We are currently running App Portal 2017 R2 and having issues changing configurating to a new FNMS instance we have stood up. We downloaded webapi.config file from the new FNMS instance but the default username and pw of admin not working when registering.
The error we get is "An exception has occurred. Authentication Failed. Message: The underlying connection was closed: An unexpected error occurred on a receive." Any help would be appreciated.
Thanks,
Mike
‎Jun 22, 2020 09:39 AM
Thank you @jdempsey for the suggestions. We do have those settings configured. What fixed it for us was adding the App Portal service account to the Administrative role within FNMS.
Thanks!
‎Jul 27, 2020 10:05 AM
Are you integrating App Portal with Admin Studio or Workflow manager? If not, I'd recommend simply bypassing the FSG.. The following steps will allow you to bypass the FSG in App Portal
1) Remove the entry for Flexera Service Gateway Server Name within Site Management | Admin | Settings | Flexera Integration
2) Click Save to apply changes.
3) Access App Portal database and run the following query:
update dbo.WD_AppSettings
set Value = ‘True’
where KeyName = ‘ShowFSGEndPoints’
4) perform an iisreset
5) Restart the browser, and go to Flexera Integration again. At the bottom of the page you should now see "endpoint URLs" exposed.
6) The FlexNet Manager Suite Service Url should be similar to the following. The other endpoint URL's do not need to be set:
http://<fnms serverName>/ManageSoftServices/ComplianceAPIService/ComplianceAPIService.asmx
Let me know if you run into any issues after doing this.
‎Jun 22, 2020 10:13 AM
@mstahnke, when I've seen that error in the past, it is usually the result of TLS 1.2 rearing its ugly head. You may need to check TLS 1.2 configurations on both the device where you're running the registration tool and on your FSG server to make sure that it's enabled and used by default. I have seen this error one other time where it wasn't related to TLS 1.2. In that situation, I had to uninstall the FSG, manually delete the FSG installation folder (some configuration data left behind), and then reinstall the FSG. If none of that helps, then I fall back to Charlie's solution to bypass the FSG. 🙂
‎Jun 22, 2020 12:03 PM
We tried @CharlesW solution before we seen the post from @jdempsey . We were able to see FlexNet Manager Suite Service Url exposed and added the URL. We are not able to find any Products in FlexNet Suit Mappings. Did notice when we went back to "FlexNet Manager Suite Database Connection Settings" and click Test now fails with message attached. We think we have seen this a while back and have a custom script to fix. We will try that next unless you have any additional comments to pass on. Thanks to both for your information!
‎Jun 22, 2020 01:32 PM
‎Jun 22, 2020 01:41 PM
This is a new instance of FNMS and did run the script on the new FNMS Compliance DB . Restarted both ESD service and restarted IIS. Still failing same and log shows "Exception while executing method GetFNMPCustomViewWithMultipleFilters with parameters -120000, filterUsage =System.Collections.Generic.List`1[Flexera.Integration.FNMP.Interfaces.ICustomViewFilter], 10000, TenantId= Server was unable to process request. ---> Request for principal permission failed.:
‎Jun 22, 2020 01:58 PM
Are you using the App Portal service account to connect to FNMS, or have you specified an alternate connection account? If you specify an alternate connection account, it will not be used for accessing the FNMS compliance database. It is only used for connecting to the web services. When using an alternate connection account, you will not be able to use any of the functions that directly access the database through SQL. If you are using the App Portal service account to connect to FNMS, then make sure you have granted that account db_reader permissions on the FNMS compliance DB.
‎Jun 22, 2020 02:06 PM
We are using the App Portal Serivice account to connect to new FNMS Compliance DB and has db_datareader permisions.
‎Jun 22, 2020 03:01 PM
If we try and Searching for adding Product Name for Flexera Manager Suite Mapping throws this error in the log. Do you have a script for this to run?
Invoking the method GetFNMPCustomViewWithMultipleFilters with parameters -60000, String.Empty, filter =System.Collections.Generic.List`1[Flexera.Integration.FNMP.Interfaces.ICustomViewFilter], 10000, TenantId=
‎Jun 22, 2020 04:01 PM
Mike and I uninstalled FSG and reinstalled it on the App Portal server. Then ran the RegistrerFlexeraServiceGateway.exe on our FNMS server (previously we were running it on the App Portal server). It registered and is in App Portal on the Settings -> Flexera Integration page. We see our App Portal and FNMS servers now. Also we verified in the FSG Host it shows it is bound to both servers.
We did an IIS Reset, restarted ESD again but still are unable to search for any products or publishers in Flexera Manager Suite Mapping. It returns "No records found".
I checked the TLS 1.2 settings for Client and Server settings are different between the App Portal and FNMS Servers.
FNMS server has
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server
DisabledByDefault DWORD = 0
Enabled DWORD = 1
Same settings for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
App Portal server has
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server
DisabledByDefault DWORD = 0
Enabled DWORD = ffffffff
Same settings for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
Should they be the same and if so, which one is correct?
Thanks!
JoanM
‎Jun 22, 2020 08:35 PM
Yeah, interesting question, even Microsoft's community isn't entirely clear on this as per https://techcommunity.microsoft.com/t5/office-365/tls-1-2-enabled-registry-value-quot-0xffffffff-quot-0r-1/m-p/324275
I would go with 1, e.g. for FNMS Flexera has been specific as per https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/Transport-Layer-Security-TLS-1-1-amp-1-2-Configuration/ta-p/2250
If you still have got issues getting this resolved I would advice that you open a support case to get assistance in troubleshooting this issue further.
Thanks,
‎Jun 30, 2020 12:34 AM
Hi Everyone,
Thanks for all you good suggestions. We using the App Portal Service account as mentioned and had our DBA grant the db_reader to the FNMS Compliance DB but still got the errors. After trying all the suggestions we went back to using the alternate connection using a different service account and that worked.
‎Jul 01, 2020 04:24 PM
Make sure you've also applied the following registry keys to both servers:
Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319" -Type DWord `
-Value "1" -Name "SchUseStrongCrypto"
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319" -Type DWord `
-Value "1" -Name "SchUseStrongCrypto"
Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727" -Type DWord `
-Value "1" -Name "SchUseStrongCrypto"
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v2.0.50727" -Type DWord `
-Value "1" -Name "SchUseStrongCrypto"
Enabling the protocols is not sufficient. You also have to instruct .NET to use strong cryptography by default when making secure channel calls.
‎Jul 26, 2020 12:21 PM
Thank you @jdempsey for the suggestions. We do have those settings configured. What fixed it for us was adding the App Portal service account to the Administrative role within FNMS.
Thanks!
‎Jul 27, 2020 10:05 AM
‎Jun 22, 2020 01:42 PM