Contact us at 408.675.5020 or sales@identitymaestro.com

Home Page

Knowledge Base Search     Advanced

Confirm the Identity Maestro Websites in IIS Manager

Article ID: 1667
Last updated: 10 Apr, 2020

After Identity Maestro has been installed and the ServiceControl Connection Agent Windows services have been configured and started, the application pools and websites need to be verified.  This article discusses:

Applies to:

  • Identity Maestro 4.0.4+

Notes:  This article shows an application pool and website related to an Azure AD Remote Agent that is used for connecting to Azure AD Office 365.  Depending on what selections are made during the installation, you may see different or no Remote Agent application pools and websites.  What is critical with this process is to ensure that the application pool is configured with the correct identity which must match the local service account that was defined during the installation.  As a confirmation, you should be able to start the application pool and it should continue to run instead of quickly switching to a stopped status.

Confirm the Application Pool Identities

The Identity Maestro installer adds two or more websites based on the remote agents selected during the installation.  The first task is to ensure that the application pool identities are properly configured.

  1. In the IIS Manager application, navigate to Application Pools.
  2. Confirm what the list of application pools and their respective identities displays.



    In this example, the correct application pool identity should be imconnect which is the user defined during the installation procedure.  The ServiceControl Pool should also have 2 applications bound to it,  You cannot assume that the identities have been configured correctly during the installation.  If you are not sure, proceed with the remaining steps in this procedure.
     
  3. Click on one of the application pools and stop that pool.



    Click the Advanced Settings option.
     
  4. Select the Identity record and click the ellipsis button.


     
  5. In the "Application Pool Identity" window, select Custom account: and click the Set... button.
  6. In the "Set Credentials" window, add the correct username, e.g. imconnect and the password set during the installation procedure.
  7. Click OK, then OK, and OK to close all three windows.
  8. Start or recycle the application pool that you reset the identity credentials for.  The application pool should continue to run and not switch back to a stopped state.


     
  9. Repeat steps 3 to 8 for each "Omni" application pool and the ServiceControl Pool.  Once you are done, all of those application pools should show the same identity and the Application values should be "0".

Test the basic settings connection test for each website

This procedure will confirm that the authentication and authorization are correct and bind the application(s) to the application pool identities.

  1. Expand the websites and select the Default Web Site and click on Advanced Settings ...


     
  2. In the "Edit Site" window, click the Test Settings... button.  The "Test Connection" window should show a successful authentication and authorization, and confirm that the application pool identity is valid.


     
  3. Close the "Test Connection" and "Edit Site" windows.
  4. Repeat steps 1 to 3 for the Omni.WorkflowEngine and all of the Remote Agent websites.
  5. Navigate back to the Application Pools and confirm that applications have been assigned to the Omni and ServiceControl application pools.

Troubleshooting Tips

Application Pools Switch to Stopped Status.  A common issue with this process is that the application pool(s) may switch to a stopped status after being started or recycled.  If that happens, it indicates that the username and/or password that is set does not match the service user account that was defined during the installation.  If the problem persists, reset the password in the local user, and then reset the password of the identity assigned to the application pool.

Website Switches to Stopped Status or the Basic Connection Test Fails.  This can happen if the local service user account defined during the installation and assigned to the application pool has not been assigned to the Local Administrators and IIS_IUSRS groups.  Check and correct the group membership assigned to the local service user account.

Next Step

Once the website testing is complete proceed to Secure Identity Maestro Websites with SSL Certificates

This article was:   Helpful | Not helpful Report an issue


Article ID: 1667
Last updated: 10 Apr, 2020
Revision: 7
Views: 651
Comments: 0
print  Print email  Email to friend share  Share pool  Add to pool comment  Add comment
Prev     Next
Configure and Start the Connection Agent Windows Service(s)       Setup the Server Desktop