Quantcast
Channel: GlobalSCAPE Knowledge Base
Viewing all 479 articles
Browse latest View live

After installing a CUCM v9.1 patch, CUCM no longer communicates with the SFTP server

July 10, 2014, 3:19 am
Search

EFT Administration Interface Times Out While Running AS2 Outbound Settings Test

July 10, 2014, 3:35 am
$
0
0

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT version 7 in an active-active clustered environment

SYMPTOM

When running the AS2 Outbound Settings test with a DMZ proxy defined, if the proxy goes offline, the EFT administration interface times out with the message "A connection timeout occurred while waiting for the Server to reply."

RESOLUTION

Restart the server service on all nodes.

Enabling FIPS-Compliant Mode for the OpenPGP Module

July 10, 2014, 3:50 am
$
0
0

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT version 7 and later

DISCUSSION

Some organizations require that file transfers are restricted to FIPS-approved algorithms. The library used by our OpenPGP module is not restricted to only FIPS-compliant cryptography. However, you can add a registry setting to EFT to restricts the OpenPGP module to use only FIPS-compliant cryptography that is available in the library.

The registry setting described below, when present and the DWORD value is set to non-zero, will configure the OpenPGP library to use FIPS-compliant cryptography only.

To enable FIPS-compliant mode for the OpenPGP module

32-bit OS:

[HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE Inc.\EFT Server 4.0\Config\]

64-bit OS:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GlobalSCAPE Inc.\EFT Server 4.0\Config\]

DWORD: OpenPGPFIPSCompliantAlgorithmsOnly

  • 0 = not FIPS only
  • 1 = FIPS-compliant cryptography only
  • Default when not specified = 0 (not FIPS-only cryptography)

The table below lists the algorithms available for each mode.

FIPS compliant mode

Non-FIPS mode

=Symmetric Encryption Algorithms=
3DES (192-bit key)
AES256 (256-bit key)
AES192 (192-bit key)
AES128 (128-bit key)

=Symmetric Encryption Algorithms=
3DES (192-bit key)
CAST5 (128-bit key)
AES256 (256-bit key)
AES192 (192-bit key)
AES128 (128-bit key)
BLOWFISH (128-bit key, 16 rounds)
TWOFISH (256-bit key)
IDEA (128-bit key)

=Hash Algorithms=
SHA1
SHA256
SHA384
SHA512
SHA224

=Hash Algorithms=
SHA1
MD5
SHA256
SHA384
SHA512
SHA224
RIPEMD160

=Asymmetric Algorithms=
RSA (512-bit ~ 4096-bit key)
DSA (512-bit ~ 4096-bit key, Sign-Only)

=Asymmetric Algorithms=
RSA (512-bit ~ 4096-bit key)
DSA (512-bit ~ 4096-bit key, Sign-Only)
Elgamal (512-bit ~ 4096-bit key, Encrypt-Only)

=Compression Algorithms=
zip (RFC1951)
zlib (RFC1950)
bzip2 (BZ2)
none

=Compression Algorithms=
zip (RFC1951)
zlib (RFC1950)
bzip2 (BZ2)
none

Windows Registry Settings (EFT Server)

July 10, 2014, 4:00 am
$
0
0

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT Server version 4.x and later and EFT Server Enterprise version 6 and later

DISCUSSION

EFT Server stores its configuration information in the Windows Registry, which contains profiles for each user of the computer and information about system hardware, installed programs, and property settings. EFT Server modifies the system registry as needed, and continually references this information during operation.

To add a key to the registry, you can either edit it directly or create and execute a .reg file. When you add or edit these registry keys, you will need to restart EFT Server.

These options are for advanced users only. Incorrectly editing the registry can severely damage your system. You should always back up (export a copy of) the registry before you make any changes to it.

Some paths are HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE Inc.\EFT Server 3.0\, and others are HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE Inc.\EFT Server 4.0\. Do NOT change the path to match your version of EFT Server.

The registry keys described at the links below are available in EFT Server for advanced system administration.

The instructions below are provided only as a reminder for advanced users.

If you are not experienced with editing the Registry, please ask your system or network administrator for assistance.

To backup the registry

  1. Click Start, then click Run. The Run dialog box appears.
  2. In the Open box, type regedit, then press ENTER. The Registry Editor appears.
  3. Do one of the following:
    • To backup the entire registry, click My Computer.
    • To backup a specific group of keys or a specific key, click the folder or key.
  4. On the main menu, click File, then click Export. The Export Registry File dialog box appears.
  5. Specify a name and location for the file, then click Save. The export process begins.

