Opencart – HTTP Error 500.50 – URL Rewrite Module Error 0x80070005 Handler StaticFile

Problem

500 – Internal server error.

There is a problem with the resource you are looking for, and it cannot be displayed.

 

While working with Opencart shopping cart on an IIS server, we encountered this while browsing to a static image file that was uploaded as a website logo file.

image

Solution

The problem turned out to be related to IIS permissions. The folder structure hosting the website needed: IIS_IUSRS(<servername>\IIS_IUSRS) – modify to include Modify permissions.

As per this article: http://www.interactivewebs.com/blog/index.php/websites/creating-a-new-opencart-deployment-on-a-windows-server-iis/

Once we fixed that the problems all were solved.

DotNetNuke Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid. EventID 1315

image

The Problem

We were receiving some really really strange behaviour with a dotnetnuke website.

The log files showed:

Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid. with EVENT ID 1315

 

The behaviour was this:

Login with Internet Explorer worked.

Login with some versions of firefox failed others worked

Login with Chrome failed.

When login failed, the browser would refresh and then show the page you were on before login.

Now in this instance we tried nearly everything we could think of. we tried different application pools different.net settings in IIS. and we hand we have a good idea of both server management and asp.net.

He also had is particularly confused that other DotNetNuke websites on this particular server were running just fine.

To cut a long story short the problem turned out to be very specific that site we were using.

Solution

We were in the process of migrating somebody else’s site to our servers, and we had exported their site and site content using the DotNetNuke template feature. Ordinarily this would work just fine, however in this case the user on the other website had defined the login.aspx page to have administrator only privileges. They had set the login link from the skin to automatically directed to the login.aspx webpage. In the site settings they had defined no page for the DotNetNuke login page.

What this meant was that as the user attempted login to the DotNetNuke website, the attempt to call the login.aspx page was made and the DotNetNuke automatic lockout protection system was called in to play. This lockout protection system will throw up the standard DotNetNuke login screen, if the page is either undefined or unavailable as with both the case with this website. It just so happens that this lockout protection system doesn’t work particularly well with chrome. That’s a whole not a problem and I don’t intend to solve.

The solution here was to login using Internet Explorer, enable permissions on the login.aspx page which in the DotNetNuke website was simply called login. I was then able to select this page as the login page in the admin/site settings page. Once the login page was correctly defined I then ensured that the login module that come standard with DotNetNuke was included on this page.

After making these changes to the settings, we stopped receiving the error message:

DotNetNuke Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid. EventID 1315

And the site continued to operate correctly from there. Now whilst this was a very particular configuration that was imported from an invalid template website. I have noticed that in forums discussing this event ID, nobody has come up with a solution suggesting to look for the validity of your login settings within DotNetNuke. Hence the reason for this blog post.

I hope that saves somebody a lot of time, as I blew nearly 2 days try to resolve this one.

If anybody needs assistance with this type of problem, please feel free to contact us on our website.

AD FS certificate rollover CRM 2011

You find that you can’t logon to your CRM 2011 IFD deployment that you have configured around 12 months earlier.

image

In the browser you may see:

HTTP Error 401 - Unauthorized: Access is denied

<html><body><p>
An error has occurred. 
<br/><br/>
Try this action again. If the problem continues, check the Microsoft Dynamics CRM Community for solutions or contact your organization&#39;s Microsoft Dynamics CRM Administrator. Finally, you can contact Microsoft Support.
</p></body></html>
 
Looking at the server log may show:

SERVER Log Error show: 1309

Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 9/07/2012 12:09:59 PM
Event time (UTC): 9/07/2012 2:09:59 AM
Event ID: 50c7c9d7c3ba4b839bca7c72b9edf410
Event sequence: 51779
Event occurrence: 11
Event detail code: 0
 
Application information:
    Application domain: /LM/W3SVC/2/ROOT-1-129862684501956875
    Trust level: Full
    Application Virtual Path: /
    Application Path: C:\Program Files\Microsoft Dynamics CRM\CRMWeb\
    Machine name: VSERVER08
 
Process information:
    Process ID: 3208
    Process name: w3wp.exe
    Account name: NT AUTHORITY\NETWORK SERVICE
 
