No doubt I will do a full backup prior to the changes. But thanks just wanted to confirm. I know not all the settings are mirrored, which I have asked for some of the settings to be so we can keep the servers in sync.

I have no intention of replacing the Cache users with LDAP. It is for everyone else...Password Authentication regardless of what Auditing says will always need to be available for "Emergency" purposes.

Thanks I got it running, but I am not sure what to do next. When I try to access HealthShare within the Management Portal, it is telling me the Service is Unavailable. I want to be able to see what the System can do.

The Responses from the Stored Procedure calls back to the Operation look correct, and yes if there was an error it should of shown up.

Is there a way to query the original SourceConfig through the process id?

I think I tried that but I. Previous testing via terminal I had to put the multiple “” to get it to actively write the output to a log file. I will give it a try again later. 

Didn't give me any more additional information on the error besides what was in the Audit Database, but thanks.

Yes %Development resource is set as part of the Role he is assigned from the detail we get from LDAP. 

The user is not really the issue I have at the moment, I am trying to track down why UnknownUser keeps trying to access the Gateway.

That I am not sure of... Why?

Yes... 

I have no issues with VSCode, its just the one user. The issue with the user I believe is with LDAP not InterSystems as the same error happens when trying to sign into the Management Portal, periodically. 

Does /api/atelier need to have unauthenticated turned on? Why am I seeing the 

ERROR #815: User not authorized for service %Service_WebGateway
Web Application: /api/atelier

I don't want Unauthenticated users to access the system or be able to get through the Web Gateway at all...

Yes I am attempting to connect to Epic Interconnect using OAuth 2.0. I created an internal backend application on vendor services and supplied it with a public key I had generated from our IRIS server. 
 

I just haven’t found the right sequence of code or syntax for the request to happen yet. I’m working with WRC but since Epic suggested using JWT and our systems team doesn’t have a jwks setup it’s been kind of a hard thing to figure out. 

Thanks, yes I know /api/monitor/metrics would still be available, I was just wondering on which programs folks were using to ingest the data from /api/monitor/metrics/.

It is possible to setup Apache to listen for 52773 instead of 80, so why wouldn't calls to port 52773 go through Apache if it is configured to listen for port 52773?

Since everyone on the team uses the URL that contains the port number of 52773, I was trying to make it possible for them not to have to update their bookmarks they already use. Seamless transition to encrypting the traffic between their web browser and the server.

Thanks, but I have already went through all of those steps. 

How do you setup Apache to know the VIP has been moved to one of the other servers? If you include the VIP in the ServerAlias settings in Apache then when a user connects to the VIP, Apache wont know which server to connect to.

How did you configure the web gateway to do this?

Each web gateway is configured to talk to the local Health Connect instance, irrespective of it being primary, secondary or DR at any time.

So, when have to access the primary, we go via the VIP URL -> the request lands on the IIS for the primary instance and that is passed on to the local Health Connect instance.