THE INFORMATION IN THIS ARTICLE APPLIES TO:
SYMPTOM
Unable to use Java applet for downloads in Internet Explorer 11.
RESOLUTION
Use Internet Explorer 10 or another compatible browser.
MORE INFORMATION
See also http://kb.globalscape.com/KnowledgebaseArticle11210.aspx, regarding NPAPI changes to Chrome and Firefox.
THE INFORMATION IN THIS ARTICLE APPLIES TO:
QUESTION
How can I generate a CSR and key file for use with Mail Express 3?
ANSWER
OpenSSL can be used to generate a private key and a certificate signing request for use with acquiring and using an SSL certificate with Mail Express.
Download the attached PDF for a detailed procedure.
NOTE: The OpenSSL application does not need to be installed on the same computer as Mail Express to perform this operation. For example, you can install the application on your workstation.
DISCUSSION
EFT Enterprise version 7.1.1.11 when running on HA mode (Active-Active) provides a mechanism for Backing up its configuration, however does not provide a point-and-click restore process. (This is "as designed" in this version.) There could be some situations that you might want to mirror from one EFT cluster to another, for example onto a DR site.
Professional Services EFTUtils.exe (a.k.a EFT migration tool) can provide a mechanism to sync or import/export specifics parts of the configuration via COM API and can be run on a schedule. However this article provides an alternative process that can be performed manually.
Prerequisites
You must have the two clusters already installed and configured. Please refer to http://kb.globalscape.com/KnowledgebaseArticle11146.aspx on how to install/upgrade EFT in a cluster
Here is the process:
This document describes a generic process for a particular needs and it is provided “as is”; there is no warranty and there is no support associated with this. This also doesn’t guarantee that it will work or you won’t have any problems. Remember that each environment is different and unique. This article only describes a process that has been done and has been working in general for other customers. It is advised that you test this process first and make sure this meets your needs.
If you have any questions, please contact our tech support team or our Professional Services team.
DISCUSSION
NetApp servers provide remote storage services used by EFT Enterprise.In cases where EFT Enterprise is making a huge amount of file service requests, NetApp Filers can stop responding and give a ‘Resource Unavailable’ error in the Windows Event Logs.This will cause Folder Monitor Event Rules to stop processing.The settings listed below can be used to remedy the ‘Resource Unavailable’ error.
NOTE: Consult NetApp Support for a full explanation and steps on how to implement these settings.
Settings unique to NetApp NAS devices
NetApp Settings for increasing Multiple CIFS connections
http://community.netapp.com/t5/Network-Storage-Protocols-Discussions/Multistore-max-mpx/td-p/40935
cifs.max_mpx This option controls how many simultaneous operations the filer reports that it can process. An "operation" is each I/O the client believes is pending on the filer including outstanding change notify operations
Default: 50
Values: 50, 126, 253, 1124
Effective: Immediately
Refer to this article for a better understanding of cifs.max_mps
https://kb.netapp.com/index?page=content&id=3011249DISCUSSION
Installing EFT in HA mode requires the use of a UNC path to hold thesite/server configuration files.Depending onthe location of the shared configuration directory (NAS or Windows FileShare) there are certain registry settings that effect how the operationsystem handles multiple requests over SMB.Thesesettings also affect how EFT handles Folder Monitors which also rely heavilyupon SMB communication between the EFT server and remote directory.
Here are a few listed that can be adjusted to fine tune how the operationsystem handles SMB traffic which greatly effect EFT performance.
Load balanced Folder Monitor events fail to process files in an HA clustered environmentThese settings disable the SMB2 Client Redirector Caches
http://kb.globalscape.com/KnowledgebaseArticle11175.aspx
https://technet.microsoft.com/library/ff686200(ws.10).aspx
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"FileInfoCacheLifetime"=dword:00000000
"FileNotFoundCacheLifetime"=dword:00000000
"DirectoryCacheLifetime"=dword:00000000
Explains changing the amount of file share requests both the EFT and remote Windows server can handle:
http://kb.globalscape.com/KnowledgebaseArticle10648.aspx
For EFT:
On the EFT Server computer, click Start > Run, type regedit, and then click OK.
Locate (or create) and then click the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters
(Make sure that you are editing the lanmanworkstation\parameters registry key and not the lanmanserver\parameters registry key.)
In the right pane, double-click the MaxCmds value.
In the Value data box, verify that the value is 400. The MaxCmds registry entry is a REG_DWORD decimal entry.
Quit the Registry Editor, then restart the EFT computer.
For Remote Windows System:
Locate (or create) and then click the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
(Make sure that you are editing the lanmanserver\parameters registry key and not to the lanmanworkstation\parameters registry key.)
In the right-pane, double-click the MaxMpxCt value. (On SMB servers that are running a version of Windows earlier than Windows 2000, the MaxMpxCt registry entry is named MaxMpxCount, but has the same function.)
In the Value data box, verify that the value is 400 or more. The MaxMpxCt registry entry is a REG_DWORD decimal entry. (The MaxMpxCt value determines the maximum number of simultaneous, active requests that the server permits from an individual client.)
Quit the Registry Editor, then restart the file server.
Click Start, type regedit in the Start Search box, and then press ENTER.
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanserver\Parameters
In the details pane, double-click the AsynchronousCredits entry.
Note: The value type of this entry is REG_DWORD. The value data of this entry is decimal. If the AsynchronousCredits registry entry does not exist, create it.
In the Value data box, enter the maximum number of concurrent SMB requests. (1024)
Exit Registry Editor.
This increases the number of threads available for EFT Folder Monitor Rules to use in processing Event Rules.
Note: This will consume more server resources (memory, cpu) so make sure you have them available.
http://kb.globalscape.com/KnowledgebaseArticle11036.asp
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Globalscape Inc.\EFT Server 4.0\EventRules\FolderMonitorWorkerThreadCount
DWORD: 64
DISCUSSION
PowerShell it’s a very powerful scripting language that allows you automate and perform many task, it does have great advantages over using VBScript it also can be reusable and easy to maintain.
There are many editors that can provide Intellisense and debugging capabilities in addition of a full community support.
http://www.serverwatch.com/server-tutorials/6-powerful-powershell-tools-and-utilities.html
The attached PDF doesn’t describe how to use PowerShell; however, it describes how you can use it to extend EFT Automation capabilities.
Enabling Oracle for EFT Authentication is easy if you meet all prerequisites: http://help.globalscape.com/help/eft7-1/system_requirements_for_server.htm. However, installing ODAC can be tricky sometimes, even after installing the correct version described in the help file, some people get an error prompt “Connection Failed. Provider cannot be found. It may not be properly installed” when attempting to connect to EFT in the administration interface.
Make sure to use the 32 bit version of Oracle Data Access Components (ODAC ) regardless even if you are installing EFT on a 64 bits OS. (Refer to http://kb.globalscape.com/KnowledgebaseArticle10712.aspx.)
The attached PDF provides a detailed guide on the process of installing ODAC components for use with an Oracle database for EFT.
THE INFORMATION IN THIS ARTICLE APPLIES TO:
DISCUSSION
EFT can be installed in an active-passive cluster for failover clustering or (in v7 and later) an active-active cluster for "always on" high availability (HA) service.
Separate instructions are provided belowfor:
(TIP:Print this topic and check off the steps as they are completed.)
If needed, refer to EFT installation instructions at http://help.globalscape.com/help/eft7-1/mergedprojects/eft/installingserveradministratormodules.htm (or for your version, if different).
