Time and Attendance Tyler Workflow Command Runner Service Will Not Start - SSL Configuration

Owned by Knowledge Assistant
Jun 23, 2023
2 min read
Description of Issue

Attempting to start the TWF Command Runner Service and the service will not start. Pop up window shows:

Error 1053: The service did not respond to the start or control request in a timely fashion.

Additional errors in the Windows Event Viewer related to this attempt:

A fatal error occurred when attempting to access the TLS server credential private key. the error code returned from the cryptographic module is 0x8009030D. the internal error state is 10001

An error occurred while using ssl configuration for endpoint 0.0.0.0:443. the error status code is contained within the returned data

System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.

Browsing to the FQDN on port 443 on the default website returns:

Error connection reset

Context
  • Time and Attendance
  • ExecuTime
  • Tyler Workflow
  • TWF
Cause

There is an issue with the SSL Certificate that is bound to the 443 port within IIS

Resolution

*Note: All error messages described in the Description of Issue must be present for this resolution to apply 

  1. Connect to the server where Tyler Workflow is installed
  2. Export the certificate from MMC along with the Intermediate and Root SSL Certificate - Export SSL Root and Intermediate Chains with SSL Certificate
  3. Open IIS (Internet Information Services)
  4. Under the Connections pane, select the arrow next to the servername to open the tree
  5. Select the arrow next to Sites to open the tree
  6. Select Default Web Site
  7. In the far-right panel named Actions, select Bindings
    1. Select the row that has https as it's type and select Edit
    2. In the drop down for SSL Certificate, select an older certificate if it exists or change it to Not Selected
    3. Select Ok
    4. Select Close
  8. Back in the Connections pane, select the servername
  9. Double-click Server Certificates
  10. Right-click the certificate that was unbonded in step 9 and select Remove
  11. In the Actions pane in the far right, select Import
    1. Select the Browse button and search for the SSL Certificate from step 1
    2. Enter the password to the SSL Certificate from step 1
    3. Ensure the box for Allow this certificate to be exported is checked
    4. Select Ok
  12. Back in the Connections pane, select Default Web Site
  13. Select Bindings under the Actions Pane
    1. Select the row that has https as it's type and select Edit
    2. In the drop down for SSL Certificate, select the newly imported certificate and select Ok
    3. Select Close
  14. Under the Actions pane and under Browse Website, select the hyperlink for Browse https to ensure the default website loads
  15. Open Windows Services
  16. Search for TWF Command Runner, right-click the service and select Start to confirm the service starts successfully
  17. After confirming the service starts successfully, restart all 3 Tyler Workflow services for the instance(s) - How To Restart ExecuTime Tyler Workflow


Additional Information