Scott,

take a look inside iam-setup.sh

Based on the inputs it constructs a URL and then tries to 'curl' it.

And fails for some reason. Check which URL it constructs and check if curl indeed works fine for that URL

The URL should look like:

https://IAM:
@xxx.xxx.xxx.xxx:443/api/iam/license

Check if you can access it from the bash

I don't know what happens in your particular case. What you can do -- set logging level in the Web Gateway to "ev2"

"V2" incudus the following information: "Information regarding basic connection management between the Web Gateway and InterSystems IRIS (Start and Close points for each connection)"

Let the Web Gateway run for some time, then hopefully in the csp.log you'll see the details on how new connections are created and old ones are terminated

https://docs.intersystems.com/irislatest/csp/docbook/DocBook.UI.Page.cls...

Other idea -- check Apache settings. Which MPM does it use, what recycle settings for worker does it have?

Also, some notes on MPM models of Apache:
https://docs.intersystems.com/iris20232/csp/docbook/Doc.View.cls?KEY=GCG...

This is a standard Windows error with the code 64:

C:\>net helpmsg 64

The specified network name is no longer available.

Some Caché code called some OS system function that returned this error and for some reason it was logged.

To investigate this further -- check what process logged the error message. Find in the Caché Audit a Login event with the corresponding process. Perhaps it might give you some hint

Generally, messages with severity 0 are informational, 1 -- warnings, 2 -- error, 3 -- critical

No. If you have Windows NT authentication enabled to connect to SQL Server then SQL Server ODBC driver uses OS user that executes irisdb.exe process. That's the same use as configured to run service IRIS.

If you'd like to use different user for authentication , then choose SQL Server authentication and specify that user and its password in SQL Gateway connection settings

Check carefully. Note -- in ^%ISCLOG (with percent) you enable the log. Then you read ^ISCLOG (without percent) in %SYS namespace.
When I repeated steps that I suggested to you, I saw the following error in ^ISCLOG

/* ERROR #5002: ObjectScript error: <PROTECT>^%CSP.Login.1 ^|^^c:\intersystems\iris2023x1\mgr\|dc.CustomLogin.1 */

Then I enabled auditing of Protect events, reproduced the eror and got more details:

Description:  Attempt to access a protected resource
Timestamp:    2023-03-19 16:01:38.000   Username:     CSPSystem
UTCTimestamp: 2023-03-19 15:01:38.000   Pid:          10896
Event Source: %System                   JobId/JobNum: 131089/17
Event Type:   %Security                 Session ID:   eK95W6SMCS
Event:        Protect                   IPAddress:    127.0.0.1
System ID:    DEP5570AKOBLOV:IRIS2023X1 Executable:   CSPa24.dll
Namespace:    %SYS                      Index:        196
Roles:
User Info:                              O/S User:     CSP Gateway
Routine:      ^%CSP.Login.1 |"^^c:\intersystems\iris2023x1\mgr\irislib\"|
Authentication: Password
Event Data:
<PROTECT>^%CSP.Login.1 *^|^^c:\intersystems\iris2023x1\mgr\|dc.CustomLogin.1

Indeed, user CSPSystem does not have READ permission on irissys database, where custom login class is located. Rather I should have created a new role that has only READ permission on %DB_IRISSYS resource, not RW.

I added role %DB_IRISSYS to user CSPSystem, closed connections from Apache to IRIS, so that the role is added on new connection, then login page began to work