Help
  • Explore Community
  • Get Started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Notifications
Login / Register
Community
Community
Notifications
close
  • Forums
  • Knowledge Center
  • Events & Webinars
  • Ideas
  • Blogs
Help
Help
  • Explore Community
  • Get Started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Login / Register
Sustainability
Sustainability

Join our "Ask Me About" community webinar on May 20th at 9 AM CET and 5 PM CET to explore cybersecurity and monitoring for Data Center and edge IT. Learn about market trends, cutting-edge technologies, and best practices from industry experts.
Register and secure your Critical IT infrastructure

EcoStruxure Control Expert Security Editor Server Won't Start

Industry Automation and Control Forum

This forum is addressing industrial automation design & engineering, operations, asset performance, cyber security and digital transformation for Plants & Machines.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • Home
  • Schneider Electric Community
  • Industrial Automation
  • Industry Automation and Control Forum
  • EcoStruxure Control Expert Security Editor Server Won't Start
Options
  • Subscribe to RSS Feed
  • Mark Topic as New
  • Mark Topic as Read
  • Float this Topic for Current User
  • Bookmark
  • Subscribe
  • Mute
  • Printer Friendly Page
Invite a Co-worker
Send a co-worker an invite to the portal.Just enter their email address and we'll connect them to register. After joining, they will belong to the same company.
You have entered an invalid email address. Please re-enter the email address.
This co-worker has already been invited to the Exchange portal. Please invite another co-worker.
Please enter email address
Send Invite Cancel
Invitation Sent
Your invitation was sent.Thanks for sharing Exchange with your co-worker.
Send New Invite Close
Top Experts
User Count
Bastian_Schmitz
Admiral Bastian_Schmitz Admiral
31
LeTomas
Lt. Commander LeTomas Lt. Commander
11
RoozeeR
Lt. Commander RoozeeR Lt. Commander
6
JerryBartlemay
Lieutenant JG JerryBartlemay Lieutenant JG
6
View All

Invite a Colleague

Found this content useful? Share it with a Colleague!

Invite a Colleague Invite
Back to Industry Automation and Control Forum
JeffKrol
Crewman JeffKrol
Crewman

Posted: ‎2024-11-21 06:42 AM . Last Modified: ‎2024-11-21 06:58 AM

1 Like
12
1845
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2024-11-21 06:42 AM . Last Modified: ‎2024-11-21 06:58 AM

EcoStruxure Control Expert Security Editor Server Won't Start

Hello,

 

I'm trying to set up the Control Expert Security Editor in a client-server configuration to manage roles for Control Expert in a centralized manner. I can't get the Server to change state (it only shows "Stopped"). When I click on the "Certificate Actions" tab and change the product selection to "SecurityService", I see that there is no certificate in the certificate store (red X on the certificate icon and confirmed via tool tip). When I click "Generate Self Signed Certificate" I get a popup dialog box that says "SecurityService: Certificate creation failure". I checked the Windows Event Viewer for Application events and every time I try to generate this certificate I see an error that says something like:
0x80040072 : Fatal error : p:\p-unit\dev\securitymngt\securityservice\securitycertificates.cpp:653 [PID: 43152]
 
Screenshot_20241120_021641.pngScreenshot_20241121_094142.png

I've got this program installed and running as Administrator. I've tried this on another VM and I'm having the same issue. What would cause this certificate creation to fail? This is preventing us from running the Security Editor server.
Labels
  • Labels:
  • Process Automation Talks
  • Tags:
  • english
Reply

Link copied. Please paste this link to share this article on your social media post.

  • All forum topics
  • Previous Topic
  • Next Topic
Replies 12
MarkZoer
Crewman MarkZoer
Crewman

Posted: ‎2025-02-11 06:08 AM

0 Likes
0
1718
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2025-02-11 06:08 AM

Dear Schneider, any clues as to why this is happening? It looks similar to my case.

Reply

Link copied. Please paste this link to share this article on your social media post.

