Symptoms
Auto-login to the BackupAgent Management Console does not work in Parallels Operations Automation (POA) Customer Control Panel. The following error is shown:
"Unfortunately an error occurred, please contact your backup provider. Unable to validate data."Sometimes, Auto-login to the BackupAgent Management Console goes well, while at other times, it gives an "invalid ViewState" error.
- A user logged on to the BackupAgent Management Console, and then, suddenly, one of the front-end servers shut down, navigating to the following page, and then giving an "invalid ViewState" error.
Cause
Possible reasons for the problem:
- Event validation is enabled in BackupAgent.
In the case of NLB (network load balancing) usage (with several BackupAgent front-ends), different BackupAgent front-ends have unique ViewState Hashes.
ASP.NET uses ViewState to control the state of its pages. This ViewState is encrypted with a key that is unique for each server. If you have a webfarm installed, it is important to sync this key across all webservers which are part of this farm.
Resolution
Log in to the BackupAgent Management Console node. Open the directory where the BackupAgent Management Console is installed.
Edit the
"Web.config file"-- find section<location path="Login.aspx">and change it as follows (create a backup copy of the file before modifying):<location path="Login.aspx"> <system.web> <pages enableEventValidation="false"/> <authorization> <allow users="*" /> </authorization> </system.web> </location>If this change causes "Empty Login.aspx Page," then Step 2 should be skipped, and the changes should be reverted.
Edit the
Login.aspxfile (on BackupAgent front-end) and insert after<%@ Pagethe following entry:EnableViewState="false" EnableViewStateMac="false"If an NLB (webfarm) with several BackupAgent front-ends is used, then perform Step 2 (when necessary) and Step 3 on each BackupAgent front-end, and additionally:
Inside the
web.configfile of the ManagementConsole of each server, place the following tag just below the<system.web>tag:<machineKey validationKey="0E3DDF746D79B5DD88EBAB1040B164B148E19896CB4FCE72FA18F93733B2BB688CA1CD376D5424E66094BCAEE0B76CCC4202B5B3A9A54D3DCACFE40FA63A4032" decryptionKey="03BA6EBB041FBDA678A7FEEB199A0B10CAB63FC7A276B0BFDC2D78ADA5554F23" validation="SHA1" decryption="AES"/>Make sure that the keys are unique for this specific application. On this page, you can easily generate a unique "machineKey":
- Get a new ViewState Hash value from the
Login.aspxpage (open it in a web browser and see the source code) and set it in BackupAgent APS Application Resource Type in POA.
Starting from Backup Agent version 1.2-12 behavior of application change: view state hash is no longer defined as activation parameter of application resource. Instead, is it defined as hidden settings that is not defined by provider or end customer:
How it works is when POA executes any task for Backup Agent configuration - as part of output script provides current viewstate hash and POA saves it in database and uses to form auto-login link in customer control panel.
In some cases viewstate hash can get changed on Backup Agent side but still old view state hash is present in POA database and thus single sign on breaks. To refresh view state hash of paricular Backup Agent subscription in POA one can do the following: Login to customer control panel > select subscription > Home > Backup agent > Configuration > Settings > Edit > Submit (no need to make any changes)
Alternatively one can use pem.APS.setServiceInstanceSettings without passing any settings:
http://download.pa.parallels.com/poa/5.4/doc/index.htm?fileName=71623.htm
As result POA will create a task to execute configuration script, script will return up to date view state hash, POA will save it in database, use updated view state hash for auto-login link and single sign on functionality will work.