Troubleshooting
From cosign wiki
(Difference between revisions)
(→Cosign Event Viewer Application Log Messages) |
(→Cosign Event Viewer Application Log Messages) |
||
| Line 152: | Line 152: | ||
</pre> | </pre> | ||
Possible Causes: | Possible Causes: | ||
| - | * Unfortunately, this is the result of a bug. When the IISCosign filter cannot connect to any weblogin servers, it enters an indeterminate state. See[[troubleshooting SSL|the troubleshooting connection errors section]] for correcting SSL misconfigurations. | + | * Unfortunately, this is the result of a bug. When the IISCosign filter cannot connect to any weblogin servers, it enters an indeterminate state. See [[troubleshooting SSL|the troubleshooting connection errors section]] for correcting SSL misconfigurations. |
== Warnings == | == Warnings == | ||
Revision as of 13:54, 30 April 2009
Contents |
General
Apache filter
Cosign 3 filter validation URL returns "401 Not authorized"
The user authentications OK, but when being redirected back to the validation URL, they get a "401 Not authorized" error in their web browser and something similar to this appears in the web server error log:
[Mon Apr 06 16:13:40 2009] [error] [client 141.213.234.243] access to /cosign/valid failed, reason: verification of user id '<null>' not configured, referer: https://weblogin-test.itcs.umich.edu/ ?cosign-request-test.itcs&https://request-test.itcs.umich.edu/
The problem turned out to be a "require valid-user" directive in the <Directory />
stanza for the web site. Removing this directive solved the problem.
A better solution that preserves stronger security for the rest of the site is to keep the above directive and instead use the following configuration for the cosign URL valdiation handler:
<Location /cosign/valid>
SetHandler cosign
CosignProtected Off
Allow from all
Satisfy any
</Location>
IISCosign filter
If the IISCosign filter encounters an error, it will attempt to disable the web server. It does this by processing all requests with the response "The server is currently disabled."
Errors will be placed in the Event Viewer under the Application Log and be labeled "Cosign".
Cosign Event Viewer Application Log Messages
Event Type: Error Event Source: Cosign Event Category: None Event ID: 3 Date: 4/28/2009 Time: 12:33:16 PM User: N/A Computer: SERVER_NAME Description: Could not load the cosign config file C:\Program Files\iiscosign\cosign.dll.config.
Possible Causes:
- The name of the config file is probably misspelled. Either change the file name or change the value in the Registry for HKEY_LOCAL_MACHINE\SOFTWARE\University of Michigan\ITCS\Cosign\ConfigFile.
NOTE: This registry path may not be up-to-date. The IISCosign distributions come with a cosign.reg file with the most recent and correct registry paths.
- It's also possible that [MSXML 4.0 SP2] is not installed. Install it.
Event Type: Error Event Source: Cosign Event Category: None Event ID: 4 Date: 4/21/2009 Time: 11:25:19 PM User: N/A Computer: SERVER_NAME Description: IISCosign does not have permission to access something. Please see the readme.txt file for information about setting file permissions for IISCosign. Here is what caused the error:
Possible Causes:
- Permissions to allow cosign.dll to access various parts of the file system are not set.
Event Type: Error Event Source: Cosign Event Category: None Event ID: 7 Date: 4/28/2009 Time: 12:36:39 PM User: N/A Computer: SERVER_NAME Description: An error occurred while IISCosign was loading. It is now running in a minimal state that will prevent your web site from serving content.
Possible Causes:
- This message almost never appears by itself, but is the result of another error state. Look for other Cosign-related events in the Event Viewer to determine what cause IISCosign to enter this state.
Event Type: Error Event Source: Cosign Event Category: None Event ID: 8 Date: 4/28/2009 Time: 12:33:16 PM User: N/A Computer: SERVER_NAME Description: Config file parsing error at line 213: Text is not allowed in this context according to DTD/Schema. Expecting: Protected, Unprotected, AllowPublicAccess. .
Possible causes:
- Most likely an xml tag in the cosign.dll.config file is either misspelled, in the incorrect order, or a required xml tag is missing. You can compare the xml tags appearing at the reported line number against the iiscosign.xsd schema.
- The iiscosign.xsd schema file did not get updated. New xml tags are periodically added to the schema to allow new functionality and, sometimes, reordered or moved to more logical locations. Make sure the iiscosign.xsd schema file that is in the same directory as the cosign.dll is the one that was included with that distribution.
Event Type: Error Event Source: SideBySide Event Category: None Event ID: 59 Date: 7/21/2008 Time: 4:54:17 PM User: N/A Computer: SERVER_NAME Description: Generate Activation Context failed for C:\path\to\cosign.dll. Reference error message: The referenced assembly is not installed on your system.
Possible Causes:
- There are several versions of the Visual C++ run-time DLLs. To make sure the version needed by IISCosign installed, run the Visual C++ 2005 SP1 Redistributable Package
Event Type: Error Event Source: Application Error Event Category: (100) Event ID: 1000 Date: 4/28/2009 Time: 5:26:29 PM User: N/A Computer: SERVER_NAME Description: Faulting application inetinfo.exe, version 6.0.3790.3959, faulting module ntdll.dll, version 5.2.3790.4455, fault address 0x0002c873. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 41 70 70 6c 69 63 61 74 Applicat 0008: 69 6f 6e 20 46 61 69 6c ion Fail 0010: 75 72 65 20 20 69 6e 65 ure ine 0018: 74 69 6e 66 6f 2e 65 78 tinfo.ex 0020: 65 20 36 2e 30 2e 33 37 e 6.0.37 0028: 39 30 2e 33 39 35 39 20 90.3959 0030: 69 6e 20 6e 74 64 6c 6c in ntdll 0038: 2e 64 6c 6c 20 35 2e 32 .dll 5.2 0040: 2e 33 37 39 30 2e 34 34 .3790.44 0048: 35 35 20 61 74 20 6f 66 55 at of 0050: 66 73 65 74 20 30 30 30 fset 000 0058: 32 63 38 37 33 2c873
Possible Causes:
- Unfortunately, this is the result of a bug. When the IISCosign filter cannot connect to any weblogin servers, it enters an indeterminate state. See the troubleshooting connection errors section for correcting SSL misconfigurations.
Warnings
These are only warnings. These will not prevent IISCosign from loading.
Event Type: Warning Event Source: Cosign Event Category: None Event ID: 4 Date: 5/5/2008 Time: 11:31:40 AM User: N/A Computer: SERVER_NAME Description: Connection pool is busy. Perhaps the current size is too low? This value can be changed in the cosign.dll.config file.
Congratulations! You have a very popular web service! In order to improve throughput of web pages, the size of the connection pool should be increased.
Event Type: Warning Event Source: Cosign Event Category: None Event ID: 9 Date: 4/28/2009 Time: 1:31:34 PM User: N/A Computer: SERVER_NAME Description: Could not initialize log file C:\Program Files\IISCosign\Logs.
Possible causes:
- The directory does not exist.
- The permissions on the directory are incorrect.
- The IISCosign filter loaded before the previous instance unloaded and could not get write permission on the cosignlog.csl file.
- Another process has a lock on the file cosignlog.csl and is preventing IISCosign from getting write permissions.
