Highlighted
Contributor.
Contributor.
2870 views

Issues upgrading WIE to 17.20 - IIS Application won't start

Hello Everyone,

 

We ran into some issues installing WIE 17.20 on a new server and upgrading the DB from 17.10 and we're kind of stuck.. Maybe someone has some good ideas how to fix this issue.

We first updated SSC, Webinspect and LIM, which all were successfully finished. After installing WIE we ran the initlalizer which completed the DB upgrade, installed the WIE Web Application but at the end of the process we received an error saying "An unexpected Web Server error occured". Then the installation finished and the configuration for the sensor users didn't show up. We double-checked the requirements, started the WIE AppPool and Services as LocalSystem service user and made sure firewall is open between all the servers.

When taking a look into IIS the WIE virtual application and the Application Pool were created successfully. But when trying to open the website of WIE (https://FQDN/WIE) we got error 403 (Permission denied). When trying to access the ../WIE/Login url we get error 503 (Service unavailable). After some time IIS shuts down the AppPool of WIE because of too many errors. In the log files we can see following errors:

ManagerWS_trace.log

Spoiler
2018-12-19 12:33:47,119 DEBUG [9] Manager.TempPath='C:\Windows\TEMP\Manager' (default value)
2018-12-19 12:33:47,119 INFO [9] Removing temp files from 'C:\Windows\TEMP\Manager'
2018-12-19 12:33:47,119 DEBUG [9] ScansManager static initialization
2018-12-19 12:33:47,134 ERROR [9] Unable to reload scan queue
System.Data.SqlClient.SqlException (0x80131904): Invalid object name 'SecuredIncompleteScans'.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData()
at System.Data.SqlClient.SqlDataReader.get_MetaData()
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString, Boolean isInternal, Boolean forDescribeParameterEncryption)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, Boolean inRetry, SqlDataReader ds, Boolean describeParameterEncryptionRequest)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior)
at SPI.Amp.Repository.Storage.DBCommand.<ReadObjects>d__27`1.MoveNext()
at SPI.Amp.Repository.Storage.DBCommand.<ReadObjects>d__47`1.MoveNext()
at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)
at AmpManagerWS.Impl.ScansManager.Initialize()
ClientConnectionId:8c6863c3-72fe-4770-94a7-5ba5bcff075b
Error Number:208,State:1,Class:16
2018-12-19 12:33:47,134 DEBUG [9] Getting all blackout periods
2018-12-19 12:33:47,134 DEBUG [9] Found 0 valid blackout periods
2018-12-19 12:33:47,134 DEBUG [9] ScanImport.ProcessorThreadCount=1 (default value)
2018-12-19 12:33:47,150 DEBUG [ScanImportProcessor] Scan import processor thread blocking until a work item is available
2018-12-19 12:33:47,150 ERROR [blackout] Unhandled exception occurred. Application IsTerminating True
System.TypeInitializationException: The type initializer for 'AmpManagerWS.Impl.ScansManager' threw an exception. ---> System.Data.SqlClient.SqlException: Invalid object name 'SecuredScans'.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData()
at System.Data.SqlClient.SqlDataReader.get_MetaData()
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString, Boolean isInternal, Boolean forDescribeParameterEncryption)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, Boolean inRetry, SqlDataReader ds, Boolean describeParameterEncryptionRequest)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior)
at SPI.Amp.Repository.Storage.DBCommand.<ReadObjects>d__27`1.MoveNext()
at SPI.Amp.Repository.Storage.DBCommand.<ReadObjects>d__47`1.MoveNext()
at AmpManagerWS.Impl.ScansManager.Initialize()
at AmpManagerWS.Impl.ScansManager..cctor()
--- End of inner exception stack trace ---
at AmpManagerWS.Impl.ScansManager.blackoutThreadProc()
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()

 

Initializer_trace.log

 

Spoiler

2018-12-19 14:19:32,457 INFO [15] Manager URL is https://<--FQDN-->/WIE/
2018-12-19 14:19:32,504 DEBUG [15] Manager connection group string: 0w7UARixhkellwEI4nReYb5C+EY=
2018-12-19 14:19:36,629 DEBUG [15] Manager connection group string: 0w7UARixhkellwEI4nReYb5C+EY=
2018-12-19 14:19:37,645 WARN [15] Unable to determine SSC connected status.
System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it <IP-ADDRESS>:443
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at SPI.Amp.ManagerClient.ManagerWS.ManagerService.IsSscConnected()
at SPI.Amp.ManagerClient.ManagerService.TestSscConnected()
2018-12-19 14:19:37,661 ERROR [1] Unable to connect to or lost connection to the WebInspect Enterprise Server. Please try again.
System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 10.222.3.200:443
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)
--- End of inner exception stack trace ---

Server stack trace:
at SPI.Amp.ManagerClient.ManagerService.TestSscConnected()
at WieInitialize.AmpInitializeHelper.ConnectToManager()
at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Object[]& outArgs)
at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(IMessage msg, IMessageSink replySink)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.EndInvokeHelper(Message reqMsg, Boolean bProxyCase)
at System.Runtime.Remoting.Proxies.RemotingProxy.Invoke(Object NotUsed, MessageData& msgData)
at System.Windows.Forms.MethodInvoker.EndInvoke(IAsyncResult result)
at WieInitialize.Init_MainForm._pgeManagerConnection_AfterDisplay(Object sender, EventArgs e)

 

 

When trying to connect using the WIE console the log shows the following:

 

Spoiler

2018-12-11 15:02:25,687 INFO [1] Connecting to https://<--FQDN-->/WIE/...
2018-12-11 15:02:25,703 INFO [7] Connecting to WebInspect Enterprise Manager at https://<--FQDN-->/WIE/
2018-12-11 15:02:25,703 INFO [7] Authenticating as user 'twebinspect_ent'
2018-12-11 15:02:25,703 ERROR [1] Login to WebInsepct Enterprise failed
System.Net.WebException: The request failed with HTTP status 503: Service Unavailable.

