Generic

1. Open ms excel
2. In "Data" tab choose "Get Data From" option in tool bar
3. Then choose "From file" >> "From Folder"
4. Choose the release drop folder
5. A pop up will appear with all the files information
6. Choose "Load data"

1.

2.

3.

Steps to resolve the issue when encountering a "folder in use" message during file deployment:

1. When attempting to deploy DLLs, EXEs, or any other files to an application folder, if you receive an alert stating that the folder or a file in it is open in another program, you won't be able to complete the file deployment.
2. To resolve this issue, you should first check if the application from this location is hosted as any Windows service or IIS service/application.
3. Once you have identified the service or application, stop it.
4. Proceed with file deployment.
5. If the application is hosted on IIS, then find the application pool and stop it before proceeding with file deployment.
6. Once you have stopped the appropriate service or application, you should be able to complete the file deployment successfully.

The error message "trusted certificate entries are not password-protected" typically indicates an issue with the SSL/TLS configuration in a Java application. It suggests that one or more certificate entries in the truststore being used by the application are expected to have passwords, but they are not actually password-protected.

To address this issue, you can consider the following steps:

1. Review the truststore: Identify the truststore file being used by the Java application. It is usually a file with a ".jks" or ".cacerts" extension.
2. Verify certificate entries: Check the certificate entries within the truststore. You can use the keytool command-line tool that comes with the Java Development Kit (JDK) to examine the truststore entries. Run the following command:
   shell

   keytool -list -keystore <truststore-file>


   Replace <truststore-file> with the actual path and filename of the truststore.

   Examine the listed certificates and ensure that any entries that require a password are indeed password-protected.

3. Update the truststore: If you find any certificate entries that are not password-protected but should be, you may need to update the truststore. Remove the problematic entries from the truststore using the keytool command with the -delete option, and then add them back with the appropriate password using the -importcert option.
4. Restart the application: After updating the truststore, restart the Java application and verify if the error message is resolved.

Minutes Hours Day Month Weekday

Ex: 5 4 * * *

Ref: https://crontab.guru/

Exposing the web-server banner can be highlighted as a vulnerability, to avoid this it's recommended to disable default home / error pages.

• Remove (ROOT, balancer, jsp-examples, servlet-examples, tomcat-docs, webdav) from CATALINA_HOME/webapps (ROOT, balancer, jsp-examples, servlet-examples, tomcat-docs, webdav)

• Remove (host-manager, manager) from CATALINA_HOME/server/webapps (host-manager, manager). Note that it can be useful to keep the manager webapp installed if you need the ability to redeploy without restarting Tomcat. If you choose to keep it please read the section on Securing the Manager WebApp.

• Remove CATALINA_HOME/conf/Catalina/localhost/host-manager.xml and CATALINA_HOME/conf/Catalina/localhost/manager.xml (again, if you are keeping the manager application, do not remove this).

• Make sure the default servlet is configured not to serve index pages when a welcome file is not present. In CATALINA_HOME/conf/web.xml

 <servlet>
   <servlet-name>default</servlet-name>
   <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
   <init-param>
     <param-name>debug</param-name>
     <param-value>0</param-value>
   </init-param>
   <init-param>
     <param-name>listings</param-name>
     <param-value>false</param-value>  <!-- make sure this is false -->
   </init-param>
   <load-on-startup>1</load-on-startup>
 </servlet>

Ref: https://wiki.owasp.org/index.php/Securing_tomcat

TLS < 1.2 are flagged as unsafe versions for known CVE. Hence, TLS1.2 is the security recommendation.

Following are the steps to disable TLS < 2.o versions in Tomcat.

1. In the server.xml file make sure  should be enabled as follows in the connector tag,

   sslEnabledProtocols="TLSv1.2
   SSLProtocol="TLS1.2"

2. Restart tomcat

• ICMP
  • ping <destination/target server> (ex. ping 10.0.0.1) - replied
  • 
  • Destination host unreachable
  • 
  • Request time out (RTO)
  • 
  • ping /?
  • 
  • Intermittent connection ICMP
  • 
• HTTP
  • open your browser
  • type your url: http://<target server>/<virtual path>
  • sample: http://www.google.com
  • 
  • cmd - command prompt:
    

    telnet linuxhint.com 80

  • 
  • powershell: (cmd)
    

    powershell "tnc google.com -Port 80" or powershell "Test-NetConnection  google.com -CommonTCPPort HTTP"
    

  • 
• HTTPS
  • open your browser
  • type your url: https://<target server>/<virtual path if any>
  • sample: https://www.amazon.com
  • 
  • cmd - command prompt:
    

    telnet rpc.acronis.com 443

  • 
  • 
  • powershell: (cmd)
    

    powershell "tnc www.google.com -p 443"

  • 

• Database
  • MSSQL: powershell "tnc <target server> -p 1443"
  • MYSQL: powershell "tnc <target server> -p 3306"
• TMAC
  • powershell "tnc <target server/ip address> -p 17000"
• Specific Port
  • powershell "tnc <target server> -p <specific port>"

Steps to check the TLS Version in AES

1. Login to AES using Username and password.
2. Select Networking- > TCP/TLS Settings
3. Check which check box is enabled.

Below screenshot for reference

Issue description:While starting Tomcat service getting below error message:
Windows could not start the Apache Tomcat 9.0 Tomcat9 on local computer. For more information, review the System Event Log. If this is a non-Microsoft service, contact the service vendor, and refer to the service-specific error code 1.

Steps to be verified:

1.Check Event viewer logs:
2.Go to Tomcat installation directory's bin folder.
3.You will see two EXEs (tomcat9.exe and tomcat9w.exe). tomcat9w.exe is a GUI application for monitoring and configuring Tomcat services. Double-click it and then go to Java tab
1) Enable the check box for Use default
2) In Java Classpath: section, specify the path to bootstrap.jar and tomcat-juli.jar. These should be present in your tomcat installation's bin directory itself:

<path_to_tomcat_installation>\bin\bootstrap.jar;<path_to_tomcat_installation>\bin\tomcat-juli.jar

Try restarting tomcat service and this should resolve the issue. If not,

4.This time, uncheck the 'Use default' option and explicitly provide path to jvm.dll in 'Java Virtual Machine' section:

For e.g, C:\Program Files\Java\jre1.8.0_241\bin\server\jvm.dll

'Java Classpath' setting was still required as explained above

What is Reverse Proxy?

In computer networks, a reverse proxy is the application that sits in front of back-end applications and forwards client requests to those applications. Reverse proxies help increase scalability, performance, resilience and security.

Issue Description:

Chat Proxy isn't working using Nginx Reverse Proxy and gives 500 internal error (Null Pointer Exception) for livechat.js file

Troubleshooting:

Check the Nginx configuration file if the required proxy headers are provided. Below are the required headers.

proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

Resolution:

Set the required proxy header for specific application under location and restart the nginx.

Sample Nginx Config:

server {
listen 80 default_server;
server_name _;
access_log /var/log/nginx/access.log vhost;
add_header Strict-Transport-Security "max-age=31536000;includeSubDomains;preload" always;

error_page 401 402 403 404 405 444 500 501 502 503 504 /custom_error.html;
location = /custom_error.html {
root /usr/share/nginx/html;
internal;
}

if ( $request_method !~ ^(GET|POST|PUT)$ ) {
return 444;
}

location /api/ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://<IP-ADDR>:<PORT>;
}
}

Issue Description: MySQL-"Access denied for user 'username'@'hostname' (using password: NO)" when tried giving access in RoleBasedAccessManagement module.

Troubleshooting steps:

If confLoadMode = "local" in tmc.config then connection string should be provided like below in TMC_Data.json.

DBConnection: "Provider=mysql; Server=172.xx.x.xx;Port=3306;Database=OCM;Uid= userId; Password = password; Persist Security Info=True;"

If the application is not running in one instance say onsite but running in local lab, you may check the following:

1. The DLLs might be blocked. You must always zip the build and transfer, because onsite server monitoring tools will block internet downloaded files. You can check the properties of all the DLLs and check if it is blocked.
2. Check the error code. This will tell you where the issue is occurring. You can find this in network tab in console in case of web application or in browser when opening server endpoint. Or you can use other tools to find out this.
3. You will get some idea in event viewer logs. Following log is seen in event viewer in one of the case. This tells that issue occurred in Microsoft Monitoring Agent in the server. We found that logs were not writing. Even though the log4net.dll and Logger.dll were not showing as blocked in properties, log4net.dll 2.0.12.0 was blocked in one of the deployments. So, that version cannot be used. So we fixed it by using log4net.dll version 2.0.8.0

