THE INFORMATION IN THIS ARTICLE APPLIES TO:

• CuteFTP Mac Pro, v3.1.2

QUESTION

Is CuteFTP Mac Pro, v3.1.2 supported on Mac OSx 10.8 (Mountain Lion)?

ANSWER

Although it has not been formally tested, users have installed it on Mac OSx 10.8. You may have received an error stating that the CuteFTP installer "is from an unidentified developer."

Before installing CuteFTP Mac Pro, v3.1.2 on Mac OSx 10.8, the following setting must be enabled:

• On the Apple menu, click Preferences > Security and Privacy > General, then under Allow applications downloaded from click Anywhere. (The default setting for Gatekeeper in OS X Lion v10.7.5 is Anywhere.)

For more information about CuteFTP Mac Pro, refer to the following links:

• Online help: http://help.globalscape.com/help/cuteftpmacpro3/
• CuteFTP support: http://www.cuteftp.com/support.aspx

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• EFT Server, version 6.5 and later

SYMPTOM

In Internet Explorer 8 and earlier, downloads over HTTPS fail when using the Plain-Text Client

RESOLUTION

The registry override from Microsoft (http://support.microsoft.com/kb/323308) described below will bypass the HTTPS cache check so that files can be downloaded directly from the remote site. Alternatively, upgrading to IE9, or using a current web browser will resolve the issue.

To resolve this issue in Internet Explorer 7 and 8:

1. Start the Registry Editor.
2. For a per-user setting, locate the following registry key:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

3. For a per-computer setting, locate the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

4. On the Edit menu, click Add Value.
5. To override the directive for HTTPS connections, add the following registry value:

"BypassSSLNoCacheCheck"=Dword:00000001

6. To override the directive for HTTP connections, add the following registry value:

"BypassHTTPNoCacheCheck"=Dword:00000001

7. Close the Registry Editor.

MORE INFORMATION

When connecting to EFT v6.5 via the Plain Text Client using Internet Explorer 8, Windows Internet explorer receives the following error:

“Unable to download [filename] from [host address]

Unable to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later.”

When connecting to EFT v6.5.0, Internet Explorer 8 tries to permanently cache secure files on the client computer, which by current security standards should not be allowed. A bug in Internet Explorer prevents active downloads over the secure socket layer unless files are cached on the client computers.

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• Mail Express version 3.0-3.2

DISCUSSION

The Mail Express Server is, in essence, a fully functioning Web Server that hosts the Mail Express Server web application. The Mail Express system requires the use of port 443 on thecomputer running the Mail Express Server. By default the Mail Express Server will attempt to listen on all IP addresses.

This may present difficulties when installing on acomputer running other applications that are using port 443, such as EFT Server or the Internet Information Services (IIS) web server. Running the Mail Express Server on a separate computerfrom these applications will avoid resource contention and simplifies network routing.However, running the Mail Express Server on the same computer as another application that uses port 443 may be unavoidable.

If this is the case, then the Mail Express Server and the competing application(s) must be configured to bind to port 443 on separate IP addresses. The following instructions describe how to configure the Mail Express Server to listen on a specific IP addressinstead of all IP addresses on the computer. (To specify an IP address in EFT Server, refer to Changing a Site's IP Address or Port in the EFT Server documentation for your version of EFT Server. To configure other applications to use a specific IP address, refer to their documentation.)

To configure the Mail Express Server to bind to port 443 on a specific IP Address:

1. Shut down the Mail Express Server Windows service.
2. Using a text editor such as Notepad, edit the configuration file “<Mail Express Server Installation Directory>\conf \server.xml”
3. Locate the SSL Connector definition XML Element by searching for the text port=”443”. The element will be similar to:

<Connector 			port="443"			protocol="HTTP/1.1"			connectionTimeout="20000"			keepAliveTimeout="20000"			enableLookups="true" 			disableUploadTimeout="true"			acceptCount="100"			maxThreads="200"			scheme="https"			secure="true"			SSLEnabled="true"			SSLProtocol="all"			SSLCipherSuite="ALL:!ADH:!SSLv2:!EXPORT40:!EXP:!LOW"			SSLCertificateFile="${catalina.home}\conf\MailExpress.crt" 			SSLCertificateKeyFile="${catalina.home}\conf\MailExpress.key"			SSLPassword="mailexpress"			SSLVerifyClient="none"			SSLVerifyDepth="10"/>	

4. Add an “address” attribute by inserting the following line into the “Connector” definition:

address="<IP Address>"

Where<IP Address>is the explicit IP address on which to listen on port 443. Theresulting Connector definition should resemble the following example:

