Installing on Microsoft IIS

Microsoft IIS

If IIS is already installed when you install our platform, you will not be able to install our embedded web server (TWebServices).

The platform software will run without the web server. Most engineering and runtime tools of the platform run without needing to install our TWebServer or doing any IIS configuration. TWebServices is necessary for remotely accessing project configurations and serving runtime web pages. 

If you want to enable remote engineering access and web clients using IIS, you need to install some of the platform's services in IIS. This page explains how to install these services in IIS.

IIS is also necessary when you want to run the Runtime as a Windows Service and still be able to provide web pages, iPad clients, and remote engineering.

You are going to install three services inside IIS:

• TProjectServer, which allows you to remotely access your project configurations.
• TWebClient/TSmartClient, which allows remote access to runtime displays. Use the instructions below to configure IIS.

Installation Procedure

This procedure was executed on Windows 7 x64, with IIS 7.5. With older operating systems and versions of IIS, the procedure may be slightly different, such as defining a Virtual Directory instead of Add Application.

• Check if IIS is installed and running. For instance, by trying to open HTML.
• Enable .NET and .Svc Handlers for the WCF Service.

For IIS 7.x:

If IIS was installed after installing .NET Framework, you must run and verify the procedure described on IIS Hosted Service Fails by Microsoft, which is used to run the following programs using the command prompt as Administrator:

aspnet regiis –i –enable (from the .NET Framework installation directory*)

ServiceModelReg.exe -r (from the .NET Framework installation directory*)

For IIS 8.0:

1. Go to Program and Features → Turn Windows features on or off.

2. Enable the ASP.NET 4.5 option (Internet Information Services → World Wide Web Services → Application Development Features):

3. Enable the HTTP Activation option (.NET Framework 4.8 Advanced Services → WCF Activation)

4. Check if the extension .svc is mapped to aspnet isapi.dll (The msdn.microsoft website on the previous link explains how to do this for many IIS versions.)

5. From within the FactoryStudio installation folder, run the utility:

InstallTWebServer.exe /uninstall

• This will remove the default TWebServer installation.

6. Before configuring any application for IIS, it is recommended to check if IIS is working. To do so, open Sites, right-click Default Web Site and select Edit Permission, and check if it is linked to the wwwroot folder.

7. Go to Actions (under Browse Web Site), click the link associated with *:80(http). 

• A default IIS image should open on your browser.

8. After making sure the IIS is working, open Sites, right-click Default Web Site, select Add Application..., and configure the information for the services:

TProjectServer:

• Alias: TProjectServer
• Physical Path: C:\Program Files\<Replace by the Installation folder>
• Application Pool: Configure any pool based to .NET 0. Example: ASP.NET v4.0.

9. On IE, use the ”http://localhost/tprojectserver/service.svc” url to check if the service was correctly installed. This should show a page with information about the service.

TWebClient/TSmartClient:

• Alias: fx10.
• Physical Path: <installation folder>
• Application Pool: Configure any pool based to .NET 0. Example: ASP.NET v4.0.

10. On IE, test the “http://localhost/<ALIAS>/service.svc” url to check if the service was correctly installed. This should show a page with information about the service.

11. Go to MIME Types, and create the following MIME Type:

• Anonymous Authentication must be enabled for the services.

12. Go to Compression module.

• If it is not installed, you may see this yellow alert on the right side.

• If so, go to Server Manager → Roles → Web Server and check your installed Roles under Role Services. If Dynamic Compression is not installed, click Add Roles and install it.

• You can go back to Compression module for your site and ensure Dynamic Compression is checked. At this point, Dynamic Compression should be set up, but you must be specific about what MimeTypes will be compressed.

13. Back to IIS Manager, go to the page for the SERVER — not the SITE. Click Configuration Editor.

14. From the drop-down list, select system.webServer/httpCompression.

15. Click Dynamic Types. In the list editor, add "application/json".

After you have completed all steps above, the IIS configuration for HTTP access is completed.

If you want to configure a HTTPS connection as well, follow the next steps.

How to Set Up SSL on IIS 

The steps for configuring Secure Sockets Layer (SSL) for a site are the same in IIS 7, IIS 6.0, and higher. The steps include:

• Get an appropriate certificate.
• Create an HTTPS binding on a site.
• Test by making a request to the site.
• Optionally configure SSL options by making SSL a requirement.

Obtain a Certificate

There are two options for the server certificate:

• Acquiring a paid certificate that will ensure your web security.
• Generating a self-signed certificate that will only be used for testing purposes.

We do not recommend using a self-signed certificate in final project deployment.

If you choose to use the self-signed certificate, follow the next steps.

1. Select the server node in the tree view and double-click Server Certificates.

2. Click Create Self-Signed Certificate... in the Actions pane.

3. Enter a friendly name for the new certificate and click OK.

Now, you have a self-signed certificate. The certificate is marked for Server Authentication use, which means it uses a server-side certificate for HTTP SSL encryption and for authenticating the server identity.

Create an SSL Binding

1. Select a site in the tree view and click Bindings... in the Actions panel.

• This brings up the Bindings Editor that allows you to create, edit, and delete bindings for your Web site.

