+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
Home Access Plus+ Thread, HAP installed, but errors when anyone logs on in Projects:; Hi All, I'm hoping someone out there may be able to help me with this. I've installed HAP as per ...
  1. #1

    Join Date
    Sep 2010
    Posts
    16
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    HAP installed, but errors when anyone logs on

    Hi All,

    I'm hoping someone out there may be able to help me with this. I've installed HAP as per the documentation and video guides, and gone through the initial configuration (with the setup.aspx page). You can successfully browse to the external FQDN of the HAP server, and see the login box, but get errors when logging in.
    Whether I try as a domain administrator, pupil or staff user, once you've entered your credentials, you get prompted with a "The Website declined to show this webpage" page. You can then click on the "Go back to the previous page" link, which takes you into the HAP website (can see the menu bar on the left etc.), but there's a warning saying "You have attempted to access a restricted resource". If you attempt to use the icons on the menu bar to go anywhere (user's files, booking system etc.), you then get the same "website declined" error.

    I've not changed the configuration of the web.config file at all, other than as prompted to, to restrict access to the setup.aspx website, and to cure the known issue by removing the entry for .svg files. The same thing happens from IE8, 9 & Chrome.

    Any thoughts?

  2. #2

    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,637
    Thank Post
    39
    Thanked 530 Times in 456 Posts
    Rep Power
    118
    Check the web.config files in the sub folders, some of them have other permissions set.

    Also make sure you have local logon rights on the server for the users who need to use HAP+

  3. #3

    Join Date
    Sep 2010
    Posts
    16
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hi Nick,

    I've checked the other web.config files, but can't see anything that strikes me as problematic.
    When you say to check that users have "local logon rights" on the server, what exactly do you mean? Users can't current logon to the actual server hosting HAP (which I don't think is unreasonable?).

  4. #4

    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,637
    Thank Post
    39
    Thanked 530 Times in 456 Posts
    Rep Power
    118
    HAP+ requires local logon rights on the server hosting hap+ for identity impersonation to work. Which is why most of the HAP+ users run HAP+ on a terminal server

  5. #5

    Join Date
    Sep 2010
    Posts
    16
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hi Nick,
    Okay thanks - didn't realise that was the case, and don't remember seeing anything about that in the instructions.

    However, the policy being applied to the server hosting HAP already has "administrators" listed as allowed to log on locally, but yet when I login with a systemadmin user, it still gives the error. I.e. I guess the "allow log on locally" setting could be relevant later to get staff and students working, but I can't see that it's relevant for my systemadmin user, which is suffering from the same issue.

  6. #6

    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,637
    Thank Post
    39
    Thanked 530 Times in 456 Posts
    Rep Power
    118
    Very odd, it should work for domain admins stright out the box

  7. #7

    Join Date
    Sep 2010
    Posts
    16
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    It unfortunately hasn't done for me.
    I've even totally trashed everything and started again (the AppPool in IIS, the website itself, the extracted contents from the ZIP installer etc.), but still had exactly the same issue.
    I am however using HAP v8 (latest available from the site), and all the instructions are aimed at v7. Can't see that anything is drastically different though

  8. #8

    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,637
    Thank Post
    39
    Thanked 530 Times in 456 Posts
    Rep Power
    118
    Have you enabled local logon rights for everyone? It does need it.

    What is the exact error?

  9. #9

    Join Date
    Sep 2010
    Posts
    16
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I've not yet enabled local logon rights for everyone, but as previously mentioned, that is enabled for "administrators", so shouldn't be affected the use for my "systemadmin" user.

    You browse to the URL, and the login page successfully loads. I enter the systemadmin credentials, press "login", and it then loads a plain white page, with the error "You do not have permission to view this directory or page."
    If I then press the "back" button in the browser, I can see a HAP screen (title bar is there, along with the side menu bar, and the "logout" link), but the minute I try and do anything (such as click on the "my files" icon), exactly the same page as above is displayed with the same error.

  10. #10

    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,637
    Thank Post
    39
    Thanked 530 Times in 456 Posts
    Rep Power
    118
    Can you post your ~/web.config file, I'll have a look and see if I can see anything

  11. #11

    Join Date
    Sep 2010
    Posts
    16
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Nick,

    Contents of web.config below. I've not made any changes to it other than those described to lock down the setup.aspx page, and removing the entry for .svg as per another post.


