1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Can't login to CP after 9.0.1 to 9.2.X?

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by PSCGi, May 11, 2009.

  1. PSCGi

    PSCGi Guest

    Simple upgrade to allegedly 9.2.1 - right? FC8, basic machine.

    Did it via the CP, like usual anymore it kept telling me that even
    though it worked - there's another update. I've long learned to
    use the Autoinstaller to go do updates to ensure that flag is turned
    off. Did it here, system showed something needing to be updated
    and that worked.

    Rebooted the server - no more CP?

    I get the title strip, then I get only a CONTINUE button in the
    white area below the title strip. Regardless if I click on that or
    just let it sit - I get a timeout error on a page. I've checked the
    page, not sure why this is going on but has anyone else hit this

    Am I editing code somewhere to fix it? How do you rollback the
    Autoinstaller to attempt to even deal with it? And I just did the
    AI again, it says it found 18MB of updates - STILL no resolution!

    Open to anyone with serious clues on this, the forums have been
    jacked around enough that I can't seem to find any historical
    info to even help me from previous editions BUT all I had to read
    dealing with the 9.0.X fiasco, I never remember seeing anything
    like this.

  2. PSCGi

    PSCGi Guest

    Interesting... now I'm answering myself?

    So finally I make the determination that Parallels has done the impossible -
    found a way to totally alienate everyone! Change things without a word
    edgewise, foul up more in one revision (the 9.X series) and keep it up. Why?

    Turns out we've used Port 8443 since... forever. NOW, with the 9.2.1
    version and allegedly the addition of Global Login junk, suddenly without
    any warning we're also using Port 11444? WHY?

    So most of my clients have been screaming at me constantly over the
    problems and even I was totally confused because we're all timing out on
    all the types of browsers. One issue with uncertified junk, but it all comes
    around to the fact that we're 'relaying' off Port 11444 to still use a CP at
    8443. And because 11444 is a totally new and non-standard port, virtually
    everyone blocks it!

    We had it blocked in our APF setup, by default it'd be on the Plesk Firewall
    unless they re-wrote that in an update and just decided not to tell us until
    we paid the $75 per incident. My clients, many running firewalls, have that
    port blocked by default AND many won't change!

    So what's the answer here? I'm sick and tired of getting the 'pay us for a
    support ticket' answer to every last thing, they've bought up and trashed
    Ensim for good so we're stuck unless we want to take major steps backwards
    and go the hard route our Clients don't understand. Hundreds of manhours
    of manuals, retraining, rewriting and more to jump to a REAL OS instead of
    one that's totally profit driven to even use the thing.

    Is there even a workaround for this? Why is it hitting off the 11444 port
    in the first place?
  3. Denis Sirochenko

    Denis Sirochenko Guest


    Port 11444 is used for Single Sign-On feature since Plesk version 9.0. A full list of ports used by Plesk can be found in the following Knowledge Base article:


    Probably you choose to use SSO while upgrading to 9.2.1. You can always check whether SSO is on by running

    /usr/local/psa/bin/sso -g


  4. PSCGi

    PSCGi Guest

    Thanks for the pointer, but...

    Actually notice that's April 20th, 2009? 9.0 and 9.1 were BEFORE that
    particular date. So this is more 'mopping up' without any real notification
    from Parallels that it was being used. As mentioned it's also a non-standard
    port! None of the Firewalls out there really even recognize it's usage for
    Plesk, while many have 8443 in as a standard to check on before opening
    or blocking it.

    So this is NEW AND UNANNOUNCED, like way too much in 9.X meant to
    cause problems and create paid trouble tickets to generate revenue. Don't
    kid yourself if you think otherwise.

    And we chose - nothing - at all. When I upgraded from 9.1.X to 9.2.1
    it then asked me immediately about using an SSO but not 'Would you like
    to start using this?' - it was MANDATORY. And how'd I find that? Only
    after opening up 11444 so I could even get the CP pages with the setup
    for SSO! So as I said, rigged - heavily. Notice would have been nice.

    Now I had the KB article that referenced ALL of the ports used and I
    hate to say it - those two weren't there. Still didn't know about 11443
    until you just pointed it out! I had to look that KB piece up to configure
    APF after being forced to an onboard software firewall because the Plesk
    version needs to be taken out back and shot. Period. Junk. Barely
    configurable for someone who has at least a small clue of how to run a
    server or whole farm, etc. and worthless. Ultimate would be an external
    or card-based version, but APF's the best for onboard.

    Now, that means when I was forced to that in the end on March as
    I recall specifically, that new KB article wasn't there NOR was those
    two new ports and we were well into 9.1.X!!! So 'since 9.0' is a nice
    CYA fantasy of someone's at Parallels once again trying to deflect by
    cleaning something up making it appear as if it were there the whole
    time. If it was in the 9.X docs that I made myself nauseated reading
    over and over again trying to un*@#& what upgrading from 8.6.X to
    9.X did - it's so tiny or made so unimportant that I went right over the
    stupid thing. And then why wouldn't it have been in the Plesk firewall
    I just gelded? Why not have it in the 9.X updates so that I'd have found
    it in the firewall list I transferred into APF?

    Why? NOT THERE!

    These lies and this junk for $$ are making me sick and borderline
    wasting the manhours and thousands of dollars it's going to take to
    get the hell away from anything Parallels produces. And I'm so far
    along the way there - one more stupid incident like this and I'm gone.

    Thanks for trashing Ensim, Parallels! You're like the Interland plague!
  5. m0rpheu5

    m0rpheu5 Regular Pleskian

    Jul 1, 2008
    Likes Received:
    same problem here, did you get any solution, could you tell me?
  6. PSCGi

    PSCGi Guest

    Well actually we completely abandoned Parallel's products. Gone, done with the **** and the lousy services and support, the buggy patches and insane upgrades that never work. Garbage, every last bit of it and our sanity levels have returned since getting over that hump. Just a sick joke.

    Turned out the problem here is related to the browsers and crappy coding by Parallels on these versions! Once you get to 9.2.X - they have that relay garbage that doesn't work.

    You have to open that port on ALL related PCs, routers and networks first to ensure it'll fly, then ONLY use IE7 or IE8 in the backwards compatibility mode. Chrome, Firefox and Safari will have issues with this and drive you nuts. You need IE's 'permissions bar' to show up to allow pages with normally restricted content to appear and the way the others are set up they block naturally and don't make it easy to unblock like IE does. Not that I'm an IE fan either, but it works...

    IE 6 WON'T do the trick. IE7's borderline and IE8 seems OK but compatibility mode for your access and CP domains has to be on otherwise the icons are all over hell! I get not planning for IE8 on the release, but this totally unannounced reformatting of the CP's to screw not only us but our Clients into giant bitchfests is outrageous.

    If this doesn't make it up or stay, it'll be Parallel's infamous CYA manuever because I'm moderated for some reason. Probably because Plesk/SWSoft/Parallels in the last couple of years has not only trashed Plesk beyond reason but then sucked up Ensim and made sure that was junk so they were all that was left. Great way to alienate everyone so whoever has something decent to replace it succeeds you morons!

    My first advice - run, run away. Use the workaround to get your stuff but get away from Plesk as fast as you can unless you want to end up in an ER or ICU and lose your business.
  7. m0rpheu5

    m0rpheu5 Regular Pleskian

    Jul 1, 2008
    Likes Received:
    what control panel are you using now?
  8. PSCGi

    PSCGi Guest

    Nothing... straight Linux and we've broken sites down individually and had to let some that clients required CP's go. Otherwise we wasted more manhours and money supporting them and being unable to do anything than we are just putting it straight back on us. I'm open for another CP/OS really bad, Ensim's gone now and Plesk has been trashed for good after serious improvements. There's some cheapy stuff out there, works OK, but not like these power panels do. And then you're stuck with your HSP only supporting Plesk at their datacenters. That or blank Linux OR the dreaded Windows IIS disasters and security patches.
  9. Spyder

    Spyder Regular Pleskian

    Jan 13, 2003
    Likes Received:
    There is some clue about how to solve this issue ?? about simple continue .. timeout ... no login issue ??

    BTW,, the sso is running ok, but every time I try login .. I only get the continue button.. :(
  10. m0rpheu5

    m0rpheu5 Regular Pleskian

    Jul 1, 2008
    Likes Received:
    i don´t know what happen, the control panel start to open ok now, but when the problem happens, i click in continue, nothing happens, or i get time out.
  11. PSCGi

    PSCGi Guest

    Exqueeze me?

    What, you can't read? It was already explained above. Compatibility issues,
    get the right thing and get around it. The IE's with at least 7 or 8 in the
    compatibility mode and allow the security blocks to pass fix the problem. All
    the other browsers aren't compatible and end up at CONTINUE.

    There, that's short for ya since the rest seemed to be too long to bother with?

    Bottom line is that Parallel's wrote garbage without proper testing which has
    been a theme in the 9.X's EVEN THOUGH there was a beta test group?? Should
    have save that time and left it as it was with 8.X and 7.X - least those worked
    without crippling someone's operations totally for hours into days into weeks!
  12. PSCGi

    PSCGi Guest

    Again... it's your browser and security settings. You have to open the other port that's like 11289 or something (check your URL, it's in there with the 'relay' bit. Not only do you have to use IE 7 or 8 so that you can change these settings easily, but IE8's almost required in Compatibility Mode in order for the stupid CP pages inside to even lay out right!!

    You have to add that port to your firewall, it's normally blocked. You also have to add your web server's domain names to your 'Safe Sites' part of your browser so that it doesn't hit the security walls. By default IE also has things blocked in Internet Options for running or relaying pages, so you need a browser that gets the drop-down bar saying 'IE has blocked...' so you can mark the 'allow all the time' option to make it mostly stop.

    It was going to 8443, which a vast majority of firewalls and such know about and allow by default. If you run Plesk's firewall, the morons didn't even change the 11### port there!!! If you run APF or an external card firewall - both won't allow the 11### port either. The CP's are trying to get in on 8443, but the new code - apparently from the Global Login bit - redirects you to like 11### and then BACK to 8443! If the other port is blocked, you get the error.

    Once you're over that hump, then you have to deal with the browser settings. Regardless of home much you love Chrome - it WILL NOT work with it because you can't configure what's needed to get around it. Regardless of how much you love Safari - SAME THING! And Firefox has more configurations, I haven't tried 3.5 yet to see if it'll work or not but the 2.X and 3.X versions prior to that WILL NOT WORK EITHER.

    So it's gotta be IE, pain the butt that it all is. We tried everything else every which way - only IE8 in Compatibility Mode worked every time AFTER we un-firewalled the 11### port and then put our main CP domain into the Safe category in Internet Options and turned off all the Active X blocking and all of that. We left it on for a few other reasons and ended up every time we FIRST got to the CP - we had a drop-down box to approve allowing our CP site to show unauthorized images, etc.

    If you do ANYTHING else - expect the Continue button problem. You can SSH in, FTP in, etc. but not the Control Panel.

    It's that simple. Or not, but thank Parallels for that. Or pay them $75 per incident to tell you the same thing but not that they caused this in the first place and never fixed it.

    That's why we no longer touch any Parallels product.
  13. Maria m

    Maria m Guest


    /usr/local/psa/bin/sso -d