Gemini Community Support Site

This Gemini community support site can be used to find solutions to product issues. You can log in using Open Id, Google Profile and even Facebook. Feel free to ask a question or browse FAQs and documentation. Product tour videos are also available along with how-to videos demonstrating key Gemini capabilities.




Gemini Stream service cannot connect to Gemini Web Application due to authentication issues

install

We recently bought a 50 user license for Gemini and Sentry. Installation has been pretty rocking so far.

The latest one below.

I am getting the error below from my event logs when I turn on the Gemini Stream service through the windows service manager.

Other information

  • Gemini Web Application Version 5.1.2
  • Gemini Stream Service Version 5.1.2
  • Windows 7 Enterprise
  • IIS 7.5
  • Windows Integrated Authentication being used for Gemini Web Application
  • Windows Integrated authentication is working for the Gemini Web Application

I have attached the Gemini Stream Service configuration file we are using.

Countersoft.Gemini.Api - IIS 7.5 Detailed Error - 401.2 - Unauthorized

Server Error in Application "DEFAULT WEB SITE/GEMINI"

Internet Information Services 7.5

Error Summary

HTTP Error 401.2 - Unauthorized

You are not authorized to view this page due to invalid authentication headers.

Detailed Error Information ModuleIIS Web Core NotificationAuthenticateRequest HandlerExtensionlessUrlHandler-Integrated-4.0 Error Code0x80070005 Requested URLhttp://wolverine:80/gemini/api/users/username/CORP!cfarah Physical PathC:\Program Files (x86)\Countersoft\Countersoft Gemini Project Tracker\Gemini Web Application\api\users\username\CORP!cfarah Logon MethodNot yet determined Logon UserNot yet determined Most likely causes:
  • No authentication protocol (including anonymous) is selected in IIS.
  • Only integrated authentication is enabled, and a client browser was used that does not support integrated authentication.
  • Integrated authentication is enabled and the request was sent through a proxy that changed the authentication headers before they reach the Web server.
  • The Web server is not configured for anonymous access and a required authorization header was not received.
  • The "configuration/system.webServer/authorization" configuration section may be explicitly denying the user access.
Things you can try:
  • Verify the authentication setting for the resource and then try requesting the resource using that authentication method.
  • Verify that the client browser supports Integrated authentication.
  • Verify that the request is not going through a proxy when Integrated authentication is used.
  • Verify that the user is not explicitly denied access in the "configuration/system.webServer/authorization" configuration section.
  • Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click here.
Links and More Information This error occurs when the WWW-Authenticate header sent to the Web server is not supported by the server configuration. Check the authentication method for the resource, and verify which authentication method the client used. The error occurs when the authentication methods are different. To determine which type of authentication the client is using, check the authentication settings for the client.

View more information »

Microsoft Knowledge Base Articles:

  • 907273
  • 253667

-

Countersoft.Gemini.Scheduler.exe.config ]
User69564
· 50
User69564
Replies (4)
helpful
0
not helpful
ANSWER

Please leave the password in the config file as blank (""). Make sure that the stream service is running under a domain account that is Gemini admin via the services control panel -> properties on the stream service and select the log on tab.


Saar Cohen
· 5000
Saar Cohen
helpful
0
not helpful

Thanks that worked. You are awesome.


User69564
· 50
User69564
helpful
0
not helpful

So we must consume a user license to use Windows authentication with Stream?


User46535
· 1
User46535
helpful
0
not helpful

At the moment, yes (although you can use an existing user's credentials). This will change in 5.1.5, which is due out December time.


Mark Wing
· 9108
Mark Wing