You are viewing limited content. For full access, please sign in.

Question

Question

Quick Fields Server 11 no longer allows connections from Quick Fields Client or Scanning

Quick Fields Version 11 Installation and Upgrades
Updated May 11, 2023
asked on April 21, 2022

We upgraded our Quick Fields Server to 11 from 10 and our QF Clients and QF Scanning can no longer connect to the server.

I found this Answers post which admitted the documentation has not been updated for version 11.  A MAJOR change was implemented in Quick Fields Server 11 where it went from a Windows Service to an IIS Web Service, this change is not in any Release or Change documentation and took me by surprise.  

I restructured my Quick Fields Server URL removing the port number and the connection test is successful in the client and scanning but get errors when attempting to retrieve sessions from the server.

Further research led me to this page in the Version 11 documenting how to configure SSL in Quick Fields Server, I started to follow it but realized that it is still for Version 10 and is not applicable.

In the Quick Fields Client and Quick Fields Scanning the example for the format of the URL to the Quick Fields Server still refers to https://Server:port/quickfieldsapi - which I believe is now incorrect as the port is only used for the Windows Service.

What am I missing to be able to get my Quick Fields Clients and scanning to be able to connect to my Quick Fields Server?

0 0

Replies

replied on October 20, 2022 Show version history

Don't know if this will help in your case or not. After we upgraded from 10.3 to version 11 our users could no longer open sessions stored on the server. I noticed this error in the event log:

Message : Access to the path 'C:\ProgramData\Laserfiche\Quick Fields\Licenses\QFS\activation.xml' is denied.

Since the service is now IIS based I added the IUSR account to the permissions of the QFS folder with read/write access and after that I was able to load stored sessions normally.

1 0
View 4 previous replies
replied on October 20, 2022

Michael, thanks for the suggestion.  I tried it but it didn't solve my problem.  I can't even connect to the Quick Fields server.  I worked with Laserfiche support the other day and we're taking a look at Kerberos configurations as the IIS logs don't show that user credentials are reaching the server.

1 0
replied on October 20, 2022

Can you bring up the admin console?

http://QuickFieldsServerName/QuickFields

Locally? Remotely?

 

0 0
replied on October 20, 2022

I can locally on the server hosting Quick Fields server using https://.  But remotely, I get a browser prompt for credentials.  I enter my credentials and the prompt comes right back - it never lets me in.

0 0
replied on October 21, 2022

That's weird considering it worked fine before the upgrade. I know it's what LF support wants to look at but nothing involving Kerberos should have changed. We do know QF 11 handles TLS differently from 10.3 so I'd be tempted to continue looking there but I don't know if TLS problems could cause this behavior or not. I think if it was a TLS issue then you just wouldn't be able to connect at all and wouldn't get a credentials prompt.

Is testing via http an option? Or do you guys force everything to be https?  If it works via http but not https then you can rule Kerberos out, I would think.

Is doing a complete uninstall/reinstall an option? Or do you have a lot of sessions to export/import? Maybe there's something left over from version 10 in a config file that's messing things up?

0 0
replied on October 24, 2022

Michael - thanks for the help.  I uninstalled & reinstalled the Quick Fields server and still cannot connect and have the same behavior.  I don't see any way to test via http.

0 0
replied on October 27, 2022

Do you have other Laserfiche web applications which require Windows Authentication installed in your organization ? For example Laserfiche Directory Server or Audit Trail, can they be accessed from another machine?

0 0
replied on October 27, 2022

Xiuhong Xiang - yes we do and there are no issues accessing and authenticating to LFDS or Audit trail or Web Client.

 

0 0
replied on April 22, 2022

Do you have Quick Fields Server and Quick Fields Client/Scanning installed on same machine? There is a known bug for Quick Fields Server that when Quick Fields Client/Scanning are installed on same machine. they can not talk to each other. Can you install the Quick Fields Server on a seperate machine as a workaround? The URL for the Quick Fields Server should be https://quickfieldsserverfullname/quickfieldsapi (port is not needed).

We will fix the bug in the planned update for Quick Fields 11.

0 0
replied on April 22, 2022 Show version history

I tried connecting using Quick Fields 11 from a separate machine and I cannot connect to the server.  I get the errors "One or more errors occurred."  and "Connection to the server https://myquickfieldsservername/quickfieldsapi could not be created." I did use my correct Quick Fields full server name.

Is there a log file somewhere to use to troubleshoot?

 

0 0
replied on April 22, 2022

You might try popping into the QF Server Configuration Utility and then the web admin console, just to make sure everything is properly configured and good to go.

Note that if using Windows Authentication for the DB connection, the Application Pool Identity of the web service needs to run as an account that has rights into the database.

0 0
View 5 previous replies
replied on April 26, 2022

I have a service account that has access to the database which is the Application Pool identity.  This all worked prior to the version 11 upgrade.  I can access the Quick Fields Administration Console from the server it is installed on.

0 0
replied on April 26, 2022

Sorry, man, that's super frustrating.

My only other thought is with SSL, which you may have set up but there isn't a lot of discussion in here yet. I'm actually not encrypting in a couple of my environments so it's just http instead of https. You might try that if you're comfortable with it being unencrypted.

Otherwise, where I do have it encrypted, with the QF server being a standard web service it just requires a normal IIS configuration of a recognized cert (as in, cert authority recognized by the QF Scanning workstation) being bound to the default website.

