Unable to access VIP Enterprise Gateway console via HTTP or HTTPS, how to reset the configuration
search cancel

Unable to access VIP Enterprise Gateway console via HTTP or HTTPS, how to reset the configuration

book

Article ID: 247352

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

Unable to access Enterprise Gateway console via HTTP or HTTPS.

Is there a way to reset the configuration so the administrator can login again?

Environment

EG 9.8.4. 9.9.2, 9.10, 9.10.1

Cause

The VIPEG Admin Console will listen on 1 port, it is either HTTP or HTTPS.

So if this listener has problem then the login is not possible regardless of HTTP or HTTPS.
This issue can occur when the SSL certificate expires.

Resolution

This is to demonstrate how to reset the webapp listening port to the original setting so administrator can gain access to the VIPEG console again.
Please take a backup of the VM so the configuration changes can be reverted in case if anything goes wrong.

  • Log in to the Enterprise Gateway Server machine(in this case it is Windows machine).
  • Stop Symantec VIP Enterprise Gateway Service.
  • Browse to the installation directory. Example:
    C:\Program Files\Symantec\VIP_Enterprise_Gateway\server\webapps\configs
  • In the configs folder, edit both the files: managedAuthentication_working_file.xml and managedAuthentication.xml
  • Comment the <Key> element, for instance: 
    <PortDef id="uaconsolePortDef-396998d2-cc38-11ed-bdd5-51757c32aa89">
            <Protocol>https</Protocol>
            <PortNumber>8232</PortNumber>
           <!-- <Key type="ssl">
              <Keystore>DEFAULT</Keystore>
              <Alias>{hostname}.ssl</Alias>
            </Key> -->
          </PortDef>


    It can be found under <Server> element. There are 2 PortDef, one for Logging and one for uaconsole.
    "uaconsolePort" is what need to be updated. You will find <Key> element if SSL was configured. If SSL is not configured then <Key> element is not found there.

<Server id="jetty-3965c840-cc38-11ed-bdd5-51757c32aa89" type="jetty">
      <PortDef id="loggingPortDef-396998d0-cc38-11ed-bdd5-51757c32aa89">
        <Protocol>http</Protocol>
        <PortNumber>8238</PortNumber>
      </PortDef>
      <PortDef id="uaconsolePortDef-396998d2-cc38-11ed-bdd5-51757c32aa89">
        <Protocol>https</Protocol>
        <PortNumber>8232</PortNumber>
        <Key type="ssl">
          <Keystore>DEFAULT</Keystore>
          <Alias>test2.ssl</Alias>
        </Key>
      </PortDef>
      <Application id="logging-3965c841-cc38-11ed-bdd5-51757c32aa89"
                   type="logging">
        <PortRef>loggingPortDef-396998d0-cc38-11ed-bdd5-51757c32aa89</PortRef>
        <Property type="clientLogLevel">DEFAULT</Property>
        <Property type="logLevel">INFO</Property>
        <Property type="fileLog">true</Property>
        <Property type="fileLogRotation">'.'yyyy-MM-dd</Property>
        <Property type="ntEventLog">false</Property>
      </Application>
      <Application id="uaconsole-396998d1-cc38-11ed-bdd5-51757c32aa89"
                   type="uaconsole">
        <PortRef>uaconsolePortDef-396998d2-cc38-11ed-bdd5-51757c32aa89</PortRef>
        <Property type="clientLogLevel">INFO</Property>
        <Property type="fileLogRotation">'.'yyyy-MM-dd</Property>
        <Property type="showValidationTab">true</Property>
        <Property type="showIdpsspTab">true</Property>
        <Property type="showIdpVIPMgrTab">true</Property>
        <Property type="showProvisioningTab">true</Property>
        <Property type="enableSysLog">false</Property>
        <Property type="vipMode">true</Property>
        <Property type="appServerName">Jetty</Property>
        <Deployment type="war">
          <Property type="context">vipegconsole</Property>
          <Property type="warFilename">vipconsole.war</Property>
          <Property type="htmldocsDir">docs/vipegconsole</Property>
          <Property type="useSecureRandom">true</Property>
        </Deployment>
      </Application>
      <Application id="secureCommunication-396998d3-cc38-11ed-bdd5-51757c32aa89"
                   type="secureCommunication">
        <Property type="clientLogLevel">DEFAULT</Property>
        <Key type="ra">
          <Keystore>DEFAULT</Keystore>
          <Alias>test2.ra</Alias>
        </Key>
      </Application>
    </Server>
  

It should be changed to:

      <PortDef id="uaconsolePortDef-396998d2-cc38-11ed-bdd5-51757c32aa89">
        <Protocol>https</Protocol>
        <PortNumber>8232</PortNumber>
        <!-- <Key type="ssl">
          <Keystore>DEFAULT</Keystore>
          <Alias>test2.ssl</Alias>
        </Key> -->
      </PortDef>

  • Change the protocol in the uaconsolePort from HTTPS to HTTP:

    <Protocol>http</Protocol>

  • Change the PortNumber in the uaconsolePort back to original 8232

    <PortNumber>8232</PortNumber>

  • Save the changes to the files.
  • Restart the VIP Enterprise Gateway Service.

Administrators should be able to access and logon to the VIPEG console at this point.
If everything is working as expected and the administrator can login to the console then you can perform the following to restore the previous configuration.

  • Reconfigure the SSL certificate, apply the configuration as well as changing the port back to port your previously used port(for example, 443).
  • Restart the VIP Enterprise Gateway Service.

 

If https://{hostname}:8232 is still throwing error and unable to login, you can set logging to debug and restart VIPEG service.

  • Change the log level in the uaconsolePort from info to debug:

    <Property type="logLevel">DEBUG</Property>
  • Restart VIP Enterprise Gateway and try to login again and check the logs at "C:\Program Files\Symantec\VIP_Enterprise_Gateway\logs"
  • Raise a support ticket if the issue is not resolved.