    <?xml version="1.0"?>
    <!--
    Under IIS7.5, the application pool identity will be IIS APPPOOL\$apppool$, where $apppool$ is the application pool have is running under. You will need to grant permission to the App_Data folder to this user
    -->
    <configuration>
    <connectionStrings>
    <add name="SQLConnectionString" connectionString="Server=localhost;Database=hap;Tr usted_Connection=True;"/>
    </connectionStrings>
    <system.web>
    <sessionState mode="InProc" compressionEnabled="true" />
    <pages>
    <controls>
    <add assembly="HAP.Web" namespace="HAP.Web.Controls" tagPrefix="hap" />
    </controls>
    </pages>
    <compilation debug="true" targetFramework="4.0">
    <assemblies>
    <add assembly="System.DirectoryServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
    <add assembly="System.DirectoryServices.Protocols, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
    <add assembly="System.DirectoryServices.AccountManageme nt, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <add assembly="System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </assemblies>
    </compilation>
    <authentication mode="Forms">
    <forms loginUrl="~/login.aspx" defaultUrl="~/" />
    </authentication>
    <membership defaultProvider="admp">
    <providers>
    <clear />
    <add name="admp" type="HAP.AD.MembershipProvider" />
    </providers>
    </membership>
    <roleManager defaultProvider="adrp" enabled="true">
    <providers>
    <clear />
    <add name="adrp" type="HAP.AD.RoleProvider"/>
    </providers>
    </roleManager>
    <authorization>
    <deny users="?" />
    </authorization>
    <customErrors mode="Off" />
    </system.web>

    <!--
    The system.webServer section is required for running ASP.NET AJAX under Internet
    Information Services 7.0. It is not necessary for previous version of IIS.
    -->
    <system.webServer>
    <modules runAllManagedModulesForAllRequests="true" />
    <validation validateIntegratedModeConfiguration="false" />
    <security>
    <requestFiltering>
    <hiddenSegments>
    <remove segment="App_Data" />
    <remove segment="App_WebReferences" />
    <remove segment="App_LocalResources" />
    <remove segment="App_GlobalResources" />
    <remove segment="App_code" />
    <remove segment="bin" />
    <remove segment="web.config" />
    <remove segment="App_Browsers" />
    </hiddenSegments>
    <fileExtensions>
    <remove fileExtension=".vsdisco" />
    <remove fileExtension=".sdmDocument" />
    <remove fileExtension=".sdm" />
    <remove fileExtension=".sd" />
    <remove fileExtension=".refresh" />
    <remove fileExtension=".msgx" />
    <remove fileExtension=".mdf" />
    <remove fileExtension=".lsaprototype" />
    <remove fileExtension=".ldf" />
    <remove fileExtension=".lddprototype" />
    <remove fileExtension=".ldd" />
    <remove fileExtension=".exclude" />
    <remove fileExtension=".dsprototype" />
    <remove fileExtension=".dd" />
    <remove fileExtension=".compiled" />
    <remove fileExtension=".cd" />
    <remove fileExtension=".adprototype" />
    <remove fileExtension=".ad" />
    <remove fileExtension=".ssmap" />
    <remove fileExtension=".ssdgm" />
    <remove fileExtension=".dsdgm" />
    <remove fileExtension=".ldb" />
    <remove fileExtension=".jsl" />
    <remove fileExtension=".java" />
    <remove fileExtension=".vjsproj" />
    <remove fileExtension=".mdb" />
    <remove fileExtension=".resources" />
    <remove fileExtension=".resx" />
    <remove fileExtension=".licx" />
    <remove fileExtension=".webinfo" />
    <remove fileExtension=".vbproj" />
    <remove fileExtension=".vb" />
    <remove fileExtension=".csproj" />
    <remove fileExtension=".skin" />
    <remove fileExtension=".ascx" />
    <remove fileExtension=".master" />
    <remove fileExtension=".browser" />
    <remove fileExtension=".sitemap" />
    <remove fileExtension=".cs" />
    <remove fileExtension=".lsad" />
    <remove fileExtension=".asax" />
    <remove fileExtension=".config" />
    </fileExtensions>
    </requestFiltering>
    </security>
    <staticContent>
    <mimeMap fileExtension=".mp4" mimeType="video/mp4" />
    <mimeMap fileExtension=".m4v" mimeType="video/m4v" />
