I am trying to migrate from one server with vTiger 6.0 to a new server with vtiger 6.2.
I complete the installation and also i move the database from the old server and no problems in those parts.
The errors come when i try to login, if i try to login with my user i get the error
"Sorry! Attempt to access restricted file"
and when i try to login with the admin account i get a lot of illegal request messages, i do get the vTiger GUI but if i click in one option menu i get a illegal request and if i logout it displays the next message
"{"success":false,"error":{"code":"Illegal request","message":"Illegal request"}}"
i'm new to Vtiger and i don't know why is this happening.
Some extra info i have try to check the path directory and seems to be right, the database data is right too it recognize the users when you log in just doesnt show anything but an error.
When i finish the installation i could enter with no problem the problem start when i uploaded the Database.
Also i want to access to enter from another computer, do i need to enable port 8888 on the server?
I am using a localhost and from that pc i want to acces from another pc.
Illegal request error is due to the improper CSRF validation. Please make sure that your browser url is same as your $site_URL in config.inc.php file .
config.inc.php file you will get from your Directory following below path --
C:\Program Files (x86)\vtigerCRM620\apache\htdocs\vtigerCRM\config.inc.php
In that file change $site_URL from 'http://localhost:8888/'; to 'http://1.6.2.12:8888/'; (1.6.2.12 is your machine IP)
This process will make your machine "1.6.2.12" into server for Vtiger application, so your application will be hosted on server 1.6.2.12 and then you can access this application on other computer also.
Port-8888 is used by Apache which is inbuilt in Vtiger by default so don't make any changes in that.
If you've migrated your data then try checking /vtiger/user_privileges/
There should be 2 files for each user: user-privileges-.php and sharing-privileges-.php (admin will be 1)
These can become lost and/or have dodgy permissions after migration, has happened twice to me. For some reason, Admin always copies over and works.
From your backup, take the related user files in /vtiger/user_priveleges/ and put them in new working folder and set permissions to read/write.
Make sure you transfer all files in /user_privileges because they are generated by sharing rules system in vTiger should be transferred like database.
Related
I am using msdeploy to push out website code to 4 different servers (test and production servers). Works fine on the first 3, but the 4th is giving me an ERROR_CERTIFICATE_VALIDATION_FAILED error. I am using the -allowUntrusted option.
"C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe" -verb:sync -source:iisApp="E:\workspace\testDeploy\outproject\_PublishedWebsites\<webfolder>" -dest:iisApp="mycompany.com",ComputerName="https://<hostip>:8172/MsDeploy.axd",UserName="<userid>",Password="****",AuthType="Basic" -allowUntrusted -enableRule:AppOffline -skip:objectName=filePath,absolutePath="^.*<webfolder>\\web.*\.config$|^.*mycompany\.com\\web.*\.config"
Error Code: ERROR_CERTIFICATE_VALIDATION_FAILED
More Infenter code hereormation: Connected to the remote computer ("<hostip>") using the specified process ("Web Management Service"), but could not verify the server's certificate. If you trust the server, connect again and allow untrusted certificates. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_CERTIFICATE_VALIDATION_FAILED.
Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Error: The remote certificate is invalid according to the validation procedure.
Any idea what I am missing?
Adding <AllowUntrustedCertificate>True</AllowUntrustedCertificate> to my pubxml file seemed to fix the problem initially.
Upon re-publishing days later though, I got the same error. I went into the Publish Settings, re-entered my password and the publish succeeded.
I'm now thinking my initial problem was solved by re-entering my password, not by adding <AllowUntrustedCertificate>True</AllowUntrustedCertificate>.
-allowUntrusted did not worked for me.
I used this:
/p:AllowUntrustedCertificate=True
Adding this solution as none of the others worked for me...
I had to add these lines to publish profile:
<UseMSDeployExe>True</UseMSDeployExe>
<AllowUntrustedCertificate>True</AllowUntrustedCertificate>
After adding those, publish still failed. Then I opened the publish profile settings, clicked validate connection, and saved. Only then did publish succeed.
I fixed this by going into the publish settings, then clicking "Validate Connection" at the bottom. Then this error goes away.
The problem was with the password for the user on the destination system.
I saw on another post that someone moved the -allowUntrusted flag before the -dest entry. I tried that and I started getting a ERROR_USER_UNAUTHORIZED message. Everything was correct with the password as it was entered, but it started with an * character and also had a single quote in it. I generated a new password for the user that didn't use those special characters and changed it on the remote system. After that, everything worked fine.
I was able to run the command as shown in the initial post without any error.
If you are getting a ERROR_CERTIFICATE_VALIDATION_FAILED or ERROR_USER_UNAUTHORIZED and everything is set up properly, try changing the password assigned to the user on the destination system. It would seem that some passwords just won't work.
Another Potential Solution - Deploying Web Jobs specifically
I know this is an old post, but I ran into this issue with VS 2019 when deploying my Azure Web Jobs. None of the above worked for me. What did end up working was re-authenticating using the tooling after updating the publishing profile. The way I resolved it was by right clicking the solution and selecting "Publish as Azure Webjob.." Even after creating a new publishing profile it still failed. I then added the following my publishing profile.
<_DestinationType>AzureWebSite</_DestinationType>
<UseMSDeployExe>True</UseMSDeployExe>
<AllowUntrustedCertificate>True</AllowUntrustedCertificate>
I tried publishing it again and it failed. Then I re-authenticated by clicking the edit password link shown below.
When you do, you'll see the following screen. Click on the "Attempt to retrieve credentials from Azure" link.
Don't forget to hit the save button at the bottom after retrieving the creds from Azure. Once you do, go back and try publishing again. It should work just fine.
NOTE: If you just pulled down/created your publishing profile for the first time, do not click the edit button under the name of the Publishing profile and validate the connection that way as shown below.
If you do, it may remove the username/password from the UI for the publishing tooling shown in my first image above. If it disappears, you need to start this process all over again by deleting your profile, creating a new one and finally following the steps above in order. I don't know why it does this, but just something I noticed.
I notice you used the IP address for the deployment server:
-dest:iisApp="mycompany.com",ComputerName="https://<hostip>:8172/MsDeploy.axd"
This caused the certificate validation error for me because the SSL certificate was issued for the domain name, not the IP address. Changing to domain name instead of IP address fixed it.
Just want to add my 50 cents and my solution so it may help someone else.
what i did yo solve this is to use remote desktop to connect to the host machine
and when asked to accept the machine certificate ( after input login and password ) i marked remember this at the bottom.
hope this help someone
I have an issue with IIS7 when mapping virtual directories to another machine.
This is my setup:
my Web APP is running on the web server (let's call it WEBSERVER). Windows Server 2008, IIS 7.
I got some assets/images in an assets server (let's call it ASSETSSERVER). Windows Server 2003, on the C:\Assets folder, shared as \\ASSETSSERVER\Assets
Servers are in a workgroup, not a domain. This is something beyond my control, which I can't change.
Following the recommendation of our network team, I configured the app pool to run under the user WEBSERVER\portaluser
In my web app, I define a virtual directory. I map it to \\ASSETSSERVER\Assets. In the log in credentials, I specify the user ASSETSERVER\assetsuser (which exists). The 'Test credentials' buttons show that i am authenticated OK and that I have authorisation.
At first, I got a 500.19 error telling me I could not log in. This post revealed the solution: I had to create a WEBSERVER\assetsuser user with same password (counter-intuitive, but it worked).
After that, my assets still refuse to display. I now get a message similar to this:
Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: An error occurred loading a configuration file: Failed to start monitoring changes to '\\ASSETSERVER\assets'.
Source Error:
[No relevant source lines]
Source File: \\ASSETSERVER\assets\web.config Line: 0
I have done some extensive googling, and I have tried the following:
Modified the local policy to allow WEBSERVER\portaluser to impersonate other accounts after login, as suggested here (it's for Windows 2000 Server but it was worth a try!)
