In this post I have discussed the challenges that you may face in configuring the Pass-Through Authentication in a practical environment.

Access Requirements:

1. Direct access to the Domain Controller.

2. Direct access to the ServiceDesk Plus server.

Procedure:

1. Open ServiceDesk Plus in a browser and go to Admin > Discovery > Windows Domain Scan. Check the entries that are available for your domain. ServiceDesk Plus tends to fetch both the Fully qualified domain name (FQDN) and the pre-windows 2000 format name (NetBios name) of your domain, however the domain controller details would be updated only for one of the entries. In this document, I have used our test domain environment 'SDPEXCHANGE' to explain the scenario.



2. In order for the Pass-Through Authentication to work, we have to use only the pre-windows 2000 format of your domain name i.e NETBIOS Name of the Domain. To identify the domain entry which is tied with the user accounts, check the requester list view (Admin > Users > Requester)

To check the pre-windows 2000 format (NetBios) name of you domain, go to Administrative Tools > Active Directory Users and Computers > Right Click on your domain > Properties.

3. In this case SDPEXCHANGE.COM (FQDN Entry) is tied with the user accounts, thus we have to edit this entry in the domain list and update the NetBios name instead of the FQDN. To achieve this, rename 'SDPEXCHANGE' as 'SDPEXCHANGE_OLD' (fig 1) and then update 'SDPEXCHANGE.COM' as 'SDPEXCHANGE' (fig 2)

4. Once the domain name is updated, the requester list will reflect the updated domain name.



5. Now go to Admin > Users > Active Directory > Import the users once again from  Active Directory.



6. Enable the Pass-Through Authentication, choose the domain 'SDPEXCHANGE'



7. Computer Account: Pass-Through authentication requires a dedicated computer account to establish a secured channel with the Domain Controller, thus you have to provide a unique computer name which does not exist in you domain as a user or a computer account and it has to be within 13 characters. I have used the name 'PassThru' and a password that complies with the complexity policy.

8. DNS Server IP / Bind String: Go to the ServiceDesk Plus server and open a command prompt, execute the command 'ipconfig /all'. It will provide you the connection details of that machine. Make a note if the Primary DNS Suffix, which has to updated as the Bind String and the DNS Servers, which has to be updated in the DNS Server IP column. If you have more than 1 DNS server, you can update them in the same field separated by commas (eg., 192.168.1.2,192.168.1.253,192.168.1.252).



9. DNS Site: It is the Site under which your Domain Controller (server) is located. To find it, open Active Directory Sites and Services, expand the Sites and check where the Domain Controller is placed. In my case it is 'Chennai'.





10. Update all the information in the configuration wizard and save. In most case, we might receive an error



11. Download the script (Click Here - is a hyperlink) and save it the C:\ of your domain controller and execute the command string as stated in the error message.



12. Now, go back to the Pass-Through Configuration page and save the settings without making any changes.



13. Go to the ServiceDesk Plus server, Stop and Start the application once.

14. Pass-Through uses NT LM v2 for authentication which requires the browser response for the NT LM queries. Therefore you have to add ServiceDesk Plus application URL to the Local Intranet Sites list. In the browser open Internet Options > Security > Local Intranet > Sites > Advanced > Save and Close the browser window.








15. Open a fresh window and launch ServiceDesk Plus, it will Pass-thru..!