The user on a Windows Workbench workstation cannot connect to the agent service. The Workbench error message is “Unable to authenticate user for agent …”

The corresponding messages in the Agent log file (found in the $CA_SCM_HOME/log folder) are 

<date> | <time> | Connection established. Connection count: 1. 
<date> | <time> | LVL1: in ConnectionMsgThreadMain 
<date> | <time> | LVL1: CPtHAgntC::LogIn failed. szSenderURL is </pt_HClient://<client host and pid> 
<date> | <time> | LVL1:cbLogIn | Usr<userid> InitDir<> |-165 
<date> | <time> | LVL1: ConnectionMsgThreadMain message is FCloseCon_MT 
<date> | <time> | Process /pt_HClient://<client host and pid> has closed the connection. Connection count: 0. 

Harvest Software Change Manager v12.5 and later
Workbench on a Windows operating system, Agent on a Linux/Unix operating system

In the situation where this problem was reported, it was found that the Unix server hosting the SCM Agent had implemented an extra authentication step using an application called pingID. When logging into that server with putty, the user would provide his userid and password. The system would then send an authentication code to the user’s cell phone which he must type in to gain access to the system. 

The SCM agent in multi-user mode was designed to authenticate users in the traditional way using operating system routines to authenticate with just userid and password. It is not designed to request and provide an additional pingID session code. 

 

The options to explore to mitigate this type of issue are:

1. You can check with his Unix administrator to see if pingID can be disabled on this Unix server. 
2. If pingID cannot be disabled, the second option is to use the SCM Agent in single-user mode. All users would then connect to this agent using the same userid and password. 
3. If the Harvest users and management do not approve using the single-user agent, the third option is to work with the Unix administrator to implement PAM (Pluggable Authentication Module) on this machine and configure the agntd process so that it can bypass pingID and only require userid and password for authentication. 
   
    

This article explains about authentication modes: Agent Authentication Modes Explained