Version: 3
restore

Contents

Summary

Installer properties and configuration settings for the Shopping client module of the 1E Client supported only on Windows computers. This module supports users connecting to the Shopping Portal, and provides the Windows Servicing Assistant (WSA).

Enabling the Shopping client module allows the Windows Servicing Assistant (WSA) feature to be used. There are no additional settings required to enable or configure the WSA feature.

Configuration file settings are the same as the installer properties. There are no registry settings. Configuration file settings can be managed using 1E Client reconfiguration, Tachyon Explorer configuration instructions, Tachyon Guaranteed State policies, Configuration Manager baselines or other means.

On this page:

The Shopping client module of the 1E Client replaces the Shopping Agent used by versions of Shopping before v5.5. When the 1E Client starts, if the Shopping module is enabled the 1E Client will automatically remove any previous installation of the 1E Shopping Agent.

The Shopping client module is not supported on:

  • Non-Windows devices
  • Legacy OS (that is OS which Microsoft no longer support, including XP, Vista, Server 2008 etc.)

Shopping client settings

The table below lists the settings required to enable the Shopping client required for integration with Shopping v5.5 or later. The Shopping client module must be enabled on all Windows computers that will connect to the Shopping self-service portal.

You must use UPPERCASE when specifying the name of any installer property in a mst transform file, and preferably when including them in a msiexec command-line.

Names of settings stored in the configuration file are not case-sensitive. Setting names stored in the registry may be case-sensitive and should be specified as shown.

Settings that have numeric values must be set using decimal integers, unless otherwise specified.

Shopping module settingInstallation defaultDescription

Module.Shopping.Enabled

false

Set the value to true to enable the Shopping module. The default value is false.

Shopping must be enabled so that users of a computer can use the 1E Shopping self-service portal, the Windows Servicing Assistant, and the 1E Virtual Assistant.

If enabled, when the 1E Client starts it will attempt to automatically remove any previous installations of the 1E Shopping Agent.

Module.Shopping.AlternativeUrls

This setting is not in the template configuration file.

(blank)

Optional. A list of URLs from which the Shopping module allows launching the WSA wizard. This setting is typically used to launch WSA from a ServiceNow application such as 1E Service Catalog Connect.

Multiple URLs should be separated by pipe characters. For example  https://dev123456.servicenow.com|https//dev987654.servicenow.com

The Shopping client requests this value from the Shopping Central website  (admin console setting: AlternativeUrls ). If the request is successful the website value takes precedence even if blank, otherwise the local setting is used.

Module.Shopping.FirefoxSupportEnabled

This setting is not in the template configuration file.

(blank)

Optional. If this setting is not specified the value defaults to false.

This value must be set to true if LocalHostUrl is set to https and Firefox is being used to browse to the Shopping website, or to launch the WSA wizard from Shopping or third party websites like ServiceNow.

When set to true, the Shopping client set the Mozilla preference security.enterprise_roots.enabled=true which allows Firefox to see the Shopping client  certificates in the Windows certificate store. You can see this setting in Firefox about:config.

The Shopping client requests this value from the Shopping Central website (admin console setting: Firefox support enabled). If the request is successful the website value takes precedence even if blank, otherwise the local setting is used.

Module.Shopping.InitializationFailureSleepSecs

This setting is not in the template configuration file.

30

This setting controls the time the client waits before attempting to connect to the website specified in Module.Shopping.ShoppingCentralUrl. If the client module fails to connect during startup, it does not initialize, and will retry at gradually increasing intervals until it is able to connect.

Range is 10 to 900, default is 30.

The log file may show this setting as InitializationRetryIntervalSecs.

Module.Shopping.LocalhostUrl

This setting is not in the template configuration file.

