Professional Documents
Culture Documents
Knowledge Page - EpicCare
Knowledge Page - EpicCare
Issue
Error
N/A
Resolution
Overview
Because EDD is not stitched directly into the Epicor ERP application, there is some configuration that
needs to be setup and it all needs to be wired up correctly or else there can be varying exceptions or error
conditions.
The Epicor ERP application has a server-side web.config that describes how Epicor ERP will be
made available to outside consumers. This web.config is typically updated using the Epicor Admin
Console, but can be manually updated using your favorite text editor.
Epicor Data Discovery has both a server-side web.config for the EDD REST services, and it has
a UI-side sysconfig.json file. Both these files are configured during installation of EDD.
the EDD REST web.config describes the connection string for the EDD database, and it
has an <AuthServer> node describing where Epicor ERP REST site exists.
the EDD UI sysconfig.json the <restUri> , <odataUri> , <distribution> nodes
describe where EDD REST and, distribution version/license files exist. At the bottom of the
https://epicorcs.service-now.com/epiccare?id=epiccare_kb_article&sys_id=ea32b993db9d1bccbea3fba9bf961900 1/8
11/12/2019 Knowledge Page - EpicCare
sysconfig.json, there is <ep.token> > <restUri> node that describing where Epicor ERP
TokenResources site exists.
The Epicor Active Home Page is distributed with Epicor ERP. It has a UI-side
\home\sysconfig.json file that contains an <eddUrl> node that describes the url for the EDD UI
site.
Prerequisite
browse to https://machineName.domainName/EpicorERP/api/help/
This should be successful to login to the Epicor REST API Help pages/swagger pages.
with simple token, it should prompt (with “Authentication Required”) for ERP user creds
with SSO, it should auto connect and present the “Epicor REST API Help pages”
with Azure AD, it should redirect to Azure login page and/or auto connect and present the
“Epicor REST API Help pages”
browse to: https://machineName.domainName/EpicorERP/api/.configuration.
with simple token, the <Enabled> node should be true, the others false
with SSO, the <UsesWindowsBinding> node should be true.
with Azure AD, the <AzureBindingEnabled> should be true.
This should respond with something like:
<ServerConfiguration xmlns:i="http://www.w3.org/2001/XMLSchema-instance"
<TokenAuthentication>
<AzureBindingEnabled>false</AzureBindingEnabled>
<Enabled>true</Enabled>
<UsesWindowsBinding>false</UsesWindowsBinding>
</TokenAuthentication>
</ServerConfiguration>
browse to:
https://machineName.domainName/EpicorERP/api/.configuration?tenantId=
to retrieve generic/default Azure AD configuration settings.
https://epicorcs.service-now.com/epiccare?id=epiccare_kb_article&sys_id=ea32b993db9d1bccbea3fba9bf961900 2/8
11/12/2019 Knowledge Page - EpicCare
browse to:
https://machineName.domainName/EpicorERP/api/.configuration?tenantId=xxxxx
(where xxxxx is legitimate tenant id) to retrieve Azure AD configuration settings for that
tenant.
When Azure AD is setup properly, this should respond with something like:
<ServerConfiguration xmlns:i="http://www.w3.org/2001/XMLSchema-instance"
<TokenAuthentication>
<AzureBindingEnabled>true</AzureBindingEnabled>
<Enabled>true</Enabled>
<UsesWindowsBinding>false</UsesWindowsBinding>
</TokenAuthentication>
<AzureADSettings>
<Description>Azure AD description</Description>
<DirectoryID>4f4f4c56-....</DirectoryID>
<NativeClientAppID>5de97b51-....</NativeClientAppID>
<WebAppID>f03910c7-.....</WebAppID>
</AzureADSettings>
</ServerConfiguration>
with simple token, it should prompt for creds. This should respond with something like:
<Token xmlns="http://schemas.datacontract.org/2004/07/Epicor.Web" xm
<AccessToken>
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOiIxNTIyNDQzMzM
V....
