Applies To
	Product(s):	eB Web, eB Director
	Version(s):	ALL
	Environment:	N/A
	Area:	Installation
	Subarea:	N/A
	Original Author:	Priyanka Sawarkar, Bentley Product Advantage Group

Problem Description :

User were not able to login into eB Web and getting error - "I'm sorry, but I could not log you in". After selecting OK button it gives "Socket Connection was aborted ..." error message

Usually above error occurs when client - server communication doesn't go well.

Solution :

1) Open IIS manger and expand the server and select the appropriate site and Click on Authentication.

• Make sure that “ ASP.NET Impersonation” and “Windows authentication” are enabled and rest are disabled

2) Also Make sure that “Trust for Delegation” on IIS AppPool account is set.To verify use following steps:

1. Click Start, click Administrative Tools, and then click Active Directory Users and Computers.
2. Expand domain, and expand the Computers folder.
3. In the right pane, right-click the computer name for the Web server, select Properties, and then click the Delegationtab.
4. Click to select Trust this computer for delegation to any service (Kerberos only).
5. Click OK.

3)  Verify that all the users are trusted for delegation.

All users must be allowed to have their credentials delegated. This is true by default, but it will be worthwhile to verify that this is the case by checking in “Active Directory Users and Computers” that the setting “Account is sensitive and cannot be delegated” isn’t set. Refer below screenshot

4) Set UPN on client/server machine.

If the application server is running as a specific user account (i.e. bob@acme.com) then you have to set the User Principal Name as the client endpoint identity. To do this add the following to the web.config file (under appSettings):

 
<appSettings>
   <add key="Bentley.eB.DefaultTcpEndpointIdentity" value="upn:bob@acme.com"></add>
</appSettings>

Note: to find the identity of the service you can look at the Wsdl file for the service e.g. type this in the browser: https://<server>/Bentley/eB/Service/ServiceRegistry?wsdl and you will see towards the bottom of the results:

 
<wsdl:port name="NetTcpBinding_IServiceRegistry"binding="tns:NetTcpBinding_IServiceRegistry">
  <soap12:address location="net.tcp://localhost:18377/Bentley/eB/Service/ServiceRegistry/Tcp" ></soap12:address>
    <wsa10:EndpointReference>
     <wsa10:Address>net.tcp://localhost:18377/Bentley/eB/Service/ServiceRegistry/Tcp</wsa10:Address>
     <Identityxmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">
        <Upn>bob@acme.com</Upn>
     </Identity>
   </wsa10:EndpointReference>
</wsdl:port>

Attached is the document Windows Authentication with eB web server.

communities.bentley.com/.../D006964-_2D00_-Windows-Authentication-with-eB-Web-Server.docx

~ Priyanka Sawarkar