Why do clients use HTTPS for GetPackageInfo requests, but then use HTTP for GetPackageSnapshot requests?

book

Article ID: 181151

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

 

Resolution

Problem
Notification Server is configured for SSL using port 443 as it resides in the DMZ and is there to manage remote users only. The Default Web site was named in IIS, and the Notification Server was installed via command line as per the Notification Server documentation. SSL certificate is installed and its Internet name is entered into the CoreSettings.config file via the PreferredNSHost parameter. We have found that configuration requests and GetPackageInfo requests are using HTTPS; however, the Notification Server Agent then uses HTTP for its GetPackageSnapshot request.

Environment
Notification Server 6.0.6074 
Inventory Solution 6.1

Notification Server is configured for SSL using port 443 as it resides in the DMZ and is there to manage remote users only. The Default Web site was named in IIS, and the Notification Server was installed via a command line as per the Notification Server documentation. SSL certificate is installed and its Internet name is entered into the CoreSettings.config file via the PreferredNSHost parameter.

Cause
Although IIS had a SSL certificate installed, and that the Notification Server's clients were configured to communicate to the Notification Server via HTTPS, IIS was not actually forced into using SSL only, which is why when a client requested package information via HTTPS, then Notification Server returned a HTTP URL in its Package.xml file, thus causing the Notification Server Agent to use HTTP for the GetPackageSnapshot request.

Resolution
In order to force IIS to use SSL, the following change was made:

  1. Right-click on the main Web site and select Properties.
  2. Go to the Directory Security tab, and click Edit under the Secure Communications section.
  3. Check the Require secure channel (SSL) check box and click OK.
  4. Select all Virtual Directories that you wish to use SSL and click OK.
  5. Click Apply and then OK.
  6. Restart IIS.
  7. Restart the NS services.
  8. Run the "NS.Package Refresh.{bd6bf880-bfae-4dad-b746-e8be99f3b8a8}" scheduled task.

This operation allows the Notification Server to provide a HTTPS URL for the Notification Server Agent to use for its GetPackageSnapshot request, which caused the package download to be successful.