Icon View Thread

The following is the text of the current message along with any replies.
Messages 1 to 10 of 17 total
Thread Clean installation of EWB3 and error with the external web server.
Mon, May 11 2020 9:22 PMPermanent Link

Alvaro

Hello, in order to test a clean installation of EWB3, use a PC with Win7 just installed.
I ran the EWB3 installer without administrator rights and generated everything needed for the IDE, including the "localhost" certificate. Now if I don't run the IDE with administrator rights, I get the error message:
"The web server cannot be started (Internal error loading the credentials (Error 8009030D)".

If I run the IDE with administrator rights there is no problem and the internal server also works.

Second step: I install the 32-bit ewbsrvr as a service and edit the ewbsrvr.ini, changing only ports. 8081 and 444.
I start the service and until then everything works ok. (no errors)

Third step: I create in the IDE the server that I name External. I assign the same ports, user and password that the internal server has, and when I want to edit the properties in the server manager, I get the error that attached.
It seems to be a bug with the certificate, and frankly I don't know how to get out of this. I have reviewed the forum and not have the solution. I apologize for insisting on this topic.
I want to know what I'm doing wrong.
Thanks!



Attachments: ServerError.JPG
Tue, May 12 2020 10:18 AMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Alvaro,

<< Hello, in order to test a clean installation of EWB3, use a PC with Win7 just installed.
I ran the EWB3 installer without administrator rights and generated everything needed for the IDE, including the "localhost" certificate. Now if I don't run the IDE with administrator rights, I get the error message:
"The web server cannot be started (Internal error loading the credentials (Error 8009030D)". >>

I'm not sure what the cause of this error is yet.  It has something to do with specific configurations with certain Windows machines, combined with how we're creating the self-signed certificate.

<< Third step: I create in the IDE the server that I name External. I assign the same ports, user and password that the internal server has, and when I want to edit the properties in the server manager, I get the error that attached. >>

You can't use certificates with IP addresses, so this issue doesn't have anything to do with the certificate.  If you're seeing a request timeout error, then it means that the server isn't responding on the designated IP address/port combination.  You can verify this with the following command-line:

netstat -b

(must run as Administrator)

Tim Young
Elevate Software
www.elevatesoft.com
Tue, May 12 2020 1:04 PMPermanent Link

Alvaro

Tim: thanks for answering.

This is the content of the ewbsrvr.in:

[Server]
Server Name = EWBSRVR
Server Description = Elevate Web Builder 3 Web Server
Database Directory =
Max Database Write Delay = 5
Domain =
Default Document =
Content Directory =
Application Directory =
Module Directory =
Logs Directory =
Enable Cross Origin Resources = 0
Keep-Alive Resource Name = keepalive
Authentication Resource Name = authentication
Administration Resource Name = administration
Databases Resource Name = databases
Modules Resource Name = modules
Applications Resource Name = applications
Debugger Resource Name = debugger
Logs Resource Name = logs
Login User Name = Administrator
Login Password = 75757605565153425F45
IP Address = 127.0.0.1                                         ====> is this correct ?
URL = http: // localhost                                         ====> is this correct ?
Port = 8085
Secure Port = 444
Timeout = 30
Max Request Size = 16777216
Authorized Addresses = *

Blocked Addresses =
Thread Cache Size = 128
Max Num Threads = 2048
Max Authentication Attempts = 10
Authentication Lockout Time = 300
Session ID Length = 32
Session Expiration = 1800
Password Salt Length = 16
Password Hash Type = 0
Certificate Name =                                    ====> what should i indicate here?
Certificate Store Name =
Certificate Store Type = 0

Netstat -b indicates that port 8085 is listening for ewbsrvr, and port 8080 for ewbide is ok.

Now, do I have to indicate in the ewbsrvr.ini the name of the certificate?

If I add it (localhost), the ewbsrvr (32bits) service does not start therefore the name of the certificate is not set.

In the IDE when I try to put the external server active, I keep getting the same error message, which I attached in the screenshot.
What is the problem, then?

Regarding that the certificate is not for IP addresses, does the server always listen on localhost?
If we wanted a different IP, would we have to generate a certificate for that IP?

The idea of &#8203;&#8203;working with certificates, is to be able to establish a secure connection (https.//) or is it for authentication for now?
I understand that the same certificate can be used for both.

I see the problem, but I don't see the criteria of the general environment.
Thanks!



Attachments: Netstat1.JPG
Tue, May 12 2020 4:54 PMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Alvaro

<< IP Address = 127.0.0.1                                         ====> is this correct ? >>

No, and is the cause of your problems.  You're telling the EWB Web Server to bind to / listen on *only* the 127.0.0.1 IP address.  You should leave this option blank if you want the EWB Web Server to bind to and listen on all local IP addresses.

<< URL = http: // localhost                                         ====> is this correct ? >>

You don't need that option, it's only for the internal web server in the EWB 3 IDE.

<< Certificate Name =                                    ====> what should i indicate here? >>

You should indicate "localhost" if you plan on using secure connections to the "localhost" domain.  But, again, you cannot use IP addresses with secure connections and must use an actual domain in your URLs that are accessing the EWB Web Server:

https://localhost:444/myapplication.html

<< If I add it (localhost), the ewbsrvr (32bits) service does not start therefore the name of the certificate is not set. >>

It probably doesn't start because of that same issue you were having with the self-signed "localhost" certificate that is installed by EWB.  I'm going to try to see if this problem is with Windows 7, but I tried a fresh install again today on a Windows 10 machine as a normal user and it completed without issue.  I was able to load the IDE and start the internal web server, as well as confirm that the self-signed "localhost" certificate was created in the proper certificate store for the current user.

<< The idea of &#8203;&#8203;working with certificates, is to be able to establish a secure connection (https.//) or is it for authentication for now? >>

It is used for securing the connection.  The EWB authentication functionality operates within the context of a secure connection, but just as easily be used across an un-secure connection (not recommended, of course, unless you're doing development).

Tim Young
Elevate Software
www.elevatesoft.com
Wed, May 13 2020 11:13 AMPermanent Link

Alvaro

Hi Tim:
Thanks for the explanation. Since I started with EWB1 I have used the Stunnel without problems. The configuration and way of working I was confused with the way the server works on a "localhost" domain.
I am preparing a Windows 10 PC to install EWB3, however I would like to know if there is a solution regarding the certificate installation on Win7.
Regarding the server and the authentication error, I did tests with ewbsrvr.exe (32) as a service and with ewbsrvr.exe command line. Both forms report the same error within the IDE. The netstat -b program sees port 8085 active in both cases.
Cordial greeting!!
Alvaro
Wed, May 13 2020 11:55 AMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Alvaro,

<< Thanks for the explanation. Since I started with EWB1 I have used the Stunnel without problems. >>

Stunnel uses OpenSSL, not the Windows Crypto API, so they aren't comparable in this regard (certificate handling).

<< The configuration and way of working I was confused with the way the server works on a "localhost" domain.
I am preparing a Windows 10 PC to install EWB3, however I would like to know if there is a solution regarding the certificate installation on Win7. >>

In general, there are going to be ongoing issues/limitations with Windows 7 with regard to its TLS implementation because the OS is no longer supported.  For example, TLS 1.2 is not enabled by default in Windows 7, and you must use a tool like IISCrypto to enable it:

https://www.nartac.com/Products/IISCrypto/

At any rate, I'll let you know what I find out.

Tim Young
Elevate Software
www.elevatesoft.com
Wed, May 13 2020 4:19 PMPermanent Link

Alvaro

Tim:
I did a clean Win10 installation on a PC. Install EWB3b13. Automatic installation of the certificate worked for the IDE. I didn't have to run it in administrator mode. What I want to test is the external server. If I install server 32 as a service, or run the server command line in console mode, when I want to add it to the IDE, that's where the message appears: "Authentication error for user Administrator". Attach the ewbsrvr.ini with the corrections you indicate:

[Server]
Server Name=EWBSRVR
Server Description=Elevate Web Builder 3 Web Server
Database Directory=
Max Database Write Delay=5
Domain=
Default Document=
Content Directory=
Application Directory=
Module Directory=
Logs Directory=
Enable Cross Origin Resources=0
Keep-Alive Resource Name=keepalive
Authentication Resource Name=authentication
Administration Resource Name=administration
Databases Resource Name=databases
Modules Resource Name=modules
Applications Resource Name=applications
Debugger Resource Name=debugger
Logs Resource Name=logs
Login User Name = Administrator
Login Password = 75757605565153425F45

==> is that necesary?? (do not use this aggregate in tests)
Database Directory=C:\Users\alvar\AppData\Local\Elevate Software\Elevate Web Builder 3\server
Max Database Write Delay=5
Default Document=project1.html
Content Directory=C:\Users\alvar\AppData\Local\Elevate Software\Elevate Web Builder 3\server\content
Application Directory=C:\Users\alvar\AppData\Local\Elevate Software\Elevate Web Builder 3\server\applications
Module Directory=C:\Users\alvar\AppData\Local\Elevate Software\Elevate Web Builder 3\server\modules
Logs Directory=C:\Users\alvar\AppData\Local\Elevate Software\Elevate Web Builder 3\server\logs
==> is that necesary?? (do not use this aggregate in tests)

