3DEXPERIENCE | 3DSwym SOLIDWORKS News & Info
Log in
SolidPractices: SOLIDWORKS PDM Professional and Windows Authentication

KP
Revision History
Rev #DateDescription
1.0Mar 2020Added information about single sign on. Updated URLs and screen captures. Revised for use by customers and reset as document version 1.0
1.1Apr 2023Validated for version 2023 SP1. Updated screen captures and added new user and group features in the PDM administration tool.

Note

All SolidPractices are written as guidelines. You are recommended to use these documents only after properly evaluating your requirements. Distribution of this document is limited to Dassault Systèmes SolidWorks employees, VARs and customers that are on active subscription. This document may not be posted on blogs or any internal or external forums without prior written authorization from Dassault Systèmes SolidWorks Corporation.

This document was updated using version SOLIDWORKS PDM 2023 SP1. If you have questions or need assistance in understanding the content, please get in touch with your designated reseller.

  1. Preface:

This SolidPractice document provides information about how and when the SOLIDWORKS® PDM software authenticates against a Microsoft® Active Directory® (AD) domain controller (DC), and when the archive server sends these Kerberos V5 authentication requests to the DC. The document focuses on the SOLIDWORKS PDM Professional software version 2020, however it applies in general to both older and newer versions.

It is best to use this document in combination with instructions you find in the existing installation and administration guides for the SOLIDWORKS PDM and SOLIDWORKS PDM Professional software and with other SolidPractice guides and Knowledge Base solutions.

The administration guides are available in the SOLIDWORKS PDM installation directory under ‘\Program Files\SOLIDWORKS Corp\SOLIDWORKS PDM\Lang’ or from the SOLIDWORKS Support website at:

http://www.SOLIDWORKS.com/sw/support/Administration_guides/ServicePacks.html

This SolidPractices document references additional SolidPractices guides that you can find in the VAR Resource Center (VRC) website at:

https://www.SOLIDWORKS.com/vrc/Services/bestpractices.htm

.

Your Feedback Requested

We would like to hear your feedback and also suggestions for new topics. After reviewing this document, please take a few minutes to fill out a brief survey. Your feedback will help us create the content that directly addresses your challenges.

  1. Introduction

The Active Directory single sign-on user authentication uses the Kerberos authentication protocol to verify the identity of any user who tries to log in to a domain or access the SOLIDWORKS PDM software using a Windows® user account with rights for the relevant vault. There is currently no support for common access card and client certificate-based authentication methods.

A key feature of Windows user authentication is the Windows Integrated Single Sign-On capability. This means that after logging in to the relevant vault, a user does not need to provide credentials more than once for the same vault during the same session. This is true unless the SOLIDWORKS PDM Automatic Login option is active. In that case, the user does not need to enter any credentials because the current Windows session login provides the authentication.

Windows assigns AD user rights (such as logon rights) to groups or users. Windows creates an access token each time a user logs in. The access token is a representation of the user account and contains the following elements:

  • Individual SID. A Unique Security Identifier (SID) number that represents the logged-in user, group, or computer.

  • Group SID. An SID that represents the logged in user's group memberships.

A user's individual SID always attaches to the user's access token. When a user becomes a member of a group, the SID for that group also attaches to the user's access token.

  1. Network Authentication

Network authentication is the second part of the single sign-on process that confirms the identity of any user who attempts to access a SOLIDWORKS PDM vault.

Kerberos is the default method of network authentication within Windows domains. Kerberos most commonly uses a password, and apart from the user entering a password, the process happens automatically in the background without user involvement.

The Kerberos protocol verifies the identity of users. This takes place between a client computer and an authenticating server. Both the server and client computer identity each other.

The Kerberos authentication mechanism issues tickets for accessing network services. A ticket, issued by a domain controller, is a set of identification data for authenticating a security principle. Tickets contain an encrypted password that confirms the user's identity to the requested service.

The following diagram shows depicts the occurrence of a Kerberos ticket exchange between a client computer and the authenticating server:

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb742516(v=technet.10)?redirectedfrom=MSDN

For more information about the Kerberos authentication protocol, see the Microsoft topic at:

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc772815(v=ws.10)?redirectedfrom=MSDN)

  1. Determine Authenticating Servers

It can be useful to identify the current server to which your computer connects for authentication to ensure that you are authenticating through a server on the LAN (local area network) where possible. Ideally, it is best not to connect over the WAN (wide area network) to an alternative server miles away, or to a server in a different geographic region. This can have a negative performance impact on authentication response times. In addition, if the WAN goes down (for example issues with an internet connection or firewall), then authentication can still happen for the local users when authentication is local. Having additional authentication servers on both the WAN and the LAN improves redundancy.

