Tungsten Automation

Kofax Insight 6.5.0 Fix Pack 6

Build Date: Sep 25, 2024

© 2024 Tungsten Automation. All rights reserved.
Use is subject to license terms.

Introduction

This ReadMe file contains information on Kofax Insight 6.5.0 Fix Pack 6, along with instructions on how to install the fix pack on Azure Cloud Services (extended support).

You can install Kofax Insight 6.5.0.6 to resolve the issues listed below.

Note:

Issues resolved in this fix pack

2143649: Client login attempts failed when HTTP request header 'X-Forwarded-For' contained IPv6 address.

2131009: Editable record grid intermittently failed to switch between editable input fields. (Fix for an issue introduced in 6.5.0.4.)

2121679: Multitenant Administrators could not open tenant Admin Console for new tenants until tenant license was added.

2119815: CVE-2023-36414 - Azure Identity 1.5.0 - High Severity Vulnerability

2119720: Password parameters for SQL queries were exposed in logs. (Fix for an issue introduced in 6.5.0.5.)

2118917: Http header parameters without names in "Web Service Call" actions caused error.

2118267: Improved logging for custom SQL function to track system events during service restarts and configuration and Azure role environment changes.

2115235: Empty WebRole.log was downloaded from Admin Console in Azure deployments.

2111349: If the browser session was cleared, the next user was dropped out during the login process with message "You have been logged out."

2109938: Login to Admin Console failed after installation when regional setting of date-time was set to Finnish.

2109711: Improved logging in database connection cache to track performance issues in multi-tenant Azure environments.

2108707: Improved load balancer cache in maintenance timer to prevent extensive resource usage by the processing queue.

2108685: If Oracle was used for the project database, scheduling or importing an execution plan failed. (Fix for an issue introduced in 6.5.0.5.)

2103357: User filter parameter value substitution did not work in button "Web service call" actions.

2103298: Insight services tried to access tenant databases after the tenant was decommissioned.

2103287: Metric test failed with message "Must declare the scalar variable @BatchId" when orphaned weight fields were added.

2103280: Parameter substitution [UserProperty:User ID] with its actual value did not work in button "Web service call" actions.

2102701: If an existing EP name and import EP name were the same in the same documents, tree folder error occurred with message "The project is in the importing process."

2102678: Occasionally temporary data load tables were not dropped after data load.

2099561: "Could not load view"/"Internal Server Error(500)" error occurred in the Viewer after the user logged out on another tab of the browser.

2098251: The warning message was incorrect if document rename occurred in Import scenarios.

2096826: Improved SQL execution and embedded EP logging, including SQL execution time duration information.

2089281: Failed to remove large number of expired sessions from SessionsForTenant database table.

2086172: The context menu item "Usages" failed to show the information panel for existing connections in Admin Console.

2084178: "Support multiple connections" could not be selected in the Property Grid of a connection in Admin Console.

2082615: Quarter date time format in Classification and Extraction Trending charts was not localized to Japanese.

Issues resolved in previous fix packs

Issues resolved in Fix Pack 5

2085733: Multiple "Data DB" connections could be created by invoking the confirmation dialog multiple times during new project creation.

2081738: Data load tasks started multiple times when the Insight server timezone was configured ahead of the timezone configured for the SQL server.

2072940: Concurrent licenses were incorrectly merged across tenants in multi-tenant Azure deployments.

2072259: The "Stop Scheduler" action in Data Loader did not work in multi-tenant deployments.

2066085: No statistics were shown in the Admin Console Admin Dashboard in Azure deployments.

2055758: The solution zip file failed to upload in multi-tenant Azure deployments.

2055168: Licenses could not be saved in multi-tenant Azure deployments.

2040644: Could not schedule or unschedule execution plans if the project database was MySQL or Oracle.

2040209: User mapping and external database role mapping failed with database providers only supporting positional parameter notation.

2039597: Login failed when PerformanceProjectID was missing from ProjectDefiniton after upgrading from Insight 6.1 to 6.5.

1928674: The document tree failed to refresh after the license was removed.

