Tags:
Related
Recommended

Checklist Business Connector version R5.1 SP2 and higher

ProfessionalServices

Introduction

Please check points 2 to 9 to confirm the correct installation and configuration of the Tridion Business Connector.

1. ISAPI

Go to the www master properties of IIS. Select the ISAPI  filter  tab.

Make sure the ISAPI filter ASP.NET_1.1.4322.573 is installed and running (green arrow up). If not (red arrow down)

2. Impersonation User

This section describes:

Configuring an impersonation user on Windows 2000 Configuring an impersonation user on Windows 2003

1.  Configuring an impersonation user on Windows 2000

1.  Access the Tridion MMC Snap-in. (For more information, refer to the Administration Guide).

2.  Depending on the type of security model you are using, (LDAP or Windows users) the Impersonation user type varies. Do one of the following:

  • For Windows authentication, create an impersonation user of type Windows using the credentials used by IIS when launching ASP.NET applications. Unless the standard configuration has been changed, the impersonation name will be: MACHINENAME\ASPNET 
  • For LDAP authentication, create an impersonation user of type directory service and point to the directory service used by Content Manager. The Impersonation user name should be the credentials used by IIS when launching ASP.NET applications. Unless the standard configuration has been changed, the impersonation name will be: MACHINENAME\ASPNET.    

3.  Restart COM+ and IIS.

 

2.  Configuring an impersonation user on Windows 2003

 

1. Open the IIS Configuration Console: Start>All Programs>Administrative Tools>Internet Information Service (IIS) Manager.

2. Under Local Machine Name, locate the Application Pools folder.

3. From the context menu, open the properties of the DefaultAppPool.

4. On the Identity tab, configure the identity of the Application Pool. For maximum security of the Web server, we recommend that you use the Predefined Network Service identity.

5. Open the Tridion MMC Snap-in. (For more information, see the Administration Guide).

6. Depending on the type of security model you are using, (LDAP or Windows users) the Impersonation user type varies. Do one of the following:

    • For Windows authentication, create an impersonation user of type Windows using the credentials used by the DefaultAppPool. If this is Network Service then the impersonation user is NT AUTHORITY\NETWORK SERVICE.
    • For LDAP authentication, create an impersonation user of type Directory Service and point to the Directory Service used by the Content Manager. The impersonation user name should match the credentials used by the DefaultAppPool. If this is Network Service, then the impersonation user is NT AUTHORITY\NETWORK SERVICE.    

7. Restart COM+ and IIS.

 

3. Business Connector Service user

Windows 2000 

To use the Business Connector in Windows 2000 you must make sure a local user, which is added to the Tridion Impersonation Users, starts the Tridion Business Connector Service.

  • Create a local user called BCImp and assign the following rights (or add it to the Administrators group):
  • log on as a batch job
  • log on as a service
  • log on locally
  • R/W ..\Tridion\bin
  • R/W ..\Tridion\bc (including sub dirs and directories specified in BusinessConnector.properties)

Edit the properties of the "Tridion Content Manager Business Connector" service and add this account to the Log on tab and restart the service. Next add this account to the Tridion Impersonation users as described in chapter 3.


Windows 2003

In Windows 2003 you should use the NT AUTHORITY\Network Service special user to run the Business Connector service.

Make sure to give the Network Service the following file permissions:

  • R/W ..\Tridion\bin
  • R/W ..\Tridion\bc including sub directories and files    

By default, the Network Service account already has permissions to impersonate other users, but you could double check this by editing the Local Policies

4. Application Extension Mapping Settings

1. Open the IIS Configuration Console: Start>All Programs>Administrative Tools>Internet Information Service (IIS) Manager.

2. Under Local Machine Name, locate the Application Pools folder.

3. From the context menu, open the properties of the DefaultAppPool.

4. On the Identity tab, configure the identity of the Application Pool. For maximum security of the Web server, we recommend that you use the Predefined Network Service identity.

5. Open the Tridion MMC Snap-in. (For more information, see the Administration Guide).

6. Depending on the type of security model you are using, (LDAP or Windows users) the Impersonation user type varies. Do one of the following:

  • For Windows authentication, create an impersonation user of type Windows using the credentials used by the DefaultAppPool. If this is Network Service then the impersonation user is NT AUTHORITY\NETWORK SERVICE.
  • For LDAP authentication, create an impersonation user of type Directory Service and point to the Directory Service used by the Content Manager. The impersonation user name should match the credentials used by the DefaultAppPool. If this is Network Service, then the impersonation user is NT AUTHORITY\NETWORK SERVICE.    

7. Restart COM+ and IIS.

5. BusinessConnector

Open Internet Explorer and connect to http://localhost/BCListener/BusinessConnectorService.asmx check if you get the following page back:

6. Temp Files

Use Windows Explorer to give the ASP.NET (or Network Service on Windows 2003) machine account at least Write permissions on the TEMP ( C:\Temp ) directory. By default, the TEMP directory has the Everyone group with Change permissions. Alternatively download FileMon from http://www.sysinternals.com/ntw2k/source/filemon.shtml and check if there any access denied on one of the temp folders or system32 directory.

7. Windows 2003

Make sure that the Web Folder Client service is started.

8. Java library files

1.      Create a directory called "endorsed" under the lib directory of your Java Runtime Environment. The actual JRE location can be found in the registry, under the key HKLM\JavaSoft\Java Runtime Environment\[java_version_nr]\JavaHome.

2.      In the "endorsed" directory, copy the following files from the "lib" directory under the ..\Tridion\bc directory to this new location:

  • xalan.jar 
  • xercesImpl.jar 
  • xml-apis.jar    

3.     Copy commons-httpclient.jar and commons-logging.jar from ..\Tridion\lib to ..\Tridion\bc\lib.

4.     Restart the Business Connector service to activate the changes.

9. Links

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT01.asp

http://support.microsoft.com/default.aspx?scid=kb;en-us;811320

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q317012#4

http://support.microsoft.com/default.aspx?scid=kb;en-us;315158

http://www.bluevisionsoftware.com/WebSite/TipsAndTricksDetails.aspx?Name=AspNetAccount

http://www.asp.net/faq/sidebyside.aspx#2