IP Address=
Port=80                         ==> internal server is on ports 85 and 445
Secure Port=443          ==> internal server is on ports 85 and 445
Timeout=30
Max Request Size=16777216
Authorized Addresses=*

Blocked Addresses=
Thread Cache Size=128
Max Num Threads=2048
Max Authentication Attempts=10
Authentication Lockout Time=300
Session ID Length=32
Session Expiration=1800
Password Salt Length=16
Password Hash Type=0

Certificate Name=                    ==>  (*)  please read reference

Certificate Store Name=
Certificate Store Type=0

(*)   If I add the certificate name, the ewbsrvr command line, runs without errors. The esbsrvr.exe (32) service  does not start. Without the certificate name in the INI, both run smoothly.
The ewbsrvr command line, as I said does not report errors when running it, when I indicate certificate name in the INI, but when I try to configure it in the IDE, it reports the reference error.

All tests were done with Win10 Pro, I5, 8G Ram. Windows Defender all disabled.
These are all the tests I've been able to do, without success to launch an external server and configure it in the IDE. Any other suggestions to try, will be welcome.
Cordially
Alvaro
Wed, May 13 2020 5:57 PMPermanent Link

Alvaro

Tim, you referenced the Windows Crypto API. On the Win7 PC, I have CAPICOM 2.1.0.2 installed, which I believe is the latest version.
When referring to the Crypto API, is it because the certificate handling has been developed with the Crypto API SDK ?.
Could there be a problem with version 2.1.0.2 ?, because I found that the most stable version is 2.1.0.0.
Thank you!
Wed, May 13 2020 10:42 PMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Alvaro,

<< Tim, you referenced the Windows Crypto API. On the Win7 PC, I have CAPICOM 2.1.0.2 installed, which I  believe is the latest version.  When referring to the Crypto API, is it because the certificate handling has been developed with the Crypto API SDK ?.  >>

Yes, EWB uses the built-in Windows functionality for certificate handling and TLS (SChannel) that is part of the WinCrypt API.  You should not need to know anything about the version of the Crypto API used, other than to make sure that you have all of the latest Windows updates installed.

I finished the test installation on a Windows 7 machine (all updates installed) and the web server started up without any certificate/credentials issues.  I checked the machine with IISCrypto, and the machine is configured to use the defaults for TLS 1.0, 1.1, 1.2, and higher.

Tim Young
Elevate Software
www.elevatesoft.com
Wed, May 13 2020 10:54 PMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Alvaro,

<< Login User Name = Administrator
Login Password = 75757605565153425F45

==> is that necesary?? (do not use this aggregate in tests) >>

You cannot change the Administrator password by simply specifying a new password in the ewbsrvr.ini file, and no, these entries are not used for the external web server.

<< Database Directory=C:\Users\alvar\AppData\Local\Elevate Software\Elevate Web Builder 3\server
Max Database Write Delay=5
Default Document=project1.html
Content Directory=C:\Users\alvar\AppData\Local\Elevate Software\Elevate Web Builder 3\server\content
Application Directory=C:\Users\alvar\AppData\Local\Elevate Software\Elevate Web Builder 3\server\applications
Module Directory=C:\Users\alvar\AppData\Local\Elevate Software\Elevate Web Builder 3\server\modules
Logs Directory=C:\Users\alvar\AppData\Local\Elevate Software\Elevate Web Builder 3\server\logs >>

Yes, these are required, but you don't want to set them to a user-specific folder.  Whatever you use for these values, you need to make sure that the EWB Web Server can access them when run as a service.

<< If I add the certificate name, the ewbsrvr command line, runs without errors. The esbsrvr.exe (32) service  does not start. >>

Again, like with the folders, when running as a service, the EWB Web Server is running under the System user account, by default.  This means that it cannot access the user-specific "localhost" self-signed certificate that is installed by default.  You'll need to use the ewbcert utility included with the beta to install a self-signed "localhost" certificate for the default local machine store, and that will be usable by the EWB Web Server when running as a service.  However, be sure to set the "Certificate Store Type" setting in the ewbsrvr.ini file to 1 to indicate that you want the web server to look in the default local machine certificate store.

I think you're starting to see why I pre-configure the internal web server so that it just runs. Smile

Tim Young
Elevate Software
www.elevatesoft.com
Page 1 of 2Next Page
Jump to Page:  1 2
Image