2. Click Add... to add your new SSL binding to the site.

• The default settings for a new binding are set to HTTP on Port 80.

3. Select https in the Type drop-down list and select the self-signed certificate you created in the previous section from the SSL Certificate drop-down list. Then, click OK.

• Now, you have a new SSL binding on your site and all that remains is to check if it works.

Check the SSL Binding

1. On the Actions pane, under Browse Web Site, click the link associated with the binding you just created.

2. Click Continue to this website (not recommended).

However, for testing propose, you need to follow the steps below:

1. Browse to your page (e.g. https://localhost:443) in Internet Explorer, which should use your self-signed SSL certificate. You should be greeted by an error message saying your certificate is not trustworthy.
2. Click Continue to this website (not recommended).
3. Click Certificate error in the address bar, and click View certificates.
4. Click Install Certificate.
5. Click Place all certificates in the following store, and click Browse. Do not rely on the preselected option to automatically select the certificate store as this will not work!
6. Inside the dialog box, click Trusted Root Certification Authorities, and click OK.
7. Finish the dialog.
8. When you get a security warning, click Yes to trust the certificate.
9. Reload your page, and the certificate should be working fine now. If the error persist, replace localhost in the url with the UserName the certificate was issued to. E.g.: https://WMSvc-ALEXISE3LH:443.

Configure SSL Settings

Configure SSL settings if you want your site to require SSL or to interact in a specific way with client certificates.

1. Click the site node in the tree view to go back to the site’s home page.

2. Double-click the SSL Settings feature in the middle panel.

Enable Web Client to use SSL Settings

 SmartClients Only

• Open the Web.config file in Windows. The files are located in:
  

  C:\ProgramFiles (x86)\Tatsoft\FactoryStudio
  C:\ProgramFiles (x86)\Tatsoft\FactoryStudio\fs-2014.1\

• You will find some comments regarding what command lines are used for HTTP.  So, you will need to comment out the HTTP lines and uncomment the HTTPS ones.

<!-- If using HTTP then Security Mode is None by default -->
<security mode="None" />
<!-- If using HTTP then Security Mode can use Windows Authentication -->
<!--
<security mode="Transport">
<transport clientCredentialType="Windows"/>
</security>
-->
<!-- If using HTTPS then Security Mode is Transport -->
<!--
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
-->

Replace with:

<!-- If using HTTP then Security Mode is None by default
<security mode="None" />
-->
<!-- If using HTTP then Security Mode can use Windows Authentication -->
<!--
<security mode="Transport">
<transport clientCredentialType="Windows"/>
</security>
-->
<!-- If using HTTPS then Security Mode is Transport -->

<security mode="Transport">
<transport clientCredentialType="None"/>
</security>

Repeat this procedure throughout the xml file. See "How to Set Up SSL on IIS 7" by Microsoft for more information.

WebClients (HTML5) Only

If using https to access a WebClient (HTML5), you must inform the application the correct port number for this connection.

To do so, create a shortcut of the TStartup.exe application, or launch the command prompt from the installation folder (fs-xx.x). Add the project and html5port parameters as indicated in the image.

Common Errors

Internet Explorer Security Settings

If you get an error message like the image above, it might be related to your Browser security settings. Microsoft's automatic updates of Internet Explorer may change some defaults on .NET support, which may cause your browser to have disabled XAML browser based applications.

To check this issue, go to Internet Options → Security → Custom level... in Internet Explorer and make sure the XAML browser applications in .NET Framework section is enabled.

Make sure that the XAML browser based applications is set to Enable on the .NET Framework section,

Missing File

If the error message you get is something like the following image, the problem might be related to some files being missing from the installation folder. To check it, go to your products installation folder and search for that file.

If you do not find it, you should uninstall the product, and install it again.

Binaries Modified

If the error message you get is something like the image below, the problem might be related to some files being missing from the installation folder. To check it, go to your products installation folder and search for that file.

If you do not find it, you should uninstall the product, and install it again.

Firewall blocking

It is quite common for a firewall to prevent remote access to the application. So, before accessing remotely, try to open a local copy of the browser locally on the server.

Run the server and the client on the same computer before trying to remotely access the application.

http://localhost/fs-2014.2/TWebClient.Xbap or http://127.0.0.1/fs-2014.2/TWebClient.Xbap

Or, run the server and the client with another Port number. For example, 1234.

http://localhost/fs-2014.2:1234/TWebClient.Xbap or http://127.0.0.1:1234/fs-2014.2/TWebClient

Insufficient User Permissions

If you are unable to launch the client and the error message is different from the ones above, the user currently logged into the system might not have the necessary permissions to access the files through an HTTP or HTTPS connection.

To overcome this, launch the Command Prompt as an Administrator and execute the following commands:

For port used in HTTP (in this example 80)

netsh http add urlacl url=http://+:80/thtml5/+ sddl=D:(A;;GX;;;IU) For port used in HTTPS (in this example 4430)
netsh http add urlacl url=https://+:4430/thtml5/+ sddl=D:(A;;GX;;;IU)

In this section...