Architecting, installing and maintaining your SAS environment

Site-to-Site VPN to SSO SAS Environment

Reply
Occasional Contributor
Posts: 16

Site-to-Site VPN to SSO SAS Environment

Hello community

 

Current SAS version: 9.4_M3

 

Current situation: A customer, which is not in our domain, but has a user in our domain, needs to view some reports in our SAS environement which is inside our domain. We configured a site-to-site VPN, which is accessible for our customer. The idea is that they access the Visual Analytics Hub and then get an authentication window because their currently logged in user is not found in our Active Directory and they could then log in to SAS with the user we specified in our Active Directory.

The problem: They get to the "Welcome to SAS - Congratulations! You have successfully set up SAS Web Server" page. But if they try to access the Visual Analytics Hub for example, they get an error: "The DNS name does not exist INET_E_RESOURCE_NOT_FOUND".

It definitely sounds like a network configuration error, but since they can access the "Welcome to SAS" page without any problems, I doubt it's the network's fault.

 

Is there something I have to configure in our SAS environment itself to work with a site-to-site VPN?

 

 

Kind regards

Martin

Trusted Advisor
Posts: 1,737

Re: Site-to-Site VPN to SSO SAS Environment

Hello @infmja,

 

a few question, that might lead you also to answers:

 

I hope this checklist helps a bit! 

 

Please let us know how it goes.


Kind regards,

Juan

 

Occasional Contributor
Posts: 16

Re: Site-to-Site VPN to SSO SAS Environment

Posted in reply to JuanS_OCS

Hi @JuanS_OCS

 

They are not in Windows 10.

They use the Internet Explorer, but I think they tried with other browsers as well.

I couldn't find anything in the log files. Any specific log files I should have a look at?

Whitelists are configured.

Trusted Advisor
Posts: 1,737

Re: Site-to-Site VPN to SSO SAS Environment

I am referring to the logs under Lev1/Web/WebServer/logs , the logs under Lev1/Web/Logs/SASServer1_1 and under Lev1/Web/WebAppServer/SASServer1_1/logs and Lev1/Web/WebAppServer/SASServer12_1/logs

 

Did you tried to see the logs in the DNS resolver?

Occasional Contributor
Posts: 16

Re: Site-to-Site VPN to SSO SAS Environment

Posted in reply to JuanS_OCS

Thanks. I checked the logs in these folders.

I found the following, which seem related to my problem:

 

ACCESS LOG (C:\sas\config\Lev1\Web\WebServer\logs)
10.254.55.17 - - [14/May/2018:16:22:42 +0200] "GET /SASVisualAnalyticsHub/?saspfs_request_path_url=SBIP%3A%2F%2FMETASERVER%2FKundenreporting%2FUKB%2FStatistik+Portal_UKB%28Report%29 HTTP/1.1" 302 -

 

LOCALHOST ACCESS LOG (C:\sas\config\Lev1\Web\WebAppServer\SASServer1_1\logs)
10.10.130.20 - - [14/May/2018:16:22:42 +0200] "GET /SASVisualAnalyticsHub/?saspfs_request_path_url=SBIP%3A%2F%2FMETASERVER%2FKundenreporting%2FUKB%2FStatistik+Portal_UKB%28Report%29 HTTP/1.1" 302 -

 

I can't find any authorization logs for the customer who tested it. Seems correct, since he never was able to actually login.

Any ideas?

Trusted Advisor
Posts: 1,737

Re: Site-to-Site VPN to SSO SAS Environment

Hello @infmja,

 

not sure. 302 in apache is a redirect, which happens every time that you log in, because it goes from the URL, to Logon, and from Logon, to your URL again. However, you could extend the logs to DEBUG, restart web services and test, so you can gent additional information.

 

What do you get if you run the following in your VA server : ipconfig (Windows) or ifconfig (Unix) ?

And a tracert and telnet from your windows clients to the VA server?

 

Did you already involved your network guys and/or web developers? This seems to me just network configuration problems, and they can understand it well and they know your network (and can touch it!). You can of course involve SAS Technical Support (as you involved us), but in this case I think it is more an internal one.

 

As final note, I would like to recommend to check the configuration of your SAS Web Server (Apache), perhaps you would need to add additional configuration for the Virtual Server and ensure that the Web Server actually listens on the IP/DNS alias trying to be reached by the VPN DNS resolver.

 

 

 

Ask a Question
Discussion stats
  • 5 replies
  • 200 views
  • 1 like
  • 2 in conversation