Faulting application name: w3wp.exe, version: 8.5.9600.16384, time stamp: 0x5215df96
Faulting module name: PerfMon64.dll, version: 8.0.10977.0, time stamp: 0x59cfb3d1
Exception code: 0xc0000409
Fault offset: 0x000000000013f68f
Faulting process id: 0x2abc
Faulting application start time: 0x01d7876805c29212
Faulting application path: c:\windows\system32\inetsrv\w3wp.exe
Faulting module path: C:\Program Files\Microsoft Monitoring Agent\Agent\APMDOTNETAgent\V8.0.10918.0\PerfMon64.dll
Report Id: 45fe93c3-f35b-11eb-8123-005056886372
Faulting package full name:
Faulting package-relative application ID:

By default, all logs are printed to logs without any filters. You can choose to write logs that match words or loggers or level ranges.

This must be configured in Log4Net.config file of your application. Following is the sample config file:

<?xml version="1.0"?>
<configuration>
<configSections>
<section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net"/>
</configSections>
<log4net>
<appender name="ConsoleAppender" type="log4net.Appender.ConsoleAppender">
<layout type="log4net.Layout.PatternLayout">
<conversionPattern value="%date{ABSOLUTE} [%thread] %level %logger - %message%:Extra Info: %property{testProperty}%:%exception%newline"/>
</layout>
</appender>
<appender name="RollingFileAppender1" type="log4net.Appender.RollingFileAppender">
<file value="C:\Tetherfi\TetherfiHome\Logs\TMACWorkQueue\WQ.log"/>
<appendToFile value="true"/>
<rollingStyle value="Size"/>
<maxSizeRollBackups value="5"/>
<maximumFileSize value="2MB"/>
<staticLogFileName value="true"/>
<layout type="log4net.Layout.PatternLayout">
<conversionPattern value="%date [%thread] %level %logger - %message%:%exception%newline"/>
</layout>
</appender>
<appender name="RollingFileAppender2" type="log4net.Appender.RollingFileAppender">
<file type="log4net.Util.PatternString" value="E:\GIT\WorkQueue\Server\Logs\WQClient.log"/>
<appendToFile value="true"/>
<rollingStyle value="Size"/>
<maxSizeRollBackups value="5"/>
<maximumFileSize value="5MB"/>
<staticLogFileName value="true"/>
<layout type="log4net.Layout.PatternLayout">
<conversionPattern value="%date [%thread] %level %logger - %message%:%exception%newline"/>
</layout>
<lockingModel type="log4net.Appender.FileAppender+MinimalLock"/>
</appender>
<root>
<level value="ALL"/>
<appender-ref ref="RollingFileAppender1"/>
</root>
<logger name="TetherfiWorkAssignmentClient.WorkItemManager" additivity="false">
<level value="ALL"/>
<appender-ref ref="RollingFileAppender2"/>
</logger>
</log4net>
</configuration>

"<filter>" tag blocks must be added the following xml block under "appender" tag. Following are the examples:

Logger Filter

<filter type="log4net.Filter.LoggerMatchFilter">
<loggerToMatch value="TetherfiWorkAssignment.Processor"/>
<acceptOnMatch value="false"/>
</filter>

Each logger corresponds to a namespace and class of an application. In the sample XML provided, There is one logger "TetherfiWorkAssignmentClient.WorkItemManager" defined which will be written to a separate file. Rest all will be written to another file which is defined under "root" tag. In "root" tag, if you want to match logs of a logger and not write it, you can use the above block. This will reject all logs coming from logger "TetherfiWorkAssignment.Processor".

Search Filter

<filter type="log4net.Filter.StringMatchFilter">
<stringToMatch value="GenericTimerOnElapsed"/>
<acceptOnMatch value="false"/>
</filter>

This filter allows you to filter by search word. This is a 'contains' operation. With this block, all logs having the word "GenericTimerOnElapsed" will not be written.

Level Range Filter

<filter type="log4net.Filter.LevelRangeFilter">
<param name="LevelMin" value="INFO"/>
<param name="LevelMax" value="ERROR"/>
</filter>

This filter specifies to write logs of minimum type "INFO" and maximum type "ERROR". This means types below INFO such as DEBUG and types above ERROR such as FATAL will not written.

