Disabling JAMS Server to Agent Authentication using JAMS V6

Follow

Users may encounter an issue when submitting a Job that runs on a JAMS Agent resulting in the  Job's log file showing an error similar to the following:

Exception while authenticating Agent Socket:
The server has rejected the client credentials.
The logon attempt failed

When JAMS runs a Job on an Agent, the Agent asks JAMS to authenticate itself. JAMS will first attempt to use the account the JAMS Executor service is running under (usually Local System). If the account of the JAMS Executor service cannot be authenticated, JAMS will then attempt to use the account the Job is going to run under (list on Submit Options tab of Job properties), that account is then authenticated against the local machine and against Active Directory.

This error may occur in rare environments when both attempts to authenticate fail. This may be due to a possible configuration issue in Windows, or when the Job is attempting to run on an Agent machine within its own Workgroup.

 

Troubleshooting this Error

If this error should occur, the first troubleshooting step is to verify that the account that the Job should run under on that Agent machine is correct.

 

If the Error Persists

If users are still seeing the error after confirming that the Job is running under the proper credentials, the authentication between JAMS and the Agent can be disabled so that the Job will be allowed to start.  To do so, edit the User.config file located on the JAMS Agent machine or the Common.config file located on the JAMS Scheduler machine.

 

Edit the User.config File

Edit this file to disable authentication between the Server and Agent for only that one specific JAMS Agent. This file is located on the JAMS Agent machine in the Program Files/MVPSI/JAMS/Agent directory.  Once this change has been made, users will need to restart the JAMS Agent service on the Agent machine. 


NOTE: Restarting the JAMS Agent service will impact any Jobs currently executing on that Agent machine.


When editing the file, change the DisableAuthentication key value from 0 to 1 to disable it.  If the DisableAuthentication key does not exist (for example, if editing the Common.config on the Scheduler machine), users can add it to the existing Common.config file using the following syntax:

<?xml version="1.0" encoding="utf-8" ?>
<appSettings>
<add key="ConnectionString" value="Server=(local)\SqlExpress; Database=JAMS; Application Name=JAMS; Connect Timeout=600; Integrated Security=SSPI;"/>
<add key="DisableAuthentication" value="1"/>
</appSettings>
Have more questions? Submit a request

Comments

  • Avatar
    Herman Gerritsen

    From what version of jams-scheduler is this option available?

  • Avatar
    Gennaro Piccolo

    Hello Herman, this option is available on all versions of JAMS.

  • Avatar
    Daniel Hicks

    Hi, just upgraded to v7 in test, we are using this config on a couple of agents for v6. What is the equivalent setting for v7 as the user.config file doesn't exist for this agent version?
    Thanks,
    Dan

  • Avatar
    Gennaro Piccolo

    Daniel, in version 7, you want to open the properties of the agent, select the Properties tab, and disable the "Use SSPI Security to Secure Agent" feature.