From a troubleshooting perspective, knowing the authentication server to which you are connected is important to isolate this particular server in any authentication testing and analysis. This helps to more easily identify the IP address and host name of the relevant server when filtering test result data.

You can use the following commands to help identify the currently connected login server for authentication. Follow these steps:

  1. Open a Windows command prompt.

  2. Type: ipconfig /all

  3. Locate the DNS Servers line. The IP addresses of your preferred DNS servers appears on the right. The IP address at the top of this list is the primary DNS server connection. If the primary server is unavailable (due to maintenance or other reasons), then Windows uses the secondary server.

Alternatively:

  1. Open a Windows command prompt.

  2. Type the following command and then press Enter:

Echo %logonserver%

  1. Testing Tools for Analyzing Authentication Traffic

You can use an analysis tool such as Microsoft Message Analyzer or Wireshark® to record incoming and outgoing network traffic on a computer.

It is often useful to understand how long it takes for a response to a request between a client computer and a server by finding the elapsed time between requests and responses (that is, the response times). This helps you measure how well a client computer or server is keeping up and helps locate performance issues. If the response times are severely inconsistent or are longer than expected, this could indicate an issue and in turn cause delays when logging in to SOLIDWORKS PDM.

You can use the Time Delta property in Microsoft Network Monitor to filter on the difference in time. This value represents the time from the last physical frame in the network data trace.

Reduce the possibility of caching data

To reduce the possibility of caching network data (which can show old traffic data in test results), the recommendation it to use the following steps to perform a network traffic capture:

  1. Close all non-essential applications.

  2. Start the Network Monitor capture.

  3. Clear the DNS cache using: ipconfig /flushdns

  4. Clear the NetBIOS cache using: nbtstat –RR

  5. Clear user Kerberos tickets using: klist purge

  6. Clear system and computer Kerberos tickets using (Windows Vista or later only): Klist –li 0x3e7 purge

  7. Initiate authentication in SOLIDWORKS PDM or SOLIDWORKS.

  8. Stop the network monitor capture and review the results.

Add the Time Delta column in Network Monitor

Follow these steps to add the Time Delta column to the frame summary in Network Monitor.

  1. In the Frame Summary pane, right-click the table header row and then click Choose Columns.

  2. In the Disabled Columns list, select Time Delta and then click Add to move the column to the Enabled Columns list.

  3. Click OK.

After capturing the network traffic, you can filter the results by authentication traffic such as Kerberos. The following image shows use of Network Monitor.

When Does SOLIDWORKS PDM Authenticate with Active Directory?

SOLIDWORKS PDM needs to authenticate only when certain events trigger this requirement. These events are as follows.

  • Opening the local archive view within Windows File Explorer.

option from the SOLIDWORKS PDM icon in the Windows system tray taskbar. menu of an application such as SOLIDWORKS or Microsoft Word.

  • Adding a new user in the SOLIDWORKS PDM Administration tool either by right-clicking Users > New user > New user, entering the Active Directory user credentials, and then clicking OK.

    • Or, by right clicking Users > New user > New user, clicking List Users, selecting users to add, and then clicking OK.

  • Validate logins in the SOLIDWORKS PDM Administration tool either by right-clicking Users > Validate Logins.

  • Importing user’s from Active Directory into a group within the SOLIDWORKS PDM Administration tool by right-clicking Groups > Import from Active Directory. An AD query occurs after finding and adding the relevant group at this stage. For more information, see the “Importing Active Directory Users into Groups” section of the SOLIDWORKS PDM Administration Guide (Help > Administration Guide.)

  • Validate groups from Active Directory within the SOLIDWORKS PDM Administration tool by right-clicking Groups > Validate Groups from Active Directory. An AD query occurs after finding and adding the relevant group at this stage. For more information, see the “Validating Groups from the Active Directory” section of the SOLIDWORKS PDM Administration Guide (Help > Administration Guide.)

: After establishing an initial login session for a vault, it is no longer necessary to re-authenticate for the same vault until the user logs out of that vault and then logs in later to the same vault. This process applies regardless of which process triggers the initial authentication for the vault.

For example, if a user first opens a file from “VaultA” in SOLIDWORKS, this triggers authentication. If the user subsequently browses to “VaultA” from Windows File Explorer, they do not need to authenticate again, as long as they have not logged out of the vault (using the SOLIDWORKS PDM icon in the taskbar) or restarted the computer.

Common tasks such as checking in or checking out files do not require additional authentication.

  1. Authentication Testing Analysis

This following Network Monitor data capture records the authentication process on a local (LAN) domain controller. The capture includes10 tests for each PDM area of authentication. The horizontal line separates each separate authentication operation test and the start of a new set of network frame capture results.

