You are viewing limited content. For full access, please sign in.

Question

Question

Issues Accessing Federated Search Configuration Page

Administration
Updated September 18, 2018
asked on April 19, 2018

Hello,


I am trying to access the recently installed Federated Search Administration Page to configure it. This Environment is on a domain and I have configured the service account to use the domain account which is also the account I am connected to the VM with.

 

Unfortunately, when trying to open the application it is not allowing me to authenticate somehow the machine is not resolving to the local server perhaps? My user account has full administrative privileges on the environment and this issue is not persistent in other applications such as LFDS which are using the same domain account to run the services.

 

 

Services Running.png
Unable to Login.png
Services Running.png (47.08 KB)
Download
Unable to Login.png (622.79 KB)
Download
0 0

Replies

replied on September 14, 2018 Show version history

Hello Armando,

 

Sorry for the late reply.

 

We believe you've encountered a Microsoft loopback issue as https://inside/eng/helpdesk/printCaseEditor.asp?case=196457 talks about.

 

You can refer to https://support.microsoft.com/en-us/help/896861/you-receive-error-401-1-when-you-browse-a-web-site-that-uses-integrate for solutions, the page talks about the issue on Window server 2003  but it also happens on later os versions as we reproduced it on 2008r2 and win10. Please follow the “Workaround” part on the page and both methods should fix the problem.

 

Thanks,

Shengyao Que

1 0
replied on August 20, 2018

Hello Armando,


Do you ever find out how to resolve this issue?

 

We have a customer who is hitting the same issue are installing this on the LF Server.

 

Appreciate your time,

Jeff Curtis

0 0
replied on August 20, 2018

Nothing at this time I have to create a ticket at this point.

0 0
replied on August 21, 2018

Thanks Armando,

 

I have done the same for our customer.

 

Jeff Curtis

0 0
replied on September 14, 2018

Thank you I fixed the loopback issue but the application is still broken and wont let me update the configuration with the GUI.

 

The Loopback issue is a common problem with Laserfiche applications such as webadmin, audit trail, distributed computing cluster, web accelerator.

 

It will be important to have the loopback registry fix documented well or for Laserfiche to have a built in workaround to this issue.

0 0
replied on September 17, 2018

Thanks for the reply. We are working on the documentation for loopback issue of federated search.

 

For the configuration, did you encountered a new issue or that you still stuck at providing windows authentication? If it's new, what is the symptom?

 

Shengyao Que

0 0
replied on September 17, 2018

Yes here are additional error screens:

 

 

Screen Shot 2018-09-17 at 9.43.49 AM.png
Screen Shot 2018-09-17 at 9.41.55 AM.png
Screen Shot 2018-09-17 at 9.43.49 AM.png (520.67 KB)
Download
Screen Shot 2018-09-17 at 9.41.55 AM.png (305.96 KB)
Download
0 0
replied on September 17, 2018

Hi,

 

For error 1, is salesdemo134.rsalesdemo.net and salesdemo134.rsalesdemo.ca the same machine? What is the certificate you choose for FederatedSearch when install. Is it the same license server you get license from?

For error 2, please check if FederatedSearch Service started.

It would be better if you give us your FederatedSearch configuration files.(including search site web.config and app.config located at C:\Program Files\Laserfiche\FederatedSearch\SearchSite and C:\Program Files\Laserfiche\FederatedSearch\SearchService)

 

Thanks

0 0
replied on September 17, 2018

1. I use the same licensing server I get the license from, just like how you would install any of the other applications on the VM which do work.

