Show TOC

TroubleshootingLocate this document in the navigation structure

Use

If the Web server rejects requests from the Java client with the status 403 (access denied), this can be due to incorrect entries in the TREXcert.ini configuration file. Below is a description of how to check the determined data using the Windows Event Viewer and correct the TREXcert.ini configuration file.

Prerequisites

You have configured secure communication between the TREX Web server and the TREX name server (HTTPS).

Procedure

  1. Open the configuration file <TREX_Directory>\TREXcert.ini on the TREX Web server with a text editor.

  2. In the [TRACE] section, set the tracelevel parameter to 2.

    Example

    [TRACE]

    tracelevel=2

  3. Save the TREXcert.ini file and close the editor.

  4. Restart the Web server.

  5. In the application using TREX, repeat the action that failed (start a failed search or create an index, for example).

  6. Start the Event Viewer ( Start of the navigation path Start Next navigation step Programs Next navigation step Administrative Tools Next navigation step Event Viewer End of the navigation path).

  7. Choose Application Log.

    Two events are created for each request. One event contains information for the owner of the client certificate, and the other contains information for the issuer.

  8. Use the secondary mouse button to click on the first of the events created by the request that failed. Choose Properties from the context menu.

  9. In the Description field, select all the information from the client certification, without the period/full stop at the end.

    Example

    The Description field can contain the following text:

    The description of Event ID ( 1 ) in Source (SAP TREXHttpServer for ISAPI) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: E=myaccount@sap.com, C=mycountry, S=mystate, L=mycity, O=mycompany, OU=mydepartment, CN=myhost.mydomain

    If this is the case, select the following information:

    E=my.account@sap.com, C=mycountry, S=mystate, L=mycity, O=mycompany, OU=mydepartment, CN=myhost.mydomain

  10. Copy this information.

  11. Open the <TREX_Directory>\TREXcert.ini configuration file with a text editor.

  12. Add the information to the [WEBSERVERCERTIFICATE1] section as follows:

    • If you selected the information on the owner, add it after subject=.

    • If you selected the information on the issuer, add it after issuer=.

      Example

      [WEBSERVERCERTIFICATE1]

      subject=E=myaccount@mydomain, C=mycountry, S=mystate, L=mycity, O=mycompany, OU=mydepartment, CN=myhost.mydomain

      issuer=E=caaccount@cacompany.com, C=CA Country, S=CA State, L=CA City, O=CA Company, OU=Certificate Center, CN=My Certificate Authority (CA)

  13. Repeat steps 8 to 12 for the second event.

  14. Save the TREXcert.ini file and close the editor.

  15. In the application, repeat the action that was unsuccessful (start the search or create the index, for example).

    The request should now be sent successfully to the Web server. If problems still occur, contact TREX support.

  16. Restart the IIS (Internet Information Server).

  17. For security reasons, set the tracelevel parameter in the TREXcert.ini configuration file to 0 again. Then restart the Web server.