By Richard Fincher
I'm just trying out FMS17 on a virgin Windows Server Essentials 2016 install, which I do not plan to use for any other task except hosting FMS17.
I'm looking to switch off or block all ports and services which aren't needed for Filemaker Server. The ones I'm planning to open for FMS are 80, 443, 5003, 16000. The other ones which seem to be open separately from FMS are :
PORT STATE SERVICE
53/tcp open domain
88/tcp open kerberos-sec
135/tcp open msrpc
389/tcp open ldap
445/tcp open microsoft-ds
464/tcp open kpasswd5
593/tcp open http-rpc-epmap
636/tcp open ldapssl
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
3389/tcp open ms-wbt-server
I'll be placing IP restrictions on 3389 (for my RDP), regarding switching off the rest, it occurred to me that parts of the OS may need to use some of these services to do what they need to do (e.g. allow administrator to login to windows?)
Will be using a firewall external to windows itself, rather than the Microsoft firewall.
By Peter Wagemans
Because I have only 1 external IP address in the office here, I have set up a reverse proxy on my Sophos UTM 9 firewall, they call it WAF or Web Application Firewall. In this setup, you define a number of "real" web servers with their internal IP addresses, you also define a number of "virtual" web servers by DNS name m type ( http or https ) and port ( 80, 443, or whatever you would like). This works great if you want to host different web servers on different internal machines. BTW they are all VMs.
I also configured this for FileMaker Server, so everything https related is nicely routed to the fms machine. That also works great, apart from 1 small thing. The client complains about the certificate.
There is nothing wrong with the certificate, as this works fine when I connect to the server internally ( using the same DNS name of course ). Everything nicely green. It only goes wrong when contacting it externally.
FileMaker shows an error dialog that it cannot verify the identity of the server. See screen 1. When I click on "View Certificate" it shows perfectly fine certificates, as shown in screen 2, 3 and 4.
There must be something wrong with the way the firewall is implementing the reverse proxy. I think I configured it correctly: I am passing the host headers, and the virtual filemaker site is correctly associated with the wildcard certifcate, just like the regular virtual apache web site that I am running as well and which gives not problems whatsoever. Someone at the Sophos forum indicated that perhaps the firewall is inserting some certificate information that is not making FileMaker itself happy.
It appears to me that FileMaker is using 2 technologies here, one that is a custom FileMaker certificate client, which is detecting something it doesn't like, and the "View Certificate" dialog is almost certainly using standard system software ( webkit? ) and decides everything is fine. They are not agreeing with each other, that is for sure.
Are there any IT people on this forum who have set up something like this? Any help is very much appreciated.
I'm seeing a "FileMaker Script Engine process has terminated abnormally" error when I attempt to register modules on Filemaker Cloud 1.17 using Scriptmaster 5.1 Unfortunately, the database stops responding when it encounters this error, forcing me to close the database. I noticed a similar issue on the forum related to Filemaker Server 17 that was fixed in 5.1. Could there still be an issue for Filemaker Cloud 1.17?
EDIT: 5.09 works, as mentioned in my post below. I suggest that people use Scriptmaster 5.09 on Filemaker Cloud until this is fixed.
EDIT 2: There is potential to corrupt data if we attempt to close the database when it is not responding after attempting to register a module with Scriptmaster 5.1. It takes a while before Filemaker will close the database, and it warned me of possible corruption when I re-opened it and attempted to register another module. In testing, I wasn't able to replicate the issue after I sent a disconnect request for the Client thread running the module registration step and turned off Script Engine plugins until I saw the thread had been disconnected. I was able to install 5.09 afterward and confirm that scriptmaster was working once installed.
Sorts are taking too long for me on FileMaker Cloud.
A database solution on a local machine (no network) sorts 400 records in less than one second;
the same sort via FileMaker Cloud (no Webdirect, no browser, just FileMaker Pro Advanced) takes 30-40 seconds.
None of the usual suspects (such as unstored calculations) is involved. It just takes way longer. Richard Carlson
says that FM Cloud (like WebDirect) forces all sorts to take place on the server. Does this mean that our AWS server
is simply slow, and we have to live with that?