Authenticate Windows Domain Users for Vision Calls

Vision uses a token to make a secure call. For Windows authentication, the Proficy STS service needs to query the domain controller to retrieve groups that the user belongs to. This group information is used to validate the Windows user.

Troubleshooting Windows Authentication

By default, the local system account is used to run the Proficy STS service. In most cases, the local system account can retrieve user group information by querying the domain controller. However, your environment may restrict this local system account from performing this query against the domain controller. In this case, the Windows domain user cannot be validated and no security token can be issued, thereby rejecting the Vision call.

To solve this problem, run the Proficy STS service under a domain user account. This enables this service to query the domain controller.

Note: If this solution fails, assign the domain account to be a member of the local administrator group, and then try again.