Release Notes for Directory Server 10.4.3

May 10, 2022 | KB: 1014097
Directory Server 10.4.3

Summary

See Knowledge Base article 1014096 for a list of changes in Directory Sever 10.4.3.

Laserfiche Directory Server 10 controls licensing and activation for Laserfiche products in Laserfiche Rio and Laserfiche Avante installations. An administrator can generate application licenses for available Laserfiche applications, can allocate available licenses to user accounts, and perform other actions involving license administration.

Laserfiche Directory Server 10 can also provide user authentication for Laserfiche 10 products. This allows single sign-on across the Laserfiche web client, Laserfiche Forms, Laserfiche App, and Laserfiche Discussions. For example, a user can sign in to the web client and be automatically signed in when viewing Laserfiche Forms.

Directory Server administration is available through an administration website.

Service Pack and Hotfix Information

There are no current service packs or hotfixes.

Upgrade Information

Directory Server 10.4 can be installed over existing Directory Server 10, Directory Server 9, and License Manager 8.3.1 installations.

When creating a Directory Server licensing site, you have the option of importing data from a License Manager 8 database into the new Directory Server licensing site. The import process will migrate registered application information, named users license assignments, and version 8.3.x Active Directory group synchronization rules into the Directory Server site.

Directory Server 10.4 requires Laserfiche Server version 10.2.1 and later or Laserfiche Server 10.1 Update 3 (KB 1013882).

Upgrading to Directory Server 10.4.3 from existing Directory Server 10 requires changes to STS configuration (KB 1014134).

Requirements

Minimum System Requirements

  • CPU: Dual-core processor
  • Memory: 2 GB RAM

Supported 64-bit Operating Systems

Laserfiche Directory Server is only supported on 64-bit versions of Microsoft Windows.

  • Windows 7 Service Pack 1
  • Windows 8.1
  • Windows 10
  • Windows Server 2008 R2 Service Pack 1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019

Microsoft Windows Components

  • .NET Framework 4.7.2 or later.
  • IIS 7.5 or later.
  • HTTPS

Supported Versions of Microsoft SQL Server

  • Microsoft SQL Server 2008 (Service Pack 3)
  • Microsoft SQL Server 2008 R2 (Service Pack 2)
  • Microsoft SQL Server 2012 (Service Pack 2)
  • Microsoft SQL Server 2014
  • Microsoft SQL Server 2016
  • Microsoft SQL Server 2017
  • Microsoft SQL Server 2019

Supported Browsers for the Web Administration Console

  • Internet Explorer 11
  • Microsoft Edge
  • Firefox (latest version)
  • Chrome (latest version)

