Applies To | |||
Product(s): | eB Information Manager | ||
Version(s): | 15.x.x, 16.X.X | ||
Environment: | N/A | ||
Area: | Login, User Access | ||
Subarea: | Windows Authentication | ||
Original Author: | Dennis Chan, Bentley Product Advantage Team |
Problem Description:
User setups eBweb to use windows authentication to login, but gets the following error - "I'm sorry, but I could not log you in."
Cause:
If the eB application server and the eB web server are on different machines, then possibly Kerberos Authentication and Impersonation are not set correctly between the two servers.
Solution:
On the web server
- Go to the root folder where the eB website is deployed to.
- Edit the the web.config file.
- Add the following three keys under <appSettings>:
<add key="Bentley.eB.AllowNtlm" value="false"/>
<add key="Bentley.eB.TcpOnlyDomains" value="*"/>
<add key="Bentley.eB.DefaultTcpEndpointIdentity" value="upn:username@domain.com"/>.
(Change "username@domain.com" to the service account that starts the eB Manager Service.)
Then on the AD
- run the “Active Directory Users and Computers” mmc snap in.
- Click the Delegation tab.
- For both the eB application server and the eB web server, select the “Trust this computer for delegation to any service (Kerberos only)” option.
Bentley internal document:
http://ebprod.bentley.com/eBProd/Framework/Object.aspx?o=41769&t=3&i=view
Workaround:
N/A.