(blank)

Optional. The localhost URL used by the Shopping client module to listen for localhost API calls. For example: http://localhost:8000/ShoppingClientAgent/MachineInfo

The Shopping client calls a windows API to find out if the machine is in a workgroup or Module.Shopping.SsoEnabled is set to true then this value is used  to listen for localhost API calls. It must be ensured that the value of LocalhostUrl matches the value configured in the Shopping Admin Console under 1E Client loopback URL settings.

LocalhostUrl must be set to  https if ShoppingCentralUrl is set to  https , otherwise it can be  http or  https

ShoppingCentralUrlLocalhostUrl
httphttp or https
httpshttps

When LocalhostUrl uses https the 1E Client Shopping client creates the following certificates on startup, and deletes them when shutting down:

  • a self-signed certificate issued to 1ECA added to the machine's Trusted Root Certification Authorities (ROOT) store
  • a certificate issued by 1ECA issues to localhost added to the machine's Personal (MY) store.

If using https and Firefox browsers are used, then Module.Shopping.FirefoxSupportEnabled must be set to true.

Shopping client only allows inbound connections to localhost (127.0.0.1) which prevents remote access.

See  Information provided by the Shopping client  below for details of localhost API calls.

Module.Shopping.LoopbackExemptionEnabled

false

Optional. Default value is false. Set this value to true if users are likely to use Microsoft Edge or other Metro browsers to access the Shopping website. 

The Shopping client requests this value from the Shopping Central website  (admin console setting: Loopback exemption enabled ). If the request is successful the website value takes precedence, otherwise the local setting is used.

When users connect to the Shopping Portal, the website needs to get the latest details about the local computer. Shopping may already have details from the Configuration Manager database via ActiveEfficiency, but these need to be confirmed and updated. Browser standards only allow websites to get limited information about the user and computer, therefore the website needs to make loopback calls to the local computer via the Shopping client. The following browsers permit loopback calls by default:

  • All versions of Chrome
  • All versions of Firefox
  • Non-Metro UI based Internet Explorer browsers (including legacy Internet Explorer)

If your Shopping users are using Edge and Metro Internet Explorer browsers you must enable a Loopback Exemption to allow these browsers to make loopback calls. Exemption affects the browser as a whole and is not just restricted to the Shopping website. Before enabling this option, check your corporate security policy and be aware of the implications of allowing access between browsers and the local machine. By enabling loopback, you are only setting the Edge/Metro Internet Explorer browsers to the same level of security as other browsers which allow this setting already.

If you are running an unattended install, you can use MODULE.SHOPPING.LOOPBACKEXEMPTIONENABLED for all OS but it only works on Windows 8, 8.1, 10 and Windows Server 2012 R2 and later.

Shopping client only allows inbound connections to localhost (127.0.0.1) which prevents remote access.

Module.Shopping.ShoppingCentralUrl

(blank)

The URL that the Shopping client module uses to connect to the Shopping Central website. Failure to connect causes the client to fail to initialize and retry connection later.

Example: https://shopping.acme.local/Shopping

This is the URL of the Shopping Central website, comprising:

  • scheme - either http or https
  • host header - DNS Name FQDN - this is the host header configured for the Shopping website, which is normally a DNS Name FQDN
  • port number - you do not have to provide this if using default port 80 or 443
  • path - this is always /Shopping. 

This setting is mandatory when Module.Shopping.Enabled=true.

The Shopping client uses ShoppingCentralUrl to make the following API calls to obtain configuration settings from the Shopping Central website.

<Module.Shopping.ShoppingCentralUrl>/WindowsServicingAssistant/GetTachyonAgentUrl
<Module.Shopping.ShoppingCentralUrl>/WindowsServicingAssistant/ModuleConfig

Module.Shopping.SsoEnabled 

This setting is not in the template configuration file.

false

Optional. Default value is false. Set this value to true if environment uses Single Sign On authentication to access Shopping website. 

When set to true, the Shopping client does not tries to connect to Shopping website and just uses the Module.Shopping.LocalhostUrl  to listen for localhost API calls. 