Each authentication capture operation shows the set pairs of communications between the client computer and the server.

Notes:

  • In the Source and Destination fields with a value of Client or Server are normally the relevant IP addresses or DNS host names. These descriptions are amended for clarity. The time delta is in milliseconds. The capture includes the following errors:

    • KDC_ERR_PREAUTH_REQUIRED 
      This means that the client computer requested a ticket but did not include the pre-authentication data. Windows uses this technique to determine the supported encryption types and does not indicate a problem. Afterward, you will often see the same request sent again. However, this time the request includes the data and the domain controller issuing the ticket.

    • KDC_ERR_S_PRINCIPAL_UNKNOWN
      This means that the client computer sent a ticket request for a specific Server Principal Name (SPN) and could not locate an AD object with that SPN definition.

      This error commonly occurs because the SPN is not registered to any principal. You may want to investigate this further by identifying which principal will decrypt the ticket, and register the SPN to that account. However, sometimes the issue can occur because the SPN is registering with more than one principal in the same AD domain. In this case, the domain controller cannot determine which principal to use.

    • sPNMappings

      If you want to see the default Host to SPN mappings, use either ADSI Edit or the Ldp tool to navigate to:

      cn=Directory Services,CN=Windows NT,CN=Services,CN=Configuration,DC=[Your Domain Component]

      Review the sPNMappings attribute.

Delegation

These tests ran in a test environment without configuring delegation on the archive server.

In a production environment, if you intend to import Active Directory users into groups, and plan to use the SOLIDWORKS PDM Administration tool on a computer other than the archive server computer, you need to do the following:

  • Use the Active Directory Users and Computers console to configure delegation on the archive server by activating the option ‘Trust this computer for delegation to any service (Kerberos only)’..

    For more information, see the section “Configuring the Active Directory Domain Controller” in the SOLIDWORKS PDM administrative guide.

  1. Logging in to SOLIDWORKS PDM from Windows File Explorer

The following data shows the network traffic frames for authenticating a user who logs in to SOLIDWORKS PDM from Windows File Explorer.

FrameTime DeltaSourceDestinationDescription
730541547.195994ClientDC ServerKerberosV5:AS Request Cname: username
730560.0027981DC ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
730640.0068161ClientDC ServerKerberosV5:AS Request Cname: Username
730650.0070464DC ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
731190.3669728ClientDC ServerKerberosV5:AS Request Cname: username
731200.0026468DC ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
731270.006734ClientDC ServerKerberosV5:AS Request Cname: username
731280.0066204DC ServerClientKerberosV5:AS Response Ticket[Realm: Domainname
Total: -1547.595629
2710ClientServerKerberosV5:AS Request Cname:Username
2720.0028026ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
2800.0067248ClientServerKerberosV5:AS Request Cname:Username
2810.0065416ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
3100.0932238ClientServerKerberosV5:AS Request Cname:Username
3110.0025067ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
3190.0066959ClientServerKerberosV5:AS Request Cname:Username
3200.0064625ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total: -75.6610513
2360ClientServerKerberosV5:AS Request Cname:Username
2370.0028813ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
2440.0065721ClientServerKerberosV5:AS Request Cname:Username
2450.0067476ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
2650.0767618ClientServerKerberosV5:AS Request Cname:Username
2660.0027611ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
2730.006638ClientServerKerberosV5:AS Request Cname:Username
2740.0068029ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total: -52.7130131
2590ClientServerKerberosV5:AS Request Cname:Username
2600.0027677ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
2670.0065816ClientServerKerberosV5:AS Request Cname:Username
2680.0067424ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
2990.1079227ClientServerKerberosV5:AS Request Cname:Username
3000.002639ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
3070.0067476ClientServerKerberosV5:AS Request Cname:Username
3080.006424ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total: -68.9126387
2600ClientServerKerberosV5:AS Request Cname:Username
2610.0029847ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
2680.0066816ClientServerKerberosV5:AS Request Cname:Username
2690.0066655ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
2890.092564ClientServerKerberosV5:AS Request Cname:Username
2900.0026185ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
2970.0069529ClientServerKerberosV5:AS Request Cname:Username
2980.0065042ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total: -74.9059277
63765.7150816ClientServerKerberosV5:AS Request Cname:Username
6380.0030379ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
6450.0065394ClientServerKerberosV5:AS Request Cname:Username
6470.0068803ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
6690.0923129ClientServerKerberosV5:AS Request Cname:Username
6700.002606ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
6770.0071208ClientServerKerberosV5:AS Request Cname:Username
6780.0074279ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total: -667.3431979
96265.9820454ClientServerKerberosV5:AS Request Cname:Username
9630.0029041ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
9700.0067304ClientServerKerberosV5:AS Request Cname:Username
9710.0067252ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
9880.0791546ClientServerKerberosV5:AS Request Cname:Username
9890.0026493ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
9960.0068275ClientServerKerberosV5:AS Request Cname:Username
9970.0066497ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total: -1196.405208
1282180.9733668ClientServerKerberosV5:AS Request Cname:Username
12830.0027872ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
12900.0067428ClientServerKerberosV5:AS Request Cname:Username
12910.0066465ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
13250.0949321ClientServerKerberosV5:AS Request Cname:Username
13260.002627ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
13330.0068708ClientServerKerberosV5:AS Request Cname:Username
13340.0065819ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total: -2760.154062
161779.0513274ClientServerKerberosV5:AS Request Cname:Username
16180.0030236ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
16250.0068359ClientServerKerberosV5:AS Request Cname:Username
16270.0097642ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
16480.0891515ClientServerKerberosV5:AS Request Cname:Username
16490.0026068ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
16560.0065255ClientServerKerberosV5:AS Request Cname:Username
16570.0066054ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total: -3291.651425
1944375.8404532ClientServerKerberosV5:AS Request Cname:Username
19450.0029906ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
19520.0066578ClientServerKerberosV5:AS Request Cname:Username
19530.0068154ServerClient`KerberosV5:AS Response Ticket[Realm: DomainName
19900.1081773ClientServerKerberosV5:AS Request Cname:Username
19910.0026747ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
19980.0068879ClientServerKerberosV5:AS Request Cname:Username
19990.0082948ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total:6596.240942

