5 Replies Latest reply on Jun 22, 2018 8:26 AM by gregor

    Cannot connect to PI AF remotely but locally

    Weikang

      Hi,

      I am trying to connect to the PI system explorer remotely but it keeps rejecting my credential and saying "Connection attempt failed". However, when I RDP onto the actual machine that hosts the PI AF & PI DA, I am able to use the same credential to login PI system explorer, and PI DA is connected as well.

      Then when I try to connect it using the code below to it remotely

      PIServer myPIServer = myPIServer = PIServer.FindPIServer("xxx");

                  try

                  {

                      myPIServer.Connect();

                  } catch (Exception e)

                  {

                  }

      it seems the server is found, but the PI DA rejects my connection

      the logs were

      6/21/2018 4:46:08.13219 PM, , Information, Disconnected ID: 143 ; Process name: PIConnectionTester.vshost.exe(3236):remote(3236) ; User:  ; OS User:  ; Hostname: ; IP: 160.36.57.180 ; AppID:  ; AppName: , pinetmgr, , Connection Information, , , , , , , , ,

      6/21/2018 4:46:08.13216 PM, , Debug, ID: 143; Duration: 0. min.; kbytes sent: 0.140625; kbytes recv: 0.4599609; app: ; user: ; osuser: ; trust: ; ip address: 160.36.57.180; ip host: , pinetmgr, , Connection Statistics, , , , , , , , ,

      6/21/2018 4:46:08.13211 PM, , Information, Deleting connection:  PIConnectionTester.vshost.exe(3236):remote(3236), Asynch read failed. [2] The system cannot find the file specified., ID: 143  160.36.57.180:65229, pinetmgr, , , , , , , , , , ,

      6/21/2018 4:46:07.17052 PM, , Information, Unsuccessful login  ID: 143. Address: 160.36.57.180. Name: PIConnectionTester.vshost.exe(3236):remote. Credentials used: UTK\wwang72. Method: Trust. Error: [-10413] No trust relation for this request, pinetmgr, , , , , , , , , , ,

      6/21/2018 4:46:07.17036 PM, , Debug, Trust request from: <domain>\<id>|<machine>|<ip>|PIConnectionTester.vshost.exe failed: [-10413] No trust relation for this request (0), pibasess, , , , , , , , , , ,

      6/21/2018 4:46:07.14833 PM, , Information, Connection accepted:     Process name:  PIConnectionTester.vshost.exe(3236):remote(3236) ID: 143, pinetmgr, , , , , , , , , , ,

      6/21/2018 4:46:07.14746 PM, , Debug, PInet accepted TCP/IP connection, cnxn ID 143 Hostname: , 160.36.57.180: 65229, pinetmgr, , , , , , , , , , ,

       

      Do you know what would be the problem? How can I resolve it?

        • Re: Cannot connect to PI AF remotely but locally
          Steve Boyko

          Have these credentials been set up in the AF security for that server to allow access? It's possible that when connecting locally, you authenticate differently to the AF server.

          1 of 1 people found this helpful
            • Re: Cannot connect to PI AF remotely but locally
              Weikang

              Yes. I have added my credential to AF security and DA security (trust & mapping). Both are administrators.

                • Re: Cannot connect to PI AF remotely but locally
                  Steve Boyko

                  It looks like your connection tester is trying a PI DA connection, not a PI AF connection. PI DA and PI AF have their own security setup, so they must be treated separately.

                   

                  One question - is the PI DA & AF server on the same Windows domain as your client?

                   

                  PI DA

                  Based on the log you provided, it looks like your connection tester is trying to use a PI trust and failing.

                  Debug, Trust request from: UTK\wwang72|FNET52|160.36.57.180|PIConnectionTester.vshost.exe failed: [-10413] No trust relation for this request (0), pibasess

                  Your mapping must not be matching UTK\wwang72 and/or your trust isn't matching the above either.

                   

                  PI AF

                  If you attempt to connect using PI System Explorer, you get the prompt above? That indicates the AF mapping didn't work.

                  2 of 2 people found this helpful
                    • Re: Cannot connect to PI AF remotely but locally
                      Weikang

                      Thank you so much!!! That was really helpful!!! I just rechecked the trust mapping, the "Network Path" column should be the hostname not the host address. After I changed "<hostname>.<department>.<university>.edu" to "hostname", I was able to connect to the PI DA. I will double check the PI AF security settings and get back to this ticket soon.

                        • Re: Cannot connect to PI AF remotely but locally
                          gregor

                          Hello Weikang,

                           

                          Please allow me to clarify that trust and mapping are 2 different authentication options. With a PI trust you use information which are transferred when a connection is made like IP address or the Windows identity of the connecting user. The more information you use the more restrictive and hence the more secure is a PI Trust. Finally you assign a PI Identity to be used with the trust. When you create a PI Mapping, you map a Windows Active Directory security principals (User, Group, Computer, Built-in or service account) to a PI Identity.

                           

                          We recommend to obfuscate information about your infrastructure when posting publicly which is what you do when you post at PI Developers Club. You don't like to expose your infrastructure to a potential attacker and for this reason do not use the real IP addresses, machine names and network domains. I assume you know all this and obfuscated the information you've posted.

                          3 of 3 people found this helpful