    If you are exporting the entire registry, it can take a few minutes, and the file size can be up to 100 MB or more. If you are exporting just one key, the file size is approximately 1 KB.

  6. After you edit the registry, if you are experiencing problems caused by editing the registry, you can import the backed up file:
    1. On the main menu, click File, then click Import. The Import Registry File dialog box appears.
    2. Click the .reg file to import, then click Open. The import process begins. If you are importing the entire registry, it can take a few minutes.

To create a .reg file

  1. In a text editor, such as Notepad, type or paste the following text on the first line:

    Windows Registry Editor Version 5.00

  2. On the second line, type or paste the key path. For example, type:

    [HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE Inc.\EFT Server 4.0\EventRules]

    (include brackets)

  3. On the third line, type or paste the name of the key and the value (DWORD) for the key. For example, type:

    "FolderMonitorWorkerThreadCount"=dword:00000100

    (include quotation marks)

  4. Close the file and save it with a .reg extension. For example, type:

    threadcount.reg

  5. Double-click the file and follow the prompts to install the key into the registry. If you receive an error, open the file to verify the information was typed correctly. The .reg file can be transported to and used on other computers.

To create the key manually

  1. Click Start, then click Run. The Run dialog box appears.
  2. In the Open box, type regedit, then press ENTER. The Registry Editor appears.
  3. Expand the My Computer node, the HKEY_LOCAL_MACHINE node, and the SOFTWARE node to find the GlobalSCAPE nodes.
  4. Click the applicable GlobalSCAPE node (as described below), then right-click it, point to New, then click Key. This makes a new folder under the GlobalSCAPE node.
  5. Type a name for the key based on the instructions below, then press ENTER.
  6. Right-click the key, point to New, then click DWORD Value.
  7. Type a name for the DWORD value based on the instructions below, then press ENTER.
  8. Double-click the DWORD. The Edit DWORD Value dialog box appears.
  9. In the Value data box, type an integer, based on the instructions below, then click OK.
  10. Close the registry, then restart the Server service.

Some of the keys should be created in the EFT Server 3.0 folder, and some should be created in the EFT Server 4.0 folder. Do NOT change the path to match your version of EFT Server.

Unable to rename or delete Usr, Bin, or Pub folders through the VFS manager in the administration interface

July 11, 2014, 1:51 am
$
0
0

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT Server, all versions
  • In EFT v7, you can rename these folders, but you cannot delete them in the VFS in any version.

SYMPTOM

Unable to rename or delete Usr, Bin, Incoming, or Pub folders through the VFS manager in the administration interface.

You can delete the Bin, Incoming, and Pub folders in the Windows file system if you have no use for them. The Usr folder is where your users' folders are stored.

RESOLUTION

EFT does not allow removal or renaming of special folders in the administration interface, because user folders are saved in these reserved paths.

Changes in COM API from v6.0 and later

July 17, 2014, 5:02 am
$
0
0

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT Server Enterprise version 6.0 and later

(no changes to COM were made for 6.4.10)

DISCUSSION

The attached spreadsheet lists which of the interfaces, properties, methods, and enums in the COM API were added or modified. Use this reference to guide you when you upgrade EFT Server to verify your scripts and make changes, if any. Refer to the COM API Reference for details of the changes:
http://help.globalscape.com/help/gs_com_api/index.htm.

Officially Supported Products and EOL Dates

July 30, 2014, 12:43 am
$
0
0

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • All Products

SUPPORTED PRODUCTS

Technical support is provided in accordance with the GlobalSCAPE End of Life (EOL) and Support Life Policy. The following products are supported to the extent specified. Products not listed are no longer supported.

FULL SUPPORT (Provided from the time of GA release until the End of Life or EOL2 date.)

  • EFT Server 7.0 (GA release was Jul. 03, 2014)
  • EFT Server Enterprise 7.0 (GA release was Jul. 03, 2014)
  • DMZ Gateway 3.3 (GA release was Dec. 14, 2012)
  • Mail Express 4.0 (GA release was Jan. 28, 2014)
  • WAFS/CDP 4.3.0 (GA release was Apr. 02, 2014
  • CuteFTP Professional 9.0 (GA release was Nov. 28, 2012)
  • CuteFTP Mac Professional 3.1 (GA release was Apr. 28, 2010)

FULL SUPPORT (Wind-down Period1) (During the Wind-down Period, for Cases that are not Severity One Issues, GlobalSCAPE will typically either (i) provide an existing Bug Fix, (ii) address the issue through a regularly scheduled Maintenance Release to the current Major Release of the Licensed Software product for which EOL has not occurred, or (iii) delay resolution and determine whether it will address the issue in its normal development of future Releases. The Wind-down Period extends 6 months maximum after EOL2.)

  • EFT Server 6.5 (EOL release was Jul. 03, 2014, Full Support (Wind-down Period) ends Jan. 03, 20153.)
  • EFT Server Enterprise 6.5 (EOL release was Jul. 03, 2014, Full Support (Wind-down Period) ends Jan. 03, 20153.)
  • WAFS/CDP 4.2 (EOL release was Apr. 02, 2014, Full Support (Wind-down Period) ends Oct. 02, 20143.)

PARTIAL SUPPORT (With Partial Support, our technical support engineers provide customers with known Bug Fixes, existing Maintenance Releases, or access to online self-help resources in response to requests for assistance. Partial Support will be subject to the availability of resources and may be limited as GlobalSCAPE determines in its sole discretion. The Partial Support period extends 12 months after GA Date4 or 6 months after wind-down period, whichever is greater.)

  • Mail Express 3.3 (Wind-down Period) ended Jul. 28, 2014 - EOSL5 will be Jan. 28, 2015.)
  • WAFS/CDP 4.0 (Wind-down Period) ended Feb. 22, 2014 - EOSL5 will be Aug. 22, 2014.)

For more information about Support Levels or Support Periods, please browse to the GlobalSCAPE End of Life (EOL) and Support Life Policy.

1 The Wind-down Period is the period (6-months maximum) immediately following End of Life, or EOL.

2 End of Life, or EOL, for any Major Release and its Maintenance Releases shall be the date of the release of the subsequent Major Release.

3 Or earlier in the case of an expedited Wind-down Period which is defined in the GlobalSCAPE End of Life and Support Life Policy.

4 The GA Date is the date when a new Major Release is made generally available commercially.

5End of Support Life, or EOSL, means when GlobalSCAPE ceases providing Full or Partial Support for a particular Licensed Software product.

How do I archive historical data from ARM in a manner that allows access to reports and visibility of the archived data?

August 12, 2014, 12:28 am
$
0
0

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • version 6.x and later

QUESTION

How do I archive historical data from ARM in a manner that allows access to reports and visibility of the archived data?

ANSWER

A database utility (DButility.exe) is included as part of the EFT installation. The "PURGE" option can be used to trim data with a historical database to include data for a specific period.

The instructions below explain how to:

  • Ensure all transaction data is retained
  • Provide reporting capabilities on archived data
  • Reduce the size of the production ARM database
  • Create yearly archived ARM databases

Assumptions

  • EFT and ARM are being used to capture transactional data
  • SQL Server is hosting the ARM data
  • Business has sufficient storage for the ARM archives
  • Production ARM data spans multiple years

Create ARCHIVED database copies

  1. Create a copy of the production ARM database and name it to indicate ARCHIVED data.
  2. Using DBUtility.exe on the production database, purge all data EXCEPT for the current year.
  3. Create a copy of the ARCHIVED database for each year of data included, and name each database to reflect the ARCHIVE-YEAR.
  4. Use the DBUtility.exe to purge or trim each ARCHIVE-YEAR database to contain only data for that specific year.

Copy and Edit Report Connection Strings

Now that you have individual databases containing historic ARM data by year, you can create reports to match. From within the VSReport Designer, copy and edit the connection string for each report needed to query archived data.

  1. Create copies of Globalscape reports needed for each archived database.
  2. Edit report connection strings for each archived database.
  3. By default, the ConnectionString information included is for the production database, click the database icon to edit and define the connection string. The Data Link Properties dialog box appears.
  4. Edit the string to match the archived database name. For example:

    5. provider=SQLNCLI10;server=mysqlserver;database=ARM-ArchiveDB2012;UID=armadmin;Pwd=xxxxx;

  5. Save the reports with the new connection strings.
  6. Distribute reports to users as needed.
  7. Repeat the process to regularly to maintain a consistent archiving strategy.

This process can be adapted to cover shorter or longer time spans. Archives can be created monthly, quarterly, and yearly, as needed.

Example Strategy by Data Age

Suppose your business must retain 1 year of transactional EFT data within the production ARM and must retain all transactional data in archive for an additional 4 years. After the data ages to 5 years, the database can be purged or deleted. This can be achieved by creating an ARM database for each year.

With ARM data segregated by year in unique databases you have the following storage options:

  • 1 year in production
  • 1 year on local network storage – reportable, but not active
  • 3 years of offline – offsite inactive historical

Example Strategy by Database Size

Determine an optimal SQL database size based on the volume of your transactional data and SQL Server resources. For this example, suppose the business has determined that 100 GB is the optimal size. Create two copies of the current production database.

