Issue:
Help on troubleshooting connectivity issues from the Autodesk Vault client, to the Vault Server through a VPN (Virtual Private Network). What to check when it is impossible to access Vault server only using VPN connection? How to resolve issue in attempting to access Vault Server through VPN using Windows Authentication?
Causes:
To a Vault account, when logging in to a Vault Server, it will appear that the software only needs to connect to one server. However, some capabilities of Vault require the client to connect to other servers. For example:
- AVFS (Autodesk Vault File Server),
- Licensing,
- Windows Authentication.
This communication is hidden from a user.
Vault Server
All Vault clients must connect to the ADMS (Autodesk Data Management Server) machine.
AVFS (Autodesk Vault File Server)
If connecting to an AVFS, the Vault Client software must be capable of connecting to both the ADMS and AVFS machines. (AVFS is a feature of Vault Professional only)
Licensing
Single-User licensing, requires that Vault clients connect to Autodesk servers to validate if the user's Autodesk ID account is entitled to use the software once per month. (this includes Vault Basic clients)
Multi-user licensing requires the Vault Client to connect to the Network licensing server, every time the Vault Server software is run and reconnects every 30 minutes to check if the software usage is active.
Windows Authentication (only supported with Vault Professional)
Vault Supports multiple authentication technologies. If "Windows Account" is used, the Vault client will need to authenticate with an Active Directory server.
If basic network connectivity is not working to any of the servers, it will not be possible to sign in to the Vault Server. How do I check basic network connectivity between a Vault Client and Vault Server?
If a firewall is blocking the ports needed to connect to the server for the protocols being used (HTTP or HTTPS, FlexLM, LDAP) it will not be possible to sign in to the Vault Server.
If unable to resolve the issue with VPN, consider using Vault Gateway to connect to the Vault Server.
Solution:
Basic checks
Connections to the Vault Server fall into two categories;
First, try connecting the Vault client to the Vault Server while they are connected to the same LAN (Local Area Network) when both machines are inside the firewall.
Next, try connecting the Vault client to the Vault Server after moving the Vault client outside the firewall.
If the only thing that has changed is that the Vault client computer has been moved outside the firewall, it means that either:
- The VPN Router and\or firewall is not configured to allow Vault, licensing or Windows Authentication traffic to pass through.
- There are issues with the DNS settings on the VPN router.
Note: To resolve these issues, contact the VPN Router\Internal IT\Network administrator. Autodesk cannot solve or troubleshoot problems with the network. Their operation lies outside Autodesks control. The following articles will help:
Useful troubleshooting tools (to be run from the Vault Client)
- Tracert. This command line tool can identify the route network traffic takes between the client and the server.
- TCPView. This is a UI tool that can help identify which ports a process is using, which can then be opened on the firewall \router.
- Fiddler. This tool can be used to track HTTP/HTTPS traffic and any messages that may occur. If any 4xx or 5xx messages are reported in Fiddler, review the W3SVC log files on the Vault server to see if those calls are making it through to the server. If the calls are not making it through, this would be considered irrefutable evidence that factors outside Autodesk Software's control are blocking the calls.
A word on Proxy Servers
If the internet options are configured to use a Proxy Server, an HTTP\HTTPS tracing tool such as Wireshark or Fiddler can show connections for the Vault client being sent to the Proxy Server. This will need to be considered when configuring the network.
If clients inside the firewall are also having trouble connecting to the Vault Server, this article will help diagnose the issue.
Products:
Vault Products;