Ricard
Lieutenant Ricard Lieutenant
Lieutenant

Posted: ‎2025-02-12 03:30 AM

1 Like
1
1695
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2025-02-12 03:30 AM

 

Hello

 

I don't know what version of Expert Control you are using, but I would recommend using the latest version 16.1. If not, try updating all the HFs.

Certificate issues are usually problems with credentials or domains. However, your problem is that the service does not start. Look at the screenshot that I attach relating the concepts of the Security Service. To see the ports used with the PIDs, use "netstat -a -on" in CMD. If you still can't find the service problem, contact your country's technical support.

 

Ricard_0-1739359596874.png

 

Reply

Link copied. Please paste this link to share this article on your social media post.

JeffKrol
Crewman JeffKrol
Crewman

Posted: ‎2025-02-12 07:41 AM

0 Likes
0
1671
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2025-02-12 07:41 AM

Ricard,

 

Thank you so much for the reply and information. I am using ControlExpert 16.0 with all hotfixes applied. I do see the SecurityService service running with the correct "Log On As" field. When I run the 'netstat -a -on' command, I do not see anything listening on port 50051 nor do I see any entry with the appropriate PID. I had a case with support opened and they were not able to figure anything out. I got tied up with more important issues, so the case is currently closed, but I'm going to keep working on this with them soon.

 

Any suggestions?

Reply

Link copied. Please paste this link to share this article on your social media post.

MarkZoer
Crewman MarkZoer
Crewman

Posted: ‎2025-02-18 01:48 AM

0 Likes
0
1617
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2025-02-18 01:48 AM

We are running ECE 15.3 as part of process expert 2023.

What Jeff says also applies here. The server state in the security editor shows as stopped. The securityservice shows as running in the services menu. When following the PID of that service (in windows resource monitor) there is no process listening on port 50051 nor can the  PID be found there.

Reply

Link copied. Please paste this link to share this article on your social media post.

JeffKrol
Crewman JeffKrol
Crewman

Posted: ‎2025-03-04 10:19 AM

In response to Ricard
0 Likes
0
1471
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2025-03-04 10:19 AM

Ricardo,

 

Can you send me a copy of 16.1? All of the links I found or were emailed don't work! I tried to private message you but can't figure out how.

 

Thanks!

Reply

Link copied. Please paste this link to share this article on your social media post.

Ricard
Lieutenant Ricard Lieutenant
Lieutenant

Posted: ‎2025-03-04 11:32 PM

0 Likes
1
1464
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2025-03-04 11:32 PM

I see it, I will contact my colleagues to see what happened. In the meantime, use 16.0

BR

Ricard

Reply

Link copied. Please paste this link to share this article on your social media post.

JeffKrol
Crewman JeffKrol
Crewman

Posted: ‎2025-03-05 07:06 AM

In response to Ricard
0 Likes
0
1439
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2025-03-05 07:06 AM

Thanks for the info. Yes, that's the problem with this issue though. Support can't figure out why the certificate creation is failing so they advised me to try out 16.1. So, in the meantime, we can't use the Security Editor in a server-client configuration.

 

I find this very strange since we have some Windows event captures showing the exact line number in the source code where the process is failing.

Attachments
Reply

Link copied. Please paste this link to share this article on your social media post.

MarkZoer
Crewman MarkZoer
Crewman

Posted: ‎2025-03-06 12:43 AM

0 Likes
1
1430
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2025-03-06 12:43 AM

I received feedback from Schneider that might be of help. It was found out that LSA was active on our server and that this doesn't work with the security editor. I asked for LSA to be temporarily deactivated and after reinstalling Control Expert (with a fresh install of the security editor) the Control Expert and Security Service certificates were generated.

Reply

Link copied. Please paste this link to share this article on your social media post.