2. The service is started and running as the serviceaccount.

 

There is no such app.config in the searchservice folder or web.config only the SearchSite has a file which is web.config. And your support site wont let me upload the file so I am going to just have to copy paste the data:

 

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <configSections>
    <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
    <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
  </configSections>
  <appSettings>
    <add key="WcfConnectionCacheTimeout" value="30" />
  </appSettings>
  <system.web>
    <authentication mode="None" />
    <compilation targetFramework="4.6.1" />
    <httpRuntime targetFramework="4.6.1" enableVersionHeader="false" />
    <pages>
      <namespaces>
        <add namespace="System.Web.Helpers" />
        <add namespace="System.Web.Mvc" />
        <add namespace="System.Web.Mvc.Ajax" />
        <add namespace="System.Web.Mvc.Html" />
        <add namespace="System.Web.Routing" />
        <add namespace="System.Web.WebPages" />
      </namespaces>
    </pages>
    <customErrors mode="On" defaultRedirect="~/Error">
      <error redirect="~/Error/Unauthorized" statusCode="401" />
      <error redirect="~/Error/NotFound" statusCode="404" />
    </customErrors>
  </system.web>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
    <modules runAllManagedModulesForAllRequests="false">
      <remove name="FormsAuthentication" />
      <remove name="WebDAVModule" />
      <remove name="UrlRoutingModule-4.0" />
      <add name="UrlRoutingModule-4.0" type="System.Web.Routing.UrlRoutingModule, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" preCondition="" />
      <add name="SessionAuthenticationModule" type="Laserfiche.IdentityModel.LFDSSessionAuthenticationModule, Laserfiche.IdentityModel" preCondition="managedHandler" />
      <add name="WSFederationAuthenticationModule" type="Laserfiche.IdentityModel.LFWSFederationAuthenticationModule, Laserfiche.IdentityModel" preCondition="managedHandler" />
    </modules>
    <handlers>
      <remove name="WebDAV" />
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
    <httpProtocol> 
      <customHeaders>
        <clear />
        <remove name="X-Powered-By" />
      </customHeaders>
    </httpProtocol>
    <staticContent>
      <remove fileExtension=".woff" />
      <remove fileExtension=".woff2" />
      <mimeMap fileExtension=".woff" mimeType="application/font-woff" />
      <mimeMap fileExtension=".woff2" mimeType="application/font-woff2" />
      <clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="1.00:00:00" />
    </staticContent>
  </system.webServer>
  <system.identityModel>
    <identityConfiguration saveBootstrapContext="true">
      <audienceUris mode="Never" />
      <certificateValidation certificateValidationMode="None" />
      <issuerTokenResolver type="Laserfiche.IdentityModel.LFDSSecurityTokenResolver, Laserfiche.IdentityModel, Culture=neutral" />
      <issuerNameRegistry type="Laserfiche.IdentityModel.LFIssuerNameRegistry, Laserfiche.IdentityModel, Culture=neutral" />
      <caches>
        <sessionSecurityTokenCache type="Laserfiche.IdentityModel.LFDSSessionSecurityTokenCache, Laserfiche.IdentityModel">
          <configuration enableAutoGetToken="true" autoGetTokenTarget="" />
        </sessionSecurityTokenCache>
      </caches>
    </identityConfiguration>
  </system.identityModel>
  <system.identityModel.services>
    <federationConfiguration>
      <cookieHandler requireSsl="true" name="FsAuth" path="/FederatedSearch" />
      <wsFederation persistentCookiesOnPassiveRedirects="true" passiveRedirectEnabled="true" issuer="https://laserfiche-directory-server/LFDSSTS/" realm="https://localhost/FederatedSearch/" reply="https://localhost/FederatedSearch/" homeRealm="urn:laserfiche:lfdsdb:lfds" requireHttps="true" />
      <configuration enableReferenceMode="true" />
    </federationConfiguration>
  </system.identityModel.services>
  <system.serviceModel>
    <bindings>
      <ws2007FederationHttpBinding>
        <binding name="WS2007HttpBinding_IFederatedSearch" maxReceivedMessageSize="65536000">
          <readerQuotas maxArrayLength="10242880" />
          <reliableSession enabled="true" ordered="false" inactivityTimeout="00:20:00" />
          <security mode="TransportWithMessageCredential">
            <message algorithmSuite="Default" establishSecurityContext="true" issuedKeyType="BearerKey" negotiateServiceCredential="false" />
