You are viewing limited content. For full access, please sign in.

Question

Question

Configuring Notification Service When Using SSL - What is my local service account name?

Forms
Updated December 7, 2020
asked on December 3, 2020

I am following the configuring notification service when using SSL. It says to replace LOCAL SERVICE with my local service account name?

I don't want to make any mistakes here because the Notification service is super picky.

How do I get my local service account name exactly character for character? I don't even know for sure what it means by this.

I got the hash, which I found is the same as the fingerprint so I could copy it without any typos. I got the random guid from some random website. Now I just need this last string hopefully.

0 0

Replies

replied on December 3, 2020 Show version history

The two commands listed in the documentation do the following (respectively):

  1. netsh http add sslcert [...] - Bind the specified SSL/TLS cert to port 8181 (always required)
  2. netsh http add urlacl [...] - Grant the Notification Hub Service identity permission to listen on HTTPS requests port 8181 (situationally required). 

If you left the Laserfiche Notification Hub Service running as the default Local System account like we've discussed previously, you do not need to run the second command. The prominent Note immediately following within the same documentation step states this clearly.

If you're running the Laserfiche Notification Hub Service as something other than Local System or an Administrator, you put the identity the service is running under in the netsh add urlacl command. E.g. "Local Service" or "domain\myLaserficheADServiceAccount".

0 0
replied on December 7, 2020

Got it, but it does not work. I successfully added the SSL Certificate, I checked the Use SSL Connection box for the Notification Service (Forms has already been changed to use SSL). Then I restarted the Hub and Master service.

Now when I visit my forms page, using SSL, and the correct certificate name, I get this error.

A connection to the notification server could not be made. Notifications and real-time updates have been disabled. [LFF8100-NotificationServerConnectionDown]

I can't get this thing to work with our without SSL. The crazy thing is, I only have one configuration field which is essentially asking for the Machine name because the installer can't pick this up automatically.

There is nothing more I can do to force it to work, I can only enter the 1 machine name, and check or uncheck the use SSL box. That is it, yet I have spent hours messing with this one little config. It is like trying to repair a watch with nothing but a hammer.

0 0
View 1 previous reply
replied on December 7, 2020

You probably have restarted the Forms Routing Service, but I'll ask anyway since you explicitly mentioned the two Notification services but not the Routing Service. The error you posted comes from the Routing Service, which I've noticed seems to cache the failure.

If something is wrong on the Notification Service side, the Routing Service fails to connect with the error you posted. If you then fix the Notification Service config and restart those services, the Routing Service doesn't automatically retry the backend connection and still reports "A connection... could not be made" to clients.

My guess is that the Routing Service initially retries a few times to handle transient connection issues and then stops to avoid continuously sending thousands of bad requests. Restarting the Routing Service forces it to try making a new connection.

Quite a few times I've fixed a Notification Service config, wondered why it still wasn't working for clients, and realized I hadn't restarted the Routing Service afterward as well. If there weren't any errors in the LFNotification event log, that was usually the culprit.

0 0
replied on December 7, 2020

Ok, I had just restarted the Hub and Master service. Now I restarted the Routing Service, same error though.

Here is my config

  <appSettings>
    <add key="Id" value="localhost8181" />
    <add key="HubAddress" value="https://LAPTOP-HBSSS28P:8181" />
  </appSettings>

There is no other config changes I can try

 

0 0
replied on December 7, 2020 Show version history

Can you post the output of the following command from Cmd or PowerShell?

netsh http show sslcert

Are there any recent events in the LFNotification log besides "Service started successfully"? Also check the Windows->Application log; sometimes lower-level networking/TLS errors get reported there instead of in the Laserfiche-specific log channel.

Can you also post a screenshot showing both Notification Services running as Local System?

There are only a few configuration levers here but they all have to line up perfectly. One of them must be slightly off.

1 0
replied on December 7, 2020

Oh forgot about the other log, I was in Forms > Operational. There was an error in here saying it did not trust the SSL certificate. I double checked and the binding was using the wrong cert hash and I had to update the binding.

Now the service is connecting and I am going to try to reproduce this on the live environment.

1 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...