Summary: When Public API is enabled you may get the errors below when attempting to connect to Cayosoft Administrator Service via the CGraph module. These errors have different root causes. This article contains instructions on how to resolve these errors.
Applies to: Cayosoft Administrator 7.3.0 or later
ID: KB20210210-1
Resolution
Connection issues
Errors | Resolution |
---|---|
Connect-CGraphAdminService : Unable to connect to the remote server Connect-CGraphAdminService : No connection could be made because the target machine actively refused it 192.168.130.100:7801 Connect-CGraphAdminService : An error occurred while sending the request. Connect-CGraphAdminService : The underlying connection was closed: an unexpected error occurred on a send. |
Steps to resolve. |
Connect-CGraphAdminService : The remote server returned an error: (401) Unauthorized. | Steps to resolve. |
Connect-CGraphAdminService : unknown_error: OAuth authorized request returns unexpected result. HTTPStatus: 'RequestUriTooLong'. | Steps to resolve. |
Errors
Connect-CGraphAdminService : Unable to connect to the remote server
Connect-CGraphAdminService : No connection could be made because the target machine actively refused it 192.168.130.100:7801
Connect-CGraphAdminService : An error occurred while sending the request. Connect-CGraphAdminService : The underlying connection was closed: an unexpected error occurred on a send.
Possible root cause
Public API is disabled in Cayosoft Administrator, CGraph module is not installed, Firewall issue or wrong certificate.
Steps to resolve:
- In Admin Console navigate to Home > Configuration > Settings > Public API and ensure that Public API is enabled on this Administration Service is checked.
- If you connect from the machine where Administration Service is not installed, could you check that this machine belongs to the same domain where Administration Service is installed?
- Check that the CGraph module is installed:
- Run this PowerShell command: get-installedmodule
- CGraph Module and its version should be displayed in the list.
- CGraph connection requires these ports to be accessible: 7801, 7802, 7803. Please check that Firewall doesn't block this connection. You may need to create an Inbound rule for these ports.
- Check that there is a proper certificate that Public API can use. By default, Public API utilizes any certificate from "cert:\localmachine\my" which subject matches host FQDN. When you enable Public API, Cayosoft Administrator enumerates available certificates and if there is no suitable certificate creates a self-signed certificate and uses it.
Error
Connect-CGraphAdminService : The remote server returned an error: (401) Unauthorized.
Possible root cause
Kerberos Constrained delegation needs to be configured to allow the Cayosoft Administrator Service account to get the authorization client token from the connected account.
Steps to resolve:
This issue can be fixed with a Service Principal Name (SPN) change. Add an SPN for the Cayosoft Administrator service account for HTTP and HTTPS, using an elevated command prompt.
- On a Domain Controller click Start.
- Right-click Command Prompt.
- Click Run as administrator to open an elevated command prompt.
- Enter the commands that are specified below. Replace
<CA host>
with FQDN of the machine where the Cayosoft Administrator Service is running and<CAAccount>
with the Cayosoft Administrator service account name (to get this account you can open Service on the machine with Cayosoft, find Cayosoft Administrator Service, and check its Properties > Log on tab).
For example:setspn –A HTTP/<CA host> <domain\CAAccount>
setspn –A HTTPS/<CA host> <domain\CAAccount>
setspn –A HTTP/m1.milkyway.cayotest.net milkyway\administrator
setspn –A HTTPS/m1.milkyway.cayotest.net milkyway\administrator
Error
unknown_error: OAuth authorized request returns unexpected result. HTTPStatus: 'RequestUriTooLong'.
Possible root cause
The connected user is a member of too many groups.
Steps to resolve:
- Create a test user.
- Delegate this user role in Cayosoft Administrator Home > Configuration > Roles > Web Administrators to be able to connect to the service
- Try to run the script under the created user (you can try the option 'Run as different user' on PowerShell ISE for testing):
$cred = Get-Credential
Connect-CGraphAdminService -Server <ServerName> -Credential $cred - If the error still occurs open Registry Editor and navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters
- Set values for the parameters:
MaxFieldLength = 65534 (DWORD decimal)
MaxRequestBytes = 16777216 (DWORD decimal)
If the parameters are absent you need to add new DWORD values.
Note: Be aware, that changes that are made to the registry will not take effect until you restart the HTTP service/reboot.
For details please see this article: https://learn.microsoft.com/en-us/troubleshoot/developer/webapps/iis/iisadmin-service-inetinfo/httpsys-registry-windows
Comments
0 comments
Please sign in to leave a comment.