  1. Logging in to SOLIDWORKS PDM from the SOLIDWORKS PDM System Tray Icon

The following data shows the network traffic frames for authenticating a user who logs in to SOLIDWORKS PDM by using the SOLIDWORKS PDM system tray icon.

FrameTime DeltaSourceDestinationDescription
2280717.9705707ClientServerKerberosV5:AS Request Cname: Username
22830.0029345ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
22900.0068091ClientServerKerberosV5:AS Request Cname: Username
22910.0070625ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total:717.9873768
4810ClientServerKerberosV5:AS Request Cname: Username
5010.2029959ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
5180.2035259ClientServerKerberosV5:AS Request Cname: Username
5260.2029223ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total:0.6094441
111355.8490036ClientServerKerberosV5:AS Request Cname: ksr5 Realm: Username
11460.202886ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
11570.2033152ClientServerKerberosV5:AS Request Cname: ksr5 Realm: Username
11620.2032646ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total:56.4584694
16615.39689ClientServerKerberosV5:AS Request Cname: ksr5 Realm: Username
16650.2027324ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
16860.2150048ClientServerKerberosV5:AS Request Cname: ksr5 Realm: Username
17150.2031275ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total:6.0177547
477097.4056427ClientServerKerberosV5:AS Request Cname: ksr5 Realm: Username
47760.2023626ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
47890.2031059ClientServerKerberosV5:AS Request Cname: ksr5 Realm: Username
48080.2004279ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total:98.0115391
518540.1620933ClientServerKerberosV5:AS Request Cname: ksr5 Realm: Username
51920.2031213ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
52090.2032925ClientServerKerberosV5:AS Request Cname: ksr5 Realm: Username
52160.2030359ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total:40.771543
5824232.0180162ClientServerKerberosV5:AS Request Cname: ksr5 Realm: Username
58680.2031231ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
58820.2032239ClientServerKerberosV5:AS Request Cname: ksr5 Realm: Username
58930.2038987ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total:232.6282619
641192.935691ClientServerKerberosV5:AS Request Cname: ksr5 Realm: Username
64150.2031345ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
64290.2093147ClientServerKerberosV5:AS Request Cname: ksr5 Realm: Username
64330.2030388ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total:93.551179
696748.7206364ClientServerKerberosV5:AS Request Cname: ksr5 Realm: Username
69880.2032382ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
69970.2031312ClientServerKerberosV5:AS Request Cname: ksr5 Realm: Username
70040.2028728ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total:49.3298786
74613.6514582ClientServerKerberosV5:AS Request Cname: ksr5 Realm: Username
74660.2030534ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
74760.2032841ClientServerKerberosV5:AS Request Cname: ksr5 Realm: Username
75000.2037158ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total:4.2615115

  1. Logging in to SOLIDWORKS PDM from an Application

The following data shows the network traffic frames for authenticating a user who logs in to SOLIDWORKS PDM from an application. This test captures authentication from Microsoft Word.

