How to troubleshoot connectivity Problems between Kofax Total Agility and SignDoc
Issue
This article describes a situation,
- where the SignDoc Activity is part of a Kofax Total Agility (KTA) Workflow,
- Signing Packages can be created successfully via KTA Job processing,
- The Signers receive the signing package for signing and processing the corresponding documents.
The StateChange Notification is not returned to KTA after the signing package is finished (after all signer have signed the document), the state in KTA job remain "Active..".
Solution
To figure out what the exact problem is in your specific situation, some troubleshooting steps have to be performed.
1. Check if the KTA Webservice is running, and can be accessed from KSD-Server.
To achieve this, open Internet Explorer (or other Browser) from KSD Server and enter following URL:
http://<KTA -Servername>/totalagility/Services/Sdk/SigningIntegrationService.svc/json/AddJobNote
The KTA WebService should react with following response:
If accessing above URL brings a connection error (like page cannot be displayed or similar), then there is a problem with network connection to KTA Server, or the KTA-Webservice itself isn´t available or offline.
If accessing the URL works with above KTA response, but the problem with Status Notifications still persists, then go on with the next step.
2. you need to active some logging levels to get valid information into the Signdoc (Cirrus) Logfile.
The logfile is located in signdoc_home\logs\ directory. Please configure logging according to the installed SignDoc Version as described below:
a) For SignDoc Versions 2.2.x.x
You need to activate following loggers in signdoc_home\conf\XjLog_Cirrus.xml.
<logger name="de.softpro.cirrus.plugins.state_change.KTAStateChangeNotification" level="DEBUG" additivity="false">
<appender-ref ref="R"/>
</logger>
<logger name="de.softpro.cirrus.services.services.impl.StateChangeServiceImpl" level="DEBUG" additivity="false">
<appender-ref ref="R"/>
</logger>
Copy&Paste above lines if not available in XjLog_Cirrus.xml file.
After this change, restart Signdoc Standard Service, and reproduce the problem.
b) For SignDoc Version 3.0.x.x
Please login into SignDoc Admin-Center and go to System Settings\Logging and set
signdoc.logger.level = FINER
Press Save and reproduce the problem. (only recommended for temporare use, causes high log output)
c) For SignDoc Version 3.1.x.x and newer
Please login into SignDoc Admin-Center and go to System Settings\Logging and modify the setting
signdoc.logger.custom_levels
and add the logger definition
de.softpro.cirrus.plugins.state_change.KTAStateChangeNotification=ALL
as shown here:
Set
signdoc.logger.level = INFO
Press Save and reproduce the problem.
3. Analysing logfiles
After problem is reproduced, please open signdoc_home\logs\cirrus.log file. You can search (e.g. with Notepad ++ Text-Editor) in the logfile for all occurances and lines starting with the term:
de.softpro.cirrus.plugins.state_change.KTAStateChangeNotification
This will show all relevant log output concerning notifications to KTA Systems, like shown in following examples:
- In case the KTA job notification is successfully transmitted the service will respond with
Http Status code 200 (OK)
- In case of network connection problems the log will contain following information:
de.softpro.cirrus.plugins.state_change.KTAStateChangeNotification - Connection failed to http://KTA-Servername/totalagility/S...ionService.svc /json/AddJobNote: java.net.ConnectException: Connection timed out: connect
- In case there are issues with certificates (assuming connectivity to KTA Webservice is established via https protocoll)
de.softpro.cirrus.services.services.impl.StateChangeServiceImpl - Plugin KTAStateChangeNotification has encountered an error: Connection failed to https://KTA-Servername/totalagility/...son/AddJobNote: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Illegal given domain name: <KTA-Servername>
problem reason: The https://domainname doesn´t match the certificate´s "Common Name"
or
de.softpro.cirrus.services.services.impl.StateChangeServiceImpl - Plugin KTAStateChangeNotification has encountered an error: Unhandled plugin exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
problem reason: The error message indicates that KSD (Tomcat) could not establish a trusted connection to KTA over SSL (for instance if KTA uses a self-signed certificate, or a certificate that is issued by a non official internal Certificate Authority). Resolution is, to add a root or intermediate certificate to the local JAVA trusted keystore. How to achieve this is explained article "How to import certificates into local JVM Store".
There are several other possible conditions and errors, which will lead to a nonworking Notification to KTA. If the problem source cannot be identified by means of the Signdoc logfile, feel free to contact Kofax Technical Support via the Kofax support portal https://support.kofax.com to get further details and support regarding your problem.
Level of Complexity
Moderate
Applies to
| Product | Version | Build | Environment | Hardware |
|---|---|---|---|---|
| Kofax SignDoc | 2.2 and newer | |||
| Kofax TotalAgility - Kofax SignDoc Integration | All |
References
Add any references to other internal or external articles