Upgrade to 4.2 - Configure Sign-In Options - No longer have access to Manager

Permanently deleted user

3. Oktober 2014 22:02

I am attempting to upgrade to Geocortex Essentials 4.2 (alreay installed but now can not log in)

Windows Server 2008 R2

I have an Administrators group that I am assigned to

in the Post Installation Configuration I have selected Windows and ghe group is BUILTIN\Administrators

When I finish it modifies the security.xml file

When I attempt to log into Manager it gives an error that I do not have permission to log into the application

Is there some other setting or something that I am missing? I can no longer get into Manager until I get this sorted out.

0

• 

  Permanently deleted user

  4. Oktober 2014 00:24

  Hi John,

  I ran into this problem, too.  What I found was I had to go into IIS Manager and change the Windows Authentication for the RestManager application so the Enabled Providers order has "NTLM" listed first rather than "Negotiate" being first.  After that I could log in.

  I've encountered several security configuration issues with sites that I upgraded from 4.1 to 4.2.  I'm in the process of working through those, but that's a topic for another post. 

  Steve

  0
• 

  Permanently deleted user

  4. Oktober 2014 01:07

  Hi Guys,

  This is an issue we're aware of and will address within the post installer.

  At the 4.2 release, we changed the way that authentication happens for Essentials Manager.  This change lets us use an ArcGIS Online user to get into manager, and we also switched to using single sign-on to get your Windows identity.

  Prior to the 4.1 release, the Essentials and Essentials Manager applications were configured to run as local users, Essentials  and EssentialsAdmin .  After that, we switched from using local users to a built-in AppPoolIdentity user.

  An application that runs as a local user may not be able to authenticate a user with integrated Windows authentication.  So, for fresh installs of 4.2, we don't see any problems, but for upgrades on servers that were running Essentials 4.0 or earler, the application pools will still be running as the local "Essentials" and "EssentialsAdmin" users and we will see a login prompt pop up three times, then fail to allow us to get into Manager.

  To resolve this issue, we need to reconfigure the application pools to run as the special ApplicationPoolIdentity user.  This can be done from IIS manager.  Navigate to Application Pools, then select the EssentialsAppPool4 application pool and click Advanced Settings.  Click the ellipsis beside the Identity box, and then choose ApplicationPoolIdentity from the Built-in Account dropdown.

  Once the identity has been reset, re-run the post installer to have the permissions reset for Essentials.

  You should now be able to log in to Manager without issue.

  Future releases of Essentials will issue a warning in the post installer if we detect an older configuration, and we'll be posting the above text as a KB article to help with upgrades.

  Regards,

  -Malcolm

  0
• 

  Permanently deleted user

  4. Oktober 2014 01:45

  I am using IIS7. I followed Malcolm's suggestion. That alone did not solve the problem. I did not roll back those changes, but then in IIS Manager I went into RestManager (Sites>Default Web Site>Geocortex>Essentials>RestManager), went to IIS Authentication,  and all of the the entries Status' were set to Disabled. I set Anonymous Authentication to Enabled and now I can log into manager. All other authentications, including Windows Authentication, are set to Disabled. I am not sure if this will cause problems down the road, but it works for now. Anything to be aware of here? I would prefer to avoid any surprises.

  0
• 

  Permanently deleted user

  4. Oktober 2014 06:04

  This is very stressful. Again in trouble due to the upgrade to 4.2.

  Why the Geocortex asks for http://myserver credentials?

  What are these?

  0
• 

  Permanently deleted user

  4. Oktober 2014 06:33

  Hi John,

  You should also have Windows authentication enabled - we'll work without it, but if it's available then we can sign you in automatically.

  Jamal: The login prompt requesting your credentials are meant to behave the same way that versions prior to 4.2 work.  In the post install, you will now choose an appropriate group - the default is BUILTIN\Administrators .  

  If you're seeing an unexpected prompt, then check that the Hosts in the post install have a hostname that will work for single sign-on.  You can check these hosts by clicking the Hosts... button beside the Default Web Site in the REST application panel in the post install.

  Regards,

  -Malcolm

  0
• 

  Permanently deleted user

  5. Oktober 2014 23:10

  Many thanks Malcolm for the very useful input.

  Before the upgrade to 4.2, the our Geocortex application is used to work fine with the settings below

  /customer/servlet/servlet.FileDownload?file=00P6000000elzt2EAA

   

  /customer/servlet/servlet.FileDownload?file=00P6000000elu9kEAA

   

  Now with the new settings, it still shows the error below

  /customer/servlet/servlet.FileDownload?file=00P6000000em15VEAQ

   

  /customer/servlet/servlet.FileDownload?file=00P6000000eltgsEAA

  What might be the issue here?

  0
• 

  Permanently deleted user

  6. Oktober 2014 20:43

  Hi

  Is there any documentation to assist these with problems?

  I've followed the advice given on this page but am still getting a https://myserver/Geocortex/Essentials/4.2.0/RestManager/security/callback/windows/s9S6ETzWPUWUcxw31smsQQAAgGuKfxK3i0OahUjzrt6tGQAAQWuNJX2DWsX9YjO6Wgnuk2CP9CtPbT4-/   reroute when I open Manager.

   

  Should i be changeing something in the "Security.xml" fround here: C:\Program Files (x86)\Latitude Geographics\Geocortex Essentials\4.2.0\REST Elements\Sites\?

   

  This seems to be an avoidable yet massive problem, and I can't quite understand when these changes had to be implemented. I just gratefull that i installed a new instance of GC and didn't try a quick upgrade.

   

  Regards

  James

  0
• 

  Permanently deleted user

  7. Oktober 2014 04:27

  Hi James,

  It works fine now with me after adding the local and real IP address in the hosts (in addition to the settings advised by Malcolm)

   

  /customer/servlet/servlet.FileDownload?file=00P6000000em1BiEAI

  0
• 

  Chris Roberts

  7. Oktober 2014 05:10

  Hi All

  We are having the same problems.  I can log in to the manager if I remote into the Server that GXE is hosted on, but if I try logging in on my local machine it doesnt accept my credentials.  I have tried the suffestions above but these have not worked for me.

   

  Chris

  0
• 

  Chris Roberts

  7. Oktober 2014 05:27

  Actually scratch that.  Cleared the cache on my browser and all works now!

   

  Cheers Guys

  0
• 

  Permanently deleted user

  7. Oktober 2014 15:32

  Hei

  Thanks Jamal, that helped and I can logg on as before!

  James

  0
• 

  Permanently deleted user

  21. Oktober 2014 21:08

  Hi All,

  I've also recently upgraded our test environment to 4.2.1 and have been experiencing the same issue of being locked out of Manager. I've implemented all of the suggestions provided; changing the ApplicationPoolIdentity and adding the real and local IP to the web site hosts but I am still unable to log into Manager from any machine other than the server itself.

  I've followed the KB article posted here: http://support.geocortex.com/single-sign-on-with-essentials-manager-and-viewers with no success.

  Can anyone suggest something that I am missing?

  Thanks,

  Warren

   

  0

Bitte melden Sie sich an, um einen Kommentar zu hinterlassen.