In this scenario, there are two sub-domains which is a part of the parent domain. In order to configure windows authentication in such a scenario, what are the prerequisites and how to troubleshoot?
Error Message: Error example that we see in the event logs
Applications log -> Microsoft -> Windows -> NTLM
The prerequisite are as follows,
- Enable Windows authentication in IIS, and make changes in the web.config file of Orchestrator
- Import the users from Active Directory
- Ensure the users under which application pool is running should have read access to Active Directory. To check which user under which application pool is running, go to IIS -> Application Pool -> UiPath Orchestrator
- If there are two sub-domains involved, ensure that there is two - way trust relationship between both the sub-domains. In order to confirm the same, login into the system / machine which is in sub-domain for ex abc.com with a user account which is in another sub-domain def.com . This will help us validate the relationship, at the same time the IT team should confirm on the same.
- By default , Orchestrator uses NTLM authentication for windows account. To ensure traffic coming from NTLM server is allowed , we have to ensure that the policy Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options should say "Allow all"
However, if the above prerequisite do not help perform the below,
Troubleshooting Steps
- Check the event viewer logs Applications log -> Microsoft -> Windows -> NTLM to see for any error , and take appropriate action accordingly.
- Also follow the How to turn on NTLM audit logging on a Windows 2008 DC to troubleshoot NTLM authentication errors for Web Gateway documentation to understand how to enable NTLM logging .