DX Unified Infrastructure Management

 View Only

 url_response Result: 401 The requested resource requires user authentication for CA Service Desk Manager welocme page

Stefan Pivoda's profile image
Broadcom Employee Stefan Pivoda posted Jan 04, 2022 04:37 AM
hi,

i get url_response Result: 401 The requested resource requires user authentication when i try to monitor CA Service Desk Manager welcome page.
the welcome page doesnt require any authentication, it just displays the login formular.
why is it and is there any way to monitor the Service Desk Manager welcome page with url_response?
it's UIM 20.4 and url_response 4.50.
thank you,
Stefan
David Michel's profile image
Broadcom Employee David Michel
test it with the login info added. 
Can url_response do an automated login to a website
Article Id: 73221
https://knowledge.broadcom.com/external/article?articleId=73221
Andrew Cooper's profile image
Andrew Cooper
Stefan

We have the same problem as we do not/cannot put userid and password into the url response (the storage of this information by UIM does not meet our security requirements.

What is happening is that any page on ITSM is a protected route and so if on any page you do not present a valid auth token you are redirected to the login page and this then does a 401 responce to do kerberos/ntlm authentication (SSO) and if the client responds correctly then you are redirected to the requested page, in this case the default user landing page.  Now url_responce does not respond to the 401 and so you are left with this apparent error.

Either you provide a userid/password responce as @David Michel suggests or you move to net_response to check TCP connectivity.

Regards, Andrew​​
Stefan Pivoda's profile image
Broadcom Employee Stefan Pivoda
Hi @David Michel, @Andrew Cooper,

here is how i try it with basic authentication, but getting 401 error message. 
i tried it with 2 different user account that works correctly, if i login directly. however these users get 401 in url_reponse​​.
what do i do wrong, please?
thank you, stefan

David Michel's profile image
Broadcom Employee David Michel
Maybe it is something to do with the page being an exe.
Stefan Pivoda's profile image
Broadcom Employee Stefan Pivoda
@David Michel even if i try to monitor/test only the subdomain name + domain name of ITSM ( = without the path (where the exe is defined), so e.g. https://ourservicedesk.com, i get this error message (401).
is here please anybody​ who can confirm that ITSM monitoring with url_response work for him/her (so that i know whether it's general issue or only in our configuration).
thank you, stefan
Marius Nitu's profile image
Marius Nitu
Hello,

Is SSO enabled? Tried to test but I don't have a SD account. You can also try monitoring the http://server:8080/CAisd/pdmweb.exe . Also you can try iis probe.

Marius
Stefan Pivoda's profile image
Broadcom Employee Stefan Pivoda
hi @Marius Nitu

yes, http://server:8080/CAisd/pdmweb.exe is working.
but we should monitor the SSL cerfiticate of the SD , therefore we have to use https://server/CAisd/pdmweb.exe.

can you please tell me how it is possible that http://server:8080/CAisd/pdmweb.exe is working correctly with url_probe and https://server/CAisd/pdmweb.exe is not? maybe after that we can figure out how to find a workaround to monitor https with the SSL certificate as well.

thank you, stefan
Marius Nitu's profile image
Marius Nitu
The 8080 port is on a Tomcat server also used by CA SDM, that does not require Windows authentication.
The error you receive is given by IIS which asks for authentication details. You should try Authentication Type NTLM or Windows NT authentication.

I can't test it because I don't have the required credentials on the server we are using.
Stefan Pivoda's profile image
Broadcom Employee Stefan Pivoda
@Marius Nitu
but https://servicedesk.com:8445/mobiledemo/login.html works correctly = without the 401 error.
so only https://servicdesk.com:8443/CAisd/pdmweb.exe ist part of some configuration that requires authentication?
fYI: we dont use windows accounts for login, so cant test it with NTLM or Windows NT authentication (if i understood correctly how the authentication works).
thank you, stefan


Marius Nitu's profile image
Marius Nitu
Hello,

CA SDM can be configured with two web servers on Windows (by default they are both active at the same time), Tomcat and IIS.

I can see no port in the picture you provided so I assumed you are using the IIS server, which is typically configured with 443 port.
To authenticate to the IIS server you need the Windows NT authentication option or Authentication Type NTLM. This may be true even if CA SDM is not integrated with LDAP.

Ports 8080, 8443 and 8445 are typically used by the Tomcat server and I think is the only installation option for CA SDM on Linux.

So my advice is to find out which web server you access with the URL you are trying to monitor: IIS or Tomcat. If it is IIS then you probably need Windows NT authentication option or Authentication Type NTLM. If it is Tomcat, try the other authentication options. If that doesn't work, look into the probe and the web servers logs. And if that doesn't work, you might find some clues in these links:

https://quick-adviser.com/how-do-i-fix-unauthorized-401-error/
https://airbrake.io/blog/http-errors/401-unauthorized-error

Marius
Stefan Pivoda's profile image
Broadcom Employee Stefan Pivoda
thank you @Marius Nitu ​for the useful description/advice!