6 Replies Latest reply on Jul 21, 2016 8:33 PM by Bryan Owen

    Connect to an AD AF Server from a service that is on a non-AD machine


      I am wondering if the following configuration is valid:


      Machine 1: AF Server logged into active directory

      Machine 2: Contains a service, written by me, that needs to connect to AF Server, and is not connected to Active Directory.


      Right now when I start the service I get the message "Cannot connect to server 'DAVEAFSERVER'.

      When I run the same code as a process, an AF Server login comes up and accepts the AD credentials.

      I tried altering the service "Log In" properties in Windows to reflect my AD credentials, but Windows will not let me save them since it doesn't know about that AD user.

      I tried using Credential Manager to save the proper credentials, but apparently the service can't see that entry, I am guessing because I create the entry for the logged in user, not for the service.

      I tried using SMT to create a PI Mapping between my non-AD Windows user name and a PI Identity that I have configured (also tried a PI Mapping to piadmins) - both come back with an error "RPC Invoke failed [1332]. No mapping between account names and security IDs was done."


      The stuff works if both machines are AD or both are non-AD, so I just wanted to know if there is a way to configure this to work, or if I should discourage such an attempt if my customers ask about it. I just happened to run into this doing some casual testing in a VM so I can see it happening to a customer.