Skip to main content
Kofax

Login Failed error during configuration of AP Essentials Connect

Article # 3038307 - Page views: 274

Issue

After configuring the Service URL, API Key, UserID & Password in Online Connect, the user receives a Login Failed error message.  There are also SCHANNEL errors recorded in the Windows Application Event Log, and no corresponding failed connection attempts are recorded in the Audit Trail in AP Essentials (formerly ReadSoft Online).

Login Failed TLS 1.2

Cause

There could be many different reasons for a Login Failed error. Some of the most common reasons are:

  • Invalid UserID and/or password
  • Wrong API key
  • Invalid or missing Proxy settings
  • Firewall settings blocking access to Services URL
  • .NET configuration

The lack of connection attempts recorded in the Audit Trail in AP Essentials (formerly ReadSoft Online), and the additional SCHANNEL errors in the Windows Event Log associated with AP Essentials (formerly ReadSoft Online) Connect imply there is a .NET configuration inhibiting the use of the stronger cryptographic libraries required for TLS 1.2.  So this KB article will focus on this specific issue.

AP Essentials (formerly ReadSoft Online) Connect relies heavily on the .NET Framework, specifically the newest versions of Online Connect use .NET 4.8 for support of TLS 1.2.  In order for AP Essentials (formerly ReadSoft Online) Connect to negotiate TLS 1.2, the Operating System and the .NET Framework both need to support TLS 1.2.

There are certain configurations within .NET that could inhibit the negotiation of stronger cryptographic algorithms, cipher suites, and TLS/SSL protocol versions for better compatibility across a wider range of applications.  Example:  The .NET Framework uses the SCH_USE_STRONG_CRYPTO flag when an application requests a TLS security protocol. The .NET Framework then passes this flag to Schannel to instruct it to disable known weak cryptographic algorithms, cipher suites, and TLS/SSL protocol versions.

 

Solution

Add the following Registry Keys on the machine where Online Connect has been installed.  These Registry keys instruct .NET to disable the negotiation of known weaker cryptographic algorithms, cipher suites, and TLS/SSL protocol versions.  Then reboot the machine and launch Online Connect again to continue with the configuration.

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

Please also make sure to follow the instructions in the Upgrading Online Connect KB article referenced below.  .NET 4.8 must be installed first on a machine, and then AP Essentials (formerly ReadSoft Online) connect must be installed after, to ensure all the correct libraries are enabled for TLS 1.2 compatibility.

 

Level of Complexity 

Moderate

 

Applies to  

Product Version Build Environment Hardware
AP Essentials (formerly ReadSoft Online) Connect 10.4.6.7451 and above      

References

Transport Layer Security (TLS) best practices with the .NET Framework
https://docs.microsoft.com/en-us/dot...rogramming/tls

Upgrading AP Essentials (formerly ReadSoft Online) Connect
https://knowledge.kofax.com/ReadSoft...Online_Connect

 

Article # 3038307
  • Was this article helpful?