pwssupport

Updates: the plugin seems to be working now after I select ZIP Archive from manual deployment selection. The reason I tried to select different way to export the site is because it keeps appending extra “https” to the static page for the URLs.

Hi,

I upgraded our PHP from 7.1.30 to 7.2.10, but it is still showing the same error message as the first message. I also deactivated all other plugins and error still exists. There is no specific error in the log file related to this plugin.

We did upgrade this plugin from older version. So, do you have any recommendation to resolve the compatibility issue if this is the root cause? Thanks!

WordPress version: 5.2.3
WP2Static version: 6.6.6

Extra Error displayed on this plugin page:

Uncaught TypeError: Cannot read property 'hasClass' of undefined
    at HTMLDocument.<anonymous> (wp-auth-check.min.js?ver=5.2.3:1)
    at HTMLDocument.dispatch (load-scripts.php?c=0&load[]=jquery-core,jquery-migrate,utils,moxiejs,plupload&ver=5.2.3:3)
    at HTMLDocument.r.handle (load-scripts.php?c=0&load[]=jquery-core,jquery-migrate,utils,moxiejs,plupload&ver=5.2.3:3)
    at Object.trigger (load-scripts.php?c=0&load[]=jquery-core,jquery-migrate,utils,moxiejs,plupload&ver=5.2.3:3)
    at Object.a.event.trigger (load-scripts.php?c=0&load[]=jquery-core,jquery-migrate,utils,moxiejs,plupload&ver=5.2.3:8)
    at HTMLDocument.<anonymous> (load-scripts.php?c=0&load[]=jquery-core,jquery-migrate,utils,moxiejs,plupload&ver=5.2.3:3)
    at Function.each (load-scripts.php?c=0&load[]=jquery-core,jquery-migrate,utils,moxiejs,plupload&ver=5.2.3:2)
    at a.fn.init.each (load-scripts.php?c=0&load[]=jquery-core,jquery-migrate,utils,moxiejs,plupload&ver=5.2.3:2)
    at a.fn.init.trigger (load-scripts.php?c=0&load[]=jquery-core,jquery-migrate,utils,moxiejs,plupload&ver=5.2.3:3)
    at Object.<anonymous> (heartbeat.min.js?ver=5.2.3:1)

This issue has never been resolved. I just apply version 1.5.4 and I still got the same problem. So, I have to keep my version at 1.4.9. Could you please let me know when this issue will be resolved? Thanks!

Hi,

I am not able to provide you the URL as this is our Intranet site. The issue is pretty simple. When I enable your plugin, we are not able to select the page layout (Default Layout/Left Sidebar/Right Sidebar/Full Width) when editing the page. It always shows Left Sidebar layout.

Some of the pages need to be with full width. We are able to use full width layout when disabling your plugin. However, when we enable it, the page becomes left sidebar layout again. There is no error message when viewing the console. I wonder if the plugin conflicts with our theme? Thanks!

Thanks!

Hi ikaroweb, could you please share with me how did you get this issue resolved? Thank you.

Found out the root cause of this issue. When kicking off the function of “Sync to WordPress”, all the existing users with “Subscribers” role have been changed to no role. I think it might be a bug. Please let me know who to correct this issue? Thank you very much for your help.

@schakko,

Here’s the full log. Thank you very much for your help. Please let me know you need further information.