<Connector			address="192.168.1.58"			port="443"			protocol="HTTP/1.1"			connectionTimeout="20000"			keepAliveTimeout="20000"			enableLookups="true" 			disableUploadTimeout="true"			acceptCount="100"			maxThreads="200"			scheme="https"			secure="true"			SSLEnabled="true"			SSLProtocol="all"			SSLCipherSuite="ALL:!ADH:!SSLv2:!EXPORT40:!EXP:!LOW"			SSLCertificateFile="${catalina.home}\conf\MailExpress.crt" 			SSLCertificateKeyFile="${catalina.home}\conf\MailExpress.key"			SSLPassword="mailexpress"			SSLVerifyClient="none"			SSLVerifyDepth="10"/>

5. Save the changes to the file.
6. Start the Mail Express Server Windows service.
7. Verify the Mail Express Server is listening on the specified IP address and port by navigating a web browser to that address and port.

THE INFORMATION IN THIS ARTICLE APPLIES TO:

QUESTION:

How do I remove a TappIn folder share?

ANSWER:

1. Navigate to the TappIn icon on the systray located in the bottom right corner of the screen as shown below:
2. Click on the TappIn icon and choose TappIn Folders.
3. A new screen will appear in the browser window under Libraries | My Files.
4. Click on the gear icon beside the device that the share exists on:
5. The Manage Folders screen will appear. Locate the folder for which the share will be removed. Click Remove.
6. A new screen will appear requesting validation. Click Remove.
7. Click Continue. If this is the correct TappIn folder, then click Remove. A new screen will appear without the TappIn folder share.
8. Click Continue.
9. The My Files page will appear with the TappIn folder share no longer listed.

THE INFORMATION IN THIS ARTICLE APPLIES TO:

QUESTION:
How do I establish a TappIn folder share?

ANSWER:
There are default shares automatically established for user convenience; however, follow the steps below to share out another folder or folders.

1. Navigate to the TappIn icon on your systray located on the bottom right corner of your screen as shown below:

2. Click the TappIn icon and choose TappIn folders:

3. The Libraries / My Files page will appear in the browser window as pictured below:

4. Click on the gear / cog icon as shown below.

5. A new screen will appear titled Manage Folders. In the bottom right corner click Make Another Folder Available.

6. Choose either Drives or Network depending on the location of the folder or item you want to share. Make note of the Windows User Tip as pictured below.

7. The view will expand and show a more detailed folder structure. Select the file and contents to be shared. Make note of the Folder Path, Folder Name (this can be changed provided the name does not already exist), and Permissions (choose Read-Only or Read-Write). Read-write will allow a remote share holder the ability to change the folder and file contents.

8. Next click Add. The screen will switch back to Manage Folders, and you should now see your new share listed.
9. Click Continue at the bottom of the page.
10. The new TappIn folder share will be setup on the My Files page below Libraries.

This article outlines how to use the OneDisk iPhone App from Readdle Software and the TappIn remote access and file sharing service. OneDisk is a file management tool that turns any Apple iPhone device into a wireless-accessible storage device. In addition, it can access file servers over the Internet.The value of using OneDisk with TappIn is that you can have simultaneous access to all your digital files and media while connected to other cloud storage or servers on the Internet. Using both solutions in this way provides one app, OneDisk, to provide file management between the home and cloud storage or other servers such as FTP or other WebDAV accessible services.

Getting Started: TappIn’s remote access and file sharing service offers safe and easy access to all your digital content. Readdle’s OneDisk iPhone app is a universal WebDAV client that can be used to access all your personal content that resides within your home network orcomputers, when configured to work with TappIn services.

A TappIn account is required prior to setting up and using OneDisk. To register for a TappIn account, go to: www.tappin.com Here is a short checklist on how to setup TappIn:

1. Launch your Web browser to www.tappin.com.
2. Register by entering an email address and password.
3. Click “Sign Up!”
4. Log into your email account and click the activation link to the TappIn Desktop App.
5. Install the TappIn Desktop App on at least one computer. By default, your personal directory will be securely accessible over the TappIn network.

Get the OneDisk App. Purchase OneDisk through the iTunes AppStore and install the app on your device. OneDisk Help is built directly into the app so feel free to reference OneDisk Help along the way to make sure you understand exactly how OneDisk works.

1. Once installed, launch the application by tapping the OneDisk icon.
2. Once OneDisk starts, you will be see the OneDisk home screen. The home screen above displays the list of folders and documents you currently have stored inside the local storage area of the OneDisk app. The Edit button at the top allows you to make changes to the local files and folders. At the bottom of the screen there is a three-tab tab bar, the first which is highlighted above shows all of the files and folders that are local and always accessible. The middle tab is used to access remote servers you may define, and this is where your TappIn remote online folders will reside. Finally, the third tab is used to access the application settings.
3. When you tap the Online tab you will see the Online Storage screen. This screen displays any remotely accessible servers or services that you can from within OneDisk. Your TappIn shares will show, allowing you to access files and folders anywhere, anytime using OneDisk on your mobile device.

Adding TappIn as a WebDAV Server: In order to access your TappIn shared folders using OneDisk, you need to add the TappIn Service using the "Other WebDAV" server option.

1. To add the server, click the PLUS button in the upper left of the OneDisk Servers screen.
   Clicking the + button exposes the list of new server types you can add to make accessible from OneDisk.
2. When you are at the screen displayed below, you will need to scroll down to the bottom of the list of Services and it should look like this:
   Once you arrive at the end of the list, you want to tap Other Server to add the Other Server WebDAV service. Once you done, you can proceed to enter the TappIn configuration information.
3. The following screen will be displayed once you choose Other Server.
   1. Enter a descriptive title for this TappIn share, this is what will show up in the main OnLine list of Services.
   2. Enter the URL for the share you want to access. The form of the URL: https://webdav.tappin.com/user@email.com/sharename
   3. Enter your TappIn Username. This is the email address you used when registering for TappIn.
   4. Optional: Enter your password. If you leave it blank, it will prompt you at connection time.
   5. Click Save.

   NOTE: Before you tap Save, you should have a screen that looks like this, but with your specific information in each field.

4. OneDisk takes you back to the Online Storage screen where your new TappIn service share is shown in the list of online storage services you can connect.
Now, if you tap on TappIn while you have an Internet connection, the OneDisk Application will talk across the Internet securely to the TappIn services and will attach to your TappIn shared folder(s).

That’s it. You can now use your favorite WebDAV client OneDisk with your favorite remote access and online file sharing service — TappIn! You can safely upload, download, view and email any files you have stored back in your home/work computer or personal network.

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• EFT Server, version 6.x

SYMPTOM

Call to a COM method throws an "MX Error: 52 (0x00000034)."

RESOLUTION

"MX Error: 52 (0x00000034)" means that the COM object needs to refreshed. That is, you must invoke the ICIServer method RefreshSettings().

• EFT Server, version 6.x and later

QUESTION #1

Can EFT make my organization compliant with the PCI DSS?

ANSWER #1

GlobalSCAPE’s products can facilitate compliance with several PCI DSS requirements, but Globalscape’s products themselves do not "make" an organization compliant. EFT provides features that warn you when a setting does not meet certain PCI DSS requirements, which you can then choose to address or not.

QUESTION #2

How can I validate whether my organization is PCI DSS compliant?

ANSWER #2

Validation requirements for PCI DSS compliance depend on the merchant or organization’s tier. Some tiers require only that the organization complete a self-assessment questionnaire. Organizations that process many transactions will typically pay a Qualified Security Assessor (QSA) to evaluate whether the organization complies with all requirements for systems in PCI DSS scope as part of a mandatory quarterly scan. To further complicate matters there is no black-and-white standard by which a QSA will assess an organization; it’s up to the QSA to interpret the PCI DSS requirements the way they understand them. This can result in situations where two different QSAs will come up with different assessments even for the same organization! Interestingly, the final authority on compliance is still the payment card vendors (Visa, MC, Amex, etc.) who reserve the right to overrule a QSA’s assessment. The self-assessment questionnaire (in the PCI DSS Quick Reference Guide) is a good start to determine how far out of compliance you might be and what it will take to get you into compliance.

MORE INFORMATION

For more information about the PCI DSS, refer to the PCI SSC Data Security Standards Overview. On that page, click the PCI Data Security Standard (PCI DSS) link to access numerous downloadable PDFs about the standard.

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• Mail Express, v3.3.2 and later

DESCRIPTION

The Mail Express Outlook Add-in has several dependencies which the help guide details and provides installation information for. This KB article describes special case scenarios to consider that supplement the information in the help guide.

Microsoft Outlook 2013 Primary Interop Assembly

The steps to install the PIA after Microsoft Outlook is installed are as follows:

• From the Windows Control Panel choose “Programs and Features.”
• Select “Microsoft Office 2013” from the list of installed programs.
• Press the “Change” button, select the “Add or Remove Features” radio button, and then press the “Continue” button.
• Expand the “Microsoft Outlook” node and then choose the “Run from My Computer” menu option for the “.NET Programmability Support” feature and finally press the “Continue” button.

