cancel
Showing results for 
Search instead for 
Did you mean: 

"Cannot contact Google URL shrtening service" error while generating Enrollment code.

former_member198720
Participant
0 Kudos

Hi Team,

There is an issue I am facing in Afaria. We enabled Google url

service and tested connection successfully (from server pane in admin console) but while creating an

enrollment code the error says " The Google URL shortening service

couldnot be contacted. View the Server Configuration panel to test the

connection. ". Even Proxy is configured on Afaria installed machine

using ProxyConfig.exe in Afaria bin folder.

We also upgraded the Afaria 7 SP4 to SP5, still the same issue.

What are the possible configurations that i need to check from Afaria or from Network side?

Appreciate your help.

Afaria Environment Details:

Afaria 7 SP4, now upgraded to SP5, no hot fixes applied, MS server 2008 R2 System, MS DB

2008 R2.

Thanks you

Regards

Sajan Mathew

Accepted Solutions (1)

Accepted Solutions (1)

keith_nunn
Active Participant
0 Kudos

Hi, Sajan.

Other than connectivity to Google's servers, we do know that if the server address for the Enrollment Server configuration has invalid data in some form that it can generate this error as well.  So please ensure the value in 'Server Address' contains only alphabetic characters (A-Z), numeric characters (0-9), the minus sign (-), and the period (.). Period characters are allowed only when they are used to delimit the components of domain style names.

Thanks,

Keith Nunn

SAP Active Global Support
SAP Canada

former_member198720
Participant
0 Kudos

Thanks for the response Keith!

Please see below our Enrollment server Address. We connect to the server remotely through VPN.

http://10.68.140.91/aips/aipService.svc/GetEnrollmentSeedData?ID={d483777e-0ce2-4983-8a25-3929a564a4...

I inspected all previously generated enrollment code which were working before, all of them had similar long urls as above.

Please let me know if there's any invalid data in the above. If yes, how to rectify it?

Thanks a lot.

Sajan Mathew

keith_nunn
Active Participant
0 Kudos

Hi, Sajan.

Based on the URL, it looks fine.  A screenshot of your Enrollment Server configuration page would be more likely to verify for certain.  However, it's just a simple IP address.  So I doubt it's the problem.  Other than that, you could check the API code or maybe generate a new one to see if that's the problem.  Verify your API key is set to allow any referrer, as well.

Thanks,

Keith

former_member198720
Participant
0 Kudos

Hi Keith,

Definately, API key is not an issue (Any referrer is allowed, required services are enabled and even tried many keys). Attached is the Enrollment server configuration screenshot for Android. Do you spot anything wrong? Relay server is not configured and all Afaria components are hosted on one server.

Thank You

Sajan Mathew

keith_nunn
Active Participant
0 Kudos

Sajan,

That's the "Default Enrollment Settings" page and I was really speaking about the "Enrollment Server" page.  However, it continues to suggest that your configuration is not using any odd or unexpected characters.  It's probably a good idea to get a network trace at this point and investigate the traffic that's being sent to Google to see if Google is responding or if it's ever being sent in the first place.

You could also generate a debug log from the Afaria API service but at this point I don't think it would do much aside from reinforcing the error you see in the UI.

Thanks,

Keith

former_member198720
Participant
0 Kudos

Yes Keith, the Enrollment server also has the right configuration. We are currently coordinating with client to capture the Wireshark logs on the machine.

Also the devices were unable to connect to the Afaria server through the previously generated enrollment codes (they use their network APN to connect). You could be right, it must be a network communication error.

Will keep you posted.

Thank You

Sajan Mathew

keith_nunn
Active Participant
0 Kudos

Hi, Sajan.

I just created a new account with Google and a new project and then added a new browser key.  I then configured Afaria to use that new key and it was able to successfully generate a short code.  So the process does seem to work for me.  If you can get a network capture I can compare what you're seeing to what I'm seeing.


Thanks,

Keith

former_member198720
Participant
0 Kudos

Hi Keith,

Thanks for checking that for me. Please find the attached logs.

Regards

Sajan Mathew

jtaylor
Active Participant
0 Kudos

Sajan, Looking at this wireshark log, it doesn't appear that the proxy settings are configured for Afaria. Are you expecting them to be configured?

You stated that ProxyConfig was run in the original post, did you run it using an account that has registry permissions or run with elevated permissions (run as admin)?

