Results 1 to 5 of 5

Thread: You are not authorized to use the Attunity Replicate console

  1. #1
    Steven Ensslen is offline Junior Member
    Join Date
    Feb 2013
    Location
    Wellington, NZ
    Posts
    4
    Rep Power
    0

    Question You are not authorized to use the Attunity Replicate console

    Hi All,

    I'm running 2.0.1.128 on Windows Server 2008 R2 SP1.

    Because of the way my server is configured I can not log into the Replicate Console from the local machine/console or the user that I installed it as.

    I have never successfully logged into this Attunity Replicate Console.

    I have editted my UserConfiguration.xml file so that it appears as follows:

    <?xml version="1.0" encoding="utf-8"?>
    <UserConfiguration xmlns:xsd="XML Schema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="3">
    <Role name="Admin" anonymous="false">
    <UserRef name="EQC\sensslen001" />
    <GroupRef name="EQC\AttunityReplicateUsers" />
    </Role>
    <User name="EQC\sensslen001" fullName="EQC\sensslen001" emailSource="Auto" />
    </UserConfiguration>

    This is similar to the configuration that we used on our evaluation copy, only the name of the domain account has changed. That configuration worked for remote access, this one does not.

    What do I need to do to enable acess to the Attunity Replicate Console for domain users and groups?

    Thanks,

    Steven

  2. #2
    Steven Ensslen is offline Junior Member
    Join Date
    Feb 2013
    Location
    Wellington, NZ
    Posts
    4
    Rep Power
    0

    Thumbs up Log on as Batch Job

    Any user of the Replicate Console needs to have the privilege "log on as a batch job" granted to them in the "Local Security Policy" (type secpol.msc at the start menu). Creating a group and granting this privilege to that group is a good idea.

    I also downgraded to 2.0.1.70 and switched to a domain group in the UserConfiguration.xml, whose group name does not include any spaces. I believe, but I do not have the time to confirm, that the local group did not work for local machine administrators under 2.0.1.128.

    One symptom of this problem is that log entries are not written for users who do not have this privilege. So if you get the error message in the browser but no log entry whatsoever, this is likely the cause.

  3. #3
    Join Date
    Sep 2006
    Posts
    233
    Rep Power
    10
    Attunity Replicate does not directly deal with the client authentication - this is done by the Windows HTTP subsystem between the browser and the HTTP endpoint (WCF) that Attunity Replicate uses. The product does not try to impersonate the connecting client identity or to run batch jobs with it. In fact, we regularly see users without the "log on as a batch job" privilege managing to log in.

    I suspect that this requirement results from some specific security or machine configuration on your system.
    By Dror Harari

    To Find Out more About Attunity Technology:
    Attunity
    or:
    Contact Us

  4. #4
    Steven Ensslen is offline Junior Member
    Join Date
    Feb 2013
    Location
    Wellington, NZ
    Posts
    4
    Rep Power
    0
    Quote Originally Posted by DrorHarari View Post
    Attunity Replicate does not directly deal with the client authentication - this is done by the Windows HTTP subsystem between the browser and the HTTP endpoint (WCF) that Attunity Replicate uses. The product does not try to impersonate the connecting client identity or to run batch jobs with it. In fact, we regularly see users without the "log on as a batch job" privilege managing to log in.

    I suspect that this requirement results from some specific security or machine configuration on your system.
    With all due respect, the Replicate console will not authenticate users who lack "log on as batch job". If that isn't the design then you have a defect.

  5. #5
    Join Date
    Sep 2006
    Posts
    233
    Rep Power
    10
    Steven,

    I do not want to argue with what you see - I believe that in your particular setting, you have seen that adding "Log on as Batch Job" privilege helped you resolve the log-in issue you had. However, I will repeat for the record that Attunity Replicate does not require this privilege and we have one of our QA scenarios covering this (Same Windows version, a user - domain or local - without this privilege is able to use Replicate as long as that user is listed in the user configuration file or is part of the AttnityReplicateUsers group).

    The start of this thread refers to getting the "You are not authorized to use the Attunity Replicate console" page -- getting this page indicates that the user managed to authenticate with Windows (through the browser) and that then Attunity Replicate determined that the user is not authorized based on the current user configuration and nothing else (i.e., being listed explicitly in the same way as the user authenticates with Windows or otherwise being in the specified simple domain group).

    Failure to authenticate is indicated differently depending on the browser (or its setting). In Firefox, for example, the Username/Password dialog of the browser would pop up again, indicating a log-in failure. In other case, one may get an "HTTP 401.3 Unauthorized access" or similar error.

    In case working without the "Log on as Batch Job" privilege is important to you, please work with your Attunity support contact to further analyze this specific issue you are seeing.
    By Dror Harari

    To Find Out more About Attunity Technology:
    Attunity
    or:
    Contact Us

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •