Check for unauthenticated PI API connections

Previous versions of the Data Archive server allowed unauthenticated PI API applications to connect to the Data Archive server with world access. In previous versions of the Data Archive server, you could explicitly close this security hole by using the DefaultUserAccess tuning parameter. PI Server 3.4.380 completely closes this security hole, and thus the DefaultUserAccess parameter no longer exists. Applications that do not successfully authenticate cannot be given any access on the Data Archive server.

In most cases, the closing of this security hole should not cause you a problem. Since world access is usually read-only, your PI interfaces are unlikely to be relying on this access. However, if you have custom PI API applications, you might find that they were not configured properly and now no longer have access. You must configure valid PI trusts for those applications.

To identify PI API applications that are not connecting properly, check the Data Archive message log. Look for the following types of messages:

• Message ID = 7054, which contains text "No trust established for: <identifyingString>. Explicit login is required for access "

• Message ID = 7140, which contains text "Timeout expired for unauthenticated PI API Connection"

You can filter these unique message IDs in the PI SMT Message Logs tool.