When logging into RSA Archer 6.x, an error message occurs: Unable to save session state
RSA Product Set: Archer RSA Product/Service Type: User Interface, Platform, Archer Control Panel RSA Version/Condition: 6.x Platform: IIS
When logging into RSA Archer 6.x platform, you receive this error:
Unable to save session state.
This issue occurs due to a misconfiguration with SSL and/or the web.config file.
It may also occur because the web server does not have HTTP Activation enabled or because the session has timed out and you are attempting to return to your Home/landing screen.
Verify that the web.config file is properly configured
Edit the C:\inetpub\wwwroot\RSAarcher\web.config file. (The volume letter may vary.)
Search for the httpGetEnabled attribute and change it from <serviceMetadata httpGetEnabled="false" /> to be <serviceMetadata httpsGetEnabled="true" />.
Search for <security mode="Transport" /> and uncomment it.
Search for <httpTransport maxReceivedMessageSize and change it from <httpTransport maxReceivedMessageSize to be <httpsTransport maxReceivedMessageSize.
Search for <httpTransport transferMode="StreamedRequest" and change it from <httpTransport transferMode="StreamedRequest" to be <httpsTransport transferMode="StreamedRequest".
Verify that the web server has HTTP Activation enabled
Open the Server Manager.
Select Manage then Add Roles and Features.
Click Next on the Before you begin page if it is displayed.
Click Next for Role-based or feature-based installation.
Select the web server and click Next.
Expand Application Server and select Web Server (IIS) Support then hit Next.
Expand .NET Framework 4.5 Features.
If WCF Services is not installed then select it and hit Next. Install the feature making sure you select HTTP Activation.
If WCF Services is installed but HTTP Activation is not then select the HTTP Activation box and select Next and then Install.
Verify that there are no discrepancies between your web.config file and the configuration of your web server in regards to SSO/SSL
The web.config file may be configured for non-SSO/SSL but you have SSO or SSL enabled. Test this by disabling SSO in the RSA Archer Control Panel and ensure that Default Site in IIS is set to Anonymous and not Windows Authentication. Make sure to revert your web.config file to an Out of the box state since the web.config file "out of box" is configured in a way that SSO/SSL is indeed disabled.
Verify that if Windows Authentication is set to Enabled that Extended Protection is Off on the Windows Authentication
Open IIS Manager.
Expand the server in the left pane.
Expand Sites on the left.
Expand Default Web Site.
Expand the RSA Archer site. (if Applicable)
Double-click on Authentication.
Click on Windows Authentication.
Click Advanced Settings on the right.
Set Extended Protection to Off.
Perform an iisreset in an Administrator command prompt.
In the situation where the session has expired, log off and back in again. If the problem is still occurring then the issue is likely caused by one of the reasons addressed above.