Question Status

Suggested Answer
Bill Campbell asked a question on 11 Mar 2015 4:09 PM

Environment

We are installed on a single VM box, running Server 2012 and SQL Server 2014.  There have been no other versions of anything ever installed on this computer - it is NEW and each time I wrecked something, I wiped the VM and started from scratch - no uninstall - no part working systems - if something failed I tossed everything down to the OS and started over again - getting pretty dam quick at getting it all done right.

Issue: We can not connect to Web Client from anywhere but the local machine

We believe we have Web Client installed correctly, however, we are not sure why we can not connect to the site : http://mis-server12vm:443/gp from another workstation on the same domain using the same domain user that is currently logged onto the mis-server12vm machine.

  When I click on Restart - I get another series of messages that result in a loop and the system is stuck and I have to use Task Manager to stop the 'process'.

Question: 

Is there a different configuration we 'missed' that would allow another computer user to attach to this site when we did the web client install as 'single workstation' at the very beginning of the process?


** Please, if this answers your question, mark it as 'Answered' so others experiencing the same will know it resolved your issue. **

Bill Campbell
Director, Operations
M.I.S. Management Information Solutions Ltd.
Skype: billc.edmonton
Cell: +1 780 994 2455
Off : +1 780 481 5564

Reply
Suggested Answer
Vaidhyanathan Mohan responded on 12 Mar 2015 12:17 AM

"Single Machine" configuration just means you do not more than one GP web session host. So we are good to go in that sense.

Cross Domain error often happen if you do not specify full site name or if you do not access SSL site. You have mentioned "mis-server12vm/gp". That's clearly not secure address. Try to access the exact GP web client address with full site name and "https". GP web client is mandatorily SSL enabled. We cannot access it without "https" and an SSL certificate.

This may resolve the issue.

Reply
Suggested Answer
Tom Cruse responded on 12 Mar 2015 9:32 AM

Yea Bill as Vaidhyanathan mentioned with the SSL cert, you need to install the cert located on the server running the web client into the Trusted Root store on each local machine trying to access the web client. I've run into this issue before.

Tom

Reply
Bill Campbell responded on 12 Mar 2015 9:52 AM

Vaidy, how do i get the SSL Cert from the server to the 'workstations' or other machines that might access it?

I can not send the cert out to 'other machines'

When I try to access from a different physical computer - on the same domain -

https://mis-server12vm:443/gp - it fails

mis-server12vm.misltd.local/gp - it fails

When I try to access from the same physical computer, but not on the VM box - running chrome - https://mis-server12vm/gp - it fails.

When I am on the same VM session on the same computer - running IE -

mis-server12vm/.../GPWeb - works as expected.

I believe that i need to expose the SSL and the site somehow and I have done something incorrect in the configuration if it should be exposed based on the installation and configuration out of the box.


** Please, if this answers your question, mark it as 'Answered' so others experiencing the same will know it resolved your issue. **

Bill Campbell
Director, Operations
M.I.S. Management Information Solutions Ltd.
Skype: billc.edmonton
Cell: +1 780 994 2455
Off : +1 780 481 5564

Reply
Bill Campbell responded on 12 Mar 2015 9:54 AM

Tom, so that would work if only machines inside the domain were going to access the system.  Can you show me step to do that please.

Secondly, what happens when we have users out of the office that need / want / to enter time?  What then?

I am sure I am missing something (not simple) but it will be easy once I know what it is.


** Please, if this answers your question, mark it as 'Answered' so others experiencing the same will know it resolved your issue. **

Bill Campbell
Director, Operations
M.I.S. Management Information Solutions Ltd.
Skype: billc.edmonton
Cell: +1 780 994 2455
Off : +1 780 481 5564

Reply
Suggested Answer
Tom Cruse responded on 12 Mar 2015 1:29 PM

Honestly I'm not sure about being off the domain, I would always tell my people to VPN into the network first. That would be the most secure setup for your environment.

To export the certificate open IIS and click on the server and then open the server certificates feature. Next double click the certificate you want to export and then click the Details tab. Next click on Copy to File and it will run the certificate export wizard.

After you export it place it somewhere safe and then on the local machine you want it installed on just double click it and you'll be able to run through the certificate import wizard, just make sure you place it in the Trusted Root Store when prompted.

Sorry I didn't provide screens but hopefully that'll do it.

Reply
Derek Albaugh responded on 26 Mar 2015 3:30 PM

I didn't see where it was mentioned what type of certificate is being used for Web Client, only that it is a single server environment.

There are three different certificates that can be used with Web Client:

1. Self-signed: This is created in IIS Manager on the server that Web Client is installed onto and recommended only for demo purposes as the certificate is only good for 1 year.

2. Certificate Authority (CA): You can create a certificate through the CA on the domain controller and then export it so you can then import it onto your web server to use for the installation of Web Client and to import into the Trusted Root and Personal Stores for each workstation that is going to be accessing Web Client internally/on the domain. These are good for about 3-5 years or more.

**NOTE: Steps on exporting and importing the certificate onto secondary workstations can be found in Appendix A on the Web Client installation document.

3. If you want users to be able to access Web Client externally, i.e. not on the network/domain, over the Internet, then you'll want to use a third-party certificate from a vendor such as GoDaddy.com, for example, where you can setup the DNS information on the certificate and then your web server so that instead of using the default severname.domainname.com/GP URL for Web Client, you can use something such as www.MyCompanyName.com, to take the users to the Web Client logon window and application. These certificates can be purchased to last for up to 10 years or so.

Everyone is correct in that the certificate needs to be imported onto the machine in order to be able to access Web Client on the domain/network, but for external / outside the domain access to Web Client, you'll want to use a third-party certificate.

Thanks,

Reply
Suggested Answer
Vaidhyanathan Mohan responded on 12 Mar 2015 12:17 AM

"Single Machine" configuration just means you do not more than one GP web session host. So we are good to go in that sense.

Cross Domain error often happen if you do not specify full site name or if you do not access SSL site. You have mentioned "mis-server12vm/gp". That's clearly not secure address. Try to access the exact GP web client address with full site name and "https". GP web client is mandatorily SSL enabled. We cannot access it without "https" and an SSL certificate.

This may resolve the issue.

Reply
Suggested Answer
Tom Cruse responded on 12 Mar 2015 9:32 AM

Yea Bill as Vaidhyanathan mentioned with the SSL cert, you need to install the cert located on the server running the web client into the Trusted Root store on each local machine trying to access the web client. I've run into this issue before.

Tom

Reply
Suggested Answer
Tom Cruse responded on 12 Mar 2015 1:29 PM

Honestly I'm not sure about being off the domain, I would always tell my people to VPN into the network first. That would be the most secure setup for your environment.

To export the certificate open IIS and click on the server and then open the server certificates feature. Next double click the certificate you want to export and then click the Details tab. Next click on Copy to File and it will run the certificate export wizard.

After you export it place it somewhere safe and then on the local machine you want it installed on just double click it and you'll be able to run through the certificate import wizard, just make sure you place it in the Trusted Root Store when prompted.

Sorry I didn't provide screens but hopefully that'll do it.

Reply