Known Issues

  • 1014106 If your computer has Windows 8.1 and .NET Framework version 4.7.1, then Laserfiche Directory Server Installer will fail to update the .NET Framework to version 4.8. As a workaround, you can navigate to the Laserfiche Directory Server package folder and find the .NET Framework 4.8 application in the support folder. Once you download .NET Framework 4.8 application on your computer, you must start the Laserfiche Directory Server Installer again. This will successfully update your .NET Framework from 4.7.1 to 4.8. (207653)
  • 1014108 If you are using the Account Migration Utility tool to migrate from Laserfiche Server to Laserfiche Directory Server, the Everyone group's attributes are not properly migrated. This can be resolved by manually changing the Group SID values in Laserfiche Server to match the new Group SID values assigned in Laserfiche Directory Server.
  • When hosting web applications in DMZ, single sign-on requires application-side changes for complete solutions. Transport Layer Security (TLS) 1.2 communication with Laserfiche Directory Server is not supported by some DMZ applications when using Security Token Service (STS) via alternate binding. The exceptions to this are select end applications such as Forms, the Laserfiche web client, Federated Search, and WebLink 10.2 which work with alternate binding when TLS 1.2 is enabled. (182419)
  • 1014132 Certificate requirements for STS communication over HTTPS differ by certificate type. (225613)
  • 1014134 Laserfiche Directory Server Security Token Service (STS) 10.4.3 requires HTTP communication with Laserfiche Directory Server (LFDS). STS versions prior to 10.4.3 require WCF communication. End applications still using WCF will require configuration if alternate service is to enabled for them. For applications using HTTP, alternate service is no longer relevant. (225615)
  • Laserfiche Directory Server service needs to be manually started if an error occurs after saving the XMLEndpointUtility. (236154)
  • If a user selects Sign in as... on the Laserfiche Directory Server administration console and signs in as the same user already signed in, the user will encounter an infinite 401 challenge for Windows authentication. To mitigate this error, user must click Cancel and navigate back to Laserfiche Directory Server to sign in. (181148)
  • When upgrading Laserfiche Directory Server Security Token Service, custom ports will be dropped from STS configuration if the Laserfiche Directory Server address value is localhost:customPort. An administrator must note the custom port and reconfigure it once Laserfiche Directory Server Security Token Service is upgraded. (209815)
  • When an identity provider that contains users with licenses is deleted in Laserfiche Directory Server, the user licenses are not freed until Laserfiche Directory Server is restarted. (164868)
  • On a computer where Laserfiche Directory Server is installed, looking up the HWFP or Host ID of the local computer may fail if the local domain or local host is not allowlisted in the browser's authentication registry settings. (212209)
  • Users belonging to an LDAP identity provider will not be removed from Laserfiche Directory Server upon removal from Active Directory, regardless of settings. This can be resolved by registering the identity provider as Active Directory instead. (170540)
  • After renewing your primary license, the Multi-factor Authentication section on the Settings -> General page may display a note that the licensing site is not licensed for Laserfiche multi-factor authentication even if you are licensed for the feature. Refresh the page to display the multi-factor authentication options. (204244)
  • The Windows Authentication button on the Directory Server sign-in page may be hidden by default when Directory Server and the STS are installed on separate computers. An administrator can show the Windows Authentication button by navigating to the STS configuration page and clearing the Hide Windows Authentication check box. Please note that when Directory Server and the STS are on separate computers, proper Kerberos configuration will be required for the Windows Authentication button to work properly. (208130)
  • 1014041 While making changes in Laserfiche Directory Server, you receive the error "The given key was not present in the dictionary." (212206)
  • You cannot use the "Renew Primary License" option from within a Laserfiche client application's installation wizard. If you need to renew your Laserfiche primary license, please renew from within the Directory Server administration website. (36120)
  • You may receive an "Identity Provider 'YourIdentityProvider' not registered successfully: An unknown error has occurred. (LFDS0)(LMO0)" error message when you provide cross-domain credentials in the Use the following credentials to query the directory server option when configuring an identity provider. (87598, 127268)
  • You may receive an "Access denied [9013]" or "Sign in failed because the number of sessions has reached the licensed limit" error message when using Windows authentication to sign in to a Laserfiche repository as the [SampleDomainName]\Administrator account. (114367)
  • The Windows Authentication sign-in button is not supported with Microsoft Edge version 40.15063. Current versions of Edge are supported. (40190)
  • If you specify a SAML user account as the Laserfiche Forms System Administrator in the Laserfiche Forms Configuration page, the specified SAML user must be in a Directory Server group. (57616)
  • During the installation process when upgrading from Directory Server 10.0 to 10.3, the initial loading of the STS Endpoint Utility (STSEndpointUtility.exe) may show the service user as "LicenseManagerWCF/localhost." Reopen the utility to verify that the value is correct. (63505)
  • When you have multiple licensing sites, Directory Server attempts to set the first site created as the default licensing site. If the Directory Server service account does not have sufficient Windows file system permissions to modify the Directory Server configuration file, automatic sign-in with AD FS and SAML may not function properly. You can manually edit the LFDS.exe.config file in the Directory Server installation folder to add a default licensing site. In the <appSettings> block, insert the following line:

    <add key="DefaultRealm" value="SampleLicensingSiteName" />

    After saving your change, restart the Directory Server service. (62914)
  • Default Microsoft Edge settings may prevent you from viewing the local Directory Server administration site when specifying the machine name or fully qualified domain name in the browser address bar. Using "localhost" as part of the address allows the site to display properly in Microsoft Edge. (135703)
  • Administrators must manually delete c:\programdata\laserfiche\LFDS\usersettings.config from each installation on failover nodes after configuring Directory Server for failover clustering support or automatic redirects upon failover may not function as expected. (136936)
  • Internet Explorer 10 version 10.0.9200.16844 may encounter issues with exporting user lists. This issue does not affect later versions of Internet Explorer 10. (137210)
  • You may need to install Microsoft update https://support.microsoft.com/en-us/kb/2803748 in cluster configurations involving Windows Server 2012.
  • When Laserfiche Directory Server, Laserfiche Server, and the SQL Server instance hosting the licensing database are all installed on the same computer, in certain reboot situations, Directory Server may report that the licensing database could not be found while the SQL Server instance is still loading up. This can then prevent the Laserfiche Server service from starting up. (128001)
  • When viewing the Laserfiche Directory Server Security Token Service configuration page locally, you may receive an HTTP 403.0 error. As a workaround, run the web browser as an administrator. (119847)
  • Manually installing .NET Framework 3.5 after Laserfiche Directory Server can overwrite existing IIS script mappings and prevent the Directory Server Web Administration Console from loading properly. Manually recreate the necessary .NET 4 mappings by using the .NET 4 version of aspnet_regiis.exe. (119192)
  • When installing Laserfiche Server 9.1 or earlier and registering against the Laserfiche Directory Server, you will be unable to allocate repository named users. As a workaround, register the application and generate the license from the Laserfiche Directory Server administration site. (119074)

Related Links

1014096 List of Changes for Directory Server 10.4.3.