Added permissions to everyone to the \\ASSETSSERVER\assets, as indicated here (bottom answer)
Added read/execute/list permissions to the c:\ drive in ASSETSSERVER to the ASSETSSERVER\assetsuser user, as suggested here (method 3)
I edited the registry key to stop IIS from monitoring the folders for changes, as indicated here (the writer claims that it's not related to IIS but I am quite certain that IIS does monitor the folders for changes in web.config)
I have configured allowsubdirconfig="false" in applicationHost.config as indicated here
None of these solutions have worked, and I am running out of ideas of what to try. It seems like I'm so close yet so far. Any suggestions?
After several of work I found the solution to this issue.
It was as simple as creating a user called "portaluser" (the same as my app pool identity user) in ASSETSSERVER.
This is counter-intuitive: I explicitly told IIS7 to connect to ASSETSERVER as the assetsuser server, but it was still using portaluser to check for the existence of web.config (and monitor for changes).
Having seen that, I decided to use the same account to run the app pool and to connect to the remote virtual directory. I just used 'assetsuser' instead of 'portaluser'
Hope this helps
Im doing a project where i have to send a link to my user/clients. The mail will be sent to them once they register their account. Now there will be a link in their mail when clicked on that link the users will be redirected once again to my website and they will be shown a pdf.
When i did this from my system and localserver it worked fine.
But now my project has been put up in the development server from where its not possible for me to send mail.
I get the following errors
Message: Sys.WebForms.PageRequestManagerServerErrorException: AspPDF.NET 2.0.0.14045 has generated error #46: [ Opening output file failed: Access to the path 'C:\inetpub\wwwroot\Myesign\UploadedFiles\Signed\Support2(1).pdf' is denied. ]
Im not clear that what might be the possible reason for this error. The same project worked when i used the localserver and from my pc also worked fine but from the production server the same project is not working.
Also the link that i get in my mail id is
"http://localhost/ScriptResource.axd?d=n3csX8loR-nh3aSKQ4FNi7Vth7ZBerv1fa-7sJrneEaqqdsyYs5M1zxZ6mXbdwJ0oPXtyofmMkG8z9SZaK8qgo6xYZPs72x4Icy0pXeiYtTxb_JCbdFLZmwvpEToNB0tY6mtEQ2&t=2939b118"
in the above link dont need the "http://localhost/" is there anything i can do about. Im sure there might be some way but im not able to find it.
Can you post the code you use to generate and send the link via email? It may be a relative linking issue. Also, make sure the NTAUTHORITY\NETWORKSERVICE account has permission to read files in the PDF folder on the server, as that is the account used when a file is accessed on the server through IIS.
I assume this is an IIS error, as this doesn't happen if I run the project on my local machine.
I have my stylesheets at ~/Content/css
Any files in that directory won't load on the page, and when I navigate to them directly, I get a server error:
401 - Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied.
This only happens with that directory, I have no problem accessing any other files. Is there something I need to do in IIS7 to stop this?
Open IIS and select site that is causing 401
Select Authentication property in IIS Header
Select Anonymous Authentication
Right click on it, select Edit and choose Application pool identity
Restart site and it should work
It is likely that you do not have the IUSR_computername permission on that folder. I've just had a quick scan and it looks like you will find the information you need here.
If that isn't the case, are you prompted for your username and password by the browser? If so it may be that IIS is configured to use Integrated authentication only, as described here.
Open IIS
select site where you are facing the problem
Select Below
- Right click on Anonymous Authentication and click on edit and follow below
You do not have permision to view this directory or page using the credentials that you supplied.
This happened despite the fact the user is already authenticated via Active Directory.
There can be many causes to Access Denied error, but if you think you’ve already configured everything correctly from your web application, there might be a little detail that’s forgotten. Make sure you give the proper permission to Authenticated Users to access your web application directory.
