Connect ServiceInsight to a remote Service Control instance

We have ServiceControl running on a virtual machine and Service Pulse installed in IIS. ServicePulse reaches ServiceControl through a redirect in IIS. Also, we have a valid certificate set up in the IIS site.

This configuration works fine for ServicePulse. The problem is that when I try to access ServiceControl from ServiceInsight in url https://sp.mydomain.com/api, I get the error in the screenshot:

image

Any idea on how to resolve it? Note that the SSL certificate is valid.

You can tell ServiceInsight to skip the certificate validation check like this: https://docs.particular.net/serviceinsight/self-signed-certificate-connection

Is this a self-signed certificate or is its certificiate authority trusted on the machine/user level?

– Ramon

I tried it and the same message appeared.

No, it’s issued by Godaddy.

I have the feeling that the problem is not the certificate itself. Note that I’m trying to access a remote url (hosted in IIS), not localhost, configured following https://docs.particular.net/servicepulse/install-servicepulse-in-iis and using Windows Authentication.

If I paste the url https://sp.mydomain.com/api in Chrome, the response shows something like:

{"description":"The management backend for the Particular Service Platform",
"endpoints_error_url":"http://localhost:33320/api/endpoints/{name}/errors/{?page, ...

Note that the url is the internal localhost url, not the one with the domain name. I’m wondering if ServiceInsight is trying to access these localhost urls…

Can you share a redacted version of your redirect rules web.config?

@WilliamBZA

    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="ProxyAPICallsToServiceControl" stopProcessing="true">
                    <match url="(.*)" />
                    <action type="Rewrite" url="http://localhost:33300/api/{R:1}" />
                </rule>
            </rules>		
            <outboundRules>
                <rule name="Allow SIGNALR traffic" preCondition="JSON" enabled="true" stopProcessing="true">
                    <match filterByTags="None" pattern="\&quot;Url\&quot;:\&quot;(.+?)\&quot;" />
                    <conditions>
                        <add input="{URL}" pattern="(.*)/api/" />
                    </conditions>
                    <action type="Rewrite" value="&quot;Url&quot;:&quot;{C:1}{R:1}&quot;" />
                </rule>
                <preConditions>
                    <preCondition name="JSON">
                        <add input="{URL}" pattern="/api/messagestream/negotiate" />
                        <add input="{RESPONSE_CONTENT_TYPE}" pattern="application/json" />
                    </preCondition>
                </preConditions>
            </outboundRules>
        </rewrite>
    </system.webServer>
    </configuration>

Any ideas on this one? Anything that I could try or more information I could provide?

Did you try to turn off windows authentication just to see if that works?
This will narrow down the issue…

I have tested this on my environment and indeed the issue is authentication, if I allow anonymous access it works fine in ServiceInsight…

Right. I just tested the same thing… I got stuck on the message, which confused me. Is there anyway this can work with a (relatively) secured service control API?