This week we discuss a common issue when the Dispatcher WebAPI is enabled and doesn’t work and how to solve this. Before we discuss the issues the need of some background information is required.
Ivanti Automation includes 5 components:
- Management Portal
For more information about the components and functions check this link.
Often we see all components installed on 1 or 2 servers (2 servers for High Availability). The Management Portal is a web based console just like the Automation Console which is installed during the first installation. The Automation Console is a required component for creating the database and configuring the basic settings.
The Management Portal uses Microsoft Internet Information Service and the feature is automatically installed with the required components during the installation of the Management Portal. The Management Portal is installed with the use of port 443.
During the installation of Ivanti Automation Management Portal a certificate must be selected or a Self-Signed certificate can be used (Note: Only use the option Self-Signed certificate in a test environment and NOT in a production environment).
Open Internet Information Service and select the Ivanti Web Service. Right click the Ivanti web service and select Edit Bindings.
In the Bindings we can check the port used by the web service. In the screenshot below 443 is used for the Automation Management Portal. How to install and configure the Ivanti Management Console will be discussed later in a new Tip of the Week.
Next open the Ivanti Automation Console and select Global Settings from the Setup menu.
Next select the option Dispatcher WebAPI.
Enable the Dispatcher WebAPI and enable SSL. Port 443 is automatically filled.
When using SSL make sure the SSL certificate thumbprint and SSL certificate store are filled. The thumbprint can be found in the Details tab of the certificate.
Copy the value and select Personal for the store. When finished the configuration looks like below.
Select OK to save the settings and the Dispatcher WebAPI is enabled.
But what happens if we try to open the link (https://<fqdn>/Dispatcher/SchedulingService/Help). An IIS error is shown because port 443 is attached to the web service in IIS.
There are 2 options to prevent this. First option is changing port 443 to another port (i.e. 444) in the Dispatcher WebAPI configuration. second option is removing the Ivanti Automation Management Portal from the server and install the software on a dedicated server.
Let’s start with changing the port number in the Dispatcher WebAPI configuration. Check the URL again with port 444 added (https://<fqdn>:444/Dispatcher/SchedulingService/Help).
When the port isn’t used by IIS a logon screen appears.
After a successful logon the API options are shown.
Second option is removing the Ivanti Automation Management Portal and reconfigure the port back top 443 in the Dispatcher WebAPI.
It’s also recommended to remove the Internet Information Service from the Dispatcher servers.
Open Control Panel – Uninstall a program and select the Ivanti Automation Management Portal program and select Uninstall.
When the program is uninstalled open the Server Manager and select Manage – Remove Roles and Features.
In the Server Roles overview make sure Web Server (IIS) is not selected and select Next to continue.
In the last screen select Finish to start the removal of the feature.
In the meanwhile, we can reconfigure the Dispatcher WebAPI port back to 443. Restart the server and test the Dispatcher WebAPI again with port 443.
Important notes why it’s not recommended to install the Ivanti Automation Management Portal on Dispatcher servers:
- Enabling Dispatcher WebAPI is a Global Setting and the WebAPI is enabled on all Dispatcher servers.
- With the Ivanti cloud solution (i.e. Ivanti Service Manager) it’s not possible to use other ports than 80 and 443 for the
Thank you for joining the Tip of the Week and see you next week.