Anybody? I have verified the website is running and the PIVisionServiceAppPool and PIVisionAdminAppPool and PI Web API and Pi Web APICrawler services are still using the domain service account and running.
Hey all. I was able to edit the file after running Wordpad as administrator.
1 of 1 people found this helpful
Apologies for the slow response. For future reference, questions on PI Vision will get faster responses when posted in the PI Visualization space.
Do you have any HTTP Verbs denied on your PI Vision application? This can be inherited from Server or site-level settings. In either case, you can check PI Vision's configuration in IIS with the steps below:
- In IIS Manager, select the PIVision application (not the website, the application below the website)
- Open the "Request Filtering" tool and select the "HTTP Verbs" tab
- Look for any denied verbs like below:
- If there are no verbs listed, also check the "Edit Feature Settings..." link on the right side. If "Allow unlisted verbs" is unchecked, then any verbs not explicitly allowed will be blocked.
For reference, on a default installation of PI Vision, no HTTP verbs are denied.
Let us know if this helps!
Thank you James. I can confirm the only verb I am not allowing is TRACE.
When I edited Request Filtering Settings I found all four boxes unchecked. I checked all four boxes and restarted IIS. This time I got a different error,
500.19. Cannot add duplicate collection entry of type 'add' with combination key attributes 'users, roles, verbs' respectively set to ', PI Vision Users, '
FOLLOWUP: When using IIS Manager to view the IIS Authorization Rules, I can view the rules for the Host and Default Web Site. Both of these are set to Allow PI Vision Users. This is a local group on the server.
However, I get the above error when trying to view the IIS Authorization Rules for the PIVision and PIVision\Admin applications.
Could the upgrade have corrupted my Program Files\PIPC\PIVision\web.config file and how do I fix this?
1 of 1 people found this helpful
That error occurs when a web.config at a lower level (e.g. on the PIVision application level) tries to add a configuration setting that already exists at a higher level (e.g. the server or website level). To resolve it, locate your PIVision web.config file at PIPC\PIVision\web.config and open it in a text editor. Under the <system.webServer> section, locate the <security> element and remove the line below:
<add accessType="Allow" users="" roles="PI Vision Users" />
Save the file and reopen IIS Manager, to check the "Authorization Rules" section under the PIVision application. If this section opens without throwing an error, then you should see the PI Vision Users group allowed access through the inherited configuration at the higher level. Recycling the PIVisionServiceAppPool should clear the error you mentioned. Let me know if it gets replaced by another error!
Thank you James, you are more or less correct. Instead of editing the files as you suggested, I removed the group from the host and default web site and recycled IIS. This seemed to do the trick.
Now I have absolutely no one listed in IIS Manager Authorization Rules for the host or default web site. I think Allow All Users is the default but the Center for Internet Security benchmark for IIS recommends removing this, which I had.