[Wed Nov 23 09:59:38.105162 2016] [ssl:debug] [pid 18902] ssl_engine_kernel.c(224): [client 172.24.51.71:59450] AH02034: Subsequent (No.2) HTTPS request received for child 5 (server zip.zic.pri:443)
[Wed Nov 23 09:59:38.105167 2016] [http:trace4] [pid 18902] http_request.c(301): [client 172.24.51.71:59450] Headers received from client:
[Wed Nov 23 09:59:38.105170 2016] [http:trace4] [pid 18902] http_request.c(305): [client 172.24.51.71:59450]   Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
[Wed Nov 23 09:59:38.105175 2016] [http:trace4] [pid 18902] http_request.c(305): [client 172.24.51.71:59450]   Accept-Language: en-US
[Wed Nov 23 09:59:38.105178 2016] [http:trace4] [pid 18902] http_request.c(305): [client 172.24.51.71:59450]   User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
[Wed Nov 23 09:59:38.105180 2016] [http:trace4] [pid 18902] http_request.c(305): [client 172.24.51.71:59450]   Accept-Encoding: gzip, deflate
[Wed Nov 23 09:59:38.105182 2016] [http:trace4] [pid 18902] http_request.c(305): [client 172.24.51.71:59450]   Connection: Keep-Alive
[Wed Nov 23 09:59:38.105184 2016] [http:trace4] [pid 18902] http_request.c(305): [client 172.24.51.71:59450]   Host: zip.zic.pri
[Wed Nov 23 09:59:38.105186 2016] [http:trace4] [pid 18902] http_request.c(305): [client 172.24.51.71:59450]   Authorization: Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==
[Wed Nov 23 09:59:38.105189 2016] [http:trace4] [pid 18902] http_request.c(305): [client 172.24.51.71:59450]   Cookie: _ga=GA1.2.2039741005.1479332418
[Wed Nov 23 09:59:38.105302 2016] [authz_core:debug] [pid 18902] mod_authz_core.c(809): [client 172.24.51.71:59450] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Wed Nov 23 09:59:38.105307 2016] [authz_core:debug] [pid 18902] mod_authz_core.c(809): [client 172.24.51.71:59450] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
[Wed Nov 23 09:59:38.105313 2016] [auth_kerb:debug] [pid 18902] src/mod_auth_kerb.c(1954): [client 172.24.51.71:59450] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Wed Nov 23 09:59:38.105350 2016] [auth_kerb:debug] [pid 18902] src/mod_auth_kerb.c(1295): [client 172.24.51.71:59450] Acquiring creds for HTTPS/[email protected]
[Wed Nov 23 09:59:38.108128 2016] [auth_kerb:debug] [pid 18902] src/mod_auth_kerb.c(1708): [client 172.24.51.71:59450] Verifying client data using KRB5 GSS-API 
[Wed Nov 23 09:59:38.108141 2016] [auth_kerb:debug] [pid 18902] src/mod_auth_kerb.c(1724): [client 172.24.51.71:59450] Client didn't delegate us their credential
[Wed Nov 23 09:59:38.108144 2016] [auth_kerb:debug] [pid 18902] src/mod_auth_kerb.c(1752): [client 172.24.51.71:59450] Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration.
[Wed Nov 23 09:59:38.108148 2016] [auth_kerb:debug] [pid 18902] src/mod_auth_kerb.c(1155): [client 172.24.51.71:59450] GSS-API major_status:00010000, minor_status:00000000
[Wed Nov 23 09:59:38.108157 2016] [auth_kerb:error] [pid 18902] [client 172.24.51.71:59450] gss_accept_sec_context() failed: An unsupported mechanism was requested (, Unknown error)
[Wed Nov 23 09:59:38.108334 2016] [core:trace3] [pid 18902] request.c(119): [client 172.24.51.71:59450] auth phase 'check user' gave status 401: /
[Wed Nov 23 09:59:38.108346 2016] [headers:debug] [pid 18902] mod_headers.c(848): AH01503: headers: ap_headers_error_filter()
[Wed Nov 23 09:59:38.108355 2016] [http:trace3] [pid 18902] http_filters.c(1006): [client 172.24.51.71:59450] Response sent with status 401, headers:
[Wed Nov 23 09:59:38.108358 2016] [http:trace5] [pid 18902] http_filters.c(1013): [client 172.24.51.71:59450]   Date: Wed, 23 Nov 2016 17:59:38 GMT
[Wed Nov 23 09:59:38.108360 2016] [http:trace5] [pid 18902] http_filters.c(1016): [client 172.24.51.71:59450]   Server: Apache
[Wed Nov 23 09:59:38.108362 2016] [http:trace4] [pid 18902] http_filters.c(835): [client 172.24.51.71:59450]   X-Frame-Options: DENY
[Wed Nov 23 09:59:38.108365 2016] [http:trace4] [pid 18902] http_filters.c(835): [client 172.24.51.71:59450]   WWW-Authenticate: Basic realm=\\"Kerberos authenticated intranet\\"
[Wed Nov 23 09:59:38.108367 2016] [http:trace4] [pid 18902] http_filters.c(835): [client 172.24.51.71:59450]   Content-Length: 381
[Wed Nov 23 09:59:38.108369 2016] [http:trace4] [pid 18902] http_filters.c(835): [client 172.24.51.71:59450]   Keep-Alive: timeout=5, max=99
[Wed Nov 23 09:59:38.108376 2016] [http:trace4] [pid 18902] http_filters.c(835): [client 172.24.51.71:59450]   Connection: Keep-Alive
[Wed Nov 23 09:59:38.108378 2016] [http:trace4] [pid 18902] http_filters.c(835): [client 172.24.51.71:59450]   Content-Type: text/html; charset=iso-8859-1
[Wed Nov 23 09:59:38.108432 2016] [ssl:trace4] [pid 18902] ssl_engine_io.c(2078): [client 172.24.51.71:59450] OpenSSL: I/O error, 5 bytes expected to read on BIO#7f9e0af113e0 [mem: 7f9e0af2b983]
[Wed Nov 23 09:59:43.113498 2016] [ssl:trace4] [pid 18902] ssl_engine_io.c(2078): [client 172.24.51.71:59450] OpenSSL: I/O error, 5 bytes expected to read on BIO#7f9e0af113e0 [mem: 7f9e0af2b983]
[Wed Nov 23 09:59:43.113605 2016] [ssl:debug] [pid 18902] ssl_engine_io.c(992): [client 172.24.51.71:59450] AH02001: Connection closed to child 5 with standard shutdown (server zip.zic.pri:443)

Extra info:

If I click on the “Log in with SSO” test link on the login page, I will be logged in directly. So, apparently the SSO is working. Don’t quite understand why the log keeps showing valid user is NULL.

