This section describes various issues that users may face and their resolutions.
Login screen appears without labels
In the trace.log file: at Configurator.Web.Core.Localization.LocalizationHelper.DetectLanguage(String[] requestLanguages)
This problem occurs when you have an incorrect connection string or certificate issue. You are either providing wrong hash of the certificate or selected a wrong certificate or the certificate does not exist.
Similar issues for reference: Server Error, Keyset does not exist.
Server Error, Keyset does not exist
In the trace.log file: ERROR Configurator.Web.Core.Localization.LocalizationHelper (null) - System.ArgumentException: Key is null or emptyParameter name: publicAndPrivateKeyXmlat AEScryptkey.AsymmetricEncryption.Decrypt(Byte[] data, Int32 keySize, String publicAndPrivateKeyXml)at AEScryptkey.AsymmetricEncryption.DecryptText(String text, Int32 keySize, String publicAndPrivateKeyXml)at Configurator.Utility.CryptoHelper.Decrypt(String encryptedStr)
This problem occurs due to either of the following reasons:
- When you have an incorrect connection string or certificate issue.
- You are either providing wrong hash of the certificate or selected a wrong certificate or the certificate does not exist.
- Your “app pool” user does not have permission to read the private key of the certificate.
If you are using the SCM installer to create a self-signed certificate then you don’t need to provide the private key permission to the user, as the installer provides the necessary permission automatically. But if you are using an existing certificate then you must ensure that the user has permission to read the private key of that certificate.
For more details refer to SSL Certificate and Manage User Account Permissions for SSL Certificate .
Your connection is not private (Privacy error)
Note: The screen may vary based on what browser you are using.
This problem occurs due to either of the following reasons:
- You are using a self-signed certificate. A self-signed certificate should only be used for testing, KT or POC purposes. It is not recommended to use self-signed certificate in production server. It is normal to get security alerts while using self-signed certificates. If it is not a production server then you can simply ignore the message and proceed (which will be marked as unsafe option).
- You are using a certificate which is not valid or not trusted by your system. It is recommended that you use SCM after obtaining an SSL certificate from a reliable Certificate Authority (CA) and installing it. Once the proper certificate (trusted by your system) is installed, refer to Using an existing SSL certificate section in SSL Certificate for more details.
No trace.log found in the directory, trace.log is not getting generated
This may occur due to lack of write permission of the AppPool user in the installation directory.
Check permission of the pool user to the installation directory. Open IIS Manager and click on Application Pools on the left navigation pane. Then observe the “Identity” mentioned for “SCM Pool” (if installed with default pool name, otherwise select the proper pool name). In the following example the user / Identity is “NetworkService”.
This pool user must have read and write permission of the installation directory. Navigate to the installation directory (by default it is “C:\inetpub\wwwroot\SCMWeb”) and allow full control to the pool user as shown below.
Whichever account is used, the AppPool identity user must have read and modify permission on the web application's physical path and migration packet share(s). If appropriate permissions are not set, connection string passwords will be stored in plain text in the web.config file and no trace log will be created. This user must also have necessary permission to access to the private keys of the SSL certificate.
After the permissions are properly configured, in the next login to SCM web application, the trace log should be generated.
Passwords are not getting encrypted in web.config file
This problem occurs due to either of the following reasons:
- Lack of write permission of the AppPool user in the installation directory - You can follow the steps mentioned in the No trace.log found in the directory, trace.log is not getting generated error in this topic.
- Misconfiguration for certificate - For more details refer to SSL Certificate and Manage User Account Permissions for SSL Certificate .
Your account has been locked for too many failed login attempts
This error is thrown when a user tries multiple fail attempts (incorrect password). The account will be locked based on the “ResetTimeInterval” configured in the web.config file. After the “ResetTimeInterval” the account will be automatically unlocked.
For more information, refer to Configure failed login attempts for more details.
Login failing, no error message or reason provided in the UI
In the trace.log file: The application is configured to issue secure cookies. These cookies require the browser to issue the request over SSL (https protocol). However, the current request is not over SSL.
This may happen if you are using HTTP instead HTTPS without making configuration changes to allow HTTP. By default, the application is configured only for allowing HTTPS requests.
For more information, refer to the Manual Customization section in SSL Certificate.
Not Found error or HTTP Error 404. The requested resource is not found.
This error may happen due to either of the following reasons:
- You are trying to access the SCM application using “localhost” or “IP” in the URL.
- Use the FQDN name (server name) of your server to access the SCM application instead of “localhost” or IP address. Using the FQDN name in the URL will fix this issue.
- If you still want to use IP address or “localhost” instead of FQDN name in the URL, refer to the Frequently Asked Questions (FAQ) section.
- Some IIS components are missing - Refer to the SCM Technical Specifications and verify if any components are missing or not.