Kofax SafeCom G4 Server 10.6.0 Fix Pack 1
Build Date: November 29, 2022
© 2022 Kofax. All rights reserved.
Use is subject to license terms.
Introduction
You can install Kofax SafeCom G4 Server 10.6.0.1 to resolve the issues listed below grouped by components. The new version supports for modern authentication for SMTP based mail services.
Note: The fix pack consists of two component installers.
- Kofax SafeCom G4 Server 10.6.0.1
- Kofax SafeCom G4 Server 10.6.0.1 Tools
The installers support clean setup of the software and upgrade scenarios from earlier versions. For more information on the installation process, see the Administrators' Guide.
New feature: Modern authentication support for SMTP mail service
The feature introduces support for new authentication methods, such as Microsoft 365 OAuth2 and Google OAuth2. New version of SafeCom Administrator provides the following configuration options:
- Configure email service in SafeCom Administrator
- Configure NTLM SMTP authentication
- Configure Microsoft 365 OAuth2 SMTP authentication
- Configure Google OAuth2 SMTP authentication
Configure email service in SafeCom Administrator
Open the Server settings dialog to setup the following parameters:SMTP server address shows the hostname or the IP address of the mail server that is used to send outgoing mails.
Port is 25 by default.
Reply e-mail address is used by the SafeCom auto-mailer when sending e-mails.
Connection security settings determine if your connection to the mail server is encrypted:
- None: The connection is not encrypted (default port
25). - STARTTLS: The connection starts as unencrypted but attempts to make a secure connection if the mail server supports it (default port 587).
- SSL/TLS: The connection is encrypted (default port
465). This is the recommended setting.
Note: STARTTLS or SSL/TLS connection security requires that the SafeCom Mail Service logon account has Read access to the private key of the certificate specified in the TlsCert registry entry, which is created by SafeCom itself under HKLM\Software\SafeCom\SafeComG4.
Authentication methods used to verify that you are the owner of the account you are trying to access:
- None: No need for authentication to connect to the mail server.
- Password: Username and password are required for the connection.
- NTLM: NT LAN Manager authentication. See Configure NTLM SMTP authentication.
- Microsoft 365 OAuth2: OAuth2 protocol is used to connect to the Microsoft mail server. See Configure Microsoft 365 OAuth2 SMTP authentication.
- Google OAuth2: OAuth2 protocol is used to connect to the Google mail server. See Configure Google OAuth2 SMTP authentication.
Email address: Type in the e-mail address where SafeCom should send "Event" and "Credits reserved notification" messages. These messages help administrators address potential problems proactively. For example, these emails may inform the administrator that a trial license is about to expire in a couple of days. The administrator can also look at the Event log.
If you select Email PUK code when generated, the PUK code is automatically sent to the user through email using the template EmailPUK.txt (see chapter Customize and translate email messages in SafeCom G4 Server Administrators' Guide). A PUK code is generated in the following ways:
- If Generate PUK on Pull print is checked in, the Users tab in the Server properties dialog (see Users).
- When generating a PUK code in the ID code tab in the User properties dialog (see ID code).
- When importing users while Generate PUK is checked (see Import users).
Note: No e-mail is sent if the PUK is generated from the SafeCom G4 Web Interface.
If you select Email welcome message to new users, a welcome message is automatically sent to the user through e-mail using the template EmailWelcome.txt (see chapter Customize and translate e-mail messages in SafeCom G4 Server Administrators' Guide).
If you select Email job deletion note to author of job, the author receives an email when a document is deleted. See EmailJobDelete.txt in chapter Customize and translate email messages.
In Email delete warning to, you can select Author of job and/or Recipients of job. If checked, an email warning is sent that specifies the remaining time before deletion. See EmailWarning.txt in chapter Customize and translate email messages.
Configure NTLM SMTP authentication
To use NT LAN Manager (NTLM) authentication detailed in the email section, the following steps must be executed on the primary and all secondary SafeCom G4 servers:
Modify the SafeCom Mail Service property:
Set Log on account to the mail sender user.
-
Create the local or domain SafeComMailSender group and add the following accounts to it:
- Mail sender user account
- SafeCom Service log on account
- If the SafeCom Service runs under the Local System account, please change the account to
NT AUTHORITY\SYSTEM. - The SafeCom Service and the mail sender user accounts must be in the same given local or domain group for security reasons. The software checks the group membership and does not send email if the verification fails.
Notes
- Restart the SafeCom Mail Service and SafeCom Service.
-
Specify connection settings on Email tab of Server properties dialog in SafeCom Administrator
- Port: 587
- Reply email address: the email address of the mail sender user
- Connection security: STARTTLS
- Authentication: NTLM
Notes
- In case of later modification of the settings above, restart the SafeCom Mail Service and SafeCom Service.
