9 Replies Latest reply on Jul 22, 2014 6:19 AM by ReSys

    FMS v13.0.1

    Mac89

      Title

      FMS v13.0.1 & WebDirect: Learn from My Pain: Things to Know

      Your post

           It has been a long three weeks as I tackled issue after issue with a migration from FMS v12 with IWP to FMS v13.0.1 with WebDirect. After endless around-the-clock marathon tech support sessions, much grinding of teeth, pounding of fists, meditation exercises, cursing, more cursing, customers cursing and well you get the picture, my system is functioning again, well, mostly.

           I first want to applaud FM for what they have done with WebDirect. It is a big move in the right direction and gives me faith in the longevity of the solution and what I can do with it. However, big, ground-up changes are never without growing pains and FMS13 is no exception. I also want to take time to applaud the incredible FM tech support staff that have helped me tirelessly with these issues. If ever there was a support team that instilled faith in a product it is them. Now what we critically need is the development folks to act on their input quickly.

           Next up I want to point out some things to consider before you make the move to FMS13 & WebDirect from FMS12 & IWP:

           • It boggles the mind how many IE8 users are still out there, especially on government systems even with the impending EOL of Windows XP on 8 Apr.. Why does this matter? WebDirect is absolutely 100%, not compatible with IE8. Your users will not be able to get past the login prompt. Your users need to get beyond XP and a 5+ year-old insecure browser or IWP is it for you. I should have seen this one coming. It was and continues to be not fun.

           • We have had good success with WebDirect in IE9 and newer, Chrome and Safari v6.1 and newer. Firefox does work, however, it does a horrible job of rendering the text and spacing properly.

           • The new ability to encrypt databases is a much needed and great addition to FMS13. I love it. Just be ready to have all your FMP clients upgraded to 13 before you do that. FMP12 clients are not compatible with an encrypted database. They did work fine up until we encrypted.

           • Customization in terms of branding remains a concept that FMP doesn't seem to get. Our customers do not care what FM is, nor should they. After all they did not buy an FM solution, they bought access to our database. Prompts and screens showing FM favicons, title bars and the FM name only cause confusion and irritation. We need ways to customize these under our name. IWP had been around long enough that there were enough pioneers to pave the way on these, albeit unsupported changes, problem is WebDirect is a whole new environment and those tricks will not work. The FM name is more deeply rooted. I've conquered many but still cannot not completely excise the FM brand from our solution. On a humorous note, our customers went through hell logging into the system over the past few weeks and a common complaint was we love your database before you added all this Filemaker stuff, please get rid of it. Little did they know it had always been Filemaker. Keep this in mind with your solution and please join me in making feature requests to FM to build better custom branding/white-labeling features into FM.

           • SSL/https... oh the pain... If you are using https, as everyone with users logging into WebDirect with a username/password should be, it can be rough. The good news is that I have sorted out most of the steps and can save you much of the pain but issues do still persist that you need to be aware of. More on this below.

           • FMS13 takes a whole new approach of embedding the web server into itself and not using the Server app as it did with IWP. I like this change as long as it actually works and creates a more stable environment. You essentially need to be running a dedicated box for FMS13 without the Server app installed. I strongly recommend uninstalling the Server app if you have it before installing FMS13. This was not a deal breaker for us but we did lose the notices functionality of Server app that we used for text messaging alerts when things went bad. I want to get that piece back but it is not the end of the world, yet.

           • If you need OnLastWindowClose and OnWindowClose script triggers to work FMS13 is not ready for you. They are broke and no fix from FM is ready yet, more below.

            

           Okay moving on to specific issues that I have sorted with tech support and either found solutions or are known issues that FM is working on developing a fix for.

           1) SSL/https 1: I will post a separate message pulling together everything that I and others have learned about trying to install certs under FMS13. Needless to say, the documentation leaves a lot to be desired. What you critically need to know is to not check the require secure connections in the Admin Console. When you first check it, everything works fine. The problem kicks in when you restart your server. You will find your databases unaccessible via WebDirect and all clients. Not exactly the ideal result. It took forever to figure this one out but just go into Admin Console, uncheck require secure and then restart your database server from Admin Console by clicking it off and then on. Your databases should come back. FM is aware of the issue and working on a fix.

