A new Flexera Community experience is coming on November 18th, click here for more information.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Register Flexera Service Gateway Authentication Failed

We are currently running App Portal 2017 R2 and having issues changing configurating to a new FNMS instance we have stood up. We downloaded webapi.config file from the new FNMS instance but the default username and pw of admin not working when registering.

The error we get is "An exception has occurred. Authentication Failed. Message: The underlying connection was closed: An unexpected error occurred on a receive." Any help would be appreciated.

Thanks,
Mike

(1) Solution

Thank you @jdempsey for the suggestions.  We do have those settings configured.  What fixed it for us was adding the App Portal service account to the Administrative role within FNMS.  

Thanks!

View solution in original post

(14) Replies
CharlesW
By Level 12 Flexeran
Level 12 Flexeran

Are you integrating App Portal with Admin Studio or Workflow manager? If not, I'd recommend simply bypassing the FSG.. The following steps will allow you to bypass the FSG in App Portal

1) Remove the entry for Flexera Service Gateway Server Name within Site Management | Admin | Settings | Flexera Integration
2) Click Save to apply changes.
3) Access App Portal database and run the following query:

update dbo.WD_AppSettings
set Value = ‘True’
where KeyName = ‘ShowFSGEndPoints’

4) perform an iisreset
5) Restart the browser, and go to Flexera Integration again. At the bottom of the page you should now see "endpoint URLs" exposed.

6) The FlexNet Manager Suite Service Url should be similar to the following. The other endpoint URL's do not need to be set:

http://<fnms serverName>/ManageSoftServices/ComplianceAPIService/ComplianceAPIService.asmx

Let me know if you run into any issues after doing this.

@mstahnke, when I've seen that error in the past, it is usually the result of TLS 1.2 rearing its ugly head.  You may need to check TLS 1.2 configurations on both the device where you're running the registration tool and on your FSG server to make sure that it's enabled and used by default.  I have seen this error one other time where it wasn't related to TLS 1.2.  In that situation, I had to uninstall the FSG, manually delete the FSG installation folder (some configuration data left behind), and then reinstall the FSG.  If none of that helps, then I fall back to Charlie's solution to bypass the FSG.   ðŸ™‚

Anything expressed here is my own view and not necessarily that of my employer, Flexera. If my reply answers a question you have raised, please click "ACCEPT AS SOLUTION".

We tried @CharlesW solution before we seen the post from @jdempsey .  We were able to see FlexNet Manager Suite Service Url  exposed and added the URL.  We are not able to find any Products in FlexNet Suit Mappings.  Did notice when we went back to "FlexNet Manager Suite Database Connection Settings" and click Test now fails with message attached.  We think we have seen this a while back and have a custom script to fix.  We will try that next unless you have any additional comments to pass on.  Thanks to both for your information!

If you stood up a completely new instance of FNMS, then you would definitely want to run the SQL script, which is mentioned in the error (when selecting the test button). What is the error which is logged in FNMSIntegration.log? This might provide a clue, in the case where running the SQL Script does not resolve the issue.

This is a new instance of FNMS and did run the script on the new FNMS Compliance DB . Restarted both ESD service and restarted IIS.  Still failing same and log shows "Exception while executing method GetFNMPCustomViewWithMultipleFilters with parameters -120000, filterUsage =System.Collections.Generic.List`1[Flexera.Integration.FNMP.Interfaces.ICustomViewFilter], 10000, TenantId= Server was unable to process request. ---> Request for principal permission failed.:

Are you using the App Portal service account to connect to FNMS, or have you specified an alternate connection account?  If you specify an alternate connection account, it will not be used for accessing the FNMS compliance database.  It is only used for connecting to the web services.  When using an alternate connection account, you will not be able to use any of the functions that directly access the database through SQL.  If you are using the App Portal service account to connect to FNMS, then make sure you have granted that account db_reader permissions on the FNMS compliance DB.

Anything expressed here is my own view and not necessarily that of my employer, Flexera. If my reply answers a question you have raised, please click "ACCEPT AS SOLUTION".

We are using the App Portal Serivice account to connect to new FNMS Compliance DB and has db_datareader permisions.

If we try and Searching for adding Product Name for Flexera Manager Suite Mapping throws this error in the log.  Do you have a script for this to run?

Invoking the method GetFNMPCustomViewWithMultipleFilters with parameters -60000, String.Empty, filter =System.Collections.Generic.List`1[Flexera.Integration.FNMP.Interfaces.ICustomViewFilter], 10000, TenantId=

 

Mike and I uninstalled FSG and reinstalled it on the App Portal server.  Then ran the RegistrerFlexeraServiceGateway.exe on our FNMS server (previously we were running it on the App Portal server).  It registered and is in App Portal on the Settings -> Flexera Integration page.  We see our App Portal and FNMS servers now.  Also we verified in the FSG Host it shows it is bound to both servers. 

We did an IIS Reset, restarted ESD again but still are unable to search for any products or publishers in Flexera Manager Suite Mapping.  It returns "No records found".   

I checked the TLS 1.2 settings for Client and Server settings are different between the App Portal and FNMS Servers.  

FNMS server has
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server
DisabledByDefault  DWORD = 0
Enabled  DWORD = 1

Same settings for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client

App Portal server has
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server
DisabledByDefault  DWORD = 0
Enabled  DWORD = ffffffff

Same settings for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client

Should they be the same and if so, which one is correct?

Thanks!

JoanM

@joan_mckinley 

Yeah, interesting question, even Microsoft's community isn't entirely clear on this as per https://techcommunity.microsoft.com/t5/office-365/tls-1-2-enabled-registry-value-quot-0xffffffff-quot-0r-1/m-p/324275

I would go with 1, e.g. for FNMS Flexera has been specific as per https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/Transport-Layer-Security-TLS-1-1-amp-1-2-Configuration/ta-p/2250

If you still have got issues getting this resolved I would advice that you open a support case to get assistance in troubleshooting this issue further.

Thanks,

Hi Everyone,

Thanks for all you good suggestions.  We using the App Portal Service account as mentioned and had our DBA grant the db_reader to the FNMS Compliance DB  but still got the errors.  After trying all the suggestions we went back to using the alternate connection using a different service account and that worked.  

 

Make sure you've also applied the following registry keys to both servers:

Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319" -Type DWord `
	-Value "1" -Name "SchUseStrongCrypto"
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319" -Type DWord `
	-Value "1" -Name "SchUseStrongCrypto"
Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727" -Type DWord `
	-Value "1" -Name "SchUseStrongCrypto"
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v2.0.50727" -Type DWord `
	-Value "1" -Name "SchUseStrongCrypto"

Enabling the protocols is not sufficient.  You also have to instruct .NET to use strong cryptography by default when making secure channel calls.

Anything expressed here is my own view and not necessarily that of my employer, Flexera. If my reply answers a question you have raised, please click "ACCEPT AS SOLUTION".

Thank you @jdempsey for the suggestions.  We do have those settings configured.  What fixed it for us was adding the App Portal service account to the Administrative role within FNMS.  

Thanks!

Note that you would want to run the script against the FNMS compliance DB.