You are viewing limited content. For full access, please sign in.

Question

Question

Unable to locate server server_name on the network

Web Client
Updated August 1, 2019
asked on July 26, 2019 Show version history

I'm going to start transitioning employees from the Windows client to the web client, but I want to ensure it's easy and secure to log in. I am on version 10.3.1. On the configuration page, I can connect to the repository server, but only if SSL is not enabled. Once I enable SSL, I get the warning: "Unable to locate server server_name on the network". I have installed our wildcard SSL on both the servers:

a) the server running Web Client and Forms

b) the repository server

The same certificate is used for our internal and public Forms servers and  LFDS without issues.

I've checked the SSL/TLS installation guide, but the only documentation about the connection between a repository server and Web Access server just says to enable the checkbox.

The picture below shows that there is no error when SSL is disabled, and the error when SSL is enabled.

 

Here are the errors from the event log:

Log Name:      Laserfiche-WebClient-Server/Operational
Source:        Laserfiche-WebClient-Server
Date:          7/26/2019 1:26:01 PM
Event ID:      1
Task Category: AdministrativeMessage
Level:         Information
Keywords:      Session0,Session1,Session2,Session3
User:          IIS APPPOOL\WebAccessAppPool
Computer:      
Description:
Access denied. [9013]
Operation: /laserfiche/configuration/ConfigurationPageService.ashx/ValidateRepository
  Message: Exception encountered, stack trace:
  Laserfiche.WebAccess.Common.ConnectionManager.GetLFServer
  WebAccessServices.HttpHandlers.ConfigurationPageService.ValidateRepository
  System.RuntimeMethodHandle.InvokeMethod
  System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal
Exception details:
  Message: Access denied. [9013]
  Stack trace:    at Laserfiche.RepositoryAccess.ProtocolUtil.ConnectToWmiScope(String serverName)
   at Laserfiche.RepositoryAccess.Server.ConnectScope()
   at Laserfiche.RepositoryAccess.Server.RefreshViaWmi()
   at Laserfiche.RepositoryAccess.Server.Refresh()
   at Laserfiche.WebAccess.Common.ConnectionManager.GetLFServer(String serverName, Boolean useSSL)

  Session: t4c1dlbt

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Laserfiche-WebClient-Server" Guid="{E1931BBE-B561-55CE-776E-86D128B8CD81}" />
    <EventID>1</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>65533</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000f00000000000</Keywords>
    <TimeCreated SystemTime="2019-07-26T17:26:01.024209400Z" />
    <EventRecordID>873</EventRecordID>
    <Correlation />
    <Execution ProcessID="928" ThreadID="6368" />
    <Channel>Laserfiche-WebClient-Server/Operational</Channel>
    <Computer>SPR-SRVR-LF3.springwater.ca</Computer>
    <Security UserID="S-1-5-82-90942142-69841976-3763844167-1815131087-745571325" />
  </System>
  <EventData>
    <Data Name="message">Access denied. [9013]
Operation: /laserfiche/configuration/ConfigurationPageService.ashx/ValidateRepository
  Message: Exception encountered, stack trace:
  Laserfiche.WebAccess.Common.ConnectionManager.GetLFServer
  WebAccessServices.HttpHandlers.ConfigurationPageService.ValidateRepository
  System.RuntimeMethodHandle.InvokeMethod
  System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal
Exception details:
  Message: Access denied. [9013]
  Stack trace:    at Laserfiche.RepositoryAccess.ProtocolUtil.ConnectToWmiScope(String serverName)
   at Laserfiche.RepositoryAccess.Server.ConnectScope()
   at Laserfiche.RepositoryAccess.Server.RefreshViaWmi()
   at Laserfiche.RepositoryAccess.Server.Refresh()
   at Laserfiche.WebAccess.Common.ConnectionManager.GetLFServer(String serverName, Boolean useSSL)

  Session: t4c1dlbt
</Data>
  </EventData>
</Event>

 

Log Name:      Laserfiche-WebClient-Server/Operational
Source:        Laserfiche-WebClient-Server
Date:          7/26/2019 1:26:01 PM
Event ID:      1
Task Category: AdministrativeMessage
Level:         Information
Keywords:      Session0,Session1,Session2,Session3
User:          IIS APPPOOL\WebAccessAppPool
Computer:      XXXXXXXXXXXXXXXXX
Description:
Internal TLS/SSL error.
Operation: /laserfiche/configuration/ConfigurationPageService.ashx/ValidateRepository
  Message: Exception encountered, stack trace:
  Laserfiche.WebAccess.Common.ConnectionManager.GetLFServer
  WebAccessServices.HttpHandlers.ConfigurationPageService.ValidateRepository
  System.RuntimeMethodHandle.InvokeMethod
  System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal
Exception details:
  Message: Internal TLS/SSL error.
  Stack trace:    at Laserfiche.HttpClient.HttpException.TestSSLStatus(Int32 dwSecureStatus)
   at Laserfiche.HttpClient.HttpRequest.DoSendRequest()
   at Laserfiche.HttpClient.HttpRequest.SendRequestWithCredentials(Boolean useKerberos, Boolean negotiateAuth)
   at Laserfiche.HttpClient.HttpRequest.SendRequest()
   at Laserfiche.RepositoryAccess.Server.RefreshViaHttp()
   at Laserfiche.WebAccess.Common.ConnectionManager.GetLFServer(String serverName, Boolean useSSL)
  Message: One or more errors were found in the X.509 certificate sent by the server for TLS/SSL.
  Stack trace: 