  • Copy and purge the production database
  • Label your copies in a meaningful manner
  • Purge data from each copy in chronological order
    • ARM – production 20 GB
    • ARM 1 – oldest archive 100 GB
    • ARM 2 - archive 100 GB
    • ARM 3 - newest archive 100 GB
    • ARM 4 – next archive (when prod exceeds 100 GB)
Follow standard SQL Server tuning guidelines provided in the database vendor documentation to maintain a healthy database.

MORE INFORMATION

Refer to the following online help and knowledgebase articles for more information:

Search

Unable to upload a photo to Facebook

August 18, 2014, 2:29 am
$
0
0

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • TappIn, all versions

SYMPTOM

Unable to upload a photo to Facebook.

RESOLUTION

  1. Log in to Facebook.
  2. Create photo album.
  3. Attempt the upload again.

Now you should be able to upload photos without errors. You can also create new albums from withing TappIn.

How Do I Automate Outbound AS400 Data Feeds?

August 18, 2014, 9:33 pm
$
0
0

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT Enterprise, version 6.x and later

QUESTION

How Do I Automate Outbound AS400 Data Feeds?

ANSWER

Suppose a business needs to transfer sensitive data to external trading partners. The data is stored internally and processed by an AS400. The AS400 outputs a data file that must be sent to the proper external trading partner using a secure protocol. The AS400 will connect to the Globalscape EFT server, but will have no exposure to the Internet or external client sites.

Requirements

  • Ensure all files are sent to the correct trading partner.
  • Files will be delivered into the proper folder location on the external site.
  • Audit all transactions within the process.
  • The file transfers need to be secure.
  • Must process in real time.
  • Allow the AS400 to uploads files and trigger rules.
  • Create an archived copy of each file with a date and time stamp appended to the file name.
  • Send internal and external email notifications success and failure.
  • PGP encryption is not required.
  • Do NOT allow the AS400 and IFS exposure to the external network.

Assumptions

  • AS400 is configured to use SFTP on the internal network.
  • In this use case, SFTP is used for any available file transfer protocol.
  • Transfers from AS400 to Globalscape will be scheduled and automated outside of EFT.

EFT Environment

  • Globalscape EFT Enterprise 7.0.0.28 (Active – Passive)
  • Globalscape DMZ Gateway®
  • Windows 2012 Server
  • One site defined for internal and external connectivity
  • Many external SFTP connections

Solution Overview

We want to ensure that files are delivered to the correct external trading partner and will be uploaded into the correct external folder. This solution uses the File Uploaded Event with three Conditions to invoke an Event Rule. The file will be uploaded by the AS400 EFT user account to a specific virtual folder, and must match a filename mask.

  • File Uploaded Event– Ensures that only uploaded files trigger the move.
  • If Login Name Is Condition– Ensures that only the AS400 account can send files to this client
  • If Virtual Folder Names does match Condition – Segregates the logic by creating client-specific folders. Allowing the first two triggers to be used for multiple outbound rules.
  • If File Name does match Condition – Using filename masks as the fourth trigger gives you a lot of flexibility. Files can be routed to a targeted folder or multiple external servers based on file names.

The combination creates a process that prevents files from accidently being sent to the wrong location by the wrong user or process. This process can be edited to use the If user is a member of a group Condition to replace the If Login Name Is Condition. Physical folders can be used for the If Virtual Folder Names does match Condition. However, virtual folders provide more flexibility. This scenario is not required, but provides a good foundation for building logical filters to trigger events. You can simply apply Events and Conditions that match your requirements and use as many or few as needed.

EFT account for AS400 - Establish the primary upload account that will be configured on the AS400’s SFTP session to the EFT platform. In this case, the account name is AS400. If you have many AS400’s sending files to EFT, this rule can be configured using a list of accounts or a group of users. Each account needs to have access to the outbound folders, so you may want to use virtual folders. Additionally, it is always best practice to use key-based authentication with service accounts.

“Outbound” folder structure – To define the virtual folder name, create an outbound folder system that can be accessed by the AS400 user account. As new Event Rules are added to the site, the folder you create will be populated with unique folders for each outbound feed. The AS400 will need to upload files into the proper outbound client subfolder.

MORE INFORMATION

Refer to the attached PDF for details of how to build the Event Rule.

"NO DATA" is displayed in the BAM transactions list

August 28, 2014, 3:04 am
$
0
0

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT, version 7.0.0

SYMPTOM

"## NO DATA ##" is displayed in the BAM transactions list.

RESOLUTION

Contact Support or your account manager to get the latest version of BAM. Versions of BAM prior to version 3.5 do not function properly with EFT version 7.0.0.

