Unable to access VIP Enterprise Gateway console via HTTP or HTTPS
search cancel

Unable to access VIP Enterprise Gateway console via HTTP or HTTPS

book

Article ID: 247352

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

Unable to access Enterprise Gateway console via HTTP or HTTPS.

Is there a way to reset the configuration so the administrator can login again?

Environment

EG 9.8.4 and later

Cause

When the Symantec VIP Enterprise Gateway service is started, the VIP Enterprise Gateway Admin Console will listen on the port in the Console Settings (default is the 8232). Access can be set to HTTP or HTTPS 

If the SSL certificate expires, access to the VIP EG console is affected. However, if there is an issue with the listener, access may not be possible. 

Resolution

These steps demonstrate how to reset the webapp listening port to the original setting so the administrator can regain access to the VIPEG console.

Note: Create a backup of the VM and any modified files so the configuration changes can be reverted, if necessary. 

  • Log in to the Enterprise Gateway Server machine(in this example, a Windows machine).
  • Stop the Symantec VIP Enterprise Gateway Service.
  • Browse to the installation directory. Example:
    C:\Program Files\Symantec\VIP_Enterprise_Gateway\server\webapps\configs
  • Using a text editor, open both files: managedAuthentication_working_file.xml and managedAuthentication.xml
  • Under the Server element, There are 2 PortDef id elements: one begins with loggingPortDef, the other begins with uaconsolePortDef.
  • Under "uaconsolePort...", locate the <Key> element. If SSL is not configured, this <Key> element is missing. 
    • To remove SSL access, comment out the <Key> element. For example:
        <PortDef id="uaconsolePortDef-396998d2-cc38-11ed-bdd5-51757c32aa89">
              <Protocol>http</Protocol>
              <PortNumber>8232</PortNumber>
             <!-- <Key type="ssl">
                <Keystore>DEFAULT</Keystore>
                <Alias>{hostname}.ssl</Alias>
              </Key> -->
        </PortDef>
    • Change the <Protocol> from HTTPS to HTTP.
    • Change the <PortNumber> back to the default 8232
  • Save the changes to both files. 
  • Restart the VIP Enterprise Gateway Service.

The VIP administrator should now be able to access and log onto the VIPEG console at this point using non-SSL. For example: If http://localhost:8232.

If access is still prevented:

  • Change the logging level in the same 2 files to debug, then save the files.
    <Property type="logLevel">DEBUG</Property>
  • Restart VIP Enterprise Gateway and attempt to log in, then check the vipegconsole.log file at "C:\Program Files\Symantec\VIP_Enterprise_Gateway\logs"
  • Raise a support ticket if the issue is not resolved.