You are viewing limited content. For full access, please sign in.

Question

Question

Laserfiche 12 Installer - Error Selecting LFDS for Licensing

asked on May 3 Show version history

I've upgraded LFDS to LF12 (12.0.2503.265) and everything appears to be functioning correctly, so I was trying to install one or two other things.  But I'm getting an error in the installer when trying to configure it to do licensing from LFDS.

I guess it's not completely clear what it is expecting here.  I'm listing the URL that we have set-up for that server and the website that LFDS set-up.  I can browse to LFDS using these values as the address, but it doesn't like it here.

The error message says to check my LFDS configuration, but it isn't clear what part of the configuration it is referring to.

The help documentation for the installer also doesn't include much helpful information regarding what is expected here.

1 0

Answer

SELECTED ANSWER
replied two days ago

Found the solution.

Thank you to @████████ from CDI for helping figure this out.

When our SSL Cert was last replaced, I had neglected to update it in the XmlEndpointUtility.exe configuration for Directory Server (C:\Program Files\Laserfiche\Directory Server\XmlEndpointUtility.exe).

Once we did that, we were able to get the installer to connect without any errors.

 

 

2 0

Replies

replied on May 4

I've been unsuccessfully fighting the same issue; Directory Server 12 is installed, running, and properly licensed and communicating with laserfiche.com's licensing servers, but any attempt to install Laserfiche Repository Server 12 , LF Forms 12, etc., gives us the same error "Could not connect to Laserfiche Directory Server". What I find laughable is that this even happens if you try using localhost when installing from the same server directory server runs on.

I'm on day 2 now of fighting this, and laserfiche support is no where to be found. I'm not going to sacrifice my weekend anymore on trying to understand their shotty documentation and obfuscated licensing processes, and rolled us back to running LF 11 w directory server 12. 

If you do solve this, please post the fix here, and if I find the solution, I will do the same.

- Rick 

1 0
replied on May 5

Did you open a support case with your Solution Provider?

0 0
replied on May 5

Not yet - LFAnswers to help me solve my own problem is always my go-to, but a support request with CDI will be my next step.

0 0
replied on May 5

It was more of a question for Rick since he seemed so frustrated.

0 0
replied on May 5

No Blake, my var is not the best at resolving things in a timely manner, especially at 12am, shocking, right? However, I have tracked down the issue myself, and I'll share what i found: Certificates are the issue, LF 12 is much more stringent on certificates, mainly the certificate used for the SCIM Service used for DS communication appears to have the following requirements:

1. Subject (Common Name) must match the hostname used to access LFDS, alternative names must include additional DNS names like localhost.

2. Enhanced Key Usage (EKU) must support Server Authentication and Client Authentication. Certificates with only Server Authentication will not be accepted by Laserfiche SCIM.

 

Without a compliant certificate, the SCIM binding fails and Laserfiche 12 installers are unable to complete setup or license validations.

 

0 0
replied on May 5

Here is a link to the certificate requirements for LFDS: Certificate Types & Requirements for Laserfiche Directory Server. That being said I know that there was a new option added to the STSEndpointUtility for "Cookie Protection" and allows you to set a "Cookie handler". There are specific requirements for certificates depending on the option you choose for the Cookie handler, but it doesn't look like the page I linked to has been updated with that information. I don't know if that is related to any of the issues you are seeing Rick but thought I would share just in case.

0 0
replied on May 5 Show version history

This option (connecting the main Installer to LFDS) is for convenience only, so if you select "Proceed without activation", you can manually license the products after installation and continue troubleshooting later, when it's not time sensitive.

For Forms and the Web Client, which currently still have the older installation UI, you can specify the Directory Server during install. This would actually be a good troubleshooting step: if these applications' installers can reach Directory Server from the same machine, we may have a bug in the new Installer.

For the Laserfiche Server, you can manually download the license from Directory Server and put it into the install directory.

For reference: the SCIM service is not involved in this connection, nor is the STS. It is using Windows Authentication for the current user, so the current user needs to have access to Directory Server. 

There is no manual certificate configuration that is required for authentication from the installer: the encryption is handled via the standard HTTPS configuration for Directory Server. One quick check: try logging in to Directory Server from a browser on the machine where you are running the installer, using the same FQDN as when you were attempting to configure and the current user windows credentials if prompted. If you get any certificate warnings or fail to login, then that indicates an IT-type issue (invalid cert or unusual IIS settings)

0 0
replied on May 5

Yeah, "Proceed without activation" was what I ended up doing in order to get anything installed.

When on the same machine that LFDS is installed, I can't browse to LFDS with the FQDN, only with localhost, but the installer doesn't work with localhost either.

On a second server, I can connect using the FQDN, but the installer still doesn't like it there.

1 0
replied on May 5 Show version history

Hey Matthew!

I'm not sure if this is the answer or not, but I suspect the name of your licensing server might be entered incorrectly in the field you screenshotted - this is what ours looks like:

Is the value you're putting in the one that you see from the dropdown in LFDS (I put a box around our value)? that's what you'd want to be putting in the "Licensing Site Name" field, if I recall correctly.

0 0
replied on May 5

No, that part for mine just says LFDS.

The server listed there is the machine name, not the URL we have set-up for it, which doesn't surprise me, but even trying to use that instead of the URL doesn't work (I tried machine, domain\machine, and machine.domain.local with no success either).

I'm going to open a ticket with our solution provider.

1 0
replied on May 5

fair enough! hopefully they can assist. I think we had an issue with our connection too but it was a little different (showed up in the admin hub). 

0 0
replied on May 5

Yeah, Admin Hub isn't working for me either - I have another LFAnswers post right after this one for that issue.  I've opened tickets with CDI for both issues.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.