Skip to main content
Kofax

PCC5 : What can be checked if Unified Client will not log into the Equitrac Server and shows Offline?

Article # 3046699 - Page views: 182

Question: 

If PCC5 was working and no longer allows the users to login, and the PCC5 Server Status shows offline, what can be the problem?

Answer: 

PCC 5.1/5.2 uses Device Control Engine (DCE) certificate pinning. When installing PCC5, the private key of the DCE certificate is stored in the Embedded device settings in the MFD. This feature was introduced to prevent 'man in the middle' attacks. 

This means that if the DCE certificate changes or expires, the device will require a full install to allow it to communicate to the DCE. Login will not be possible and the PCC5 Server Status will show offline regardless of the state of the DCE service

Any new certificate will only be used once the Services are restarted, so can be some time after the chnage before this is visible.

ControlSuite

In the Configuration Assistant, a self signed certificate is created with a 30 year expiry date. So this should not expire. if a signed certificate is used, the expiry may be shorter.  When replacing the certificate, for the device to continue to work without re-install, the new certificate must contain the Private key of the old one. Otherwise all devices will need to be re-installed or configured to a new DCE (that it has previously not been connected to).

If a new certificate is created in Configuration Assistant and the devices go offline, it is possible to retrieve the pinned certificate from the Personal Certificate Store on the Server. Export with the private key and re-import into Configuration Assistant. Once this has imported, unenrol and re-enrol the EQ services on the server and then restart the Equitrac Services.  The device will return to the online state if the correct certificate is restored.  

Equitrac Office/Express

In Equitrac Office / Express 5 the DCE certificate is created by the DCE on startup. It will have a 2 year expiry. Also, Signed Certificates that may have a shorter expiry date. The certificate will continue to be used and allow login after the expiry date.

Follow the KB for Ricoh PCC5.1 Unified Client : How to renew the Device Control Engine (DCE) certificate without having to re-configure the device - Kofax

Applies to:  

Product Version
Unified Client 1.1
Unified Client 1.2
PCC5 5.1
PCC5 5.2

 

Article # 3046699