Using Windows Domain Authentication breaks everything!

Discussion created by tpcolson Champion on Apr 5, 2013
Latest reply on Apr 5, 2013 by tpcolson
With the following set up:

  1. MS SQL 2008 R2

    1. A versioned feature class

    2. Windows ACL Group "Users" mapped to DBO and full control of all tables

    3. Users in "Users" can access and adit the FC through Arc Map

    4. SQL Geodatabase successfully registered and validated in the data store

  2. Arc GIS Server

    1. Windows Domain User Store

    2. Windows Domain Role Store

    3. Authentication Tier = Web

    4. Authentication Mode = Web

    5. The "Users" group has been granted access through web-based ArcGIS Server Manager to:

      1. A map service

      2. a Geodata service

      3. IIS

        1. Anon Authentication Disabled

        2. Windows Authentication Enabled

        3. A folder called "Folder" to which the "Users" group has been granted access

        4. This setup has worked well for non-SQL-backed map and geodata services. Here's the problem:
          Architectural Survey Line layer failed to load: Fault code: Channel.Security.Error
          Fault info: Security error accessing url
          Fault details: Destination: DefaultHTTP

          Research suggests I should be using Crossdomain.xml, which I've copied to just about every single folder there is, same problem.

          When using http://[FQDN]/arcgis/rest/services/CRGIS_EDIT/ to define the operational layer in the Flexviewer builder, using the ArcGIS admin account or my windows account will allow access to the service.

          I can view http://[FQDN]/arcgis/rest/services from any browser, any computer, no problem.

          Clearly I'm missing something obvious here, what is it? We cannot use local security per organizational policy, it's Windows AD or nothing. Thanks!