Important Update: Archer Community Scheduled Maintenance on November 23–24 - New Community Launching Soon! Learn More..

This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
100% helpful (1/1)

How to Perform Port Registration in Archer

KB-Sync1
Archer Employee
Archer Employee

on ‎2020-12-10 07:40 PM - edited on ‎2024-11-18 09:01 AM by

Article Number

000038383


Applies To


Product(s): Archer
Version(s): All Versions
Primary Deployment: On Premises

Description


Background:
Windows Communication Foundation (WCF) is a framework for building service-oriented applications. Using WCF, you can send data as asynchronous messages from one service endpoint to another. A service endpoint can be part of a continuously available service hosted by Internet Information Services (IIS), or it can be a service hosted in an application. An endpoint can be a client of a service that requests data from a service endpoint. For more information about WCF, check What Is Windows Communication Foundation.

WCF is used with .NET Framework and supports multiple protocols such as HTTP, TCP, Named pipe.
WCF, using one of three transaction models: WS-AtomicTransactions, the APIs in the System.Transaction namespace, or the Microsoft Distributed Transaction Coordinator. The Services and Clients can communicate over HTTP and HTTPS using WCF service. The HTTP/HTTPS settings are configured by using IIS or by using a command-line tool. When a WCF service is hosted under IIS, HTTP or HTTPS settings can be configured within IIS.

When the Archer installer runs, the Archer Services Account (either Local System or Local Windows account or Domain Service account) will get registered with the application URL and the list of defined ports. Archer is using the following ports to communicate within the Archer Services:
  • Port 13200 is used for the Configuration Service/REST.
  • Port 13201 is used for the Configuration Service.
  • Ports 13202, 13300 - 13204 are used for the Web Server.
  • Ports 13305 - 13350 are used for the Async Job Engine Service.
  • Ports 13351 - 13355 are used for the Content API.
  • Ports 13356 - 13360 are used for the Mobile API.
  • Port 8082 is used for the Queuing Service.
  • Port 8000 is used for the Advanced Workflow Communication Port.
  • Port 8433 is used to encrypt the Advanced Workflow traffic.
Communications between the Archer Services (Archer Configuration Service, Archer Job Engine Service, Archer LDAP Synchronization Service, Archer Queuing Service and Archer Workflow Service) is through the Windows Communication Framework (WCF). The Archer Configuration Service pushes data to all components (Services, Web, Instance Database and Workflow) and all components pull configuration data from Archer Configuration Service (It is a 1 – N communication topology).

When the Archer installer runs during the installation, it uses the command line 'netsh show http urlacl' to register the URL and ports. Furthermore, the 'netsh http' commands are used to give permission to the named Service Account to access the ports required for intercommunications among Archer Services. For more information about the 'netsh', check Netsh Commands for Hypertext Transfer Protocol (HTTP).

Cause


Possible scenarios that may require performing Port Registration:
  1. After an Archer installation, it is noticed that the Service Account that is used to run the Archer Services is not registered correctly with the URL and Ports.
  2. After an Archer installation, it is noticed that the incorrect Service Account was used with the URL and ports.
  3. If the client decides to change the Service Account that is used with the URL and ports.
  4. Overall system slowness (Excessively long save times).
  5. Clients need to be able to change the Service Account that Archer is running as, without re-running the installer on every server.
  6. Re-running the Archer installer on every server is not practical as it requires stopping Archer Services which may refuse to stop because of currently running jobs and can result in down time.
  7. Cases where clients have forcibly changed the Service Account for one reason or another, without doing the proper steps which lead to a lot of problems on the platform, from performance-related problems to complete outages. The goal is to be able to change the Archer service account without re-running the Archer installer, and being able to do it while the environment is still running.

Resolution


To perform Port Registration, navigate to the installation folder ACL Config folder usually located under C:\Program Files\Archer\Tools\Utilities\ImpersonationUtils\.

  • The remove script remove_archer_ACL_ALL will de-associate the Archer service account that is used with the URL and ports.
  • The add script add_archer_ACL_Web will register the Archer service account with the URL and ports on the Web server
  • The add script add_archer_ACL_Services will register the Archer service account with the URL and ports on the Services Server.

Note:

  • The add script add_archer_ACL_Web is used with the Web server and it includes the web ports [13202, 13300 -13204].
  • The add script add_archer_ACL_Services is used the Services server and it does not include the web ports [13202, 13300 -13204].

How to Apply the Script:
1. Backup the Archer environment:

a. Take a snapshot of the Services server and Web server.
b. Backup the Instance Database.

2. Check the port registration.

a. Open a command prompt as Administrator (Start > Run > Type CMD and press Enter).
b. Type the following command: netsh http show urlacl > c:\ports.txt

3. Find out which Service Account is used with the Archer services:

a. Login to either Web or Services server.
b. Click Start > Type Services.msc > Press Enter.
c. Then locate the Archer Services and under Log On As you should find which account is used with the Archer Services (as shown below).
0EMVM000004nKcn.png0EMVM000004nKcn.png
4. Run the remove script remove_archer_ACL_ALL:
a. Log onto the Web server.
b. Right-click the script remove_archer_ACL_ALL.bat and run it as an Administrator. The below screenshot should appear.
0EMVM00000Ch1mk.png0EMVM00000Ch1mk.png
c. You should see each existing port registration removed. If one does not exist, it will be skipped which is expected.
d. This will de-associate the Service Account that is used with the URL and ports. To confirm, check the Port Registration again (as described in step 2 above) and check the output, it should have removed all these ports: (13200, 13201, 13202, 13300 - 13304, 13305 - 13350, 13351 - 13355, 8000, 8082).
 
5. Once the Archer Service Account is obtained from step 3 above, follow the steps below:
a. Open the script add_archer_ACL_Web on the web server and use Notepad/Notepad ++ and replace the domain\username with your Archer Service account and save the script. You will see something like this:
0EMVM00000Ch7de.png0EMVM00000Ch7de.png
b. Right-click the script add_archer_ACL_Web.bat and run it as an Administrator. You should then see that the URL and port are being added (as shown below).
0EMVM00000Ch77O.png0EMVM00000Ch77O.png
c. Each port from the file gets registered to the account that was specified.
d. Then either restart IIS or reboot the server.
6. For verification purposes, run the Port Registration (from step 2) and compare the output with the ports and URL in the script add_archer_ACL_Web to ensure that all the ports and URL are the same.
7. For the Services server, follow steps 2 to 6 and ensure to use the script add_archer_ACL_Services.

Version history
Last update:
‎2024-11-18 09:01 AM
Updated by: