Content Management and Capture

 View Only
  • 1.  Do Datacap Server#1 and #2 Administrator passwords need to have the same value?

    Posted Fri July 07, 2023 07:31 PM

    This is my understanding. Is this correct?

    [Datacap Server#1]
    1) Login as Administrator
    2) Install Datacap.
    3) Execute "dcskey e" to export a private key to dc_KTF.xml

    [Datacap Server#2]
    0) Change Administrator's password to Datacap Server#1's Administrator password.
    1) Login as Administrator
    2) Install Datacap.
    3) Copy dc_KTF.xml from Datacap Server#1.
    4) Execute "dcskey i" to export private key from dc_KTF.xml

    Correct me if I am wrong.
    Datacap uses Microsoft CryptoAPI and CryptoAPI creates a private key based on Administrator's password.
    CryptoAPI always authenticates to Administrator's password before it uses the private key to decode something.
    Thus, two Datacap Servers need to have the same Administrator password for CryptoAPI to share the same private key.



    ------------------------------
    dsakai
    ------------------------------


  • 2.  RE: Do Datacap Server#1 and #2 Administrator passwords need to have the same value?

    Posted Wed July 12, 2023 02:12 PM

    All you have to so is copy the dcskey.xml that's working in tms 1 to tms2.  Then run the import on tms2 server using the same dckkey.xml.

    No need to matched the password on tms1 and tms2.  The cryto key is per user.   That is why it's in the RSA profile per user.



    ------------------------------
    Blue Devil
    ------------------------------



  • 3.  RE: Do Datacap Server#1 and #2 Administrator passwords need to have the same value?

    Posted Mon July 24, 2023 10:18 PM

    Thank you Blue Devil.

    My team has observed that if we changed password of Administrator on tms1,  the rulerunner servers no longer were able to authenticate to tms1.

    This led me to guess that the password of Administrator that has exported the encryption key must be part of the private key that is used to decrypt passwords from rulerunner servers.  So it may be that tms2 must have the same password as that of tms1. 

    Thank you for the tip. 



    ------------------------------
    dsakai
    ------------------------------



  • 4.  RE: Do Datacap Server#1 and #2 Administrator passwords need to have the same value?

    Posted Tue January 09, 2024 12:29 AM
    Edited by dsakai Tue January 09, 2024 12:43 AM
    My current understanding after testing with Datacap 9.1.9 IF4 on Windows Server 2022.
     
    1) Datacap Installation and Configuration user can be any user with an Administrator priviledge. (The user does not have be the Built-In Administrator.)
     
    2) After exporting Encryption key using "dcskey e" command, you can change the password of Installation and Configuration user. BUT DO NOT use "dcskey" command again. Only change password. Do not execute dcskey i. dcskey command seems to alter the exported private key and thus the client components won't be able to communicate with Datacap Server. For daily maintenance, use the accounts different from Installation and Configuration user.
     
    3) The password of Installation and Configuration user on Datacap Server#1 and Datacap Server#2 can be different. They do not need to have an identical password.



    ------------------------------
    dsakai
    ------------------------------



  • 5.  RE: Do Datacap Server#1 and #2 Administrator passwords need to have the same value?

    Posted Tue January 09, 2024 12:35 PM

    That is correct.   

    To your questions below.  No need to change any OS password.   Both OS do NOT need to have same PW.  

    The Crypto key is stored in the user profile.  It's per user and stored in each user profile.  

    [Datacap Server#1]
    1) Login as Administrator
    2) Install Datacap.
    3) Execute "dcskey e" to export a private key to dc_KTF.xml

    [Datacap Server#2]
    0) Change Administrator's password to Datacap Server#1's Administrator password.
    1) Login as Administrator
    2) Install Datacap.
    3) Copy dc_KTF.xml from Datacap Server#1.
    4) Execute "dcskey i" to export private key from dc_KTF.xml

    Correct me if I am wrong.
    Datacap uses Microsoft CryptoAPI and CryptoAPI creates a private key based on Administrator's password.
    CryptoAPI always authenticates to Administrator's password before it uses the private key to decode something.
    Thus, two Datacap Servers need to have the same Administrator password for CryptoAPI to share the same private key.



    ------------------------------
    Duke Lam
    ------------------------------