adrianomsalgado
Veteran Member
Posts:73
 |
| 2010-03-17 10:56 AM |
|
I use IIS 7.5.7600 on windows 7 professional 64-bits
So, how can I make the port 8000 work? I just don´t get what´s happening!!! |
|
|
|
|
jchan
Senior Member
Posts:282
|
| 2010-03-17 11:09 AM |
|
adriano,
from what I can see, the first problem is not the certificate. Maybe the certificate is OK, maybe not, but the first problem is that the RIS Server is not running. You should try to focus your effort on understanding why the RIS server is not starting.
I suggest you post the log from the RIS server from a fresh restart. That means stop the RIS, clear the log, start the RIS, and see what it says.
Note that in order for the RIS server to start successfully, the certificate must be installed correctly through IIS, if it is not, the log will tell you that it cannot find the certificate.
john |
|
| Real-time support available to Clinical Edition and Team Edition customers |
|
|
cipi
Basic Member
Posts:11
|
| 2010-03-17 11:12 AM |
|
Delete the certificate installed on IIS and restart the RIS service, if the installation was done properly RIS server must listen on port 8000. I recommend you try ClearCanvas PACS on Windows 2003 Server or 2008 Server if possible on a virtual machine. |
|
|
|
|
adrianomsalgado
Veteran Member
Posts:73
|
| 2010-03-17 11:44 AM |
|
How did you installed the certificate?
Did you generated de Certificate request at the IIS then use the "openssl ca -policy policy_anything -config openssl.conf -cert certs/ca.cer -in requests/certreq.txt -keyfile keys/ca.key -days 360 -out certs/iis.cer" and then "openssl x509 -in certs/iis.cer -out certs/iisx509.cer".
After that, go back to IIS and install the iisx509.cer with the "complete certificate request" button?
Don´t i need to do any binding?
thanx!!!! |
|
|
|
|
adrianomsalgado
Veteran Member
Posts:73
|
| 2010-03-17 02:35 PM |
|
Ok Jchan, thank you very much for your observations. The thing is that, if a Uninstall workstation and ris e reinstall with the option of local clients only, everything work just fine. So, I don´t believe the RIS server is not running. And if I remove all the certificates I´ve installed on IIS, I get the same TCP error. It is as if the RIS wasn´t seeing the certificate!!
I might be misunderstanding the way you must create a certificate request from the IIS and the way I complete the request. That´s the unique thing I can think about all this.
Could anyone discribe how to use openssl and create a valid certificate?
thank you guys very much for your patience. |
|
|
|
|
adrianomsalgado
Veteran Member
Posts:73
|
| 2010-03-17 02:36 PM |
|
Another thing, I don´t believe it has anything to do to the OS. I´m just missing some step between genegerating de certificate request and installing de validated/signed certificate.
I believe that if you help me with this We´ll solve the problem. |
|
|
|
|
jchan
Senior Member
Posts:282
|
| 2010-03-17 03:08 PM |
|
If your RIS Server is running, your netstat should have revealed a socket for it, but it didn't. So I suspect that your RIS server isn't running. I recommend you post the log from the RIS server after startup.
It may be true that you do not have the cert installed properly, but you won't know for sure unless you examine the RIS server log.
John |
|
| Real-time support available to Clinical Edition and Team Edition customers |
|
|
adrianomsalgado
Veteran Member
Posts:73
|
| 2010-03-17 09:57 PM |
|
ok john,
i´ve already uninstalled the ris and the workstation, the same for any certificate that exists at the iis.
As soon as i reinstall it i´ll post the ris log in here, ok?
Another thing,once the ris server is running, how should that appear at the netstat?
thanx, |
|
|
|
|
jchan
Senior Member
Posts:282
|
| 2010-03-17 10:04 PM |
|
you should see the server ip and port 8000 listed. it should say something like:
TCP 192.168.1.3:8000 LISTENING
If you don't see :8000 anywhere, then it isn't running (or you've somehow configured the RIS to use a port other than 8000).
You will see in the log if it is running or if it stopped because of an error.
You can also check in the Windows Services Console if the shredhost is running or not. |
|
| Real-time support available to Clinical Edition and Team Edition customers |
|
|
adrianomsalgado
Veteran Member
Posts:73
|
| 2010-03-18 06:51 AM |
|
Another thing, should i install the Certificate before or after I install the RIS Server? Becouse before the CCRis server Shred service was running at the services.msc.
thanx |
|
|
|
|
cipi
Basic Member
Posts:11
|
| 2010-03-18 07:03 AM |
|
In my case RIS service was running but not listening on port 8000 after installing the certificate and restart the IIS and RIS service then everything was ok, RIS service was listening on port 8000. |
|
|
|
|
jchan
Senior Member
Posts:282
|
| 2010-03-18 10:16 AM |
|
As specified in the getting started guide http://www.clearcanvas.ca/dnn/Portals/0/ClearCanvasFiles/Documentation/GettingStartedGuide/2_0_SP1/
the certificate is a prerequisite, so you must install it before installing the RIS. |
|
| Real-time support available to Clinical Edition and Team Edition customers |
|
|
adrianomsalgado
Veteran Member
Posts:73
|
| 2010-03-18 04:32 PM |
|
Sorry guys,
dumbness from my part.