Issues resolved in Fix Pack 4

1969366: Data service was unavailable after Fix Pack 3 was applied on project Meta databases from Insight 6.3 or earlier.

1966401: Button component with a Reset Filters action could not disable itself.

1965932: Search panel failed to find results if the search text contained multiple lines.

1964843: The Viewer URL field in alerts failed to redirect.

Issues resolved in Fix Pack 3

1955403: Azure failed to show some logging messages.

1952897: Primary keys on Insight Admin and project Meta databases were not enforced to be unique.

1943096: Insight Installer failed to run after applying service packs 6.5.0.1 and 6.5.0.2.

1939211: Insight Admin Console Data Loader link was broken when "admin" was part of the hostname.

Issues resolved in Fix Pack 2

1893593: New calendars could not be created in Admin Console.

Issues resolved in Fix Pack 1

1842389: Azure deployment Extracts feature did not save files to Azure blob storage when the "Save to file" option was enabled.

Enhancements introduced in this fix pack

2100700: Removed dependencies on external URLs during Azure deployments.

Added Microsoft Access database engine 2016, IIS StripHeaders module 1.0.5 and IIS URL Rewrite 2.1 into Azure cspkg package.

2094427: Display embedded execution plan name in Data load console/Data load details dialog and Advanced data load details dialog.

Data load details dialog shows the step name of an execution plan. In case of embedded execution plans, it was hard to find out which execution plan contained the executed step. The existing Name column holds additional information on the execution plan name when embedded execution plans are used.

2010805: Define user session timeout values separately by application type.

It was common for users to simply close their browser window rather than clicking a logout button. The data service timeout cleaned the abandoned user sessions, but the timeout default was 24 hours and license seats were assigned and unavailable during that time. Starting from this release, the session timeout interval for users can be configured per application type in the web.config file.

Parameters in WcfDataService web.config:

Kofax Insight use these values as sliding expiration to remove expired sessions from database.

Parameters in Azure cscfg override web.config values. In new deployments web.config and Azure cscfg contain default values.

In upgrade scenarios web.config will not be upgraded to contain the parameters. When missing in web.config: the code will use default values listed above.

Changing the session timeout parameter values take effect immediately.

Enhancements introduced in previous fix packs

Enhancements introduced in Fix Pack 5

2073324: Change the default value of the timezone setting from PST to UTC in the Insight Azure configuration file.

1871395: Ability to send an email after a timeout period when an execution plan is pending.

Pending task notifications feature

Execution plans define the schedule and steps for data load tasks created and processed by the Insight Scheduler. A data load task is subject to pending task notification if it remains in "Pending" or "Started" states for a period of time longer than expected. The time interval can be adjusted for each execution plan. The notification is an email message holding information about the task and its start time.

The notification timeout is counted from starting the task, regardless of state changes or individual task steps completed. When execution plans invoke other execution plans, then only the configuration options of the starting execution plan are considered for the pending task notification.

Tasks do not alter their state as a result of pending task notification. Processing continues and tasks may succeed after the notification is sent.

The email notification is sent only once for each task.

The minimum value and increment of the pending task notification timeout is 1 minute because the Insight Scheduler monitors tasks for the pending task notifications feature once in every minute.

The configuration of the pending task notification feature is at the execution plan level, but default configuration values for newly created execution plans are taken from project level settings. Each execution plan can override the project level setting to enable or disable pending task notifications or set the notification timeout to a different value.

Project level configuration

The following settings are available on the project level in Insight Studio / Tools / "Project Settings" under "Data load". Pending task notifications are configured per project and therefore per tenant.

Execution plan level configuration

The following settings are available for each execution plan.

Enhancements introduced in Fix Pack 4

1934680: Updated Chromium to version 114.0.5735.137 in Chart Snapshot Service.

Enhancements introduced in Fix Pack 3

1959985: Enhanced LDAP search logic by mapping user domains with LDAP search paths.

1956784: Added support for PostgreSQL within Insight as external data source.

PostgreSQL

PostgreSQL was added as an option to the list of Database types in the "New Connection" dialog box.

The provider for the PostgreSQL server can be either "Odbc Provider" or "DSN Provider".

PostgreSQL is supported only as a data source. Running the Insight Administration database on PostgreSQL is not supported.

If you use PostgreSQL data source, ensure that you have the PostgreSQL ODBC driver installed. By default, the ODBC driver name is "PostgreSQL Unicode(x64)" and the port is 5432 (PostgreSQL default).

If you have a different driver name or a different port, you should adjust these values in the Property Panel > Additional string field of the Data Source.

Type the respective part of the ODBC connection string in the Additional string field as follows:

LDAP configuration supported by 6.5.0.3

Starting with Insight 6.3.0, Active Directory authentication is available for all Insight components, including Installation Manager, Scheduler service, and Import and Export utilities. Custom LDAP path entries can be added to the WCFDataService web.config file under the <appSettings> tag.

Prior to version 6.5.0.3, when LDAP paths were configured, the domain part of the authenticating Windows user account was compared to the first key-value pair in the LDAP path after the last slash.

For example, the following LDAP search paths were configured:

<add key="LDAPPath-1" value="LDAP://gc.adomin.company.com:389/DC=domainA,DC=company,DC=com"> <add key="LDAPPath-2" value="LDAP://gc.bdomain.company.ctb:389/DC=domainB,DC=company,DC=com">

User account "domainB\user.name" matched "DC=domainB", and LDAPPath-2 was used for the connection. If neither of the specified paths matched, user properties were not collected for this user from the specified LDAP paths.

Notes:

Starting with 6.5.0.3, LDAP path configuration and search logic were improved for user accounts where the domain name of the user account does not match any of the LDAP paths by using the former logic.

A newly introduced filtering method helps to directly associate user domain names with LDAP paths. The filter is optional, and it can be added to the LDAP path configuration value separated by a semicolon (;).


In the following example, the added "FILTER" associates "domainA" users with the LDAP path "LDAP://ldap.domain.com" in the configuration value after the semicolon.

Example:

<add key="LDAPPath-Corp" value="FILTER=domainA;LDAP://ldap.domain.com" />


An asterisk (*) for FILTER can also be used to match all domain names.

Example:

<add key="LDAPPath-Corp" value="FILTER=*;LDAP://ldap.domain.com" />


For compatibility reasons, Insight 6.5.0.3 continues to support the former LDAP path matching logic as well, with the exception that the comparison is not made against the value of the first key-value pair after the last slash (/). The first "DC" key-value pair is used instead, after the last slash.


When a matching Filter is explicitly configured for a given domain, it overrides the Filter specified by an asterisk (*).

When a Filter matches the user's domain, paths without a filter are neglected.


Multiple configuration items can define the same Filter, and Insight tries to use these until the first successful connection is made to retrieve user properties.


Example:

<add key="LDAPPath-Corp1" value="FILTER=domainA;LDAP://ldap.domain.com" /> <add key="LDAPPath-Corp2" value="FILTER=*;LDAP://gc1.ldap.domain.com:389/DC=ldap,DC=domain,DC=com" /> <add key="LDAPPath-Corp3" value="FILTER=*;LDAP://gc2.ldap.domain.com:389/DC=ldap,DC=domain,DC=com" />

In this example,

"domainA\user.name" connects to LDAPPath-Corp1.

"domainB\user.name" connects to LDAPPath-Corp2.

"domainB\user.name" connects to LDAPPath-Corp3 only when LDAPPath-Corp2 fails.


Example:

<add key="LDAPPath-Corp1" value="FILTER=domainA;LDAP://ldap.domain.com" /> <add key="LDAPPath-Corp2" value="LDAP://ldap.domain.com/DC=ldap,DC=domain,DC=com" />

In this example,

"domainA\user.name" connects to LDAPPath-Corp1.

"domainB\user.name" does not connect to any of the LDAP paths because neither "FILTER=domainA" nor "DC=ldap" matches "domainB".


