Introduction
The error message above can be indicative of multiple issues. This article will address the common causes for the error and the recommended resolutions. However, in the first instance the IIS Application Pools should be checked to ensure they are started.
Applies to
Credit Hound V6
File Permissions
The user running the Credit Hound IIS application pools (typically a local user named CreditHoundSU) will need write and modify permissions to the Credit Hound Data folder.
If this folder is not present on the server where Credit Hound Server is installed, an equivalent user must be created in the domain. For the requirements for this user, please see the CreditHoundSU User Rights section for more information.
Ports
If the issue is occurring on the client machine but not the server, please confirm that TCP ports 34271 and 34273 are open on the firewall on the app server.
This can be tested on the client by using the below commands in Powershell:
Test-Netconnection -ComputerName "SERVERNAME" -Port 34271
Test-Netconnection -ComputerName "SERVERNAME" -Port 34273
(SERVERNAME will need to be replaced with the name of the application server)
To resolve this issue, please ensure that TCP ports 34271 & 34273 are open in the firewall.
Configuration pointing to a different server
This issue can occur on both the client and server, following a migration to a new app server.
To confirm this is the cause, you can check files in the below paths (the former is only accessible from the app server):
C:\ProgramData\Draycir\Credit Hound\Server\ClientConfiguration.xml
C:\ProgramData\Draycir\Credit Hound\Configuration.xml
In the below example of Configuration.xml, we can see the old server name being used in both the <AppPoolIdentity> and <HostName> sections, with the former referencing a local CreditHoundSU from the old server:
To resolve this issue, please ensure that the <AppPoolIdentity> section references the correct CreditHoundSU user assigned to the CreditHoundWebApi and CreditHoundWebUI IIS application pools, and that the <HostName> section references the correct servername.
Please take a backup copy of any files before editing them.
Credit Hound Data Path using UNC Path on the App Server
If the Credit Hound Data file path is a UNC path in Configuration.xml on the application server, this canresult in the error appearing.
To resolve this issue, edit the <SharedPath> section of Configuration.xml in the below path to point to the drive name (Such as C:\Sage\Credit Hound Data\) as opposed to the UNC path:
C:\ProgramData\Draycir\Credit Hound\
Please take a backup copy of any files before editing them.
Credit Hound Certificate Issues
On occasion, the certificate installed by Credit Hound Server can encounter issues (this can occur following a server migration). This can be identified by runnigna repair install on the affected client and getting the below exception when it attempts to install the certificate:
Installing root certificate at \\(PATH TO CREDIT HOUND DATA FOLDER)\CHWebServerRootCA.cer System.InvalidOperationException: Cannot install root certificate. Certificate file does not exist or cannot be accessed at \\(PATH TO CREDIT HOUND DATA FOLDER)\CHWebServerRootCA.cer at b.a(StringA_0, d A_1) at b.b(String[] A_0)
To resolve this issue, please try uninstalling and re-installing the CH Web Server Root CA certificate from the server and the client:
CreditHoundSU user rights
After installation of Credit Hound v6, the Credit Hound Client cannot connect to the Credit Hound Server, giving the error "Failed to communicate with the Credit Hound Web API authentication endpoint"
The Application Pool for Credit Hound's web API will be stopped and an Event 5059 will be logged in the Windows Event viewer:
Event Viewer : Log Name: System Source: Microsoft-Windows-WAS Date: 28/11/2017 16:56:38 Event ID: 5059 Task Category: None Level: Error Keywords: Classic User: N/A Computer: computer.domain.co.uk Description: Application pool CreditHoundWebApi has been disabled. Windows Process Activation Service (WAS) encountered a failure when it started a worker process to serve the application pool.
And the Credit Hound log file will show an HTML server response code 503.
When Credit Hound v6 is installed, it needs to create two Application Pools in IIS, one responsible for the layout of the Credit Hound Dashboard screen and the Accounts list screens in the Credit Hound client application, and one that provides an authenticated API to the Credit Hound database.
These Applications Pools must be run under a given Windows user identity; the Credit Hound installer will create a local user named CreditHoundSU and will configure this account to run the application pools. In the majority of cases this account is all that is needed. However certain environments may prevent this from happening:
If Credit Hound server is installed onto a domain controller, the installer cannot create a local account, and will instead create a domain account.
If Credit Hound server and the SQL server are installed to different PCs, then the Application Pools must run using a domain account, which must be created manually.
The account to be used (whether local or domain) must have the following rights:
- Log on as a Service
- Log on as Batch Job
- It must be a member of the group IIS_IUSRS
- It must have read/write access to the Credit Hound shared folder
The issue above occurs when these requisites have not been met, which can occur if these user rights are managed by a domain group policy rather than a local system policy. This can be seen by opening Control Panel>Administrative Tools>Local Security Policy>Security Settings>Local Policies>User Rights Assignment:
Note that the icon for Log on as a batch job shows that in this example, these rights are managed by group policy on the domain. If you open the properties you will see that the editing functions are greyed out:
To modify these right you will need to use the Group Policy Management Console on the domain, under Computer Configuration>Windows Settings>Security Settings>Local Policies>User Rights Assignment.
Ensure that the account that is running the IIS Application Pools has the correct rights and memberships as described above, whether via local policy or via domain group policy.
For more information regarding User Rights Assignment, see this MS technote: https://technet.microsoft.com/en-us/library/dn221963(v=ws.11).aspx
Knowledge Base Article Details
| Related Product | Credit Hound v6 |
| Ref Number | KBA-03-03-013 |
| Document Date | 30-11-2017 |
| Original Author | Vince Hodgson |
| Document Version | v1.3 |
| Last updated | 11-10-2024 |
| Update Author | Matthew Perry |