2 Replies Latest reply on Jan 6, 2011 4:54 PM by cescamilla

    AFAttribute.RawPIPoint

    fhamandi

      We have a web service that is retrieving AF and PI values, we are passing the user credentials to the service.

       

      It seems that when we  retrieve AF value we do not have an issue but when we get the AFAttribute.RawPIPoint we get the following error:

       

      "Unable to topen a session on a server. [-10431] Authentication method is disabled by current server policy "

       

       I have atttached the code were the call is made:

       

      try

      {

      if ((pipoint = osiAFAttribute.RawPIPoint as PIPoint) != null)

      {

      nalcoAFValue = pipoint.ConvertToNalcoAFValue();

      }

      else

      {

      if (osiAFAttribute.RawPIPoint == null && osiAFAttribute.GetValue() != null)

                    {

                           nalcoAFValue = osiAFAttribute.GetValue().ConvertToNalcoAFValue();

      }

      }

      catch (Exception ex)

      {….}

       

       

      My Question is around if I was able to get AF data for that user why would the PI vales fail??

       

       

       

      Regards

       

      Floyd

        • Re: AFAttribute.RawPIPoint
          hanyong

          Floyd Hamandi

          My Question is around if I was able to get AF data for that user why would the PI vales fail??
           
          Connections to PI Server and AF Server both require authentication, having access to AF Data doesn't necessarily mean that the same user gets authenticated for PI Server as well.

           

          In this case where you are accessing the value of the attribute with PIPoint data reference, you are connecting to PI Server, and in the background your user credential get passed to the PI Server for authentication together with other information like the machine name or IP and process name. 

           

          Depending on the security configuration of the PI Server, your connection to PI will get authenticated based on the credentials provided.

           

          Floyd Hamandi

          "Unable to topen a session on a server. [-10431] Authentication method is disabled by current server policy "

          This error message does indicate that the connection to PI server failed because of authentication issue.

           

          Have you created mapping or trust on your PI server to authenticate incoming connections?

           

          You can also check the PI Server's message log for the time that you get the error. There should be messages logged by PI Network Manager (pinetmgr) or PI Base Subsystem (pibasess) that talks about the login being unsuccessful. If you have already configured PI Server to accept the connections based on certain credentials, you can refer to the message and see if the PI Server is receiving the same credentials that you intend to authenticate the connection with.

           

           

            • Re: AFAttribute.RawPIPoint
              cescamilla

              If you have a PI Server 3.4.380 or greater, it handles all forms of authentication that OSI uses.  However, it is possible to disable PIUser based login while leaving PITrust and SSPI enabled.  (You can also disable PITrust, but that is really limiting your clients.)

               

              By default, PISDK clients attempt authentication of all three with PIUser as the last.  If PIUser login is disable and is attempted by the client, it can get the -10431 error.  I recommend using ServerManager, which only attempts SSPI and PITrust (not PIUser).  Plus, ServerManager does connection pooling, which is useful for web services or ASP programs.