You are viewing limited content. For full access, please sign in.

Question

Question

Windows Authentication fails when connecting client to server via SSL

Laserfiche Administration
Updated March 25, 2019
asked on April 21, 2015

We have a working Server that we are trying to enable SSL communication with the thick client. We have a valid 3rd party cert from Godaddy installed and being used on IIS on the LF server for the web products. All is well. I've tried to enable SSL on the server via the instructions. The netsh command to add the thumbprint of the cert fails with "the file already exists" or something like that. If I add the SSLPort registry entry and restart the service I can connect via a client IF I LOGIN WITH A LF USER. If I use Windows Auth it fails with unknown user or password. The same server does windows auth just fine over port 80.

Server is 9.2.x.

The only unusual thing is I do port mapping on my firewall so external port 444 maps to 443 internally. On the client I attach the repository using servername.com:444 and check use ssl. the Repositories list in the drop down just fine but if I use Windows auth it doesn't work.

0 0

Replies

replied on April 21, 2015

I should add that the users are LF users with Windows Accounts mapped to them. Again, it works fine on port 80. It also works fine if I provide LF authentication for the same users instead of Windows auth.

0 0
replied on April 21, 2015

This is very strange, please open a support case so we can get the logs needed to diagnose the problem.

0 0
replied on April 21, 2015 Show version history

You noted "The only unusual thing is I do port mapping on my firewall so external port 444 maps to 443 internally. On the client I attach the repository using servername.com:444 and check use ssl. the Repositories list in the drop down just fine but if I use Windows auth it doesn't work."

Is the client in the same domain as the Server? Why would you need to do port mapping?

If you manually type in the login information (e.g. domain\username) in the username field of the client and then put in the password for the account, does windows authentication work?

0 0
replied on April 29, 2015

Raymond,

We do port mapping because we are using our external WAP IP port 443 for other applications. I am connecting a client to the external FQDN of our router and logging in from remote locations with the client.

The clients are at remote locations and we wish to securely use the full client.

No, if I select Laserfiche authentication and enter domain\username and password it rejects the name and password the same as selecting Windows Auth.

0 0
replied on April 29, 2015

Is the LF client that you are using inside the same domain that the Laserfiche server is in or outside of it?

0 0
replied on April 29, 2015

In the same domain.

0 0
replied on April 30, 2015

Please open a support case so we can get the logs needed to diagnose the problem.

0 0
replied on March 25, 2019

I know this was a while back, but was there ever a solution found to this issue?

I am having the exact same issue with the LF Desktop Client version 10.3 failing to authenticate Windows accounts over SSL. Web Client, Forms, Import Agent, etc. authenticate Windows accounts over SSL fine, and the LF Desktop Client will authenticate Windows accounts when NOT using SSL; LF repository users work over SSL, but not Windows accounts.

Any update is appreciated!

0 0
replied on March 25, 2019

Hi Dustin, this was many years ago but I can say that other implementations with newer versions have not given us this problem. I would suggest reaching out to support.

1 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...