A message beginning in this way shows that the Ideagen Internal Audit (Aura) client has received a message that it does not understand.

"The client" in this case does not mean only the desktop client, it could mean the Web service (WebService\TngWebService.svc) or the Robot - both of these also act as clients to the main service (Service\TngService.svc).

There are various causes, but they all have in common the following:

• The client application tried to connect to the back-end service
• It received a response
• The response was not what it was expecting

The most common causes are:

• An error at the server (such as the database being unavailable) which IIS tries to display with a message formatted in html, instead of something that the client can understand
• An intermediate network device like a firewall or reverse proxy, either blocking the initial connection or by interrupting an existing one.  Such a device may present a login screen, some information page, or otherwise interrupt with a response that the client is not expecting

A detailed reading of the error can also help figure out the cause, because any HTML displayed in the error message is presented by the intermediate system, not by the Pentana Service (e.g. IIS or a firewall).

Example 1:  where there is an error displayed by the Web server, at the end of the error message you might see:

EXCEPTION: WebException
message: The remote server returned an error: (500) Internal Server Error.

Example 2:  where we see the <TITLE> tag in the below message:

EXCEPTION: ProtocolException message:   The content type text/html; charset=utf-8 of the response message does not match the content type of the binding (multipart/related; type="application/xop+xml"). If using a custom encoder, be sure that the IsContentTypeSupported method is implemented properly. The first 1024 bytes of the response were: '<!DOCTYPE html>
<html lang="en">
<head>
            <meta charset="UTF-8">
            <meta name="viewport" content="width=device-width, initial-scale=1.0">
            <meta http-equiv="X-UA-Compatible" content="ie=edge">
            <title>Blocked</title>

This indicates that an intermediate device is blocking the connection, and is showing Ideagen Internal Audit (Aura) an error screen relating to the block.

Understanding which applications are affected and which URL’s are used for connection between application components can help pinpoint the problem.

Common causes  

Database-related errors

Database-related errors will be displayed in this way because their messages will appear as an error page in IIS.   Logging in to the application server and browsing to the service URL (e.g.  http://server.domain.com/PentanaPRD/Service/TngService.svc) will reveal a more descriptive error message.

Example scenarios:

Ideagen Internal Audit (Aura): Error: A problem occurred attempting to initialise the data mapper. See Errors for details

Ideagen Internal Audit (Aura): Error "Cannot open database [...] requested by the login. The login failed"

Proxy blocks the connection

Where the message shows a 'blocked' message or similar, it is likely that:

• The back end services (including Robot) are all running on a server
• The server is behind a proxy
• The desktop client therefore has to go through the proxy before it can access the service, but is being blocked

In which case:

• The desktop client shows an error like the one shown above
• As the Web service and Robot probably connect directly, they do not error

Solution

The solution is to ensure that the desktop client is whitelisted by the proxy, or is configured to connect to the application service directly.

HTTP Strict Transport Security (HSTS)

Some Web servers implement HSTS, which can be used to prevent http connections (clients are redirected to https).  Where this is implemented and the standard Ideagen Internal Audit (Aura) service configuration is used (i.e. message encryption over http), the following happens:

• The desktop client, Robot and WebUI all fail with an error message like:
  
  Exception of type: ProtocolException - Message: The content type text/html; charset=UTF-8 of the response message does not match the content type of the binding (application/soap+xml; charset=utf-8). If using a custom encoder, be sure that the IsContentTypeSupported method is implemented properly. The first 1024 bytes of the response were: '<HTML><HEAD><link rel="alternate" type="text/xml" href="https://server.domain.com/PentanaPRD/Service/TngService.svc?disco"/><STYLE type="text/css">#content{ FONT-SIZE: 0.7em; PADDING-BOTTOM: 2em; MARGIN-LEFT: 30px}BODY{MARGIN-TOP: 0px; MARGIN-LEFT: 0px; COLOR: #000000; FONT-FAMILY: Verdana; BACKGROUND-COLOR: white}P{MARGIN-TOP: 0px; MARGIN-BOTTOM: 12px; COLOR: #000000; FONT-FAMILY: Verdana}PRE{BORDER-RIGHT: #f0f0e0 1px solid; PADDING-RIGHT: 5px; BORDER-TOP: #f0f0e0 1px solid; MARGIN-TOP: -5px; PADDING-LEFT: 5px; FONT-SIZE: 1.2em; PADDING-BOTTOM: 5px; BORDER-LEFT: #f0f0e0 1px solid; PADDING-TOP: 5px; BORDER-BOTTOM: #f0f0e0 1px solid; FONT-FAMILY: Courier New; BACKGROUND-COLOR: #e5e5cc}.heading1{MARGIN-TOP: 0px; PADDING-LEFT: 15px; FONT-WEIGHT: normal; FONT-SIZE: 26px; MARGIN-BOTTOM: 0px; PADDING-BOTTOM: 3px; MARGIN-LEFT: -30px; WIDTH: 100%; COLOR: #ffffff; PADDING-TOP: 10px; FONT-FAMILY: Tahoma; BACKGROUND-COLOR: #003366}.intro{MARGIN-LEFT: -15px}</STYLE><TITLE>TngService Service</TITLE></HEAD><BODY><DIV id="content">'.
  
  (note that https://server.domain.com is specified in the error).   The message is displayed on-screen for the desktop client, and appears in the logs for the Web service and the Robot.
  
  This is because the client makes an http request and is expecting an http response, but is redirected to https.
  
  
• If you test browsing to the service (http://server.domain.com/PentanaPRD/Service/TngService.svc) at its http address with a Microsoft browser (i.e. one which does not automatically redirect you to https anyway as Chrome does), you will notice that the URL in the address bar is changed to https regardless

 The relevant setting is not exposed in the IIS UI, so the quickest way to verify whether it is enabled is to:

• Open %systemroot%\system32\inetsrv\config\applicationHost.config in Notepad
• Assuming Pentana is installed under the Default Web Site, locate the following section:
  
  <configuration>
    <system.applicationHost>
      <sites>
        <site name="Default Web Site" id="1">

• The configuration line will look something like:
  
  <hsts enabled="true" max-age="31536000" includeSubDomains="true" redirectHttpToHttps="true" />

Solutions 

There are two ways to solve this:

• Reconfigure Pentana such that the main service runs under https
  
  Or
  
  
• Turn off HSTS, either by setting redirectHttpToHttps to false in applicationHost.config (do make a backup of the file first), or by running a PowerShell script like:

Import-Module IISAdministration
Reset-IISServerManager -Confirm:$false
Start-IISCommitDelay
$sitesCollection = Get-IISConfigSection -SectionPath "system.applicationHost/sites" | Get-IISConfigCollection
$siteElement = Get-IISConfigCollectionElement -ConfigCollection $sitesCollection -ConfigAttribute @{"name"="Default Web Site"}
$hstsElement = Get-IISConfigElement -ConfigElement $siteElement -ChildElementName "hsts"
Set-IISConfigAttributeValue -ConfigElement $hstsElement -AttributeName "redirectHttpToHttps" -AttributeValue $false
Stop-IISCommitDelay
Remove-Module IISAdministration

 Note that changing the configuration will cause IIS to restart.

Reference:  https://docs.microsoft.com/en-us/iis/configuration/system.applicationhost/sites/site/hsts