Summary

See Knowledge Base article 1014374 for a list of changes in Directory Sever 11 Update 2 (11.0.2204.1467).

Laserfiche Directory Server 11 controls licensing and activation for Laserfiche products in Laserfiche Rio, Laserfiche Avante, and subscription-based systems. An administrator can generate application licenses for available Laserfiche applications, can allocate available licenses to user accounts, and perform other actions involving license administration.

Laserfiche Directory Server 11 can also provide user authentication for Laserfiche 10+ products. This allows single sign-on across the Laserfiche web client, Laserfiche Forms, Laserfiche App, and Laserfiche Discussions. For example, a user can sign in to the web client and be automatically signed in when viewing Laserfiche Forms.

Directory Server administration is available through an administration website.

Service Pack and Hotfix Information

There are no current service packs or hotfixes.

Upgrade Information

Directory Server 11 can be installed over existing Directory Server 10, Directory Server 9, and License Manager 8.3.1 installations.

When creating a Directory Server licensing site, you have the option of importing data from a License Manager 8 database into the new Directory Server licensing site. The import process will migrate registered application information, named users license assignments, and version 8.3.x Active Directory group synchronization rules into the Directory Server site.

Directory Server 11 requires Laserfiche Server version 10.2.1 and later or Laserfiche Server 10.1 Update 3 (KB 1013882).

Upgrading Directory Server from versions prior to 10.4.3 requires changes to STS configuration (KB 1014134).

Requirements

Minimum System Requirements

• CPU: Dual-core processor
• Memory: 2 GB RAM

Supported 64-bit Operating Systems

Laserfiche Directory Server is only supported on 64-bit versions of Microsoft Windows.

• Windows 8.1
• Windows 10
• Windows 11
• Windows Server 2012
• Windows Server 2012 R2
• Windows Server 2016
• Windows Server 2019
• Windows Server 2022

Microsoft Windows Components

• .NET Framework 4.8
• IIS 8 or later
• HTTPS

Supported Versions of Microsoft SQL Server

• Microsoft SQL Server 2014 (Service Pack 3)
• Microsoft SQL Server 2016
• Microsoft SQL Server 2017
• Microsoft SQL Server 2019

Supported Browsers for the Web Administration Console

• Microsoft Edge (latest version)
• Firefox (latest version)
• Chrome (latest version)

Known Issues

• There are no audit events for changes made to STS Sites entries. (371742)
• When viewing audit reports, the MFA Status value indicates whether MFA is explicitly required. If MFA is not required or is inherited, it seems to show as "No." (367935)
• Directory Server may trim URI fragment identifiers after signing in through SAML and redirecting from the sign-in page to the original URL. (362671)
• Certain error messages returned by the STS may not be properly read by screen readers. (360589)
• Directory Server may log excess "Access denied" error messages when non-administrators browse the Directory Server website. (343151)
• The group list may not display more than 20 groups on tall displays. (320800)
• There is not audit event for when the "Decrypt SAML assertions" option is turned on or off. (306482)
• When Active Directory Synchronization is enabled with an interval poll value of 0 or 1, the polling runs every 90 minutes. (302907)
• When editing certain registered application instances, the "Assign application license to" option may not display the previously selected value. (302434)
• Creating an organization right after deleting an organization results in an infinite loading spinner that disappears only after refreshing the page. (270511)
• 1014252 Windows Authentication fails due to an incorrect automatic setting in the UserSettings.config file. (276471)
• When an LDAP identity provider is registered, Active Directory synchronization is enabled, both Remove users deleted from Active Directory and Ignore Active Directory tombstones are enabled, and an LDAP user is deleted, Laserfiche Directory Server will remove the LDAP user's license but does not delete the LDAP user from Laserfiche Directory Server. (170540)
• Deleting a site from SQL database prior to detaching the site from Laserfiche Directory Server will result in this error Cannot open database requested by the login. The login failed. being logged in the event log. To avoid this error, you must detach the licensing site from Laserfiche Directory Server prior to deleting the site from your SQL database. (226328)
• Attempting to delete an Azure SQL database through Laserfiche Directory Server will not be successful and will cause a Database not found error in Directory Server. It is recommended to detach the licensing site followed by deleting the database via the Azure management console. (210539)
• There may be stability issues when batch importing more than 6,000 Laserfiche or SAML user accounts through a CSV file into Laserfiche Directory Server. Please consider backing up your database and alternatives such as the Laserfiche SDK for large imports/user creation. (239888)
• If audit trimming is turned off for an extended period of time and the database has a high growth rate (~1 GB per day), audit trimming may not be able to catch up when turned back on and may fail to cut down audit data size. (197891)
• When deleting or synchronizing a larger number of users from an identity provider, Directory Server may freeze for a prolonged time or give an Object reference not set to an instance of an object. error. (187611)
• On a computer where Laserfiche Directory Server is installed, looking up the HWFP or Host ID of the local computer may fail if the local domain is not allowlisted in the browser's authentication registry settings. (212209)
• Searching for events on a Laserfiche Directory Server site with millions of audit events will temporarily make Laserfiche Directory Server unresponsive and users will be unable to sign in using the STS site for the duration of the search. (200526)
• 1014106 If your computer has Windows 8.1 and .NET Framework version 4.7.1, then Laserfiche Directory Server Installer will fail to update the .NET Framework to version 4.8. As a workaround, you can navigate to the Laserfiche Directory Server package folder and find the .NET Framework 4.8 application in the support folder. Once you download .NET Framework 4.8 application on your computer, you must start the Laserfiche Directory Server Installer again. This will successfully update your .NET Framework from 4.7.1 to 4.8. (207653)
• 1014108 If you are using the Account Migration Utility tool to migrate from Laserfiche Server to Laserfiche Directory Server, the Everyone group's attributes are not properly migrated. This can be resolved by manually changing the Group SID values in Laserfiche Server to match the new Group SID values assigned in Laserfiche Directory Server. (165253)
• 1014132 Certificate requirements for STS communication over HTTPS differ by certificate type. (225613)
• 1014134 Laserfiche Directory Server Security Token Service (STS) 10.4.3 and later requires HTTP communication with Laserfiche Directory Server (LFDS). STS versions prior to 10.4.3 require WCF communication. End applications still using WCF will require configuration if alternate service is to enabled for them. For applications using HTTP, alternate service is no longer relevant. (225615)
• Laserfiche Directory Server service needs to be manually started if an error occurs after saving the XMLEndpointUtility. (207762)
• After renewing your Primary license, the Multi-factor Authentication section on the Settings -> General page may display a note that the licensing site is not licensed for Laserfiche multi-factor authentication even if you are licensed for the feature. Refresh the page to display the multi-factor authentication options. (204244)
• The Windows Authentication button on the Directory Server sign-in page may be hidden by default when Directory Server and the STS are installed on separate computers. An administrator can show the Windows Authentication button by navigating to the STS configuration page and clearing the Hide Windows Authentication check box. Please note that when Directory Server and the STS are on separate computers, proper Kerberos configuration will be required for the Windows Authentication button to work properly. (208130)
• When detaching a license site and choosing to delete the database, Directory Server may fail to automatically delete the database, resulting in needing to remove the database yourself through SQL Server management tools. (149911)
• 1014041 While making changes in Laserfiche Directory Server, you receive the error "The given key was not present in the dictionary." (163682)
• You cannot use the "Renew Primary License" option from within a Laserfiche client application's installation wizard. If you need to renew your Laserfiche primary license, please renew from within the Directory Server administration website. (36120)
• You may receive an "Identity Provider 'YourIdentityProvider' not registered successfully: An unknown error has occurred. (LFDS0)(LMO0)" error message when you provide cross-domain credentials in the Use the following credentials to query the directory server option when configuring an identity provider. (87598, 127268)
• You may receive an "Access denied [9013]" or "Sign in failed because the number of sessions has reached the licensed limit" error message when using Windows authentication to sign in to a Laserfiche repository as the [SampleDomainName]\Administrator account. (127271)
• If you specify a SAML user account as the Laserfiche Forms System Administrator in the Laserfiche Forms Configuration page, the specified SAML user must be in a Directory Server group. (57616)
• During the installation process when upgrading from Directory Server 10.0 to 10.3, the initial loading of the STS Endpoint Utility (STSEndpointUtility.exe) may show the service user as "LicenseManagerWCF/localhost." Reopen the utility to verify that the value is correct. (63505)
• When you have multiple licensing sites, Directory Server attempts to set the first site created as the default licensing site. If the Directory Server service account does not have sufficient Windows file system permissions to modify the Directory Server configuration file, automatic sign-in with AD FS and SAML may not function properly. You can manually edit the LFDS.exe.config file in the Directory Server installation folder to add a default licensing site. In the <appSettings> block, insert the following line:

  <add key="DefaultRealm" value="SampleLicensingSiteName" />

  After saving your change, restart the Directory Server service. (62914)
• Administrators must manually delete C:\ProgramData\Laserfiche\LFDS\UserSettings.config from each installation on failover nodes after configuring Directory Server for failover clustering support or automatic redirects upon failover may not function as expected. (136936)
• You may need to install Microsoft update https://support.microsoft.com/en-us/kb/2803748 in cluster configurations involving Windows Server 2012. (137447)
• When Laserfiche Directory Server, Laserfiche Server, and the SQL Server instance hosting the licensing database are all installed on the same computer, in certain reboot situations, Directory Server may report that the licensing database could not be found while the SQL Server instance is still loading up. This can then prevent the Laserfiche Server service from starting up. (128001)
• When viewing the Laserfiche Directory Server Security Token Service configuration page locally, you may receive an HTTP 403.0 error. As a workaround, run the web browser as an administrator. (119847)
• Manually installing .NET Framework 3.5 after Laserfiche Directory Server can overwrite existing IIS script mappings and prevent the Directory Server Web Administration Console from loading properly. Manually recreate the necessary .NET 4 mappings by using the .NET 4 version of aspnet_regiis.exe. (119192)

Related Links

1014374 List of Changes for Directory Server 11 Update 2.