Portal error

Vignesh_Sridhar

Hi,

 

I have installed the Cireson Portal and when I try to open it in the browser, I am getting the error "401: unauthorized Access is denied due to invalid credentials"

 

I am following the instruction from Cireson Knowledge base and following this link (https://community.cireson.com/discussion/680/walk-through-portal-deployment-example-part-2)

 

Is there any step I am missing out. As per the link provided, It says that Group mapping only needs to be done after the portal licensing.

 

Please help out.

Joe_Burrows

Hi Vignesh

Can you confirm that the app-pool account is a local admin or has read\write access so it can access C:\inetpub\ciresonportal ?

Also is the user you are trying to open the portal with a member of a SCSM role such as administrator or end user?

Regards
Joe 

Vignesh_Sridhar

Hi Joe,

App-pool account has read/write access to application directory.

The error message we are getting now is " The Authenticated user does not have access to a resource needed to process the request."

Regards,

Vignesh

Brian_Winter

I had to make sure IUSR had read access to the Cireson folders.

Ilkin_Jamalli

Hi all,

I checked above mentioned permissions and they all are set and I can visit the website via http://localhost. When I try to add a hostheader to the site like http://myscsm.domain.com it keeps throwing 401.1 error

HTTP Error 401.1 - Unauthorized

You do not have permission to view this directory or page using the credentials that you supplied.

Most likely causes:

• The username supplied to IIS is invalid.
• The password supplied to IIS was not typed correctly.
• Incorrect credentials were cached by the browser.
• IIS could not verify the identity of the username and password provided.
• The resource is configured for Anonymous authentication, but the configured anonymous account either has an invalid password or was disabled.
• The server is configured to deny login privileges to the authenticating user or the group in which the user is a member.
• Invalid Kerberos configuration may be the cause if all of the following are true:
• Integrated authentication was used.
• the application pool identity is a custom account.
• the server is a member of a domain.

Things you can try:

• Verify that the username and password are correct, and are not cached by the browser.
• Use a different username and password.
• If you are using a custom anonymous account, verify that the password has not expired.
• Verify that the authenticating user or the user's group, has not been denied login access to the server.
• Verify that the account was not locked out due to numerous failed login attempts.
• If you are using authentication and the server is a member of a domain, verify that you have configured the application pool identity using the utility SETSPN.exe, or changed the configuration so that NTLM is the favored authentication type.
• Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click here.
  

I tried to add SPNs but still no luck.

Can someone help please?

Conner_Wood

With the install can you confirm that the Cireson Database has been filled by the Cireson Cache Builder for users and groups.  (You need to have AD connectors in SCSM that have synced users and groups at some point).

If you use SSMS (Microsoft SQL Server Management Studio) then you can Database Engine Connect to your database server and then open the Cireson ServiceManagement database and under Tables you can right click dbo.LastModified and choose "Select 1000 rows" to see when it has last synced, and also to make sure there are entries you can do the same with the dbo.CI$User table, a user cannot connect if it doesn't exist in the table.

Other than that, can you confirm what authentication is enabled on the Server in IIS > Sites > CiresonPortal > Authentication

Joe_Burrows

Can you also confirm if you are running the portal on an SCSM management server, the behavior you describe usually happens when trying to use windows auth on a server that not a SCSM management server.

Jeff_Landers

That is what I am seeing with separate SCSM and Cireson portal servers.  What am I missing?

Jeff_Landers

My dbo.LastModified and dbo.CI$User tables are empty.  How do I fix that?

Dakota_Green

Have you tried restarting your Cache Builder? If you look in the Cache Builder logs (X:\inetpub\CiresonPortal\bin\Logs\CacheBuilder.log), are there any error messages?

The other thing I could perhaps think of is that the AppPool account may not have the correct login credentials entered in during the install phase.

Jeff_Landers

Thank you for pointing me there.  Novice with the portal.   This looks bad. 

2017-02-22 02:21:14,136, ERROR [   5]:  Error connecting to management server: The requested security package does not exist

Conner_Wood

Try a full Cireson Portal Uninstall and memorize the following information before Installing again:

Tony_Collett said:

During the upgrade, did you check the properties of the install file to see if it was blocked, and proceed to unblock it? Part of Windows Server causes portions of files to be blocked if it the source is detected that it was from another computer/downloaded. 
The installer may have completed, however some files may have been blocked from being transferred/updated

Check the install file and see if it was blocked, if it was, you may attempt to reinstall the portal after unblocking the file. 

Jeff_Landers

There was no upgrade involved.   The files come down fully extracted with no blocking.   I downloaded again and there were more files.  I am going with an incomplete download since everything works now.  Thank you all for your help.