Before beginning, for important information about your HA deployment, please also refer to the EFT help documentation http://help.globalscape.com/help/eft7-1/mergedprojects/eft/eft_ha_%28active-active%29_deployment.htm.
| Step |
|
|
|
|
| |
| |
Refer to the topic in the EFT help documentation EFT HA (Active-Active) Deployment for important information about MSMQ/multicasting and HA. | |
| |
|
|
|
Note: If you cannot browse to the shared resource disk, then the clustered disk is offline or assigned to the other node. CANCEL the installation and verify that the clustered disk can be accessed on the node you are installing on, and then restart the installation process. |
|
Note: You must specify a remote SQL or Oracle server for the ARM database. Do not use a local database, such as SQL Server Express. |
|
|
| |
|
| Step |
| |
| |
(Note:Installer will create a backup of the existing configuration and store it in the config path) | |
!!!DO NOT START THE EFT SERVICE ON THIS NODE YET!!! | |
(Note:Installer will create a backup of the existing configuration and store it in the config path) | |
!!!DO NOT START THE EFT SERVICE ON THE SECOND NODE!!! | |
| |
|
If you need to revert after upgrading EFT in an HA cluster
| Before you add EFT to your failover cluster, you must setup your cluster manager. Please consult your cluster manager vendor’s documentation for details. Globalscape's Server Support team can provide assistance with basic configuration questions, and Globalscape Professional Services group provide assistance with installing and configuring a cluster. |
| Step |
|
|
|
|
| |
|
|
|
|
|
|
|
Note: If you cannot browse to the shared resource disk, then the clustered disk is offline or assigned to the other node. CANCEL the installation and verify that the clustered disk can be accessed on the node you are installing on, and then restart the installation process. |
|
Note: You must specify a remote SQL or Oracle server for the ARM database. Do not use a local database, such as SQL Server Express. |
|
|
|
|
|
|
|
|
|
Note: Make sure you specify a Site root folder on the shared resource drive when creating your first Site. (For example: Site Root = H:\Data.) |
|
|
To upgrade an EFT version 6.4 or later that is alreadyinstalled in a cluster configuration:
| Step |
|
|
|
|
|
Note: Microsoft’s failover cluster will bring down the disk resource when the role is stopped. You may need to detach the clustered disk from the role and bring the clustered disk resource back online so that the installer can write files to the clustered (shared resource) disk. |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
Note: Do not proceed with the installation if you are unable to validate your database connection. Contact Globalscape support or your database administrator for further assistance. |
|
|
|
|
|
|
| |
|
|
|
|
DISCUSSION
THE INFORMATION IN THIS ARTICLE APPLIES TO:
DISCUSSION
EFT activities can be logged in various places:
The main EFT activity log is saved in the Logs subdirectory of the installation directory (e.g., C:\ProgramData\Globalscape\EFT Server Enterprise\Logs). The file name depends on the log file format (ex, in, nc) and the date/time it was created. For example, a log file in the Microsoft IIS format created on August 22, 2007 is named in070822.log.
When EFT’s Download and Copy/Move Action offloads or downloads files to/from other servers, the session is recorded to a client log file: cl[yymmdd].log, e.g., cl060312.log.
HTTP request headers, Authentication Manager activity, and Configuration load activity, can be saved to the EFT.log file using Log4Cplus logging.
EFT service startup and failure events appear in the Windows Event ViewerApplication Log.
Auditing and Reporting module (ARM) errors can be logged to a text file and viewed in the Windows Event Viewer.
AS2 information is logged to the ARM database.
The log reference to "Timeout" is not actually a problem, it is by design in our software. Our auditing mechanism periodically disconnects and reconnects to the database server in order to avoid complications of long-running open connections; in particular, drivers in Oracle 11g are notorious for having slow memory leaks that caused problems over time. Thus, our system has a timeout value (default to 180 seconds) where we disconnect and reconnect to ensure clean processing. The 180 seconds is currently hardcoded into our system.
For example, these log entries are fully expected and do NOT indicate any error:
06-10-15 11:36:29,997 [1848] INFO ARM
06-10-15 11:36:32,774 [1848] INFO ARM
06-10-15 11:36:32,852 [1848] INFO ARM
THE INFORMATION IN THIS ARTICLE APPLIES TO:
DISCUSSION
EFT active-active, High Availability (HA) configuration uses Reliable Multicast and MSMQ to communicate between nodes to achieve HA.
