Login Failed error during configuration of AP Essentials Connect
Issue
After configuring the Service URL, API Key, UserID & Password in Online Connect, the user receives a Login Failed error message. There are also SCHANNEL errors recorded in the Windows Application Event Log, and no corresponding failed connection attempts are recorded in the Audit Trail in AP Essentials (formerly ReadSoft Online).
Cause
There could be many different reasons for a Login Failed error. Some of the most common reasons are:
- Invalid UserID and/or password
- Wrong API key
- Invalid or missing Proxy settings
- Firewall settings blocking access to Services URL
- .NET configuration
The lack of connection attempts recorded in the Audit Trail in AP Essentials (formerly ReadSoft Online), and the additional SCHANNEL errors in the Windows Event Log associated with AP Essentials (formerly ReadSoft Online) Connect imply there is a .NET configuration inhibiting the use of the stronger cryptographic libraries required for TLS 1.2. So this KB article will focus on this specific issue.
AP Essentials (formerly ReadSoft Online) Connect relies heavily on the .NET Framework, specifically the newest versions of Online Connect use .NET 4.8 for support of TLS 1.2. In order for AP Essentials (formerly ReadSoft Online) Connect to negotiate TLS 1.2, the Operating System and the .NET Framework both need to support TLS 1.2.
There are certain configurations within .NET that could inhibit the negotiation of stronger cryptographic algorithms, cipher suites, and TLS/SSL protocol versions for better compatibility across a wider range of applications. Example: The .NET Framework uses the SCH_USE_STRONG_CRYPTO flag when an application requests a TLS security protocol. The .NET Framework then passes this flag to Schannel to instruct it to disable known weak cryptographic algorithms, cipher suites, and TLS/SSL protocol versions.
Solution
Add the following Registry Keys on the machine where Online Connect has been installed. These Registry keys instruct .NET to disable the negotiation of known weaker cryptographic algorithms, cipher suites, and TLS/SSL protocol versions. Then reboot the machine and launch Online Connect again to continue with the configuration.
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
Please also make sure to follow the instructions in the Upgrading Online Connect KB article referenced below. .NET 4.8 must be installed first on a machine, and then AP Essentials (formerly ReadSoft Online) connect must be installed after, to ensure all the correct libraries are enabled for TLS 1.2 compatibility.
Level of Complexity
Moderate
Applies to
Product | Version | Build | Environment | Hardware |
---|---|---|---|---|
AP Essentials (formerly ReadSoft Online) Connect | 10.4.6.7451 and above |
References
Transport Layer Security (TLS) best practices with the .NET Framework
https://docs.microsoft.com/en-us/dot...rogramming/tls
Upgrading AP Essentials (formerly ReadSoft Online) Connect
https://knowledge.kofax.com/ReadSoft...Online_Connect