AppInsight from Solarwinds is pretty cool. At least the one for Exchange is. Trying out the one for IIS now. Got it configured on a few of our servers easily but it failed on one. Got the following error –
Manual install it is then. (Or maybe not! Read on and you’ll see a hopeful fix that worked for me).
First step in that is to install PowerShell (easy) and the IIS PowerShell snap-in. The latter can be downloaded from here. This downloads the Web Platform Installer (a.k.a. “webpi” for short) and that connects to the Internet to download the goods. In theory it should be easy, in practice the server doesn’t have connectivity to the Internet except via a proxy so I have to feed it that information first. Go to
C:\Program Files\Microsoft\Web Platform Installer for that, find a file called
WebPlatformInstaller.exe.config, open it in Notepad or similar, and add the following lines to it –
<proxy proxyaddress="http://<myproxy>:8080" bypassonlocal="true" />
This should be within the
<configuration> -- </configuration> block. Didn’t help though, same error.
Time to look at the logs. Go to
%localappdata%\Microsoft\Web Platform Installer\logs\webpi for those.
From the logs it looked like the connection was going through –
DownloadManager Information: 0 : Loading product xml from: https://go.microsoft.com/?linkid=9842185
DownloadManager Information: 0 : https://go.microsoft.com/?linkid=9842185 responded with 302
DownloadManager Information: 0 : Response headers:
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
Date: Tue, 10 May 2016 12:10:12 GMT
But the problem was this –
DownloadManager Error: 0 : WebClient download error: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
If I go to the link – https://www.microsoft.com/web/webpi/5.0/webproductlist.xml – via IE on that server I get the following –
However, when I visit the same link on a different server there’s no error.
Interesting. I viewed the untrusted certificate from IE on the problem server and compared it with the certificate from the non-problem server.
Comparing the two I can see that the non-problem server has a VeriSign certificate in the root of the path, because of which there’s a chain of trust.
If I open Certificate Manager on both servers (open
mmc > Add/ Remove Snap-Ins > Certificates > Add > Computer account) and navigate to the “Trusted Root Certification Authorities” store) on both servers I can see that the problem server doesn’t have the VeriSign certificate in its store while the other server has.
So here’s what I did. :) I exported the certificate from the server that had it and imported it into the “Trusted Root Certification Authorities” store of the problem server. Then I closed and opened IE and went to the link again, and bingo! the website opens without any issues. Then I tried the Web Platform Installer again and this time it loads. Bam!
The problem though is that it can’t find the IIS PowerShell snap-in. Grr!
However, at this point I had an idea. The SolarWinds error message was about an invalid signature, and what do we know of that can cause an invalid signature? Certificate issues! So now that I have installed the required CA certificate for the Web Platform Installer, maybe it sorts out SolarWinds too? So I went back and clicked “Configure Server” again and bingo! it worked this time. :)
Hope this helps someone.