Server stack trace:
at SPI.Configuration.Amp.ConnectionManager.Login(ClientInfo clientInfo, String managerAddress, String username, String password, IWebProxy webProxy)
at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Object[]& outArgs)
at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(IMessage msg, IMessageSink replySink)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.EndInvokeHelper(Message reqMsg, Boolean bProxyCase)
at System.Runtime.Remoting.Proxies.RemotingProxy.Invoke(Object NotUsed, MessageData& msgData)
at SPI.Configuration.Amp.ConnectionManager.LoginDelegate.EndInvoke(IAsyncResult result)
at SPI.Configuration.Amp.ConnectionManager.EndLogin(IAsyncResult asyncResult)
at SPI.Configuration.Amp.ConnectionManager.LoginAsync(ClientInfo clientInfo, String managerAddress, String username, String password, IWebProxy webProxy)
2018-12-11 15:02:25,718 ERROR [1] An unexpected Web Server error occurred. Please try again.
System.Net.WebException: The request failed with HTTP status 503: Service Unavailable.

Server stack trace:
at SPI.Configuration.Amp.ConnectionManager.Login(ClientInfo clientInfo, String managerAddress, String username, String password, IWebProxy webProxy)
at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Object[]& outArgs)
at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(IMessage msg, IMessageSink replySink)

Exception rethrown at [0]:
at SPI.Configuration.Amp.ConnectionManager.LoginAsync(ClientInfo clientInfo, String managerAddress, String username, String password, IWebProxy webProxy)
at SPI.Configuration.Amp.ConnectionManager.LoginInteractive(ClientInfo clientInfo, String managerAddress, String username, String password, IWebProxy webProxy, IWin32Window owner)

 

All the logs are pointing to the AMP Connection Manager somehow but we couldn't even get so far as to configure any sensor users so we're really unsure where the root of the issue lies. 

We later checked the table "ConfigSetting" in the WIE DB and found something we aren't quite sure wheter it's a possible issue. The value for the SettingName "AmpManagerUrl" is pointing the correct server but wrong alias.

This probably needs some explanation: The WIE Server has different network interfaces, each in a different network, where each network card/ip address has a different alias in the DNS. So we are connecting to FQDN-A via RDP to do the installation. The alias that's published to the outside, which is also the one the IIS certificate is installed onto and therefore listening for WIE traffic is the FQDN-B. 

Now we have configured everything regarding WIE to connect to FQDN-B. the Setting AmpManagerUrl however always points to FQDN-A. Even when we try to manually change it, it will automatically be reset by the WIE. FQDN-A should be reachable on network level, firewall is also open but of course, the SSL certificate will be invalid.

 

Maybe someone has some input what we could check?

Thanks in advance for any input!

 

0 Likes
1 Reply
Highlighted
Micro Focus Expert
Micro Focus Expert

Be sure you have up-to-date back-ups of the WIE DB, so you can always recover backwards if needed.

The proper browser URL for users to reach WIE is https://FQDN/wie/WebConsole.  If you only put in /wie/, then you will get an Unauthorized error, as you stated.

The WIE Initialization for your Manager failed, so you can stop investigating the rest of the items with the Console connection and the Sensor connections.  Those come later, when the app is running.

Your WIE Initialization log shows a socket error connecting to the address.  <<Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it>>  When you run the WIE Init program, you must specify that FQDN-B address for the server, not the FQDN-A.  You may need to change your perspective of the logon to the server so that the Init program can reach that port/name properly.

 

Normally, the WIE Init fails when IIS has not been set up properly.  The error on-screen will still be that generic message, but the logs will show something like "HTML/TXT was encountered bu HTML/XML was expected", which means it is producing an error page rather than serving the service out.  Your logs did not have that, but I would recheck IIS with the following notes, in addition to correcting the FQDN-B entry.

  • In IIS > Application Pools, the WIE app pool should be listed with:   .NET CLR v4.0, Integrated Pipeline, Identity = ApplicationPoolIdentity, Apps = 3.
  • In IIS > Sites, "WIE" shold be listed beneath "Default Web Site".
  • In IIS > Sites > Default Web Site, check the Bindings (far right of screen).  You will need to ensure there is an entry such as Type = https, Host Name = {FQDN-B}, Port = 443, IP Address = *

 

Also, check the Windows Services for WIE.

  • Launch the WIE Services Manager tool to get easy access to the status and logs for two of these.
  • Within the Windows Control Panel, verify these services are Running, set to Automatic, and Logon As = LocalSystem.
  1. WebInspect Enterprise ##.## Scan Uploader Service
  2. WebInspect Enterprise ##.## Scheduler Service
  3. WebInspect Enterprise ##.## Task Service

 


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.