A similar approach can be taken to install the PIA when installing Outlook for the first time.

MORE INFORMATION

For versions of Outlook prior to Outlook 2013, the PIA can be downloaded from Microsoft’s web site or can be installed via the Mail Express Add-in Bootstrapper. Please consult the Mail Express help guide for more information.

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• All GlobalSCAPE products, all versions

DISCUSSION

The attached PDF provides information regarding Section 508 Compliance Voluntary Product Accessibility.

For more information about Section 508 compliance, refer to http://www.section508.gov/.

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• EFT Server (All Versions)
• DMZ Gateway (All Windows versions)
• Secure FTP Server (All Versions)

DISCUSSION

This topic describes how to tune Windows XP, Windows 2003, and Windows 2008 R1 & R2 operating systems for TCP/IP performance. "Tuning" involves adding several registry keys. To add a key to the registry, you can either edit it directly as described below or create and execute a .reg file. When you have finished adding or editing these registry keys, you must restart the Server. Configure the following settings or variables below according to your specific tuning needs. If necessary, refer to the Globalscape Knowledge Base article Q10411 - HOWTO: Windows Registry Settings, for the procedure for creating/editing keys and creating a .reg file.

These options are for advanced users only. Incorrectly editing the registry can severely damage your system. You should always back up (export a copy of) the registry before you make any changes to it.

REGISTRY KEYS

In all versions of Windows, add the keys described below. Certain keys/values depend on the operating system installed (noted in the Value name column where different).

Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters

Subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters

Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{Interface GUID}*

* {Interface GUID} is different for every system.

Your .reg file for Windows 2008 would look something like this:

Remember to reboot the server computer after making the registry changes.

On Windows 2008 (R1&R2), you must also disable autotuning:

• Open a command prompt and execute the following command:

netsh int tcp set global autotuninglevel=disabled

The default level is "normal." The possible settings include:

• disabled: uses a fixed value for the tcp receive window. Limits it to 64KB (limited at 65535).
• highlyrestricted: allows the receive window to grow beyond its default value, very conservatively
• restricted: somewhat restricted growth of the tcp receive window beyond its default value
• normal: default value, allows the receive window to grow to accommodate most conditions
• experimental: allows the receive window to grow to accommodate extreme scenarios (not recommended as it can degrade performance in common scenarios; only intended for research purposes. It enables RWIN values of over 16 MB)

• Secure FTP Server (All Versions)
• EFT Server (All Versions)

QUESTION

How can the EFT Server or Secure FTP Server service loading order be changed/delayed?

ANSWER

Windows 2008 and 2012:

To delay start of the EFT server service on a Windows 2008 server that needs to be very sequence driven, you will need to perform the following steps to use the Windows built-in Delay Start option:

1. Do one of the following to open the Services Microsoft Management Console (MMC) snap-in:

• In Windows 2008: Click Start, type services.msc in the search box, then press ENTER.
• In Windows 2012: In the Server Manager, click Tools > Services.

Windows 2003 or earlier:

Caution: The following steps involve editing the Windows registry on the server computer. Incorrectly editing the registry may severely damage your system. These instructions are intended for the advanced user who is prepared to both edit and restore the registry. We recommend that you backup the registry before proceeding.

1. Start Registry Editor and navigate to the following subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder

2. Double-click on the list entry and add a new value in the list named GlobalSCAPE. Place the new value into the list at the point in the startup sequence where you want the Server service to start. (For example, to configure it so that the Server service starts after all other services, place the GlobalSCAPE value at the end of the list.)

3. Click OK to close the editing screen.
4. Navigate to the following subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GlobalSCAPE EFT Server (or Secure FTP Server)

5. Right-click on the name of the subkey, click New and then click String Value.
6. For the name, type Group.
7. Double-click to modify the newly created Group entry and type GlobalSCAPE for the value.
8. Click OK and then close Registry Editor.

This article is duplicated (and updated) in article 10666 - Upgrading Secure FTP Server v3.3 to EFT Server v6.x. Please refer to that article for information.

If you have bookmarked this page, please redirect your bookmark to the link above. Sorry for the inconvenience.

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• Upgrading Secure FTP Server version 3.3.10 to EFT Server (SMB) version 6.2.31

**Secure FTP Server is no longer a supported product, and is not compatible with Windows 2008 or later.

Also refer to article #10359, Moving Secure FTP Server from One Computer to Another Computer.

Note: If you are running a version of Secure FTP Serverversion 3 earlier than v3.3.10, you must first upgrade to v3.3.10 beforeupgrading to EFT Server. EFT Server 6.x.x installer is expecting SecureFTP Server to be version 3.3.10. For this reason we strongly recommendthat you upgrade to Secure FTP Server 3.3.10, if you are not already onthat version. You can download Secure FTP Server v3.3.10 at ftp://ftp.globalscape.com/pub/gsftps/archive/gsftps33.exe. Refer to the procedure at the bottom of this article for details of upgrading Secure FTP Server.

DISCUSSION

The process for migrating a Secure FTP Server 3.3.10 configuration toa new server running EFT Server 6, which includes all Event Rules, useraccounts, keys, etc., is straight forward and should only take about 20to 45 minutes. (It is not necessary for EFT Server to have beeninstalled on the old server; EFT Server v6 will properly convert thefiles for Secure FTP Server 3.3.10 **. Nor is it necessary for the OS tobe the same version on the new server as on the old server; the newinstallation of EFT Server will correctly conform itself to the newserver OS.) While it used to be possible to do a migrating upgrade fromSecure FTP Server 3.3.10 directly to the latest version of EFT Server 6,and this process continues to be successful in some situations, therehave been sufficient problems caused by this extreme jump that we nowstrongly recommend performing a stepping upgrade through EFT Server6.2.31. To obtain the installer for EFT Server 6.2.31, browse to theReplacement Software Downloads page [http://www.globalscape.com/support/reg.aspx]of our website. Once the installer is downloaded, use the migrationguide below to move the Secure FTP Server 3.3.10 configuration to thenew server running a straight installation of EFT Server 6.2.31. Afterverifying that the configuration is working properly for EFT Server6.2.31, please use the upgrade instructions to upgrade to EFT Server 6.4.x; then you can upgrade to v6.5 or later. (Upgrades are supported only within 2 version numbers.)

Please note that per Globalscape policy for liability reasons,Support does not upgrade or migrate the servers of our clients,but provides instructions or guidance for accomplishing the process.While Support does not upgrade or migrate servers for our clients, it ispossible to acquire an upgrade package from our Professional Servicesteam to have them personally handle the process.

Migration from Secure FTP Server 3.3.10 to EFT Server 6.2.31

Prepare:

1. Ensure that EFT Server 6 is compatible with your server by checking here: http://help.globalscape.com/help/eft6-2/system_requirements_for_server.htm. (Remember, you can only upgrade Secure FTP Server to EFT v6.2.31. After installing v6.2.31, you can upgrade to v6.4. Upgrades are supported only within 2 version numbers.)

2. Request and receive a new EFT Server 6 licenses (if you have a Secure FTP Server or EFT Server 4 or 5 serial numbers) and a new DMZ 3 licenses (if you have a DMZ Gateway 1 or 2 serial number) from your account representative.

3. Download EFT Server 6.2.31 from http://www.globalscape.com/support/reg.aspx, making certain to specify correctly the installer that corresponds with the EFT Server license. (You must have the EFT Server (SMB) installer for an EFT Server (SMB) serial number and the EFT Server Enterprise installer for the EFT Server Enterprise serial number].

4. Ensure that the account used to log in to Secure FTP Server 3 is a unique account within Secure FTP Server (this is critical) and not a local server or domain account. During the upgrade process, all local server or domain accounts will be locked out of EFT Server unless you own the High Security Module (HSM); use this article if you need assistance changing it: http://help.globalscape.com/help/secureserver3/Change_global_administration_password.htm.

5. Stop the Secure FTP Server 3 service to ensure all settings are preserved; once the ftp://ftp.cfg/ copy is complete, the service can be restarted.

6. Create a migration folder on the new server and add the appropriate application data files from C:\Program Files\GlobalSCAPE\Secure FTP Server:

   • FTP.cfg and FTP.bak

   • *.aud

   • All pgp keys (*.skr, *.pkr)

   • All SSL certificate files (*.cer, *crt)

   • All SSH key files (*.pvk, *.pub)

   • Any scripts or .bat files

   • Any custom reports

7. Ensure that the Secure FTP Server 3.3.10 site data folders are copied to the new server (default location is C:\inetpub\EFTRoot) using the exact same folder structure as exists on the old one (e.g., if it is D:\EFTRoot on the old server, make certain it is D:\EFTRoot on the new server). Otherwise, it will be necessary to point each Site to the correct location and potentially set the folder permissions. [Instructions for moving the Site Root can be provided upon request.]

Migrate:

1. Use the installer to install only EFT Server, without the ARM Database module, on the new server (clear the check box to start the service) [Installing EFT Server: http://help.globalscape.com/help/eft6-2/mergedprojects/eft/installingserveradministratormodules.htm]

2. Add the EFT Server service account to run the EFT Server service. [Our best practice is to have a windows or domain account that starts the windows service (services.msc) for the EFT Server.]

3. Ensure that the EFT Server service account has full rights to the application data directory and the Site data directory.

4. Copy the application data files from the migration folder to the correct places, overwriting any files, as needed. If the EFT Server was installed to the default location, copy the files to this folder:

   Windows Server 2003: C:\Documents and Settings\All Users\Application Data\GlobalSCAPE\EFT Server

   Windows Server 2008: C:\ProgramData\GlobalSCAPE\EFT Server

5. Start the EFT Server service and log in to the administration interface.

6. Register EFT Server and all modules, including the DMZ Gateway 3 serial number.

7. On the Server's (Local Host) Administration tab:

   • Set the Listening IP address correctly

   • Click the Configure button for the Require SSL for remote administration and point to the SSL certificate.

8. On the Server's Security tab:

   • Set the Allowed SSL versions to Defined and clear the SSL 2.0 option. [This protocol is no longer secure.]

   • In the Allowed ciphers field, move RC4 128 bit cipher up to first in the Priority list. [This works around the SSL Beast exploit.]

9. On the Server's Logs tab, point Folder in which to save log files to the correct directory path. [This typically consists of pointing to the new Logs folder in the application data directory, such as C:\ProgramData\GlobalSCAPE\EFT Server.]

10. On each Site's Connections tab:

    • Set the Listening IP address correctly

    • Click SFTP Config and specify the SFTP private key location.

    • Click Configure for SSL Certificate settings and specify the Certificate and Private key locations.

11. On each Site's Security tab:

    • Click Configure for Invalid login options, and set Ban IP address after to 12. [This eliminates the ability of end users to get themselves banned but does not compromise security against attackers.]

    • Click Count both ‘incorrect username’ and ‘correct username + incorrect password'. [This provides stronger security against attackers.]

12. Verify that the Site is working properly by testing connections, Event Rules, and reports.

Upgrading EFT Server 6.2.31 to v6.3.x or 6.4.x

Prepare for upgrade:

[**Pleasenote that the installer for EFT Server or EFT Server Enterprise withthe SQL Server Express for ARM database is only needed for the firsttime the ARM module is installed and then only if the free SQL ServerExpress 2008 is to be used instead of a full licensed version of SQLServer. Following the initial installation this larger installer willnot be needed as both versions will successfully setup and/or upgradethe ARM module.]

1. Download EFT Server [and the DMZ Gateway module if needed] from one of the following:

   • EFT Server (without SQL Server Express for ARM database): http://globalscape.com/support/srv.aspx

   • EFT Server Enterprise (without SQL Server Express for ARM database): http://globalscape.com/support/eft.aspx

2. Stop the EFT Server service (this must be done to ensure all settings are preserved; once the ftp://ftp.cfg/ copy is complete, the service can be restarted).

3. Create a backup of the EFT Server application configuration:

   • If running EFT Server Enterprise, run the Backup and Restore wizard as explained here, and then proceed to step 4:

     http://help.globalscape.com/help/eft6-2/mergedprojects/eft/backing_up_or_restoring_server_configuration.htm

   • If the EFT Server was installed to the default location, then copy the following files:

     • ftp://ftp.cfg/ and ftp://ftp.bak/

     • *.aud

     • Any custom AWE *.awl files

     to a backup folder:

     Windows 2003: C:\Documents and Settings\All Users\Application Data\GlobalSCAPE\EFT Server

     Windows 2008: C:\ProgramData\GlobalSCAPE\EFT Server

4. Create a backup of the registry.

Upgrade:

1. Use the new EFT Server installer to upgrade EFT Server 6.2.31 and, if using ARM, install/update the database. Before clicking finish, clear the Start the Server service check box.

2. Add/verify that an EFT Server Service account is set to run the EFT Server Service. [Our best practice is to have a Windows or domain account that starts the Windows service (services.msc) for EFT Server.] Ensure that the EFT Service account has full rights to the application data directory and the Site data directory.

3. Start the EFT Server service.

4. If you use or will be using the Secure Ad Hoc Transfer (SAT) Module or DMZ Gateway Module, use the corresponding installers and the following instructions to install or upgrade.

   • Installing/Configuring ARM: http://help.globalscape.com/help/eft6-4/mergedprojects/arm/installingandconfiguringarm.htm

   • Installing/Upgrading SAT http://help.globalscape.com/help/SAT3/toc_installingsecure_ad_hoc_transfer.htm

   • Install/Upgrade DMZ Gateway: http://help.globalscape.com/help/dmz3/toc_installing_dmz_gateway.htm

5. Verify that the EFT Server Sites are working properly by testing connections, Event Rules, and reports

   • For EFT Server Enterprise 6.3.x and later, all Event Rule syntax is strictly enforced; entries in EFT Server Enterprise 6.2 for Events Rules where the Source or Destination virtual paths worked without a “/” at the beginning will fail. Instead each virtual path must look like this /rootfolder/ or this /rootfolder/subfolder/.

   • Additionally, in EFT Server Enterprise 6.4.x and later, all outbound connection Event Rules use the IP address specified in the Event Rule. (Refer to http://help.globalscape.com/help/eft6-4/mergedprojects/eft/copy_move_file_to_host_action_help.htm item 15b.)

   • For EFT Server 6.3.x and later, all rebranding done in prior versions will not work with the newer versions it will be necessary to brand the WTC, PTC, etc. using the new rebranding instructions.

You can now upgrade to EFT v6.5 or later.

Rollback:

1. Uninstall the newer EFT Server version.

2. If nothing else changed between the newer EFT Server install and rollback process, restore the registry.

3. Install the previous EFT Server version, skipping the ARM portion. (Before clicking finish, clear the Start the service check box.)

   • If running EFT Server SMB, paste the backup of the previous EFT Server version folder over the default location, the start the Server service.

     Windows 2003: C:\Documents and Settings\All Users\Application Data\GlobalSCAPE\EFT Server

     Windows 2008: C:\ProgramData\GlobalSCAPE\EFT Server

   • If running EFT Server Enterprise, start the EFT Server Service, then log in to the administration interface and run the Restore wizard (http://help.globalscape.com/help/eft6-4/mergedprojects/eft/backing_up_or_restoring_server_configuration.htm.)

4. If the Auditing and Reporting Module (ARM) was active, restore the ARM Database. (The reports will not function until the restore is complete.)

5. Verify that the EFT Server Sites are working properly by testing connections, Event Rules, and reports.

Upgrading Secure FTP Server v3.x to v3.3.10

Prepare:

1. Create a backup of the Secure FTP Server 3.x.x application configuration: (Windows 2003) C:\Program Files\GlobalSCAPE\Secure FTP Server.
2. Copy the following items to a backup folder: ftp.cfg, ftp.bak, and *.aud
3. Create a backup of the registry.
4. If the Auditing and Reporting Module (ARM) is active, create a back-up of the database.

Upgrade:

1. Download Secure FTP Server 3.3.10: ftp://ftp.globalscape.com/pub/gsftps/archive/gsftps33.exe.
2. Use the Secure FTP Server 3.3.10 installer to upgrade Secure FTP Server. [http://help.globalscape.com/help/secureserver3/Upgrading_the_Software.htm]
3. Add the Secure FTP Server Service account to run the Secure FTP Server Service.
4. Ensure that the Secure FTP Server Service account has full rights to the application data directory and the Site data directory.
5. Start the Secure FTP Server service.
6. Verify that the EFT Server Sites are working properly by testing connections, Event Rules, and reports.

Rollback:

1. Stop the Secure FTP Server service.
2. Paste the backed up Secure FTP Server folder over the new installation (default=C:\Program Files\GlobalSCAPE\Secure FTP\).
3. Start the Secure FTP Service.
4. Verify that the Secure FTP sites are working properly by testing connections, Event Rules, and reports

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• CuteFTP, all versions

SYMPTOM

"Automatically detect remote Server time zone" doesn't work for SFTP or HTTP/S protocols; The remote file time stamps are not converted to local time.

RESOLUTION

When using SFTP or HTTP/S manually configure the remote time zone instead of using the "automatically detect" feature.

MORE INFORMATION

The Site Property > Type option "Automatically detect"check box causes the remote pane to display remote file times converted to the remote server's local time zone. Currently no remote time zone conversion is being done with this configuration if the protocol selected is SFTP or HTTP/S. This feature applies only to FTP sites.

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• Mail Express, v3.1 and later

SYMPTOM

When a potential Internal user picks up a Mail Express package before creating an Internal account, both an Internal and External account are created.

RESOLUTION

To avoid both accounts being created, create a script that can be deployed (via Group Policy or other management system) when a user logs in to the network to automatically open Internet Explorer (IE), navigate to the Mail Express Internal Portal (thereby creating the Internal User via Single-Sign-On), and then close IE.

Note: Active Directory and Kerberos authentication must be configured and enabled in Mail Express for SSO to work.

Example script:

start /MIN /d "C:\Program Files\Internet Explorer" iexplore.exe <internal portal URL>
PING -n 10 localhost >NUL
"C:\Windows\System32\taskkill.exe" /f /t /im iexplore.exe

MORE INFORMATION

Mail Express has three types of standard users: Internal, External, and Pick-up Only. Internal accounts are created either by connecting with an Outlook Add-in, logging in to the Internal Portal (using AD credentials), or an administrator manually creating an account. External accounts are created either by the Invite process, Pick-up authentication process, or an administrator manually creating an account. When a user receives a file via Mail Express that requires authentication to download, they are asked to either log in with credentials that have already been created or they must create a new account. If they need to create a new account, that account with be either External or Pick-up Only (depending on what the sender has specified). If that recipient also has the ability to create an Internal account, but has not yet created one, an Internal and External (or Pick-up) account could both be created.

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• EFT Server, version 6.x

SYMPTOM

When using Tunnelier SFTP client, EFT allows the user to change the password to initial the password even though EFT settings prohibit doing so. (i.e., Allow users to reset their passwords, Force user to change their first-time password immediately upon first use, and Prohibit reuse of previous check boxes are all selected.)

RESOLUTION

Use CuteFTP^®.

MORE INFORMATION

This is not a defect in EFT, but occurs because of the way that Tunnelier handles password changes. Specifically, after EFT requests a password change, Tunnelier (v4.60) responds by first sending EFT a new blank password, regardless of the password entered by the user. Tunnelier then sends the initial password provided by the user. From the user’s perspective, this appears as if EFT has allowed the user to bypass the "Prevent use of previous" setting. In actuality, the password was first changed to the blank password and then back to the initial password and thus is not applicable to the "Prevent use of previous" setting.

Our testing with other SFTP clients such as CuteFTP 9 and WinSCP 5.15 was unable to reproduce the issue, which seems to indicate that this behavior is unique to Tunnelier.

For details of EFT's password complexity settings, refer to Enforcing Complex Passwords on the Site.

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• EFT Server, version 6.4 and later

SYMPTOM

Java Security Warning prompt appears while the Web Transfer Client (WTC) or the Secure Ad Hoc Transfer (SAT) module is loading.

RESOLUTION

Upgrading from v6.4.x to v6.4.19 or from v6.5.x to v6.5.5.2 corrects the issue.

Alternatively, you can work around the issue until you are ready to upgrade by installing the attached JAR files as described below.

To work around the issue

1. Back up the following SAT (if used) and WTC folders:

• SAT: C:\InetPub\wwwroot\EFTAdhoc\lib
• WTC: C:\Program Files (x86)\GlobalSCAPE\EFT Server Enterprise\web\public\EFTClient\wtc\lib

MORE INFORMATION

As of Java update 7u21, Java has started warning users of potentially unsafe code when web applications they are about to run contain JavaScript code that is used with trusted Java components. A dialog, shown above, gives the user the option to block the application or to keep going.

Java provides a mechanism for keeping the user from being prompted and it has been implemented for the WTC/SAT. However, until the fix has been propagated to EFT Server, there is a temporary workaround to avoid displaying the prompt every time the WTC/SAT is started. You can disable the prompt in the Java Control Panel.

To disable the prompt

1. Click Start > Control Panel, then click the Java icon. (Or click Start > Run, type/paste: c:\Program Files (x86)\Java\jre6\bin\javacpl.exe, then click OK. This is the default path; your path may differ.)
2. In the Java Control Panel, click the Advanced tab, and scroll toward the bottom of the dialog box.
3. In the Mixed code area, click Enable - hide warning and run with protections.
4. Click OK.

This should be considered a temporary solution as hiding this prompt may allow malicious software to have access to the client and server systems.

For more information about the Mixed code options, refer to http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/mixed_code.html#jcp

• EFT Server (All Versions)

How can I purge EFT data from my SQL database?

ANSWER

Use the procedure in http://help.globalscape.com/help/eft6-5/mergedprojects/arm/purging_data_from_the_database.htm to purge EFT data from your SQL database.

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• CuteFTP, all versions

DISCUSSION

You can make changes to various settings in CuteFTP for optimum performance when transferring a large number of files at the same time. Making a few adjustments to the settings in CuteFTP's Global Options can prevent the initial connection from being used for transfers and/or improve the responsive of CuteFTP. Refer to http://help.globalscape.com/help/cuteftp9/improving_cuteftp_performance.htm for detailed instructions.