GlobalSCAPE Knowledge Base

When attempting to open a Microsoft Office attachment in Internet Explorer 7 or 8, one or more authentication prompts appear

GlobalSCAPE 5 — Wed, 01 Sep 2010 10:19:21 GMT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

Mail Express, v3.0

SYMPTOM

When attempting to open a Microsoft Office attachment in Internet Explorer 7 or 8, one or more authentication prompts appear.

CAUSE

On some systems, using an invalid SSL Certificate with Mail Express Server may result in unexpected behavior on client workstations when attempting to open Microsoft Office documents that have been sent through the Mail Express system. The invalid certificate causes confusion in the Microsoft Office applications and results in the extra authentication prompts. It also seems to cause PowerPoint 2007 files (.pptx) to not open as read-only. Internet Explorer typically issues a security warning if:

The certificate is self signed.
The certificate has expired.
The certificate's common name does not match the fully qualified hostname of the Mail Express Server.
The certificate has not been signed by a trusted certificate authority (or the certificate signing chain does not trace back to a trusted certificate authority (CA)).

RESOLUTION

To resolve this issue, you must configure the Mail Express Server to use a valid SSL public certificate and corresponding private key (configured via the General Configuration Page).

MORE INFORMATION

This behavior typically occurs when using Internet Explorer to download and "Open" the document in the applicable Microsoft Office application. In particular, the user may experience:

Multiple unnecessary authentication prompts
Documents being loaded incorrectly in the Microsoft Office Applications. Specifically, the document may be loaded as a temporary file rather than as read-only. (Thus far, this has only been seen with Office 2007 PowerPoint documents (.pptx)).

The underlying cause of these undesirable behaviors is due to how Microsoft Office handles loading documents that have been downloaded via Internet Explorer. The applicable Office application may attempt to query the Mail Express Server for additional features concerning the document and an invalid SSL Certificate may conflict with the normal processing of this functionality.

When attaching a file to an email on the Drop-Off page in Internet Explorer v8, the displayed path is incorrect

GlobalSCAPE 5 — Wed, 01 Sep 2010 10:19:03 GMT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

Mail Express, v3.0

SYMPTOM

When attaching a file to an email on the Drop-Off page in Internet Explorer v8, the displayed path is incorrect.

CAUSE

In Internet Explorer v8, the default browser settings prevent the local path from displaying correctly. Mail Express is unaffected by this setting; however, if you want to display the correct path, you can change this setting in the browser.

RESOLUTION

To prevent Internet Explorer from displaying a fake path

In Internet Explorer, click Tools > Internet Options.
Click the Security tab.
In the Security level for this zone area, click Custom level.
In the Miscellaneous section, under Include local directory path when uploading files to a server, click Enable.
Click OK, click Yes on the prompt that appears, then click OK to close the Internet Options dialog box.

Firewalling Mail Express URLs

GlobalSCAPE 5 — Wed, 01 Sep 2010 10:18:41 GMT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

Mail Express, v3

DISCUSSION

This article discusses the static URLs that are used by Mail Express. It is recommended that you protect the internal-only URLs in the table below from external (e.g. Internet) access using a firewall. Typically this may be accomplished by adding DENY rules for the URLs identified as "Internal Only" in the table below.

Mail Express Server URLs

The Mail Express Server exposes the following static URLs:

URL	Description	Recommended Access
https://<host>/svc	Web services for Outlook Add-In	Internal Only
https://<host>/admin	Admin Home Page	Internal Only
https://<host>/adminLogin	Admin Login Page	Internal Only
https://<host>/help/AdminUser/*	Admin Help Guide	Internal Only
https://<host>/login	Internal/External Login Page	Internal, External
https://<host>/help/WebUser/*	User Help Guide	Internal, External
https://<host>/pickup	Package Pick-up Page	Internal, External
https://<host>/dropoff	Package Drop-off Page	Internal, External
https://<host>/logout	Logout Page	Internal, External

The remaining URLs used to access the system are dynamically generated during operation and are relative to each specific client session.

Mail Express is not saving changes when I click Save

GlobalSCAPE 5 — Wed, 01 Sep 2010 10:18:12 GMT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

Mail Express, v3.0

SYMPTOM

In the Administration portal, Mail Express is not saving changes when I click Save.

CAUSE

Not enough available disk space is available for Mail Express to function correctly.

RESOLUTION

It is important to provide regular disk maintenance/management of resources. Mail Express administration requires a small amount of available disk space in order to service requests. When the disk is full, Mail Express may not function as expected.

"Operation Failed" message appears when sending attachments via Mail Express with the Outlook Add-In

GlobalSCAPE 5 — Wed, 01 Sep 2010 10:17:31 GMT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

Mail Express, v3.0

SYMPTOM

"Operation Failed" message appears when sending attachments via Mail Express with the Outlook Add-In.

CAUSE

The version of the .NET Framework required by the Add-In is not installed.

RESOLUTION

The Add-In requires .NET Framework 3.5 SP1, so ensure that it is installed. (Installing .NET Framework 4.0 will not install earlier versions of the .NET Framework.)

Outlook may become sluggish or unresponsive at the moment large files are attached to an email when using Outlook’s Attach File button

GlobalSCAPE 5 — Wed, 01 Sep 2010 10:17:12 GMT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

Mail Express, v3

SYMPTOM

Outlook may become sluggish or unresponsive at the moment large files are attached to an email when using Outlook’s Attach File button. This can also occur shortly after sending an email with large attachments that have been attached with Outlook’s Attach File button. The delay may become more pronounced the larger the size of the attachments.

CAUSE

The attachment is being managed by the Exchange Server instead of Mail Express and the Exchange Server is limiting the size of attachments.

RESOLUTION

Outlook does not handle large attachments very efficiently. Attaching large files with Outlook's Attach File button will cause a lag the moment they are attached to an email. This lag is unrelated to the Mail Express Add-in. For better performance, use the Mail Express Attach File button to attach files instead. If the Mail Express Attach File button is hidden, it can be enabled by clicking View > Toolbars > Mail Express in Outlook, as described below.

MORE INFORMATION

By default, Microsoft Exchange allows up to 10 MB of attachments (total) per email. Outlook will prevent users from exceeding this limit and will display the message "The attachment size exceeds the allowable limit" if they try to do so. As a result of having this limit in place and set to 10 MB or less, users will be less likely to experience this delay as they can only attach larger files using the Mail Express Attach File button. If it is desired that the Add-In is run in transparent mode, meaning that the Add-In’s primary toolbar all other user interface elements of the Add-In are hidden, then users will not have access to the Mail Express Attach File button. This means that the Exchange message size limits will need to be increased to allow users to attach files larger than 10 MB with Outlook’s Attach File button and when users do so, they may experience this delay. This is essentially a tradeoff between running the Add-In transparently and having to deal with Outlook’s performance issues with how it naturally handles large attachments versus running the Add-In in visible mode. Allowing users to attach files with the Add-In's Attach File button provides a better user experience with attaching large files.

To hide or show the Mail Express toolbar

Right-click a blank area of the Outlook toolbar/ribbon, then click Mail Express.
-or-
On the Outlook main menu, click View > Toolbars > Mail Express.

Email Message Toolbar

When you create a new email, the Message ribbon/toolbar allows you to specify the file(s) to attach and configure Send Options that are specific to that email. Refer to Configuring Message Options for details.

Mail Express Server cannot connect to the GlobalSCAPE Registration Server

GlobalSCAPE 5 — Wed, 01 Sep 2010 10:16:55 GMT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

Mail Express, v3

SYMPTOM

Mail Express Server cannot connect to the GlobalSCAPE Registration Server.

CAUSE

Either the Mail Express Server is not connected to the Internet or connects to the Internet through a proxy.

RESOLUTION

If you must go through a proxy to access the Internet, Mail Express Server will most likely fail to contact the registration server. To resolve the issue, you must edit a configuration file to specify the proxy information.

To edit the configuration file

On the Mail Express Server, open \conf\MailExpressServerService.conf in a text editor.
Locate the "Additional Java Parameters" section.
Add the following lines to the section:
```
wrapper.java.additional.5=-Dhttp.proxyHost=<Proxy host or IP>wrapper.java.additional.6=-Dhttp.proxyPort=<Proxy port>
```
Where <Proxy host or IP> is the hostname or IP address of the proxy server and <Proxy port> is the port to use on the proxy server.
Restart the Mail Express Server.
Proceed with registration.

Uploads to Mail Express are slower than expected

GlobalSCAPE 5 — Wed, 01 Sep 2010 10:16:31 GMT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

Mail Express, v3.0

SYMPTOM

Uploads to Mail Express are slower than expected.

CAUSE

Slower-than-normal uploads have been reported for some files when anti-virus is enabled.

RESOLUTION

This can be remedied by zipping the file and resending.

Also verify your firewall and antivirus settings to ensure that you are not blocking Mail Express or the file types that you want to send.

To zip the file before resending

In Windows Explorer, right-click the file that you want to send, then click Send to compressed (zipped) folder. Windows creates a new file with a ZIP extension in the same directory.
Attach the zipped version of the file to the email and resend.

"System.InvalidCastException" error or emails get stuck in the Outbox

GlobalSCAPE 5 — Wed, 01 Sep 2010 10:16:11 GMT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

Mail Express, v3.0

SYMPTOMS

"System.InvalidCastException" error occurs when trying to use the Mail Express Outlook Add-in.
When using the Mail Express Outlook Add-in, especially when the Add-in is first installed, emails may get stuck in the outbox. When inspecting the Add-in log file the following message or similar message will be present:
System.InvalidCastException: Unable to cast COM object of type 'System.__ComObject' to interface type 'Microsoft.Office.Interop.Outlook.MAPIFolder'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{00063006-0000-0000-C000-000000000046}' failed due to the following error: Library not registered. (Exception from HRESULT: 0x8002801D (TYPE_E_LIBNOTREGISTERED)).

CAUSE

The Outlook 2003 Add-in requires the Outlook 2003 Primary Interop Assembly (PIA) Microsoft.Office.Interop.Outlook version 11 and the Outlook 2007 Add-in requires the Outlook 2007 PIA Microsoft.Office.Interop.Outlook version 12 to be installed on the computer in the Global Assembly Cache (typically c:\windows\assembly). If a version of this PIA exists in the Global Assembly Cache that does not correspond to the version of Outlook installed, it is possible that this error may occur. The Outlook PIA is a COM type library, and COM registration is a "last one wins" model. Since the Outlook PIAs share the same identifiers across versions, only one PIA can be registered and used on the system at a time. Thus, when the Add-In tries to interact with Outlook through COM, exceptions can occur. For instance, if the Add-In is running in Outlook 2007, and the Add-In tries issuing COM calls to Outlook, it could be erroneously routed to the Outlook 2010 PIA which is not necessarily compatible with Outlook 2007, hence the cast exception.

An example of an environment in which this problem can occur is a workstation with Office 2007 installed and the Office 2007 PIAs, but also the Office 2010 PIAs (version 14) are installed. These may have been installed if Microsoft Office 2010 beta or one of the Office 2010 beta counterparts like Visio 2010 beta or Project 2010 beta were installed. The non-beta version of the Office 2010 installer does not allow multiple versions of Outlook to co-exist on the same machine; hence, only a single Outlook PIA should be installed and registered at one time under normal circumstances. This is also true of the Office 2007 installer.

RESOLUTION

The correct version of the Outlook PIA needs to be re-registered on the system. This safest way to accomplish this is to uninstall all versions of Outlook on the system and then to reinstall the version of Outlook that will be used on that workstation and ensure that the .NET Programmability Support feature for Outlook will be installed. The .NET Programmability Support feature can be installed by choosing the Custom install option when prompted by the Office Installer; then expand the Microsoft Office Outlook node and ensure that .NET Programmability Support is set to Run from My Computer.

Officially Supported Products and EOL Dates

GlobalSCAPE Support 1 — Wed, 01 Sep 2010 08:02:15 GMT

THE INFORMATION IN THIS ARTICLE APPLIES TO:
	All Products
SUPPORTED PRODUCTS Technical support is provided in accordance with the GlobalSCAPE End of Life (EOL) and Support Life Policy. The following products are supported to the extent specified. Products not listed are no longer supported.
	FULL SUPPORT (Provided from the time of GA release until the End of Life or EOL² date.) Mail Express 3.0 (GA release of version 3.0 was Sep. 1, 2010) WAFS 3.7.1.0712 (GA release of version 3.7 was Jul. 21, 2010) CuteFTP Mac Professional 3.1 (GA release of version 3.1 was Apr. 28, 2010) EFT Server 6.2.7 (GA release of version 6.2 was Mar. 1, 2010) EFT Server Enterprise 6.2.7 (GA release of version 6.2 was Mar. 1, 2010) DMZ Gateway 3.0.1 (GA release of version 3.0 was Mar. 1, 2010) CuteFTP Professional 8.3.4 (GA release of version 8.3 was Aug. 2, 2008) CuteFTP Home 8.3.4 (GA release of version 8.3 was Aug. 2, 2008) CuteFTP Lite 8.3.4 (GA release of version 8.3 was Aug. 2, 2008) FULL SUPPORT (Wind-down Period¹) (During the Wind-down Period, for Cases that are not Severity One Issues, GlobalSCAPE will typically either (i) provide an existing Bug Fix, (ii) address the issue through a regularly scheduled Maintenance Release to the current Major Release of the Licensed Software product for which EOL has not occurred, or (iii) delay resolution and determine whether it will address the issue in its normal development of future Releases. The Wind-down Period extends 12 months maximum after EOL². ) Mail Express 2.2 (GA release of version 2.2 was May 20, 2009, EOL was Sep. 1, 2010, Full Support (Wind-down period) ends Aug. 31, 2011³.) WAFS 3.6.2.9990 (GA release of version 3.6 was May 3, 2009, EOL was Jul. 21, 2010, Full Support (Wind-down Period) ends Jul. 20, 2011³.) EFT Server 6.1.10 (EOL was Mar. 1, 2010, Full Support (Wind-down Period) ends Feb. 28, 2011³.) EFT Server Enterprise 6.1.10 (EOL was Mar. 1, 2010, Full Support (Wind-down Period) ends Feb. 28, 2011³.) DMZ Gateway 2.0 (EOL was Mar. 1, 2010, Full Support (Wind-down Period) ends Feb. 28, 2011³.) PARTIAL SUPPORT (With Partial Support, our technical support engineers provide customers with known Bug Fixes, existing Maintenance Releases, or access to online self-help resources in response to requests for assistance. Partial Support will be subject to the availability of resources and may be limited as GlobalSCAPE determines in its sole discretion. The Partial Support period extends 36 months after GA Date⁴ or 24 months after wind-down period, whichever is greater. ) Mail Express 2.1.1 (GA for version 2.1 was Feb. 9, 2009, EOL was May 20, 2009, Full Support (Wind-down Period) ended May 20, 2010, EOSL⁵ will be May 20, 2012.) WAFS 3.5.2 (GA for version 3.5.x was Jul. 1, 2007, EOL was May 3, 2009, Full Support (Wind-down Period) ended May 2, 2010 - EOSL⁵ will be May 2, 2012) EFT Server 6.0.17 (Full Support (Wind-down Period) ended Mar. 1, 2010 - EOSL⁵ will be Apr. 8, 2012.) EFT Server Enterprise 6.0.17 (Full Support (Wind-down Period) ended Mar. 1, 2010 - EOSL⁵ will be Apr. 8, 2012.) EFT Server 5.2.21 (Full Support (Wind-down Period) ended Nov. 9, 2009 - EOSL⁵ will be Nov. 8, 2011) DMZ Gateway 1.3 (Full Support (Wind-down Period) ended Nov. 9, 2009 - EOSL⁵ will be Nov. 8, 2011) Secure FTP Server 3.3.10 (Full Support (Wind-down Period) ended Nov. 9, 2009 - EOSL will be Nov. 8, 2011) Secure FTP Server FIPS 3.3.10 (Full Support (Wind-down Period) ended Nov. 9, 2009 - EOSL will be Nov. 8, 2011) Mail Express 2.0 (EOSL – Dec. 15, 2011) CuteFTP Professional 8.2 (EOSL – Apr. 2, 2011) CuteFTP Home 8.2 (EOSL – Apr. 2, 2011) CuteFTP Professional 8.1 (EOSL – Nov. 27, 2010) CuteFTP Home 8.1 (EOSL – Nov. 27, 2010) CuteFTP Mac Professional 3.06 (EOSL – Jul. 24, 2010) For more information about Support Levels or Support Periods, please browse to the GlobalSCAPE End of Life (EOL) and Support Life Policy. ¹The Wind-down Period is the period (12-months maximum) immediately following End of Life, or EOL. ²End of Life, or EOL, for any Major Release and its Maintenance Releases shall be the date of the release of the subsequent Major Release. ³Or earlier in the case of an expedited Wind-down Period which is defined in the GlobalSCAPE End of Life and Support Life Policy. ⁴ The GA Date is the date when a new Major Release is made generally available commercially. ⁵ End of Support Life, or EOSL, means when GlobalSCAPE ceases providing Full or Partial Support for a particular Licensed Software product.

"Attachment size threshold has been exceeded" error appears when attempting to attach a large file to an email

GlobalSCAPE 5 — Wed, 01 Sep 2010 05:31:11 GMT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

Mail Express, all versions

SYMPTOM

"Attachment size threshold has been exceeded" error appears when attempting to attach a large file to an email.

RESOLUTION

When end-users attach a large attachment to an email, they may receive a dialog box stating that their "Attachment size threshold has been exceeded." This occurs even though the user’s threshold settings in Exchange are increased to allow attachments of that size. This error can occur when Cached Exchange Mode is used in Outlook, which can cause Outlook to sometimes ignore the Exchange threshold settings for attachment size or to not notice that the settings have changed.

If you experience this error, please try one of the following approaches:

Approach 1:

Do not use Cached Exchange Mode (see the procedure below to turn off Cached Exchange Mode).

Approach 2:

Turn off Cached Exchange Mode (see the procedure below).
Close Outlook.
Delete the extend.dat file in the %userprofile%\Local Settings\Application Data\Microsoft\Outlook folder.
(extend.dat is a hidden system file. To display hidden files, in Windows Explorer, click Tools > Folder Options > View tab, then click the Show hidden files, folders, and drives option.)
Open Outlook.
Turn Cached Exchange Mode back on.

To turn on or off Cached Exchange Mode (in Outlook 2007)

On the Tools menu, click Account Settings.
On the E-mail tab, click the Exchange account, and then click Change.
Under Microsoft Exchange server, do one of the following:
- To turn off Cached Exchange Mode, clear the Use Cached Exchange Mode check box.
- To turn on Cached Exchange Mode, select the Use Cached Exchange Mode check box.
Exit and restart Outlook.

What do the SAT module error codes mean?

GlobalSCAPE 5 — Tue, 31 Aug 2010 03:59:50 GMT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

Secure Ad Hoc Transfer Module

QUESTION

What do the SAT module error codes mean?

ANSWER

When errors occur during the operation of the SAT module, an error number appears at the top of the SendMail form. Use the error code to troubleshoot the issue.

If this article does not answer your question, please refer to the Secure Ad Hoc Transfer online help for your SAT version:
version 2
version 1

Also refer to Troubleshooting Errors in the Secure Ad Hoc Transfer Module in the online help.

The table below provides descriptions for possible application errors that can occur with the SAT Module.

Error	Description
10001	Not enough disk space to upload the files on drive {0} strTempFolderName
10003	The system could not save files to temporary directory
10006	The caller does not have the required permission to create the specified path (LogPath).
10007	The caller does not have the required permission to create the specified path (IISUploadFolder).
10008	The caller does not have the required permission to delete the uploaded File in the temporary directory.
10009	Unhandled Web exception. Refer to the log files for details.
10010	Unhandled exception. Refer to the log files for details.
10011	Failed to instantiate CIServer. Ensure SFTPCOMInterface.dll is registered on the application server.
10012	Could not initiate connection to EFT Server.
10013	The Site name {0} defined on the configuration file (web.config) cannot be found on EFT Server.
10014	The temporary user cannot be created on Site {siteName} of the EFT Server. Refer to the log files for details. Most likely cause: SAT was installed on an AD or LDAP Site, which cannot create temporary users. Reinstall SAT on a GS or ODBC Site so that EFT Server can create the temporary users.
10015	Failed to set permissions for temporary user on Site {siteName} of EFT Server
10016	Could not get a reference to the temporary user on Site {siteName} of EFT Server
10017	Could not set user home directory as root folder for Temporary user on Site {siteName} of EFT Server
10018	Failed to set expiration date for temporary user on Site {siteName} of EFT Server
10019	Failed to reset permissions for a temporary user on Site {siteName} of EFT Server
10020	Failed to send message by e-mail. Refer to log files for details.
10021	Expired Version
10022	Failed to instantiate ClientFTPEngineClass. Ensure ClientFTPCOMLib.dll is registered on the Application Server.
10023	Failed to get retrieved settings level for the Ad Hoc Setting Level. Ensure the Ad Hoc Settings Level was created on EFT Server. Refer to the log files for details.
10024	Complex password for the user could not be created on Site {siteName}
10025	Change password for the user could not be created on Site {siteName}
10026	Could not set New Full Name for the user.
10027	Access to the path is denied. Refer to the log files for details.
10028	Internal error has occurred; SAT cannot contact the Active Directory Services. Sometimes occurs when the AD server is not operational.
10029	Internal error has occurred; Failed to deliver the payload to the temp account folder. This can be caused by one of the following errors: IIS does not have permission to place the file(s) in the temp account folder. The end user's home folder drive ran out of space or the physical folder does not exist. The log file will read: "An exception has occurred while moving the payload. Error: {0} StackTrace: {1}" The physical destination path is greater than 250 characters. The log file will read: "Files cannot be delivered due to the Path '{0}' because the Fullname is greater than 250 characters. Please change the SAT User Setting physical path on EFT Server to use a shorter path."

maxRequestLength = The maximum size allowed for a request, which is 4 MB by default. This includes uploaded files. Maximum request size can be specified in the Machine.config or Web.config file in the maxRequestLength attribute of the httpRuntime Element.

During a transfer, the connection times out and is dropped.

GlobalSCAPE Support 1 — Fri, 27 Aug 2010 04:21:02 GMT

THE INFORMATION IN THIS ARTICLE APPLIES TO:
	CuteFTP Professional versions 7 and 8 CuteFTP Home versions 7 and 8
SYMPTOMS
	During a transfer, the connection times out and is dropped. Modifying the timeout value has no effect.

CAUSE
	The transfer send and receive buffer size may be set too high. The send buffer holds data until it can be sent to the server and the receive buffer holds data until CuteFTP is ready to read it. By default CuteFTP uses a send and receive buffer size of 65536 bytes which is the normal maximum window size of TCP but may be more than your network connection or remote FTP server can reliably process. This problem is usually attributed to high-latency or lossy network connections such as what might be experienced when connected via some dialup, satellite or legacy CDMA wireless connections.

RESOLUTION
	We recommend setting both send and receive buffers to 4096 bytes. For most users lowering the buffer size to 4096 bytes will have little or no noticeable effect on transfer speeds. Advanced users may want to experiment with different buffer settings to obtain the highest reliable speeds. Follow these steps to change the transfer send and receive buffer sizes: On the Tools menu click Global Options. Click Transfer and then type 4096 for both the Receive buffer and Send buffer size. Click OK and then restart CuteFTP.

GlobalSCAPE Holiday Schedule

GlobalSCAPE Support 1 — Thu, 26 Aug 2010 06:33:06 GMT

GlobalSCAPE Holiday Schedule

GlobalSCAPE offices are closed in observance of Christmas and New Year's Day. If these holidays fall on a Saturday or Sunday, we are closed on the immediately following Monday. For the 2010 holiday season, our offices will be closed:

December 27, 2010 in observance of Christmas
January 3, 2011 in observance of New Year's Day

Does EFT Server/Secure FTP Server support chained certificates?

GlobalSCAPE 5 — Wed, 25 Aug 2010 04:21:19 GMT

THE INFORMATION IN THIS ARTICLE APPLIES TO:<

EFT Server, v5.1 and later

QUESTION

Does EFT Server support certificate chaining?

ANSWER

Yes. Please refer to the attached PDF, Creating, signing, chaining, and assigning a certificate in EFT Server, for a detailed procedure.

EFT Server Supports Certificate Chaining

GlobalSCAPE 5 — Wed, 25 Aug 2010 03:36:12 GMT

THE INFORMATION IN THIS ARTICLE APPLIES TO:<

EFT Server, v5.1 and later

QUESTION

Does EFT Server support certificate chaining?

ANSWER

A certificate chain is used to establish a chain of trust from a peer certificate to a trusted CA certificate. Each certificate is verified through the use of another certificate, creating a chain of certificates that ends with the root certificate. The issuer of a certificate is called a certification authority (CA). The owner of the root certificate is the root certification authority. The last certificate in the chain is usually a self-signed certificate.

EFT Server v5.1 and later supports full certificate chains, which is a single file with a combination of all certificates in the chain. Usually, you will receive this file from a signing authority. Otherwise, you can create the chain manually, as described in Knowledgebase article #10373 or ask the GlobalSCAPE Technical Support team to create one for you.

(A certificate chain that is created using OpenSSL is not a format supported in current versions of Java and will cause the Web Transfer Client (WTC) to be presented with an unverified certificate.)

SFTP21 error = #0. 0

GlobalSCAPE 5 — Wed, 11 Aug 2010 09:42:05 GMT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

CuteFTP Professional 8.3.3 or later

SYMPTOM

When attempting a connection using the SFTP protocol, the following error occurs:

STATUS:>        [8/10/2010 4:06:28 PM] Getting listing ""...
STATUS:>        [8/10/2010 4:06:28 PM] Resolving host name sftp.examplehost.com...
STATUS:>        [8/10/2010 4:06:28 PM] Host name sftp.examplehost.com resolved: ip = 127.9.9.91.
STATUS:>        [8/10/2010 4:06:28 PM] Connecting to SFTP server... sftp.examplehost.com:22 (ip = 127.9.9.91)...
ERROR:>          [8/10/2010 4:06:30 PM] Can't connect to sftp.xxxxx.com:22. SFTP21 error = #0. 0
STATUS:>        [8/10/2010 4:06:30 PM] SFTP21 connection closed

RESOLUTION

Double-check the username and password. If in doubt, contact the SFTP Server administrator or the company that is hosting the SFTP server so that the username/password on your account can be reset. (GlobalSCAPE Support does not have this information.)
If you have previously configured CuteFTP Pro to use more than one public key, ensure that the correct public key for this site is selected in the CuteFTP Pro SSH2 security settings area.
If the remote FTP site is expecting a password in addition to a public key, ensure that option is enabled in the CuteFTP Pro SSH2 security settings area.
Ensure that the user account on the remote FTP server is configured with List and Show in List permissions.

MORE INFORMATION/POSSIBLE CAUSES

This error can be caused by any of the following:

The SFTP Server may be rejecting the username/password combination that is being submitted to it.
CuteFTP Pro may be providing the server with the wrong public key.
The remote FTP site may be expecting a password in addition to the public key.
The user may not have sufficient account privileges on the remote server.
CuteFTP Pro’s newer SSH library (implemented in 8.3.3) may not be compatible with the SFTP server. Contact the Server Administrator to find out which software/version the SFTP server is running, then contact GlobalSCAPE Technical Support with this information.

Firewall and Router Setup

GlobalSCAPE Support 1 — Tue, 10 Aug 2010 09:08:16 GMT

Firewall and Router Setup

Firewalls and Routers
Windows Firewall Configuration for use with CuteFTP	The New Windows Firewall in Windows Vista
Basic Windows XP Firewall Configuration for use with an FTP server	Free help setting up your router or firewall - provided by PortForward.com
Using CuteFTP with Norton Internet Security 2005	Help for Linksys Routers: Setting Up an FTP Server behind a Linksys Router
Understanding Windows Firewall - Adjust Your Firewall Settings	Help for NetGear Routers: How Do I Make an FTP Server on My Private LAN Visible to the Internet?
How Firewalls Work	Help for D-Link Routers: How can I host an FTP Server behind my router?
Firewalls FAQ	If your equipment is not listed here, refer to the manufacturer's Web site for special configuration information.

Troubleshooting Tools and Technical References
Determine your IP Address	IANA Port Assignments
RFC 1579 - Firewall-Friendly FTP	RFC 1123 - Requirements for Internet Hosts - Application and Support

Manufacturer Web Sites for Software Firewall Packages
Symantec (Norton) Support Site	McAfee Support Site
Microsoft has complete instructions on how to configure the Windows Firewall (formerly Internet Connection Firewall) which is built-in to Windows XP, SP2. Click here for more information.

Windows Firewall Configuration for use with CuteFTP

GlobalSCAPE Support 1 — Tue, 10 Aug 2010 08:35:31 GMT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

CuteFTP Professional (All Versions)
CuteFTP Home (All Versions)
CuteFTP Lite (All Versions)

Windows Firewall helps protect your computer by preventing unauthorized users or programs from gaining access to your computer through the Internet or a network. In order for CuteFTP to function properly, two programs need to be added to the Windows Firewall list of allowed programs. Exceptions for both CuteFTP and it's associated Transfer Engine must be made. Choose your operating system and follow the steps shown below. (These instructions are only a guide to the actual steps you may need to take. For more detailed instructions, please consult the Windows Help and Support Center or press F1 while Windows Firewall is open.)

WINDOWS 7

Click Start, click Control Panel, and then click System and Security.
Under Windows Firewall, click Allow a program through Windows Firewall.
Click Change Settings and then click Allow another program.
In the Programs list, click CuteFTP and then click Add.
Click Allow another program again.
Click Browse and then navigate to C:\Program Files(x86)\GlobalSCAPE\CuteFTP (Lite, Home, or Professional).
Click on the file named ftpte(.exe) and then click Open.
In the Programs list, click FTP Transfer Engine and then click Add.
Click OK and then close Control Panel.

WINDOWS VISTA

Click Start, click Control Panel, click Security and then click Windows Firewall.
On the Exceptions tab, click Add Program.
In the Programs list, click CuteFTP and then click OK.
Click Add Program again.
Click Browse and then navigate to C:\Program Files\GlobalSCAPE\CuteFTP (Lite, Home, or Professional).
Click on the file named ftpte(.exe) and then click Open.
In the Programs list, click ftpte.exe and then click OK.
Click OK to exit Windows Firewall and then close Security Center.

WINDOWS XP

Click Start, click Control Panel, click Security Center and then click Windows Firewall.
On the General tab, clear the Don't allow exceptions check box.
On the Exceptions tab, click Add Program.
In the Programs list, click CuteFTP and then click OK.
Click Add Program again.
Click Browse and then navigate to C:\Program Files\GlobalSCAPE\CuteFTP (Lite, Home, or Professional).
Click on the file named ftpte(.exe) and then click Open.
In the Programs list, click ftpte.exe and then click OK.
Click OK to exit Windows Firewall and then close Security Center.

The registered user name shown in the About box is incorrect.

GlobalSCAPE 5 — Tue, 10 Aug 2010 03:40:09 GMT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

CuteFTP 8 Professional
CuteFTP 8 Home
CuteFTP 8 Lite

PROBLEM

The registered user name shown in the About box is incorrect or it has become corrupted.

RESOLUTION

If the registered user name shown in the About box is incorrect or has been corrupted, delete the file named value.dat from the following location. After deleting value.dat, restart CuteFTP and then use your existing registration serial number to activate and register CuteFTP again.

In Windows XP:

C:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP 8 [Home or Professional]\value.dat

In Windows Vista and Windows 7:

C:\Program Data\GlobalSCAPE\CuteFTP 8 [Home or Professional]\value.dat

IF value.dat IS HIDDEN...

By default, Windows hides many program files to prevent accidentally deleting or changing them. If you cannot find value.dat at the path shown above, follow the steps below (depending on your operating system) to display hidden files and folders.

In Windows XP:

Click Start, click Control Panel and then double-click Folder Options.
On the View tab, under Hidden files and folders, click Show hidden files and folders and then click OK.

In Windows Vista:

Click Start, click Control Panel, click Appearance and Personalization and then click Folder Options.
On the View tab, under Hidden files and folders, click Show hidden files and folders and then click OK.

In Windows 7:

Click Start, click Control Panel, and then click Folder Options.
On the View tab, under Hidden files and folders, click Show hidden files and folders and then click OK.

Windows Registry Settings

GlobalSCAPE 5 — Mon, 02 Aug 2010 03:38:02 GMT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

EFT Server versions 4.x and later

DISCUSSION

EFT Server stores its configuration information in the Windows Registry, which contains profiles for each user of the computer and information about system hardware, installed programs, and property settings. EFT Server modifies the system registry as needed, and continually references this information during operation.

To add a key to the registry, you can either edit it directly or create and execute a .reg file. When you add or edit these registry keys, you will need to restart EFT Server.

These options are for advanced users only. Incorrectly editing the registry can severely damage your system. You should always back up (export a copy of) the registry before you make any changes to it.

Certain keys below should be created in the EFT Server 3.0 folder, and others in the EFT Server 4.0 folder. Do NOT change the path to match your version of EFT Server.

The registry keys described at the links below are available in EFT Server for advanced system administration.

The instructions below are provided only as a reminder for advanced users.
If you are not experienced with editing the Registry, please ask your system or network administrator for assistance.

To backup the registry

Click Start, then click Run. The Run dialog box appears.
In the Open box, type regedit, then press ENTER. The Registry Editor appears.
Do one of the following:
- To backup the entire registry, click My Computer.
- To backup a specific group of keys or a specific key, click the folder or key.
On the main menu, click File, then click Export. The Export Registry File dialog box appears.
Specify a name and location for the file, then click Save. The export process begins.
If you are exporting the entire registry, it can take a few minutes, and the file size can be up to 100 MB or more. If you are exporting just one key, the file size is approximately 1 KB.
After you edit the registry, if you are experiencing problems caused by editing the registry, you can import the backed up file:
1. On the main menu, click File, then click Import. The Import Registry File dialog box appears.
2. Click the .reg file to import, then click Open. The import process begins. If you are importing the entire registry, it can take a few minutes.

To create a .reg file

In a text editor, such as Notepad, type or paste the following text on the first line:
Windows Registry Editor Version 5.00
On the second line, type or paste the key path. For example, type:
[HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE Inc.\EFT Server 4.0\EventRules]

(include brackets)
On the third line, type or paste the name of the key and the value (DWORD) for the key. For example, type:
"FolderMonitorWorkerThreadCount"=dword:00000100

(include quotation marks)
Close the file and save it with a .reg extension. For example, type:
threadcount.reg
Double-click the file and follow the prompts to install the key into the registry. If you receive an error, open the file to verify the information was typed correctly. The .reg file can be transported to and used on other computers.

