Troubleshooting
This page lists common problems with the server components.
Note
This page concerns the OnPremises option.
With the "Software as a Service" option, no server installations by the customer are necessary.
HTTP Error 500.19 - Internal Server Error
With this message, according to the Microsoft Docs (Link) the page cannot be displayed due to invalid configuration data.
Try the following:
- Make sure that the application pools have modify permissions in the OneOffixx application directory.
- Reboot the server machine.
- Make sure that the .NET Core Hosting Bundle is installed correctly and reinstall it if necessary (see system requirements).
HTTP Error 500 - Runtime Error
This general error can have various causes. To see the actual error message, the following entry must be added to the web.config
file:
<configuration>
...
<system.web>
<customErrors mode="Off" />
...
</system.web>
...
<configuration>
After that you should see the error message in the browser. If the error message cannot be seen and the server has among other things special security settings the machine.config
must be changed possibly briefly:
Path to machine.config
:
%windir%\Microsoft.NET\Framework64\v4.0.30319\config\machine.config
Make sure that the following element is either removed or set to false
:
<deployment retail="false" />
If true
is set, the output of the exact error message is suppressed.
HTTP Error 500 without details
If an HTTP 500 Error appears on an application without HTML web page and without additional information, then for the .NET Core applications (which would be HealthMonitor, AddressService, WebApi, WebClient and both IdentityServers) it is recommended to enable the stdout log. To do this, in the web.config
file at aspNetCore
the stdoutLogEnabled
attribute must be set to true
as follows:
<configuration>
<system.webServer>
...
<aspNetCore ... stdoutLogEnabled="true" stdoutLogFile=".\logs\stdout" ...>
...
</aspNetCore>
...
</system.webServer>
</configuration>
Subsequently, log files should appear in the "logs" subfolder after running the web application.
"SecurityException request for the permission of type..."
This error occurs when the .NET Trust Level for the IIS website is not set to "Full (Internal)".
Microsoft itself does not follow the "Partial Trust" security model anymore and recommends own application pools to ensure the secure operation of different web applications on a machine. For further information, see this KB 2698981 entry.
Admin/Dashboard cannot be accessed, "Unauthorized" error is displayed
The following message is displayed when authentication via IdentityServer is not possible:
"HTTP Error 401.0 - Unauthorized"
First find out: Is the IdentityServer running properly? → see IdentityServer is not running.
If the IdentityServer is working properly, you have to check the configuration in the "OneOffixx.config" file: The IdentityServer must be configured correctly and with the correct URL under apps
.
Example:
<add id="9ef34d3a-13b5-4f06-b437-b300474beb6d" name="IdentityServer" url="http://your-url.local/ids/" logFilePath="IdS\" type="IdentityServer" />
Use of a proxy
If a proxy is used on the server, this can, depending on the configuration, impair the OneOffixx system. For example, the Zefix address provider uses the HTTP interface and therefore needs the proxy information. Logon errors can also occur because the different applications e.g. contact the IdentityServer and take the address information from the "OneOffixx.config" file.
If such problems occur, a proxy can be set using the environment variables ALL_PROXY
orNO_PROXY
(this prevents the route through the proxy for certain addresses). Further information can be found in the Microsoft documentation.
IdentityServer does not run properly
This concerns the standard option. In the "WithoutIdS" option, no IdentityServer is installed.
In order to test if the IdentityServer is working properly, https://your-url.local/IdS/Account/Login
can be called (optimally not from the server hosting the IdentityServer).
If the IdentityServer web page is displayed correctly, a login can be made for testing purposes.
For IdentityServer error handling, see also the following section Web application not working properly.
Application Pool terminates repeatedly when using the Microsoft Monitoring Agent
If the OneOffixx application pools always shut down automatically after a request and something like this occurs in the "System Event log" (see "Event Viewer" (start via Windows + R, "eventvwr")):
A process serving application pool '[our pool]' suffered a fatal communication error with the Windows Process Activation Service. The process id was '[...]'. The data field contains the error number.
Application pool '[our pool]' is being automatically disabled due to a series of failures in the process(es) serving that application pool.
This indicates that the "Microsoft Monitoring Agent" with the APM feature is installed on the machine and causes an error in the IIS. In the "Application Event log" you can also find a reference to the "PerfMon.dll". To work around the problem, either remove the "Microsoft Monitoring Agent" or disable the "APM" feature. The following command can be used for this purpose:
msiexec.exe /i momagent.msi NOAPM=1
This will start the installer and a repair can be performed. After an IIS restart, the problem should be solved. More information about the error can be found here.
Web application does not run properly
Below are two error messages that can occur when multiple OneOffixx web applications are operating incorrectly.
HTTP Error 500.30 - ANCM In-Process Start Failure
If an error occurred when starting an application, the following message appears:
"HTTP Error 500.30 - ANCM In-Process Start Failure"
To find out more about the error, you can look in the "Event Viewer" (run via Windows + R, "eventvwr").
In the following example, the connection to the SQL server failed:
HTTP Error 500.35 - ANCM Multiple In-Process Applications in same process
The following error usually occurs when OneOffixx web applications are installed multiple times on a server.
"HTTP Error 500.35 - ANCM Multiple In-Process Applications in same Process"
If OneOffixx web applications have been installed multiple times, the problem (explained with the example of HealthMonitor) is that now HealthMonitor application A and HealthMonitor application B use the same application pool "OneOffixx-Unmanaged-HealthMonitor". In this case, only one of the two applications will work at a time (the one that claims the application pool first), and the other will display the above error. To fix the problem, another identically configured application pool (e.g. "OneOffixx-Unmanaged-HealthMonitor-Application-B") must be created and started.
Important
When running the server installation script the application pool "OneOffixx-Unmanaged-HealthMonitor" is considered by default and adjusted if necessary. Therefore, for installations on servers with multiple OneOffixx web applications installed, special care must be taken and manual configuration is required. The names of the application pools can be customized for the installation in the "Install_Customization.ps1" file.
Authentication in admin/dashboard does not work
The dashboard has been set up and allowed for AD roles and users as the following or similarly:
<authorization>
<allow roles="domainname\USERGROUP"/>
<allow users="domainname\user1,domainname\user2,domainname\user3"/>
<deny users="*"/>
</authorization>
Although the user is listed or is a member of the group, the login window always appears followed by an HTTP 401 error. The error also occurs when accessing the machine from outside (not via localhost).
Possible solutions:
- Check if "Windows Authentication" is enabled in IIS.
- If you are working with DNS records, use nslookup to check if the domain and IP match in both directions.
- If you are working with SSL certificates, check if the bindings are set correctly in IIS.
Mögliche Lösungen bei Testsystemen:
- IIS includes a feature to prevent reflection attacks. This prevents a page from being accessed by the host itself. It is recommended to test the access from another machine. For testing purposes, said feature can be disabled as follows (reboot is required):
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "DisableLoopbackCheck"=dword:00000001
- If all above-mentioned is correct, it is still possible that the name checking does not function correctly because of entries in the Hosts file. This can be disabled for testing purposes as follows (reboot is required):
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters] "DisableStrictNameChecking"=dword:00000001
Tip
If you have any questions or problems, we are happy to help – simply contact our support team.