Configure ProjectWise datasource for Single Sign On

Background
After following this procedure, when logged on to a Windows machine as a domain account that exists as a user in ProjectWise, the user will automatically be logged into the ProjectWise datasource in ProjectWise Explorer or Administrator

Steps to Accomplish
1.On the ProjectWise Integration Server, browse to the PW installation directory
c:\program files (x86)\bentley\projectwise\bin (Pre-SS4 versions)

c:\program files\bentley\projectwise\bing (SS4 + higher)

2. open dmsknrl.cfg in notepad

3. at the bottom of the file in the appropriate datasource section add the line “SSO=1”

example

[db0]
Description=datasource
Type=Microsoft SQL Server
InterfaceType=ODBC
Name=servername
DBUserName=sa
DBUsrPwdDecrypt=4
DBUserPassword=#UCEEM7s54ZRWqZt3RpaXREsuskgcxxv9+bzLUgGBqq5Butrg
SSO=1

PW login problem

A user can’t see the datasource. The error code is 58063

Even with the admin login, PW still can’t be logged in. After hardware checked, found a wireless connection for a device ‘IPAQ’ connected to an internal network for PM work. It creates a mask for this workstation.

It shows that there are two network connections on the workstation and changed the workstation IP address to different network from the server

The IP is 169.245.x.x

After unplugged the usb connection, PW works and the IP address is changed back to

198.162.xxx.xxx, same network as the server.

Subnet problem

The problem could be solved after adding the specific machine in the dmskrnl.cfg file.
The label on the left does not matter. You can add something like this:
PWCLIENT = 10.9.4.15 255.255.255.0
The first number is the ip address of the client; the second number is the subnet mask

Windows XP has an Internet Connection Firewall feature. After you have installed some hotfixes this feature is enabled automatical ly. As a result service ports are blocked. In order to open the ports, please go to My Network Places—>Local Area Connection—- >Properties—–>Advanced, here uncheck the “Internet Connection Firewall” checkbox. Reboot the system.

If you have WinXP S ervice Pack 2, as an alternative to disabling Internet Connection Firewall, you may instead add the SentinelLM service as an excep tion that does not get blocked. To do this, follow these instructions:

Click on Control Panel –> Windows Firewall.
On the Windows Firewall window, click on the Exceptions tab.
Click the Add Program button.
Click the Browse button on the Add a Program window and browse to your SentinelLM install directory–the default for version 7.2 is C:\Program Files\Rainbow Technolog ies\SentinelLM 7.2.0 Server\English
Select the lservnt.exe file and click Open.
You should now see lservnt.exe in the Progra ms and Services listing in the Exceptions tab.
Click OK and close out of the Windows Firewall window.
Reboot your computer.< CR>
You should now see your server listed if you look under Subnet Servers when running WLMAdmin.

DCOM or Schannel errors

msg: ‘A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.’

In Group Policy Editor (run: gpedit.msc), went to Computer Configuration > Administrative Templates > System > Distributed COM > Application Compatibility and enabled “allow local activation security check exemptions”

No more Schannel or DCOM errors now!

disabling “Use TLS 1.0” in IE’s Advanced Option