All versions of Venafi Trust Protection Platform
There are 2 very similar errors that have a very similar fix. First though, when accessing Aperture portal, an HTTP error 404 File or Directory not message is displayed when accessing Aperture even though the service account has full permissions to the %Program Files%\Venafi folder and the files exist.
To see what the actual problem is, you need to browse to local host directly on the TPP server. This will clarify the problem. For instance:
404.7 The request filtering module is configured to deny the file extension
Using the URL https://localhost/Aperture, an HTTP error 404.7 File_Extension_Denied message is displayed
404 - Verbs Not Allowed
This version of the error generally appears WITHIN the console, rather than blocking Aperture, as shown:
The key portion of this is near the bottom:
"The request filtering section of the applicationhost.config file or a web.config file contains an entry to deny the HTTP verb used fro the request. This is a security feature and should not be changed..."
This is caused by IIS not allowing unlisted extension to run or unknown verbs to run.
Enable both of these in IIS on the server generating the error. One server could work, while another does not, because the settings are unique per server.
To do this:
- Launch IIS on the server having the issue
- Browse to the Aperture application under Venafi
- Select the Request Filtering option (IIS Section)
- Click Edit Feature Settings
- If not checked, please check "allow unlisted verbs" and "Allow Unlisted Filename Extensions" as follows: