• State Not Answered
  • Replies 3 replies
  • Subscribers 97 subscribers
  • Views 955 views
  • Users 0 members are here
Options
Related

App Server Error – /appserver/update/allowed not found (Kubernetes deployment, version 9.2)

chakir el habriri

Hello,

I'm currently deploying One Identity Manager 9.2 in a Kubernetes environment, using the official Docker images:

  • oneidentity/oneim-appserver:9.2

  • oneidentity/oneim-api:9.2

Context

  • I deployed the App Server with the appropriate environment variables:

    • DBSYSTEM=MSSQL

    • CONNSTRING=Data Source=<sql-host>\\<instance>;Initial Catalog=OneIM;User ID=<user>;Password=<pwd>;Encrypt=True;TrustServerCertificate=True

    • BASEURL=oneim-app.mydomain.local/

    • UPDATEUSER=cccAdmin

    • UPDATEUSERPASSWORD=<valid-password>

    • TARGETS=Server\\Web\\AppServer

  • The pod is running.

  • The login interface is reachable.

  • I can successfully authenticate using cccAdmin.

Problem

However, after login, I receive the error:

pgsql
CopierModifier
[ServiceStack.HttpError] Requested object '/appserver/update/allowed' was not found on this server. ServiceStack.HttpError: Requested object '/appserver/update/allowed' was not found on this server.

This error loops continuously in logs every few seconds. The endpoint /appserver/update/allowed returns a 404 when called manually with curl from inside the pod (unless authenticated, in which case it redirects to /login.aspx).

What I've tried

  • Verified that the cccAdmin user exists and can log in.

  • Ensured the TARGETS variable is set to only Server\Web\AppServer.

  • Tried using and not using a ConfigMap for Web.config — no impact.

Questions

  • Is /appserver/update/allowed supposed to be a real endpoint? If so, what conditions are required for it to be enabled?

  • Is there something wrong in my TARGETS or configuration that would prevent this from being exposed?

  • Are there additional steps required after first deployment to enable full functionality of the App Server?

Thanks in advance for any help you can provide Pray

Chakir EL HABRIRI

  • 0

    You are using the Linux containers, and Auto Update is turned off in these containers. That's why the route update/allowed is not available. Does the error appear in the logs if you do not log into the UI?

    Your TRAGETS is just the Application Server without a search index. The default targets include the application server and search index targets: Server\Web\AppServer,Server\Web\AppServer\SearchCrawler,Server\Web\AppServer\SearchIndex


  • 0 in reply to Markus Weiss-Ehlers

    Hi,

    Thanks for your explanation.

    I’ve checked the logs of the App Server pod right after startup before any user interaction or login to the UI

    Here is what I observed:

    I do not see any error related to "/update/allowed" in the logs.

    However, I do see other errors, right after container startup, including:

    Could not find authentication data for session g40rBQ2qjB4PfUZNRd9j, it may have expired.  
[ServiceStack.HttpError] Unauthorized  
PUT /appserver/EntitySource HTTP/1.1" 302 ...  
PUT /login.aspx?ReturnUrl=%2fappserver%2fEntitySource HTTP/1.1" 401 ...

    This indicates that some internal process (maybe the search crawler or internal service check) is trying to hit /appserver/EntitySource without valid credentials.

    Deployment configuration:

    In my Kubernetes manifest, I already tried with the following environment variables defined:

    - name: TARGETS
  value: "Server\\Web\\AppServer,Server\\Web\\AppServer\\SearchCrawler,Server\\Web\\AppServer\\SearchIndex"
- name: SKIPUPDATECHECK
  value: "true"

    So the App Server should already be configured with the expected default targets, including the search index components.

    Remaining questions:

    1. Is it expected behavior to have these 401 logs at startup in the Linux container version with SKIPUPDATECHECK=true?

    2. Should I just ignore these error messages, since the app seems to work correctly once the app UI is accessed?


    Thanks again for your support! Let me know if you'd like additional logs or setup details.
    I can share with you my manifest if need

    Chakir EL HABRIRI

  • 0 in reply to chakir el habriri

    Why do you set the SKIPUPDATECHECK variable? 

    The errors related to /appserver/update/allowed are expected. We are thinking about improving this in a future version.

    The session error is expected if you already hat the container up and running against the same database.

    An additional recommendation for version 9.2 is to use Windows-based containers, for the highest compatibility. See the disclaimer in the read me on the Docker Hub.