10-10-2018 09:01 AM
We have GWM 16.5 installed on a server.
We have a GM Pro 16.5 with GWM Publisher on a local machine.
We try to create a new WMS by using the new publishing workflow (e.g. no action on server side required).
When trying to create a remote service source we have to specify a machine name. By doing so we get the message "Unable to connect to MACHINE_NAME".
We can ping this machine from the client machine.
What is the prerequisites to be able to publish from a local machine?
10-10-2018 09:26 AM
Typically, your would use a domain user account that belongs to the Local Administrators group of BOTH webmap server and local GM machine.
Hope this helps.
10-11-2018 02:02 AM
This is the case but still doesn't work.
What is checked by the process? Does it need something like a windows service, installed by WebMap on server side?
Is the process able to reach a machine where GWM is not installed (just to understand)?
Nb: We would prefere not to define the publisher user as local admin of the server. What is the exact right to define?
10-11-2018 02:40 AM
Some results of additional testings:
10-11-2018 08:36 AM
Ok, lets make sure the basic shared folders are working properly...
Are you able to browse \\webmapserver\webmap publisher projects\ and \\webmapserver\webmap publisher data\ folders from your GM machine ? These are the 2 shared folders required on the webmap server. And if you are logon with a local admin account you should be able to access these 2 shared folders.
Make sure you are using the WebMap Publisher Administrator v16 U1 and there are some new entries on our documentation you might want to look at:
11-23-2018 05:41 AM
Let's take an easier example.
I have a virtual machine wich is not in the ingrnet domain (workgroup). I have a local admin account defined in this server.
Everything work fine when working directly from the server.
My client machine is in the ingrnet domain.
From there I can access the web GWM admin console and both GWM folders using UNC paths (Data and Projects). I always specify the local server admin account when asked.
I run GeoMedia from my client machine, trying to create the service by just entering the server name. I get a message saying that "SOAP security negotation with "http://SERVER_NAME:22548/WebMapPublisherRemoteService/service" failed. NB: This URL run properly in a web browser.
We are able to use other credentials for the connexion. I specify the following (same account than GWM admin console, shared folders):
I get the following error: "Access is denied, Try log with other credentials"
Each part of the process seems to be able to deal with a local admin account but not the GM Service Source Connection creation process.
Is it possible to have a working environment with client and server machine on two different domain?
11-23-2018 02:25 PM - edited 11-23-2018 02:29 PM
Creating the Service via WebMap Publisher Administrator remotely would probably require similar credential for creating new WMS/WFS instance on the Server (under AdminConsole or local GM/WebPubAdmin).
imagine using an external user account (i.e. geosystem\yly) to perform a simple task on server within the ingrnet domain. There are many trust relationship hurdles to get through before you can even login to the ingrnet domain server using geosystem\yly account, performing complex remote publishing would require even more window security configuration. I am not saying it is impossible for an account from an foreign domain (from a server within a foreign domain) to create WMS/WFS service (and publish metadata content) to a ingrnet domain webmap server (i.e. running GM/WebPubAdmin on a geosystem server and trying to create wms/wfs service on a ingrnet domain webmap server) but it would probably need many advanced Windows security setup to make it work.
I always thought you were having issue among machines from the same domain.
I would assume the remote publishing (and create service) routing is designed to work on machines within the same domain, other folks that have otherwise different experience please correct me or share your insight
11-29-2018 07:36 AM
The default behavior of the new WebMap Publisher Remote Host service is to use the local machine Administrators group membership for determining access.
This can be configured using the WebMap Publisher Remote Host service's configuration file (by default at C:\Program Files (x86)\Hexagon\GeoMedia WebMap\program\WebMapPublisherRemoteHostService.exe.config):
RemotePublishersWindowsGroupName: windows group used for service authentication
If RemotePublishersWindowsGroupName value is empty then Administrators local windows group is used.
<add key="RemotePublishersWindowsGroupName" value="" />
<add key="CachingTime" value="" />
This means that whatever users/groups you add to the local machine that is hosting are allowed to connect. One caveat, though, using ".\" as the domain in "use other credentials" means local client machine (the one running WebMap Publisher), not the target remote machine (the one to which you want to connect and which hosts WebMap).
If you are able to add the client machine's account to the target machine's Administrators group, then you would use the client machine's credentials. If you created a local user on the target machine and added it to the Administrators group, you would need to enter the target machine's name as the domain name. If you added a domain user as the target Administrators group member, you would need to enter the domain name in the domain name text box.
11-30-2018 12:39 AM
Thank you for the explanation.
So my configuration is:
Now the process goes further. It can connect to the server, getting information from it but then I get a timeout message (screenshot attached).
I can see that the WebMap Publisher folders are filled on server side but nothing is created on IIS