Ah ok, when we use Laserfiche Server Auth, we manually enter the address of the LF Service Server. It was not in the license file before. This is the first time I have not had to enter the address of the server we are connecting to in a config before. Thanks for the clarification.

Its frustrating this way because support says that Forms can't reach the DS server. I am now trying to show them this lf.licx text file in the ProgramData folder and I see where it says Directory Server= and the address. The address is correct and responding on all ports.

I would rather enter everything into the configurator so it is very clear to them that it is configured correctly.

Also why is it that if I want to try a different address it says that the license file signature does not match. Also if I reinstall forms and enter a different address when licensing with the DS server it switches back to it's computer name address automatically.

I want to try using an address that will be validated by the certificate configured for the 443 binding, because many are saying the SOAP negotiation errors are related to using invalid certs

Oh, STS and Forms are still talking to LFDS on 5048/5049. None of that traffic goes over 443. If you're using LFDS 10.4.3 (ships with overall 10.4.2) the LFDS XmlEndpointUtility walks you through binding a certificate to 5049.

Can I bind the certificate to 5048? It is not that there is a networking problem preventing access to port 5049 but the STS configurator tells us this if we try to use port 5049 with SSL even after I configured with the EndpointUtility successfuly

 Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. 

Binding the cert to 5048 is possible but won't do anything since Laserfiche applications won't try to do encrypted communication over it.

When you say "STS configurator" do you mean the STS configuration web page at http://localhost/LFDSSTS/configuration or the STSEndpointUtility? Make sure you run the STSEndpointUtility as well.

Otherwise, the error suggests that something is indeed wrong with your certificate. Is it self-signed?

Yea the STS configurator is super strange. It is a combination of that web page and the EndpointUtility Windows App. You make a change in the app, then recycle the app pool, and refresh the configurator page to see if it worked.

But in the end, even with the strange multi-window config, if I try to use SSL, and change the port to 5049 it gives me that forcibly closed message.

What version of LFDS/STS is this? And can you answer the certificate question?

Its version 10.4.3.246

I have both a self-signed and now I actually put a third-party authority issued SSL cert just for the heck of it. Since I was finding that some users were getting problems with DS when using a self-signed.

So this third-party authority issued certificate is the one I bound using that XMLEndpointUtility.

I also created a DNS entry on the STS server to match the certificate domain name. This way there is no discrepancy about the certificate. Even though, a self-signed works just as well for service connections.

Are you running LFDS/STS as the default Network Service account or an AD service account?

The default, Network Service

Windows Server 2016 or higher?

Windows Server 2016 Standard

Can you post a screenshot of the Forms EndpointUtility config, making sure to redact any hostnames?

Every time I open the Forms Endpoint Utility it is blank, What is that thing anyways? I tried using it to fix the system by opening it and entering the address of the directory server, since it fixed an STS system once before.

We mostly only touch the Forms Config Page, which has all my configurations related to Forms.

I recall that it doesn't autofill with the current config. Try filling it out, making sure to use the FQDN hostname of the LFDS server and leaving the service account field blank (because it's using the default Network Service identity).