    <mimeMap fileExtension=".ogg" mimeType="video/ogg" />
    <mimeMap fileExtension=".ogv" mimeType="video/ogg" />
    <mimeMap fileExtension=".webm" mimeType="video/webm" />
    <mimeMap fileExtension=".oga" mimeType="audio/ogg" />
    <mimeMap fileExtension=".spx" mimeType="audio/ogg" />
    <mimeMap fileExtension=".svgz" mimeType="images/svg+xml" />
    <remove fileExtension=".eot" />
    <mimeMap fileExtension=".eot" mimeType="application/vnd.ms-fontobject" />
    <mimeMap fileExtension=".otf" mimeType="font/otf" />
    <mimeMap fileExtension=".woff" mimeType="font/x-woff" />
    </staticContent>
    <handlers>
    <remove name="ChartImageHandler" />
    <add name="ChartImageHandler" preCondition="integratedMode" verb="GET,HEAD,POST" path="ChartImg.axd" type="System.Web.UI.DataVisualization.Charting.Cha rtHttpHandler, System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    </handlers>
    </system.webServer>
    <!--File Upload Limits-->
    <location path="uploadh.aspx">
    <system.web>
    <httpRuntime maxRequestLength="2097151" executionTimeout="7200" />
    <!--2gb upload limit, 2 hours timeout-->
    </system.web>
    </location>
    <location path="api/myfiles-upload">
    <system.web>
    <httpRuntime maxRequestLength="2097151" executionTimeout="7200" />
    </system.web>
    </location>
    <location path="myfiles/default.aspx">
    <system.web>
    <httpRuntime maxRequestLength="2097151" executionTimeout="7200" />
    </system.web>
    </location>
    <!--End of File Upload Limits-->
    <!--Start of Override Permissions-->
    <location path="api.asmx">
    <system.web>
    <authorization>
    <allow users="*" />
    </authorization>
    </system.web>
    </location>
    <location path="Login.aspx">
    <system.web>
    <authorization>
    <allow users="*" />
    </authorization>
    </system.web>
    </location>
    <location path="setup.aspx">
    <system.web>
    <authorization>
    <allow roles="Domain Admins" />
    <deny users="*" />
    </authorization>
    </system.web>
    </location>
    <location path="app_data">
    <system.web>
    <authorization>
    <deny users="*" />
    </authorization>
    </system.web>
    </location>
    <location path="bin">
    <system.web>
    <authorization>
    <deny users="*" />
    </authorization>
    </system.web>
    </location>
    <location path="api/test">
    <system.web>
    <authorization>
    <allow users="*" />
    </authorization>
    </system.web>
    </location>
    <location path="api/js">
    <system.web>
    <authorization>
    <allow users="*" />
    </authorization>
    </system.web>
    </location>
    <location path="api/setup">
    <system.web>
    <authorization>
    <allow users="*" />
    </authorization>
    </system.web>
    </location>
    <location path="api/bookingsystem/loadroom">
    <system.web>
    <authorization>
    <allow users="*" />
    </authorization>
    </system.web>
    </location>
    <location path="favicon.ico">
    <system.web>
    <authorization>
    <allow users="*" />
    </authorization>
    </system.web>
    </location>
    <!--End of Override Permissions-->
    <system.serviceModel>
    <extensions>
    <behaviorExtensions>
    <add name="jsonWebHttp" type="HAP.Web.Logging.JsonErrorWebHttpBehaviorElem ent, HAP.Web.Logging" />
    </behaviorExtensions>
    </extensions>
    <behaviors>
    <endpointBehaviors>
    <behavior name="">
    <webHttp />
    <jsonWebHttp />
    </behavior>
    </endpointBehaviors>
    <serviceBehaviors>
    <behavior name="">
    <serviceDebug includeExceptionDetailInFaults="true"/>
    <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
    </behavior>
    </serviceBehaviors>
    </behaviors>
    <bindings>
    <webHttpBinding>
    <binding>
    <security mode="Transport" />
    </binding>
    </webHttpBinding>
    </bindings>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
    <standardEndpoints>
    <webHttpEndpoint>
    <standardEndpoint name="" helpEnabled="true" automaticFormatSelectionEnabled="true" faultExceptionEnabled="true">
    <security mode="Transport"/>
    </standardEndpoint>
    </webHttpEndpoint>
    </standardEndpoints>
    </system.serviceModel>
    </configuration>

