Sitecore 8 Package Installer over HTTPS

Last week I was performing a deployment to our QA environment when I came across something odd. I was performing a routine content package install to Sitecore and all of the sudden I see “installation failed.” This particular package had been installed on 3 environments prior to QA, so I was confused. I dug into the logs to see if I could see the problem:

ManagedPoolThread #18 14:24:01 INFO  Job started: Install
ManagedPoolThread #18 14:24:01 INFO  Installing package: E:\inetpub\wwwroot\qa\web\Data\packages\ 
ManagedPoolThread #18 14:24:06 INFO  Installing item: items/master/sitecore/content/home/hogwarts/{7DEE4E6A-4A2B-4687-8A79-84417B436C39}/en/1/xml
ManagedPoolThread #18 14:24:08 INFO  Cache created: 'IsUserInRoleCache' (max size: 5MB, running total: 2214MB)
ManagedPoolThread #18 14:24:08 ERROR Error installing items/master/sitecore/content/home/hogwarts/{7DEE4E6A-4A2B-4687-8A79-84417B436C39}/en/1/xml
Exception: System.Web.HttpException
Message: The application is configured to issue secure cookies. These cookies require the browser to issue the request over SSL (https protocol). However, the current request is not over SSL.
Source: System.Web
   at System.Web.Security.FormsAuthentication.SetAuthCookie(String userName, Boolean createPersistentCookie, String strCookiePath)
   at Sitecore.Security.Authentication.FormsAuthenticationProvider.Login(User user)
   at Sitecore.ContentTesting.Events.GenerateScreenshot.PopulateCookiesForNewSession(List`1 cookies)
   at Sitecore.ContentTesting.Events.GenerateScreenshot.StartRun(Item item, ItemChanges changes)
   at Sitecore.Events.Event.EventSubscribers.RaiseEvent(String eventName, Object[] parameters, EventResult result)
   at Sitecore.Events.Event.RaiseEvent(String eventName, Object[] parameters)
   at Sitecore.Events.Event.RaiseItemSaved(Object sender, ItemSavedEventArgs args)
   at System.EventHandler`1.Invoke(Object sender, TEventArgs e)
   at Sitecore.Data.Engines.EngineCommand`2.RaiseEvent[TArgs](EventHandler`1 handlers, Func`2 argsCreator)
   at Sitecore.Data.Engines.EngineCommand`2.Execute()
   at Sitecore.Data.Engines.DataEngine.SaveItem(Item item)
   at Sitecore.Data.Managers.ItemProvider.SaveItem(Item item)
   at Sitecore.Data.Managers.PipelineBasedItemProvider.ExecuteAndReturnResult[TArgs,TResult](String pipelineName, String pipelineDomain, Func`1 pipelineArgsCreator, Func`1 fallbackResult)
   at Sitecore.Data.Managers.PipelineBasedItemProvider.SaveItem(Item item)
   at Sitecore.Data.Items.ItemEditing.AcceptChanges(Boolean updateStatistics, Boolean silent)
   at Sitecore.Install.Items.ItemInstaller.VersionInstaller.InstallVersion(Item version)
   at Sitecore.Install.Items.ItemInstaller.VersionInstaller.PasteVersion(XmlNode versionXml, Item target, VersionInstallMode mode, IProcessingContext context, Boolean removeOtherVersions)
   at Sitecore.Install.Items.ItemInstaller.InstallEntry(PackageEntry entry)

The message stood out to me: “This application is configured to issue secure cookies. These cookies require the browser to issue the request over SSL (https protocol). However, the current request is not over SSL.”

I realized that QA was the first environment in the series of deployments where HTTPS was strictly enforced. I was not sure why I was seeing this error, though. I looked at the address bar and saw that I was, in fact, visiting Sitecore over HTTPS. I knew HTTP to HTTPS redirects were in place from the IIS URL Rewrite module. I decided to see if HTTPS really was the problem.

I changed the build config to turn off the enforcement of SSL and had Jenkins rebuild the job. Once it finished, I went into Sitecore and tried installing the package. The package installed successfully!

Now, I knew that this environment was doing two things for security. The first one was the URL Rewrite to HTTPS. I went into IIS and re-enabled the rule. Once enabled, I traveled to the https:// version of the environment and tried the package install again. The package installed successfully! This was a bit surprising to me. I decided to turn the full enforcement of SSL back on and have Jenkins rebuild. Once it finished, I repeated the same steps, however this time the installation failed!

I realized what the difference was: after Jenkins rebuilt, secure cookies were enforced. At this point, I decided to reach out to Sitecore Support.

Within a few hours, Sitecore got back to me with a… peculiar… workaround:

“please change the ContentTesting.GenerateScreenshots setting in the Website\App_Config\Include\ContentTesting\Sitecore.ContentTesting.config file to ‘none’”

(FYI: Sitecore support reference number 443413 for future tracking)

I followed their instructions are was a bit surprised to see that it worked perfectly fine. My guess is GenerateScreenshots was forcing some sort of http call over https, but I’m still not sure. Since the client wasn’t using content

My lesson for today: if you’re having problems installing packages over HTTPS with secure cookies enabled, try setting ContentTesting.GenerateScreenshots to ‘none’ in the Sitecore.ContentTesting.config file.