AnsweredAssumed Answered

Can I find out what method the AFSDK used for authentication, NTLM or Kerberos?

Question asked by GaryNThompson on Sep 3, 2015
Latest reply on Sep 8, 2015 by GaryNThompson

In the AFSDK on connection failure to an AFServer via the Connect method, without explicitly setting credentials, is there a way to find out whether the failed connection used Kerberos or NTLM for authentication?  I've been troubleshooting connections recently from the AFSDK using Wireshark (Client and AF Server are seperate machines in a domain) and noted that the AFSDK was not attempting Kerberos authentication and was only using NTLM.  However, when I opened up PI System explorer on the same client logged in as the same user that was executing the AFSDK based tool, I can see a failed Kerberos attempt (SPN issue) before it attempted NTLM.  I rebooted the machine and saw the AFSDK attempt kerberos and then fail over to NTLM, not sure why it wasn't attempting kerberos earlier.  For diagnostics in the application, it would be very useful to know what authentication method was being attempted and what error messages were returned (if available).  I'm doing further analysis of why NTLM failed (works sometimes, fails other times) but that's a seperate subject and I would prefer to rely on kerberos.

Outcomes