To create the key manually

Click Start, then click Run. The Run dialog box appears.
In the Open box, type regedit, then press ENTER. The Registry Editor appears.
Expand the My Computer node, the HKEY_LOCAL_MACHINE node, and the SOFTWARE node to find the GlobalSCAPE nodes.
Click the applicable GlobalSCAPE node (as described below), then right-click it, point to New, then click Key. This makes a new folder under the GlobalSCAPE node.
Type a name for the key based on the instructions below, then press ENTER.
Right-click the key, point to New, then click DWORD Value.
Type a name for the DWORD value based on the instructions below, then press ENTER.
Double-click the DWORD. The Edit DWORD Value dialog box appears.
In the Value data box, type an integer, based on the instructions below, then click OK.
Close the registry, then restart the Server service.

Some of the keys should be created in the EFT Server 3.0 folder, and some should be created in the EFT Server 4.0 folder. Do NOT change the path to match your version of EFT Server.

Long Delay When Returning Directory Listing in EFT Server

GlobalSCAPE 5 — Mon, 02 Aug 2010 03:32:28 GMT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

EFT Server version 6.2.17 and later

SYMPTOM

A client connecting over any protocol that lists the directory contents of a folder on a NAS with a large number of files (>40,000) causes a very long delay (> 3 mins) to return the folder listing.

RESOLUTION

Prior to EFT Server 6.2, EFT Server did not request folder and file permissions information during a directory listing. Starting with EFT Server 6.2, EFT Server captures the folder and file permissions during the directory listing. If a UNC folder contains a large number of files, the additional overhead required for returning the permission messages for each file can cause a long delay in displaying the directory listing. If the permissions information is captured during the directory listing, as is the case in EFT Server 6.2 and later, EFT Server can better control the user's access as they traverse folders. If the permissions information is not captured during the directory listing, as was the case prior to v6.2, the user will receive error messages much later if they attempt operations that they do not have sufficient privileges to perform.

You can define the Windows Registry key below to revert to pre-version 6.2 behavior.

On 32-bit systems:

[HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE Inc.\EFT Server 4.0\LegacyDirListBehavior]

On 64-bit systems:

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\GlobalSCAPE Inc.\EFT Server 4.0\LegacyDirListBehavior]

DWORD: any non-zero value activates the legacy (no permissions) directory listings

Is it possible to import user passwords from Solaris to EFT server?

GlobalSCAPE 5 — Fri, 23 Jul 2010 04:05:42 GMT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

EFT Server (All Versions) using Local (GlobalSCAPE) Authentication

QUESTION

Is it possible to import user passwords from Solaris to EFT server?

ANSWER

You can create a script that reads lines from the (SHADOW) password file and then calls CreateUserEx() against EFT Server where the password parameter is the exact DES-encrypted password string from the password file and PasswordType is set to 5 (literal). EFT Server will properly authenticate at first login, then convert the password to a salted SHA one-way hash on disk.

Refer to the online help topic http://help.globalscape.com/help/eft6/mergedProjects/gs_com_api/Creating_a_user.htm for more information regarding creating users with the EFT Server COM API.

The attached zip file EFTMigrateCSVUsers.zip contains a script (VBS) and a sample CSV file. You should edit both of these files for your system and your users. (e.g., In the script, the default Admin port should be changed if yours is different from the default.) The script creates users on the first available Site on the Server. The CSV file can be generated by extracting the entries from the Shadow Password file on a *nix system.

The script:

Reads the .csv file into memory.
Parses out the userIDs and passwords.
Verifies/creates VFS folders for the users' home folders.
Configures permissions on the folder.
Configures the users' home folder as root.
Connects to the server and attempts to log in.

When importing shadow passwords from a *nix password file, is it possible to copy user passwords from an existing FTP server to GlobalScape EFT Server transparently to the users?

GlobalSCAPE 5 — Fri, 23 Jul 2010 03:54:07 GMT

This article is a duplicate of KB article #10369. Please redirect your bookmarks to that article.

Editing the EFT Server Registry Entries on a 64-bit OS

GlobalSCAPE 5 — Fri, 23 Jul 2010 03:42:01 GMT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

EFT Server, v6 and later that run on 64-bit Windows operating systems

DISCUSSION

EFT Server version 6 and later is a 32-bit application, but can run on certain Windows 64-bit operating systems (Windows Server 2008 R1&2 (Standard, Enterprise, and Datacenter editions) and Windows 7 (in v6.1 and later)). 64-bit operating systems have two regedit.exe applications: One for 64-bit applications and one for 32-bit applications running on the 64-bit OS. The Registry Editor executable for 32-bit applications is in C:\Windows\SysWOW64\regedit.exe.

To edit the registry for EFT Server on a 64-bit operating system, you must type the entire path to regedit.exe in the SysWOW64 directory.

Click Start > Run, type

C:\Windows\SysWow64\regedit.exe

Click OK or press ENTER.