1E 8.1 (on-premises)

If for any reason you are unable to install it, then please review the Preparation page. You should also re-run Tachyon Server post-installation tasks.

When installing interactively, please confirm you are logged on using an account that has local Administrator rights.

For Tachyon Servers, you can troubleshoot installation issues by reviewing the installation log file that is created in the same directory as Tachyon.Setup.exe after Tachyon Setup has run the installer.

For clients, you can troubleshoot installation issues by reviewing the installation log file. If you are having issues with 1E Client, please refer to Troubleshooting.

The server installer detects which Web Server certificate to use by matching the certificate's Subject Alternative Name (DNS) with the HTTPS Host header supplied during installation. As discussed in Certificate requirements, the Subject Alternative Name must include the DNS Alias FQDN of the server of type DNS Name, for example, DNS=TACHYON.ACME.LOCAL

To check the HTTPS binding of the website use the following steps. These steps can also be used to change the certificate if it has expired, or a new certificate needs to be used.

For minimum requirements for IIS see Windows Server roles and features.

To review the configuration:

The table below shows the IIS web applications used by Tachyon, and the IIS features that affect how users and clients connect. For more detail about these IIS web applications, please refer to Tachyon Single-Server system.

The Tachyon Core web application (Response Stack) uses the IIS feature IP Address and Domain Restrictions to restrict access so that connections are only allowed from specific IP addresses. Other web applications, including Tachyon, Background, and CoreExternal, are not configured, and therefore they allow all local and remote connections.

The list of IPv4 and IPv6 addresses is updated by Tachyon Setup during installation (and upgrade) of the following configurations.

Below is an example of what the configuration looks like for a Tachyon Server which has a two network adapters, one for a Switch, the other for SQL traffic, with IPv4 enabled and IPv6 disabled on each interface. The IPv6 addresses shown are isatap addresses, which is enabled by default on the server.

# Adds local IPv4, v6 and loopback addresses to the IP Address and Domain Restrictions of the specified web applications. It does not delete any addresses
# Remote addresses must be manually configured.
# It only adds addresses if the specified web application exists.
 
Import-Module "WebAdministration"

Function AddIpSec() {
    param(
        [Parameter(Mandatory=$true)][string]$SiteName,
        [Parameter(Mandatory=$true)][string]$AppName
    )

    Write-Output "Adding IP restrictions to $AppName"

    $fullAppPath = "IIS:\Sites\" + $SiteName + "\" + $AppName

    if (Test-Path -Path $fullAppPath) {
        $appPath = $SiteName + "/" + $AppName
        $ipAddreses = Get-NetIPAddress | sort IpAddress | foreach { $_.IPAddress }
        Set-WebConfigurationProperty /system.webserver/security/ipsecurity -Name allowUnlisted -Value "false" -Location $appPath -PSPath IIS:\
        foreach ($ipAddress in $ipAddreses)
        {
            $existingRestriction = Get-WebConfiguration system.webServer/Security/ipSecurity/add -Location $appPath -PSPath IIS:\ | where { $_.ipAddress -eq $ipAddress }
            if (-not ($existingRestriction)) {
                Add-WebConfiguration system.webServer/security/ipSecurity -Location $appPath -Value @{ipAddress="$ipAddress";allowed="true"} -PSPath IIS:\
                Write-Output "Allowed restriction on IP $ipAddress added to $AppName"
            }
            else {
                Write-Output "Restriction on IP $ipAddress already exists in $AppName. So skipping."
            }
        }
    }
    else {
        Write-Output "$AppName web application does not exist"
    }
}

$siteName = "Tachyon"

AddIpSec -SiteName $siteName -AppName "Core"
AddIpSec -SiteName $siteName -AppName "WelcomeCore"

There are a number of reasons why you may see this error when you browse to the Tachyon portal for the first time. You may also see errors saying Not Authorized or Unauthorized in server log files.

The usual reason for this is your server is configured to use Kerberos authentication and the HTTP class SPN is not registered in AD for the DNS Name used to access the server.

Service Principal Names (SPN) are attributes of AD accounts. A domain administrator will need to create an HTTP class SPN for the web server service account, by using one of the following methods:

setspn -l ACME\ACME-TCN01$
setspn -s http/acme-tcn01.acme.local ACME\ACME-TCN01$
setspn -s http/tachyon.acme.local ACME\ACME-TCN01$

Use each command as follows:

The above example assumes the:

To determine which type of record a DNS Name is, run the following command:

nslookup tachyon.acme.local

More complex scenarios can be configured which requires in-depth knowledge of IIS, SPN, and DNS configuration and are beyond the scope of this documentation.

You may see this error when doing post-installation tests (refer to Verifying). When you use a browser to open an application in the Tachyon portal, you will see Server Error 403 - Forbidden: 'Access denied' if the internal account used by the Application Pool does not have read access to the Tachyon web application folders. This can happen if Tachyon is installed in a non-default location and the NTFS permissions on the installation folder are not correct. To remedy the issue, you should review and correct NTFS permissions as described in Services and NTFS Security.

You may see this error when doing post-installation verification tests, (refer to Verifying).

When you use a browser to open an application in the Tachyon portal, and you see Server Error 404 - 'File not found' the reason is probably that you have not installed the IIS features Web-ASP and/or Web-Asp-Net45.

Use the following steps to check if the Web-ASP and/or Web-Asp-Net45 features are installed and to install them.