Data API refusing to authenticate

Hi all. I have a strange situation I seem to be unable to resolve. I can see that the Data API is running on a particular server, but I cannot get it to authenticate. This was working on a previous server hosted on a VPS with a different hosting company. I can get the requests to work on another server by simply changing the environment and authorisation details. I have tried with and without SSL certificate verification on. It seems to me that either there is a problem with authorisation, or requests on port 443 are somehow being diverted elsewhere. Does anyone have any idea why this might be happening?

The symptoms

  1. I can confirm the Data API is running on the server by sending a Product information request, which returns the correct, anticipated information.

  2. All authentication requests are refused with the message 802, Unable to open file.

  3. No databases show up on the WebDirect Launch Centre, even though a number of files are set up for WebDirect Access, including the FMServer_Sample file.

The setup
FileMaker Server 19.1.2 hosted on a virtual server running Windows Server 2019 Standard. All the correct ports are open and listening The Thawte RSA CA 2018 SSL from DigiCert Inc has been installed correctly and checked (expires Aug 2021); the entire Certificate chain, including the Intermediary (expires Nov 2027) checks out as valid throughout. WedDirect and the Data API have been correctly installed and configured in the Admin Console. The machine has been set as the Master machine. No other processes are listening on or using ports 443, 80, 5003 etc.

Tests
Tests are being run from Postman using Wim Decorte’s set of Data API commands adapted to this environment and two new endpoint queries - Product Info endpoint and Databases endpoint.

Result returned from authentication request:
'{"messages":[{"code":"802","message":"Unable to open file"}],"response":{}}'

Comments and other factors
The provider requires administrators to log on from an authorised IP address. This does not seem to be the factor as I get the same result wherever I run the tests from (I cannot try locally).

The only difference between the Product Info and Auth request I can see is that there is no DNS lookup, TCP Handshake or SSL Handshake with the Product Info request.

image image

I have heard of similar behaviour encountered by other people, but don’t have any specifics.

Any help gratefully appreciated.

ClickWorks Article might help?

“ A caveat here is that the scope parameter in the authentication URL is, strangely enough, contains spaces. You should replace this by the ‘+’ character in order to make the following call.”

Thanks Robert. Interesting and informative read, but it doesn't seem to get me much further with this particular issue unfortunately.

1 Like

Can you expand a bit on this? What does that look like?

1 Like

When you use the databases endpoint, is the file that you're after listed?

1 Like

This is obviously not normal and would point to a config issue somewhere. Was this an install from scratch or an upgrade to an existing FMS installation?

1 Like

Hi Wim,

Many thanks for taking the time to reply.

This is applied when you log into the remote virtual server machine. Remote access administration of the server is only allowed from certain specified IP addresses. I don't think this, per se, is the issue.

1 Like

No, this is the entire response:

{
"messages": [
{
"code": "20602",
"message": ""
}
],
"response": {}
}

So far as I recall, the install history is:

FMS 18
Cleared, FMS 19 installed
SSL re-downloaded and re-installed
FMS 19.1.2 updater run on existing installation

The issue has occurred with every version on this server.

If you uninstalled FMS18 but didn't rename the left-over "filemaker server" folder then the new install could have picked up some of those leftover files. Any issues there typically show up in the web publishing side, like WebD and any of the web APIs.

The fact that you get a well-formed response means that connectivity is fine.

I would suggest:

  • uninstall FMS19
  • reboot
  • rename the left-over 'filemaker server' folder
  • install FMS19
  • reboot
  • set SSL cert and all config settings, move live files from the renamed folder to the new folder
2 Likes

Thank you Wim.

My customer's IT guy handles installs. I will get him to follow your advice and will post the outcome here. It may take a while as this will not be treated as highest priority - use of the Data API will replace an existing export/import routine from a third party application.

Thanks again for your help,

Jul

1 Like

Ok, make sure he doesn't copy everything over from the renamed folder, just the FM files themselves...

Will do. He tells me that 18 was never on there, but I'm guessing the same applies to the original 19 installation.