Installing Vovici EFM Community September 2007...

Installing Vovici EFM Community Version 2.20 on Windows 2003 Server

September 2007

For support, contact Vovici Technical Support. Please contact Vovici Technical Support if you believe any of the information shown here is incorrect. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Vovici.

EFM Community 2.20 Installation Guide for Windows 2003 Server

- 2 -

© 2007 Vovici. All other company and product names are trademarks or registered trademarks of their respective holders. This Document Was Printed in the United States of America. V 2.20.05


- 3 -

Table of Contents

Setup .................................................................................................................................................5 Installing Prerequisites ....................................................................................................................6 Software Requirements.....................................................................................................................6 Installing EFM Community ..............................................................................................................7

A. Download EFM Community 2.20.......................................................................................... 7 B. Running the Installer .............................................................................................................. 8 C. Configuring Database Connections...................................................................................... 10 D. Creating an Administrator User Account............................................................................. 14

Add the Administrator User Account.................................................................................... 14 Workgroups........................................................................................................................... 14

E. System Options..................................................................................................................... 16 Mail Setup ............................................................................................................................. 16 Password Security ................................................................................................................ 17 System Administrator............................................................................................................ 18

F. Configuring EFM Community Groups................................................................................. 19 Appendix: .......................................................................................................................................20

1. Determining the web server root in IIS:................................................................................ 20 2. Permissions: .......................................................................................................................... 21

A. Windows Authentication Permissions .............................................................................. 22 B. SurveySolutions/EFM Authentication Permissions .......................................................... 25

3. ASP.NET Framework ........................................................................................................... 29 4. Troubleshooting and Best Practices ...................................................................................... 30


- 4 -


- 5 -

Setup EFM Community can be installed on a single server machine, or on a separate App Server and a Web Server. See the sample diagram below:

A Database Server is required that must also be available to save the survey responses (The Database Server can also be on the same machine that EFM Community is installed on). Before EFM Community can be installed, the database must be configured with a user that should have permission to create, update, and delete tables and rows in the database. When running the EFM Community installer on the Application Server, the user must be logged into Windows as a Local Administrator account (Not a Domain Administrator) in order for the installer to be able to apply permissions correctly. If this is not the case the permissions must be assigned manually after Section B is completed and before Section C is run. It is always recommended that the permissions be verified before proceeding to Section C, since security settings on the Application Server may prevent the installer from assigning valid permissions.


- 6 -

Web Service Extensions Inside IIS the ASP.NET Web Service Extension must be set to Allow in order for EFM Community to function properly. Follow the steps below to achieve this:

1. Open IIS 2. Click Web Service Extensions 3. Highlight ASP.NET 4. Click Allow

Installing Prerequisites Perseus EFM Community requires the following application to be installed on the App server that will host it. Note: Perseus EFM Community will not function correctly unless the prerequisite is installed before continuing the EFM Community install process.

• Microsoft .NET Framework (version 1.1.4322: EFM Community currently does not have support for version 2.0 at this time)

Available at : http://www.microsoft.com/downloads/details.aspx?FamilyID=262d25e3-f589-4842-8157-034d1e7cf3a3

• Service Pack 1 for Windows 2003 Server must be installed and the server re-started before the installation of EFM Community can begin.

Software Requirements The software requirements for SurveySolutions®/EFM 2.x can be found at the URL below: http://download.perseus.com/support/ss_efm_v2_2_sys_requirements.pdf This is in addition to the requirements and prerequisites listed earlier in this document.

http://www.microsoft.com/downloads/details.aspx?FamilyID=262d25e3-f589-

http://download.perseus.com/support/ss_efm_v2_2_sys_requirements.pdf


- 7 -

Installing EFM Community Please follow the steps below to install and configure EFM Community.

A. Download EFM Community 2.20 To being the installation process, please perform the following steps:

1. Downloading EFM Community requires a username and password that will be provided by our Sales Engineering Department. Please contact them at mailto:[email protected] or (781)848-8100 x 410 for assistance downloading and installing EFM Community. Our technicians will prove invaluable in assisting the server configuration and EFM Community installation.

2. In a web browser, navigate to the following URL: http://vovici.com/downloads/comm/2_2/SurveySolutionsEFM.exe

3. Click Save (Steps 3, 4, and 5 refer specifically to Microsoft Internet Explorer and may be different on other browsers.)

4. Choose a local directory to save the installer in. Make a note of this directory. 5. Click Save to begin downloading the installer.

Once the download is complete, proceed to the next section.

mailto:[email protected]

http://vovici.com/downloads/comm/2_2/SurveySolutionsEFM.exe


- 8 -

B. Running the Installer Once the installer has been downloaded, locate the file (SurveySolutionsEFM.exe) and follow the steps below to unzip it and begin the installation.

1. Double click on the file. 2. Click Setup to begin unzipping the file.

Note: The version of the EFM Community installer can be found if you click About inside the installer. This is the version of the installer not the application itself and can help our Sales Engineers and/or Technical Support staff discover which version of the software is being installed.

3. Once the files have been unzipped, the InstallShield Wizard will start. 4. Click Next on the first page. 5. This will display the License Agreement page. If it is acceptable, select the “I accept the

terms in the license agreement” option. 6. Click Next. 7. Enter a User Name and Organization. 8. Set the installation for all users or the user that is currently logged in. 9. Click Next. 10. The Destination Folder, by default, will be set to C:\Inetpub\wwwroot\Perseus\

If this is acceptable, click Next. Otherwise specify a different folder that is within the server's IIS web root directory. The document root can be determined by following the steps outlined in the Appendix.

11. Select the website to create a Virtual Directory from the dropdown list. Enter a name for the Virtual Directory. Ensure that the virtual directory name is not already in use as a web site name or virtual directory name on the server.

• This directory will be the directory that users will access in order to use EFM Community

For example, http://servername/perseus Note: perseus is the default name for the virtual directory.

12. On the Product Options step choose either Windows Authentication (Active Directory) or SurveySolutions/EFM Authentication.

• Windows Authentication will use the Windows Active Directory as a list of valid users. If every user who will be using EFM Community is a member of the same domain, this is the optimal option. Integrated Windows Authentication should be enabled inside IIS, to authenticate the user before they can access EFM Community in this Authentication mode. There are instructions for enabling this feature is in the Appendix.

• SurveySolutions/EFM Authentication is managed by the application itself: this is independent of any other application and the operating system.

Note: User IDs can still be imported from a Windows domain. The EFM Community Windows Service will be installed by default. It provides time-based services to users such as deployment of invitations, opening and closing of surveys, etc. It is highly recommended that you install the Perseus service because certain functions require this service to work properly.

http://servername/perseus


- 9 -

• Installing the service on multiple servers that are in a single web farm may result in duplicate invitations being sent. Installing on only one server in the farm will prevent this.

• Please contact Sales Engineering for other information regarding the installation of EFM Community on a web farm.

13. Click Install on the last page. 14. Click Finish after installation is complete. 15. If prompted, please Restart before continuing this installation procedure or EFM

Community will not function correctly. Note: The EFM Community installer file will check to see how many subfolders are underneath the AppData directory (Located within the Perseus Virtual Directory) and if it only finds the _default (which is included in the installation) directory listed it will automatically access the setupconfig.aspx script in a web browser. Otherwise the section at the beginning of Section C must be followed.


- 10 -

C. Configuring Database Connections Note: Please see the section in the Appendix regarding permissions before continuing. Once the machine has been restarted, enter the URL below in a web browser to access the EFM Community Administrative Portal. Note: Internet Explorer 5.5 or 6.0 is required to access the EFM Community Administrative Portal.

Depending on the authentication method designated in Section B, Step12 access to the EFM Community Administration Portal will be different:

SurveySolutions/EFM Authentication The first time the EFM Community 2.2 installer is run it is required that access be made on the server that EFM Community is installed on or by remotely connecting to it. The Administrative Portal will be accessed through the following URL: http://localhost/perseus/admin/default.aspx Note: If a virtual directory other than perseus was used in Section B, Step 11 above, replace perseus in the URL with the name of the virtual directory used. Attempting to access this URL from a different computer by changing “localhost” to the server’s name or IP will fail on all initial installations performed after SurveySolutions/EFM 2.1 Build 901 or later (earlier versions/builds did not have the ability for remote access) until the administrator account is enabled inside the EFM Community Administrative Portal. This is by design and is intended as an extra security feature.

