You are viewing limited content. For full access, please sign in.

Question

Question

Workflow not connecting to SSL enabled Forms server

Workflow Forms
Updated March 22, 2023
asked on October 23, 2020

Hi,

I have deployed both Forms and Workflow in an AWS instance. We wanted the clients to connect to the forms using the domain name with SSL. The domain name is bound to the IP of the AWS server. So in our IIS bindings for default site we have setup the bindings as follows,

 

Now the Forms can be accessed in the browsers using https://*.dialog.lk/forms and workflow can be accessed in the browser as https://*.dialog.lk/Workflow as well. 

In the Forms configuration I have enabled "Use SSL" option under primary forms server URL. And I have made a successful connection in the Forms configuration for workflow server using SSL. 

But in the Workflow configuration manager I am unable to make a successful connection using https. Instead it connects using the FQDN of the machine using http.

 

And also when I try to configure a workflow web service from the workflow admin console I am getting the following error message.

I want both Forms and workflow to work with SSL. What am I missing? Can someone please guide me?

Thank you! 

0 0

Replies

replied on October 25, 2020 Show version history

On the Forms server Laserfiche tab, have you configured the Workflow Server? Can you check whether you can get the API help page on the Workflow server machine when you access https://{FormsServer}/forms/api/help directly from browser? If this page is accessible, that means Forms is correctly configured.

0 0
View 10 previous replies
replied on October 25, 2020 Show version history

Hi,

Yes I have made a successful connection from Forms configuration page to workflow server using SSL.

When I try to access the https://{FormsServer}/forms/api/help page I am getting a browser prompt to enter the windows credentials. When I enter the right credentials the browser displays the following

 

0 0
replied on October 26, 2020

First, you should not be prompted to provide the windows credential when access https://{FormsServer}/Forms/api/help ((replace "{FormsServer}" with the Forms server  machine's FQDN) as Forms website should not have "Windows Authentication" enabled, you can check the Authentication from IIS Manager->Sites->Default Web Site->Forms->Authentication:

 

Second, for the "Secure Connection Failed" issue, you can check whether you can access https://{FormsServer}/forms (replace "{FormsServer}" with the Forms server  machine's FQDN) from the Workflow Server machine first? If not, you need to fix this first before configure the Workflow web service.

0 0
replied on October 26, 2020

Ok I disabled windows authentication on IIS for forms and now I see this page.

 

Both my Forms and Workflow are running from the same machine. But instead of using FQDN they both can be accessed with our domain name which is *.dialog.lk in the browser.

0 0
replied on October 26, 2020 Show version history

You should use your domain name to access if the certificate of HTTPS also use domain name. Have you configured the Workflow Server on the Laserfiche tab of Forms? If yes, you can uncheck "use SSL connection" under Primary Forms Server URL and then check it on Forms Server tab to enable the save button and save the settings again, then test access the API from the browser. If you still get error, check the detail error in event log.

0 0
replied on October 26, 2020

Yes our SSL certificate is issued to the domain name. I have configured the workflow server connection in the Forms configuration page with SSL enabled. I restarted all services but I still get the request error. Also on the event viewer I see "Service unavailable because the Workflow Server is not configured in Laserfiche Forms. Please configure the Workflow Server in the Laserfiche section of the Forms Configuration page. [LFF5206-WFAPIAccessDenied]"

 

But I have added the workflow server in Laserfiche Forms configuration page I got a successful message as well. 

 

What am I missing? 

0 0
replied on October 26, 2020

You have refreshed the page to make sure the Workflow Server is saved correctly? If you have make sure the Workflow Server on Forms is correctly configured but you still get error message when access the API, you can open a support case and provide the screenshot of the Laserfiche tab and access the API page and provide additional information of your network if there is anything special for the network setup. 

Forms compares whether the IP address of the configured Workflow Server matches the IP address of the incoming request to access the API to determine whether you can open the API page. Some special configuration for network may affect the comparison.

1 0
replied on October 26, 2020

Hey I was able to solve this issue by editing the host file of my server. I pointed the server's IP to our domain name and now everything is working fine :-)

 

Thank you so much for your help!

1 0
replied on December 10, 2020 Show version history

What is the "address of the incoming request"? I too am using the hosts file to work around this by guessing addresses until I get the right one, however IT keeps changing it back, because they don't want us to use that address. So what's the deal? I didn't choose the address of any incoming request.

0 0
replied on December 22, 2020

@████████

The address of the incoming request means the value of the host header field in the HTTP/HTTPS request. You can check the IIS logs under C:\inetpub\logs\LogFiles\W3SVC1 and search for keyword such as "Forms/api/BusinessProcess" to search for the requests Workflow call Forms when execute workflow service task. Also please update support case 213406 with the information we requested and we would like to figure out the root cause of your issue. 

0 0
replied on December 22, 2020

I am waiting on the network map, but not sure what other devices on the network have to do with the address of a specific station. I was hoping to access the configuration which sets the address of the incoming request since a station can have more than one address (like this server).

I already know what the address is, I need to know WHERE it is so that I can change it.

0 0
replied on January 21, 2021 Show version history

On the Forms server, there is no configuration that can control the address the incoming request, what we can investigate is when getting the IP address based on the workflow server name configured on Forms configuration site using the system API such as "GetHostAddresses("workflow server name") why it can't get the same IP address as the incoming request.

0 0
replied on January 21, 2021

This is because Getting a Host Address uses a Domain Name Resolution Server. They have their DNS server configured to return a different address for the server, the server has 3 addresses.

That is why I can fix it by editing the hosts file, overriding their DNS server.

The problem is they have been removing my host file entry because they do not want incoming traffic using that NIC.

Since I am forced to use only 1 of the 3 IPs, that means I must use the NIC they do not want me to use.

0 0
replied on March 22, 2023

this is helpful, thanks!

 

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...