Hello all,
I have recently added a DMA as part of a cluster but can see after leaving for syncing overnight it has synced the files but is showing as in a disconnected state when viewed from other agents in the cluster.
I am getting these errors in the SLNet logs:
DmaConnections|Also failed to connect to <Newly Added DMA> via external process (expected failure): Unable to authenticate as current Windows user
Note the windows user account is correct as the dma was able to sync using the same credentials. Any steer on why this is occurring would be appreciated.
Hey Ryan,
This is a strange case. To provide some context, the inter-dma communication is done via the SLNet-service. This service runs under the SYSTEM user and thus does not use a windows user like "administrator". This server tries to authenticate with each other as the "server" itself. The user looks something like <Domain>\<Servername>$
Given this succeeded once but then started failing I would assume that one of the servers has had (un)intended changes to its security such as changes in the trust level or a loss of connection to the domain causing the servers to not trust each other.
To deep dive this I would suggest to enable the "account logon"-group policy (group policy->computer configuration->Security settings->advanced audit policy configuration) on the target machine. This will allow you to see which user is trying to use and why it is being rejected. Which could help you investigate why this fails.
For a quick workaround you can force SLNet to use a specific windows user by configuring connection strings. See Dataminer Docs
This should allow the servers to communicate as long as the used account can authenticate on the target machine.
Thanks Brent for the answer, indeed I found the issue to be with the Edit connection URIs instead of adding the IP of the newly added agent I added in the machine name.
Adding in the IP address and the agent was visible to the rest of the cluster.
Many thanks.