Coresight symbols. I started with the WebAPI example.
I chased down the three references in the link you sent and they do not seem to apply.
Thanks for your response.
PI Web API is a self-hosted web service. If you like to stop or start it, please do this by stopping or starting the service via services.msc or Microsoft Management Console. You can also use net stop / net start command but please don't call the executable in a command prompt.
Kerberos authentication means authentication without the requirement to transfer username and password over the wire. Kerberos works based on tickets. There are more discussions about Kerberos authentication with PI Web API on the forums which may contain useful information for you e.g. this one.
I suggest to start simple and use Internet Explorer to browse PI Web API. Internet Explorer because it comes with built in Kerberos support but you will likely have to tweak the settings. Likely the first issue you will run into is that the self-signed certificate is considered untrusted. You need to import it to the client machines trusted certificate store. KB01223 - Kerberos and Internet Browsers describes how Internet Explorer and other browsers can be configured as Kerberos clients.
As soon as Kerberos authentication works in IE, you are ready to create your first custom application to interact with PI Web API. Under the assumption you are creating a command line application which is supposed using the credentials of the logged on user, you don't need to care at all for submitting credentials with your request because the application will use the context of the user logged on to the clients operating system to authenticate.