More details of each protocol can be found at the links below:
Issue:
Troubleshooting:
To determine if you are experiencing this issue, refer to the High Availability tab inside the EFT administration interface. The nodes will show “unknown” respectively when on each server between the two nodes.
Wireshark can be used to help verify the root cause of the issue, as shown in the screen shots below.
As you can see there is no traffic coming inbound to the nodes from the multicast address. This can also be directly related to the VLAN not supporting multicast. Contact your network admin team to verify feature status.
If a Cisco UCS or Nexus 1K/5K is being used, refer to this KB article to help resolve the issue on that hardware: http://www.cisco.com/c/en/us/support/docs/servers-unified-computing/unified-computing-system/117360-configure-product-00.pdf
Options:
Cisco recommends using an iOS-based device to manage traffic for the VLAN that the PGM traffic will be passed on or manage that traffic with another PGM-supported device.
In a virtual environment, moving the devices to the same host and verifying after a 5-minute wait time can resolve the issue if the switching/routing infrastructure does not support PGM. If your infrastructure hardware does not support PGM, a DRS Affinity rule can be created to keep the Virtual Machines on the same host.
Contact Globalscape support to assist in the verification and testing of the environment.
THE INFORMATION IN THIS ARTICLE APPLIES TO:
PROBLEM
Out of the box, Cisco 1K/5K switches do not apply IGMP snooping to the VLAN to reduce bandwidth/cpu consumption and prevent flooding of packets. Without the querier, multicast will not function correctly and the nodes will not see each other and be able to load balance.
RESOLUTION
Cisco provides a document to help users resolve these issues due to the modernized nature of multicast operation on L2 devices.
The link below contains the Cisco steps to enable this on the respective devices in conjunction with the UCS.
MORE INFORMATION
Multicast was initially designed to use Layer 3 (L3) functionality, where multiple hosts from a network subscribe to a multicast address. The new trend is to use L2 multicast functionality, where traffic flows between VMs that participate in a multicast application across hosts on the same VLAN. Such multicast traffic stays within the same L2 domain and does not need a router. When there is no multicast router in the VLAN that originates the queries, you must configure an Internet Group Management Protocol (IGMP) snooping querier in order to send membership queries. IGMP snooping is enabled by default on the UCS, N1kV, and N5k. You can enable IGMP snooping querier on either the UCS or an N5k, dependent upon the scope of the L2 multicast. If there are multicast receivers outside of the UCS, configure the snooping querier on the N5k.
THE INFORMATION IN THIS ARTICLE APPLIES TO:
DISCUSSION
Cisco Unified Communications Manager (CUCM)is a centralized communications system designed to replace costly PBX phone systems in Enterprise environments through a VOIP implementation. Backups in this system are performed via SFTP and some clients are not prepared for this need when preparing their DR strategy for CUCM.
Globalscape is been a preferred solution for CUCM backups with our low-cost EFT SMB solution to allow backup of this business critical service.Once EFT has been installed on a server and the product and SFTP module have been activated, upon initial login the New Site wizard will guide you through the setup of a Site followed by New User Creation wizard. Installation and configuration details can be found in the EFT WebHelp. Refer to "Installing EFT, Administration Interface, and Modules," "Defining Connections to EFT" to install and configure the system, if necessary, but installation and configuration wizards walk your through the process fairly quickly and intuitively.
Steps for configuring CUCM for use with EFT SMB and SFTP module
THE INFORMATION IN THIS ARTICLE APPLIES TO:
DISCUSSION
Introduction
F5 provides software and hardware solutions that can be used as a load balancer for traffic inbound to set EFT HA nodes. Most organizations will already be using an existing global traffic management system within their network environment. This document will help you take advantage of the F5 features to configure access and load balancing for Globalscape EFT servers utilizing Globalscape DMZ Gateway servers in a highly available manner.
Disclaimer:
This article it is intended for technical audience and it is provided “As Is” without any guaranty or support; it is intended for demonstration/educational purposes only. Globalscape recommends using a hardware-based load balancer like Big IP F5 or similar for production environments. Each network and corporate environment is unique and could require additional steps. IP Address and object labels provided below are used for demonstration only. You should obtain and use labels and IP addresses associated with your specific environment.
