You are viewing limited content. For full access, please sign in.

Question

Question

Webtools Agent - Ports

Web Client
Updated August 12
asked on April 27, 2022

Hi,

The ports (18435, 18436, 18437) for Webtools Agent, are these listing ports on the computer where Webtools Agent is running? 

Does these ports needs to be opened on the web server where the Web Access is installed and configured?

I see the Webtools Agent is connecting to an external LF site for certificate validation, is Internet always needed for Webtools Agent to work?   

 

0 0

Answer

APPROVED ANSWER
replied on May 3, 2022

You can edit the hosts file to accomplish this. Edit c:\windows\system32\drivers\etc\hosts and add the following line:

127.0.0.1 plugin.laserfichelocalhost.com

4 0

Replies

replied on April 27, 2022

Web Tools Agent runs on the end-user's machine, and the user's browser connects to it. Those ports don't have anything to do with the server hosting the web client site, so you don't have to do anything with them.

The certificate embedded in the agent has an expiration date, and it will need to download a new one before that time. With the connection blocked, the agent should work fine until the certificate expires, and then stop working, as the browser no longer completes its connection.

0 0
replied on April 27, 2022

Thanks for the reply.  I downloaded the certificate and saved it in the folder where it belongs.  Still without internet connection, it doesn't work.  When internet is working, it works fine.

 

0 0
replied on May 2, 2022

@████████I am suspicious that certificate validation is failing on the machines without internet connections due to an inability to reach Certificate Revocation List URL endpoints.

One method to check: https://docs.microsoft.com/en-us/powershell/module/pki/test-certificate?view=windowsserver2019-ps

0 0
replied on May 2, 2022

That is a possibility, though I think the CRL would be fetched from the CA that issued the certificate and it would be distinguishable from "an external LF site". Also, the only TLS cert the agent would need to validate would be when it connects to the web client server, which it would seem the browser was able to validate that certificate under the same network conditions.

I think the larger point is there are a few things it could be, and it will require some more data gathering to differentiate them.

0 0
replied on May 3, 2022

Hi, I tried running the webtools agent on my VM where I have the WebClient server installed. No firewall or security.  I tried it without internet connection, I am not able to connect the webtool agent without internet.  Please see the attached. 

I followed the following link to get and install the certificate.  Without internet, how does the system validates the certificate?  Am I missing a step?  Do I need to validate the certificate separately and store something else for validation.

https://answers.laserfiche.com/questions/185937/LfWebOffice110-OfficePlugin-Could-not-find-a-valid-certificate#193712

 

 

 

WebToolsAgent without internet.png
WebToolsAgent without internet.png (63.14 KB)
Download
0 0
View 4 previous replies
replied on May 3, 2022

In the Laserfiche web client, Open the browser dev tools (F12) and check the network tab. You should see a request to https://plugin.laserfichelocalhost.com. This domain resolves to 127.0.0.1 (localhost), which could fail if there is no internet (because the DNS lookup would fail).

0 0
replied on May 3, 2022

so, how does it resolve without internet?  Can this tool work without internet?

0 0
APPROVED ANSWER
replied on May 3, 2022

You can edit the hosts file to accomplish this. Edit c:\windows\system32\drivers\etc\hosts and add the following line:

127.0.0.1 plugin.laserfichelocalhost.com

4 0
replied on May 3, 2022

Thank You Robert!

 

0 0
replied on August 10

@Robert Strickland

When I open the link from my machine, it gives an (insecure) warning.

0 0
replied on August 12

You'll want to click on that warning to see the details. The two main reasons for an insecure connection are that the certificate doesn't match at all, or that the certificate has expired (but is otherwise acceptable). The first case is unlikely but possible if you have another application that happens to use the same port that the agent wants to use. For the second case, the agent is designed to be able to update its certificate, but there are network configurations that may prevent that. In that case, the discussion below is relevant. You may want to contact support to help resolve it.

0 0
replied on August 12

I've also seen insecure warnings where the client machine had the GoDaddy G2 root certificate but not the G2 intermediate and thus couldn't validate the trust chain. Normally with internet access the browser downloads the intermediate certificate. Without it, you may need to install the GoDaddy G2 intermediate cert into the Intermediate Certification Authorities certificate store manually.

You can get the G2 intermediate from GoDaddy here: Certificate repository

The easiest way to check that is to go to the https://plugin.laserfichelocalhost.com:$currentPort URL in its own browser tab, if you get a certificate trust error open the certificate properties, go to the Details tab, look at the Certificate Hierarchy section, and if you only see "*.laserfichelocalhost.com" in the list, you're missing the GoDaddy G2 intermediate. If you have it, you should see all three certs in the chain like so:

1 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Attachments
Related Posts
Loading ...