Installation – Windows

Installation – Windows

Export your Certificate.

#convert IIS to Tomcat
keytool -importkeystore -srckeystore file.pfx -srcstoretype pkcs12 -destkeystore file.jks -deststoretype JKS
#look up the alias
keytool -storepass 123456 -list -keystore file.jks
# rename the alias for SNI
keytool -storepass 123456 -changealias -keystore file.jks -alias automd5 -destalias domain.tld

Optional:

#import the root from https://certs.godaddy.com/repository
keytool -storepass 123456 -keystore file.jks -importcert -file gdroot-g2.crt -alias root
#import the chain
keytool -storepass 123456 -keystore file.jks -importcert -file gdig2.crt -alias chain

Noodle SSO can be setup for SPNEGO with IWA directly, or via SAML with onelogin / okta / etc.

Noodle setup for IWA.

SAML

Noodle setup for onelogin / okta / etc.

    • Paste the URL and fingerprint from your IDP in the Noodle SSO settings
    • Use http[s]://noodle.domain.tld/SAML.po
    • OneLogin > add app > test connector (idp)
      • Configuration:
        • ACS (Consumer) URL Validator* = .*
        • ACS (Consumer) URL* = https://$YOUR_SITE.intra.net/SAML.po
      • Parameters:
        • NameID (fka Email) = Email
      • SSO
        • copy relevant information and paste into Noodle

For non managed users there is also an option to store the password in the web browser:

  1. Add a web shortcut to the users startup
  2. Options:
    • Enable  the "Noodle>System Tools>Settings>User Settings>Remember my login information" feature
      • http[s]://YOUR.DOMAIN.TLD[:PORT]/[IntraNet.po|Noodle.po]
      • This option will ask for a password if the user ever clicks logout.
      • A link can be downloaded from the profile page.

This page is for those who host on their own Windows server and are trying to diagnose the cause of a 404.

  1. If your browser on the server is displaying the page (http://127.0.0.1) properly, it's a networking problem:
    • check port forwarding, routing, firewalls, and dns on the server, client, and every device inbetween.
  2. If your browser on the server is displaying the wrong page or anything other than a timeout, it's a service conflict (multiserver.log contains "Address already in use"):
    • Use a different port or stop and disable other services using port 80.
      • Windows - built in:
        • sc config http start= disabled
        • net stop http /y
      • Linux - list what is using the port:
        • netstat -lnp | grep ":80"
  3. If /logs/err.log said it can't find a class:
    • use 7z to check no jar files are corrupted.
  4. If there is no multiserver.log it's a .bat or Java problem:
    • run the intranet.bat one line at a time to isolate the problem.
    • reinstall Java and update intranet.bat to the new java.exe .
  5. If there is no java.exe in the task manager it's a config problem:
    • look in the log file for errors.
    • run a copy of intranet.bat without the loop or exit to find errors not in the log.

--Restore from file or on attach
 
---------------------------------------------------------
DECLARE tabcurs CURSOR
FOR
    SELECT 'intranet.' + [name]
      FROM sysobjects
     WHERE xtype = 'u'
 
OPEN tabcurs
DECLARE @tname NVARCHAR(517)
FETCH NEXT FROM tabcurs INTO @tname
 
WHILE @@fetch_status = 0
BEGIN
 
    EXEC sp_changeobjectowner @tname, 'intranet2'
 
    FETCH NEXT FROM tabcurs INTO @tname
END
CLOSE tabcurs
DEALLOCATE tabcurs
---------------------------------------------------------
--?--EXEC sp_changeobjectowner 'intranet.AllocObjectId', 'intranet2';
---------------------------------------------------------

If there are any Active Directory issues there are 2 log locations;

  • System Tools > Analytics > Error Codes > Active Directory (clear and re-try to isolate the reported issue).
  • The log file on the server with DEBUG enabled (restart the Noodle service to get a clean log).
  • Saving password from intranet to AD requires SSL installed on Active Directory (AD required security policy)
  • Noodle uses LDAP access to connect to AD on port 389 (no SSL) or 636 (with SSL).
  • To fully use Active Directory users in Noodle you must provide login credentials that have administrative rights on the Active Directory, for read only searching and reading other users is required.
  • Unable to convert Distinguished to Principal Name message is often due to the users Primary domain not matching one specified in Noodle.

If you see something like this in the log file:

2012.12.12 12:12:12: .intranet,DEBUG: Can't authenticate to configured LDAP server
2012.12.12 12:12:12: .intranet,DEBUG: javax.naming.AuthenticationException:
[LDAP: error code <strong>49</strong> - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data <strong>52e</strong>, v1db0 ]

The part in the square brackets is your Active Directory trying to tell you what went wrong.
error codes:

