If you came to this topic looking for troubleshooting information, chances are you could not connect a Remote Session or an action failed to execute due to an authentication failure. If an additional login was requested for the Remote Session or action and the login failed, you are in the right topic; read on. If you were not prompted for another login, click the See Also link at the end of this topic to search for additional troubleshooting information.
Note: If the remote session is a Remote Application session and you specified a range of ports and could not connect, make sure that the Java Plug-in cache has been cleared. Refer to the topic, Clearing the Java Plug-in Cache, for details.
If you were prompted a second time for login information when requesting the Remote Session or attempting to execute an action on a remote asset, the reason is that the Axeda® Gateway or Axeda® Connector agent is configured to request additional authentication on behalf of a RADIUS-based authentication server at the site where the Agent is installed. You must enter a user name and password in order to connect to the asset. Check with your Platform administrator if you do not have the correct login information. To learn more about agent-side authentication, read on.
The Axeda Gateway and Axeda Connector agents support the RADIUS type of local authentication server for organizations that operate monitored assets and require third parties (for example, manufacturers) to go through their RADIUS server in order to access assets remotely. In this type of environment, users requesting Remote Sessions through Axeda® Connected Product Management Applications must enter credentials specific to the customer site (in addition to credentials already entered for logging in to the Axeda Applications) before accessing the asset.
Using the Axeda® Deployment Utility, a field service technician who is installing the asset on site can configure temporary or permanent credentials for RADIUS servers that are monitoring asset access at the remote locations. When you request a remote session through Axeda Service, Axeda® Access, Axeda Desktop Viewer, or Axeda® Access Viewer, the session is established, and, as part of establishing the session, the Axeda Gateway or Axeda Connector agent sends a message to the Axeda® Platform that additional authentication is required. The Platform presents a login dialog box for the authentication server. After you enter your user name and password for the local authentication server, the Platform sends the credentials to the agent in real time so that the agent can perform the authentication on your behalf. The Platform encrypts the credentials with a shared 128-bit key using the AES algorithm in ECB mode. Once the agent receives notification from the authentication server that the login is successful, the agent notifies the Platform and the session is connected.
This authentication also covers executing actions on the remote assets. As with remote sessions, the requested credentials are passed to the Axeda Gateway or Axeda Connector agent prior to executing an action. The agent passes the credentials to the RADIUS) to perform authentication. After receiving the results of the authentication, the Agent grants or denies the requested action (or remote session).
Refer to the document that lists supported platforms to learn which authentication servers are supported by your version of Axeda® Builder, the Axeda Gateway or Axeda Connector agents, and the Platform.
If the authentication is not successful, you will see a message concerning the reason for the failure; the remote session closes or the requested action fails to execute. The following error conditions are possible:
o Authentication provider inaccessible - Check with the administrator of the authentication server at the asset location to learn why the Agent could not access the authentication server and, if need be, take corrective action.
o Access denied - The login information was not correct. Try again; before submitting the credentials, check that you typed the correct user name and password. If this message persists, check with a Platform administrator to make sure the credentials are up to date.
o Insufficient credentials - You typed a user name but no password. Check with your Platform administrator to obtain a valid password for the user name (or a new set of credentials).