Ideagen Luminate logo Ideagen Luminate logo
Navigation
Need help?
Send feedback
Sign in
This page does not meet FedRAMP security standards. Please avoid entering sensitive or classified information. Learn more
Learn more
Learn more

Looking for help?

Common queries

View all

Send us feedback

Megaphone illustration

Before you start

This form is for Ideagen Luminate feedback only. Your submission will not receive a response.

Looking for support? Select the solution you need help with and open a ticket with us.
New article Recently updated

Ideagen Internal Audit (Aura) Web:  Error 500 / 'The extended protection settings configured on IIS do not match the settings configured on the transport'

By Karl Newstead
  • Last updated
⌘ K
Search this article
Print this article

Where the WebUI is configured for Windows Authentication, you may see the following behaviour:

  • When accessing the WebUI, the browser shows the message:

    Something has gone wrong
    500 - The service encountered an internal problem
  • At the server desktop, browsing to https://domain.com/[Pentana instance]/WebService/TngWebService.svc throws the following error:

    The extended protection settings configured on IIS do not match the settings configured on the transport.  The ExtendedProtectionPolicy.PolicyEnforcement values do not match.  IIS has a value of WhenSupported while the WCF Transport has a value of Never.

    Or

    The extended protection settings configured on IIS do not match the settings configured on the transport.  The ExtendedProtectionPolicy.PolicyEnforcement values do not match.  IIS has a value of Always while the WCF Transport has a value of Never.

This error relates to the IIS configuration setting ‘Extended Protection’, which by default is set to ‘Off’.

You can review the current setting as follows:

  • Open IIS Manager
  • Go to the Pentana applications
  • Select WebService
  • Select the Authentication feature
  • Select Windows Authentication
  • Click Advanced Settings
  • The Extended Protection dropdown will show whether the feature is set to Off, Accept or Required

mceclip0.png

 

Note that the terminology is confusing – the wording of the IIS dropdown is not consistent with IIS’s error message.


If you choose to keep Extended Protection activated, then changes must be made to the Ideagen Internal Audit (Aura) WCF configuration.

To do this:

  • Open the file c:\inetpub\wwwroot\[Pentana instance]\WebService\Web.config, either in Notepad or in App Manager
  • Locate the <bindings> section, and within that the <security> tag, which looks like this:

mceclip1.png

 

The section must be changed, so that the <transport> closing tag is changed and a new line is added.  The value to use depends on the setting in IIS:

If the IIS Extended Protection setting is ‘Accept’ (and the IIS error is ‘IIS has a value of WhenSupported’):

Change the security section to read as follows (note the additional line and change of closing tags):

          <security mode="Transport">
            <transport clientCredentialType="Windows">
             <extendedProtectionPolicy policyEnforcement="WhenSupported" />
            </transport>
          </security>


If the Extended Protection setting is ‘Required’ (and the IIS error is ‘IIS has a value of Always'):

Change the security section to read as follows (note the additional line and change of closing tags):

 

          <security mode="Transport">
            <transport clientCredentialType="Windows">
             <extendedProtectionPolicy policyEnforcement="Always " />
            </transport>
          </security>

 

After saving the file and restarting your browser, it should be possible to log in.

What do you think about this article?

Your feedback helps us improve

More articles in this section

Looking for more help? Ask the Community

On this page