0 0
replied on April 27, 2022

We have a hotfix for the issue that the QFS and QF Scanning are installed on the same machine, you can open a support case to request the hotfix. 

For Quick Fields Scanning, the detail errors can be found from Event Viewer->Windows Logs->Applications.

0 0
replied on April 28, 2022

OK I'll see about the hotfix.

 

In the Event Viewer I'm getting Access Denied errors when I'm attempting to setup and test the connection to the Quick Fields Server from my PC which is a different machine than the QF Server.  I even set myself as an Administrator in the Quick Fields Administration Console.

Timestamp: 4/28/2022 2:36:51 PM

Message: HandlingInstanceID: d873fa27-53df-410a-85cb-fa55fd6a5b83
An exception of type 'System.Net.Http.HttpRequestException' occurred and was caught.
------------------------------------------------------------------------------------
04/28/2022 08:36:51
Type : System.Net.Http.HttpRequestException, System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Message : An error occurred while sending the request.
Source : Laserfiche.QuickFields.Connection
Help link : 
Data : System.Collections.ListDictionaryInternal
TargetSite : Void MoveNext()
HResult : -2146233088
Stack Trace :    at Laserfiche.QuickFields.Connection.HttpRetryHandler.<SendAsync>d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Laserfiche.QuickFields.Connection.HttpConnector.<GetSingleObject>d__57`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Laserfiche.QuickFields.Connection.HttpConnector.<GetRootItemAsync>d__73.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Laserfiche.QuickFields.Services.QuickFieldsServerService.<TestConnection>d__9.MoveNext()

Additional Info:

MachineName : machinename
TimeStamp : 4/28/2022 2:36:51 PM
FullName : Microsoft.Practices.EnterpriseLibrary.ExceptionHandling, Version=6.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
AppDomainName : QuickFields.Scanning.exe
ThreadIdentity : 
WindowsIdentity : domain\username
	Inner Exception
	---------------
	Type : System.Net.WebException, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
	Message : The remote server returned an error: (401) Unauthorized.
	Source : System
	Help link : 
	Status : ProtocolError
	Response : System.Net.HttpWebResponse
	Data : System.Collections.ListDictionaryInternal
	TargetSite : System.Net.WebResponse EndGetResponse(System.IAsyncResult)
	HResult : -2146233079
	Stack Trace :    at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
	   at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)

		Inner Exception
		---------------
		Type : System.ComponentModel.Win32Exception, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
		Message : The target principal name is incorrect
		Source : System
		Help link : 
		NativeErrorCode : -2146893022
		ErrorCode : -2147467259
		Data : System.Collections.ListDictionaryInternal
		TargetSite : Byte[] GetOutgoingBlob(Byte[], Boolean, System.Net.SecurityStatus ByRef)
		HResult : -2147467259
		Stack Trace :    at System.Net.NTAuthentication.GetOutgoingBlob(Byte[] incomingBlob, Boolean throwOnError, SecurityStatus& statusCode)
		   at System.Net.NTAuthentication.GetOutgoingBlob(String incomingBlob)
		   at System.Net.NegotiateClient.DoAuthenticate(String challenge, WebRequest webRequest, ICredentials credentials, Boolean preAuthenticate)
		   at System.Net.NegotiateClient.Authenticate(String challenge, WebRequest webRequest, ICredentials credentials)
		   at System.Net.AuthenticationManagerDefault.Authenticate(String challenge, WebRequest request, ICredentials credentials)
		   at System.Net.AuthenticationState.AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials authInfo)
		   at System.Net.HttpWebRequest.CheckResubmitForAuth()
		   at System.Net.HttpWebRequest.CheckResubmit(Exception& e, Boolean& disableUpload)



Category: General

Priority: 10

Severity: Error

Title:Quick Fields Scanning

Is there something else that needs to be configured in IIS to enable access?  I checked the Web Site and it has Windows Authentication Enabled.  

0 0
replied on May 9, 2022

The internal error message is "The target principal name is incorrect" which may related to some network configuration. Please open a support case and provide detail information for the further investigation: the full qualified machine names for Quick Fields Server and Quick Fields Scanning, video to show the configurations and illustrate the reproduce steps etc. 

0 0
replied on June 10, 2022

Hello Craig,

Checking with you to see if you found a resolution to the "The target principal name is incorrect" error.

We have a customer who is getting this same error when testing their WF Server Connection in the Forms Configuration.

Appreciate any feedback you might have.

Jeff Curtis

0 0
replied on June 10, 2022

Jeff,

No, I do not have a resolution yet.  My VAR has opened a case with LF and has sent all the info requested.

I installed the Quick Fields 11 update which was recently released and it had no affect.

 

 

1 0
replied on June 10, 2022

Thanks Craig

0 0
replied on May 11, 2023

I think I might have a clue as to why this isn't working for me.  We are using SSO so have Kerberos setup as a two-hop configuration.  Quick Fields server is installed on the server we have configured as the 'back-end' server so the clients won't connect.  So I installed Quick Fields server on the server that is configured as the Kerberos 'front-end' server and the clients then are able to connect to the Quick Fields server.

Does this make sense with the two-hop Kerberos configuration we have?  That we need to have Quick Fields server installed on the 'front-end' server in order to be able to connect to it?

 

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...