           2) SSL/https 2: FM has a list of tested and approved certificate authorities. Thawte, Symantec and the other primary ones are all on the list. However, don't think just because you are using one of these CAs you are okay. I deployed a Thawte SSL Web Server cert (their 2nd level one). Turns out FM only tested and approved the cheapest most basic cert which just does domain validation and is called the SSL123 cert. As a result our cert may be a complicating factor with the first issue but it also is believed to be tied to the inability of FMS13 to recognize our intermediate certs that are installed in the Keychain. So we have it installed but cannot use require secure and intermediates show as broken. FM is looking into this but needs more cases from people running different paid certs. FM did not robustly test commercially purchased certs and apparently only had a budget to try a handful of the cheapest certs on the market.

           3) SSL/https 3: Active Mixed Content. This is a big one and impacts FMS12 with IWP and FMS13 with WebDirect alike. If you have your main database using https and use Web Viewer fields to serve up any non-https urls, the content will be blocked automatically by all current versions of Firefox, Chrome and IE9 or newer. It is considered Active Mixed Content (http and https) and this is not secure. Safari is the only mainstream browser that does not have an issue with this. Sometimes the solution is as simple as adding the s to the url you are calling up, sometimes it requires custom development depending on your solution. If your users are seeing blank white spaces where the web viewer content should be, this is likely your issue. Note this only occurs if your database uses https.

           4) Custom homepage 1: Documentation is very misleading and confusing on how to do this. I did get it to work and will post a separate note on the steps.

           5) Custom homepage 2: If you deploy your WebDirect solution without Custom Web Publishing turned on the script that generates the login window on custom homepages will not work. It will only show a blank page. Since we were not using CWP for anything it never occurred to me to have that turned on. Tech support solved this one for us. Turns out if you want that script to work, turn on CWP for both PHP and XML and you should be good. I decided, however, not to do this because I did not want the FM branding on the pop-up. Instead I customized the pages with a redirect to our own login page and it works fine. You only need CWP to make the script work.

           6) OnLastWindowClose and OnLastWindow script triggers: In short they are broke in FMS13. FM knows and is working on a fix. For us this is bad because we sell on a concurrent user license model which simply cannot be tracked if there is no way to close out the session when someone closes their browser window or times out. We all know users should always click on the logout button when done but then we all have dreams too. This issue really screwed us. I'm pushing for FM to get a fix in place but get the sense I should not be holding my breath. One thing that will definitely help to light the fire is if more users contact support and report the same issue and why they need them to work.

           7) Container fields in WebDirect: If you need your users to be able to export out content from containers fields such as PDFs, ZIP files and more. Available menu commands under the Edit Privilege set must be set to "All". If it is set to "Minimum" the export command will not work. Oddly, you do not have to check "Allow Exporting". This strikes me as a bug and FM did recreate. I do not see why I need to enable a full menu to allow a user to right click and export. Hopefully FM gets a fix in place soon.

           8) Favicon customization: We could do it in IWP and I'm working on how to do it in WebDirect, if anyone else figures out a solution in the meantime please post it. Like I mentioned before on the branding issue, customers know our logo, they do not know the FM logo and asa result it instills a lack of trust and confusion as to what they are looking at.

           9) WebDirect Login URLs: I'll make this one simple. Do not have any spaces in your database's filename. Based on my testing the direct login url for that database will only work sporadically in Safari, IE and Chrome and will not work 100% on iOS Safari and Chrome. Oddly it worked 100% of the time for us in Firefox. We took the space out and got 100% login success across all browsers and platforms.

            

           There is more but these are all of the big issues I've identified so far. This forum has been an enormous help over the years and I'm posting this to return the favor and hopefully save many of you the nightmare that this has been for me. I also want to emphasize that I actually love FMS13 it is where this solution needed to go and I am excited about the future, you just need to be aware of where the pitfalls on the new technology behind it lie.

