Troubleshooting
From cosign wiki
Contents |
General
Apache filter
Cosign 3 filter validation URL returns "401 Not authorized"
The user authentications OK, but when being redirected back to the validation URL, they get a "401 Not authorized" error in their web browser and something similar to this appears in the web server error log:
[Mon Apr 06 16:13:40 2009] [error] [client 141.213.234.243] access to /cosign/valid failed, reason: verification of user id '<null>' not configured, referer: https://weblogin-test.itcs.umich.edu/ ?cosign-request-test.itcs&https://request-test.itcs.umich.edu/
The problem turned out to be a "require valid-user
" directive in the <Directory />
stanza for the web site. Removing this directive solved the problem.
A better solution that preserves stronger security for the rest of the site is to keep the above directive and instead use the following configuration for the cosign URL valdiation handler:
<Location /cosign/valid> SetHandler cosign CosignProtected Off Allow from all Satisfy any </Location>
IISCosign filter
If the IISCosign filter encounters an error, it will attempt to disable the web server. It does this by processing all requests with the response "The server is currently disabled."
Errors will be placed in the Event Viewer under the Application Log and be labeled "Cosign".
Possible Event Viewer Application Log Messages
Event Type: Error Event Source: Cosign Event Category: None Event ID: 3 Date: 4/28/2009 Time: 12:33:16 PM User: N/A Computer: SERVER_NAME Description: Could not load the cosign config file C:\Program Files\iiscosign\cosign.dll.config.
The name of the config file is probably misspelled. Either change the file name or change the value in the Registry for HKEY_LOCAL_MACHINE\SOFTWARE\University of Michigan\ITCS\Cosign\ConfigFile.
NOTE: This registry path may not be up-to-date. The IISCosign distributions come with a cosign.reg file with the most recent and correct registry paths.
It's also possible that MSXML 4.0 SP2 is not installed. Install it.
Event Type: Error Event Source: Cosign Event Category: None Event ID: 4 Date: 4/21/2009 Time: 11:25:19 PM User: N/A Computer: SERVER_NAME Description: IISCosign does not have permission to access something. Please see the readme.txt file for information about setting file permissions for IISCosign. Here is what caused the error:
Event Type: Error Event Source: Cosign Event Category: None Event ID: 7 Date: 4/28/2009 Time: 12:36:39 PM User: N/A Computer: SERVER_NAME Description: An error occurred while IISCosign was loading. It is now running in a minimal state that will prevent your web site from serving content.
Event Type: Error Event Source: Cosign Event Category: None Event ID: 8 Date: 4/28/2009 Time: 12:33:16 PM User: N/A Computer: SERVER_NAME Description: Config file parsing error at line 213: Text is not allowed in this context according to DTD/Schema. Expecting: Protected, Unprotected, AllowPublicAccess. .
- SideBySide
Event Type: Error Event Source: SideBySide Event Category: None Event ID: 59 Date: 7/21/2008 Time: 4:54:17 PM User: N/A Computer: SERVER_NAME Description: Generate Activation Context failed for C:\path\to\cosign.dll. Reference error message: The referenced assembly is not installed on your system.
There are several versions of the Visual C++ run-time DLLs. To make sure the version needed by IISCosign installed, run the Visual C++ 2005 SP1 Redistributable Package
- IISCosign does not have permission to access something. Please see the readme.txt file for information about setting file permissions for IISCosign. Here is what caused the error: [some error code]
Permissions for accessing various parts of the file system are not set.
Warnings
These are only warnings. These will not prevent IISCosign from loading.
Event Type: Warning Event Source: Cosign Event Category: None Event ID: 4 Date: 5/5/2008 Time: 11:31:40 AM User: N/A Computer: SERVER_NAME Description: Connection pool is busy. Perhaps the current size is too low? This value can be changed in the cosign.dll.config file.
Congratulations! You have a very popular web service! In order to improve throughput of web pages, the size of the connection pool should be increased.
Event Type: Warning Event Source: Cosign Event Category: None Event ID: 9 Date: 4/28/2009 Time: 1:31:34 PM User: N/A Computer: SERVER_NAME Description: Could not initialize log file C:\Program Files\IISCosign\Logs.
Possible causes:
- The directory does not exist.
- The permissions on the directory are incorrect.
- The IISCosign filter loaded before the previous instance unloaded and could not get write permission on the cosignlog.csl file.
- Another process has a lock on the file cosignlog.csl and is preventing IISCosign from getting write permissions.