Troubleshooting On-Premises Publish Issues

On this page

S3 Bucket URLs are blocked

Error:

ArcherLongbowService.DataSources.PortalDataSource.UploadToS3

Cause Resolution

S3 Bucket URLs are not trusted.

S3 bucket URLs must be in the list of trusted URLs. For a complete list of trusted URLs, see Preparing for Installation.

Authentication to portal failed

Error:

ArcherLongbow.Common.Exceptions.PortalAuthenticationFailedException: Authentication to portal failed

System.Net.Http.HttpRequestException: No such host is known. (cognito-idp.ap-southeast-2.amazonaws.com:443)

System.Net.Sockets.SocketException (11001): No such host is known.

Cause Resolution

The Cognito URL is not trusted or the proxy settings contain HTTP or HTTPS.

  1. Cognito URL must be in the list of trusted URLs. For a complete list of trusted URL’s, see Preparing for Installation.

  2. Remove http:// or https:// in the proxy URL of the PortalDataStore.json

  3. Restart the ArcherEngageAgent service.

Engage Agent gets an HTML response instead of a JSON response

Error:

No MediaTypeFormatter is available to read an object of type 'WebApiRequestResult`1' from content with media type 'text/html'.

at ArcherLongbowService.Middlewares.ValidateArcherRequestMiddleware.Invoke(HttpContext httpContext)

at ArcherLongbowService.Middlewares.HandleErrorsMiddleware.Invoke(HttpContext context);

Cause Resolution

The Engage Agent is expecting a JSON response, but it gets an HTML response.

Check if the Engage Agent is able to communicate with Archer Web URL via the Base URL in the Archer Control Panel (ACP). If Archer has SSO enabled, ensure the ACP setting for the instance has "Allow manual bypass" selected for Single Sign-On.

Note: In case of Windows Integrated SSO, for IIS ensure the authentication for api, contentapi, platformapi, and ws has Anonymous Authentication enabled and Windows Authentication disabled.

Request Filtering in IIS.

  1. Go to Start > Control Panel > Administrative Tools.

  2. Select Internet Information Services (IIS) Manager.

  3. In the IIS settings, set "PUT" and "DELETE" to True.

License not supported

Error:

“Failed to Provision instance: PROD”,“{\“message\“:\“Access Denied\“}”

Cause Resolution

No license for the Archer Third Party Risk Management Use Case or the Vendor Count.

Refresh the Archer license. The license must contain Archer Third Party Risk Management Use Case and the appropriate Vendor Count.

Failed to communicate with the Portal

Error:

The remote certificate is invalid because of errors in the certificate chain: PartialChain

Cause Resolution

The Amazon Certificate Authority (CA) certificates are not available in the Engage Agent machine.

For older Windows server versions, use Starfield Services Root Certificate and for newer Windows server versions use Amazon Root CA.

The Amazon Certificate Authority certificates are available at https://www.amazontrust.com/repository/.

The credentials supplied to the package were not recognized

Error:

The credentials supplied to the package were not recognized

Cause Resolution

Service Account user does not have necessary permissions on the system where the Engage Agent is installed.

Grant the necessary permissions to the Service Account user on the system where the Engage Agent is installed.

  1. From the Start menu, go to Manage computer certificates.

  2. Right-click on the certificate.

  3. Click All Tasks > Manage Private Keys…

  4. Give full permissions to the Service Account user.

502 Bad Gateway

Error:

502 Bad Gateway

Cause Confirming the cause Resolution

The ArcherEngageAgent service is not running.

 

Start the ArcherEngageAgent service.

The Publish URL is incorrectly configured on the Engage Tab or the custom object.

 

For more information, see Publish URLs On-Premises.

The ArcherEngageAgent service is running but is unable to reach the Engage Agent URL because the:

  • certificate has no private key, is not trusted, or has expired.

  • Archer Configuration Service does not contain the intended purpose for both the client and server authentication.

  1. Open a browser on the Engage Agent machine and open the following URL:

    “https://{Engage Agent Hostname}:5001/api/v1/questionnaire/publish”

    where {Engage Agent Hostname} is the fully qualified hostname of the web server.

  2. Get the status code.

    If the status code is 400 Bad requests, the ArcherEngageAgent service is running.

    If the status code is 404, the ArcherEngageAgent service is not running because the selected SSL certificate does not have a private key.

  1. Generate a valid certificate.

  2. Go to the Engage Agent installation folder.

  3. Open appsettings.json file and update the correct certificate details, as shown below:

    "CertificateName": "Archer Configuration",

    "Subject": "Archer Configuration",

  4. Restart the service.

The ArcherEngageAgent service is running but is unable to reach the Engage Agent URL because:

  • The outgoing 5001 port from any of the web servers being used is blocked by the firewall rules.

  • The incoming 5001 port from the Engage Agent machine is blocked by the firewall rules.

 

Set the correct inbound and outbound ports on the Archer Web Servers and the Engage Agent Server.

For more information, see Archer Web Servers Ports and Engage Agent Server Ports.

Incorrect server farm settings.

 

In a multi-host setup, all Archer web servers must to be configured with the server farm settings.

  • For Matches the Pattern in R2, the Path should be

  • For Does Not Match the Pattern in R2, the Path should be /api/v1/{ToLower:{R:1}}

For more information, see Configure Server Farm.

Vendor received no notification, despite a successful publish

The vendor did not receive an assessment email invite notification, despite a successful publish message on the Engage Agent.

Cause Resolution

The Continue sending default Engage notifications checkbox is not selected on the Engage Tab.

Select the Continue sending default Engage notifications checkbox on the Engage Tab. For more information, see Publishing Content Using the Engage Tab.

If a custom object code is used, the field IsEngageNotificationRequired is set to false.

If a custom object code is used, set the field IsEngageNotificationRequired to true. For more information, see Publishing Individual Records Using a Custom Object.

InvalidCastException

Cause Resolution

The field types configured for a field differ in Archer and the Engage Agent.

Example

The Vendor Name field is configured as a Text field in the Engage Agent, but the same field is configured as a Cross-Reference field in Archer.

Configure the fields with the correct field mappings and field types in Archer and the Engage Agent.

Validation Messages

Error (Archer end)

{"isSuccessful":false,"statusCode":400,"validationMessages":["FirstName of class Contact is a required field and the value is not provided","LastName of class Contact is a required field and the value is not provided", "Email of class Contact is a required field and the value is not provided"],"value":null}

Cause Resolution

Data for First Name, Last Name, and Email of Contacts is not provided in the Archer record.

Provide data for , and in the Archer record before publish.

Invalid Request: Archer Content ID not found

Cause Resolution

One or more required fields in the Archer record are not populated.

Ensure all required fields in the Archer record contain a value.

User is not authorized to publish the questionnaire.

Cause Resolution

User identified in a cross referenced record does not have Read access to content.

Ensure that the identified user has Read access to content.
There is already an active assessment for this record
Cause Resolution

The current record already has an associated unsubmitted record in the portal.

Submit the original associated assessment.