Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Guidance on Fresh install Enterprise 11.0.1 #2363

Closed
mletormd opened this issue Feb 3, 2022 · 26 comments
Closed

Guidance on Fresh install Enterprise 11.0.1 #2363

mletormd opened this issue Feb 3, 2022 · 26 comments

Comments

@mletormd
Copy link

mletormd commented Feb 3, 2022

Hello I had success in the past with the enterprise version but now trying to get 11.0.1 working starting fresh is causing me tons of issues.. do you have any instructions for fresh install on the latest enterprise build?

@mletormd
Copy link
Author

mletormd commented Feb 3, 2022

I just reverted back to our install of 10.3.0 ... i tried to the Enterprise Binary for 11.0.1 and older guide for 10.3.0 as a basis for a fresh install of 11.0.1 on windows server 2016 but ran into a flurry of issues. Are you guys going to release a full guide for upgrading from 10.3.0 or is it a requirement to do a full clean install? Only asking as going forward we plan on using this tool indefinitely and now have had this problem 3 times since we began using and updating. Also if it is a requirement to do a fresh install can you kindly update the guide?

@brianldvs
Copy link

@mletormd in the instructions for the enterprise install it says to put the contents of the DIST folder in the wwwroot. Where is the DIST? All i have inside the CSETv11010_Enterprise_Binaries.zip is
[CSETUI]
[CSETWebApi]
[CSETWebApiReports]
[database]
dotnet-hosting-5.0.13-win.exe
SQL2019-SSEI-Expr.exe

@mletormd
Copy link
Author

mletormd commented Feb 7, 2022

Having the same issue ! waiting for the creators to respond!

@mckenziewillmore
Copy link
Contributor

We're currently working on updating the guidance and creating a video walk through of this process. Should have that out soon for you.

@mletormd
Copy link
Author

mletormd commented Feb 8, 2022

Thank you.

@ariellevien
Copy link

Hello I had success in the past with the enterprise version but now trying to get 11.0.1 working starting fresh is causing me tons of issues.. do you have any instructions for fresh install on the latest enterprise build?

I had issues trying to get 11.0.1 installed on clean Win10 and Win11 VMs. Fixed the problem by installing Visual Studio 2015 redistributables. https://www.microsoft.com/en-us/download/details.aspx?id=48145

@mletormd
Copy link
Author

Good Morning All,

Wanted to see if there was perhaps any EST time on when documentation would be available for enterprise 11.0.1 upgrade from 10.3.0 or even fresh install guidance? Is it recommended to just install the single user version for now and then export our assessements when the enterprise is finished? Thank You so much appreciate all the work you are doing.

@nikolaskmx
Copy link

@mletormd in the instructions for the enterprise install it says to put the contents of the DIST folder in the wwwroot. Where is the DIST? All i have inside the CSETv11010_Enterprise_Binaries.zip is
[CSETUI]
[CSETWebApi]
[CSETWebApiReports]
[database]
dotnet-hosting-5.0.13-win.exe
SQL2019-SSEI-Expr.exe

I too have this same exact issue. All good with the instructions up until this point and don't know what should be placed where. The CSETUI folder doesn't have a web.config file in it, yet both of the other folders do.

@mletormd
Copy link
Author

@mletormd in the instructions for the enterprise install it says to put the contents of the DIST folder in the wwwroot. Where is the DIST? All i have inside the CSETv11010_Enterprise_Binaries.zip is
[CSETUI]
[CSETWebApi]
[CSETWebApiReports]
[database]
dotnet-hosting-5.0.13-win.exe
SQL2019-SSEI-Expr.exe

I too have this same exact issue. All good with the instructions up until this point and don't know what should be placed where. The CSETUI folder doesn't have a web.config file in it, yet both of the other folders do.

Yes sadly we are waiting for the creators to post an updated guide which they did mention on this issue they were working on.

