You are viewing limited content. For full access, please sign in.

Question

Question

Service Connection Points automatically recreated after few days

Updated July 23, 2019
asked on February 10, 2017

I install new server for testing purposes in RIO 10.2 environment. I don't want users to be able to see this server and it's repositories from client computers. I deleted SCP for new server and verified that SCP is deleted. Few days later new server and its repositories show up in clients. SCP was restored automatically. Is this is a bug? Or how to troubleshoot and prevent this automatic recreation of CSP?

0 0

Replies

replied on February 10, 2017

Hi Mike,

 

It's unlikely that Laserfiche as an application is going to be able to edit or change your service connection points. I would look into your group policy rules here as if it has changed over time, chances are it's a group policy refresh that has caused this.

 

Hope this helps point you in the right direction! smiley

0 0
replied on July 23, 2019

The LF Server service automatically reregisters the SCP whenever it's restarted.  I have the same behavior I'm trying to stop for a client who doesn't want an LF Repository Server advertised. 

Side note, renaming the lfscpcfg.exe doesn't work either.  While it can register the SCP, it's not what's called by the service to do so.  It's solely an end user tool for listing, deleting, and registering SCPs manually.   But it doesn't affect the default behavior or the LF Server Service to automatically register an SCP when the service starts.  

Some of the other discussions I found on answers point to limiting the rights of the service identity so that it is not able to register an SCP.  I'm currently investigating/testing that approach.  I'll add to this if I find the magic combination. 

1 0
replied on July 23, 2019

The answer is discussed here: 

https://answers.laserfiche.com/questions/55512/How-to-stop-LF-Server-Service-from-publishing-an-SCP-every-time-it-restarts#146156

 

Specifically...

If you ensure your Laserfiche server service user is NOT a network admin, the it cannot register the SCP.

 

"Network admin" doesn't sufficiently describe what you're looking for.  What it should say is ensure your Laserfiche service's service identity is not Local System or Network Service.  Both of these accounts will present the computer's "machine account" when connecting to network resources, for example to AD to publish an SCP.  

If you roll the service identity over to an AD user/service account, even if that service account is in the local administrator group, the service will not be able to publish the SCP.  

So the proper steps would be: 

  1. set the LF Server service identity to a domain account, restart the service
  2. run "c:\program files\laserfiche\server\lfscpcfg.exe delete" from the server itself, it will delete any existing SCP for the server. 

 

On subsequent restarts of the LF Server service, it will not be able to republish the SCP. 

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...