          </security>
        </binding>
      </ws2007FederationHttpBinding>
      <ws2007HttpBinding>
        <binding name="WS2007HttpBinding_ILicenseManager" maxReceivedMessageSize="2147483647">
          <readerQuotas maxStringContentLength="2147483647" maxArrayLength="2147483647" />
          <security mode="Message">
          </security>
        </binding>
        <binding name="WS2007HttpBinding_ILFSecurityTokenService" maxReceivedMessageSize="2147483647">
          <readerQuotas maxStringContentLength="2147483647" maxArrayLength="2147483647" />
          <security mode="Message">
          </security>
        </binding>
      </ws2007HttpBinding>
      <basicHttpsBinding>
        <binding name="basic" maxBufferSize="6553600" maxReceivedMessageSize="6553600" />
      </basicHttpsBinding>
    </bindings>
    <behaviors>
      <endpointBehaviors>
        <behavior name="AltServiceBehavior">
          <clientCredentials>
            <clientCertificate storeLocation="LocalMachine" x509FindType="FindByThumbprint" />
          </clientCredentials>
        </behavior>
      </endpointBehaviors>
    </behaviors>
    <client>
      <endpoint address="https://localhost/FederatedSearchApi/b3406218-db12-4687-8482-218f169955ca/search" binding="ws2007FederationHttpBinding" bindingConfiguration="WS2007HttpBinding_IFederatedSearch" contract="Laserfiche.FederatedSearch.ISearch" name="search" />
      <endpoint address="https://localhost/FederatedSearchApi/b3406218-db12-4687-8482-218f169955ca/health" binding="basicHttpsBinding" bindingConfiguration="basic" contract="Laserfiche.FederatedSearch.Admin.IHealthCheck" name="fsHealth"></endpoint>
      <endpoint address="https://localhost/FederatedSearchApi/b3406218-db12-4687-8482-218f169955ca/admin" binding="basicHttpsBinding" bindingConfiguration="basic" contract="Laserfiche.FederatedSearch.Admin.IFederatedSearchAdmin" name="admin"></endpoint>
      <endpoint address="http://lcoalhost:5048/LicenseManager/service" binding="ws2007HttpBinding" bindingConfiguration="WS2007HttpBinding_ILicenseManager" contract="LicenseManagerService.ILicenseManager" name="LicenseManagerService">
        <identity></identity>
      </endpoint>
      <endpoint address="http://localhost:5048/LicenseManager/service" binding="ws2007HttpBinding" bindingConfiguration="WS2007HttpBinding_ILicenseManager" contract="LicenseManagerService.ILicenseManager2" name="LicenseManagerService2">
        <identity></identity>
      </endpoint>
      <endpoint address="http://localhost:5048/LicenseManager/sts" binding="ws2007HttpBinding" bindingConfiguration="WS2007HttpBinding_ILFSecurityTokenService" contract="LicenseManagerSTS.ILFSecurityTokenService" name="LicenseManagerSTS">
        <identity></identity>
      </endpoint>
    </client>
  </system.serviceModel>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />
        <bindingRedirect oldVersion="0.0.0.0-10.0.0.0" newVersion="10.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-5.2.0.0" newVersion="5.2.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="0.0.0.0-1.6.5135.21930" newVersion="1.6.5135.21930" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Antlr3.Runtime" publicKeyToken="eb42632606e9261f" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-3.5.0.2" newVersion="3.5.0.2" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="LicenseManagerObjects" publicKeyToken="3f98b3eaee6c16a6" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-10.3.0.0" newVersion="10.3.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Net.Http.Formatting" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
</configuration>

 

0 0
replied on September 18, 2018

It seems you did not specify certificate when install FederatedSearch.

One quick way should be uninstall it and install FederatedSearch again. During installation, there will be a step for you to provide a certificate, select the one you want and it should fix the problem.

Another fix you can choose is stop Federated Search Searvice and FederatedSearch Crawler Service, then run the following command as admin:

"C:\Program Files\Laserfiche\FederatedSearch\SearchService\ConfigurationUtility.exe" --SelectedCertHash [YourCertThumbprint]

"YourCertThumbprint" should be the thumbprint of your desired certificate.

 

Thanks

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Attachments
Related Posts
Loading ...