• State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 14 subscribers
  • Views 6286 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Quest Knowledge Portal Access Issues HTTP 401: Unauthorized

nicole.h.dodd.ctr
over 6 years ago

I have installed QKP on a server with IIS using Windows Authentication enabled. I am able to access QKP with the user account that I installed QKP application with. I am now trying to access QKP from my workstation with my own user account and I am recieving a HTTP 401: Unauthorized. Is there something within IIS that I need to configure that will allow an end user to access QKP from their laptop?

 

I appreciate any assistance.

 

Thanks,

Nicole

  • 0 over 6 years ago

    Hi Nicole,

    This should be covered by the following documentation section: https://support.quest.com/technical-documents/quest-knowledge-portal/2.11/install-guide/2#TOPIC-861559

    On SQL Reporting Services (SSRS) side in Home security settings I have to assign some role to this particular user (or the group containing this user). The Browser role should be enough for viewing the content in QKP. The Content Manager role is for managing folders and reports.

    On client side for my convenience in the IE Security settings I'm used to add the site with QKP to trusted sites, and then set Custom level option "automatic logon with current user name and password".

    On QKP side in IIS settings no changes needed.

  • 0 over 6 years ago
    Igor:

    I needed to run the website as the service account in IIS. Once I did, the page would then render. I appreciate the help!

    Thanks,
    Nicole
  • 0 over 6 years ago
    Please consider the following architecture points and make decisions based on your situation.
    IE (AD\jsmith) - IIS01/http://QPK - SSRS - SQL/db
    1. IE client might have Security Protection enabled (AD GPO on PC?)
    2. IIS01/http://QPK - Authenicate AD\jsmith. Also Website ApplicationPool Account to run the website. Make sure client AD\jsmith have a right to access the website (NTFS ARS, for example)
    3. SSRS http://SSRS/Reports | Security - Role "Content Manager" for AD\svc-intrust.
    4. SSRS Intrust SSRS Reports | DataSources - set use AD\svc-intrust to access SQL/intrust_audit_db
    5. SQL/intrust_audit_db - dbo for AD\svc-intrust

    (*) Note, if IIS01/QKP and SSRS and SQL are on different boxes, you might need to make AD\IIS01$, SSRS$ Computer Accounts to have "Trusted for Delegation" to be enabled in order to pass authenticated user token down the road. (it was an issue about 8 years ago, not sure today).
  • 0 over 6 years ago
    Aidar:

    I was able to use AD\useraccount to run the website and was able to successfully render the website from my workstation with my normal user account. I appreciate the help!

    Thanks,
    Nicole
  • 0 over 6 years ago
    Hi Nicole,

    I wonder if you can click "This helped me" under your own answer, will it make the whole thread green or not. Could you try?
    Thanks.