If the answers to the above are "Yes", can you provide the text from the export of the registry: [HKLM\Software\Afaria\Afaria\Server\Proxy]? If you specify a username/password, the account info (UserData) key is encrypted, but you may wish to further obfuscate it or clear it.

former_member198720
Participant
0 Kudos

Hello John,

Actually, before we had 2 Afaria set ups (Prod and Dev) at Client's side (KSA). We observed the issue first in Prod in which Relay server and Proxy, both are configured. Then when we checked the Dev setup (without relay and proxy), we observed the same issue.

We then set up a new Afaria server at our end in India (without relay or proxy), surprisingly found the same issue again. The logs that i have provided above is from the recent setup and was captured while re-creating the error 3 times.

Do let me know for anything required.

Thank You

Sajan Mathew

former_member198720
Participant
0 Kudos

Hello Keith/John,

Did you find anything useful to spot the issue in the above logs?

Thanks

Sajan Mathew

jtaylor
Active Participant
0 Kudos

Hi Sajan, Sorry for the delay, but so far, I haven't determined anything wrong from your trace. I have tried to reproduce your issue, but I cannot get the test to work on the configuration page, and the code creation from a policy to fail. For the next step, I would do a couple of things:

1. Assure that you can get to the following address from the browser on the system, and check the proxy settings on the browser to assure they are as expected:
https://www.googleapis.com/urlshortener/v1/url?key=XXXXXXXXXXXXXXXX
(replace the XXXXXXXXXXXXXXXX section with the API key that you specified on the Enrollment Code configuration page)
the result should look something like:
{
error: {
errors: [
{
domain: "global",
reason: "required",
message: "Required parameter: shortUrl",
locationType: "parameter",
location: "shortUrl"
}
],
code: 400,
message: "Required parameter: shortUrl"
}
}

2. Enable the API logging, per KBA 1851170 ( http://service.sap.com/sap/support/notes/1851170 ), then perform a test of creating the code. Then share that log, so that we can see if we notice anything wrong. Hopefully it will contain a useful exception.

If we aren't able to get these to work, it may be worth your while to open a case so someone can do remote troubleshooting and see what is happening in real time.

former_member198720
Participant
0 Kudos

Hi John,

Thank a lot for going through the network trace.

1) Tried your first point and got exactly the same result on the browser as you indicated.

2) Performed the test of creating the code several times by enabling the API logging. Please find attached API logs collected.

Best Regards

Sajan Mathew

jtaylor
Active Participant
0 Kudos

Looking at the code for this, the test performs the exact same POST as the actual attempt to retrieve a good enrollment code from google, with the exception of the url passed to the shortening service. Based on that, the only things I could imagine are that google is rejecting the the address which is passed based on server availability or some other factor (you mentioned above that devices enroll over VPN to a private address) or that there is a network appliance which limits the length/size of POSTed data, which keeps it from generating the code correctly. The first theory would take some testing on this side to prove/disprove... but with a quick check at goo.gl, I cannot shorten the same enrollment link to my server, when specifying the internal IP address.

Have you tested using the TinyURL services on this same server?

jtaylor
Active Participant
0 Kudos

Hi Sajan,

Okay, so here's an update... Google updated their terms of service for the shortening service to where this won't be possible for internal addresses. You may be able to fool it by using the named address of the server, but you won't be able to do this with Google for the internal IP address. Apparently this changed about a month back. This also seems to have affected one of my systems which I have reachable by a public IP address because it got blacklisted.

You should try using the TinyURL service or, if you want to continue using the google shortener, use the DNS name of the server.

former_member198720
Participant
0 Kudos

Greetings John,

Finally!!! You got the answer i was searching for so aggressively. Awesome, it worked (code generated using google service) with the DNS name. However, previously i had tried public ip once but the code was not generated. Anyways, ill try that again, i think it should work too.

We could not use Tiny url service as our Afaria prod server is hosted in KSA at client site. Tiny url site is banned in KSA and the test would always fail when enabling this service in Afaria.

And Yes John, an incident was created for this issue before raising the concern here in community. Now i guess, ill have to update the ticket with the solution

Thanks a lot John and thank you Keith for engaging in this for the solution.

Best Regards

Sajan Mathew

jtaylor
Active Participant
0 Kudos

Hi Sajan,

So a little futher clarification, it looks like Goo.gl is blocking all IP addreses + path/file. The reference that my co-worker found implied internal IP addresses, but after some testing, it appears all IP addresses are impacted. I have posted a KBA about this. Thanks for your patience!

former_member198720
Participant
0 Kudos

Thanks for that information John, it saves my time.

Regards

Sajan Mathew

Answers (0)