@brianldvs
Copy link

Tried the new CSET 11.0.2 and having some issues:
This line creates a local computer account fine.
New-LocalUser -Name "CSETUser" -Description "CSET Service User" -Password $password -PasswordNeverExpires -UserMayNotChangePassword

The other lines # Add CSET app pools
Sets the app pools with {env:userdomain}\CSETUser
our env:userdomain is our domain not local account not to mention the account was created locally not on the domain.

This does not work on a member server (may on a DC), so the application pools that are created fail to start because they dont have the correct account.

So as a work around I added these two lines to allow AD account creations:
Add-WindowsFeature RSAT-AD-PowerShell
import-module ActiveDirectory

Then I changed the account creation line to:
New-ADUser -Name "CSETUser" -Description "CSET Service User" -AccountPassword $password -PasswordNeverExpires $true -CannotChangePassword $True -Enabled $true

This successfully adds the account.
Other issues is it asks for the SQL Server name, it actually is looking for the instance SERVERNAME\SQLEXPRESS

Also, I had an HTTP Error 500.19 error resolved by following this article:
https://docs.microsoft.com/en-us/iis/get-started/planning-for-security/how-to-use-locking-in-iis-configuration

Then I was able to use the AddCSETUser.exe to add an account successfully (verified in the CSETWeb DB in the dbo.USERS table.

When I try to logon now i get "The server is unavailable. Contact your system administrator."
image

I have no idea where to go from here.

@mletormd
Copy link
Author

mletormd commented Mar 8, 2022

Tried the new CSET 11.0.2 and having some issues: This line creates a local computer account fine. New-LocalUser -Name "CSETUser" -Description "CSET Service User" -Password $password -PasswordNeverExpires -UserMayNotChangePassword

The other lines # Add CSET app pools Sets the app pools with {env:userdomain}\CSETUser our env:userdomain is our domain not local account not to mention the account was created locally not on the domain.

This does not work on a member server (may on a DC), so the application pools that are created fail to start because they dont have the correct account.

So as a work around I added these two lines to allow AD account creations: Add-WindowsFeature RSAT-AD-PowerShell import-module ActiveDirectory

Then I changed the account creation line to: New-ADUser -Name "CSETUser" -Description "CSET Service User" -AccountPassword $password -PasswordNeverExpires $true -CannotChangePassword $True -Enabled $true

This successfully adds the account. Other issues is it asks for the SQL Server name, it actually is looking for the instance SERVERNAME\SQLEXPRESS

Also, I had an HTTP Error 500.19 error resolved by following this article: https://docs.microsoft.com/en-us/iis/get-started/planning-for-security/how-to-use-locking-in-iis-configuration

Then I was able to use the AddCSETUser.exe to add an account successfully (verified in the CSETWeb DB in the dbo.USERS table.

When I try to logon now i get "The server is unavailable. Contact your system administrator." image

I have no idea where to go from here.

I am having issues as well in an attempt to get this installed this afternoon. It seems if you setup 10.3.0 there is no simple way to upgrade the GUI and Database as the database upgrade did not upgrade anything in the GUI. I am trying to now setup once again from scratch and redoing everything but ran into the same thing its trying to use a service account that did not exist so I am kind of lost how to proceed as well....

@brianldvs
Copy link

Do this as a start:

So as a work around I added these two lines to allow AD account creations: Add-WindowsFeature RSAT-AD-PowerShell import-module ActiveDirectory

Then I changed the account creation line to: New-ADUser -Name "CSETUser" -Description "CSET Service User" -AccountPassword $password -PasswordNeverExpires $true -CannotChangePassword $True -Enabled $true

@mletormd
Copy link
Author

mletormd commented Mar 8, 2022 via email

@brianldvs
Copy link

This is the first part of the setup_enterprise.ps1
You can comment out some of the installers if you want. I did not test to see if it would progress if the software was already installed.
You can also just delete the local account it created and that should clean it up pretty good
if the DB exists it will just give you warnings on that.

Add-WindowsFeature RSAT-AD-PowerShell
import-module ActiveDirectory

function Test-SqlConnection {
param(
[Parameter(Mandatory)]
[string]$connectionString
)

try {
    $sqlConnection = New-Object System.Data.SqlClient.SqlConnection $connectionString
    $sqlConnection.Open()
    ## This will run if the Open() method does not throw an exception
    return $true
} catch {
    return $false
} finally {
    $sqlConnection.Close()
}

}

Install SQL Server Express 2019

Start-Process SQL2019-SSEI-Expr.exe -Wait

Install Web Server (IIS)

Install-WindowsFeature -Name Web-Server -IncludeManagementTools

Install URL Rewrite module for IIS

Start-Process urlrewrite2.exe -Wait

Install dotnet 6 hosting bundle

Start-Process dotnet-hosting-6.0.2-win.exe -Wait

Update enviornment path to ensure sqlcmd works after installing SQL server

$env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine")

Create CSETUser

$password = Read-Host -AsSecureString "Enter a password for CSET service user account"
New-ADUser -Name "CSETUser" -Description "CSET Service User" -AccountPassword $password -PasswordNeverExpires $true -CannotChangePassword $True -Enabled $true

@mletormd
Copy link
Author

mletormd commented Mar 9, 2022 via email

@mletormd
Copy link
Author

mletormd commented Mar 9, 2022 via email

@mletormd
Copy link
Author

mletormd commented Mar 9, 2022 via email

@mletormd
Copy link
Author

mletormd commented Mar 9, 2022

This is the first part of the setup_enterprise.ps1 You can comment out some of the installers if you want. I did not test to see if it would progress if the software was already installed. You can also just delete the local account it created and that should clean it up pretty good if the DB exists it will just give you warnings on that.

Add-WindowsFeature RSAT-AD-PowerShell import-module ActiveDirectory

function Test-SqlConnection { param( [Parameter(Mandatory)] [string]$connectionString )

try {
    $sqlConnection = New-Object System.Data.SqlClient.SqlConnection $connectionString
    $sqlConnection.Open()
    ## This will run if the Open() method does not throw an exception
    return $true
} catch {
    return $false
} finally {
    $sqlConnection.Close()
}

}

Install SQL Server Express 2019

Start-Process SQL2019-SSEI-Expr.exe -Wait

Install Web Server (IIS)

Install-WindowsFeature -Name Web-Server -IncludeManagementTools

Install URL Rewrite module for IIS

Start-Process urlrewrite2.exe -Wait

Install dotnet 6 hosting bundle

Start-Process dotnet-hosting-6.0.2-win.exe -Wait

Update enviornment path to ensure sqlcmd works after installing SQL server

$env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine")

Create CSETUser

$password = Read-Host -AsSecureString "Enter a password for CSET service user account" New-ADUser -Name "CSETUser" -Description "CSET Service User" -AccountPassword $password -PasswordNeverExpires $true -CannotChangePassword $True -Enabled $true

Sadly just even tried fresh OS Install and ran script but even that yielding no better results. If we had some instructions it may be almost doable but im sure we are missing some part of this process has to be...

@mletormd
Copy link
Author

mletormd commented Mar 9, 2022

Issue is related to the CSET User account not having admin i believe... I updated it to my account and it let us right in im trying to figure out what permission the CSETUser account needs.... this is changed in IIS Application pool where it says Identity. You need to go to advanced settings to find the spot to change it. If you would like to exchange emails my work address is mleto@rmdinc.com

@EChapman81
Copy link

To Clarify on MLetormd's response, we did find the issue that appears to cause the logins to fail with "The Server is unavailable. Contact your system administrator".

In IIS under the application pool, you will see three applications that are assigned to the "CSETUSER". When you would try to access the CSET website the CSETUI application would crash because of user permission as shown in the event viewer.

We then proceeded to change the user to the "ApplicationPoolIdentity". This allowed the website to proceed a little further but would ultimately fail to crash the next application. Thus we decided to change all three applications. This didn't work though, the site would appear to load but we only got a blank screen.

