Enterprise Search Authentication Error


Having an issue that users are unable to use/connect to enterprise search. If a user tries searching for something on their desktop they get the error ‘unable to connect to the remote server’ (1st screenshot below) If I try opening a web browser up on the client and just type in the URL, it will load the webpage but when I type a customer name in and try to search I get a 'unable to authenticate the user identity (400) error (2nd screenshot below). Enterprise search will work on the Appserver itself. I have tried redeploying Ent. Search via the EAC, I’ve tried changing the permissions in IIS to match the settings for Epicor Help and EWA that do work on clients and nothing has worked. Also tried updating permissions in SQL for the account being used for the app pool to ensure it has access to the search index database and the actual Live database. Seems odd as these usually go pretty smooth. I did not do the initial install/setup so I’m not sure if it has never worked, I suspect that is the case though. I’m pretty confident this has to be some kind of a windows permission problem. Any ideas or suggestions is appreciated.

EDIT: I did look in event viewer on the appserver but did not see any errors or info messages pertaining to enterprise search.

Thank you!



My 2nd question would be, what do you guys put in the service account section under the appserver config menu? The Epicor Install docs don’t even mention this section. Use a custom account or Local System? I’m assuming use ‘Custom acct’ and then use that same user for the app pool and the epicor search indexer windows service? If that is true, then that is how I have this environment setup and ES still isn’t accessible to clients.


I’m surprised no one has run into this. I have noticed that 10.0 did not have the Service account option like 10.1 and 10.2 do, but the documents for 10.1. and 10.2 do not mention this section and I assume that’s because Epicor reused part of the 10.0 doc.

1 Like

I am having the same issue, and no one has replied to my ticket either. Have you resolved it and if so, could you shed some light my way?

I am able to get information into those boxes, but I cant start the indexer

Ended up creating a domain admin account named ‘EpicAdmin’. used that for the app pool user and also the windows indexer service.

1 Like

I had tried that as well, but it did not work but in my case it turns out that I had multiple IIS certificates and for some reasons that caused an issue there. After removing the cert, it seems to have fixed it. My pools are either set to LocalSystem or ApplicationPoolIdentity.

Also, potentially related, under services Epicore ICE Task Agent is set to a domain admin account and Epicor Search Indexer is set to Automatic and NT Authority\System.

Hopefully that helps someone.

i been trying for 2 weeks now. And i cant get ES to work on my environment. Its on premise. We upgrade to 10.2.600.4 from 10.2.500. I reinstalled ES, build the search server. I enter the url on the company maintenance. When i try to do the launch search on the console, it ask for credentials and no credentials work whether its domain or epicor credentials. When i do ES search in epicor , i get the following:

i remove all the certs from iis and reinstalled a self signed cert. i looked at the documentation from epicor but nothing about this is on there. No complex setup, just the standard ES. The console service account is the same for the service which is a domain account. All other extensions work, except ES. any help? pleeasseeeee

this is error with your certificate. Most probably because you use self-signed cert and client machine does not trust it. You need to export it on server machine and import on the client into Trusted Root authority.

Thanks Olga, This is all in the server where the cert is. I haven’t even tried on a client yet. i added a go daddy cert and still see this error. I will try again from scratch.

I will remove all the certs except the cert from go daddy and i will import it into the trusted root authority. Lets see if that works.

I figured it out. For any future users
You need to make sure the Issue name from the cert is in Company maintenance ES search URL.
So if its https://servername:8090/search/searchindex it should be https://servername.issuetoname:8090/search/searchindex. The instructions don’t specify this. Thank you Olga for helping out

1 Like

Thanks, This helped.

1 Like