FrameTime DeltaSourceDestinationDescription
3760ClientServerKerberosV5:AS Request Cname: Username
3880.2030447ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
4320.2031806ClientServerKerberosV5:AS Request Cname: Username
4620.2033391ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
5020.8125269ClientServerKerberosV5:AS Request Cname: Username
5150.2030315ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
5320.2032723ClientServerKerberosV5:AS Request Cname: Username
5400.2029615ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total:2.0313566
1411381.19851ClientServerKerberosV5:AS Request Cname: Username
14220.2032665ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
14340.2122374ClientServerKerberosV5:AS Request Cname: Username
14550.2029223ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
15571.422736ClientServerKerberosV5:AS Request Cname: Username
15600.2032943ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
15760.2031535ClientServerKerberosV5:AS Request Cname: Username
15830.203029ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total:383.8491468
205488.796469ClientServerKerberosV5:AS Request Cname: Username
20580.2030388ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
20870.2034057ClientServerKerberosV5:AS Request Cname: Username
21020.2097465ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
21670.8182717ClientServerKerberosV5:AS Request Cname: Username
21730.2037788ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
21880.2031173ClientServerKerberosV5:AS Request Cname: Username
21910.203203ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total:90.8410311
59151032.4965ClientServerKerberosV5:AS Request Cname: Username
59190.2028991ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
59290.2038702ClientServerKerberosV5:AS Request Cname: Username
59320.2031051ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
60752.234906ClientServerKerberosV5:AS Request Cname: Username
60770.2030623ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
60870.2032228ClientServerKerberosV5:AS Request Cname: Username
60910.2030835ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total:1035.950644
6702194.50258ClientServerKerberosV5:AS Request Cname: Username
67170.203ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
67370.2033368ClientServerKerberosV5:AS Request Cname: Username
67670.2028504ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
68110.8126468ClientServerKerberosV5:AS Request Cname: Username
68290.203151ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
68410.2033885ClientServerKerberosV5:AS Request Cname: Username
68430.2032148ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total:196.5341646
777564.551252ClientServerKerberosV5:AS Request Cname: Username
77980.202897ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
78300.2032265ClientServerKerberosV5:AS Request Cname: Username
78480.2032089ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
79570.8104736ClientServerKerberosV5:AS Request Cname: Username
79620.2030531ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
79820.2032844ClientServerKerberosV5:AS Request Cname: Username
79830.2029944ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total:66.58039
960480.290735ClientServerKerberosV5:AS Request Cname: Username
96170.203001ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
96340.2041267ClientServerKerberosV5:AS Request Cname: Username
96800.2029194ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
98240.8155179ClientServerKerberosV5:AS Request Cname: Username
98480.2125955ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
98600.203199ClientServerKerberosV5:AS Request Cname: Username
98710.2030286ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total:82.335123
10734414.51038ClientServerKerberosV5:AS Request Cname: Username
107480.2034233ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
107590.2026715ClientServerKerberosV5:AS Request Cname: Username
107720.2030374ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
109442.2347044ClientServerKerberosV5:AS Request Cname: Username
109840.202857ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
109950.2121447ClientServerKerberosV5:AS Request Cname: Username
110040.2030205ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total:417.9722363
1149434.408152ClientServerKerberosV5:AS Request Cname: Username
115280.2030268ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
115440.2031781ClientServerKerberosV5:AS Request Cname: Username
115580.2029875ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
115840.4063415ClientServerKerberosV5:AS Request Cname: Username
116250.2029901ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
116330.2090577ClientServerKerberosV5:AS Request Cname: Username
116430.2043449ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total:36.0400786
1207492.008649ClientServerKerberosV5:AS Request Cname: Username
120770.2027482ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
120890.2033064ClientServerKerberosV5:AS Request Cname: Username
121000.2031312ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
121560.8130305ClientServerKerberosV5:AS Request Cname: Username
121610.203122ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
121730.2133041ClientServerKerberosV5:AS Request Cname: Username
121810.2048614ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total:94.0521526

  1. Logging in to a Vault from SOLIDWORKS (‘SOLIDWORKS PDM Add-in’ Active and ‘Automatic Windows Login’ Option Active)

The following data shows the network traffic frames for authenticating a user who logs in to the SOLIDWORKS PDM vault from the SOLIDWORKS application, with the SOLIDWORKS PDM Add in active and the Automatic Windows Login option active.

