I checked the server event log and noticed an invalid session id error.
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="IceAppServer" />
<EventID Qualifiers="0">0</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2024-02-27T17:12:36.948727100Z" />
<EventRecordID>4066149</EventRecordID>
<Channel>Epicor App Server</Channel>
<Computer>[OurEpicorAppServer].[OurActiveDirectoryDomain]</Computer>
<Security />
</System>
- <EventData>
<Data>Ice.Common.InvalidSessionException: Session with SessionID = 0ee4abd6-1a3d-45fd-a0ba-f2c6d0a2960a is invalid. Session has either timed out or has been deleted. You must login again to continue. at Ice.Hosting.SessionCache.Get[T](Guid sessionId) in C:\_releases\ICE\ICE4.2.400.11\Source\Server\Framework\Epicor.Ice\Hosting\SessionCache.cs:line 37 at Erp.Extensibility.SessionProvider.ErpSessionBuilder.GetSession(Guid sessionId, UserFileItem user) in C:\_releases\ERP\ERP11.2.400.0\Source\Server\Internal\Extensibility\SessionProvider\ErpSessionBuilder.cs:line 22 at Epicor.Hosting.CallContext.GetSession(UserFileItem user, ISessionBuilder sessionBuilder, Guid sessionId) in C:\_releases\ICE\ICE4.2.400.11\Source\Server\Framework\Epicor.Ice\Hosting\CallContext.cs:line 239 at Epicor.Hosting.CallContext.Create(Operation op, UserFileItem user, ISessionBuilder sessionBuilder) in C:\_releases\ICE\ICE4.2.400.11\Source\Server\Framework\Epicor.Ice\Hosting\CallContext.cs:line 122 at Ice.Security.AuthenticationHelper.CreateSession(HeaderCollection headers, String clientAddress, String action, UserFileItem user) in C:\_releases\ICE\ICE4.2.400.11\Source\Server\Framework\Epicor.Ice\Security\AuthenticationHelper.cs:line 51 at Ice.Hosting.AspNetCore.Middleware.AuthenticationMiddleware.CreateSession(HttpContext context, CurrentCallInformationService callInformation, HeaderCollection headers, UserFileItem user) in C:\_releases\ICE\ICE4.2.400.11\Source\Server\Hosting\AspNetCore\Ice.Hosting.AspNetCore\Middleware\AuthenticationMiddleware.cs:line 149 at Ice.Hosting.AspNetCore.Middleware.AuthenticationMiddleware.InvokeAsync(HttpContext httpContext, CurrentCallInformationService callInformation) in C:\_releases\ICE\ICE4.2.400.11\Source\Server\Hosting\AspNetCore\Ice.Hosting.AspNetCore\Middleware\AuthenticationMiddleware.cs:line 83 at Ice.Hosting.AspNetCore.Middleware.CallHeaderMiddleware.InvokeAsync(HttpContext httpContext) in C:\_releases\ICE\ICE4.2.400.11\Source\Server\Hosting\AspNetCore\Ice.Hosting.AspNetCore\Middleware\CallHeaderMiddleware.cs:line 52 at Ice.Hosting.AspNetCore.Middleware.OperationDisposerMiddleware.InvokeAsync(HttpContext httpContext) in C:\_releases\ICE\ICE4.2.400.11\Source\Server\Hosting\AspNetCore\Ice.Hosting.AspNetCore\Middleware\OperationDisposerMiddleware.cs:line 34 at Epicor.RESTApi.Middleware.ApiKeyEnforcerMiddleware.Invoke(HttpContext context) in C:\_releases\ICE\ICE4.2.400.11\Source\Server\Hosting\AspNetCore\Ice.Hosting.AspNetCore\Middleware\ApiKeyEnforcerMiddleware.cs:line 79 at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task) CorrelationId: 41629c00-5c35-4044-8e8f-05084e04d5ad</Data>
</EventData>
</Event>
I cleared my session and it kicks me back to the login screen where I can login and work for another 15 min. Since telling our employees to clear their cookies every 15 min is not a real solution, I opened an epicare case back in august of last year. We found the issue is persistent across, all computers, all browsers, and all operating systems.
We use the on prem version of Kinetic and use active directory for our users to authenticate. We tried a few things to resolve the issue but to no avail:
We are up to date on kinetic updates (11.2.400.11)
We increased the Session Idle Timeout (minutes) to 4320 for the App Server on the Epic Admin Console.
We increased the Idle Time-out (minutes) to 1740 for the Application Pool using Internet Information Services (IIS) Manager
We changed the Idle Time-out Action from Terminate to Suspend for the Application Pool using IIS Manager.
Here are the current Application Server settings in Epicor Admin Console.
We really want to recommend the browser version to our users as it offers a superior experience, but it’s not an option because of this issue. If anyone has any suggestions, it would be very much appreciated.
That’s a question for you and your security team. I was just curious if your token was expiring and that’s why the Browser Blank page was occurring.
I updated my token to expire after 480 Minutes. I also updated the session to expire after the same time on the admin console and on IIS. I’ll see if it fixes it. After trying it for a few hours.
Yeah so it is saying your token expires at
2/27/2024, 10:52:59 PM *EST
Which is … 8 hours after issuance. That all looks good. Interesting though that it thought it was issued at
2/27/2024, 2:52:59 PM EST
I’m guessing you are 2 hours behind EST whatever time zone that is… if your server is in that same time zone then everything should be fine.
now you had your token TTL (Prior) set to 1 hour… which means that if your Browser Client was in a 1+ or 1- timezone it may have been the issue… (though I would assume that validation of the token should all be server side… yet… we know what happens when we assume)
I guess its a waiting game at this point. Thanks for all the help! I’ll report back tomorrow to see if updating my token expiration and session timeouts resolved the issue.
That documentation refers to an azure active directory. We use our own active directory server not portal.azure.com. I’m not sure where to find that setting on our server. I’m assuming we would use Active Directory Admin Center but I’m not seeing any options their for Redirect URI.
If you’re still running into this problem shoot me a case # and we will direct engage with support to come see what is going on from the browser ux team.
I don’t know of an issue related to session expiration timing like this offhand but we should figure it out if it’s active. We have been getting various intermittently occurring “blank screen” reports and are in the process of resolving all of them, but there are different causes for a screen not to load. This one seems like a unique variant we don’t have on our radar in pd yet…
I’ve had a case open for a while now.
CS0003817264 - Blank Screen on Web version of Epicor.
I have yet to find a solution. I messed with the session and token timeouts to no avail. I just barely found out that my session state on the server is set to use cookies and time out in 20 minutes.