</AccessToken>
<ExpiresIn>3600</ExpiresIn>
<RefreshToken/>
https://epicorcs.service-now.com/epiccare?id=epiccare_kb_article&sys_id=ea32b993db9d1bccbea3fba9bf961900 3/8
11/12/2019 Knowledge Page - EpicCare
<TokenType>Bearer</TokenType>
</Token>
All of the Epicor ERP https endpoints should be secure and operational with valid SSL certificate. On the
chrome browser, on the Address bar the site should be locked down and secure.
If the lock is not locked then there is certificate error that needs to be solved.
NOTE: on development or sales image, the self-signed cert needs to include Subject Alternative Name
(SAN). Instructions for creating a Self-Signed cert in addendum at the end of this document.
Installation exceptions.
Below is a list of some potential Install time exception conditions; what the exception text might indicate,
and some possible resolutions.
You can find the full logs for the EDD installation under the Epicor installation directory.
The log file EDD.log and Errors.log may help to locate the problem.
https://epicorcs.service-now.com/epiccare?id=epiccare_kb_article&sys_id=ea32b993db9d1bccbea3fba9bf961900 4/8
11/12/2019 Knowledge Page - EpicCare
on Edit Site Bindings, select your Self Signed cert in the SSL certificate list and click OK
This indicates the ConnectionString to the DataDiscovery database in the REST web.config is set to
Integrated Security and the IIS AppPool identity does not have access to SQL server.
Solution 1: Change the AppPool Identity to be user that has sufficient access to the SQL
database. – Verify that user has db_owner role. – Verify that user has access to EDD database.
Solution 2: Add the Application Pool Identity to a SQL server login.
This indicates the software was successful to upgrade, but the Database was not properly updated.
Solution 1: re run the installer and verify the installation user has sufficient access to the
database.
Solution 2: TODO: how to publish / re-run the udpate-database.sql script.
https://epicorcs.service-now.com/epiccare?id=epiccare_kb_article&sys_id=ea32b993db9d1bccbea3fba9bf961900 5/8
11/12/2019 Knowledge Page - EpicCare
edit \Epicor.BI.DataDiscovery.Model\App.config.
verify the connection string points to the correct sql instance and database.
add Persist Security Info = True; to the connection string
Application Offline. The connection with the server has been lost.
Attempting to Reconnect…
This indicates the EDD REST site is not properly configured.
verify in IIS for the EDD REST Application, from Advanced Settings, make sure Enabled
Protocols included http,https
verify the AppPool is started.
browse to the EDD REST
site https://machineName.domainName/EpicorDataDiscovery/Epicor.BI.DataDiscovery.REST and
confirm you are presented with Epicor Data Discovery API site.
verify restUri, odataUri and distribution nodes on the top of sysconfig.json are using FQDN.
verify AuthServer node at the top of web.config is using FQDN.
On Login, when successful creds are entered, but the Login page is
not dismissed for the List page
When inner exception contains the following:
"statusCode":404,"severity":1,
This indicates there is mismatch between AuthServer nodes on EDD REST web.config and ep.token
nodes on EDD UI sysconfig.json
https://epicorcs.service-now.com/epiccare?id=epiccare_kb_article&sys_id=ea32b993db9d1bccbea3fba9bf961900 6/8
11/12/2019 Knowledge Page - EpicCare
Token authentication may not be enabled on the Epicor server, Refer to Epicor A
dministration Console.
If the Epicor ERP endpoints all behave properly and are have green-light certs, then this indicates there is
mismatch between AuthServer nodes on EDD REST web.config and ep.token nodes on EDD UI
sysconfig.json.
Addendum
Create a self-signed cert (with SAN)
With Epicor ERP 10.2.300, the Epicor Admin Console will be available to generate a proper SSL
certificate with the Subject Alternative Name. Until then, it is required to have valid SSL certificate.
Below is the manual steps to generate and use a Self-Signed certificate.
https://epicorcs.service-now.com/epiccare?id=epiccare_kb_article&sys_id=ea32b993db9d1bccbea3fba9bf961900 7/8
11/12/2019 Knowledge Page - EpicCare
Resources
How to create a self-signed SAN certificate, wildcard certificate vs SAN
Notes
N/A
https://epicorcs.service-now.com/epiccare?id=epiccare_kb_article&sys_id=ea32b993db9d1bccbea3fba9bf961900 8/8