  12. #12

    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,637
    Thank Post
    39
    Thanked 530 Times in 456 Posts
    Rep Power
    118
    Ok that looks all ok, can you now post your hapconfig.xml file, removing your ad password

  13. #13

    Join Date
    Sep 2010
    Posts
    16
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hi Nick,

    Please see below.
    The AD username and domain fields were both in clear text as expected, but the password was a string of gobbledygook - I presume this is also expected, and is actually somehow encrypted??

    <?xml version="1.0"?>
    <hapConfig version="8.1.1003.0" local="en-GB" firstrun="False">
    <AD username="XXXXXX" password="XXXXXX" upn="XXXXXX" studentsgroup="MFS Students">
    <OUs />
    </AD>
    <Homepage>
    <Links>
    <Group name="Resources" showto="All" subtitle="">
    <Link name="Me" showto="Inherit" description="About Me and Change My Password" url="#me" icon="~/images/icons/metro/folders-os/UserNo-Frame.png" target="" type="me" />
    <Link name="My Files" showto="Inherit" description="Access your School My Files" url="~/myfiles/" icon="~/images/icons/metro/folders-os/DocumentsFolder.png" target="" type="myfiles" />
    </Group>
    <Group name="Management" showto="Domain Admins" subtitle="">
    <Link name="Help Desk" showto="Inherit" description="Log/View a Support Ticket" url="~/helpdesk/" icon="~/images/icons/metro/folders-os/help.png" target="" type="helpdesk" />
    <Link name="Booking System" showto="Inherit" description="Book an IT Resource" url="~/bookingsystem/" icon="~/images/icons/metro/applications/calendar.png" target="" type="bookings" />
    <Link name="Logon Tracker" showto="Domain Admins" description="View the Logon History" url="~/tracker/" icon="~/images/icons/metro/other/History.png" target="" />
    <Link name="HAP+ Config" showto="Domain Admins" description="Home Access Plus+ Config" url="~/setup.aspx" icon="~/images/icons/metro/folders-os/Configurealt1.png" target="" />
    </Group>
    <Group name="Me" showto="All" subtitle="#me">
    <Link name="Me" showto="Inherit" description="" url="" icon="" target="" />
    <Link name="Password" showto="Inherit" description="" url="" icon="" target="" />
    </Group>
    </Links>
    <AnnouncementBox showto="All" enableeditto="Domain Admins" />
    </Homepage>
    <ProxyServer address="" port="0" enabled="False" />
    <SMTP server="" port="25" enabled="False" ssl="False" from="admin" fromaddress="admin@localhost.com" user="" password="" />
    <Tracker maxstudentlogons="1" maxstafflogons="4" overridecode="3600" provider="XML" />
    <School name="Test Primary School" website="http://www.test.sch.uk" photohandler="" />
    <bookingsystem maxbookingsperweek="3" maxdays="14" admins="" keepxmlclean="True" twoweektimetable="True" enablemultilesson="false" maxmultilesson="0">
    <resources />
    <lessons />
    <subjects>
    <subject name="General" />
    </subjects>
    </bookingsystem>
    <mscb hideextensions=".lnk,.ini" writechecks="True" LiveAppId="">
    <mappings>
    <mapping drive="T" name="Staff Shared Area" enablereadto="" enablewriteto="" enablemove="False" usagemode="Quota">\\MFS-SR-01\RMStaff</mapping>
    <mapping drive="W" name="Student Shared Area" enablereadto="" enablewriteto="" enablemove="False" usagemode="Quota">\\MFS-SR-01\RMShared Documents</mapping>
    <mapping drive="N" name="Home Directory" enablereadto="" enablewriteto="" enablemove="False" usagemode="Quota">\\MFS-SR-01\%username%$</mapping>
    </mappings>
    <filters>
    <filter name="Access Database" expression="*.mdb;*.accdb" enablefor="All" />
    <filter name="Excel Documents" expression="*.xls;*.xlsx;*.xlt;*.xltx" enablefor="All" />
    <filter name="HTML Files" expression="*.html;*.htm" enablefor="All" />
    <filter name="Images" expression="*.jpg;*.gif;*.png;*.bmp;*.jpeg" enablefor="All" />
    <filter name="Word Documents" expression="*.doc;*.docx;*.dotx;*.dot;*.txt;*.rft; *.pdf" enablefor="All" />
    <filter name="ZIP Files" expression="*.zip" enablefor="All" />
    <filter name="All Files" expression="*.*" enablefor="Domain Admins" />
    </filters>
    <quotaservers>
    <quotaserver server="MFS-SR-01" drive="N">\\MFS-SR-01\%username%$</quotaserver>
    </quotaservers>
    </mscb>
    </hapConfig>

  14. #14

    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,637
    Thank Post
    39
    Thanked 530 Times in 456 Posts
    Rep Power
    118
    The password is hashed, for security.

    What's your UPN?

    It looks like an RM school, which CHS is, and it works fine. Which server are you running HAP+ on? i.e. Web Server 2008 R2, FRDC Server 2003

  15. #15

    Join Date
    Sep 2010
    Posts
    16
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    It is indeed an RM school. A single CC4.3 server setup (i.e. Server 2008 R2) - HAP is therefore installed on the CC4 FRDC.
    The UPN is "SchoolName.internal".

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 6
    Last Post: 2nd March 2012, 08:25 AM
  2. [SIMS] Error when the log into FMS
    By GILLSMITH23 in forum MIS Systems
    Replies: 2
    Last Post: 18th November 2011, 03:37 PM
  3. HAP 7.6 error when clicking on "MyWork"
    By Chris_ in forum Home Access Plus+
    Replies: 0
    Last Post: 8th November 2011, 11:38 AM
  4. NETLOGON folder opens when admin logs on
    By FN-GM in forum Windows
    Replies: 28
    Last Post: 13th March 2008, 10:35 AM
  5. Intermittant error when user logs into SIMS
    By Gatt in forum MIS Systems
    Replies: 6
    Last Post: 14th February 2007, 05:52 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •