fawad_laiq
Level 5

Unable to login to FlexNet Web UI from Application server but from others

Hi,

 

Did someone face issues like below:

I am able to login to app server from other machines with DNS name but not from application server. If I use localhost.suite I can login to the server.

Thanks & Regards,

FL

Thanks & Regards,
Fawad Laiq
0 Kudos
10 Replies
mfranz
Level 15

Hi Fawad,

I have seen such behaviour at several customer systems repeatedly, but I cannot tell what's the reason. What do you get if you run nslookup from the server? Do you use SSL?

Best regards,

Markward

Softline Group is Europe's leading independent expert in Software Asset Management.

Dear Mark,

Thanks for the reply. Yes, we are using ssl.

If I run NSlookup I am able to resolve correct ip. Even from other servers in same network I am able to login to app server.



Thanks & Regards,
Fawad Laiq
Technical Manager

Sent from handheld, excuse for typos.
Thanks & Regards,
Fawad Laiq
0 Kudos

@fawad_laiq - What would be the requirement to log into FlexNet Manager directly from the Application Server?  As long as you are able to do so using the "localhost" as the URL, is that causing any problems?

0 Kudos

@Clausen,

My beacon is lso not communicating to app server when I turn on https on beacon server. I was suspecting if there is any connection between two issues.


Thanks & Regards,
Fawad Laiq
Technical Manager

Sent from handheld, excuse for typos.
Thanks & Regards,
Fawad Laiq
0 Kudos

Hi @fawad_laiq  ,

Try browsing the Web application server using the IP address and check.

Not sure if there is some DNS issue if the Beacon is unable to connect App server and see if the NSLookup using fqdn and IP address is getting resolved and telnet is working using the required ports. Also make sure the TLS settings were as it should.

 

Regards,

Vinay.

0 Kudos

@fawad_laiq 

Please try adding the  IP's of app server and beacon respectively to their host files in c\windows,  and check.

I know its weird but it worked for few connectivity issues (not the same exact issue what you facing).

Also, please be sure TLS settings are properly configured on beacon and app server.

 

 

0 Kudos

Hi Fawad,

Which Windows user account do you use for logging into your FNMS application server (into the Windows OS)?

As the default setting, FNMS configures "Integrated Windows Authentication" for the /Suite folder in IIS. With this setting, the system will try using the same user that is logged into Windows for logging into FNMS.

You can reconfigure the /Suite IIS folder in IIS Configuration Manager to use "Basic Authentication" instead of "Integrated Windows Authentication". With "Basic Authentication", FNMS will prompt you for a user and password.

You should document these manual configuration changes. In case you re-run the FNMS PowerShell configuration scripts, these scripts will revert settings to "Integrated Windows Authentication" though.

0 Kudos

I am using domain service account with local admin rights.

I did try changing those settings, it does not accept correct credentials on app server with dns url only.



Thanks & Regards,
Fawad Laiq
Technical Manager

Sent from handheld, excuse for typos.
Thanks & Regards,
Fawad Laiq
0 Kudos
ChrisG
Community Manager Community Manager
Community Manager

This behavior does seem to be common, but like @mfranz I have never quite found a clear explanation of a cause. I suspect it is something to do with the vagaries of the way Integrated Authentication works in a Windows environment. As a rule I generally use the http://localhost/Suite/ URL for accessing FlexNet Manager Suite when logged in directly on the web application server. This is also good practice when troubleshooting as some types of errors will be reported with more details when using "localhost" rather than the DNS name in the URL.

(This could be caused by things like different web proxy configuration/operation on the application server compared to computers outside of the data center, or DNS issues. But my semi-educated guess is these things are unlikely to be a factor in this case.)
(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)
0 Kudos
anhpham1652
Level 6

Hello All,

I got the same problem as fawad_laiq. But I cannot use https://localhost/Suite to login because I have to use a wildcard cert of different domain (a.example1) from the domain my server in (b.example2). It returns server error 401 - unauthorized: access is denied due to invalid credentials. But I can log in normally by same credentials from other servers with https://application.a.example1/Suite.

Is there any way to fix this problem? Waiting for your answers.

0 Kudos