Exception information:
    Exception type: SecurityTokenException
    Exception message: ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.
   at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.CreateClaims(SamlSecurityToken samlSecurityToken)
   at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)
   at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token)
   at Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri)
   at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request)
   at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
   at Microsoft.Crm.Authentication.Claims.CrmFederatedAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

 
 
Request information:
    Request URL: https://auth.interactivewebs.com:444/default.aspx
    Request path: /default.aspx
    User host address: 124.189.39.157
    User: FSERVER4\Administrator
    Is authenticated: True
    Authentication Type: Negotiate
    Thread account name: NT AUTHORITY\NETWORK SERVICE
 
Thread information:
    Thread ID: 15
    Thread account name: NT AUTHORITY\NETWORK SERVICE
    Is impersonating: True
    Stack trace:    at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.CreateClaims(SamlSecurityToken samlSecurityToken)
   at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)
   at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token)
   at Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri)
   at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request)
   at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
   at Microsoft.Crm.Authentication.Claims.CrmFederatedAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
 
 
Custom event details:

And you find an error in the login attempt that gives you a 401 error.

ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.

Cause

The likely cause is that the ADFS certificate rollover has happened. Basically the self issued certificate that is used and configured as part of your IFD setup with CRM and AD FS has issued a new certificate around 1 week before the expiry of the old one.

If you start the SD SF services and look under:

Service >> Certificates

You will notice a primary and secondary certificate.

image

The Fix

Basically the certificate automatically rolls over to a new one and ADFS won’t authenticate any more. Here are the steps that seem to fix this issue:

  1. Open windows Powershell as administrator (right click runas)image
  2. Run the following commands:
  3. add-pssnapin Microsoft.adfs.powershell
  4. set-adfsproperties -autocertificaterollover $true
  5. update-adfscertificate -urgent
  6. Run the CRM deployment manager
    image
  7. Run through Configure Claims-Based Authentication Wizard (no changes)
  8. Run through Configure Internet-Facing Deployment Wizard (no changes)
  9. Restart the adfs service
    From a Command Prompt “cmd” Type
    net stop adfssrv
    then
    net
    start adfssrv
  10. Restart the Microsoft Asynchronous processing service
    From Services Windows
    Click the Restart Icon while the Service is selected
    image
  11. run an iisreset from the elevated command prompt
    Start RUN “cmd”
    iisreset

From here you should be good to go.

If you need assistance with CRM IFD setup see this post: http://www.interactivewebs.com/blog/index.php/server-tips/microsoft-crm-2011-how-to-configure-ifd-hosted-setup/

NOTE: In our case, the running through of the authentication wizard had defaulted the names back to the server name. We needed to manually put in the address correctly as per the setup of the IFD explained in the link above.

 

Event ID 17137 from source MSSQL$MICROSOFT##SSEE

 

Cleaning up the Event Log

On a system running the CRM 2011 IFD as described here: http://www.interactivewebs.com/blog/index.php/server-tips/microsoft-crm-2011-how-to-configure-ifd-hosted-setup/

You may notice in the Event Log some errors that look like:

The description for Event ID 17137 from source MSSQL$MICROSOFT##SSEE cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

AdfsArtifactStore

The specified resource type cannot be found in the image file

The Solution

1) Open SQL server management studio.

2) Connect to \\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query

image

3) Right-click on the database AdfsArtifactStore and select “Properties”

4) Click on the Options page

5) Set “Auto close” to False

IE FTP Your current security settings do not allow you to download files from this location.

image

Problem

while accessing Windows 2003 server today I experienced a problem with the system reported to me: Your current security settings do not allow you to download files from this location.

And gave me the following error window and security alert:

image

Knowing that Internet Explorer is too stupid to know that even though I have the username and password to connect to an FTP site , I don’t have the necessary security permissions to download files from the FTP site. as dumb as this may seem it is the default security settings are Internet Explorer early versions.

The solution

In this case the solution is actually quite easy.

1. Open IE

2. Open Tools > Internet Options > Security

3. Click on Trusted Sites then the sites button below

4. Enter the URL of the site you’re downloading from and click add

image