Home > Success Center > Network Performance Monitor (NPM) > Additional Web server installation error: Invalid Credentials

Additional Web server installation error: Invalid Credentials

Updated April 10, 2017

Overview

The following error occurs in the SolarWinds Orion Compatibility Check window when installing an additional web server: 

Invalid Credentials

 

The Orion admin account can log in to the web console.

 

The additional web server CompatibilityPreInstaller.log file in c:\ProgramData\Solarwinds\Logs\Orion\ shows the following:

 

2017-03-23 07:59:22,212 [6] ERROR SolarWinds.Orion.Core.Common.ChannelProxy`1 - Factory failed to create Channel: System.ServiceModel.Security.SecurityNegotiationException: A call to SSPI failed, see inner exception. ---> System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm
   --- End of inner exception stack trace ---
   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
   at System.ServiceModel.Channels.SslStreamSecurityUpgradeInitiator.OnInitiateUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)
   --- End of inner exception stack trace ---

 

The error in CompatibilityPreInstaller.log occurred after installing .NET 4.6 on the additional web server: 

 

2017-03-30 09:00:08,555 [6] DEBUG SolarWinds.InformationService.Contract2.InfoServiceProxy - Creating channel factory for Information Service @ net.tcp://ORIONHOSTNAME:17777/SolarWinds/InformationService/v3/Orion/ssl
2017-03-30 09:00:09,930 [6] ERROR SolarWinds.InformationService.Contract2.InfoServiceProxy - An error occured opening a connection to the orion communication service.System.ServiceModel.CommunicationException: The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:10:00'. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
   at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at System.ServiceModel.Channels.SocketConnection.ReadCore(Byte[] buffer, Int32 offset, Int32 size, TimeSpan timeout, Boolean closing)
   --- End of inner exception stack trace ---

Environment

NPM 12.1 

 

Cause 

The error is caused when the cipher and hash functions do not match.

Note: TLS 1.2 must be disabled according to NPM 12.1 Release Notes.

Resolution

  1. Download the IIS Crypto tool  (© 2017 Nartac SoftWare, available at www.nartac.com, obtained April 10, 2017).
  2. Run the IIS Crypto tool on both the main and additional web servers.
  3. Uncheck TLS 1.1 and TLS 1.2. 
  4. Select TLS 1.0 
  5. On the Additional Web server, select the following ciphers and hashes using the IIS Crypto tool, and then click Apply.

    Ciphers: RC4 128/128, AES 128/128, AES 256/256

    Hashes: MD5, SHA, SHA 256, SHA 384, SHA 512

  6. Reboot both the main and additional web servers.
  7. Reinstall the additional web server using an Orion administrator account, not a domain account. 

 

 

Screenshot property of © 2017 Nartac Software.

 

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

 

 

You must to post a comment.
Last modified
16:22, 14 Apr 2017

Tags

Classifications

Public