Local instance caché 2016 messed up; server availability error

Question

Question

Laura Cavanaugh · Feb 8, 2017

Hi all, This is a bit embarrassing, and not that critical. I have a local instance of Caché 2016 on my computer, for playing around with. I was attempting to set up two-factor authentication on this instance, and I thought I simply disabled all users except for my own user and enabled two-factor for this user. The next time I tried to login to the Management portal, I received a Server Availability Error:

http://localhost:57772/csp/sys/UtilHome.csp

Caché Server Pages Version 2016.1.1.107.0

Server Availability Error

Server is currently unavailable

I can login to the terminal successfully, and was playing around with the ^SECURITY settings, but I am not able to find what I did and fix it. Any suggestions?

Of course the last resort is to uninstall and reinstall, but that will just be a pain. I'd rather learn by trial/fire/whatever.

Thanks,

Laura

Discussion (9)0

Log in or sign up to continue

Katherine Reid · Feb 8, 2017

That error looks like the CSP gateway can't log in to the Cache instance. The CSP gateway needs to log in in order to serve the portal login page to you. Given that you disabled all the other users, I'd guess you've disabled the user the CSP gateway is trying to log in as.

You can figure out which user this is by enabling auditing of LoginFailure events, then trying to load the page again, and checking the audit log to see which user failed to log in. (All of this can be done with ^SECURITY.) Alternatively, the most likely user for the gateway to be running as is CSPSystem, so you could try enabling that user and see if it fixes the problem.

2 0

score 0 · Answer 1 · 2017-02-08T09:59:16-05:00

Ah, thank you. While playing around with ^SECURITY, I had enabled all users EXCEPT UnknownUser (of course), and after checking out the auditing area of ^SECURITY (thanks for that tip), I saw that it was indeed UnknownUser that is trying to log into the management portal.

I did not know about that step, that the CSP gateway has to log in first to serve up a page. What user is normally used for this?

Thanks,

Laura

score 0 · Answer 2 · 2017-02-08T15:28:36-05:00

Eduard Lebedyuk · Feb 8, 2017

CSPSystem.

0 0

score 1 · Answer 3 · 2017-02-09T05:39:25-05:00

It depends on selected initial security during installation. Using Minimal Security it doesn't set CSPSystem user for CSP Gateway Server Access, therefore unauthenticated access with UnknownUser is used.

Basics of Initial Caché Security Settings are described in Caché documentation:

http://docs.intersystems.com/latest/csp/docbook/DocBook.UI.Page.cls?KEY=...

score 0 · Answer 4 · 2017-11-09T12:20:58-05:00

Hi. I managed to put my Cache instance in the same state, but when I log into the CACHESYS namespace in a terminal session and attempt to run ^SECURITY I'm getting a <PROTECT> error. This happens whether I login in as myself, which I set up with the %All role, or as Admin, which I've given a valid password. Please advise.

score 0 · Answer 5 · 2017-02-08T09:59:45-05:00

Evgeny Shvarov · Feb 8, 2017

Hi, Laura!

You can see similar messages when license is expired.

Is license ok?

0 0

score 0 · Answer 6 · 2017-02-09T05:31:34-05:00

The best start to debug such kind of problems is to enable Security Audit (if not already enabled) and Login, LoginFailure and Protect system events using ^SECURITY routine (option 6 - Auditing setup).

Then reproduce the error and view the Audit, check for the latest records - you should see LoginFailure or Protect events there. Check details of given record, it tells you more about the problem.

In your case it was LoginFailure event with error message: User UnknownUser account is disabled.

score 0 · Answer 7 · 2017-02-09T08:00:29-05:00

Hi All, Thanks for the help. I learned a lot, and looked at our actual instances with a more critical eye. I'll be recommending some changes on them. I had installed the unlicensed version of 2016 on my computer just for fun, so there were no license issues (but that's something to keep in mind for our other instances). I had installed 2016 with minimal security, then tried to increase the security to match our development instance. That was actually successful; it was the disabling of all the other users that messed it up.

Thanks,

Laura

score 1 · Answer 8 · 2017-03-03T14:28:07-05:00

A late comment on Cache security.

Installers are tempted to use "minimal security" instead of "standard" when installing Cache. I suggest always use "standard", change default passwords, etc. You should figure out Cache security before installation, rather than trying to jam more security in later, otherwise admin will be more pain.

http://docs.intersystems.com/latest/csp/docbook/DocBook.UI.Page.cls?KEY=...

Tom Fitzgibbon | 347-464-8531 | gototomAtg...l.com