Here are the steps I took to solve this issue.
Right-click on the directory where the web application is stored and select Properties and click on Security tab.
Click on Click on Edit…, then Add… button. Type in Authenticated Users in the Enter the object names to select., then Add button. Type in Authenticated Users in the Enter the object names to select.
Click OK and you should see Authenticated Users as one of the user names. Give proper permissions on the Permissions for Authenticated Users box on the lower end if they’re not checked already.
Click OK twice to close the dialog box. It should take effect immediately, but if you want to be sure, you can restart IIS for your web application.
Refresh your browser and it should display the web page now.
Hope this helps!
You need to check the folder permissions on your server and check that the account that you are using to run your application has access to that folder.
For me the Anonymous User access was fine at the server level, but varied at just one of my "virtual" folders.
Took me quite a bit of foundering about and then some help from a colleague to learn that IIS has "authentication" settings at the virtual folder level too - hopefully this helps someone else with my predicament.
In our case it was Windows-integrated authentication specified in the app's web.config
BUT the windows-auth module was not installed on the IIS machine at all.
Just adding another possible reason.
Another simple fix I found was to delete the local IIS site (from within IIS Manager) and then re-create the virtual directory from the "Properties" of your web project in Visual Studio.
I am trying to FTP to a new FTP site I setup with IIS 7.0 for the Windows Server Web (64-bit) edition. But I get the above error when I try to login to this site. But I can login to my other FTP sites.
Also, when I select this website from IIS Manager, the FTP section does not display in the middle section although it does display in Action panel. And I cannot successfully login to this FTP site either.
I have checked and I have Log on locally selected. I do not have allow only anonymous connections. I have Access this computer from the network selected.
I restarted my IIS and FTP services also.
The one different thing I noticed about this website in IIS different from the other site that has FTP working is that this one there are 3 virtual directories beneath the site. And that when I click on any one of these 3, then the FTP strip does appear in the center pane. Make sense?
How can I debug cause of this error? Any SW tools I can use?
Have you tried logging in from the FTP server? If you do this, and have "Show detailed messages from local requests" enabled under FTP Messages, then you'll get a clearer idea as to why the login if failing. In my case I got the following message (I am using IIS Manager Users, and Passthrough authentication)
530-User cannot log in.
Win32 error: Access is denied.
Error details: Filename: \\?\C:\Windows\system32\inetsrv\config\redirection.config
Error: Cannot read configuration file due to insufficient permissions
To solve this I gave the NETWORK SERVICES user read only access to the config directory specified in the error message. I'm not 100% sure this is the right thing to do, but it certainly fixed this issue for me.
in my situation, I was missing Role Service FTP extensibility, which is actually allows IIS Manager Auth.
This is pretty tricky, as you could allow IIS Manager auth, but still it would not work until you have not installed FTP Extensibility
In my case I forgot to enable the Basic authentication
There seem to be many different possible causes. In my case, I was unable to login with the plain "username" with the same error as mentioned.
It was solved when I logged in with ".\username" instead.
For some reason the FTP client was trying to login with a domain account, while I just wanted to login with a local computer account.
Hope this helps someone.
Try submitting your credentials in this format:
UserName: Domain|Username
Password: secretSquirrel
I had the same problem, I removed the FTP site and followed this:
http://www.iis.net/learn/publish/using-the-ftp-service/configure-ftp-with-iis-manager-authentication-in-iis-7
Prerequisites - I set the permissions on the folders using the 4 command samples but this did not alone fix the issue, so I cannot in good faith say this step is needed, but it is what I did and it now works.
CONFIGURE THE IIS MANAGEMENT SERVICE AND ADD AN IIS 7 MANAGER -
Just do step 4, removing the existing user first and then re-adding them.
Creating a New FTP Site and Configuring an IIS 7 Manager Account -
All the steps here
CONFIGURE THE FTP SITE TO USE IIS 7 MANAGER AUTHENTICATION
All 12 steps here, including the "administrator" setting in step 5.