[Fri Nov 18 14:13:45.025366 2016] [authz_core:debug] [pid 4195] mod_authz_core.c(809): [client 172.24.51.71:57084] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Fri Nov 18 14:13:45.025389 2016] [authz_core:debug] [pid 4195] mod_authz_core.c(809): [client 172.24.51.71:57084] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
[Fri Nov 18 14:13:45.025407 2016] [auth_kerb:debug] [pid 4195] src/mod_auth_kerb.c(1954): [client 172.24.51.71:57084] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos

Hi @schakko, we changed our domain to fit the domain controller. However, the SSO is still not working. We still got prompt the first time when trying to access to the site. The service account we used to connect to the AD domain return below message. I wonder if that that is the root cause?

Verification successful! WordPress site is now connected to Domain: S-0

If I change that by using my own NT login, I got below message.

Verification successful! WordPress site is now connected to Domain: S-1-5-21-3056053478-64484923-26988263

I also tried to synchronize the users from AD to WordPress and I got 0 member returned. Is this the reason that the SSO is not working? The network folks said there is no problem with the service account, but I think that’s the root cause of this issue.

[INFO ] Start of Sync to WordPress 
[INFO ] LDAP connection is encrypted with "starttls" 
[INFO ] In group 'id:513' are 0 members. 
[INFO ] Number of users to import/update: 8 (2 seconds)

Thanks so much for your help.

The root cause is that our intranet site is using domain https://intranet.company.com as a FQDN for Google Analytics tracking purpose, but the AD is using @test.ad. So, the Kerberos cannot authenticate between two different domain names. This is where we failed.

Based on the answer that we got from the network team, the only solution is to change the domain name to match the internal domain @test.ad. I just want to double check if there is any alternate solution can help not to change the domain name. Thank you.

Hi Schakko,

Thanks for the info. It looks like the Kerberos does try to authenticate the user, but the user info didn’t get passed through. It is showing NULL. So, our UNIX admin doesn’t have any clue at this point either. Is there anything else we need to look at? Thank you very much for your help.

[Mon Nov 07 09:52:19.582241 2016] [ssl:debug] [pid 13992] ssl_engine_kernel.c(224): [client 172.24.51.71:60871] AH02034: Subsequent (No.2) HTTPS request received for child 1 (server intranet.test.ad:443), referer: https://intranet.test.ad/
[Mon Nov 07 09:52:19.582539 2016] [authz_core:debug] [pid 13992] mod_authz_core.c(809): [client 172.24.51.71:60871] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: https://intranet.test.ad/
[Mon Nov 07 09:52:19.582550 2016] [authz_core:debug] [pid 13992] mod_authz_core.c(809): [client 172.24.51.71:60871] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: https://intranet.test.ad/
[Mon Nov 07 09:52:19.582563 2016] [auth_kerb:debug] [pid 13992] src/mod_auth_kerb.c(1954): [client 172.24.51.71:60871] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos, referer: https://intranet.test.ad/
[Mon Nov 07 09:52:19.582621 2016] [auth_kerb:debug] [pid 13992] src/mod_auth_kerb.c(1295): [client 172.24.51.71:60871] Acquiring creds for HTTPS/[email protected], referer: https://intranet.test.ad/
[Mon Nov 07 09:52:19.589701 2016] [auth_kerb:debug] [pid 13992] src/mod_auth_kerb.c(1708): [client 172.24.51.71:60871] Verifying client data using KRB5 GSS-API , referer: https://intranet.test.ad/
[Mon Nov 07 09:52:19.589735 2016] [auth_kerb:debug] [pid 13992] src/mod_auth_kerb.c(1724): [client 172.24.51.71:60871] Client didn't delegate us their credential, referer: https://intranet.test.ad/
[Mon Nov 07 09:52:19.589740 2016] [auth_kerb:debug] [pid 13992] src/mod_auth_kerb.c(1752): [client 172.24.51.71:60871] Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration., referer: https://intranet.test.ad/
[Mon Nov 07 09:52:19.589747 2016] [auth_kerb:debug] [pid 13992] src/mod_auth_kerb.c(1155): [client 172.24.51.71:60871] GSS-API major_status:00010000, minor_status:00000000, referer: https://intranet.test.ad/

I re-apply Next ADI to our Linux server environment and it works fine. Might be the issue under my local Window environment. I will rebuild it. We can consider this issue is resolved. Thanks for your help.

Hi @schakko, Any updates on this issue? Thank you.

We are using utf8mb4_unicode_ci which is still UTF-8. So, it shouldn’t be matter. To be safe, I created another site by using utf8_general_ci, but still got the same result.

Response Headers:

HTTP/1.1 200 OK
Date: Fri, 21 Oct 2016 19:29:27 GMT
Server: Apache/2.4.23 (Win32) mod_authnz_sspi/0.1.0 OpenSSL/1.0.2h PHP/5.6.25
X-Powered-By: PHP/5.6.25
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Frame-Options: SAMEORIGIN
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8