Admin console in network credential loop - https binding issue?

Kinetic ERP
1

I am installing K2021.2 on our test server and trying to move over to https binding in the process. I am having trouble setting up the https binding.

I can deploy the new application server but when I try to connect to it in the admin console I am getting dialog requesting network credentials. When I enter credentials and click ok it comes back. most annoying.

image

I have a cert installed on the server from a trusted authority, with the name “server.company.com.au” and that is in the binding in IIS. I have also created the Epicor server in the admin console as server.company.com.au to match the cert. Note by default it wants to create the Epicor server as server.company.internal.

If i cancel the credential dialog enough times it seems to connect but is missing details.

image
image1444×726 59 KB

I also tried to create another Epicor server at server.company.internal and register the app server under that. It was able register it but not able to connect to it - I assume because the FQDN is different

This seems to be the same issue as this one EAC display Network Credentials dialog after SSL certificate changed on server

Any help or pointers to info would be greatly appreciated.
Brett

2

Hi Brett,

This is definitely a Windows binding prompt (asking for Domain). Any extra modules installed that are using Windows Authentication?

Cheers,

Mark

3

This is a basic Epicor install - no data discovery etc installed. It is setup for username authentication ie not windows.

Brett

4

What does the Database Server Management Tab look like? Are you using Windows Auth for database access or a SQL Server username?

5

Database access is with an SQL account.

The app pool does have a custom account but I checked the credentials in IIS and this is good.

I noticed that if I try to edit the App Server all the fields are disabled. There is a refresh button and clicking that give this error. (I deleted the previous app server and started again).

image
image1746×1595 154 KB

6

Hi Brett,

Does your Windows Server FQDN and your Application Server/Certificate Name “server.company.com.au” match? If they don’t, that’s why you getting the pesky “Network Password” pop up message. EAC is looking for a computer on your network with that full name and never finds it. You don’t get this issue when your server uses a self-signed certificate because it takes the current server name as its certificate friendly name by default and matches (\servername can be found on the network).

You need to ensure that the certificate friendly name resolves to the Windows server fully qualified domain name where Epicor/IIS is.

FQDN = Computer Name + Primary DNS Suffix

Example:

Server: servername
Suffix: com.au
FQDN: servername.com.au
SSL Certificate’s Friendly name: servername.com.au

image
image783×472 83.7 KB

Carlos Q
PSE

3 Likes
7

Hi Brett,

Did you end up fixing this? I am having the same issue as the AD domain name is different to the certificate name.

8

For 2021 I gave up on the https binding and kept using the net.tcp binding.

I recently setup 2022.2 on a test server which forced me in to the ugly world of certs again! For that I ended up using a self signed cert. We are planning on upgrading to 2022.2 in the next month so I will be back to cert battle world again soon enough.

From my limited understanding of certs it seems there are several things that need to be lined up for it to work but I don’t know what those things are!

I have some notes so I’ll go look at them and post if they are suitable (ie dont create more confusion)

1 Like