I got the Enterprise 11.5.1.0 release working, clean new install, domain joined. Details below

[england2847]

I don't have the time to write a full install guide based on the changes I made, but hopefully someone else gets a benefit from my experience here. This post will detail the changes I needed to make to get CSET enterprise up and running.

In my deployment, the web server is domain joined, and only accessible internally or via VPN.

1. First, the setup-enterprise script needed to be edited. ${env:computername}\CSETUser needs to replace "${env:userdomain}\CSETUser" on lines 82,83,84. This will add the CSET local user in the sql server properly.

2. next, that same local CSETUser created by the script needs to be added to the local IIS_IUSRS security group.

3. I had to add the local CSETUser to the local administrators group. This is because of the local security policy "Impersonate a client after authentication". Local admins have permission to this policy, but my AD Group Policies restricted us from adding the local user to that policy individually. Since the local administrators group is added to that policy by default, this is my temp workaround. Made sure the user has a very complex password and that the server is only accessible internally, since this is not ideal.

4. I ended up in a state where I could log into CSET locally on the web server, but not from any remote computers that should have access. I could navigate to CSET and enter my log in credentials, but i'd get a "The server is unavailable, contact your system administrator."

This solution was difficult to figure out. Eventually I realized that the webapp is bound to port 5001, and the enterprise install script also binds other traffic to 5001, but I wasn't seeing any 5001 traffic in my firewall. I found a config file at \inetpub\wwwroot\csetui\assets\settings\config.json

I had to edit the port value under "app" from 4200 to 5001, and I had to change the "url" values under "app" and "api" to the FQDN of my web server. shown below

"app": {
"protocol": "http",
"url": "servername.domain.com",
"port": "5001"
},
"api": {
"protocol": "http",
"url": "servername.domain.com",
"port": "5001",
"apiIdentifier": "api",
"documentsIdentifier": "Documents"

This change made my CSET site accessible from remote computers.

5. Additionally worth noting, since my firewall is deny by default, I had to open up inbound traffic to the web server on TCP ports 443, and 5001.

I hope this helps someone!

💬 Questions and Help

Please note that this issue tracker is not a help form and this issue will be closed.

For questions or help please see:

• ✉️ Email CSET support