Deny All Filter

<filter type="log4net.Filter.DenyAllFilter"/>

<filter type="log4net.Filter.StringMatchFilter">
<stringToMatch value="MyFirstPhrase"/>
<acceptOnMatch value="true"/>
</filter>
<filter type="log4net.Filter.StringMatchFilter">
<stringToMatch value="MySecondPhrase"/>
<acceptOnMatch value="true"/>
</filter>
<filter type="log4net.Filter.DenyAllFilter"/>

What is CORS ?

Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any other origins (domain, scheme, or port) than its own from which a browser should permit loading of resources. CORS also relies on a mechanism by which browsers make a “preflight” request to the server hosting the cross-origin resource, in order to check that the server will permit the actual request. In that preflight, the browser sends headers that indicate the HTTP method and headers that will be used in the actual request.

When browser throws CORS error?

CORS is a security mechanism built into modern web browsers. It basically blocks all the HTTP requests from your front end to any API that is not in the same “Origin” (domain, protocol, and port—which is the case most of the time).

Resolution :

Inspect the error in the web browser console for which the CORS error has been highlighted. Identify the Access-Control-Request-Headers in the browser network console, add CORS filters in web.xml of the respective tomcat app (Ex: C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps\tetherfi-generic-webservice-interface\WEB-INF\web.xml).

Make sure the following tags

1. "cors.allowed.headers" has all the HTTP access control request and custom headers (ex: Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-RequestVerificationToken).
2. "cors.allowed.origins" has request origin (ex: https://bank.domain.com:8443).
3. cors.exposed.headers has exposed headers (ex: Access-Control-Allow-Origin).

Below is the sample web.xml for reference,

<display-name>Tetherfi Generic Web Service Interface Application</display-name>
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>https://nabilbank.tetherfilabs.com:55003</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-RequestVerificationToken</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>

Note that, CORS may still exist if any headers are missing in "cors.allowed.headers" list.

Issue

When the application fails to find and load an assembly (DLL), following exception is thrown:

System.IO.FileNotFoundException: Could not load file or assembly 'System.Configuration.ConfigurationManager, Version=4.0.3.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51' or one of its dependencies. The system cannot find the file specified.

Reasons and Solutions

1. The assembly itself is not found.In this case, the assembly is not present in your application path. Copy the assembly from release and paste it here and try again.
2. The specific version of that assembly is not found.Sometimes, the assembly version referred by the application and the present assembly might vary due to incorrect deployment or during release process.
   1. Navigate to the application path.
   2. Open the application config file and template config file.
   3. Head to the "runtime" section under "configuration".
   4. You will find the assembly binding redirects. These are used to redirect references of "oldVersion" to "newVersion".Following is the sample assembly redirect:<runtime>
      <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
      <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
      <bindingRedirect oldVersion="0.0.0.0-12.0.0.0" newVersion="12.0.0.0" />
      </dependentAssembly>
      </assemblyBinding>
      </runtime>Here, this says, that all references of assemblies from version 0.0.0.0 to 12.0.0.0 (oldVersion) should use 12.0.0.0 (new Version)
   5. So, you should copy the version of Newtonsoft.Json.dll of version 12.0.0.0
   6. So, if you found an error for this DLL, probably you are using different version DLL.

How to find assembly version?

For TMAC Server, version 5.0.6.3001 onwards assembly versions are printed in logs on start up. Until this version, file versions were printed.

Assembly and file versions are different.

To find assembly version, run this command in your powershell window:

([system.reflection.assembly]::loadfile("C:\Tetherfi\TetherfiHome\TMACServer\Newtonsoft.Json.dll")).FullName

Substitute your application path and assembly name here.

Once you find your assembly version, you can verify what version assembly you have and do the needful.

Report To

If this issue was due to the incorrect release and not due to wrong deployment process, report this to the developer so that release can be corrected.

For TMAC components, report to tmac@tetherfi.com

For WorkQueue components, report to wq@tetherfi.com

Sometimes copying or pasting files, texts, etc from/to Windows servers through RDP connection stops working and can be fixed by following below steps

Solution:

1. Open task manager in server and search for rdpclip.exe under the details tab and end the process

2.Type Windows+R and Enter rdpclip.exe and click OK.

