You are viewing limited content. For full access, please sign in.

Question

Question

Repository Profile No Longer Authenticating

Forms
Updated 10 hours ago
asked on January 29 Show version history

We have a Forms environment that has been using an Active Directory account to save forms into Laserfiche successfully for years. This server is publicly facing but has both the IIS site and routing service on the same server.  The customer has blocked NTLM traffic between servers (both internal and external). This change stopped the Desktop Client and Windows Client from authenticating and we had to move both to LFDS authentication.  While their Forms is not authenticating via LFDS, it is still allowing users to log in and submit/approve forms without issue.  However their submitted Forms are suspending when they attempt to save to the repository.

When I attempt to update the profile used by the task, I receive a "Failed to verify the repository: The user account name or password is incorrect. [9010]" error.  

  1. Does Forms use NTLM when authenticating with the Laserfiche server when it is saving them into the repository via the service task?
  2. If so, how can we set them up to use LFDS for authentication or is there a different method we should be using when saving documents into Laserfiche?
  3. Has anyone ran into something similar and have a work-around or different idea of what may be causing this if NTLM is not the issue?

For now I have created a Laserfiche repository account and it is successfully saving using that but I do not want a local Laserfiche repository account as the long-term solution.

0 0

Replies

replied 22 hours ago Show version history

Re: "If so, how can we set them up to use LFDS for authentication or is there a different method we should be using when saving documents into Laserfiche?"

I never use AD accounts for Save to Repository service task profiles. Instead, create a repository or Directory Server "Laserfiche" user to act as a Forms service account. I usually name the account "Forms", or sometimes a variant like "Forms-Dev" or "Forms-$RepoName" if relevant. This account doesn't need a named user license - Forms provides a special license-free connection for repository connections just like Workflow. Grant the account the minimum repository permissions it needs to create documents, write metadata, etc.

Set up a System-level Repository Profile for each repo with that account (or accounts) and migrate all processes to using them. See: Getting Started with Repository Profiles

Done. No Windows Authentication/Kerberos/NTLM complications.

Re: "but I do not want a local Laserfiche repository account as the long-term solution."

Why? Using a repository or Directory Server Laserfiche account is my preferred and default permanent setup.

1 0
replied 10 hours ago

We can definitely use the local accounts.  Back in the day when we had to use repository accounts, you had to have a license associated with the repository account for it to save to Laserfiche.  I didn't know that whatever account is associated with the save to Laserfiche service task will get a "free" full license like Workflow.  That solves that issue and removes the NTLM issue. Thanks!

1 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...