Resolution
goal
How do I set VigilEnt Policy Center to run with a Microsoft IIS server?
goal
Will VigilEnt Policy Center support Microsoft IIS?
fact
VigilEnt Policy Center 2.x
fact
VigilEnt Policy Center 3.x
fact
VigilEnt Policy Center 4.x
fact
VigilEnt Policy Center 5.x
fix
Authentication is accomplished with the VigilEnt Policy Center built-in authentication mechanism using IDs stored in a local database and the Microsoft Internet Information Server (IIS) authentication of users against the Microsoft Windows NT domain account.
To set VigilEnt Policy Center to run with an IIS server, follow these steps:
1. Locate the following file using Windows Explorer:
install_directory\bin\iis\i386\tomcat_iis.reg
2. Register the IIS registry settings by double-clicking the tomcat_iis.reg file, and then click Yes. The registry is initialized with values needed by IIS to run the VigilEnt Policy Center server. VigilEnt Policy Center displays a verification message.
3. Click OK.
4. Open IIS Internet Service Manager and make the following additions:
a. Create a virtual directory, named jakarta, on the default Web site and assign the following parameters:
? Physical path: install_directory\bin\iis\i386\
? Permissions: execute
Note: In the following task, install_directory is the directory where VigilEnt Policy Center resides. The default location is C:\Program Files\NetIQ\VigilEnt Policy Center.
Note: Verify that the virtual directory information is in the proper case. Be sure to capitalize ?V? and ?A? in /VpcAdmin in Step b.
b. Create a virtual directory, named VpcAdmin, on the default Web site and assign the following parameters:
? Physical path: install_directory\server\webapps\VpcAdmin
? Permissions: read
? Default documents: index.html
c. Create a virtual directory, named policy, on the default Web site and assign the following parameters:
? Physical path: install_directory\server\webapps\policy
? Permissions: read
? Default documents: index.html
d. Add install_directory\bin\iis\i386\isapi_redirector.dll as an ISAPI filter on the default Web site, and assign the name jakarta.
e. Right-click jakarta, and then click Properties. The computer displays the jakarta Properties dialog box.
f. Click Directory Security, and click Edit.
g. Clear the Anonymous access check box, and click OK. (Be sure you have selected the Integrated Windows Authentication check box.)
h. Right-click policy, and then click Properties. The computer displays the policy Properties dialog box.
i. Click Directory Security, and then click Edit.
j. Clear the Anonymous access check box, and click OK. (Be sure you have selected the Integrated Windows Authentication check box.)
k. Right-click VpcAdmin, and then click Properties. The computer displays the VpcAdmin Properties dialog box.
l. Click Directory Security, and then click Edit.
m. Clear the Anonymous access check box, and then click OK. (Be sure you have selected the Integrated Windows Authentication check box.)
5. Restart the IISAdmin service.
6. Restart the World Wide Web Publishing service. You can access the Administration Site and User Site through the default Web site port (80) instead of through port 8080:
//localhost/VpcAdmin instead of //localhost:8080/VpcAdmin
If you are running Internet Information Services (IIS) 6.0 or later, add Jakarta as a new Web service extension:
1. In IIS Manager, select Web Service Extensions.
2. In the Details pane, click Add a new Web service extension.
3. For Extension Name, enter the name of the new Web service extension, Jakarta.
4. Click Add.
5. Enter the path <install folder>\bin\iis\i386\isapi_redirector.dll.
6. Click OK.
7. Click Set extension status to Allowed.
8. Click OK.
9. Restart the IISAdmin service.
10. Restart the World Wide Web Publishing service.
Once you complete these configuration steps, configure the VigilEnt Policy Center. For more information, see the NetIQ Knowledge Base article NETIQKB25454: "How do I configure VigilEnt Policy Center for automatic user authentication?" at https://www.netiq.com/kb/esupport/consumer/esupport.asp?id=NETIQKB25454