Troubleshooting On-Premises Installation Issues

On this page

File Store path inaccessible

Error:

File Store path inaccessible. Please change path/account accordingly.

Cause Resolution

The path indicated in "File Store and File Repository Path" is inaccurate or the user indicated in "Service Account" requires updated permission.

Verify the user account has permission to the file path specified.

Verify the file path specified exists.

Unable to establish an SSL connection

Error:

ArcherLongbow.Common.Exceptions.SslConnectionException: The SSL connection could not be established, see inner exception. The remote certificate is invalid according to the validation procedure.

at ArcherLongbow.Common.Clients.ConfigPropertiesBase.GetProperty(String propertyKey)

Cause Resolution

An SSL connection could not be established between Archer and the Engage Agent.

  1. In the Engage Agent machine, update the portalDatastore.json. Set the following parameter to true:

    "BypassSslErrors": true

  2. Restart the ArcherEngageAgent service.

Archer Engage Agent fails to start

Cause Resolution

PortalDataStore.json is outdated.

Ensure you are using the most recent version of PortalDataStore.json.

Configuration service unreachable

Error:

Config service not reachable. Please verify the service URL.

Cause Confirming the Cause Resolution

An intermediate certificate is stored in the Trusted Root Certification Authorities Store. As a result, the Archer Configuration Service is unreachable.

  1. Log in to the Archer Configuration Service machine and open PowerShell. Execute the following command:

    Get-Childitem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject} | Format-List * | Out-File “c:\computer_filtered.txt"

  2. Go to the C: Drive, and open the file computer_filtered.txt.

    If there are any entries in the computer_filtered.txt file, the Archer Configuration Service is unreachable due to intermediate certificates in the Trusted Root Certification Authorities store.

(Recommended) Move the intermediate certificates pushed at the domain level via group policies from the Trusted Root Certification Authorities store to the Intermediate Certification Authorities store in the Archer Configuration Service machine.

 

 

This resolution works when you want to keep the intermediate certificates in the Trusted Root Certification Authorities store. To resolve this, see Keeping an Intermediate certificate in the Trusted Root Certification Authorities.

  • Certificate Hash does not match the binding on port 13200 with the Archer Configuration Service certificate.

  • Certificate chain is not properly placed in the corresponding certificate store.

  • Certificate has no private key, is not trusted, or has expired.

  • The Archer Configuration Service does not contain the intended purpose for both the client and server authentication.

 

  1. Generate proper certificates.

  2. Place these certificates in the corresponding certificate stores.

  3. Reinstall the Archer Configuration Service with these certificates.

Keeping an Intermediate certificate in the Trusted Root Certification Authorities

This resolution works when you want to keep the intermediate certificates in the Trusted Root Certification Authorities store.

Note: When you upgrade or reinstall Archer services, execute the following steps once again.

  1. Log in to the Archer machine where the Archer Configuration Service is running.

  2. Open the Command prompt and select Run as administrator.

  3. Obtain the Certificate Hash and Application ID. To do this, run the following command:

    netsh http show sslcert ipport=0.0.0.0:13200

  4. Note down the Certificate Hash and Application ID.

  5. Delete the SSL Certificate port. To do this, run the following command:

    netsh http delete sslcert ipport=0.0.0.0:13200

  6. Update the Certificate Hash and Application ID obtained in Step 4 in the following command, and run it.

    netsh http add sslcert ipport=0.0.0.0:13200 certhash=<Certificate Hash> appid=<Application ID> sslctlstorename=ClientAuthIssuer

    Example of the above command with Certificate Hash and Application ID updated:

    netsh http add sslcert ipport=0.0.0.0:13200 certhash=3586273163b2324a5ef6a421948bab5d60e02d69 appid={a8079d7e-4b0c-420f-bd1e-0bddf281aba2} sslctlstorename=ClientAuthIssuer

  7. Close the command prompt.

  8. Open Manage computer certificates.

  9. Copy the root certificate only if the Archer Configuration Service is binding with the chain of certificates and paste it in the Client Authentication Issuers store.

  10. Copy the self-signed certificate only if the Archer Configuration Service is binding with the self-signed certificate and paste it in Client Authentication Issuers store.

  11. Restart the Archer Configuration Service.

Engage installation fails

Cause Resolution

  • The user does not have access to the private key of the Archer Configuration certificate and SSL Certificate for the Engage Agent.

  • The user does not have access to the installation folders.

  1. From the Start menu, go to Manage computer certificates.

  2. Right-click on the certificate.

  3. Click All Tasks > Manage Private Keys…

  4. Give full permissions to the Service Account user.

  5. Open the Command Prompt and select Run as administrator.

  6. Navigate to the folder where the installer is downloaded.

  7. Execute the following command:

    msiexec /i "<Installername>.msi" /l*v "install.log"

    where <Installername> is the name of the installer.

  8. Restart the Engage Agent installation. For more information, see Installing the Engage Agent.