FrameTime DeltaSourceDestinationDescription
1130ClientServerKerberosV5:TGS Request
1170.006175ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
1280.0934081ClientServerKerberosV5:TGS Request
1330.0080283ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
1510.6925275ClientServerKerberosV5:TGS Request
1550.0138442ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
1890.2806379ClientServerKerberosV5:TGS Request
1930.0042645ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
Total: -50.9339003
423336.7309687ClientServerKerberosV5:TGS Request
4270.0133746ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
4370.1333598ClientServerKerberosV5:TGS Request
4420.0089968ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
4620.6926089ClientServerKerberosV5:TGS Request
4670.0166439ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
4870.301318ClientServerKerberosV5:TGS Request
4930.0109919ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
Total: -3090.733873
1210ClientServerKerberosV5:TGS Request
1250.005796ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
1440.1443401ClientServerKerberosV5:TGS Request
1480.0056075ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
1830.9003602ClientServerKerberosV5:TGS Request
1870.0092653ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
Total: -1.0653691
330128.5995829ClientServerKerberosV5:TGS Request
33050.0034845ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
33130.1046484ClientServerKerberosV5:TGS Request
33170.0031146ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
33390.5562524ClientServerKerberosV5:TGS Request
33430.0032703ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
Total: -29.2703531
153392.1721386ClientServerKerberosV5:TGS Request
153420.0033861ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
153550.0918769ClientServerKerberosV5:TGS Request
153580.0029624ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
Total: -2.270364
161232.4881041ClientServerKerberosV5:TGS Request
161260.0035796ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
161330.1239486ClientServerKerberosV5:TGS Request
161360.0031406ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
Total: -2.6187729
164992.246752ClientServerKerberosV5:TGS Request
165020.0034911ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
165090.0663839ClientServerKerberosV5:TGS Request
165120.0032269ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
Total: -2.3198539
168852.5169136ClientServerKerberosV5:TGS Request
168880.0035122ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
168980.0662104ClientServerKerberosV5:TGS Request
169010.0032535ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
Total: -2.5898897
172602.3245346ClientServerKerberosV5:TGS Request
172630.0032553ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
172730.0579693ClientServerKerberosV5:TGS Request
172760.0030544ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
Total: -2.3888136
176090.7714774ClientServerKerberosV5:TGS Request
176120.0035213ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
176210.0581616ClientServerKerberosV5:TGS Request
176240.0032354ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
Total: -0.8363957

  1. Logging in to a Vault from SOLIDWORKS (‘SOLIDWORKS PDM Add-in’ Active and ‘Automatic Windows Login’ Option Inactive or Manual Log in)

The following data shows the network traffic frames for authenticating a user when the user logs in to the SOLIDWORKS PDM vault from the SOLIDWORKS application, with the SOLIDWORKS PDM Add-in active and the Automatic Windows Login option deactivated.

FrameTime DeltaSourceDestinationDescription
53140.0008466ClientServerKerberosV5:TGS Request
53170.0061107ServerClientKerberosV5:TGS Response Cname: Username
54665.5049848ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
54670.0030562ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED (25)
54750.0064484ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
54760.0101586ServerClientKerberosV5:AS Response Ticket[Realm:DomainName, Sname: krbtgt/DomainName]
55050.1468073ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
55060.0028506ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED (25)
55280.006581ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
55290.0067969ServerClientKerberosV5:AS Response Ticket[Realm:DomainName, Sname: krbtgt/DomainName]
Total:5.6946411
60055.1361217ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
60060.0026594ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED (25)
60130.0064508ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
60140.0064564ServerClientKerberosV5:AS Response Ticket[Realm:DomainName, Sname: krbtgt/DomainName]
60440.1336028ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
60450.0025972ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED (25)
60520.0063799ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
60530.0099026ServerClientKerberosV5:AS Response Ticket[Realm:DomainName, Sname: krbtgt/DomainName]
Total:-5.3041708
65255.8373848ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
65260.0028251ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED (25)
65330.0072203ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
65360.0064719ServerClientKerberosV5:AS Response Ticket[Realm:DomainName, Sname: krbtgt/DomainName]
65580.0828321ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
65590.0026661ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED (25)
65660.006274ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
65670.0063195ServerClientKerberosV5:AS Response Ticket[Realm:DomainName, Sname: krbtgt/DomainName]
Total:-5.9519938
69916.030355ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
69920.0031735ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED (25)
69990.0065112ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
70000.0068763ServerClientKerberosV5:AS Response Ticket[Realm:DomainName, Sname: krbtgt/DomainName]
70310.0999083ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
70320.0028682ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED (25)
70390.0062148ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
70400.0074067ServerClientKerberosV5:AS Response Ticket[Realm:DomainName, Sname: krbtgt/DomainName]
Total:-6.163314
77285.6346342ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
77290.0027979ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED (25)
77360.0067241ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
77370.0065652ServerClientKerberosV5:AS Response Ticket[Realm:DomainName, Sname: krbtgt/DomainName]
77650.1799474ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
77660.0028372ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED (25)
77730.006286ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
77740.0068458ServerClientKerberosV5:AS Response Ticket[Realm:DomainName, Sname: krbtgt/DomainName]
Total:-5.8466378
853816.67915ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
85400.0029779ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED (25)
85470.0083393ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
85480.0104938ServerClientKerberosV5:AS Response Ticket[Realm:DomainName, Sname: krbtgt/DomainName]
85790.1030921ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
85800.0028301ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED (25)
85870.0062555ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
85880.0066889ServerClientKerberosV5:AS Response Ticket[Realm:DomainName, Sname: krbtgt/DomainName]
Total:-16.819828
126198.64269ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
126200.0031236ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED (25)
126270.0064403ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
126280.011138ServerClientKerberosV5:AS Response Ticket[Realm:DomainName, Sname: krbtgt/DomainName]
126510.0897177ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
126520.003012ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED (25)
126600.0078545ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
126610.0069036ServerClientKerberosV5:AS Response Ticket[Realm:DomainName, Sname: krbtgt/DomainName]
Total:-8.7708797
131776.5569853ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
131780.0027157ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED (25)
131870.0064406ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
131880.0100123ServerClientKerberosV5:AS Response Ticket[Realm:DomainName, Sname: krbtgt/DomainName]
132130.1987031ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
132140.0029474ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED (25)
132210.00612ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
132220.0065948ServerClientKerberosV5:AS Response Ticket[Realm:DomainName, Sname: krbtgt/DomainName]
Total:-6.7905192
137258.8105237ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
137260.0028692ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED (25)
137330.0065499ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
137340.0102149ServerClientKerberosV5:AS Response Ticket[Realm:DomainName, Sname: krbtgt/DomainName]
137630.099776ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
137640.0026328ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED (25)
137710.006347ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
137720.00633ServerClientKerberosV5:AS Response Ticket[Realm:DomainName, Sname: krbtgt/DomainName]
Total:-8.9452435
141725.9494108ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
141730.0028882ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED (25)
141800.0066244ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
141810.0098296ServerClientKerberosV5:AS Response Ticket[Realm:DomainName, Sname: krbtgt/DomainName]
142030.0922423ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
142040.0031741ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED (25)
142110.0063537ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
142120.0079818ServerClientKerberosV5:AS Response Ticket[Realm:DomainName, Sname: krbtgt/DomainName]
Total:-6.0785049
148836.8675993ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
148840.0028098ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED (25)
148910.006757ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
148920.0066018ServerClientKerberosV5:AS Response Ticket[Realm:DomainName, Sname: krbtgt/DomainName]
149150.1428133ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
149160.0026196ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED (25)
149230.0063329ClientServerKerberosV5:AS Request Cname: Username Realm:DomainName Sname: krbtgt/DomainName
149240.0064948ServerClientKerberosV5:AS Response Ticket[Realm:DomainName, Sname: krbtgt/DomainName]
Total:-7.0420285

  1. Logging in to a Vault from SOLIDWORKS (‘SOLIDWORKS PDM Add-in’ Inactive and ‘Automatic Windows Login’ Option Active)

The following data shows the network traffic frames for authenticating a user when the user logs in to the SOLIDWORKS PDM vault from the SOLIDWORKS application, with the SOLIDWORKS PDM Add-in deactivated and the Automatic Windows Login option is active.

FrameTime DeltaSourceDestinationDescription
179772.906483ClientServerKerberosV5:TGS Request
179800.003484ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
179900.1554982ClientServerKerberosV5:TGS Request
179930.0041782ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
Total: -3.0696434
4770.3812142ClientServerKerberosV5:TGS Request
4800.001812ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
5170.4399737ClientServerKerberosV5:TGS Request
5200.0017818ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
Total: -0.8247817
745146.7633834ClientServerKerberosV5:TGS Request
7480.001317ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
7580.0766921ClientServerKerberosV5:TGS Request
7610.0016043ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
Total: -146.8429968
155336.6925445ClientServerKerberosV5:TGS Request
15560.0017422ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
15670.0760065ClientServerKerberosV5:TGS Request
15700.0016319ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
Total: -36.7719251
25042.4465844ClientServerKerberosV5:TGS Request
25070.0017844ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
25150.0760006ClientServerKerberosV5:TGS Request
25180.0016644ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
Total: -2.5260338
28323.5504582ClientServerKerberosV5:TGS Request
28350.0036172ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
28430.0743951ClientServerKerberosV5:TGS Request
28460.0033146ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
Total: -3.6317851
320254.2534682ClientServerKerberosV5:TGS Request
32050.003491ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
32150.0743937ClientServerKerberosV5:TGS Request
32180.0032351ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
Total: -54.334588
3572150.3776996ClientServerKerberosV5:TGS Request
35750.0030315ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
35870.121336ClientServerKerberosV5:TGS Request
35900.0030463ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
Total: -150.5051134
3861129.3647896ClientServerKerberosV5:TGS Request
38640.0035805ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
38800.0900717ClientServerKerberosV5:TGS Request
38830.0033433ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
Total: -129.4617851
411441.2429679ClientServerKerberosV5:TGS Request
41170.0035664ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
41260.074343ClientServerKerberosV5:TGS Request
41290.003179ServerClientKerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
Total: -41.3240563

  1. Authentication Testing Results Summary

The test results indicate that authentication typically takes from milliseconds to a few seconds to complete each authentication operation.