MORE INFORMATION

  • It is strongly recommended that EFT v7.0.1 is used for proper operation of BAM. If you are currently using EFT v7.0.0, you should upgrade to 7.0.1.
  • BAM 3.5, which supports EFT 6.4, 6.5, and 7, improves the BAM upgrade experience, seamlessly handling all aspects of the upgrade (except the database schema), including retaining all configuration automatically. No longer will customers need to remember to download a configuration backup, uninstall, and install the new version, and then restore configuration from the backup.
  • For more information about BAM, refer to the online help at http://www.accolm.com/documentation/globalscape-bam/.

How can I set the Web Transfer Client (WTC) to default to the HTML5 version instead of the Java-enabled version?

September 2, 2014, 9:52 pm
$
0
0

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • version 7.x and later

QUESTION

How can I set the Web Transfer Client (WTC) to default to the HTML5 version instead of the Java-enabled version?

ANSWER

The EFT administrator can edit a file in the EFT installation folder to make the HTML5 version of the WTC the default login (the Java-enabled version check box would be cleared by default), or remove the check box altogether.

Instead of making changes to files in the \web\public\EFTClient\ folder, copy and paste the \EFTClient\ folder into the \web\custom\ folder. Then only make changes to files in the \web\custom\EFTClient\ folder.

To make the HTML5 version the default

If you want to make the HTML5 version of the WTC the default, but still allow end users to choose the Java-enabled version, you can clear the check box using the procedure below.

  1. In the WTC Login dialog box, the code that displays the Use Java enabled version check box is in C:\Program Files (x86)\Globalscape\EFT Server Enterprise\web\public\EFTClient\Account\Login.htm.Create a copy of Login.htm and paste it into:

    2. C:\Program Files (x86)\Globalscape\EFT Server Enterprise\web\custom\EFTClient\Account\

    (You will have to create the \EFTClient\ and \Account\ folders if you haven't already.)

  2. In \web\custom\EFTClient\Account\Login.htm, between {{#CLIENT_CHECKBOX_SECTION}} and {{/CLIENT_CHECKBOX_SECTION}}, remove the following code:

    3. checked="true"

    (Make sure there is only one space left, not two.)

    The checkbox will no longer be selected and the HTML5 version of the WTC will appear after login.

To remove the "Use Java enabled version" check box

You might not want end users to be able to select the Java-enabled version of the WTC. In that case, you can remove the check box and text using the procedure below.

  1. In the WTC Login dialog box, the code that displays the Use Java enabled version check box is in C:\Program Files (x86)\Globalscape\EFT Server Enterprise\web\public\EFTClient\Account\Login.htm.Create a copy of Login.htm and paste it into:

    2. C:\Program Files (x86)\Globalscape\EFT Server Enterprise\web\custom\EFTClient\Account\

    (You will have to create the \EFTClient\ and \Account\ folders if you haven't already.)

  2. In \web\custom\EFTClient\Account\Login.htm, completely remove the code from {{#CLIENT_CHECKBOX_SECTION}} to {{/CLIENT_CHECKBOX_SECTION}}.

    3. The checkbox and text will no longer be displayed and the HTML5 version of the WTC will appear after login.

To restore the "Use Java enabled version" check box

  • If you decide you want to restore the check box, copy the (unedited) Login.htm file from \web\public\EFTClient\Account\ and paste it over the one that you edited in \web\custom\EFTClient\Account\.

Note that any customizations you make to the WTC will have to be recreated when you upgrade.

The server issued one or more cookies that did not have the HttpOnly flag set

September 8, 2014, 2:59 am
$
0
0

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT Server, version 6.4.0 and later
  • Mail Express, version 3.x and later

SYMPTOM

The server issued one or more cookies that did not have the HttpOnly flag set.

RESOLUTION

The server designates all cookies as HttpOnly where applicable; however, EFT Server’s design requires that a certain number of its cookies be accessible by EFT Server’s client side JavaScript; therefore, those cookies do NOT have the HttpOnly flag set.

You should also note that setting the HttpOnly flag does not guarantee that a cookie cannot be read by an attacker. Researchers have found at least one method to beat the HttpOnly flag using a technique called Cross Site Tracing (XST), which exploits the HTTP TRACE method. The good news is that EFT Server’s HTTP engine does not support the TRACE method, thus rendering that particular attack vector nil (at least for those cookies protected by the HTTPOnly flag).

