locked
gateway install problems, logs indicate 500 error on Center RRS feed

  • Question

  • When trying to install the gateway, I get the error:  "The ATA Console, https://IPADDRESSOFATACENTERHERE, returned an error while attempting...... review the ATA Console and IIS error logs."

    So I did.  There are no gateway logs in the ATA center install directory.

    I checked the IIS logs of the ATA Center, and in IIS I see: 

    "

    2016-03-07 22:12:20 IP POST /Api/Authentication/Login - 443 - IP - - 200 0 0 38
    2016-03-07 22:12:27 IP POST /Api/Authentication/Login - 443 - IP - - 200 0 0 16
    2016-03-07 22:12:37 IP POST /Api/Authentication/Login - 443 - IP - - 200 0 0 13
    2016-03-07 22:12:37 IP POST /Api/SystemProfiles/Gateways/NAMEOFGATEWAYMACHINE - 443 MYUSERNAME IP - - 500 0 0 7

    "

    So it appears the gateway has successfully connected, not sure why it isn't working past that.  

    Other things I have tried:

    uninstalling and reinstalling ATA center

    changed certificates from a "good" one to a self signed... on both gateway and ATA center

    changed iis ports and bindings

    different usernames and tried domain/ and user@domain

    opened firewall completely between the machines, all protocols, all ports.

    Nothing in the event logs.  No errors, no successes, nothing.

    tried reboots between these things.

    So any ideas?  Am I missing something?


    • Edited by Bryan Loveless Wednesday, March 16, 2016 6:26 PM clarified title
    Monday, March 7, 2016 11:10 PM

Answers

  • Ok, it is fixed... a nice guy from MS called me, and he helped me understand that there were two things wrong in my environment:

    1)  the certificate I was given by my external/commercial CA  (not a Microsoft one, btw), is slightly different than what ATA wants/expects.  I am still researching the differences, but since I could use the self-signed ones, I consider this a lower problem

    2) The "read only" account I created had a password of 110 characters.  Once I reduced it to about half (I am purposely not saying how much in this forum), the account then started to work.  This was verified, as I could use my own account and it would be fine, but this service account would fail until I reduced the password length.

    Hope this helps someone else in the future.

    • Marked as answer by Bryan Loveless Wednesday, March 23, 2016 8:44 PM
    Wednesday, March 23, 2016 8:44 PM

All replies

  • Hi,

    please check if the Rewrite-Module for IIS is corrupt. I had a similar problem and i had to repaired the Rewrite-Module.

    If you open the IIS management go to the ATA website and klick on Rewrite. If an error occurs reinstall the Rewrite-Module ;)

    Tuesday, March 8, 2016 6:00 AM
  • No Dice.. :(  Lots of rewrite rules, all seem to be there.

    Tuesday, March 8, 2016 3:00 PM
  • Oh, also, to add some more info, yes, the gateway is able to connect to the "center's" ip addresses, and I can log into the center from the gateway machine.
    Tuesday, March 8, 2016 3:19 PM
  • even more info: log from "C:\Users\MYUSERNAME\AppData\Local\Temp" :

    "

    [0ACC:0054][2016-03-08T08:31:30]i000: System.AggregateException: One or more errors occurred. ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 500 (Internal Server Error).
       at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
       at Microsoft.Tri.Common.Data.Common.ManagementClient.<PostAsync>d__5`1.MoveNext()
       --- End of inner exception stack trace ---
       at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
       at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
       at System.Threading.Tasks.Task`1.get_Result()
       at Microsoft.Tri.Common.Data.Common.ManagementClient.RegisterGateway(String managementServerUrl, String managementCertificateThumbprint, String managementAccountName, String managementAccountPassword, NetbiosName gatewayNetbiosName, X509Certificate2 gatewayCertificate)
    ---> (Inner Exception #0) System.Net.Http.HttpRequestException: Response status code does not indicate success: 500 (Internal Server Error).
       at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
       at Microsoft.Tri.Common.Data.Common.ManagementClient.<PostAsync>d__5`1.MoveNext()<---

    "

    Tuesday, March 8, 2016 5:48 PM
  • Tried uninstalling IIS, letting it do it for me: nothing.

    Since we paid for it, I thought perhaps I should put in the key code:  nothing.

    A whole lotta nuthin'.  With an IIS error of 500, I am out of settings to manipulate.

    Wednesday, March 16, 2016 6:31 PM
  • Hi,

    you can logon into your Center from a GW machine but not from the Center Server itself?

    Are the services for ATACenter and MongoDB running? Is there maybe something in the Eventlogs for IIS or Administrative Events?

    Regards

    Thursday, March 17, 2016 6:29 AM
  • I can log into the center from both itself and the GW. Services for both are running. IIS logs show the 500 error.  The "Management" site is fine, it is the site that the GWs connect to that throw the error I believe. Nothing in Admin events that I noticed.

    Thursday, March 17, 2016 2:46 PM
  • oh, and yes, both services (center and MONGO) are running.

    Thursday, March 17, 2016 4:55 PM
  • We got a similar Problem here when trying to use our own PKI for Setting things up. We could not connect to https://centerip/ without a certificate warning, because our certificates are built with subject fqdn as Default. Requested a new certificate type WebServer for the local machine account with subject alternative Names for IP adresses and it is working now.

    Do never assign the certificate using IIS Manager - this will kill you Installation. Always use the ATA Center for certificate changes/replacements - had to reinstall...

    Tuesday, March 22, 2016 7:09 AM
  • One Addition:

    We disabled IE enhanced security and needed to open the Center Console in IE from Gateway if it did not connect at first try - after this it worked - always. Version is 1.5

    Tuesday, March 22, 2016 12:38 PM
  • thanks for the idea.  But no good. We tried self-sign certs, along with "world trusted" ones as well.... no change. Also tried installing IIS before ATA, and also letting ATA install IIS for us (after the certs were in the machine store of course).

    Tuesday, March 22, 2016 3:08 PM
  • Thanks again, I tried adding it to "trusted sites", then turned used "compatibility mode".  Tried IP, tried Name, tried FQDN... nuthin'.

    Tuesday, March 22, 2016 3:09 PM
  • Ok, it is fixed... a nice guy from MS called me, and he helped me understand that there were two things wrong in my environment:

    1)  the certificate I was given by my external/commercial CA  (not a Microsoft one, btw), is slightly different than what ATA wants/expects.  I am still researching the differences, but since I could use the self-signed ones, I consider this a lower problem

    2) The "read only" account I created had a password of 110 characters.  Once I reduced it to about half (I am purposely not saying how much in this forum), the account then started to work.  This was verified, as I could use my own account and it would be fine, but this service account would fail until I reduced the password length.

    Hope this helps someone else in the future.

    • Marked as answer by Bryan Loveless Wednesday, March 23, 2016 8:44 PM
    Wednesday, March 23, 2016 8:44 PM