I´ve downloaded a self-certificate software form Abylon. The thing is that I´ve been installing the certificate after the installation of RIS. I thought, though, that if you could or could not install the certificate(remote client or local only, respectively) anytime i decided to convert to remote the thing was reinstall the RIS and then put the certificate. My mistake!!!
but i still can´t use the openssl solution. the guide from http://www.dylanbeattie.net/d...howto.html might have some inconsistency with IIS7. |
|
|
|
|
jchan
Senior Member
Posts:282
|
| 2010-03-18 04:57 PM |
|
Every time you install the RIS server, the service auto starts after the install is complete so that's why it is recommended to have the cert installed first, but even if you install the cert after the RIS, you can always just stop the RIS server service and then start it again to get it working. It always looks for the cert on startup and if it can't find it, it will stop.
If you are restarting/rebooting and the service still doesn't start up (i.e. nothing listening on 8000 and client can't connect) then you can start to suspect that the cert is probably not installed correctly or not valid. It says all this in the log so always check the log for info about what is going on when you can't connect with a client.
You can change from local client setup to remote client setup anytime without reinstalling as long as you have the necessary certificate and modify the endpoints in the app.config of the client and server to reflect the configuration. There are some details about the mechanics and requirements in the Getting Started Guide in the certificate section. However, it's questionable whether or not it is worth learning how to modify the app.config since the server install/uninstall process is so easy. |
|
| Real-time support available to Clinical Edition and Team Edition customers |
|
|
adrianomsalgado
Veteran Member
Posts:73
|
| 2010-03-18 10:41 PM |
|
problem solved!
the openssl certificate as instructed in the address i´ve posted is not good for iis7 at least.
an alternative is to use abylon selfcertificate, much easier and it works!!!
now i´ve got a diferent trouble: i can´t import a study inside the explorer. receive an error message. I´ve created a new topic under Workstation.
hope you can help as you did.
thanx a lot!!! |
|
|
|
|
salsero
New Member
Posts:2
|
| 2010-04-21 03:27 AM |
|
cipi , i need a Certificate.
Tell me what can i must to do . |
|
|
|
|
psb_net
Advanced Member
Posts:55
|
| 2011-06-07 03:26 AM |
|
hi adrianomsalgado
I am also facing the Same problem u Faced Can u please kindly explain the procedure of the How to connect to ris Server which is in remotemachine
Regards
Suresj
|
|
|
|
|
adrianomsalgado
Veteran Member
Posts:73
|
| 2011-06-14 09:35 PM |
|
Hi Suresj!
Dude, lately I´ve been VERY busy taking care of my patients AND working on a soluton based on LINUX. I´ll probably migrate the clearcanvas to Mono also. As you can see, my time is just not enough! :-)
So I´m not sure I remember what I did back there in 2010 to solve my trouble. I believe I´ve generated my own certificate inside the IIS and that worked just fine. I didn´t need to use any of those garbage selfcertificate software. Anyway, there is an option. Take some time to read forward and backward the www.openssl.org/docs/apps/x509.html
I´m sure you figure out what´s hapenning to your system and solve it.
hope hearing from you soon,
any further help, don´t hesitate to SCREAM around here.
Success! |
|
|
|
|
diagnos
New Member
Posts:1
|
| 2012-02-18 05:46 PM |
|
Hi all,
I was having the same problem described here, and after messing around for a really long time this is what finally fixed it. It was a problem with the certificate, and the tip to fix it was found in the Getting started Guide, Certificate chapter:
When ClearCanvas Workstation has been installed as an integrated RIS client and ImageViewer, on startup, it will try to contact the RIS server at the specified endpoint and inspect the certificate in use. The certificate must be issued to the server hostname that matches the endpoint, must be issued by a recognized Trusted Root CA, and must not be expired. If any of these security checks fail, the client will not connect to the server.
So what I did was:
1. Create a certificate from the Abylon SelfCERT software. The certificate owner must be the "hostname that matches the endpoint", so in this case I used the full computer name
2. When installing the certificate, I chose the directory manually: Trusted Root Certification Authorities
3. Imported the Certificate from IIS (v6 in my case)
4. Uninstalled and reinstalled both RIS and Workstation
5. When reinstalling RIS and WOrkstation, I used the computer name instead of the IP address on the SQL config. and elsewhere.
This fixed the problem and finally I'm able to log in to the Workstation
Edit: I couldn't import DICOM images, apparently because of certificate issues as well. I decided to import the same certificate into "Trusted People" Store, and it seems to have done the trick. |
|
|
|
|
jchan
Senior Member
Posts:282
|
| 2012-02-18 09:21 PM |
|
Nice work, Diagnos. Thanks for sharing and kudos to you for checking the guide! |
|
| Real-time support available to Clinical Edition and Team Edition customers |
|
|