We are running into a issue were all of our users that make use of Web Scanning is getting a error when launching the scanning client via a custom url that pre-sets the Template and some metadata fields. 

The problem only started this week after we performed a migration of our Web client and Forms server software to a new server. Previously Laserfiche Server, Audit Trail, Web client and Laserfiche Forms were all loaded on a single server. Based on volumes and performance we then decided to move Laserfiche Forms and The Web Client to its own server. 

All the applications connect fine and all the users are able to open up the web client, and also able to select the default scan button. It is only when they use a custom url (listed below) that they get an Access Denied error [9013]. Something that worked fine up until last Friday. 

I tried comparing different security levels on both server on a folder as well as IIS level and nothing seems different that I could see. Is there any specific rights that I would need to consider, just because the software is now no longer hosted on the same server??

The url used:

lfwa80://scanning/http://laserficheweb/laserfiche/App_Services/ScanningService.asmx?r=AFSLFQA&custom=path:'\\*Scan Incoming'volid:'2'name:'%(Fields.LF Template Name) - %([Date/Time])'template:'Supplier Invoice Scanning'[LF Template Name]'Supplier Invoices DT'[Company ID]'NAM'[Mailroom Capture Method]'SCAN'[Capture Method]'SCAN'(ProtectedItems)'9'

The Error received:

I'm able to update the url above and point it back to the old server, then it works, without a problem. 

When checking the Event logs I see the following:

Access denied. [9013]
Operation: /laserfiche/App_Services/ScanningService.asmx?repo=AFSLFQA
  Message: Exception encountered, stack trace:
  Laserfiche.WebAccess.Common.Scanning.ScanningError.Create
  Laserfiche.WebAccess.Common.Scanning.ScanningResult.AddError
  Laserfiche.WebAccess.ScanningService.Negotiate
  System.RuntimeMethodHandle.InvokeMethod
Exception details:
  Message: Access denied. [9013]
  Stack trace:    at Laserfiche.RepositoryAccess.Session.SendLogInRequest(String idnRepName, HttpCredential credentials)
   at Laserfiche.RepositoryAccess.Session.LoginToServer(RepositoryRegistration repository, HttpCredential credentials)
   at Laserfiche.WebAccess.Common.ConnectionManager.AuthenticateSessionWithWindowsId(Session sess, RepositoryRegistration repoReg, WindowsIdentity winId)
   at Laserfiche.WebAccess.Common.ConnectionManager.AutoLogon(String repoName, HttpContext context, Boolean forceLogin, WARepository waRepo)
   at Laserfiche.WebAccess.ScanningService.Negotiate(String repository, ScanningNegotiationProperties properties)

  Session: emkvh31a

My Web Client is configured to use the Auto-sign in with integrated Windows authentication option:

I also tried switching to prompt for windows authentication, then the on launch presents a client login option, similar to when one attaches a repo through the desktop client, if I select Windows Authentication, it also returns "Access Denied".

I'm not using SSO on my settings. 

The only difference between the Original server and the new one, is that the Original server originall had Web Access 8.0 installed and through the years received upgrades up to version 10.2.1 wheras the new server is a clean install of 10.2.1

Any guidance or options to try would be greatly appreciated.