One very nice feature that Vision has over Advantage (Deltek), is that you can enable integrated authentication so that the user's windows account is used to authenticate them to the Vision application. This was fairly straight forward to setup within Vision, just check the integrated enabled checkbox and specify the network domain for the user. Each user can be setup for integrated or non-integrated.
We are using Windows 2008 Std Server which puts us on IIS 7. For IIS, the Vision site must be set to Windows Authentication enabled (all others disabled); the VisionClient site must be set to Anonymous Authentication enabled (all others disabled).
With these settings, things may work just fine for accessing Vision. However, we were getting a server authentication box whenever we tried to load Vision. This was generated by the server, and no username/password/domain combination would work. After several hours of searching by myself while I waited for a callback, the Deltek technical support person was able to pinpoint the problem with a little thinking. The solution: disable Kernel-mode authentication.
To disable kernel-mode authentication in IIS 7, browse to the site, double click on the Authentication icon, click on Windows Authentication, click advanced settings (on the right hand pane). Uncheck "Enable Kernel-mode authentication"
Very helpful information. Thanks Ron.
ReplyDelete