Login ProductsSalesSupportDownloadsAbout |
Home » Technical Support » Elevate Web Builder Technical Support » Support Forums » Elevate Web Builder Public Beta Tests » View Thread |
Messages 1 to 10 of 17 total |
Clean installation of EWB3 and error with the external web server. |
Mon, May 11 2020 9:22 PM | Permanent Link |
Alvaro | Hello, in order to test a clean installation of EWB3, use a PC with Win7 just installed.
I ran the EWB3 installer without administrator rights and generated everything needed for the IDE, including the "localhost" certificate. Now if I don't run the IDE with administrator rights, I get the error message: "The web server cannot be started (Internal error loading the credentials (Error 8009030D)". If I run the IDE with administrator rights there is no problem and the internal server also works. Second step: I install the 32-bit ewbsrvr as a service and edit the ewbsrvr.ini, changing only ports. 8081 and 444. I start the service and until then everything works ok. (no errors) Third step: I create in the IDE the server that I name External. I assign the same ports, user and password that the internal server has, and when I want to edit the properties in the server manager, I get the error that attached. It seems to be a bug with the certificate, and frankly I don't know how to get out of this. I have reviewed the forum and not have the solution. I apologize for insisting on this topic. I want to know what I'm doing wrong. Thanks! Attachments: ServerError.JPG |
Tue, May 12 2020 10:18 AM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | Alvaro,
<< Hello, in order to test a clean installation of EWB3, use a PC with Win7 just installed. I ran the EWB3 installer without administrator rights and generated everything needed for the IDE, including the "localhost" certificate. Now if I don't run the IDE with administrator rights, I get the error message: "The web server cannot be started (Internal error loading the credentials (Error 8009030D)". >> I'm not sure what the cause of this error is yet. It has something to do with specific configurations with certain Windows machines, combined with how we're creating the self-signed certificate. << Third step: I create in the IDE the server that I name External. I assign the same ports, user and password that the internal server has, and when I want to edit the properties in the server manager, I get the error that attached. >> You can't use certificates with IP addresses, so this issue doesn't have anything to do with the certificate. If you're seeing a request timeout error, then it means that the server isn't responding on the designated IP address/port combination. You can verify this with the following command-line: netstat -b (must run as Administrator) Tim Young Elevate Software www.elevatesoft.com |
Tue, May 12 2020 1:04 PM | Permanent Link |
Alvaro | Tim: thanks for answering.
This is the content of the ewbsrvr.in: [Server] Server Name = EWBSRVR Server Description = Elevate Web Builder 3 Web Server Database Directory = Max Database Write Delay = 5 Domain = Default Document = Content Directory = Application Directory = Module Directory = Logs Directory = Enable Cross Origin Resources = 0 Keep-Alive Resource Name = keepalive Authentication Resource Name = authentication Administration Resource Name = administration Databases Resource Name = databases Modules Resource Name = modules Applications Resource Name = applications Debugger Resource Name = debugger Logs Resource Name = logs Login User Name = Administrator Login Password = 75757605565153425F45 IP Address = 127.0.0.1 ====> is this correct ? URL = http: // localhost ====> is this correct ? Port = 8085 Secure Port = 444 Timeout = 30 Max Request Size = 16777216 Authorized Addresses = * Blocked Addresses = Thread Cache Size = 128 Max Num Threads = 2048 Max Authentication Attempts = 10 Authentication Lockout Time = 300 Session ID Length = 32 Session Expiration = 1800 Password Salt Length = 16 Password Hash Type = 0 Certificate Name = ====> what should i indicate here? Certificate Store Name = Certificate Store Type = 0 Netstat -b indicates that port 8085 is listening for ewbsrvr, and port 8080 for ewbide is ok. Now, do I have to indicate in the ewbsrvr.ini the name of the certificate? If I add it (localhost), the ewbsrvr (32bits) service does not start therefore the name of the certificate is not set. In the IDE when I try to put the external server active, I keep getting the same error message, which I attached in the screenshot. What is the problem, then? Regarding that the certificate is not for IP addresses, does the server always listen on localhost? If we wanted a different IP, would we have to generate a certificate for that IP? The idea of ​​working with certificates, is to be able to establish a secure connection (https.//) or is it for authentication for now? I understand that the same certificate can be used for both. I see the problem, but I don't see the criteria of the general environment. Thanks! Attachments: Netstat1.JPG |
Tue, May 12 2020 4:54 PM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | Alvaro
<< IP Address = 127.0.0.1 ====> is this correct ? >> No, and is the cause of your problems. You're telling the EWB Web Server to bind to / listen on *only* the 127.0.0.1 IP address. You should leave this option blank if you want the EWB Web Server to bind to and listen on all local IP addresses. << URL = http: // localhost ====> is this correct ? >> You don't need that option, it's only for the internal web server in the EWB 3 IDE. << Certificate Name = ====> what should i indicate here? >> You should indicate "localhost" if you plan on using secure connections to the "localhost" domain. But, again, you cannot use IP addresses with secure connections and must use an actual domain in your URLs that are accessing the EWB Web Server: https://localhost:444/myapplication.html << If I add it (localhost), the ewbsrvr (32bits) service does not start therefore the name of the certificate is not set. >> It probably doesn't start because of that same issue you were having with the self-signed "localhost" certificate that is installed by EWB. I'm going to try to see if this problem is with Windows 7, but I tried a fresh install again today on a Windows 10 machine as a normal user and it completed without issue. I was able to load the IDE and start the internal web server, as well as confirm that the self-signed "localhost" certificate was created in the proper certificate store for the current user. << The idea of ​​working with certificates, is to be able to establish a secure connection (https.//) or is it for authentication for now? >> It is used for securing the connection. The EWB authentication functionality operates within the context of a secure connection, but just as easily be used across an un-secure connection (not recommended, of course, unless you're doing development). Tim Young Elevate Software www.elevatesoft.com |
Wed, May 13 2020 11:13 AM | Permanent Link |
Alvaro | Hi Tim:
Thanks for the explanation. Since I started with EWB1 I have used the Stunnel without problems. The configuration and way of working I was confused with the way the server works on a "localhost" domain. I am preparing a Windows 10 PC to install EWB3, however I would like to know if there is a solution regarding the certificate installation on Win7. Regarding the server and the authentication error, I did tests with ewbsrvr.exe (32) as a service and with ewbsrvr.exe command line. Both forms report the same error within the IDE. The netstat -b program sees port 8085 active in both cases. Cordial greeting!! Alvaro |
Wed, May 13 2020 11:55 AM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | Alvaro,
<< Thanks for the explanation. Since I started with EWB1 I have used the Stunnel without problems. >> Stunnel uses OpenSSL, not the Windows Crypto API, so they aren't comparable in this regard (certificate handling). << The configuration and way of working I was confused with the way the server works on a "localhost" domain. I am preparing a Windows 10 PC to install EWB3, however I would like to know if there is a solution regarding the certificate installation on Win7. >> In general, there are going to be ongoing issues/limitations with Windows 7 with regard to its TLS implementation because the OS is no longer supported. For example, TLS 1.2 is not enabled by default in Windows 7, and you must use a tool like IISCrypto to enable it: https://www.nartac.com/Products/IISCrypto/ At any rate, I'll let you know what I find out. Tim Young Elevate Software www.elevatesoft.com |
Wed, May 13 2020 4:19 PM | Permanent Link |
Alvaro | Tim:
I did a clean Win10 installation on a PC. Install EWB3b13. Automatic installation of the certificate worked for the IDE. I didn't have to run it in administrator mode. What I want to test is the external server. If I install server 32 as a service, or run the server command line in console mode, when I want to add it to the IDE, that's where the message appears: "Authentication error for user Administrator". Attach the ewbsrvr.ini with the corrections you indicate: [Server] Server Name=EWBSRVR Server Description=Elevate Web Builder 3 Web Server Database Directory= Max Database Write Delay=5 Domain= Default Document= Content Directory= Application Directory= Module Directory= Logs Directory= Enable Cross Origin Resources=0 Keep-Alive Resource Name=keepalive Authentication Resource Name=authentication Administration Resource Name=administration Databases Resource Name=databases Modules Resource Name=modules Applications Resource Name=applications Debugger Resource Name=debugger Logs Resource Name=logs Login User Name = Administrator Login Password = 75757605565153425F45 ==> is that necesary?? (do not use this aggregate in tests) Database Directory=C:\Users\alvar\AppData\Local\Elevate Software\Elevate Web Builder 3\server Max Database Write Delay=5 Default Document=project1.html Content Directory=C:\Users\alvar\AppData\Local\Elevate Software\Elevate Web Builder 3\server\content Application Directory=C:\Users\alvar\AppData\Local\Elevate Software\Elevate Web Builder 3\server\applications Module Directory=C:\Users\alvar\AppData\Local\Elevate Software\Elevate Web Builder 3\server\modules Logs Directory=C:\Users\alvar\AppData\Local\Elevate Software\Elevate Web Builder 3\server\logs ==> is that necesary?? (do not use this aggregate in tests) IP Address= Port=80 ==> internal server is on ports 85 and 445 Secure Port=443 ==> internal server is on ports 85 and 445 Timeout=30 Max Request Size=16777216 Authorized Addresses=* Blocked Addresses= Thread Cache Size=128 Max Num Threads=2048 Max Authentication Attempts=10 Authentication Lockout Time=300 Session ID Length=32 Session Expiration=1800 Password Salt Length=16 Password Hash Type=0 Certificate Name= ==> (*) please read reference Certificate Store Name= Certificate Store Type=0 (*) If I add the certificate name, the ewbsrvr command line, runs without errors. The esbsrvr.exe (32) service does not start. Without the certificate name in the INI, both run smoothly. The ewbsrvr command line, as I said does not report errors when running it, when I indicate certificate name in the INI, but when I try to configure it in the IDE, it reports the reference error. All tests were done with Win10 Pro, I5, 8G Ram. Windows Defender all disabled. These are all the tests I've been able to do, without success to launch an external server and configure it in the IDE. Any other suggestions to try, will be welcome. Cordially Alvaro |
Wed, May 13 2020 5:57 PM | Permanent Link |
Alvaro | Tim, you referenced the Windows Crypto API. On the Win7 PC, I have CAPICOM 2.1.0.2 installed, which I believe is the latest version.
When referring to the Crypto API, is it because the certificate handling has been developed with the Crypto API SDK ?. Could there be a problem with version 2.1.0.2 ?, because I found that the most stable version is 2.1.0.0. Thank you! |
Wed, May 13 2020 10:42 PM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | Alvaro,
<< Tim, you referenced the Windows Crypto API. On the Win7 PC, I have CAPICOM 2.1.0.2 installed, which I believe is the latest version. When referring to the Crypto API, is it because the certificate handling has been developed with the Crypto API SDK ?. >> Yes, EWB uses the built-in Windows functionality for certificate handling and TLS (SChannel) that is part of the WinCrypt API. You should not need to know anything about the version of the Crypto API used, other than to make sure that you have all of the latest Windows updates installed. I finished the test installation on a Windows 7 machine (all updates installed) and the web server started up without any certificate/credentials issues. I checked the machine with IISCrypto, and the machine is configured to use the defaults for TLS 1.0, 1.1, 1.2, and higher. Tim Young Elevate Software www.elevatesoft.com |
Wed, May 13 2020 10:54 PM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | Alvaro,
<< Login User Name = Administrator Login Password = 75757605565153425F45 ==> is that necesary?? (do not use this aggregate in tests) >> You cannot change the Administrator password by simply specifying a new password in the ewbsrvr.ini file, and no, these entries are not used for the external web server. << Database Directory=C:\Users\alvar\AppData\Local\Elevate Software\Elevate Web Builder 3\server Max Database Write Delay=5 Default Document=project1.html Content Directory=C:\Users\alvar\AppData\Local\Elevate Software\Elevate Web Builder 3\server\content Application Directory=C:\Users\alvar\AppData\Local\Elevate Software\Elevate Web Builder 3\server\applications Module Directory=C:\Users\alvar\AppData\Local\Elevate Software\Elevate Web Builder 3\server\modules Logs Directory=C:\Users\alvar\AppData\Local\Elevate Software\Elevate Web Builder 3\server\logs >> Yes, these are required, but you don't want to set them to a user-specific folder. Whatever you use for these values, you need to make sure that the EWB Web Server can access them when run as a service. << If I add the certificate name, the ewbsrvr command line, runs without errors. The esbsrvr.exe (32) service does not start. >> Again, like with the folders, when running as a service, the EWB Web Server is running under the System user account, by default. This means that it cannot access the user-specific "localhost" self-signed certificate that is installed by default. You'll need to use the ewbcert utility included with the beta to install a self-signed "localhost" certificate for the default local machine store, and that will be usable by the EWB Web Server when running as a service. However, be sure to set the "Certificate Store Type" setting in the ewbsrvr.ini file to 1 to indicate that you want the web server to look in the default local machine certificate store. I think you're starting to see why I pre-configure the internal web server so that it just runs. Tim Young Elevate Software www.elevatesoft.com |
Page 1 of 2 | Next Page » | |
Jump to Page: 1 2 |
This web page was last updated on Friday, April 26, 2024 at 06:09 PM | Privacy PolicySite Map © 2024 Elevate Software, Inc. All Rights Reserved Questions or comments ? E-mail us at info@elevatesoft.com |