Self Service Portal is being displayed instead of WebUI

I have completed below process for WebUI in our environment.

IBM BigFix WebUI Deployment and Configuration:

 IBM BigFix WebUI Enablement on Root Server.
 Change WebUI Redirect Setting on Root Server - Value 1.
 Change WebUI HTTPS strict transport security setting on Root Server- Value 0.
 Change port for WebUI (Port 80) on Root Server.

I have swapped the port no. for Web Report and WebUI which can be seen under HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BigFix\EnterpriseClient\Settings\Client.

 Copy Certificate file (ssl.crt and ssl.pvk) under “C:\Program Files (x86)\BigFix Enterprise\BES Server\WebUI”. (optional)
 Restarted BESRootServer service.
 Added port 80 into BES WebUI (Inbound and Outbound) in Firewall policy.
I am getting below error while logging in, However I am having full permission including Explicit permit to access webUI.

Cannot connect to LDAP server – javax.naming.CommunicationException: simple bind failed: Server_Name:636 [Root exception is javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by CN=Org. Name CA, DC=Org. Name, DC=com is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error]

Using Link to access WebUI: https://server_name:80

I have tried ping and telnet to mail server with port 636, Everything Looks perfect.

Am I missing something ?
Please assist!

Hi Team,

This page Software Distribution Self Service Portal

WEUI PORTAL Page is different…

You have to configure SSP.

http://www.ibm.com/support/knowledgecenter/SS63NW_9.0.0/com.ibm.tem.doc_9.0/Lifecycle_Man/SWD_Users_Guide/t_configuring_the_swd_ssp.html

@sureshhan, SSP has been already configured in our environment.
Using this link: https://FDQN_HostName/ssp Self Service Portal is getting opened.

My ques. is which link should I use to access WebUI ??

I have gone through the document for WebUI and using the same link to access WebUI but its opening Self Service Portal.

Any help on this will be highly appreciated!

It’s likely that both the old SSP service and the WebUI are trying to compete for port 80 at the same time. So I think one of the services has to not be on port 80 for both to work.

I think these are the two settings that should allow you to set this on the WebUI:

_WebUI_HTTPS_Port allows users to use HTTPS webUI on some other port other than 443
_WebUI_Redirect_Port allows users to use HTTP webUI on some other port other than 80

Let me know if those work out for you…

-Dex

1 Like

@dexdexdex

I’m going to use any random no. for both settings (__WebUI_HTTPS_Port “Other than 443” and __WebUI_Redirect_Port “Other than 80”).
All I need to do is open both the port from Firewall “Inbound/Outbound”.

I will let you know the outcome! :slight_smile:

One other thing you could possibly do is also change the port that SSA uses as well to not 80 or 443 (but I don’t know whether that’s controlled through a client setting or anything like that).

To confirm this diagnosis, you should be able to check out logs in BigFix Enterprise\BES Server\WebUI\logs\service-app.log and it should tell you things like “can’t start up app because failed to bind to port” or something.

-Dex

This helps @dexdexdex
Tons of thanks for your justifications. :smiley:

_Prabhu