Release Notes for Directory Server 10.4.4

May 10, 2022 | KB: 1014160
Directory Server 10.4.4

Summary

See Knowledge Base article 1014161 for a list of changes in Directory Sever 10.4.4.

Laserfiche Directory Server 10 controls licensing and activation for Laserfiche products in Laserfiche Rio and Laserfiche Avante installations. An administrator can generate application licenses for available Laserfiche applications, can allocate available licenses to user accounts, and perform other actions involving license administration.

Laserfiche Directory Server 10 can also provide user authentication for Laserfiche 10 products. This allows single sign-on across the Laserfiche web client, Laserfiche Forms, Laserfiche App, and Laserfiche Discussions. For example, a user can sign in to the web client and be automatically signed in when viewing Laserfiche Forms.

Directory Server administration is available through an administration website.

Service Pack and Hotfix Information

There are no current service packs or hotfixes.

Upgrade Information

Directory Server 10.4 can be installed over existing Directory Server 10, Directory Server 9, and License Manager 8.3.1 installations.

When creating a Directory Server licensing site, you have the option of importing data from a License Manager 8 database into the new Directory Server licensing site. The import process will migrate registered application information, named users license assignments, and version 8.3.x Active Directory group synchronization rules into the Directory Server site.

Directory Server 10.4 requires Laserfiche Server version 10.2.1 and later or Laserfiche Server 10.1 Update 3 (KB 1013882).

Upgrading to Directory Server 10.4.3 from existing Directory Server 10 requires changes to STS configuration (KB 1014134).

Requirements

Minimum System Requirements

  • CPU: Dual-core processor
  • Memory: 2 GB RAM

Supported 64-bit Operating Systems

Laserfiche Directory Server is only supported on 64-bit versions of Microsoft Windows.

  • Windows 7 Service Pack 1
  • Windows 8.1
  • Windows 10
  • Windows Server 2008 R2 Service Pack 1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019

Microsoft Windows Components

  • .NET Framework 4.7.2 or later.
  • IIS 7.5 or later.
  • HTTPS

Supported Versions of Microsoft SQL Server

  • Microsoft SQL Server 2008 (Service Pack 3)
  • Microsoft SQL Server 2008 R2 (Service Pack 2)
  • Microsoft SQL Server 2012 (Service Pack 2)
  • Microsoft SQL Server 2014
  • Microsoft SQL Server 2016
  • Microsoft SQL Server 2017
  • Microsoft SQL Server 2019

Supported Browsers for the Web Administration Console

  • Internet Explorer 11
  • Microsoft Edge (latest version)
  • Firefox (latest version)
  • Chrome (latest version)

Known Issues

  • When an LDAP identity provider is registered, Active Directory synchronization is enabled, both Remove users deleted from Active Directory and Ignore Active Directory tombstones are enabled, and an LDAP user is deleted, Laserfiche Directory Server will remove the LDAP user's license but does not delete the LDAP user from Laserfiche Directory Server. (170540)
  • Deleting a site from SQL database prior to detaching the site from Laserfiche Directory Server will result in this error Cannot open database requested by the login. The login failed. being logged in the event log. To avoid this error, you must detach the licensing site from Laserfiche Directory Server prior to deleting the site from your SQL database. (226328)
  • Attempting to delete an Azure SQL database through Laserfiche Directory Server will not be successful and will cause a Database not found error in Directory Server. It is recommended to detach the licensing site followed by deleting the database via the Azure management console. (210539)
  • There may be stability issues when batch importing more than 6,000 Laserfiche or SAML user accounts through a CSV file into Laserfiche Directory Server. Please consider backing up your database and alternatives such as the Laserfiche SDK for large imports/user creation. (239888)
  • If audit trimming is turned off for an extended period of time and the database has a high growth rate (~1 GB per day), audit trimming may not be able to catch up when turned back on and may fail to cut down audit data size. (197891)
  • On a computer where Laserfiche Directory Server is installed, looking up the HWFP or Host ID of the local computer may fail if the local domain is not allowlisted in the browser's authentication registry settings. (212209)
  • Searching for events on a Laserfiche Directory Server site with millions of audit events will temporarily make Laserfiche Directory Server unresponsive and users will be unable to sign in using the STS site for the duration of the search. (200526)
  • 1014106 If your computer has Windows 8.1 and .NET Framework version 4.7.1, then Laserfiche Directory Server Installer will fail to update the .NET Framework to version 4.8. As a workaround, you can navigate to the Laserfiche Directory Server package folder and find the .NET Framework 4.8 application in the support folder. Once you download .NET Framework 4.8 application on your computer, you must start the Laserfiche Directory Server Installer again. This will successfully update your .NET Framework from 4.7.1 to 4.8.(207653)
  • 1014108 If you are using the Account Migration Utility tool to migrate from Laserfiche Server to Laserfiche Directory Server, the Everyone group's attributes are not properly migrated. This can be resolved by manually changing the Group SID values in Laserfiche Server to match the new Group SID values assigned in Laserfiche Directory Server.
  • When hosting web applications in DMZ, single sign-on requires application-side changes for complete solutions. Transport Layer Security (TLS) 1.2 communication with Laserfiche Directory Server is not supported by some DMZ applications when using Security Token Service (STS) via alternate binding. The exception to this are select end applications such as Forms, the Laserfiche web client, Federated Search, and WebLink 10.2 which work with alternate binding when TLS 1.2 is enabled. (182419)
  • 1014132 Certificate requirements for STS communication over HTTPS differ by certificate type. (225613)
  • 1014134 Laserfiche Directory Server Security Token Service (STS) 10.4.3 requires HTTP communication with Laserfiche Directory Server (LFDS). STS versions prior to 10.4.3 require WCF communication. End applications still using WCF will require configuration if alternate service is to enabled for them. For applications using HTTP, alternate service is no longer relevant. (225615)
  • Laserfiche Directory Server service needs to be manually started if an error occurs after saving the XMLEndpointUtility. (236154)
  • After renewing your Primary license, the Multi-factor Authentication section on the Settings -> General page may display a note that the licensing site is not licensed for Laserfiche multi-factor authentication even if you are licensed for the feature. Refresh the page to display the multi-factor authentication options. (204244)
  • The Windows Authentication button on the Directory Server sign-in page may be hidden by default when Directory Server and the STS are installed on separate computers. An administrator can show the Windows Authentication button by navigating to the STS configuration page and clearing the Hide Windows Authentication check box. Please note that when Directory Server and the STS are on separate computers, proper Kerberos configuration will be required for the Windows Authentication button to work properly. (208130)
  • 1014041 While making changes in Laserfiche Directory Server, you receive the error "The given key was not present in the dictionary." (212206)
  • You cannot use the "Renew Primary License" option from within a Laserfiche client application's installation wizard. If you need to renew your Laserfiche primary license, please renew from within the Directory Server administration website. (36120)
  • You may receive an "Identity Provider 'YourIdentityProvider' not registered successfully: An unknown error has occurred. (LFDS0)(LMO0)" error message when you provide cross-domain credentials in the Use the following credentials to query the directory server option when configuring an identity provider. (87598, 127268)
  • You may receive an "Access denied [9013]" or "Sign in failed because the number of sessions has reached the licensed limit" error message when using Windows authentication to sign in to a Laserfiche repository as the [SampleDomainName]\Administrator account. (114367)
  • If you specify a SAML user account as the Laserfiche Forms System Administrator in the Laserfiche Forms Configuration page, the specified SAML user must be in a Directory Server group. (57616)
  • During the installation process when upgrading from Directory Server 10.0 to 10.3, the initial loading of the STS Endpoint Utility (STSEndpointUtility.exe) may show the service user as "LicenseManagerWCF/localhost." Reopen the utility to verify that the value is correct. (63505)
  • When you have multiple licensing sites, Directory Server attempts to set the first site created as the default licensing site. If the Directory Server service account does not have sufficient Windows file system permissions to modify the Directory Server configuration file, automatic sign-in with AD FS and SAML may not function properly. You can manually edit the LFDS.exe.config file in the Directory Server installation folder to add a default licensing site. In the <appSettings> block, insert the following line:

    <add key="DefaultRealm" value="SampleLicensingSiteName" />

    After saving your change, restart the Directory Server service. (62914)
  • Administrators must manually delete c:\programdata\laserfiche\LFDS\usersettings.config from each installation on failover nodes after configuring Directory Server for failover clustering support or automatic redirects upon failover may not function as expected. (136936)
  • You may need to install Microsoft update https://support.microsoft.com/en-us/kb/2803748 in cluster configurations involving Windows Server 2012.
  • When Laserfiche Directory Server, Laserfiche Server, and the SQL Server instance hosting the licensing database are all installed on the same computer, in certain reboot situations, Directory Server may report that the licensing database could not be found while the SQL Server instance is still loading up. This can then prevent the Laserfiche Server service from starting up. (128001)
  • Attribute CSV exported from LFDS thows "File is partly broken" on import. This happens because Windows blocks the file on export, so you have to manually open its properties and unblock it before the import succeeds. (120001)
  • When viewing the Laserfiche Directory Server Security Token Service configuration page locally, you may receive an HTTP 403.0 error. As a workaround, run the web browser as an administrator. (119847)
  • Manually installing .NET Framework 3.5 after Laserfiche Directory Server can overwrite existing IIS script mappings and prevent the Directory Server Web Administration Console from loading properly. Manually recreate the necessary .NET 4 mappings by using the .NET 4 version of aspnet_regiis.exe. (119192)
  • When installing Laserfiche Server 9.1 or earlier and registering against the Laserfiche Directory Server, you will be unable to allocate repository named users. As a workaround, register the application and generate the license from the Laserfiche Directory Server administration site. (119074)
  • The primary license autorenewal feature (based on expiration) fails. The Automatic Renewal Status always displays Unsuccessful. (319303)

Related Links

1014161 List of Changes for Directory Server 10.4.4.