MORE INFORMATION

The purpose of the HttpOnly flag is to signify to the browser to not allow Javascript to access a particular cookie that contains sensitive information. Most commonly this is seen for a session cookie, because gaining this value will allow impersonating the user. Mail Express already uses the HttpOnly flag for the session cookie. Additional cookies are used; however, they don’t contain sensitive information, just items to improve user experience. Also note that the HttpOnly flag does not guarantee that a cookie cannot be read by an attacker. Researchers have found attack vectors that can exploit it.

Cookies that do not have the HttpOnly flag set can be read by JavaScript. Should an XSS vulnerability exist on the site, an attacker could use JavaScript to read the session cookie and subsequently impersonate the user. The server administrator should continue to educate users on phishing and other scams that may result in an XSS type of attack. Prevention is the best cure in this case.

Deploy the Mail Express Outlook Add-In with the User Interface Visible by Default

September 11, 2014, 3:43 am
$
0
0

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • Mail Express v4.x and later

DISCUSSION

In a standard installation, the Mail Express Outlook Add-In interface is initially hidden from the user. This is intended to accommodate those users who may not react well to even the slightest change. However, many users appreciate the added productivity when fully leveraging Mail Express, which requires some use of the simple and intuitive Mail Express user interface. While choosing to display the Mail Express user interface is quick and easy, some organizations may prefer to deploy the Mail Express Outlook Add-In with the user interface already enabled in order to save their users that step and avoid any questions on how to do so.

The setting that governs whether or not the interface is visible is specific to each user’s local installation of the Mail Express Outlook Add-In. It is stored as the PrimaryToolbarVisible parameter of the file %AppData%\Globalscape\Mail Express Outlook Addin\settings.config and is changed automatically when a user chooses to show or hide the interface. When deploying the Mail Express Outlook Add-In to user workstations (using your preferred deployment utility), you may choose to add a step to the process after successful installation to perform one of the two following actions while Outlook is closed:

  • Modify the PrimaryToolbarVisible parameter of the settings.config XML file to “true” rather than the default “false” value.

    • OR

  • Deploy a preconfigured settings.config file that has the PrimaryToolbarVisible parameter defined as “true” already.

There are other parameters in the settings.config file that you may also find interesting to define for users based on their anticipated preferences, such as the ReceiveDownloadNotifications parameter that controls whether the sending user is notified via email when a recipient of a package sent through Mail Express has retrieved a file from that package, defined in the user interface’s Default Send Options tab and selectable for each message with attachments managed by Mail Express.

To familiarize yourself with the contents of this file and to test performing this change manually, can follow the steps below on a system with the Mail Express Outlook Add-In installed:

  1. Open Outlook and validate that the Mail Express user interface is not currently visible.
  2. Close Outlook.
  3. Browse the local file system to view the %AppData%\Globalscape\Mail Express Outlook Addin folder.
  4. Open settings.config in a suitable editor.
  5. Find the PrimaryToolbarVisible parameter. It is set to “false” if the interface is not visible.
  6. Replace the “false” text with “true” to enable interactivity with the Mail Express user interface.
  7. Save the changes to the settings.config file.
  8. Open outlook and validate that the Mail Express user interface is now visible.

Advanced Workflows affect system performance

September 14, 2014, 10:21 pm
$
0
0

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT Server Enterprise version 6.2 and later

SYMPTOM

Multiple simultaneous Advanced Workflow Engine (AWE) Tasks affect system performance

RESOLUTION

Adjust the maximum number of simultaneous tasks that are allowed to run and the number of simultaneous Advanced Workflow engines that can process the tasks.

Please contact GlobalSCAPE Technical Support for guidance before adjusting these settings.

The following registry DWORD values affect the processing of AWE tasks:

  • 32-bit: HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE Inc.\EFT Server 4.0\AWE
  • 64-bit: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GlobalSCAPE Inc.\EFT Server 4.0\AWE

The values are RunningTaskLimit and GSAWEObjectsPerServerInstance.

  • RunningTaskLimit controls the total number of AWE tasks that can execute simultaneously.
  • GSAWEObjectsPerServerInstance controls the total number of AWE tasks that can run in a given AWE executable instance.

Given the default values, only 3 tasks will run in a single instance of the AWE engine at a time, even if more are called for.

Below is a table showing various outcomes assuming a Folder Monitor operation where 100 files are deposited:

Running Task Limit

GSAWE Objects PerServer Instance

Number of AWE Engine instances

System Affect (mem, CPU)

Efficiency

Risk of failure due to threading

Explanation and Pros/Cons.

3 (default prior to v7)

20 (default prior to v7)

1

Very low

Low

Low

A single AWE engine instance processes 3 tasks at a time. Low impact on resource but takes longer to process all 100 tasks.