Finally, on a hunch, Marco changed all three applications to his admin account, it's not an ideal config but thankfully it paid off. After changing all 3 applications' user accounts the CSET site began working as expected and we could log in and start and process an audit.

An additional problem that has popped up at the moment for us is that we can access the CSET web portal on the hosting server. Unfortunately, we haven't been able to access it properly from a remote system using a browser. I initially thought it was a firewall issue as the CSETAPI and CSETReportsAPI use ports 5001 and 5002. So I opened these ports, unfortunately, though we still get the annoying "The server is unavailable. Contact your system administrator.".

We are a step closer and can actually get some work done but hopefully, this will help everyone, and perhaps someone has some thoughts on the last issue or a better resolution than using an admin credential for the application pool user.

Cheers

@EChapman81
Copy link

EChapman81 commented Mar 10, 2022

Ok, So MLetormd and I have figured out the issue with accessing the CSET portal from remote computers...

In the CSETUI folder (c:\inetpub\wwwroot\CSETUI) go into the assets folder. There you will find a "config.json" config file. You will need to edit this file with the following info. I'm using notepad++ so I have line numbers that I will reference.

*Line 6 should be port 5001
*Then edit lines 5 and 10 to be the FQDN of your host server. ie XYZ.company.com
*And finally, line 15 should be the full FQDN of your server with the port address. ie HTTP://XYZ.company.com:5002/

Also, don't forget to open the 5001-5002 ports on your firewall.

We are also looking into the configs for the email configuration but haven't found them just yet.

Cheers

@EChapman81
Copy link

I hadn't tried the method you mentioned. I suspect though that line 6 would still need to be modified at a minimum. As it is set for port 4000 which I suspect is a remnant from the coder's original config.

We had originally modified the other lines and left line 6 as it was but the site still would not work. Once we changed line 6 though the site began working properly.

My thought behind why these changes work was when the site on a remote browser was attempting to access the API or ReportsAPI they were trying to connect to localhost hence the site failing.

Cheers

@EChapman81
Copy link

ok to get email working you need to modify the "appsettings.json" file which can be located at c:\inetpub\wwwroot\CSETAPI.

Use your favorite editor and modify the needed values in that file, if any are unused remove them.

After restarting IIS and clearing your browser cache you should be able to send emails from CSET.

Cheers

@brianldvs
Copy link

@Marcus-Goeckner thank you for all your hard work getting 11.0.1.2 enterprise rolled out. We know there were some small issues due to different environments, but we worked most of those out.
We are definitely looking forward to any refinements you make. Right now we have a workable tool!
Thanks again to @EChapman81 and @mletormd for your contributions and collaboration.
Brian

@mletormd
Copy link
Author

mletormd commented Sep 23, 2022

@Skullack
Located in appsettings.json

mletormd commented on Mar 10
Dear All,

Found the email settings if anyone else is curious. You must look in CSETAPI folder.

"appsettings.json" file which can be located at c:\inetpub\wwwroot\CSETAPI.

Use your favorite editor and modify the needed values in that file, if any are unused remove them.

After restarting IIS and clearing your browser cache you should be able to send emails from CSET.

@Marcus-Goeckner
Member
Marcus-Goeckner commented on Mar 23
@mletormd Sorry for the late reply. Glad you got that figured out. You are correct, SMTP settings are located in appsettings.json of the CSETAPI directory.

@Skullack
Copy link

@Skullack Located in appsettings.json

mletormd commented on Mar 10 Dear All,

Found the email settings if anyone else is curious. You must look in CSETAPI folder.

"appsettings.json" file which can be located at c:\inetpub\wwwroot\CSETAPI.

Use your favorite editor and modify the needed values in that file, if any are unused remove them.

After restarting IIS and clearing your browser cache you should be able to send emails from CSET.

@Marcus-Goeckner Member Marcus-Goeckner commented on Mar 23 @mletormd Sorry for the late reply. Glad you got that figured out. You are correct, SMTP settings are located in appsettings.json of the CSETAPI directory.

thank you found it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

7 participants