FMS v13.0.1 & WebDirect: Learn from My Pain: Things to Know
It has been a long three weeks as I tackled issue after issue with a migration from FMS v12 with IWP to FMS v13.0.1 with WebDirect. After endless around-the-clock marathon tech support sessions, much grinding of teeth, pounding of fists, meditation exercises, cursing, more cursing, customers cursing and well you get the picture, my system is functioning again, well, mostly.
I first want to applaud FM for what they have done with WebDirect. It is a big move in the right direction and gives me faith in the longevity of the solution and what I can do with it. However, big, ground-up changes are never without growing pains and FMS13 is no exception. I also want to take time to applaud the incredible FM tech support staff that have helped me tirelessly with these issues. If ever there was a support team that instilled faith in a product it is them. Now what we critically need is the development folks to act on their input quickly.
Next up I want to point out some things to consider before you make the move to FMS13 & WebDirect from FMS12 & IWP:
• It boggles the mind how many IE8 users are still out there, especially on government systems even with the impending EOL of Windows XP on 8 Apr.. Why does this matter? WebDirect is absolutely 100%, not compatible with IE8. Your users will not be able to get past the login prompt. Your users need to get beyond XP and a 5+ year-old insecure browser or IWP is it for you. I should have seen this one coming. It was and continues to be not fun.
• We have had good success with WebDirect in IE9 and newer, Chrome and Safari v6.1 and newer. Firefox does work, however, it does a horrible job of rendering the text and spacing properly.
• The new ability to encrypt databases is a much needed and great addition to FMS13. I love it. Just be ready to have all your FMP clients upgraded to 13 before you do that. FMP12 clients are not compatible with an encrypted database. They did work fine up until we encrypted.
• Customization in terms of branding remains a concept that FMP doesn't seem to get. Our customers do not care what FM is, nor should they. After all they did not buy an FM solution, they bought access to our database. Prompts and screens showing FM favicons, title bars and the FM name only cause confusion and irritation. We need ways to customize these under our name. IWP had been around long enough that there were enough pioneers to pave the way on these, albeit unsupported changes, problem is WebDirect is a whole new environment and those tricks will not work. The FM name is more deeply rooted. I've conquered many but still cannot not completely excise the FM brand from our solution. On a humorous note, our customers went through hell logging into the system over the past few weeks and a common complaint was we love your database before you added all this Filemaker stuff, please get rid of it. Little did they know it had always been Filemaker. Keep this in mind with your solution and please join me in making feature requests to FM to build better custom branding/white-labeling features into FM.
• SSL/https... oh the pain... If you are using https, as everyone with users logging into WebDirect with a username/password should be, it can be rough. The good news is that I have sorted out most of the steps and can save you much of the pain but issues do still persist that you need to be aware of. More on this below.
• FMS13 takes a whole new approach of embedding the web server into itself and not using the Server app as it did with IWP. I like this change as long as it actually works and creates a more stable environment. You essentially need to be running a dedicated box for FMS13 without the Server app installed. I strongly recommend uninstalling the Server app if you have it before installing FMS13. This was not a deal breaker for us but we did lose the notices functionality of Server app that we used for text messaging alerts when things went bad. I want to get that piece back but it is not the end of the world, yet.
• If you need OnLastWindowClose and OnWindowClose script triggers to work FMS13 is not ready for you. They are broke and no fix from FM is ready yet, more below.
Okay moving on to specific issues that I have sorted with tech support and either found solutions or are known issues that FM is working on developing a fix for.
1) SSL/https 1: I will post a separate message pulling together everything that I and others have learned about trying to install certs under FMS13. Needless to say, the documentation leaves a lot to be desired. What you critically need to know is to not check the require secure connections in the Admin Console. When you first check it, everything works fine. The problem kicks in when you restart your server. You will find your databases unaccessible via WebDirect and all clients. Not exactly the ideal result. It took forever to figure this one out but just go into Admin Console, uncheck require secure and then restart your database server from Admin Console by clicking it off and then on. Your databases should come back. FM is aware of the issue and working on a fix.