In EFT v7 and later, the default is 10
In EFT v7 and later, the default is 11Low
LowLowEFT will run 10 AWE tasks concurrently, each in their own GSAWE.exe engine

20

20

1

Low-

med

Medium

Medium

A single AWE engine instances processes 20 tasks at a time. Moderate impact but processes faster. Slightly increased risk of failure due to threading issues.

40

20

2

Med

Med-

high

Med-

high

Two AWE engine instances processes 40 tasks concurrently (20 each). Higher impact and 2X memory utilization for GSAWE (engine) process.

100

100

1

Med

High

High

Single AWE engine instance processes all 100 tasks concurrently. Only moderate performance hit but highly efficient processing. Downside is increased risk of failure due to AWE engine threading issues.

100

20

5

Med-

high

High

Med-

high

Five AWE engine instances processes 20 tasks each concurrently. Increased impact to resources, great performance, low-moderate risk of threading issues.

20

1

20

High

Med

Zero

Twenty AWE engine instances processes a single task each. Significant impact to resources and memory utilization, moderate performance, zero risk of threading issues.

100

1

100

Very

High

Very

high

Zero

Eliminates threading related problems by executing one AWE engine instance for each task. Problem is memory consumption for the up to 100 AWE engine instances. RAM upgrade may be in order.

So which value should you choose? It largely depends on what you are trying to accomplish and system resources available. Setting values of 50:50 (or 100:100) is highly efficient in terms of executing multiple tasks simultaneously with minimal impact to system resources, but there is an increased risk of failure due to the various task threads exiting completed tasks when other tasks are still being processed or haven’t yet started. If you have the system resources (RAM/CPU), then you may want to set a 10:1 or 20:1 (or higher) for a RunningTaskLimit:GSAWEObjectsPerServerInstance ratio. The result will be processing of many tasks concurrently, but with each task requiring a new AWE engine instance – fast but very resource intensive.

NOTES:

  • For these changes to take effect you must stop the EFT Server service, make the requisite registry change, and then restart EFT Server service.
  • You may see fewer than the expected number of GSAWE engine instances using process monitor or similar tools while testing. This is likely due to Folder Monitor threads which grow and shrink dynamically. See GSAWEObjectsPerServerInstance.
Search

How do I clear the Java certificate store of Globalscape certificates?

October 2, 2014, 12:26 am
$
0
0

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • Any Globalscape products that use a Java applet

QUESTION

How do I clear the Java certificate store of Globalscape certificates?

ANSWER

Globalscape certificates are obtained during the use of Java-enabled applets within Globalscape software.

To clear the Java certificate in Windows

  1. Open the Control Panel.
  2. Open the Java Control Panel.
  3. Click the Security tab.
  4. Click Manage Certificates.
  5. Select Globalscape.
  6. Click Remove.
  7. Click OK on the confirmation pop-up.
  8. Repeat for any and all Globalscape certificates.

For Mac OS, follow the instructions at this link:https://elearn.usu.edu/java/clearing-certificates.html

Web Transfer Client/Plain Text Client Session Timeout

October 7, 2014, 8:03 pm
$
0
0

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT Server version 5 and later

DISCUSSION

By default, if the Web Transfer client (WTC) (or, in v6.3 and later, the Plain Text Client (PTC)) is idle for 5 minutes, the session is released. That is, if no activity occurs during this time frame, the session is closed. This time out is for security purposes and, for the WTC, so that others can use one of the concurrent licenses. You may want the time to be longer or shorter, depending upon expected usage.

You can control this timeout in the Windows registry on the EFT Server computer by creating a new DWORD value that indicates the number of minutes that you want the session to be active, but idle, before the session is released.

On 32-bit systems:

HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE Inc.\EFT Server 3.0\

On 64-bit systems:

HKEY_LOCAL_MACHINE\Software\Wow6432Node\GlobalSCAPE Inc.\EFT Server 3.0\

Create the DWORD WTCTimeout and set the value to the number of minutes that a session can remain idle before it is released. The default value is 5 minutes (00000005).

Restart the server service for the change to take effect.

Which Data Loss Prevention (DLP) or Anti-virus (AV) solutions does EFT work with?

October 10, 2014, 3:31 am
$
0
0

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT version 7.x and later

QUESTION

Which Data Loss Prevention (DLP) or Anti-virus (AV) solutions does EFT work with?

ANSWER

EFT Enterprise v7 and later has a "Content Integrity Control" feature, which is part of the Event Rule subsystem. Content Integrity Control allows event workflows to hand files off to a third-party content analysis tool and react according to the results of that analysis. DLP and antivirus/antimalware are common use cases.

The underlying technology used to integrate EFT with third-party analysis tools is ICAP, which is an industry standard protocol. Numerous DLP vendors support this natively, making integration with EFT a breeze. WebSense, Symantec (formerly Vontu), IBM Fidelis, RSA DLP, CodeGreen Networks, and others each support ICAP, and a number of them have been fully tested with EFT.

Although Globalscape cannot endorse a particular vendor or product, we can state that, based on EFT customer feedback, it appears that WebSense and Symantec are very capable and widely used DLP solutions.

Please contact your account representative to demonstrate EFT's capabilities, and further discuss your company's AV or DLP project.

The POODLE OpenSSL Vulnerability and Enhanced File Transfer (EFT)

October 15, 2014, 8:26 pm
$
0
0

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT and EFT Enterprise, all versions

DISCUSSION

The "POODLE Vulnerability" (CVE-2014-3566) is a serious vulnerability in the popular OpenSSL cryptographic software library (through version 1.0.1i). This weakness allows stealing the information protected, under normal conditions, by the SSL encryption used to provide communication security and privacy over the Internet for applications such as web, email, instant messaging (IM), and some virtual private networks (VPNs).

EFT supports SSL connections for HTTPS and FTPS. For broad client support and backward compatibility, SSLv3 can be enabled on EFT. The SSLv3 protocol is vulnerable to the POODLE exploit. It is highly recommended, therefore, that you verify and modify the SSL configuration of EFT as needed to protect your information assets.

WORKAROUND

  1. Log in to the EFT administration interface, and click the Server tab.
  2. In the left pane, click the server (topmost) node.
  3. In the right pane, click the Security tab.
  4. Under SSL Compatibility, click Defined, and then select *only* the TLS 1.0 check box. (Clear the SSL 3.0 and SSL 2.0 check boxes, if selected.)
  5. Ensure that your EFT Administration channel is properly secured:
  • Disallow remote connections to the server if at all possible, and simply RDP into the server computer to perform administration functions against the local system.
  • If you do allow remote administration, ensure that you enable SSL and restrict IP addresses to only those computers on your network that need to connect for administration of the server. That is, on the Administration tab, change Server administrator listening IP from All Incoming to one or more specific IP addresses, as described here: http://help.globalscape.com/help/eft7/mergedprojects/eft/changing_the_server_listening_ip_address_and_port.htm.

AD Password Expiration

October 15, 2014, 10:25 pm
$
0
0

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT Server Enterprise version 6 and later

DISCUSSION

On NTAD/LDAP Sites, you can configure EFT Server through a registry key setting to send an e-mail notifying users that their password is about to expire in <n> days. Without this value, EFT Server (for AD/LDAP Sites) will not attempt to check password status or send notification e-mails. If the user's password expiration date matches any of the list of days in the registry key, a notification e-mail will be sent to the user’s e-mail address specified in the E-Mailaddress field of the user's AD account. This default setting sends e-mail notifications 30 days, 15 days, 10 days, 5 days, and 1 day before the password expires. You can edit the number of days and frequency to send notifications.

EFT Server executes cleanup procedures every day at 00:00:00 UTC and at Server Startup. This daily server cleanup removes/disables inactive administrators and user accounts and sends password reset and expiration notifications for every Site.

The EFT Server must have "Log On as a domain user" permission for e-mail notifications to work.

In the Client directory of the Server installation folder, the file PasswordChg_EmailInterval.reg provides a script to write the following key to the registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE Inc.\EFT Server 4.0\EFTClient]

"PasswordChg_EmailInterval"="30:15:10:5:1"

(On a 64-bit OS, use the path [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GlobalSCAPE Inc.\EFT Server 4.0\EFTClient])

The string value is in the format of d1:d2:d3 etc. For example, the 30, 15, 10, 5, 1 interval values will be represented by 30:15:10:5:1.It can also be a single value, such as 25, which would send only one e-mail notification on the 25th day before expiration. If the string value is empty, no notifications are sent.

This feature can be turned off by running the PasswordChg_EmailInterval_None.reg script or setting the value of PasswordChg_EmailInterval to null (empty string). When the feature is turned off, notification e-mails are no longer sent to users when their passwords expire. (Both scripts are installed in the \Clientdirectory).

When the password has expired or if the password must be changed at the first login, the following message appears:

Your password has expired. Please create a new password that meets AD complexity requirements.

As of version 6.1, EFT Server sends the message and logs the password checking activity, including whether e-mails are sent.

See also Changing an AD Password via the Web Transfer Client in your version of the EFT Server documentation.

Viewing all 479 articles
Browse latest View live
Search