So, i guess since our last Update to Version 4.2.2, we cant download any reports under the "Data Retrieval" section anymore.
It just throws the following error:
In the "Web_ESMINT.log" File i get the following two error-lines in the related time-span:
2019-01-28T08:01:50.2062+01:00 ERROR w3wp 26 Cyvera.Management.Web.Controllers.AdministrationController General "Failed to download file from url: https://esm.intern.iwelt.de:443/BitsUploads/Logs_28_01_2019-06_57_17_000_f317aad2-22c9-11e9-a13b-acd... System.Net.WebException: The remote server returned an error: (401) Unauthorized.
at System.Net.WebClient.OpenRead(Uri address)
at Cyvera.Server.Facades.Download.TrapsDownloader.StreamFile(ServerConfig config, Uri sourceFileAddress)
at Cyvera.Management.Web.Controllers.AdministrationController.FileDownload(String url)"
2019-01-28T08:01:50.2062+01:00 ERROR w3wp 26 ApplicationLog General "This request has been blocked because sensitive information could be disclosed to third party web sites when this is used in a GET request. To allow GET requests, set JsonRequestBehavior to AllowGet. System.InvalidOperationException: This request has been blocked because sensitive information could be disclosed to third party web sites when this is used in a GET request. To allow GET requests, set JsonRequestBehavior to AllowGet.
at System.Web.Mvc.JsonResult.ExecuteResult(ControllerContext context)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilter(IResultFilter filter, ResultExecutingContext preContext, Func`1 continuation)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass25.<BeginInvokeAction>b__22(IAsyncResult asyncResult)"
I can't really say for sure what caused this error (Update or Administration-Error).
I already opened a case with Palo Alto Support, but maybe, some of you guys experienced the same behavior and have a fix for it.
Solved! Go to Solution.
I kind of did myself before i had a meeting with the Support.
As the Error says, there is some issue with GET Requests not being allowed. So i had to go into the IIS-Settings, go to the right Application (in this case the BitsUploads), and add the Verb "GET" to All-Users.
EDIT: i just noticed that the Upgrade to version 4.2.3 reverted my changes and it also didn't work until i fixed it again.
it looks like it was a bug, but i can't say for sure if it was caused by one of the ESM Updates or an IIS update directly. I opened a TAC case and they were able to help me fix the issue, without the workaround.
In our case, configuring an application pool identity did the trick
More on the issue here: https://support.microsoft.com/en-us/help/907273
Hope it helps
Thank you for your reply.
Do you remember what did you have to do? Which identity did you use for ESMAppPool, the service account used for database connections? Were there any special permission needed?
The thing is that I already set the identity for the app pool, but still doesn't work without putting GET verb.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!