I've recently installed PI Server in Azure virtual machines for a client. I had a problem with the installation of PI Vision, in which I couldn't log into the Vision regular web page or the administrator page (even in the web browser of the PI Vision Server). I contacted OSIsoft support and they found another suppport case of an installation of Vision in Azure that suggested that for some reason Vision was not able to access the local groups created upon installation (PI Vision Users and PI Vision Admins) to verify if the user trying to access vision should be authenticated. The workaround that they used, that also worked for me, was explicitly defining the domain group for the users and the domain group for the administrators of Vision in the web.config files of both pages (regular and admin), by adding keys in the app-settings section, like this:
<add key="VisionAdmin" value="domain\group1" />
<add key="VisionUser" value="domain\group2" />
However, in my case there is a requirement to add two different domain groups as PI Vision Users (let's say group2 and group3). None of the following attempts worked:
<add key="VisionUser" value="Domain\group2, Domain\group3"/>
<add key="VisionUser" value="Domain\group2" />
<add key="VisionUser" value="Domain\group3" />
<add key="VisionUser" value="Domain\group2; Domain\group3" />
I've contacted OSIsoft again and it was suggested that an extra domain group is created, in order to add the two domain groups for the users inside it. This way the new domain group could be placed in the web.config files. That should work, however I was asked to search if there is another way to solve this, without creating an extra domain group.
Is there anyway to accomplish this directly on the vision server VM?
If not, what would be the domain controller or Azure settings to allow Vision to access the local groups for authentication?
Thanks in advance,