If the Time Delta is larger than you expect, this could indicate an expensive request, a slow server, or some other slow infrastructure. This may in turn need further investigation to identify the root cause of the issue.

FrameTime DeltaSourceDestinationDescription
4810ClientServerKerberosV5:AS Request Cname: Username
5010.2029959ServerClientKerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED
5180.2035259ClientServerKerberosV5:AS Request Cname: Username
5260.2029223ServerClientKerberosV5:AS Response Ticket[Realm: DomainName
Total:0.6094441

The previous image depicts the following:

  • The client takes approximately 0.20ms to request a ticket from the server (shown in blue highlight).

  • The server takes approximately 0.20ms to respond to the client with the ticket (shown in yellow highlight).

  • The total Delta Time for the pairs traced in this example is approximately 0.60ms, which indicates a good authentication time.

If the server response time is significantly higher than the client setup time, then this could indicate that the problem is on the server end, or is a related network issue. If there are any retransmissions of the request, this could indicate that the network is dropping packets somewhere, or possibly an unreliable network connection is in use (for example - connecting through wireless with a poor wireless signal).

  1. What Can Cause Authentication Delays and Issues?

This section describes some of the more common issues than can cause delays and issues when authenticating.

  1. Network Infrastructure

  2. DNS resolution

If DNS resolution fails, then the system goes to a broadcast mode to resolve the name to the IP address of an authenticating domain controller (DC) or DNS server. Crossing subnets is an issue for broadcast resolution, which causes a delay. The cause could be because something did not update with a new IP address. It could be related to a server, a client computer, or a network component.

  1. Domain controller location

To optimize latency performance, it is always best to connect to a local DC on the same LAN rather than over a WAN at a remote location. This is especially true if the DC is in a different geographical location than the location from which you are connecting. Latency is higher (longer response time) from a remote DC, which in turn means that it takes longer to authenticate the user with SOLIDWORKS PDM. This has an impact on user productivity because of the wait time

  1. TCP/IP connectivity issues

For Kerberos authentication to occur, TCP/IP network connectivity must exist between the client computer, the domain controller, and the target server. When viable, the recommendation is to use wired network connections instead of wireless network connections. To optimize reliability and performance, domain controllers should also have multiple network interface controller (NIC) cards, with multiple network patch cables that connect to redundant network switches. If you do use computers with wireless connections, ensure that the network maintains a strong wireless signal. To enjoy the best possible wireless speeds and reliability, use one of the latest generations of mainstream releases of wireless standards for both wireless access point hardware and network cards in desktop and laptop computers.

At the time of this SolidPractice update, the latest standards include 802.11ac (preferable) and 802.11n. However, it is advisable to investigate if there are any newer protocols available, because wireless technology is constantly improving.

It is also advisable to ensure that laptop and notebook computers with both a wireless adapter and a physical network adaptor are set to use a wired connection by default (when physically plugged into network) even when a wireless network connection is available. Windows defaults to connecting to a wireless network connection as a priority in the network connections order list.

  1. Time service

A DC in an Active Directory environment acts as an authoritative source of time for its domain. This ensures that the entire domain has the same time.

For Kerberos authentication to function correctly, all domains and forests in a network should use the same time source so that the time on all network computers synchronizes properly.

  1. Server delegation

You may receive some Kerberos authentication errors if you do not configure server delegation on the archive server. Although this is not visible SOLIDWORKS PDM users, these errors can appear when you capture the Kerberos authentication traffic. In a production environment, you might want to configure delegation on the archive server, which would likely reduce the number of Kerberos authentication errors. For information about how to set up server delegation, see the following documentation:

  • The section “Configuring the Active Directory Domain Controller” in the “SOLIDWORKS PDM Administration Guide.”

  1. Network User Account Configuration

It is a best practice to place users in AD groups and then apply the relevant security access to log in to their local DC. This is an especially good idea for small companies that only have a small number of users. This reduces the time that AD takes to authenticate, and reduces WAN traffic.

We hope that you find this document informational and useful and request that you leave a brief feedback about the topics that you want us to cover in the next revision of this document. Click here for a complete list of SolidPractices documents available from DS SOLIDWORKS Corp.

About 3DEXPERIENCE Platform Terms Of Use Privacy Policy Cookies