7 Replies Latest reply on Apr 11, 2013 3:41 PM by disabled_ntaylor

    Connection error when activating encryption

    Swedenborg

      Summary

      Connection error when activating encryption

      Product

      FileMaker Server

      Version

      12.0v3

      Operating system version

      Windows Server 2008 R2

      Description of the issue

      FMS12.0v3 running on a cloud computer.
      FMP12.0v3 clients are on XP in a strict controlled it environment on a hospital.
      Encryption is enabled in FMS.

      After a reboot of the server machine none of my clients can access the databases hosted by the server. (Not through fmp:// link, not by adding a favorite host. Not in any way.)

      If encryption is disabled, connection works.

      On a Mac OS 10.8.2 there are no problems connecting.

      After removing FMS (with the installer) and reinstalling will solve the problem. Until the next reboot.

      We tried reinstalling FMP according to the instructions in:
      http://help.filemaker.com/app/answers/detail/a_id/6995/
      (All though it does seem to concern 12.)

      I've had reports from other experienced and certified developers that this is a problem. One had to upgrade to Windows 7 and the other gave up encryption.

      Could you confirm that there are problems in this area? Are they under investigation? As you can see we can't enforce an upgrade of windows, and we can not recommend running unencrypted. since the database contains sensitive data.

      The client is one of Swedens largets hospitals with lots of FileMaker solutions installed. Swift feedback would be highly appreciated.  

      Kind regards
      Niklas Swedenborg, Square Moon Ind.

      Steps to reproduce the problem

      Reboot Windows server.

      Expected result

      Connections between FMP and FMS working,

      Actual result

      Connections between FMP and FMS NOT working,

      Exact text of any error message(s) that appear

      n/a

      Configuration information

      When turning activating logging in the built-in windows firewall we can see that the traffic from the client ip is reaching the machine and that it is not being blocked.

      Workaround

      Remove and reinstall FMS.

        • 1. Re: Connection error when activating encryption

               Niklas Swedenborg:

               Thank you for the post.

                

               I'm not locating any reports quite like this one. Some additional information may assist us in narrowing this down:

                

               1.) Is this a single machine deployment of FileMaker Server 12?

                

               2.) What vendor's certificate are you using? 

                

               3.) What steps were taken to setup SSL on the server?

                

               3.) Can you test with a self-assigned certificate to determine if a reboot still breaks the encryption?

                

               4.) Does the encryption only fail for certain clients or all clients?

                

               TSFalcon

               FileMaker, Inc.

          • 2. Re: Connection error when activating encryption
            Swedenborg

                 Hi!

                 Thanks for your reply.

                 1.) Yes, single machine.

                 2.) Well the vendor would be FileMaker Inc. Please note that the encryption I am talking about is FileMakers internal SSL between FMP and FMS. This is *not* about  https or web publishing. Strictly fmp protocol.

                 3.) FileMaker Server 12 out of the box install. Checked the option for encrypted connections in FMS Admin.

                 3.) Please se 2. Is there a way for me to mess with the FMS certificates?

                 4.) All of clients machines running XP. Other clients - Mac OS/Windows 7 - will work.

                 Regards Niklas

            • 3. Re: Connection error when activating encryption

                   Niklas Swedenborg:

                   Thank you for the response. 

                    

                   To clarify, the Windows XP client machines and any other computers are able log in with SSL enabled until the system reboots. Afterwards, only the Windows XP users can no longer authenticate?

                    

                   Are the clients imaged? Is the login being passed through Active or Open Directory?

                    

                   For testing purposes, can you install a non-imaged standard installation of Windows XP SP3 to a workstation that is not using a directory account and try logging in with encryption? 

                    

                   TSFalcon

                   FileMaker, Inc.

              • 4. Re: Connection error when activating encryption
                Swedenborg

                      

                     

                          To clarify, the Windows XP client machines and any other computers are able log in with SSL enabled until the system reboots. Afterwards, only the Windows XP users can no longer authenticate?

                     Yes. THis is the case.

                      

                     

                          Are the clients imaged?

                     Yes.

                     

                           

                     

                          Is the login being passed through Active or Open Directory?

                     The login to FileMaker: No. The windows login: Yes.

                      

                     

                          For testing purposes, can you install a non-imaged standard installation of Windows XP SP3 to workstation that is not using a directory account and try logging in with encryption? 

                     I will try to make this test happen.

                      

                     /Niklas

                • 5. Re: Connection error when activating encryption
                  Swedenborg

                       Hi! 

                       I got my client to test with a non-image installed version of Windows XP, and it works as it should.

                       Since this is a large organisation I do not have high hopes for being able to infulense the way the it department configures their installation. So the question is: what can I do? This is really critical for my clients way forward with FileMaker.

                       Have you really  not had any escalations regarding this or similiar issues? As i mentioned, I have several developers in Sweden telling me about problems with connection that smells familiar. All Windows. All when SSL is activated in FMS. 

                       Any help would or suggestions would be really appreciated.

                       Regards Niklas

                  • 6. Re: Connection error when activating encryption
                    Swedenborg

                         No suggestions?

                    • 7. Re: Connection error when activating encryption

                           Niklas Swedenborg:

                           Thank you for the reply.  

                            

                           FileMaker Inc. tests our products with the default installation of operating systems. I apologize if your internal IT department is unable or unwilling to remove the changes made to their Windows XP image. 

                            

                           We cannot test with every custom image created; however, since we know the issue is caused by the difference between the two, then removing the image's additions or adding back the image's subtractions until the offending conflict is found would be the only way to narrow down the root cause. 

                            

                           If that's not possible, then IT may want to consider moving the FileMaker end users to another tested operating system. 

                            

                           TSFalcon

                           FileMaker, Inc.