Product(s) and Version(s):
Projectwise Design Integration Server: 10.00.03.49
Projectwise Explorer: 10.00.03.49
Problem:
Users unable to login into Projectwise Explorer with IMS credentials post domain migration. They receive error 32768 when trying to login.
Users are also unable to sign in to Projectwise Web & PW Web View.
They receive “unable to sign in with Bentley IMS authentication”
Trouble shooting steps:
- Check if Bentley IMS authentication is enabled for the datasource
- On the Integration server go to C:\Program Files\Bentley\ProjectWise\bin
- Open the DMSKRNL.CFG in notepad and find the datasource listing and check to see if the STS=1 configuration is set.
- Make sure that the user is already signed into the CONNECTION Client on their computer using their Bentley IMS account credentials.
- User logging in must have a ProjectWise account associated to their Bentley IMS account
- ProjectWise Administrator, open the User Properties dialog for the user whose account settings you want to modify.
- On the Federated Identity tab, enter the user's identity name, which is the primary email address of the Bentley IMS account.
- Check to see if ProjectWise Design Integration Service (PWDI service) is running as a system account & that the server has access to internet.
- Check to make sure the required URL's mentioned in article have been whitelisted : https://communities.bentley.com/products/projectwise/w/wiki/50390/pw-web-and-ims-information
- Check the C:\Users\Public\Bentley\Logs\dmskrnl.log
- From the dmskrnl logs we found this error 32768. The following thread shows a failed TLS hand shake from BUDDI
023-03-17 08:23:56,810 ERROR [0x00002678] pwise.security.sts - BuddiTrustedIssuerResolver.TryResolveTrustedIssuerThroughBuddi: will attempt to resolve trusted issuer through: https://buddi.bentley.com/, for region code: 1.
2023-03-17 08:23:57,726 DEBUG [0x00002678] pwise.security.sts - BuddiTrustedIssuerResolver.TryGetResultFromBuddi: failed to get deserialized response from buddi. Ex: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
ERROR [0x00002678] pwise.security - Error 32768"Failed to get IRelyingPartyIdentifier instance." reported at func: security_stsGetRelyingPartyIdentifier line: 494
- Wireshark Capture shows TLS version 1.0 which is not supported by BUDDI.
Solution:
TLS 1.0 is no longer supported with IMS or ProjectWise. Please see the following link for more information
ProjectWise Security Notification | Bentley Systems
Upgrade ProjectWise Design Integration server to the latest version
If you cannot upgrade your ProjectWise Design Integration Server installation at this time, use the following steps mentioned in the link above to patch your existing installation so that it will use TLS 1.2.