Example:

<add key="LDAPPath-Corp1" value="LDAP://domainA.domain.com/DC=domainA,DC=domain,DC=com" /> <add key="LDAPPath-Corp2" value="FILTER=domainA;LDAP://ldap.domain.com" />

In this example,

"domainA\user.name" connects to LDAPPath-Corp2 because the value with an explicit Filter takes precedence over the value without a Filter.

Applies to

This fix pack is cumulative and includes the resolved issues released in previous Kofax Insight 6.5.0 fix packs.

You can apply this fix pack to update any of the following versions:

Files included

This fix pack includes the following files:

File name Version
KofaxInsight-6.5.0.6.zip 6.5.0.6
KofaxInsight-6.5.0.6_ForAzure.zip 6.5.0.6

Install fix pack 6.5.0.6

Install Insight 6.5.0.6 in on-premises environments.

Use the following procedure to install the fix pack.

  1. Create a complete backup of all Insight databases.
  2. Copy the KofaxInsight_6.5.0.6.0.916_x64.msp file provided with this fix pack to all computers where Kofax Insight is installed.
  3. When Insight is deployed for high availability, stop IIS web site and Insight Scheduler Service 6.5.0 on all computers.
  4. Apply this .msp file as Administrator.
  5. When Insight is deployed for high availability, start IIS web site and Insight Scheduler Service 6.5.0 on all computers.

Install Insight 6.5.0.6 on Azure

Use the following procedure to install the fix pack on Azure.

  1. Create a complete backup of all Insight databases.
  2. Copy the KofaxInsight-6.5.0.6_ForAzure.zip file to your computer.
  3. Make sure that you comply with the requirements described in the "Prerequisites" section of the Kofax Insight Administrator's Guide for Azure.

    Note: The creation of a cloud service is described in this procedure. You do not need to create it beforehand.

  4. Log in to the Azure portal and follow the instructions on the Microsoft Azure pages to create a storage account.
  5. Review the deployment prerequisites for Cloud Services (extended support) and complete the following steps:
    • Create Key Vault and upload the SSL certificate.
    • Create Virtual Network.
  6. Complete the steps described in the "Update the configuration (.cscfg) file" section of the Kofax Insight Administrator's Guide for Azure.
  7. Navigate to Azure portal > Cloud services (extended support). In the Cloud Services (extended support) pane, select Create.

    The creation window opens in the Basics tab.

  8. Complete the fields in the Basics tab:
    1. Set the Cloud service name and select the Region.
    2. Select From local for the Package/configuration/service definition location.
    3. Select Storage account and upload the .cspkg and .csdef files included in the KofaxInsight-6.5.0.6_ForAzure.zip file, as well as the .cscfg file that you prepared in steps 5 and 6.
  9. Proceed to the Configuration tab and complete the fields:
    1. Select the existing Public IP address or create a new one.
    2. Select None for the Swappable cloud service.
    3. Select the Start cloud service check box.
    4. Select the Key vault that you created.
    5. Click Review + create.

      The deployment process may take about 20-30 minutes.

Install Insight 6.5.0.6 on Docker

See the Kofax Insight Installation Guide.

Remove fix pack 6.5.0.6

Due to database schema changes, removing this fix pack requires restoring all databases.

Uninstall Insight 6.5.0.6 in on-premises environments

Use the following procedure to remove this fix pack.

  1. In Windows Settings, select Apps and select Programs and Features.
    As an alternative in the Control Panel, start Programs and Features.
  2. Click View installed updates.
  3. On the list of updates, in the Name column, select the item that corresponds to Kofax Insight 6.5.0.6.0.916 Patch.
  4. Right-click and select Uninstall.
  5. When Insight is deployed for high availability, do the above steps for all Insight Web and Scheduler servers.
  6. Restore all databases to the state before the upgrade.
  7. Restore all backup Insight configuration files %PROGRAMDATA%\Altosoft.Insight.Backup\[Insight version] to the respective folders under the Insight installation folder.
  8. Restart IIS web site.
  9. Restart Insight Scheduler Service 6.5.0.

Uninstall Insight 6.5.0.6 on Azure and Docker

Azure and Docker environments require redeployment of the earlier versions of Insight.