2) SSL/https 2: FM has a list of tested and approved certificate authorities. Thawte, Symantec and the other primary ones are all on the list. However, don't think just because you are using one of these CAs you are okay. I deployed a Thawte SSL Web Server cert (their 2nd level one). Turns out FM only tested and approved the cheapest most basic cert which just does domain validation and is called the SSL123 cert. As a result our cert may be a complicating factor with the first issue but it also is believed to be tied to the inability of FMS13 to recognize our intermediate certs that are installed in the Keychain. So we have it installed but cannot use require secure and intermediates show as broken. FM is looking into this but needs more cases from people running different paid certs. FM did not robustly test commercially purchased certs and apparently only had a budget to try a handful of the cheapest certs on the market.
3) SSL/https 3: Active Mixed Content. This is a big one and impacts FMS12 with IWP and FMS13 with WebDirect alike. If you have your main database using https and use Web Viewer fields to serve up any non-https urls, the content will be blocked automatically by all current versions of Firefox, Chrome and IE9 or newer. It is considered Active Mixed Content (http and https) and this is not secure. Safari is the only mainstream browser that does not have an issue with this. Sometimes the solution is as simple as adding the s to the url you are calling up, sometimes it requires custom development depending on your solution. If your users are seeing blank white spaces where the web viewer content should be, this is likely your issue. Note this only occurs if your database uses https.
4) Custom homepage 1: Documentation is very misleading and confusing on how to do this. I did get it to work and will post a separate note on the steps.
5) Custom homepage 2: If you deploy your WebDirect solution without Custom Web Publishing turned on the script that generates the login window on custom homepages will not work. It will only show a blank page. Since we were not using CWP for anything it never occurred to me to have that turned on. Tech support solved this one for us. Turns out if you want that script to work, turn on CWP for both PHP and XML and you should be good. I decided, however, not to do this because I did not want the FM branding on the pop-up. Instead I customized the pages with a redirect to our own login page and it works fine. You only need CWP to make the script work.
6) OnLastWindowClose and OnLastWindow script triggers: In short they are broke in FMS13. FM knows and is working on a fix. For us this is bad because we sell on a concurrent user license model which simply cannot be tracked if there is no way to close out the session when someone closes their browser window or times out. We all know users should always click on the logout button when done but then we all have dreams too. This issue really screwed us. I'm pushing for FM to get a fix in place but get the sense I should not be holding my breath. One thing that will definitely help to light the fire is if more users contact support and report the same issue and why they need them to work.
7) Container fields in WebDirect: If you need your users to be able to export out content from containers fields such as PDFs, ZIP files and more. Available menu commands under the Edit Privilege set must be set to "All". If it is set to "Minimum" the export command will not work. Oddly, you do not have to check "Allow Exporting". This strikes me as a bug and FM did recreate. I do not see why I need to enable a full menu to allow a user to right click and export. Hopefully FM gets a fix in place soon.
8) Favicon customization: We could do it in IWP and I'm working on how to do it in WebDirect, if anyone else figures out a solution in the meantime please post it. Like I mentioned before on the branding issue, customers know our logo, they do not know the FM logo and asa result it instills a lack of trust and confusion as to what they are looking at.
9) WebDirect Login URLs: I'll make this one simple. Do not have any spaces in your database's filename. Based on my testing the direct login url for that database will only work sporadically in Safari, IE and Chrome and will not work 100% on iOS Safari and Chrome. Oddly it worked 100% of the time for us in Firefox. We took the space out and got 100% login success across all browsers and platforms.
There is more but these are all of the big issues I've identified so far. This forum has been an enormous help over the years and I'm posting this to return the favor and hopefully save many of you the nightmare that this has been for me. I also want to emphasize that I actually love FMS13 it is where this solution needed to go and I am excited about the future, you just need to be aware of where the pitfalls on the new technology behind it lie.