  Session: t4c1dlbt

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Laserfiche-WebClient-Server" Guid="{E1931BBE-B561-55CE-776E-86D128B8CD81}" />
    <EventID>1</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>65533</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000f00000000000</Keywords>
    <TimeCreated SystemTime="2019-07-26T17:26:01.008583400Z" />
    <EventRecordID>872</EventRecordID>
    <Correlation />
    <Execution ProcessID="928" ThreadID="6368" />
    <Channel>Laserfiche-WebClient-Server/Operational</Channel>
    <Computer>XXXXXXXXXXXXXX</Computer>
    <Security UserID="S-1-5-82-90942142-69841976-3763844167-1815131087-745571325" />
  </System>
  <EventData>
    <Data Name="message">Internal TLS/SSL error.
Operation: /laserfiche/configuration/ConfigurationPageService.ashx/ValidateRepository
  Message: Exception encountered, stack trace:
  Laserfiche.WebAccess.Common.ConnectionManager.GetLFServer
  WebAccessServices.HttpHandlers.ConfigurationPageService.ValidateRepository
  System.RuntimeMethodHandle.InvokeMethod
  System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal
Exception details:
  Message: Internal TLS/SSL error.
  Stack trace:    at Laserfiche.HttpClient.HttpException.TestSSLStatus(Int32 dwSecureStatus)
   at Laserfiche.HttpClient.HttpRequest.DoSendRequest()
   at Laserfiche.HttpClient.HttpRequest.SendRequestWithCredentials(Boolean useKerberos, Boolean negotiateAuth)
   at Laserfiche.HttpClient.HttpRequest.SendRequest()
   at Laserfiche.RepositoryAccess.Server.RefreshViaHttp()
   at Laserfiche.WebAccess.Common.ConnectionManager.GetLFServer(String serverName, Boolean useSSL)
  Message: One or more errors were found in the X.509 certificate sent by the server for TLS/SSL.
  Stack trace: 

  Session: t4c1dlbt
</Data>
  </EventData>
</Event>

 

0 0

Answer

SELECTED ANSWER
replied on July 29, 2019

HI Michael,

Assuming your servers have the correct protocols enabled for TLS and SSL, is port 443 open on the firewalls and can you connect via SSL on the repository server? Is LF Client installed on the repository server and can that connect using SSL?

Did SSL ever work? If this is a pre-prod sever, can you install IIS on the Repository server to confirm the correct certificate has been installed, is working and is bound to 443?

-Ben

1 0
View 2 previous replies
replied on July 29, 2019

Hi Ben,

It appears I cannot connect to the repository from the thick client via SSL. It does work without SSL, of course.

SSL was never configured in the past on this server so I must be missing something in terms of config, but I can't find what I'm missing.

I installed IIS and found the certificate in the Server Certificates feature. I've bound it to the Default Web Site on port 443, but no change. It is a wildcard certificate, not self-signed. I've run the netsh command and added port 443 in the registry.

0 0
replied on July 29, 2019

Two questions:

  1. Are you using the FQDN for the LFS address? Using the plain hostname will still cause a certificate validation failure as it does not match the wildcard cert.
  2. Are you running the LFS service as a user other than the LOCAL SYSTEM identity? You may also need to set a urlacl with netsh to give the LFS identity the rights to listen on port 443. Setting the LFS SSLPort registry key doesn't automatically provide those, as they're a Windows configuration.

 

Also, check the Laserfiche Server's event log (and the Windows\Application log). The ones you've provided are only from Web Client and I suspect the issue is on the LFS side.

1 0
replied on July 30, 2019

1. I'm using the FQDN: [servername].[domain].com

2. The service is run as LOCAL SYSTEM:

I tried setting the urlacl with the following command:

netsh http add urlacl url=https://server.domain.com:443/laserfiche user=domain\admin_account listen=yes

No luck there unfortunately.

There aren't any events in the Application and Service Logs > Laserfiche > ContentRepository > Service logs in the past few days, and even beyond that there doesn't seem to be anything relevant to this issue. In the Windows > Application logs, all I can see are audit successes, even when trying to attach the repository via SSL (and it fails).

0 0
replied on July 31, 2019

I tried again to bind the SSL to the Default Web Site in IIS and this time it worked. Since it was a fresh install of IIS, it must have been missing some updates. Once the update KB2719033 installed, binding the cert again worked this time and the Laserfiche Web Client now works properly with SSL (as well as the local thick client).

Thank you all for your help!

3 0
replied on August 1, 2019

Good tip, Michael.

0 0

Replies

replied on July 29, 2019

The second error indicates that your certificate can't be validated. Are you typing in the server name as specified in the certificate's "issued to" property?

1 0
replied on July 29, 2019

Hi Miruna

It's a wildcard certificate, so I've been using the FQDN of the server: [servername].[domain].com.

1 0
replied on July 30, 2019
1 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...