Using Localhost on a Web Server Hosting Multiple Web Site In a web server hosting multiple web sites, in order to use localhost as a URL for a specific web site, a unique port needs to be assigned for localhost for that web site. The steps below explain how to do this. This example assumes the port will be 8080, but any viable port that IIS supports and is not currently in use will work.

1. Open IIS 2. Right click the web site that is being used to host SurveySolutions 3. Select Properties 4. Select the Web Site Tab 5. Click Advanced 6. Click Add 7. Leave the IP Address (All Unassigned) 8. Enter 8080 for the TCP Port 9. In the Host Header Name enter localhost 10. Click OK

http://localhost/perseus/admin/default.aspx


- 11 -

After the initial setup is configured you will be able to use an administrator account to access the EFM Community Administrative Portal remotely.

Windows Authentication If Windows Authentication was chosen access can be from any machine but the login to the machine will need to be a local system administrator (Not a Domain Administrator) on the EFM host application server. The Administrative Portal will be accessed through the following URL: http://server/perseus/admin/default.aspx Or via the server either locally or by remotely connecting to it: http://localhost/perseus/admin/default.aspx Note: If a virtual directory other than perseus was used in Section B, Step 11 above, replace perseus in the URL with the name of the virtual directory used. Attempting to access this URL from a different computer by changing “localhost” to the server’s name or IP will fail on all initial installations performed after SurveySolutions/EFM 2.1 Build 901 or later (earlier versions/builds did not have the ability for remote access) until the administrator account is enabled inside the EFM Community Administrative Portal. This is by design and is intended as an extra security feature.

Accessing the URL for the first time will display the Setup Database Connection page:

http://server/perseus/admin/default.aspx

http://localhost/perseus/admin/default.aspx


- 12 -

To configure the database connections, follow the steps below:

1. Step 1: Select the type of database server. 2. Step 2: Enter the Name or IP address of the server.

Use “localhost” if the App and database servers are the same. 3. Step3: Enter the Port number used to access the database server. 4. Step 4: Enter the Name of the database to store the survey data. This database will serve

as the Master Connection. Note: This database must be created manually and must exist before continuing. Please see the database server’s documentation for details.

5. Step 5: Enter the User name to connect to the database. Note: The user should have permission to create, update, and delete tables and rows in the database.

6. Step 6: Enter the user’s password. 7. Step 7: Enter a name for the default Workgroup. (It is recommended the name either

exactly match the name of the database used in Step 4 above or at the very least be easy to know which name corresponds later) When using a one-workgroup license of EFM Community, all users will need to be members of this workgroup.


- 13 -

Note: Please record the name of this Workgroup. If a problem occurs during the installation of EFM Community this information will be needed to properly re-connect EFM Community with the master database. 8. Click Setup

You will be prompted to select a password for the System Administrator account (Username will be: administrator). This account can be used after the initial setup is finished to access the EFM Community Administrative Portal remotely. If the above information was correct, the EFM Community Administrative Portal will be displayed (See image below). If not, please re-check the settings and try again.

Testing the tables in the Database Once the database connection has been setup, it is necessary to test the connection. These instructions begin at the EFM Community Administrative Portal:

1. Click Edit Connections 2. This will display all the database connections

3. Test each connection by clicking the icon 4. Finally, click the Run Table Setup button to run the table setup


- 14 -

D. Creating an Administrator User Account

Add the Administrator User Account This section explains how to add an Administrator Account to access EFM Community to complete the installation process.

1. Click Manage Users 2. Click Add User

a. Enter the following information: Step 1 is what the user will use to log in to EFM Community Step 2 is the name that will be displayed to other users when they are

referring to that user, such as viewing the user’s surveys, adding the user as a survey administrator, and inviting the user to a survey.

Step 3 is the e-mail address that EFM Community will contact that user at with invitations and other survey notifications.

Step 4a and 4b are optional: leaving these fields blank will force the user to change their passwords upon initial login.

3. Click Add to confirm Import user account If it is desired to import the Administrative user from a Windows Active Directory domain, instead of manually creating an account, follow the steps below:

1. Click Import 2. Enter the domain to search, and specify the username and password of a user with

permission to enumerate users in the domain (not necessarily the user to be added.) 3. A list of all users in the domain will be generated: check the box for the user to be added

to EFM Community. 4. Click Add Selected to add the user.