JeffKrol
Crewman JeffKrol
Crewman

Posted: ‎2025-03-06 07:05 AM

In response to MarkZoer
0 Likes
0
1407
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2025-03-06 07:05 AM

Mark, thanks for the reply. This is very concerning that the only way to get Security Editor to generate the Security Service certificate is by disabling a core functionality of Windows. From Copilot:

"The Local Security Authority (LSA) process is essential for a Windows server. The LSA, which includes the lsass.exe process, is responsible for enforcing security policies, handling user logins, and managing authentication and authorization1. Without the LSA process, the server would not be able to validate user credentials, enforce security policies, or manage access tokens, which are crucial for maintaining system security and functionality2.

 

In summary, the LSA process is a critical component for the secure and proper operation of a Windows server."

 

If the LSA running prevents the Security Service certificate from ever being generated, this implies that the Server-Client architecture would never function natively in Windows 10/11 or Windows Server 2016/2019/2022. In addition, this would indicate to me that they never tested this functionality on any of these OS versions. In fact, I was told by support that they are unable to reproduce this issue. Very curious....

Reply

Link copied. Please paste this link to share this article on your social media post.

Ricard
Lieutenant Ricard Lieutenant
Lieutenant

Posted: ‎2025-03-07 12:12 AM

0 Likes
0
1386
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2025-03-07 12:12 AM

Please, I think we are mixing up issues, both cases may be different problems. Please don't jump to conclusions without prior analysis, pls

 

What I advise you is to talk to the technical support of your country, I am sure my colleagues at ST will be able to help you.

Reply

Link copied. Please paste this link to share this article on your social media post.

MarkZoer
Crewman MarkZoer
Crewman

Posted: ‎2025-03-09 11:43 PM

0 Likes
0
1314
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2025-03-09 11:43 PM

I agree Richard, the could be different.

But what I pointed out in an earlier post, might be of help in finding a solution for someone else. In our case (server-client setup of security editor, with LDAP authentication) it helped to get the server state from showing only stopped to showing running, listening on the right port, being able to generate certificates, etc.

 

Once you get it up and running it might be easier to take small steps back and see when it stops running instead of trying many things without ever getting it to run, don't you agree?

Reply

Link copied. Please paste this link to share this article on your social media post.

JeffKrol
Crewman JeffKrol
Crewman

Posted: ‎2025-03-10 09:15 AM

0 Likes
0
1293
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2025-03-10 09:15 AM

I wanted to chime in here and mention that I was able to test this with v16.1 last week. That did appear to fix the issue in our test environment. However, this release is not currently available so we're going to have to hold off on upgrading until it's officially out.

 

I appreciate the info regardless, Mark. It's good to at least point someone in a direction that is worth testing. I did not feel comfortable disabling this in our environments to even test in v16.0, especially since v16.1 appears to have fixed our issue. If v16.1 still had this issue, I would have tried disabling as a test. My support experience resulted in them saying "unable to reproduce, try v16.1 to maybe fix it".

 

So now we're just waiting for v16.1 to officially release and we'll upgrade. Hopefully that happens sooner rather than later!

Reply

Link copied. Please paste this link to share this article on your social media post.

Preview Exit Preview

never-displayed

You must be signed in to add attachments

never-displayed

 
To The Top!

Forums

  • APC UPS Data Center Backup Solutions
  • EcoStruxure IT
  • EcoStruxure Geo SCADA Expert
  • Metering & Power Quality
  • Schneider Electric Wiser

Knowledge Center

Events & webinars

Ideas

Blogs

Get Started

  • Ask the Community
  • Community Guidelines
  • Community User Guide
  • How-To & Best Practice
  • Experts Leaderboard
  • Contact Support
Brand-Logo
Subscribing is a smart move!
You can subscribe to this board after you log in or create your free account.
Forum-Icon

Create your free account or log in to subscribe to the board - and gain access to more than 10,000+ support articles along with insights from experts and peers.

Register today for FREE

Register Now

Already have an account? Login

Terms & Conditions Privacy Notice Change your Cookie Settings © 2025 Schneider Electric

This is a heading

With achievable small steps, users progress and continually feel satisfaction in task accomplishment.

Usetiful Onboarding Checklist remembers the progress of every user, allowing them to take bite-sized journeys and continue where they left.

of