I’m trying to troubleshoot an issue with our PIWebAPI, using Basic authentication, not being able to get data from our PI Data Archive. Up front, I’m not super familiar with permissions in PI, so please forgive me if I sound like I have no idea what I’m talking about.
Our setup looks something like this:
What we’ve done so far:
- I have removed the second PIWebAPI Server from the load balancer for now to simplify troubleshooting.
- Set the Authentication attribute to “Basic” on API1’s System Configuration
- On the API1 we created a local user (non-domain user) for the external client to use to access the PIWebAPI.
- I have not created a mapping on to this user on the AF database; I get this error when attempting to find the user: Cannot connect to the PI Data Archive. Windows authentication trial failed because the authentication method was not tried. Trust authentication trial failed because insufficient privilege to access the PI Data Archive.
- If I manually type in API1\UserName I get an error that states: The account name is invalid.
- We have done nothing regarding permissions to the PI Data Archive
Anonymous authentication works fine. The local user we created can authenticate to the PIWebAPI, but cannot get any data from the PI Data Archive. It fails with the following error: Cannot connect to the PI Data Archive. Windows authentication trial failed because the authentication method was not tried. Trust authentication trial failed because insufficient privilege to access the PI Data Archive.
Kerberos is failing with the same error, but I can query the search database.
I’m think that I either need to figure out the mapping issue on the AF server or we need to create a user on the PI Data Archive. So my primary question is, where is the breakdown happening, at the AF Server or the Data Archive? Also, any ideas why I’m having issues when trying to search for a user in the Mappings screen in the AF database (I believe this is an issue with the load balancer... are we missing a port or something on the LB; does it have to be done on each node individually)?