Getting error message: Login Failed - Could not connect to fox server. Check that fox and web SSL settings match or try connecting using https. when trying to connect to G3 station via a web browser.

Issue

Getting error message: “Login Failed - Could not connect to fox server. Check that fox and web SSL settings match or try connecting using https.” when trying to connect to G3 station via a web browser.

Product Line

TAC I/A Series

Environment

In Niagara G3, Version 3.7.106

Cause

Security setting for the Web browser and Fox Service don’t match, or the FOX or FOXS port is being blocked. 

In Niagara G3, Version 3.7 and later, users can set up SSL for both HTTP and FOX connections. The intention is that, when using the applet, SSL settings for HTTP and FOX must match (i.e. HTTPS/FOX or HTTP/FOXS are not allowed).

In Niagara G3 3.7 update1 and earlier, users can connect to the applet using the invalid HTTPS/FOX combination. In addition, when loading the applet while using HTTP/FOXS, users are redirected back to the login screen with no error message.

In NiagaraAX 3.7 update2 and later, users attempting to use the applet with an invalid HTTPS/FOX or HTTP/FOXS connection will be redirected to the login screen. An error message will appear indicating what went wrong.

The Web and Fox settings do not match. They must be set to either HTTP/FOX or HTTPS/FOXS.

We’ve found that there is a condition where the error message still displays even though both Fox Service and HTTP match. Reason being is during login to a station via web browser, a check is performed to determine if the Fox Service match the HTTP setting be used. If accessing via HTTP, then port 1911 (FOX) is checked. If accessing via HTTPS, then port 4911 (FOXS) is checked. We found that the corresponding, FOX or FOXS, port were not opened. 
 

Resolution

Open the needed FOX or FOXs port:
Depending on if HTTP or HTTPS is used, the correct port must be opened for the corresponding FOX or FOXS connection. Port 1911 needs to be open if using HTTP/FOX connections, and if using HTTPS/FOXS, port 4911 needs to be open. Port need to be open to bidirectional TCP traffic.