Some quick notes for KOFAX
- Make sure anti virus is setup with exceptions for KOFAX folders as described in KB.
- For higher volume batch processing, use a client server along with central site. Enable KCNS on both sites, the IIS web services will only be active on one server. However, the secondary site will work on inserting data into SQL Server. If no secondary service is used, the Kofax Server Service will crash under high loads over time.
- Run multiple PDF, Release (export), recognition services on client and central site server for high throughput.
- Some queues like Advanced Reports can only run one service.
- KTM schedule service only runs one service, however this is fine since multiple mailroom processes run.
- If using KCNS from remote site server to central site server, you can run multiple instances of RSA service, this really has high improvement on throughput. If only one RSA service is running, if a batch has an error, it will hang up processing of upload/download. It's recommended to make sure at least two KCNS services are running to support this.
- Make sure to run KTM at the remote site server if possible. Increase the memory to 80% and performance really improves. KOFAX documentation stated this is the default but found this not to be the case when installed.
Friday, April 11, 2014
Sunday, April 6, 2014
Testing Active Directory SSL in LINUX with OpenLDAP
When setting up MicroStrategy LDAP Authentication over SSL (port 636), found that testing in the shell was very helpful.
If you have the latest OpenLDAP package installed in Linux, you can run "ldapsearch" command.
This is an example:
ldapsearch -x -s base -H ldaps://.domain.com -b "" "(objectclass=*)"
ldap_bind: Can't contact LDAP server (-1)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
This is if you have not set a CA or updated the default location, for default location check /etc/openldap/ldap.conf
Add the root CA for the Active Directory host to some location, either the default location or say /u01/MSTR/certs
If using a new location:
export LDAPTLS_CACERT=/u01/MSTR/certs/cert.pem
ldapsearch -x -s base -H ldaps://.domain.com -b "" "(objectclass=*)" |grep result
# search result
result: 0 Success
This indicates that connection works and you are getting a result. If you don't grep out the results you will get a large output.
References used:
http://www.openldap.org/lists/openldap-technical/201103/msg00317.html
http://www.commandlinefu.com/commands/view/2402/ldap-search-to-query-an-activedirectory-server
http://technet.microsoft.com/library/bb463158
http://techies.ncsu.edu/wiki/How_to_get_OpenSSL_to_recognise_an_Active_Directory_CA
If you have the latest OpenLDAP package installed in Linux, you can run "ldapsearch" command.
This is an example:
ldapsearch -x -s base -H ldaps://
ldap_bind: Can't contact LDAP server (-1)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
This is if you have not set a CA or updated the default location, for default location check /etc/openldap/ldap.conf
Add the root CA for the Active Directory host to some location, either the default location or say /u01/MSTR/certs
If using a new location:
export LDAPTLS_CACERT=/u01/MSTR/certs/cert.pem
ldapsearch -x -s base -H ldaps://
# search result
result: 0 Success
This indicates that connection works and you are getting a result. If you don't grep out the results you will get a large output.
References used:
http://www.openldap.org/lists/openldap-technical/201103/msg00317.html
http://www.commandlinefu.com/commands/view/2402/ldap-search-to-query-an-activedirectory-server
http://technet.microsoft.com/library/bb463158
http://techies.ncsu.edu/wiki/How_to_get_OpenSSL_to_recognise_an_Active_Directory_CA
Subscribe to:
Posts (Atom)