This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Is there a good “Integrated Windows Automatic login” howto document?

Is there a good complete resource for setting up SolarWinds web server for integrated windows authentication, specifically while being in a cluster? 

By “integrated windows auth”, I mean where it uses the currently logged in user information from windows and does not prompt for login/password.

 

I’ll add a post about what I have done and where I am currently, but I primarily want to know if there is a good how-to page already out there for this.

Parents
  • Here's where I am:

    * Orion version: 2022.4.1

    * additional web server: orionwebserver1.example.com

    * polling engines, web servers, and workstations are all in the same domain.

    * DNS alias orion.example.com that points to the above server name

        *  This will eventually be on the F5 load balancer, but a DNS alias should be a good proof of concept.

    * In Orion ->  Settings -> All Settings -> Web Console Settings -> Windows Account Login: enable automatic login

    * if I go to the server by it’s name, orionwebserver1.example.com, then I am not prompted for credentials, it just uses my current logged in user.  So I know it *can* handle Windows integrated authentication. 

    * If I go to https://orion.example.com, then it goes to the login.aspx page.  I can login, where I have to type my username and password.

    * I created a user, "DOMAIN\OrionWebServers"

    * In IIS Manager, I change the "SolarWinds Orion Application Pool" Identity to a custom account with the user I created above.

    *  Also in IIS manager, went into the site “SolarWinds NetPerfMon” -> Authentication.  Make sure Windows Authentication is enabled. 

    * I added the SPN “HTTP/orion.example.com” to the user created above.

    * I added the user to the local IIS_IUSRS group (just for debugging I even added the user to the local administrators group)

    * I configured the user account to be "Trusted for delegation."

     

    Still https://orion.example.com goes to the login page, but going to the server name logs right in without prompting.  What am I missing and is there any way to debug it?

Reply
  • Here's where I am:

    * Orion version: 2022.4.1

    * additional web server: orionwebserver1.example.com

    * polling engines, web servers, and workstations are all in the same domain.

    * DNS alias orion.example.com that points to the above server name

        *  This will eventually be on the F5 load balancer, but a DNS alias should be a good proof of concept.

    * In Orion ->  Settings -> All Settings -> Web Console Settings -> Windows Account Login: enable automatic login

    * if I go to the server by it’s name, orionwebserver1.example.com, then I am not prompted for credentials, it just uses my current logged in user.  So I know it *can* handle Windows integrated authentication. 

    * If I go to https://orion.example.com, then it goes to the login.aspx page.  I can login, where I have to type my username and password.

    * I created a user, "DOMAIN\OrionWebServers"

    * In IIS Manager, I change the "SolarWinds Orion Application Pool" Identity to a custom account with the user I created above.

    *  Also in IIS manager, went into the site “SolarWinds NetPerfMon” -> Authentication.  Make sure Windows Authentication is enabled. 

    * I added the SPN “HTTP/orion.example.com” to the user created above.

    * I added the user to the local IIS_IUSRS group (just for debugging I even added the user to the local administrators group)

    * I configured the user account to be "Trusted for delegation."

     

    Still https://orion.example.com goes to the login page, but going to the server name logs right in without prompting.  What am I missing and is there any way to debug it?

Children