-
To send emails successfully during user import, increasing the message processing rates of the SMTP server may be needed. In case of Exchange Server, run the following command in the Exchange Management Shell to set the rates to unlimited:
Get-ReceiveConnector | Set-ReceiveConnector -MessageRateLimit Unlimited
For more information, search for Message rate limits and throttling in Microsoft documentation.
Configure Microsoft 365 OAuth2 SMTP authentication
To use OAuth2 authentication to connect to the Microsoft mail server detailed in the Email section, an application must be registered with Azure Active Directory.
During the registration:
- Select Mobile and desktop applications platform
For more information, search for Quickstart: Register an application with the Microsoft identity platform in Microsoft documentation.
The following steps must be executed on the primary and all secondary SafeCom G4 servers to grant access to the registered application to be able to send emails:
-
Specify connection settings on Email tab of Server properties dialog in SafeCom Administrator
- SMTP server address:
smtp.office365.com - Port:
587 - Reply email address: the Microsoft 365 e-mail address of the mail sender user
- Connection security:
STARTTLS - Authentication: Microsoft 365 OAuth2
- Client ID: Application (client) ID of the registered application
- Tenant ID: Directory (tenant) ID of the registered application
- SMTP server address:
-
Click on Authorize... to authenticate the registered application and get an access token for the mail server.
This will open a login screen in a browser for the mail sender user and ask for permission for the registered application to send emails.
Note: In case of later modification of the mail sender user’s password, the registered application should be authenticated again.
-
Enable SMTP AUTH on the mail sender user's mailbox.
For more information, search for Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online in Microsoft documentation.
Configure Google OAuth2 SMTP authentication
To use OAuth2 authentication to connect to the Google mail server detailed in the Email section, an application must be registered with Google Cloud Platform. During the registration:
- Enable Gmail API service
- Create OAuth client ID and select Desktop app application type
For more information, search for Enable and disable APIs and Setting up OAuth 2.0 in Google documentation, in API Console Help.
The following steps must be executed on the primary and all secondary SafeCom G4 servers to grant access to the registered application to be able to send e-mails:
-
Specify connection settings in SafeCom Administrator, on the Server properties > E-mail page:
- SMTP server address:
smtp.gmail.com - Port:
587 - Reply email address: the Google email address of the mail sender user
- Connection security:
STARTTLS - Authentication: Google OAuth2
- Client ID: Client ID of the registered application
- Client Secret: Client secret of the registered application
- SMTP server address:
-
Click on Authorize... to authenticate the registered application and get an access token for the mail server.
This opens a login screen in a browser for the mail sender user and ask for permission for the registered application to send emails.
Note: In case of later modification of the mail sender user’s password, the registered application should be authenticated again.
Issues Resolved in This Fix Pack
SafeCom G4 Server
1885445: SF26600830 - Admin Console did not extract the users card information for all users.
1884637: SF26599028 - Windows Print Spooler crashed intermittently during working hours.
1884522: SF26618217 - G4 - Admin Console: If Windows users password was greater than 30 characters, then the user was not able to log in.
1884463: SF26588502 - Was unable to run the "Redact user data", so could not create a user that has been deleted.
1884460: SF26568642 - Next user was not able to login to HP Unified Client.
1784417: Configuration of Ethernet card readers is managed properly after G4 server upgrade.
1776170: G4 Server uninstaller cleans the system registry database properly.
1764479: SafeCom Popup supports workstations connecting to the company network through VPN.
1760920: G4 Server installer registers SafeCom Popup as a start-up application just in case of Client installation.
1734205: The Repair replication workflow in SafeCom Administrator is enhanced to prompt for user credentials properly.
1705454: External SQL Server for the primary application server can be specified either by hostname or IP address when you setup AG listener in SQL Always On environment.
1469792: G4 Server installation workflow was cleaned up by removing unnecessary warning messages.
Applies To
The component installers can be used for clean install or upgrade of the software.
You can apply this fix pack to update any of the following versions:
- G4 Server 10.6.0.0 or before
Files Included
This fix pack includes the following files:
| Filename | Version |
|---|---|
| SafeComG4_Server_x64_build_10.6.0.1.exe | 10.6.0.395 |
| SafeComG4_Tools_x64_build_10.6.0.1.exe | 10.6.0.395 |
| ReadMe-KofaxSafeComG4Server-10.6.0.1.htm | N/A |
Install This Fix Pack
The installers manage all dependent services in appropriate manner. Please refer to the Administrators' Guide of the component for the installation details.
Remove This Fix Pack
Please refer to the Administrator's Guide of the component regarding to the uninstallation considerations.