           Happy Migrating!!

        • 1. Re: FMS v13.0.1 & WebDirect: Learn from My Pain: Things to Know
          Mac89

               I figured out how to do the favicon on a Mac. Swap out these three files with yours and it should work. Make sure to clear your browser cache if you are testing.

               /Library/FileMaker Server/Web Publishing/publishing-engine/jwpc-tomcat/fmi/VAADIN/themes/default/favicon.ico
               /Library/FileMaker Server/Admin/admin-server/favicon.ico
               /Library/FileMaker Server/Admin/admin-master-tomcat/bin/admin-console/VAADIN/themes/uactheme/favicon.ico

                

          • 2. Re: FMS v13.0.1 & WebDirect: Learn from My Pain: Things to Know
            JZombie

                 Awesome Post Mac89. I wish I had patience like yours. I'm moved back to FMS12 and will wait for our Fiber line with 20mbps before I switch back to FMS13. This guide will sure be handy when that time comes.

                 I have some input on Customization. It really gets annoying when a custom dialog pops up with "FileMaker Pro" title. It spooked some clients and asked me, what the hell is FileMaker Pro?

                 Anyway, you can edit the strings.properties (on a mac, don't know with windows) change all the words that contain "FileMaker" to your Company name.

                 It's located in /Library/FileMaker Server/Web Publishing/publishing-engine/jwpc-tomcat/fmi/VAADIN/themes/default/i18n/en/strings.properties.

                 I guess if you're using a different language, then you would have to go to that folder and edit the strings.properties of that particular language.

                 Another input on WebDirect Login URLs, my database name have space and all I did was replace the space with "%20" on URLs and it worked across all browers. Ex: "database%20name".

                 Once again, awesome post.

            • 3. Re: FMS v13.0.1 & WebDirect: Learn from My Pain: Things to Know
              Markus Schneider

                   Thank You so much!

                    Are there any hints concerning speed? WD seems  to be not very crispy here. I tested WD only with the demo databases until now..

              • 4. Re: FMS v13.0.1 & WebDirect: Learn from My Pain: Things to Know
                Mac89

                     Regarding, speed my own personal testing has shown it to be pretty responsive and I'm currently running a single-machine deployment on an old XServe. I will be moving it to a one or two-machine 12-core MacPro deployment with SSDs in a few months. I have had customers complaining about speed but I think it has more to do with the changes in behavior when screens are loading. In some cases WebDirect is more helpful in that it shows graphics to indicate something is going on, however, its implementation is not consistent throughout and some screens you click and it appears nothing is happening. They need to make progress/activity indicators pervasive throughout WebDirect solutions.

                     It is, however, important to understand that in WebDirect, finds, sorts, etc. are all being handled by your web server versus the database server. All the same in a one-machine deployment but in a two-machine the web server is carrying the heavier workload. The process a bit different with FM clients which offload some of the work to the client. Key point being is that WebDirect requires more horsepower then just handling FM clients.

                     FYI, I just learned the options for 3-machine and 2-machine (alternative) that were supported in FMS12 are no longer supported in FMS13

                • 5. Re: FMS v13.0.1 & WebDirect: Learn from My Pain: Things to Know
                  AntoinetteStanley

                       Would appreciate any additional information you can provide on how you got the custom homepage to work...trying to figure this out now.  Thanks in advance!

                  • 6. Re: FMS v13.0.1 & WebDirect: Learn from My Pain: Things to Know
                    EzBless_1

                         Mac89, I see you've done your homework, for the most part, when it comes to documenting changes introduced with FileMaker Server 13.

                         At the same time, I am seeing you make the same mistakes as many of my colleagues in the development world.  Namely, they rush to judgement regarding the functionality of a particular feature or concept, simply because they did not bother to read the product documentation thoroughly enough.  Most of the topics I see listed in your extremely massive post, are covered in great detail in the WebDirect guide.

