PI-AF Notifications using PI Vision Screenshots (and PhantomJS)

Discussion created by Craig_Sempf on Sep 18, 2019
Latest reply on Oct 4, 2019 by jyi

Of multiple sites that have this useful function setup and working nicely, one installation has a user permissions/credentials issue that we can not resolve.


Any basic PI Vision type screenshot notification returns a 401 error (as image of opened webpage). Screenshots of custom built web pages using the PI Web API return a correctly opened web page (banners etc), but no PI-AF/PI data is returned within.


However, when logged in to the PI-AF server with the domain based service account (which runs the notification services, and PhantomJS) all pages open successfully in both IE and Chrome and return all required data. 


This suggests that it is not a web-security / kerberos issue and something related to either PI user permissions, or something unique to how PhantomJS is handling credentials that is difficult to troubleshoot (being a headless browser).


We can somewhat replicate the problem by removing the PI Vision / PI Web api server addresses from the "local intranet sites" in the security settings of Internet Explorer.


I guess the intent of this post is to see if anyone has become intimate with PhantomJS and how it handles kerberos/credentials when called by the notifications service, and has any advice on troubleshooting an issue that can't be replicated on other browsers.



Note: PI-AF, WebAPI, Vision etc are all at latest versions. We are using 3rd party SSL certificates. No certificate warnings/errors for any domain user account in both IE or Chrome. Everything else is working fine, except for PhantomJS browsed pages.


Any help or tips much appreciated!