Then it started working for me, I am guessing when I did this without a guide I skipped something simple.
In My case I have made that user a member of IIS_IUSERS.
Using IIS Users.
Do not isolate users -> User name directory was working fine. Users started in the right folder.
When I was switching to Isolate Users -> User name Directory I had the following error:
Response: 530 User cannot log in, home directory inaccessible.
Win32 error: The system cannot find the path specified.
For some reason, you need to add the LocalUser virtual directory that points to your root.
It has to be that exact name and it's case sensitive.
That worked for me.
Per this knowledgebase article, you would need the log on locally privilege enabled.
http://support.microsoft.com/kb/200475
I had the exact same error. In my case, I was using a local user defined on the server running FTP. The username was very short (3 characters). I could "run as" this user on the server, confirming that Windows was Ok with it, and allowed it to authenticate. But when testing FTP, it would return User cannot log in.
Solution? I renamed the user to be longer (4 characters). Of course, updated its name under Authorization as well. Then FTP worked. Hope it helps someone!
For me, I've configured the IIS as per usual procedure properly. The anonymous authentication was working but specific user are not.
because, the user accounts were created in IIS. Actually it was also supposed to be created Windows local accounts.
Then it worked.
Please Check the security of folder which is use that ftp .
see if the user or group you select for that ftp is associate with security of that folder .
In my case I had to remove domain from user.
So, your user should be like username, not like domain\username.
Hope it helps to somebody.
For some reason my user was "locked". So I could "unlock" it at local user manager (computer management). Now it works fine. I hope it helps.
I would recommend checking FTP logs first. The status code will give you more information about the issue. Here is the explanation of the status codes: The FTP status codes in IIS 7.0 and later versions
I had this issue because my IIS didn't support passive mode. After entering data in FTP Firewall Support module, the issue was solved.
More scenarios from this post 530 User cannot log in, home directory inaccessible
Authorization rules. Make sure to have an Authorization rule that allows the user or anonymous access. Check “IIS > FTP site > FTP Authorization Rules” page to allow or deny access for certain or all users.
NTFS permissions. The FTP users (local or domain users) should have permissions on the physical folder. Right click the folder and go to Properties. In the Security tab, make sure the user has required permissions. You can ignore Shared tab. It is not used for FTP access.
Locked account. If you local or domain account is locked or expired, you may end up seeing “User cannot log in” error. Check local user properties or Active Directory user settings to make sure the user account is active.
Other permission issues. The user account may not have “Log on locally” or “Allow only anonymous connections security” rights.
I spent long time looking for a solution, I've tried every shared answer on the internet and nothing could solve the issue. It is an issue I was ignoring for years and I never could fix.
Ok, I've Plesk installed and I'm not sure if it has some effect on IIS FTP to do the following behavior ...
Using Process Monitor tool, and making ftp login request and watching the tool and doing your investigation using this tool, you can get a hint about the REAL reason of the problem.
For me, I found out that IIS FTP was trying to access the ftp folder from a path DIFFERENT than the actual ftp path I've set, I do not know why, but maybe Plesk has some effect on this.
The actual ftp path is
C:\inetpub\vhosts\zidapp
The path that IIS FTP was trying to access DURING the login process is
C:\inetpub\vhosts\Servers\7\localuser\zid_app_ftp_user
I fixed the issue by creating a folder link from 'actual' folder path to the path IIS was trying to access - using the tool mklink tool
CMD command
mklink /d C:\inetpub\vhosts\Servers\7\localuser\zid_app_ftp_user "C:\inetpub\vhosts\zidapp"
I've fixed the issue that way, so wen FTP is trying to access the folder from the wrong path, it is now goes to the correct one.
Please note doing folder shortcut wont work for this, you need a link like linux, not a shortcut ...
I hope it will help you :)
You can check the reference account you are using to log in.
Mine happened to be locked out causing the 530 error.