This is becoming a more frequent issue for us the more we try to get users into Kinetic. We are often stumped and have no choice to go back to classic to find out what the heck is going on. Anybody else?
6 Likes
Restricting helpful error messages is not an Epicor thing. Any SaaS product does this these days. What we are really asking is how to easily get errors and context for developers and Admins, i.e. observability. I donāt want to see errors at a userās screen, I want a dashboard of all errors in one place so I can see trends after upgrades, patches, or other changes in the environment/processes/personnel.
9 Likes
That would be nice too, but in addition to that, I would be really nice if errors had more information, and if contained sensitive information allowed you to enter a username and password right at the error message to see the rest of the details. Its a royal pain if you are at someones PC helping them and you have to go allllll the way back to your PC and hunt for the error that was just on the screen in some log.
There is no place for errors that say āundefinedā or āerrorā. That is terrible UX. You donāt have give us the source code to be at least more helpful than that. Your car at least has different lights for low tire pressure, low oil, over temperature, check engineā¦ etc.
8 Likes
Itās also a PITA to go all the way to a userās computer just to get an error message. 
Developers have to give some information about errors: missing identifiers, etc. but the goal is to not give meaningful information to adversaries. So, in dev instances, by all means, give the details. But when using production data, these are the recommendations:
3 Likes
Maybe I just disagree with the experts on somethings, I donāt know. Take their example of file access:
For example, when a user tries to access a file that does not exist, the error message typically indicates, āfile not foundā. When accessing a file that the user is not authorized for, it indicates, āaccess deniedā. The user is not supposed to know the file even exists, but such inconsistencies will readily reveal the presence or absence of inaccessible files or the siteās directory structure.
To me its a wild assumption that the user should not even know that a files exists if they do not have access to it. It would be extremely confusing in some cases, as you have to know something exists to request access from the appropriate people.
But honestly, I think for the most part we are talking past each other. Iām not asking for stack traces and files paths and so on to be in error messages. Iām talking about the overly generic garbage error messages that are so vague the user doesnāt know the proper response, but would if the message wasnāt so obfuscated.
And the other half is the amount of effort it takes. The amount it takes to tie someones complaint to a log, or the fact that all these obfuscation rules are in place even when running under a security manager or a dev environment.
Perhaps to a certain extent, safety and security will always be enraging and inefficientā¦ people have been removing machine guards from their very inceptionā¦ It just seems like a lot of the time companies take a very lazy approach to safety, in that anything that no longer exists is inherently secure. And they donāt bother making the experience as least painful as possible while maintaining and adequate level of security.
8 Likes
No, I think I agree with you. It is too painful, and it should be easy to tie an eventās correlation ID to a person (or non-person). And I completely agree that application messages SHOULD be useful!
I also find it bad UX for the user to even have to report these things. Weāre just hearing from the complainers and are oblivious to the other ways our systems are failing that never get reported. Waiting for calls from humans feels ineffective - especially since some errors happen on the back end where no human is involved. How many times did this error happen? Just one user or many? When did these start? New user? After Windows Update? After Kinetic patch? Picking off problems one at a time feels like a very inefficient way to monitor our systems.
Weāre always balancing convenience, privacy, and security. Traditionally, Iām the 
that usually is the counterbalance to always choosing convenience first. Every organization needs to measure the risk they are willing to take and still protect the business. I donāt fault Epicor for their choice but I, like you, would like a better UX in the implementation.
2 Likes
IF it even has one! 
Slightly off topic, the Drās office has a portal where you can exchange messages, look at results, etc. One day I got an email that there was a message for me to read. I began the login process, and got my two factor code. I entered in immediately, within 30 seconds or less, and it rejected it with a generic error message. After a few attempts of entering the code, it locked me out of course, and the only recourse was the telephone.
After waiting on hold FOREVER, the person on the other end said they were having problems with the two factor system, and after a extremely minimal exchange of information to āproveā who I was, she enabled my account and disabled two factor authentication. Its never been reactivated to this day, although presumably they have fixed the issue.
If the error message had been kind enough to tell me the system was down, I could have just waited instead of locking myself out, or, if I knew how many attempts I had left I would have stoppedā¦
6 Likes
Um, yes I DO. In fact I want the error message on the userās screen to be so good that they never even call me.
9 Likes
I donāt. I want the user to get good messages. But I want to know about errors without the users having to have to tell me, including the non-human users.
2 Likes
These things are not mutually exclusive.
4 Likes
I donāt want the band-aid of sending technical errors to the user. I want a better exception experience, just like you and Evan.
Itās not a bandaid if it enables them to quickly solve their own problem.
I totally agree.
But Iām greedy. I want to see trends with exceptions and not handle them one at a time. And not just hard exceptions. MRP is running 50% faster than usual. Why? DB Tables are growing faster than usual. 
Global Scheduling had 17 exceptions. What were they? Emails stop sending. Dozens of authentication failures for a member of the Finance team. Sending error messages to the user doesnāt get me there.
2 Likes
Make your own ideas lol.
4 Likes
You mean the one that will be five years old in June?
Monitoring is a part of what Iām asking for. 
6 Likes
And I voted for yours but your idea is very different than mine. Have you ever tried to apply a microsoft update for example, and literally inside the error message there is a link to a knowledge base article that explains what is wrong? That is the direction Epicor needs to go towards. Not the direction where they are currently going where nobody has any idea whatsoever what is going wrong.
7 Likes
Yes, we are talking about different things. There is a previous Idea from 2023 and 90+ votes thatās similar.
Improve error message handling for errors with Correlation IDs - 4228
Discussed here:
Yes and I voted for that one too, but that one is also still different than my idea.
1 Like
Shows the level of need in this area that three different ideas are applicable to the general issue.
6 Likes
Iāve been working with Seq since we upgraded to Kinetic. It gives me all of these answers. If only they would add this built into the productā¦
2 Likes