When we are trying to connect VM using RDP if we received CredSSP encryption oracle remediation issue. Please follow the steps in the attached document to address this issue.CredSSP encryption oracle remediation issue.

a) Description:

Where to look for lipsip logs

note: Lipsip log path will not be mentioned in log4net.

b) Components to Verify:

c) Resolution:

Create logs folder inside the app folder if not created. libsip log file will generate inside the logs folder.

a) Issue Description:

While accessing the application (TMAC/OCM/TMC..etc) in the browser, it is not accepting the Credentials provided even though it is correct.

b) Components to Verify:

Resolution:

Add the Security Groups IIS_user, IUSR, Network service, Authenticated users in the security groups list. Follow the below steps to add.

1. Right-click on the folder(eg TMAC) and go to properties.
2. Click on Security tab ->Click on edit-> Click on Add
3. Click on the Locations tab and select the server name and click on advanced.
4. Click on find names and select the security groups and add and save.

Go to the log4net.config file under the application folder.

Change the header <log4net> to <log4net threshold="OFF"> This will stop writting the log.

Log4net.config for reference.

Before

After:

Tetherfi standard for component versioning is a 4 doted decimal number of the format M.yy.mm.dd[.r] where

• M - The major version. A single digit or two digit number. This changes only for major refactoring or major roll out of a product.
• yy - Year of release. A two digit number. Specifies the year component of the release date.
• mm - Month of release. A two digit number. Specifies the month component of release date.
• dd - Day of release. A two digit number. Specifies the date of the month component of the release date.
• r - Optional. Either 'a' or 'b' specifying alpha or beta releases. This component should only be added to alpha/beta releases.

e.g. Chat Server - 1.19.03.24, TMAC - 3.18.05.20, Media Server - 1.19.12.27.b

.NET Applications

All C# applications should set and maintain version in Project Properties -> Application -> Assembly Information

C++ Applications

All C++ applications should maintain a PrefixVersion.h file (where Prefix can be a application specific prefix) where the version is set. The application should log the version to log at startup.

JavaScript libraries

All JavaScript libraries should maintain version in their source code and must log it (preferably to server side logs) at startup.

Resolution: 

• Perform windows search for Server Manager Interface.
• • On selection of Server Manager, the Server Manager dashboard window will be shown. Select Add Role or Feature to open the wizard. Then select Role-based or feature-based installation. Click Next and select the server which you want to work on.

Server Manager

• • Go to Features section, expand either .NET Framework 3.5 Features node or the .NET Framework 4.5 Features node depending on what is installed. If both are installed then we need to do below mentioned steps for both.
  • Expand WCF services section, then select HTTP Activation as shown in the screenshot below,

Features section

• • Keep clicking on next until you install it.

If the above solution doesn't work, try the below approaches.

1. Check if you are missing config tag <security mode=”Transport”> inside the node <webHttpBinding> 
2. Check if below tag is present, if not then add under <endpointBehaviors> tag <webHttp helpEnabled="true"  automaticFormatSelectionEnabled="true"/>

This issue usually is seen when the hosting system doesn't support the applications compiled version. It is based on the systems environment the program is going to run. Go to system information and look at the system type whether it is x64 or x32.

Based on system type get the files from release, incase a specific version of files you looking for is not found kindly request for the same.

Issue description: This is a generic SQL error, occurs during authentication.

Workaround:

• Ping SQL server from the application server, check if it is reachable.
• Verify database connection string is correctly configured in the applications configuration file with a valid database username and password.
• There is a possibility that sometimes SQL service stops automatically, Ensure SQL service is up and running.
  • Go to Windows search and search for Services. On selecting it, below window will show up.

windows services

• • Search for service name SQL Server, ensure status is in Running.  If not, then right-click on that service name and click on properties. The properties window will open as shown in the below screen. Make sure the status type is “Automatic” in the properties window. Click OK and then start the service by right-clicking on it again and then click on start.

• If service is already up and running, then connect to SQL Server Management Studio using windows authentication. Then expand Security -> Logins and look for user sa, right-click and click on properties.

Security tab showing for user 'sa'

status of permission for user 'sa'

• As highlighted above, if login is disabled change it to Enabled by clicking on the radio button and click OK. This must resolve this issue.

The Service on local computer started and then stopped, some services stop automatically if there are not in use by other services or programs

There are many reasons why a service would stop.  It is best to inspect the Event Viewer to determine the cause of the stoppage.  Possible reasons include:

• onStart() throwing exceptions
• onStart() is not starting the thread to work
• Check the end points in the configuration. There can be issue with the base address or the client endpoints
• Check for the opening and closing of the keys in configs

To go to Event Viewer search for it in Windows Search.

To check the error, click on Windows Logs -> Application and check for your service error (example pic shown below)

Rectify, solve and start the service again.

When client is communicating with servers, the operation has timed out issue can be seen in logs irrespective of component.

Description: The requesting channel which is client, is trying to connect to server but will not get response within the threshold time. Say sendTimeout is 1 min (see below), which means the response from server should be sent by 1 min. If it doesn't respond by that time then we can observe this TimeoutException.

Resolution: Increasing the sendTimeout value in the config to higher number (ex: 00:05:00 which is 5mins, HH: MM: SS) might solve the issue if the endpoint is reachable. Please refer the example config as shown below.

 <binding name="WSHttpBinding_IFaxer" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="20000000" maxReceivedMessageSize="20000000"
allowCookies="true">

Issue Description:  This is general error which occurs when consuming service returns data size more than acceptable or default size.

Resolution:

Modify/Add or append below binding tag properties starting from “allowCookies” till the end of the binding tag in your app config file.

<bindings>
<basicHttpBinding>
<binding name="somename" allowCookies="true"
maxReceivedMessageSize="20000000"
maxBufferSize="20000000"
maxBufferPoolSize="20000000">
<readerQuotas maxDepth="32"
maxArrayLength="200000000"
maxStringContentLength="200000000"/>
</binding>
</basicHttpBinding>
</bindings>

Issue Resolution 1:

This error is generated when permission for the application pool is not given in IIS.

Permission for the application pool can be given as shown below.

1. Right-click on the IIS application and click on Edit Permissions as shown below
2. In the Properties, Select the Security tab click on the ‘Advanced’ button
3. In the Advanced Security Setting click on ‘Add’ button
4. Click on the link ‘Select a principal’.Enter the name of the service account and click in ‘Check Names’ button click on ‘OK‘button.
5. Select the permissions and click on ‘OK’
6. Details of the newly added service account will be displayed as shown below

Issue Resolution 2:

This error may also generate when permission for the IIS_USER is not given in IIS.

Permission for the IIS_USR can be given as shown below.

1. Goto IIS and right click on the application and Select ‘Edit Permissions’
2. Goto ‘Security’ and Click on ‘Edit’
3. Click on ‘Add’
4. Click on ‘Advanced Settings’
5. Click on ‘Find Now’ and search for ‘IIS_USER’ in ‘Search result’ table.
6. Select ‘IIS_USER’ and Click ‘OK’
7. ‘IIS_USER” will be displayed in ‘Select user or Groups’ popup. Click on ‘OK’
8. Select ‘IIS_USER’ in ‘Permissions for UI’ popup and provide all the permissions. Click on ‘OK’
9. Click on ‘OK’

Issue Resolution 3:

This error is generated when permission for the application pool is not given in IIS.

Permission for the application pool can be given as shown below.

1. Click on ‘Application Pools’ in IIS and select the application pool of your application.
2. Right-click on the application pool and select ‘Advanced Settings’
3. Click on ‘Identity’ in ‘Advanced Settings’ popup
4. Select ‘Custom account’ and click on ‘Set’
5. Provide User name and password which is used to access an application
6. Click on ‘OK’
7. Right-click on application and select ‘Edit permissions’
8. Go to ‘Security’, and click on ‘Edit’
9. Select the application user from the list and provide all the permissions

Issue Description:

This issue will occur when SQL Server not configured properly.

Issue Resolution:

• Make sure the Connection String configured properly in the application.

• Check if SQL Server and SQL Server services are always running on the server hosting your SQL instance.

• Select one of the services in Windows Services  and click the Properties menu item.
• Set the service's start-up type to Automatic in the resulting pop-up and hit OK.

• Right-click the service and select Start, if the service is not already started.

• To check SQL instance configured for mixed (Windows and SQL) authentication

• Click on SQL instance name in SQL Server Management Studio. Select the Properties menu item. Select the Security tab in the resulting pop-up.

• Tick SQL Server and Windows Authentication mode and  restart SQL instance.

• If your windows service and/or a web application hosted on the different server than the database, make sure your SQL instance set up to allow remote database connections.

• Select properties by clicking on SQL instance name in SQL Server Management Studio and open the connections tab in the resulting pop-up.
• Tick Allow remote connections to this server
• Open SQL Server Configuration Manager and select the Protocols item under SQL Server Network Configuration. There will be a shortcut to SQL Server Configuration Manager in your Start menu.

