Skip to main content

Create a rescue identity for cases when server does no longer restart

Article # 3011703 - Page views: 243


Question / Problem: 

Configuration changes can easily lead to the Server Manager (SRVMNGR4.exe) no longer starting up.
The result of that is, that the Administration Client used to repair the broken configuration can no longer connect to the database, as it needs the Server Manager to connect to the configuration database.

Answer / Solution: 

In order to create a functional Server Manager again, we can create a new "Rescue Identity".
This new identity then loads a minimum default configuration (just a single SignBase server) as no server topology was configured for it.

With this configuration the Server Manager should almost always start up again and look like this with a running SignBase server:

You can then log in with the Administration Client again and repair whichever configuration change resulted in the problem of a failed restart of the server.

For simplicity it is advised to keep a rescue identity on the server and e.g. as renamed SPCfgInst.dat.RESCUE file in the %ALLUSERSPROFILE%\KOFAX\FraudOne directory, so in case of problems one can quickly switch between a broken and working base configuration.
In an emergency you can then simply:

  1. Stop the server or any leftover processes
  2. Rename the original .dat file to .dat.backup
  3. Rename the .dat.RESCUE to .dat
  4. Start up the SRVMNGR4.exe / SignPlus service again
  5. Repair configuration using Administration Client
  6. Stop the SRVMNGR4.exe / SignPlus service
  7. Rename the .dat rescue file back to .dat.RESCUE
  8. Rename the backup .dat.backup to .dat again
  9. Restart the SRVMNGR4.exe / SignPlus service with the full configuration for a running system!


To create a new identity we have to do the following simple steps:
  1. Backup and rename current SPCfgInst.dat identity files
  2. Run SetupCfg.cmd and create a new identity
  3. Use the newly created rescue identity or rename it to SPCfgInst.dat.RESCUE for later user


Following are detailed steps on how to create the new identity:

We have to use the setupcfg.exe tool on the server, this is usually located in the C:\Kofax\FraudOne.Server folder but depends on your FraudOne installation. Best is to open a command prompt and browse to that directory, you can list the current configuration using the "setupcfg.cmd -listservers" command:


This example shows us that on this server the FraudOne server name "KFO1" was used (this is just a chosen name for the FraudOne topology, it does not have to be the local hostname or FQDN!). The used database name is "FraudOneSB" (the password is shown encrypted so it cannot be read out easily) and the used FraudOne (default) server port is 2000.

To just get a list of possible commands of SetupCfg, just execute it without a parameter.
If you get an error like "The program can't start because TCPACK.dll is missing from your computer." or something similar:


it could be that you tried to execute the SetupCfg command directly with the .exe and not the batch command file setupcfg.cmd! In this case it is very likely that necessary DLLs are not loaded because their path is unknown (the .cmd file adds the .\shared subfolder to the path variable).

Before proceeding, please backup your current local configuration file(s) now

It is located in %ALLUSERSPROFILE%\KOFAX\FraudOne, the current active configuration is called "SPCfgInst.dat" (as of version 4.4) which is read by the Server Manager on start.
This configuration file contains the information like database name, username and password and possible authentication servers (as shown by the -listservers parameter).

To backup the current configuration, just make a copy of that file to another directory and/or rename it to e.g. SPCfgInst.dat.YYYYMMDD_HHMM.

To create a new identity/configuration on the server we use the command "SetupCfg.cmd -initlocal NAME :2000 FraudOneSB" where
-initlocal is the parameter to create a new configuration.
NAME is the logical configuration name (can be anything like "F1NEWNAME" or "RESCUE").
:2000 is the port of the configuration (SignBase) server, per default 2000.
FraudOneSB is the name of the ODBC DSN entry for the SignBase database.

This will overwrite the currently existing SPCfgInst.dat file (which is why you should backup it first) 

To finish creating the new .dat file a window will pop up to enter username and password credentials for the FraudOne configuration (SignBase) server database:

It can happen that a configuration with a chosen name already exists on the server's database, then you will get the following error:
In this case you have to choose another name, otherwise SetupCfg will be unable to create the configuration .dat file!

⚠ Should you have the problem that you lost your original SPCfgInst.dat configuration file (this can happen if you don't make a backup before running SetupCfg.cmd -initlocal),
create a working configuration file (correct database name and credentials) with a name of the same length and
create a
FraudOne support case with the resulting .dat file attached, in order to get it changed to the original name. ⚠

You can check the name of the original configuration identity by logging into the Administration Client using a "Rescue Identity" and go to the Topography Editor:
This example configuration was named "KFO1", you can see that it is the only configuration that appears as "Directory", all other configurations are treated as "Clients" and only come with a default server configuration. In this case "KFO2" and "RESCUE" were created as test configurations for this article.


Applies to:  

Product Version Category
FraudOne 4.4 Troubleshooting


  • Was this article helpful?