Information on adding other users and edit users can be found with the EFM Community Application Administration Guide.

Workgroups A Workgroup is a way to define collections of users that will want to collaborate in EFM Community. A user can quickly and easily share questionnaires and other data in his or her workgroup, allowing other users in the same workgroup to view, edit, and analyze the same data. Note: This section only applies to multiple-workgroup licenses of EFM Community. A user must have a default workgroup in order to log in: usually, this is the first workgroup that a user is assigned to, though this may be changed in Manage Users. To change the workgroup a user sees on login, change the default workgroup for that user. Note: A user may hold membership in more than one workgroup.


- 15 -

These instructions begin at the EFM Community Administrative Portal, which can be accessed via the URL used in Section C. Completing the initial database setup in step C will automatically open this page. Follow the steps below to Create a workgroup: Note: A single-workgroup license of EFM Community does not have the ability to create additional workgroups. Users will still need to be added to the default workgroup before they will be able to log in to the system.

1. Click Edit Connections 2. Click Add Workgroup 3. Enter the name of the new workgroup. 4. Enter the Name of the database to store the survey data.

Note: Each additional workgroup must be created on a separate data space on the same database server as the Master Connection.

5. Enter the user name and password of an account with permission to create, update, and delete rows and tables in that database.

6. Click Add Follow the steps below to Add the Administrative user to a workgroup:

1. Click Manage Workgroups 2. Select the name of the workgroup to be modified. 3. The users will appear in the All Users box. 4. To add a user, move the user from the All Users box to Workgroup Administrators and

Workgroup Users to add users to the selected workgroup. • A Workgroup Administrator has all of the privileges of a Workgroup User, but is

always able to access the data of other users in the workgroup even if it has not been explicitly shared. Accounts added as a Workgroup Administrator are automatically assigned the Security Role of Group Administration.

Note: A Workgroup Administrator is needed to complete the installation in Section F.


- 16 -

E. System Options System Options are used to define multiple global settings for the EFM Community environment. These settings are:

• Email settings for the E-mail Triggers feature. • Define the security level required for user accounts'

passwords. • Assign a password for the "Administrator" account that

allows for remote access of the EFM Community Administrative Portal.

Mail Setup Assign the e-mail settings for the Survey Engine to use, when the E-mail Triggers feature is used with the EFM Community application.

1. Click System Options 2. Enter the SMTP Server: Defines the (outgoing) email server used 3. Enter the SMTP Port: Specify the SMTP port for the SMTP server specified (On most

SMTP servers this is 25). 4. Enter the SMTP Time Out: The time in seconds that EFM Community will wait for a

response from the SMTP server (By default this value is usually 300). 5. Authentication - Define whether Authentication is used when sending email via the

SMTP Server specified or if Authentication is required. There are three options: a. None - Select if no Authentication is required.


- 17 -

b. Auth Login - A method of email Authentication that passes the username and password encrypted via base-64 encryption.

c. CRAM-MD5 - A method of email Authentication used by LDAP servers. The password is encrypted using the MD5 algorithm.

6. (Optional: Only entered if step 5 had either Auth Login or CRAM-MD5 selected) a. Account - Enter the Account to use during Authentication b. Password - Enter the Accounts password during Authentication

7. Invitation Control - Define the maximum number of invitations that can be sent out in a given number of minutes. This applies to all surveys in every Workgroup in the environment. This setting will vary from environment to environment as different hardware and network set configurations can radically affect the realistic upward limit on the number of invitations sent.

Tip: If 0 is entered for both values no limitation is in place and the application will attempt to send all invites to all participants specified under Select Participants.

Password Security Determine the security level of the passwords for all user accounts inside the EFM Community system.

• Require Strong Password - Force new passwords entered inside the EFM Community' Administrative Portal to fulfill three of the following five criteria:

• lowercase • uppercase • numbers • punctuation - Examples include ,.!'":; • Unicode

So a password of: T3stP2s5 would fulfill three of the five criteria. Since the password has a three lowercase letters, two capital letters and three numbers. As would a password of:

t,st9a5s This is a valid strong password since it contains 5 lowercase letters two numbers and one punctuation character.

• Minimum Password Length (Characters) - Determine the shortest possible password for all user accounts.


- 18 -

Select the desire settings and when you are done click Save to record them. Note: Accounts added via Active Directory do not have their passwords verified. Only the existence of the user name is checked. This is done because we assume that the account has been verified by Windows when they logged into their computer. This setting is enabled inside IIS as Note:d in the Appendix.

System Administrator Assign the password for the "administrator" user in order to access EFM Community' Administrative Portal remotely under the System Administrator tab.

When you are done click Save to enable the new password.


- 19 -

F. Configuring EFM Community Groups 1. Log into EFM Community with an account that has Group Administrator as its security

role, and is a member of every workgroup. Please see Section D for more information. a. The URL will, by default, be http://MACHINENAME/perseus where

MACHINENAME is the system name or fully-qualified domain name (such as www.perseus.com) of the server that EFM Community was installed on.

2. Click Group Administration 3. Click Configure Groups 4. Click the Publishing tab 5. By default the path to the EFM Community Survey Engine, se.ashx, should be in the

Survey Engine Path field but if it is not enter it. This file is located in the virtual directory specified earlier.

Note: This must be an absolute path that can be accessed by survey respondents, such as http://www.perseus.com/perseus/se.ashx instead of http://localhost/perseus/se.ashx 6. By default the root path for the current workgroup’s surveys should be auto-filled in the

Web Survey Location field (the current workgroup is listed at the top of the page, --- users may choose to publish into a sub-folder of this.

7. Confirm that the Local Publish Path exists and is readable and writable by the IIS_WPG account and by the account that the Default Application Pool runs as.

a. Alternatively, specify a UNC (SMB) share path or an FTP server name, account, and subfolder.

b. In all cases, the folder pointed to by the publisher should be the same folder referred to by the Web Survey Location so that files uploaded/saved to that FTP server subfolder, network share, or local directory are accessible at the Web Survey Location URL.

8. Click the Mail tab 9. Enter the location of a SMTP (Simple Mail Transfer Protocol) server. 10. If the server is an open SMTP server, select None in the Authentication section.

a. If the server requires authentication, choose the appropriate method of authentication and enter a username and password that can access the SMTP server.

11. Change the From Address to Other in order to have automatically-generated e-mails (including, but not limited to, invitations) always appear to be sent from the same address. By default, e-mails will appear to be from the survey owner.

12. Change the Reply To Address to Other in order to have replies to automatically-generated e-mails (including, but not limited to, invitations) always be directed to the same address. By default, replies will be directed to the survey owner.

13. Click Save Setup 14. Click Test Setup 15. In the Workgroup Banner at the top of the page change the Workgroup via the dropdown

list and repeat from step 2 for each workgroup. At this point EFM Community 2.2 is completely configured and ready for use.

http://MACHINENAME/perseus

http://www.perseus.com/perseus/se.ashx

http://localhost/perseus/se.ashx


- 20 -

Appendix:

1. Determining the web server root in IIS: The web server root can be checked under IIS by performing the following steps:

1. Open IIS 2. Right click the web site that is being used to host SurveySolutions 3. Select Properties 4. Click the Home Directory tab

Note: the path specified in the Local Path field


- 21 -

2. Permissions: EFM Community has two authentication modes:

• Windows authentication – IIS handles the authentication of the user and EFM Community verifies that the user was added to the list of authorized users under Manage Users in the Administrative Portal.

• SurveySolutions/EFM authentication – The authentication process is handled by EFM Community via users added under Manage Users in the Administrative Portal.

Each of the two authentication modes has a different set of permissions which must be allowed in order for EFM Community to function correctly. Both authentication modes still require the users to be added within Administrative Portal - Manage Users or within the application itself under Group Administration – Manage Users.


- 22 -

A. Windows Authentication Permissions The following permissions must be assigned after the EFM Community 2.2 installer has been run. In some environments it is possible that the installer does not have enough “privileges” to set the permissions as intended or something on the server has prevented the permissions from being applied.