When set to true, the Module.Shopping.LocalhostUrl  must be specified and matches the value configured in the Shopping Admin Console under 1E Client loopback URL settings.

The above client request process allows 1E products like Virtual Assistant to use the loopback feature without installing a Shopping website. For example, setting   Module.Shopping.SsoEnabled=true  allows the client to use the local value of LocalhostUrl.

Information provided by the Shopping client

The following localhost API calls can be entered directly in a browser on a device that has the Shopping client module of the 1E Client enabled and correctly configured.

If the Shopping Central website binding is https then the localhost URL must also be https, otherwise it can http or https

When using an  Edge or Metro versions of Internet Explorer browser, you must set Module.Shopping.LoopbackExemptionEnabled=true.

MachineId

The following table shows example details sent by the Shopping client to the Shopping Central server. The client makes a localhost API call MachineId API to get the details, and then uses a server API call to post them to the Shopping Central website, which creates or updates the machine details in the Shopping database and returns the MachineId GUID from the database. Details are shown in the 1E.Client.log.

This call is made when a user browses to the Shopping Web Portal, and the website uses the loopback feature to query the local computer.

You can test this by entering  http://localhost:8000/ShoppingClientAgent/MachineInfo/MachineId  directly in a browser.

AttributeDescriptionExample
HostNameComputernameACME-WIN1001
HostDomainNameComputer's NetBIOS Domain NameACME
AssignedSiteConfiguration Manager client Site codeCM1
MacAddressComputer's MAC Address20-68-9D-5B-EB-73
OSVersionOS Version10.0.15063
OSArchitectureOS Architecture64-bit
OSRole

The role of the OS. Values are:

  • 1 – Workstation
  • 2 – Domain controller
  • 3 – Server
1
SccmVersionConfiguration Manager client version5.00.9012.1020
UniqueIdConfiguration Manager client GUIDGUID:04804aed-922c-4a4b-9f41-eab6592e7d83
IntuneDeviceIdIntune Device Id02c967b2-de4d-5ac1-859c-a15cb11b7638
TenantIdTenant Id6babcaad-604b-40ac-a9d7-9fd97c0b779f
TenantName

Tenant Name

ACME

Fqdn

The following example is JSON returned by the Shopping client when the Fqdn API call is made by Windows Servicing Assistant and 1E Virtual Assistant. Details are shown in the 1E.Client.log.

You can test this by entering  http://localhost:8000/ShoppingClientAgent/MachineInfo/Fqdn  into a browser. 

{"Fqdn":"1EUKCOL1184.ACME.local"}

Checking loopback exemption on Microsoft Edge and Metro Internet Explorer browsers

The following is valid only for Windows 8, 8.1, 10 and Windows Server 2012 R2 and later.

When LoopbackExemptionEnabled=true the Shopping client will create exemptions for installed browsers on startup, and delete them when shutting down.

To check or verify exemptions, open a   command-prompt as administrator  on the computer you want to check, then run the following command.

CheckNetIsolation LoopbackExempt -s

Output should be:

If either of these items are missing, you can manually add them by executing the following commands. Quotes may be required around the name of the app.

For IE: 

CheckNetIsolation LoopbackExempt -a -n=windows_ie_ac_001

For Edge:

CheckNetIsolation LoopbackExempt -a -n=Microsoft.MicrosoftEdge_8wekyb3d8bbwe

Removing

To remove an individual exemption, use -d instead of -a, for example:

CheckNetIsolation LoopbackExempt -d -n=Microsoft.MicrosoftEdge_8wekyb3d8bbwe

The exemption from loopback restrictions can also be removed for all installed apps by using the following command:

CheckNetIsolation LoopbackExempt –c

More information

For more information from Microsoft about CheckNetIsolation please refer to: https://docs.microsoft.com/en-us/previous-versions/windows/apps/hh780593(v=win.10).