                         The WebDirect guide can be found here

                         Also, please see the following:

                    Server 13 Help guide

                    Server 13 Getting Started Guide

                         For instance, Chapter 3, Page 27, tells me all that I need to know about how to customize the home page, to easily and painlessly add my own branding.

                         As for browser compatibility, Chapter 4, Page 28, tells me everything I need to know in the section titled, "Requirements for accessing FileMaker WebDirect solutions".

                         - Cheers, mate!

                          

                         P.S. Jolly good job on FileMaker Server 13, FileMaker! Keep up the great work!

                    • 7. Re: FMS v13.0.1 & WebDirect: Learn from My Pain: Things to Know
                      Mac89


                           Antoinette,

                           I have been meaning to make a comprehensive post on everything I learned on this from my own work, other forum members and the great folks at FM support. I just haven't had the time to write it all up. Here is a short version on the basics.

                           One of the key issues in understanding how to get the custom pages to work is making sure you start out with the proper url for users to access your WD solution. The initial url sets the context for all the other pages such as the timeout and logout screens. Below is an example of how to properly structure the url. The documentation unfortunately fails to mention anything about this or other important details. FM Tech Support eventually did work it out though and got me started in the right direction.

                           https://yourdomain.com/fmi/webd/?homeurl=https://yourdomain.com/namethiswhatyouwant.html#YourDatabaseName

                           You can insert your domain as appropriate. The example is https but you can also use http.

                           The nameiswhatyouwant.html file is located in /Library/FileMakerServer/HTTPServer/htdocs on a Mac. The documentation calls this file fmwebd_home.html but you can actually name it anything you want. The important thing to remember is that there are two locations for the file depending on whether or not you use http or https. In htdocs you will see an https folder, if you are using https make sure to place a copy there. If only using http, you can place it in htdocs. This file is the web page from which your login/logout and other related screens will be based.

                           The default FM fmwebd_home.html file contains some scripts to bring up the login pop-up upon logout and some other functionality. I choose to leave this out and did not use anything from their file. If you want to keep these, however, you need to deploy with Custom Web Publishing with PHP and XML turned on even if you never plan to use those features. Without those deployed the default page will just load a blank page upon logout. This is another critical detail left out of the documentation.

                           Those are the core essentials. Best of luck with yours.

                            

                      • 8. Re: FMS v13.0.1 & WebDirect: Learn from My Pain: Things to Know
                        JZombie

                             Ez Bless, So you're a FileMaker developer and a Psychic?

                             How can you possibly know that Mac89 did not read the manuals thoroughly?

                             The first thing a developer does when he encounters a problem is to read the manual "again" to make sure that he is doing everything correctly. And then call the support IF the manual cannot provide the answers.

                             If you hold of on your psychic ability for a second and read what Mac89 wrote, he specifically mentioned that some info that were given to him by FM Support is not even covered in the manual.

                             I'm not a psychic but I can figure out that you're the kind of person who religiously read the manual and assumes that everything would work accordingly without testing it yourself.

                             You could've just pointed him to the right direction instead of jumping to conclusion that "HE DOESN'T READ THE MANUAL".

                             - Cheers, Dude

                             PS: Can you tell me the winning Powerball numbers while you're at it?

                        • 9. Re: FMS v13.0.1 & WebDirect: Learn from My Pain: Things to Know
                          ReSys

                                

                               Hello Mac89 and many thanks for your February 14 post on FM Server 13 pains. I’m going through a similar process and, in the hope that you’re still listening, I have a question.

                               Did you learn any other ways to fix the problem caused by Require Secure Connections?

                               I have the same problem that you had after switching it On but stopping and starting FM Server doesn’t fix it. Nor does restarting the computer, nor re-updating to v13.0.3.300. I guess there’s a plist file somewhere that I have to edit or delete, but there are no clues as to what or where it may be.

                               Also, what did you do about SSL in the light of the above? Did you find some other way to enable it or just forget about SSL for the time being?