I. Windows (NTFS) Permissions Network Service* Windows User

Accounts# Windows Service**

Perseus Virtual Directory

Read List

Read and Execute

Read List

None

AppData Full Control Read List

None

Surveys Full Control Read List

Read List

Write (Modify)

Reports Full Control Read List

None

Temporary ASP.NET Files##

Full Control N/A N/A

C:\Program Files\Perseus\EFM Windows Service

None None Read List

Read and Execute * - See the section regarding Determining the account running the default Application Pool. # - In certain IIS configurations (for example when Impersonation is enabled) all the domain users that will access EFM Community will need these permissions in order to access the product correctly. ## - This is a Microsoft .NET Framework created directory and whatever account runs the Application Pool needs to have access to it. Otherwise .NET applications will not function. Note: In some cases Write and Modify permissions might need to be assigned to these users over the AppData, Surveys and Reports subdirectories. It is recommended that a group be created containing all these users under Control Panels – Administrative Tools – Computer Management – Local Users and Groups. This will make assigning the permissions in Windows easier, but the group must be maintained every time a new user is added. ** See the section regarding Determining the account that the Windows Service runs as (On some servers Modify permissions might be needed for the Windows service to function properly) Note: It is advisable to verify that permissions have propagated down to files inside each of these directories for each account. In some cases child objects (files inside directories) are not allowed to receive permissions from the parent objects (directories).


- 23 -

II. IIS Permissions Permissions Perseus Virtual Directory

Read

AppData Read Write

Surveys Read Write

Reports Read Write

III. Determining the Application Pool used by EFM Community 1. Open IIS 2. Select the web site that is being used to host SurveySolutions 3. Right click the Perseus Virtual Directory folder (specified during the original installation,

typically called Perseus) 4. Select Properties 5. Select the Virtual Directory tab 6. Record the Application Pool setting at the bottom of the page.

IV. Determining the account that runs the Application Pool By default EFM Community is run by the default Application Pool but this varies. Please use the information listed above to determine the exact Application Pool. In IIS 6.0 the Account that the default Application Pool runs as is typically Network Service. This can be verified by doing the following:

1. Open IIS 2. Click the “+” next to Application Pools 3. Right click Default Application Pool 4. Select Properties 5. Select the Identify Tab 6. Record the username that is specified.

This is the account that needs the permissions labeled for the Network Solutions account in the Windows Permissions column.


- 24 -

V. Enable Integrated Windows authentication Integrated Windows authentication must be enabled inside IIS in order to attempt to login into SurveySolutions®/EFM using Windows Authentication. Note: Anonymous access must be disabled in order for Windows Authentication to function correctly. To Enable "Integrated Windows authentication" and disable "Anonymous access" in IIS follow the steps below:

1. Open IIS 2. Right click the Perseus Virtual Directory 3. Select Properties 4. Click the Directory Security tab 5. Click Edit 6. De-select (to disable) Anonymous access 7. Select (to enable) Integrated Windows authentication 8. Click OK twice

Note: Some networks require that Digest Authentication for Windows domain servers be checked in order for users to have access to all features within EFM Community.

VI. Determining the account that the Windows Service runs as The Windows Service used by EFM Community performs all the scheduled functions within the Schedule Events section of the main application. The only exception is if the Now lightning bolt icon is clicked under List view inside Schedule Events. This can be checked by doing the following:

1. Inside the Control Panel open Administrative Tools 2. Double-click (open) Services 3. Look for the Windows Service, it is typically named SS/EFM Windows Service and

right click it 4. Select Properties 5. Select the Login Tab

Note: the username that is specified. This account needs the permissions specified under the column Windows Services in order to open and close surveys.


- 25 -

B. SurveySolutions/EFM Authentication Permissions The following permissions must be assigned after the EFM Community 2.2 installer has been run. In some environments it is possible that the installer does not have enough “privileges” to set the permissions as intended or something on the server has prevented the permissions from being applied.

I. Windows NTFS Permissions Network Service* IIS_WPG# Windows Service** Perseus Virtual Directory

Read List

Read and Execute

Read List

None

AppData Full Control Read List

None

Surveys Full Control Read List

Read List

Write (Modify)

Reports Full Control Read List

None

Temporary ASP.NET Files##

Full Control N/A N/A

C:\Program Files\Perseus\EFM Windows Service

None None Read List

Read and Execute * - See the section regarding Determining the account running the default Application Pool. # - See the section regarding Determining the account that the web server runs as in IIS. ** See the section regarding Determining the account that the Windows Service runs as (On some servers Modify permissions might be needed for the Windows service to function properly) ## - This is a Microsoft .NET Framework created directory and whatever account runs the Application Pool needs to have access to it. Otherwise .NET applications will not function. Note: It is advisable to verify that permissions have propagated down to files inside each of these directories for each account. In some cases child objects (files inside directories) are not allowed to receive permissions from the parent objects (directories).

II. IIS Permissions Permissions Perseus Virtual Directory

Read

AppData Read Write

Surveys Read Write

Reports Read Write


- 26 -


- 27 -

III. Determining the Application Pool used by EFM Community 1. Open IIS 2. Select the web site that is being used to host SurveySolutions 3. Right click the Perseus Virtual Directory folder (specified during the original installation,

typically called Perseus) 4. Select Properties 5. Select the Virtual Directory tab 6. Record the Application Pool setting at the bottom of the page.

IV. Determining the account that runs the Application Pool By default EFM Community is run by the default Application Pool but this varies. Please use the information listed above to determine the exact Application Pool. In IIS 6.0 the Account that the default Application Pool runs as is typically Network Service. This can be verified by doing the following:

1. Open IIS 2. Click the “+” next to Application Pools 3. Right click Default Application Pool 4. Select Properties 5. Select the Identify Tab 6. Record the username that is specified.

This is the account that needs the permissions labeled for the Network Solutions account in the Windows Permissions column.

V. Determining the account that the web server runs as in IIS In IIS the Account that the Web Server runs as is typically IUSR_machinename or the IWAM_machinename account. This can be checked by doing the following:

1. Open IIS 2. Right click the web site that is being used to host SurveySolutions 3. Select Properties 4. Select the Directory Security Tab 5. Under “Anonymous access and authentication control” click Edit

Note: Please verify the username that is specified. If IUSR_machinename is listed sometimes this is not used when EFM Community is used, instead the IWAM_machinename account will be used by IIS. On Windows 2003 Server the IIS_WPG account is used in most scenarios instead of the IUSR_machinename account: both the IUSR and IWAM local machine accounts are included in the IIS_WPG account by Windows.


- 28 -

VI. Disable Integrated Windows authentication Anonymous access must be enabled in order for SurveySolutions/EFM Authentication to function correctly. Note: Integrated Windows authentication must be disabled inside IIS in order to attempt to login into SurveySolutions®/EFM using SurveySolutions/EFM Authentication. To Enable "Anonymous access" and disable "Integrated Windows authentication" in IIS follow the steps below:

1. Open IIS 2. Right click the Perseus Virtual Directory 3. Select Properties 4. Click the Directory Security tab 5. Click Edit 6. Select (to enable) Anonymous access 7. Deselect (to disable) Integrated Windows authentication 8. Click OK twice

VII. Determining the account that the Windows Service runs as The Windows Service used by EFM Community performs all the scheduled functions within the Schedule Events section of the main application. The only exception is if the Now lightning bolt icon is clicked under List view inside Schedule Events. This can be checked by doing the following:

6. Inside the Control Panel open Administrative Tools 7. Double-click (open) Services 8. Look for the Windows Service, it is typically named SS/EFM Windows Service and

right click it 9. Select Properties 10. Select the Login Tab

Note: the username that is specified. This account needs the permissions specified under the column Windows Services in order to open and close surveys.


- 29 -

3. ASP.NET Framework EFM Community 2.2 only works with version 1.1.4322 of the Microsoft ASP.NET Framework. Microsoft ASP.NET Framework 2.0 will not function. If both are installed on the Application Server inside IIS it is possible to enable the version 1.1.4322 over the version 2.0 by following the steps below:

1. Open IIS 2. Right click the Perseus Virtual Directory 3. Select Properties 4. Click the ASP.net tab 5. Select 1.1.4322 in the ASP.NET version dropdown box. 6. Click OK


- 30 -

4. Troubleshooting and Best Practices The following link is to the Best Practices and Troubleshooting Guide for EFM Community version 2.2: http://support.perseus.com/resources/2.20/en/bp_tr/ss_efm_troublesh_bp.htm This contains valuable recommendations on maintaining the server EFM Community is installed on as well as troubleshooting advice that should prove helpful.

http://support.perseus.com/resources/2.20/en/bp_tr/ss_efm_troublesh_bp.htm

Installing Vovici EFM Community September 2007...

Documents

Transcript of Installing Vovici EFM Community September 2007...