Disabling JAMS Server to Agent Authentication

Follow

Users may encounter a situation in JAMS where submitting a Job that runs on a JAMS Agent results in that Job's log file showing an error like the one below:

Exception while authenticating Agent Socket:
The server has rejected the client credentials.
The logon attempt failed

When JAMS runs a Job on an Agent, the Agent asks that JAMS authenticate itself.  JAMS first tries using the account that the JAMS Executor service is running under (usually Local System), and if that doesn't work we try using the account that the Job is going to run under (list on Submit Options tab of Job properties), that account is authenticated against the local machine and against Active Directory.

This error can occur in rare environments where both of these fail, perhaps due to a possible configuration issue in Windows, or when the Job is attempting to run on an Agent machine that is in its own Workgroup.

The first step when users see this error is to verify that the account that the Job should run under on that Agent machine is correct.

If users are still seeing the error after confirming that the Job is running under the proper credentials, the authentication between JAMS and the Agent can be disabled so that the Job will be allowed to start.  To do so, edit the User.config file located on the JAMS Agent machine or the Common.config file located on the JAMS Scheduler machine: 

User.config -
 
Edit this file to disable authentication between the Server and Agent for only that one specific JAMS Agent.  This file is located on the JAMS Agent machine in the Program Files/MVPSI/JAMS/Agent directory.  Once this change has been made, users will need to restart the JAMS Agent service on the Agent machine. PLEASE NOTE: Restarting the JAMS Agent service will impact any Jobs currently executing on that Agent machine.

JAMS Scheduler Common.config -
 Edit this file to disable authentication between the Server and Agents for all Agents.  The file is located on the JAMS Scheduler machine in the Program Files/MVPSI/JAMS/Schedulerdirectory. Once this change has been made, users will need to restart the JAMS Executor service on the JAMS Scheduler machine. PLEASE NOTE: Restarting the JAMS Executor service will impact any currently executing Jobs.
When editing the file, change the DisableAuthentication key value from 0 to 1 to disable it.  If the DisableAuthentication key does not exist (for example, if editing the Common.config on the Scheduler machine), users can add it to the existing Common.config file using the following syntax:

Example:

  

<?xml version="1.0" encoding="utf-8" ?>
<appSettings>
<add key="ConnectionString" value="Server=(local)\SqlExpress; Database=JAMS; Application Name=JAMS; Connect Timeout=600; Integrated Security=SSPI;"/>
<add key="DisableAuthentication" value="1"/>
</appSettings>
Have more questions? Submit a request

Comments

  • Avatar
    Herman Gerritsen

    From what version of jams-scheduler is this option available?

  • Avatar
    Gennaro Piccolo

    Hello Herman, this option is available on all versions of JAMS.