Troubleshooting Web Reporting Issues

Issue: Remote Certificate is Invalid

The following error message is displayed on web reporting URL instead of Proficy Authentication (UAA) page.

The remote certificate is invalid according to the validation procedure.

The error message is displayed when you install Plant Applications Web Server using the Proficy Authentication (UAA) type with self-signed certificates. The root CA self-signed certificate installed with UAA is not validated when reporting URL is loaded, as it is not available in your machine.

To resolve this issue, it is recommended to install enterprise SSL certificates signed by CA. Refer to Secure Socket Layer and Certificate Requirements to install certificates signed by CA or, follow the steps below to proceed using self-signed certificates.
  1. Navigate to Operations Hub or UAA URL https://<sitename>/iqp.
  2. Click Not secure and select Certificate is not valid.

    Certificate window page appears.

  3. Select the Certification Path tab and select <.…..Root CA.…..>.
  4. Select View Certificate.
  5. Select the Details tab and select Copy to File....

    Welcome to the Certificate Export Wizard page appears.

  6. Select Next.
  7. Select Base-64 encoded X.509 (.CER) and select Next.
  8. Select Browse and navigate to the location you want to save the file.
  9. Enter the file name in the File name field.
  10. Select Next and select Finish to save the file.
  11. Right-click on the saved file and select Install Certificate.
    Certificate Import Wizard page appears.
    • Select Local Machine in the Store Location and select Next.
    • Select Place all certificates in the following store and select Browse to locate certificate store.
    • Select Trusted Root Certification Authorities and select OK.
    • Select Next and select Finish.

Issue: Expired Self-Signed Certificate for Report (Web) Server

Download openssl version 0.9.8k and ensure to set folder path containing "<openssl_installed_path>\bin" in system PATH env variable to execute below commands:

  1. Download this zip file to your machine and extract the content to a new folder.
  2. Open v3.ext in Notepad++ and update below:
    • IP.2 = system IP
    • DNS.3 = system hostname/FQDN (as per webreports URL)
  3. Open server.csr.cnf in Notepad++ and update below:
    • CN = system hostname/FQDN (as per webreports URL)
  4. Launch command line window and navigate to the current folder and execute 'create-self-signed-certificate.bat'.

    The system creates both root and local certificates.

  5. Make a duplicate copy of rootCA.pem file and rename it to rootCA.crt.
  6. Modify the server name in the following command and execute it: openssl pkcs12 -export -out <ServerName>.pfx -inkey server.key -in server.crt
  7. Enter Password.
  8. Re-enter the password.

    The system creates a Pfx file.

  9. Double-click rootCA.crt and install this certificate to Windows trusted root location.
  10. Open IIS and select "Server Certificates" from Server Home, and then import the generated pfx.
  11. Open the bindings of Default Web Site, edit the Site bindings of https and select the generated SSL certificate and click OK.
  12. Restart IIS.
  13. Relaunch Plant Applications Web Reports.

Ad-Hoc Trend and Other Web Reports Do Not Open from Plant Applications Client

The Message Log displays the following errors:

  • ZNCVDPOCSEP-1/RDP-Tcp#41] - [16-May-24 12:30:05]AutoLog::zTrendTag>>
  • [ZNCVDPOCSEP-1/RDP-Tcp#41] - [16-May-24 12:30:04]Plant Applications Client Version: 9.1558.84
  • [ZNCVDPOCSEP-1/RDP-Tcp#41] - [16-May-24 12:28:54]AutoLog::zDoQualityAnalysis>> The underlying connection was closed: An unexpected error occurred on a send.
  • [ZNCVDPOCSEP-1/RDP-Tcp#41] - [16-May-24 12:28:50]Plant Applications Client Version: 9.1558.84

This occurs after disabling TLS 1.0 and 1.1 and enabling only TLS 1.2 in the registry under HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols.

To resolve the issue create these records in the registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
"SystemDefaultTlsVersions"=dword:00000001

SSRS Reports Do Not Open from the Report Tree

When the SSRS is configured on a different server, then the external SSRS URL must be added to the trusted sites in Internet Options of the machine:

  1. Internet Options > Trusted Sites > Sites, enter the SSRS URL under 'Add this website to the zone' and select 'Add'.
  2. Internet Options > Trusted Sites > Custom Level > User Authentication: Logon, ensure that either one of Automatic Logon options is chosen.