Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

PI DataLink

TABLE OF CONTENTS

PI Data Archive connection issues

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedMar 20, 2025
  • 2 minute read

Recent versions of PI DataLink uses tighter security settings for connecting to Data Archive. The new settings reduce exposure to security weaknesses associated with PI password authentication. For more information, see the AVEVA Tech Support alert, AL00206 - Security Alert: PI Authentication Weakness.

The new security settings can result in errors if PI DataLink uses:

  • PI user names and passwords to connect to Data Archive

  • Default user to connect to Data Archive

Specifically, these settings might generate the following error:

Cannot connect to the PI Data Archive. Windows authentication trial failed because insufficient privilege to access the PI Data Archive. Trust authentication trial failed because insufficient privilege to access the PI Data Archive.

To resolve these errors and similar connection errors, you can:

  • Configure Open Id Connect Mappings for users who connect to PI Data Archive (PI Server 2023 and later).

    AVEVA recommends using Open Id Connect authentication when using PI DataLink with PI Server 2023 and later. To use OIDC authentication, you must create Open ID Connect Role PI Mappings on the PI Server and AF Server.

    You must also enable the OIDC authentication protocol on each computer that runs PI DataLink.

  • Configure PI mappings for users who connect to Data Archive.

    AVEVA recommends using Windows authentication (available in PI Data Archive 3.4.380 and later) when using PI DataLink with PI Server versions prior to PI Server 2023. For information on creating PI mappings, see the PI Server topic Mapping management. To use PI mappings, you must also enable the Windows Security authentication protocol on each computer that runs PI DataLink.

  • Configure PI trusts for users who connect to Data Archive.

    This is the next-best approach. To use PI trusts, you must also enable the PI Trust authentication protocol on each computer that runs PI DataLink.

  • Configure each computer to allow an explicit login prompt when a PI mapping or PI trust is not available.

    AVEVA does not recommend this approach. Explicit logins are not secure. With this approach, you must enter your user name and password the first time you connect to each Data Archive during a particular Microsoft Excel session.

For more information, see the PI Server topic Manage authentication.

Note: Entering an incorrect password at a login prompt can result in the same error message.

TitleResults for “How to create a CRG?”Also Available in