• Enable Named Pipes and TCP/IP.
• Right-click TCP/IP, select Properties and make sure that connectivity enabled for the proper IPs in the IP Addresses tab. Then restart the SQL service.

• TCP port 1433 is the most basic port used by SQL Server, though other ports are sometimes used as well.

The main reason for this type of error is
1. Invalid Certificate bind (expired/self signed)
Open certificate details and check certificate is valid and not self signed

2. Path given for certificate is wrong.
Check application configuration (app settings) section for certificate path.

3. Certificate is not binded properly in IIS
• Go to start, click on run, enter mmc, press enter
• Console window will open. Go to File and click on Add/Remove Snap-ins.
• From left pane select certificate. Click Add.
• On adding, Certificates snap-in windows will open. Select computer account. Select local computer.
• Click on finish. Click on ok twice.
• Expand certificates. Expand personal. Select certificate that you have bind in IIS.
• Right click and go to all tasks. Click manage private keys and click add.
• Go to advanced. Click on find now. From the search results, select the IIS_IUSRS
• Click on apply. Click Ok.

Steps for site bindings:
• Copy certificates given by Client team into the respective folder.
• Go to IIS, Go to Domain.
• Click on Server certificates. Click on complete certificate request.
• Enter certificate path and give certificate name. Click ok. Certificate will be listed in server certificates.
• Select default web site(under which your application is deployed).
• Click on bindings, select site bindings based on type and port(Example https 444).
• Click edit, select SSL certificate, click Ok.

Troubleshooting at application side :
Enable Trace logs. This helps to track every remote web request. Make below changes in either web.config or application.config file

<system.diagnostics>

<trace autoflush="true" />

<sources>

<source name="System.Net">

<listeners>

<add name="System.Net"/>

</listeners>

</source>

<source name="System.Net.Sockets">

<listeners>

<add name="System.Net"/>

</listeners>

</source>

<source name="System.Net.Cache">

<listeners>

<add name="System.Net"/>

</listeners>

</source>

</sources>

<sharedListeners>

<add

name="System.Net"

type="System.Diagnostics.TextWriterTraceListener"

initializeData="D:\Application\Trace\System.Net.trace.log"

/>

</sharedListeners>

<switches>

<add name="System.Net" value="Verbose" />

<add name="System.Net.Sockets" value="Verbose" />

<add name="System.Net.Cache" value="Verbose" />

</switches>

</system.diagnostics>

C:\Users\User>ping 192.168.1.64

 

Pinging 192.168.1.64 with 32 bytes of data:

Reply from 192.168.1.64: bytes=32 time<1ms TTL=128

Reply from 192.168.1.64: bytes=32 time<1ms TTL=128

Reply from 192.168.1.64: bytes=32 time<1ms TTL=128

Reply from 192.168.1.64: bytes=32 time<1ms TTL=128

 

Ping statistics for 192.168.1.64:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\User>ping 192.168.1.6

 

Pinging 192.168.1.6 with 32 bytes of data:

Reply from 192.168.1.64: Destination host unreachable.

Reply from 192.168.1.64: Destination host unreachable.

Reply from 192.168.1.64: Destination host unreachable.

Reply from 192.168.1.64: Destination host unreachable.

 

Ping statistics for 192.168.1.6:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

C:\Users\User>telnet 192.168.1.64 8080

Connecting To 192.168.1.64...Could not open connection to the host, on port 8080: Connect failed

To find .NET Framework versions by viewing the registry (.NET Framework 4.5 and later)

• On the Start menu, choose Run.
• In the Open box, enter regedit.exe.

You must have administrative credentials to run regedit.exe.

• In the Registry Editor, open the following subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full

Note that the path to the Full subkey includes the subkey Net Framework rather than .NET Framework.

Note

If the Full subkey is not present, then you do not have the .NET Framework 4.5 or later installed.

Check for a DWORD value named Release. The existence of the Release DWORD indicates that the .NET Framework 4.5 or newer has been installed on that computer.

The value of the Release DWORD indicates which version of the .NET Framework is installed.

Important

The following table lists the keys of released versions of the .NET Framework only. It doesn't list the keys of preview or pre-release versions.

Refer below link for the .NET version and key verification.

https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed