Apps not starting on PSU 4.2.x when using Windows Powershell 5.1, HTTP error 500

Apps using Powershell 5.1 won’t start and give an http error 500 in the toast in the admin console (Dashboard 4; Request failed with status code 500). I cannot find error messages about it in the logs. When switching to the integrated environment the apps do start successfully. This was no problem on 4.1.11. Tested on 4.2.0, 4.2.5 and 4.2.11, all the same result.

How have you set up your environment.

We have ours in an Azure container with an Azure App Gateway and get this when there is a misconfiguration.

Do you see this when you connect via HTTP on port 5000 or behind a gateway using HTTP or HTTPS?

Also, when you say ‘Apps using PowerShell 5.1’ does this mean you have Apps using PowerShell 7.x which work?

It’s onpremise on Windows using the MSI installer, so nothing special.
All apps are PS 5.1 and won’t start. If i set them to Integrated, the all start. If I set some to integrated, only those start.
When they don’t start I see the the app process starting and terminating in taskmanager (with a very long commandline). It appears that process is crashing. But I need to get more logging.

I’ve set the following logging targets, but I get no verbose or debug messages. Only info, error and warning. Am I doing something wrong? This is on 4.2.11.

New-PSULoggingTarget -Type "File" -Level "Verbose" -Properties @{
		path = 'C:\ProgramData\PowerShellUniversal\log-user.txt'
	} 
New-PSULoggingTarget -Type "File" -Level "Verbose" -Properties @{
		path = 'C:\ProgramData\PowerShellUniversal\log-system.txt'
	} -Scope "System"

Ok so now I created a brand new server on Windows Server 2019 and a clean install of PSU 4.2.12 using all default settings except using LiteDB (as we are using in our production environment). Runs as localsystem. Created a new empty dashboard, and when using PS5.1, it won’t start. Also no debuglogging after the loggingtargets are modified. API’s do work with PS5.1. Jobs don’t.
Pwsh 7 has the same behaviour as PS5.1 btw, only the Integrated environment works well.

It seems unblocking internet access for the PSU server solves the problem! But now the question remains why that’s the case. I would really like to know what kind of internet access exactly is necessary, or if it can be disabled, as our policies don’t allow unrestricted internet access.

Allowing access to 192.229.221.95 solves the problem. But who is that ip? According to https://www.whois.com it is part of a range managed by Edgecast Inc. But I cannot find any more information on this.

192.229.221.95 appears to be the CRL of Digicert. So allowing CRL checking through the firewall fixes the problem. Maybe disabling CRL checking will work as well, but I haven’t tested that.

3 Likes

Same issue on 4.2.13 - turned out our firewall blocked all HTTP outgoing access from PSU server. Once we enabled HTTP traffic, the dashboard starts. The server already had HTTPS access.

Nice find JQ, you helped me solve our upgrade issues.