Can't login to CP after 9.0.1 to 9.2.X?

[PSCGi]

Simple upgrade to allegedly 9.2.1 - right? FC8, basic machine.

Did it via the CP, like usual anymore it kept telling me that even
though it worked - there's another update. I've long learned to
use the Autoinstaller to go do updates to ensure that flag is turned
off. Did it here, system showed something needing to be updated
and that worked.

Rebooted the server - no more CP?

I get the title strip, then I get only a CONTINUE button in the
white area below the title strip. Regardless if I click on that or
just let it sit - I get a timeout error on a page. I've checked the
page, not sure why this is going on but has anyone else hit this
wall?

Am I editing code somewhere to fix it? How do you rollback the
Autoinstaller to attempt to even deal with it? And I just did the
AI again, it says it found 18MB of updates - STILL no resolution!

Open to anyone with serious clues on this, the forums have been
jacked around enough that I can't seem to find any historical
info to even help me from previous editions BUT all I had to read
dealing with the 9.0.X fiasco, I never remember seeing anything
like this.

Thanks!

 

[PSCGi]

Interesting... now I'm answering myself?

So finally I make the determination that Parallels has done the impossible -
found a way to totally alienate everyone! Change things without a word
edgewise, foul up more in one revision (the 9.X series) and keep it up. Why?

Turns out we've used Port 8443 since... forever. NOW, with the 9.2.1
version and allegedly the addition of Global Login junk, suddenly without
any warning we're also using Port 11444? WHY?

So most of my clients have been screaming at me constantly over the
problems and even I was totally confused because we're all timing out on
all the types of browsers. One issue with uncertified junk, but it all comes
around to the fact that we're 'relaying' off Port 11444 to still use a CP at
8443. And because 11444 is a totally new and non-standard port, virtually
everyone blocks it!

We had it blocked in our APF setup, by default it'd be on the Plesk Firewall
unless they re-wrote that in an update and just decided not to tell us until
we paid the $75 per incident. My clients, many running firewalls, have that
port blocked by default AND many won't change!

So what's the answer here? I'm sick and tired of getting the 'pay us for a
support ticket' answer to every last thing, they've bought up and trashed
Ensim for good so we're stuck unless we want to take major steps backwards
and go the hard route our Clients don't understand. Hundreds of manhours
of manuals, retraining, rewriting and more to jump to a REAL OS instead of
one that's totally profit driven to even use the thing.

Is there even a workaround for this? Why is it hitting off the 11444 port
in the first place?

 

[Denis Sirochenko]

Hello,

Port 11444 is used for Single Sign-On feature since Plesk version 9.0. A full list of ports used by Plesk can be found in the following Knowledge Base article:

http://kb.odin.com/en/391

Probably you choose to use SSO while upgrading to 9.2.1. You can always check whether SSO is on by running

/usr/local/psa/bin/sso -g

Regards,

Denis.

 

[PSCGi]

Thanks for the pointer, but...

Actually notice that's April 20th, 2009? 9.0 and 9.1 were BEFORE that
particular date. So this is more 'mopping up' without any real notification
from Parallels that it was being used. As mentioned it's also a non-standard
port! None of the Firewalls out there really even recognize it's usage for
Plesk, while many have 8443 in as a standard to check on before opening
or blocking it.

So this is NEW AND UNANNOUNCED, like way too much in 9.X meant to
cause problems and create paid trouble tickets to generate revenue. Don't
kid yourself if you think otherwise.

And we chose - nothing - at all. When I upgraded from 9.1.X to 9.2.1
it then asked me immediately about using an SSO but not 'Would you like
to start using this?' - it was MANDATORY. And how'd I find that? Only
after opening up 11444 so I could even get the CP pages with the setup
for SSO! So as I said, rigged - heavily. Notice would have been nice.

Now I had the KB article that referenced ALL of the ports used and I
hate to say it - those two weren't there. Still didn't know about 11443
until you just pointed it out! I had to look that KB piece up to configure
APF after being forced to an onboard software firewall because the Plesk
version needs to be taken out back and shot. Period. Junk. Barely
configurable for someone who has at least a small clue of how to run a
server or whole farm, etc. and worthless. Ultimate would be an external
or card-based version, but APF's the best for onboard.

Now, that means when I was forced to that in the end on March as
I recall specifically, that new KB article wasn't there NOR was those
two new ports and we were well into 9.1.X!!! So 'since 9.0' is a nice
CYA fantasy of someone's at Parallels once again trying to deflect by
cleaning something up making it appear as if it were there the whole
time. If it was in the 9.X docs that I made myself nauseated reading
over and over again trying to un*@#& what upgrading from 8.6.X to
9.X did - it's so tiny or made so unimportant that I went right over the
stupid thing. And then why wouldn't it have been in the Plesk firewall
I just gelded? Why not have it in the 9.X updates so that I'd have found
it in the firewall list I transferred into APF?

Why? NOT THERE!

These lies and this junk for $$ are making me sick and borderline
wasting the manhours and thousands of dollars it's going to take to
get the hell away from anything Parallels produces. And I'm so far
along the way there - one more stupid incident like this and I'm gone.

Thanks for trashing Ensim, Parallels! You're like the Interland plague!

 

[m0rpheu5]

same problem here, did you get any solution, could you tell me?

 

[PSCGi]

Well actually we completely abandoned Parallel's products. Gone, done with the **** and the lousy services and support, the buggy patches and insane upgrades that never work. Garbage, every last bit of it and our sanity levels have returned since getting over that hump. Just a sick joke.

Turned out the problem here is related to the browsers and crappy coding by Parallels on these versions! Once you get to 9.2.X - they have that relay garbage that doesn't work.

You have to open that port on ALL related PCs, routers and networks first to ensure it'll fly, then ONLY use IE7 or IE8 in the backwards compatibility mode. Chrome, Firefox and Safari will have issues with this and drive you nuts. You need IE's 'permissions bar' to show up to allow pages with normally restricted content to appear and the way the others are set up they block naturally and don't make it easy to unblock like IE does. Not that I'm an IE fan either, but it works...

IE 6 WON'T do the trick. IE7's borderline and IE8 seems OK but compatibility mode for your access and CP domains has to be on otherwise the icons are all over hell! I get not planning for IE8 on the release, but this totally unannounced reformatting of the CP's to screw not only us but our Clients into giant bitchfests is outrageous.

If this doesn't make it up or stay, it'll be Parallel's infamous CYA manuever because I'm moderated for some reason. Probably because Plesk/SWSoft/Parallels in the last couple of years has not only trashed Plesk beyond reason but then sucked up Ensim and made sure that was junk so they were all that was left. Great way to alienate everyone so whoever has something decent to replace it succeeds you morons!

My first advice - run, run away. Use the workaround to get your stuff but get away from Plesk as fast as you can unless you want to end up in an ER or ICU and lose your business.

 

[m0rpheu5]

what control panel are you using now?

 

[PSCGi]

Nothing... straight Linux and we've broken sites down individually and had to let some that clients required CP's go. Otherwise we wasted more manhours and money supporting them and being unable to do anything than we are just putting it straight back on us. I'm open for another CP/OS really bad, Ensim's gone now and Plesk has been trashed for good after serious improvements. There's some cheapy stuff out there, works OK, but not like these power panels do. And then you're stuck with your HSP only supporting Plesk at their datacenters. That or blank Linux OR the dreaded Windows IIS disasters and security patches.

 

[Spyder]

There is some clue about how to solve this issue ?? about simple continue .. timeout ... no login issue ??

BTW,, the sso is running ok, but every time I try login .. I only get the continue button..

 

[m0rpheu5]

i don´t know what happen, the control panel start to open ok now, but when the problem happens, i click in continue, nothing happens, or i get time out.

 

[PSCGi]

Exqueeze me?

What, you can't read? It was already explained above. Compatibility issues,
get the right thing and get around it. The IE's with at least 7 or 8 in the
compatibility mode and allow the security blocks to pass fix the problem. All
the other browsers aren't compatible and end up at CONTINUE.

There, that's short for ya since the rest seemed to be too long to bother with?

Bottom line is that Parallel's wrote garbage without proper testing which has
been a theme in the 9.X's EVEN THOUGH there was a beta test group?? Should
have save that time and left it as it was with 8.X and 7.X - least those worked
without crippling someone's operations totally for hours into days into weeks!

 

[PSCGi]

i don´t know what happen, the control panel start to open ok now, but when the problem happens, i click in continue, nothing happens, or i get time out.

Again... it's your browser and security settings. You have to open the other port that's like 11289 or something (check your URL, it's in there with the 'relay' bit. Not only do you have to use IE 7 or 8 so that you can change these settings easily, but IE8's almost required in Compatibility Mode in order for the stupid CP pages inside to even lay out right!!

You have to add that port to your firewall, it's normally blocked. You also have to add your web server's domain names to your 'Safe Sites' part of your browser so that it doesn't hit the security walls. By default IE also has things blocked in Internet Options for running or relaying pages, so you need a browser that gets the drop-down bar saying 'IE has blocked...' so you can mark the 'allow all the time' option to make it mostly stop.

It was going to 8443, which a vast majority of firewalls and such know about and allow by default. If you run Plesk's firewall, the morons didn't even change the 11### port there!!! If you run APF or an external card firewall - both won't allow the 11### port either. The CP's are trying to get in on 8443, but the new code - apparently from the Global Login bit - redirects you to like 11### and then BACK to 8443! If the other port is blocked, you get the error.

Once you're over that hump, then you have to deal with the browser settings. Regardless of home much you love Chrome - it WILL NOT work with it because you can't configure what's needed to get around it. Regardless of how much you love Safari - SAME THING! And Firefox has more configurations, I haven't tried 3.5 yet to see if it'll work or not but the 2.X and 3.X versions prior to that WILL NOT WORK EITHER.

So it's gotta be IE, pain the butt that it all is. We tried everything else every which way - only IE8 in Compatibility Mode worked every time AFTER we un-firewalled the 11### port and then put our main CP domain into the Safe category in Internet Options and turned off all the Active X blocking and all of that. We left it on for a few other reasons and ended up every time we FIRST got to the CP - we had a drop-down box to approve allowing our CP site to show unauthorized images, etc.

If you do ANYTHING else - expect the Continue button problem. You can SSH in, FTP in, etc. but not the Control Panel.

It's that simple. Or not, but thank Parallels for that. Or pay them $75 per incident to tell you the same thing but not that they caused this in the first place and never fixed it.

That's why we no longer touch any Parallels product.

 

[Maria m]

i don´t know what happen, the control panel start to open ok now, but when the problem happens, i click in continue, nothing happens, or i get time out.

Try:
/usr/local/psa/bin/sso -d