00 LDAP_SUCCESS
01 LDAP_OPERATIONS_ERROR
02 LDAP_PROTOCOL_ERROR
03 LDAP_TIMELIMIT_EXCEEDED
04 LDAP_SIZELIMIT_EXCEEDED
05 LDAP_COMPARE_FALSE
06 LDAP_COMPARE_TRUE
07 LDAP_STRONG_AUTH_NOT_SUPPORTED
08 LDAP_STRONG_AUTH_REQUIRED
09 LDAP_PARTIAL_RESULTS
16 LDAP_NO_SUCH_ATTRIBUTE
17 LDAP_UNDEFINED_TYPE
18 LDAP_INAPPROPRIATE_MATCHING
19 LDAP_CONSTRAINT_VIOLATION
20 LDAP_TYPE_OR_VALUE_EXISTS
21 LDAP_INVALID_SYNTAX
32 LDAP_NO_SUCH_OBJECT
33 LDAP_ALIAS_PROBLEM
34 LDAP_INVALID_DN_SYNTAX
35 LDAP_IS_LEAF
36 LDAP_ALIAS_DEREF_PROBLEM
48 LDAP_INAPPROPRIATE_AUTH
49 LDAP_INVALID_CREDENTIALS
50 LDAP_INSUFFICIENT_ACCESS
51 LDAP_BUSY
52 LDAP_UNAVAILABLE
53 LDAP_UNWILLING_TO_PERFORM
54 LDAP_LOOP_DETECT
64 LDAP_NAMING_VIOLATION
65 LDAP_OBJECT_CLASS_VIOLATION
66 LDAP_NOT_ALLOWED_ON_NONLEAF
67 LDAP_NOT_ALLOWED_ON_RDN
68 LDAP_ALREADY_EXISTS
69 LDAP_NO_OBJECT_CLASS_MODS
70 LDAP_RESULTS_TOO_LARGE
80 LDAP_OTHER
81 LDAP_SERVER_DOWN
82 LDAP_LOCAL_ERROR
83 LDAP_ENCODING_ERROR
84 LDAP_DECODING_ERROR
85 LDAP_TIMEOUT
86 LDAP_AUTH_UNKNOWN
87 LDAP_FILTER_ERROR
88 LDAP_USER_CANCELLED
89 LDAP_PARAM_ERROR
90 LDAP_NO_MEMORY

data:

525 user not found
52e invalid credentials
530 not permitted to logon at this time
531 not permitted to logon at this workstation
532 password expired
533 account disabled
701 account expired
773 user must reset password
775 user account locked

More Active Directory Troubleshooting information on MSDN

There is a limitation of the PostgreSQL installer if you are using windows domains.

The installer will need to make a posgres user that have write permissions on %PROGRAMFILES%\Postgres.

If the PostgreSQL is/will-be unable to do so, please setup the permissions beforehand. Adding write for "Everyone" or adding rights for a new postgres user with the the default password Pgsq1p@ssword will avert this limitation.

If you tried a normal noodle install and you have a black "upgrade in progress" screen then this is likely the problem. There is no need to reinstall noodle; just uninstall PostgreSQL, set up the permissions, download the PGInstaller and reinstall PostgreSQL.

After you install PostgreSQL you will need to edit the pg_hba.conf and make sure there is a "127.0.0.1/32 password" line.
Next run the init.sql in the Noodle folder with PGAdmin3 one line at a time.
Restart the PostgreSQL then Noodle service.

There are numerous backup methods generally complete or partial, run hot or cold.

A simple method is a cold complete backup:

  • Stop Noodle
  • Stop the database
  • Copy the database folder and the Noodle folder to a different disk
  • Start the database
  • Start Noodle
  • Send the copy to a different physical location

More options for database backups include:

  • Hot complete backups: allow a snapshot of your database without stopping anything.
  • Hot partial backups: can be used to backup only recent changes, allow for point in time recovery, and reduce server load.
  • Hot partial backups: can also be used to keep a warm backup server in case of disaster - at any time it will be a usable exact copy of your production database.
  • Cold partial backups: can decrease the time of a cold complete backup.

Production environments should select a backup strategy to maximize flexibility while reducing server load and storage requirements.

For details on backup options please read your database documentation.

Also see  the windows postgres example

For MSSQL installations go here.

For Domain Managed Machines go here.

For linux instructions go here

Installing on Windows:

  1. Download Noodle from here
  2. Run the installer
  3. Press next a few times (it will install Java and PGSQL unless you have it, or MSSQL, already installed in which case it will assume you want to setup the connection manually)
  4. That's it now you can use Noodle in your web browser. Windows server 2016 considers Internet Explorer a security risk so check the config for the selected port and use your desktop web browser.
  5. Check the log folder for details or ask us for help

The full database engine should be installed with all components, including the full-text search option before Noodle. (Noodle will install PostgreSQL if it finds no other local DBs)

Make sure you have Microsoft SQL Server 2012 or later installed. Download (ExpressAdv 64BIT\SQLEXPRADV_x64_ENU.exe 1.1 GB) here. EOL dates here.

  1. Create a Database
    • Open up the MSSQL Enterprise Manager.
    • Connect to the database engine that will be used for Noodle.
    • Right-click on the folder and select Create Database.
    • A new window will open to configure the database, Specify the name: intranet.
  2. Creating a Login
    • Expand the Security section and right-click on Logins then New Login.
    • Login Name: noodleuser
    • SQL Server Authentication
    • Password: noodlepass
    • Do not enforce password policy (at least don't require change or expire)
    • Default Database: intranet
    • Set User Mapping of the intranet database to db_owner
  3. Enable TCP/IP Settings
    • Right click on the instance and select properties, security, than select SQL Authentication
    • SQL
    • Open the Sql Server Configuration Manager and expand SQL Server Network Configuration.  Select Protocols for MSSQLSERVER, enable TCP/IP.
    • Right-click to reveal properties, ensure one IP# is set as 127.0.0.1
    • For all IP#s using 127.0.0.1 and the IPAll set the port to 1433, and blank out the dynamic port.
    • Restart the MSSQL service
  4. Install Noodle
  5. Configure Noodle
    • Edit the "intranet.conf" file in the "C:\Program Files (x86)\Noodle\enhydra\cfg" folder
    • Verify the user, and pass
    • Uncomment (#) from the MSSQL lines and comment any other databases
    • Close and save changes.
    • Make sure the lib directory contains the 2005 JDBC JAR.
    • restart the noodle service
  6. Open a web browser (preferably chrome), go to the IP and port (http://127.0.0.1:81 is the default), and paste in your license key.