Please consult with your Network Administrator or Globalscape Tech Support for more information.
Prerequisites
F5 “Configuration Objects” - as applied to a Globalscape HA solution
Traffic destined to multiple Globalscape EFT Server HA nodes utilizing DMZ Gateway partners can be managed by F5’s Local Traffic Manager. The following sections will give an overview for an F5 solution, to do the functions of load balancing the traffic between the DMZ nodes. This process can be repeated for internal traffic and directed to each EFT node.
Load Balancing Traffic
You can configure the F5 BIG-IP systems to load balance inbound traffic through Globalscape DMZ Gateway servers. When you create the virtual server, you can configure it to use the F5 profiles.The profiles determine how the BIG-IP system processes FTP traffic to each DMZ node. This section describes how to create the F5 “Configuration Objects” listed below, using a profile.
In this section, we’ll use the following example, where node1 and node2 both only offer HTTPS. The HTTPS traffic is offloaded to Big-IP F5, for load balancing. This process can be repeated for additional protocols such as SFTP or standard FTP.
Creating a pool- You can create a load balancing pool to balance passive mode DMZ traffic. After creating the pool, please assign it to the virtual server that you create.
Create F5 Pool - Please create a pool, and assign members to it.
To create a virtual server for Globalscape DMZ traffic
Example Virtual Server https://sftp.globalscape.com (192.168.14.2) - matches the site URL
Node 1: https://sftp.globalscape.com (192.168.101.2) – DMZ Gateway Server 1
Node 2: https://sftp.globalscape.com (192.168.101.3) – DMZ Gateway Server 2
Create F5 DMZ Virtual Server - Create the DMZ virtual server that will use the pool we created above.
After the above setup, if you go to https:// 192.168.14.2, F5 Big-IP will transfer the traffic to one of the EFT-DMZ-pool nodes.
Repeat the steps to create F5 Pools for each protocol being allowed. SFTP, FTP…
References
F5 - https://f5.com/products/big-ip
F5 Virtual Server - https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-concepts-11-2-0/ltm_virtual.htmlTHE INFORMATION IN THIS ARTICLE APPLIES TO:
QUESTION
Can I map EFT sites in an HA configuration to different IP addresses?
ANSWER
Operating in HA mode, when you connect to EFT using the administration interface or COM API, any changes that you make to the LISTENING IP are saved for THAT SERVER only. Thus, if you want (for example) that a given SITE on EFT listen to a specific IP address for each and every node in your HA cluster, then you must make an administrative connection to each node in the HA cluster, one at a time, and specify the specific IP address for that node on which you want the SITE to listen.
NOTE also that you have the option of specifying this at INSTALLATION time as well; the command line installer can configure the computer-specific listening IP address when you install a new node in your HA cluster.
You can use node-specific IP addresses mapped to EFT sites for HA with the following registry string on each site.
32-bit: HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE Inc.\EFT Server 4.0\Config\
64-bit: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\GlobalSCAPE Inc.\EFT Server 4.0\Config\
DWORD: ListenIPs
which contains a string of Site listening IP addresses separated by commas (e.g., "IPAddress1,IPAddress2,...")
Example:
"127.0.0.1,192.168.100.1,::1"
Command-Line Installation
A command line option in the silent installation parameters:
/HASITESLISTENIPS=SiteName(IP[,...])[...]
Example:
/HASITESLISTENIPS=SiteName1(127.0.0.1,192.168.0.1)SiteName2(192.168.0.3,::1)
THE INFORMATION IN THIS ARTICLE APPLIES TO:
SYMPTOM
Unable to use backslashes (\) as directory separator in paths, causing a "501 Syntax error in parameters or arguments" error message.
RESOLUTION
Create the registry entries described below.
32-bit:
HKEY_LOCAL_MACHINE\Software\GlobalSCAPE Inc.\EFT Server 7.0\
64-bit:
HKEY_LOCAL_MACHINE\Software\WOW6432Node\GlobalSCAPE Inc.\EFT Server 7.0\
ReplaceBackslashWithSlashInPathsForFTP
ReplaceBackslashWithSlashInPathsForSFTP
Values:
1 = enabled; that is, backslashes (\) in paths are replaced with forward slashes (/)
0 = disabled
Default = 0
It may be necessary to restart the EFT server service.
MORE INFORMATION
The SFTP specification (https://tools.ietf.org/html/draft-ietf-secsh-filexfer-02) says: "File names are assumed to use the slash ('/') character as a directory separator." EFT v6.5 does not precisely follow the RFC in this regard and allows using a backward slash ('\') as directory separator.
EFT 7.0 and later work according to the RFC. We've implemented this registry key to make EFT v7.x and later work the same way as v6.5 for backward compatibility.
THE INFORMATION IN THIS ARTICLE APPLIES TO:
SUPPORTED PRODUCTS
Technical support is provided in accordance with the GlobalSCAPE End of Life (EOL) and Support Life Policy. The following products are supported to the extent specified. Products not listed are no longer supported.
Globalscape End of Life (EOL) / End of Support Life (EOSL) Cycle
Product | Release Date | Full Support End/ | Full Support- | Partial Support End Date3 |
| EFT 7.1 | 03/02/15 | TBD | TBD | TBD |
EFT 7.0 | 07/03/14 | TBD | TBD | TBD |
EFT 6.5 | 02/15/13 | 07/03/14 | 09/02/15 | 03/02/16 |
DMZ Gateway 3.3 | 12/04/12 | TBD | TBD | TBD |
Mail Express 4.0 | 01/28/14 | TBD | TBD | TBD |
Mail Express 3.3 | 02/15/13 | 01/28/14 | 07/28/14 | 01/28/15 |
| WAFS/CDP 4.4 | 09/29/14 | TBD | TBD | TBD |
WAFS/CDP 4.3 | 04/02/14 | 9/29/14 | TBD | TBD |
WAFS/CDP 4.2 | 08/22/13 | 04/02/14 | 10/02/14 | 04/02/15 |
WAFS/CDP 4.0 | 09/07/11 | 08/22/13 | 02/22/14 | 08/22/14 |
CuteFTP 9.0 (Windows) | 11/28/12 | TBD | TBD | TBD |
CuteFTP 3.1 (Mac) | 04/28/10 | TBD | TBD | TBD |
THE INFORMATION IN THIS ARTICLE APPLIES TO:
SYMPTOM
Unable to access the Secure Ad Hoc Transfer (SAT) administration page with Windows authenticated credentials.
RESOLUTION
To use Windows authenticated credentials, you will need to add the organizational group to the web configuration file.
Before changing the web.config file, be sure to create or note the organizational group you would like to access the SAT admin page.
After restarting IIS, network Domain Admins should be able to access the SAT Admin Configuration page.
THE INFORMATION IN THIS ARTICLE APPLIES TO:
DISCUSSION
To use the same SQL Server Express database for both EFT (ARM) and Mail Express in a trial demo environment, you will need to first install and configure the trial of EFT.The EFT installation includes SQL Server Express. When you install Mail Express, use the installer bundled with EFT.
The installation will finish with both trials using the same installation of SQL Server Express.
THE INFORMATION IN THIS ARTICLE APPLIES TO:
DISCUSSION
This article describes the steps to manually create an ARM database.
All implementations of EFT come with a series of SQL script to accomplish this exact task. You can access this files by navigating to the SQL Server folder located in path displayed below:
The scripts are in numerical order and are required to be executed in this sequence.
Now that we have located our scripts, let’s begin:
THE INFORMATION IN THIS ARTICLE APPLIES TO:
QUESTION
Is EFT compliant with the latest Payment Card Industry Data Security Standard (PCI DSS)?
ANSWER
The High Security Module (HSM) for EFT will help you comply with the latest Payment Card Industry Data Security Standard (PCI DSS).
Refer to the online help for your version of EFT for details.
