Do Datacap Server#1 and #2 Administrator passwords need to have the same value?

View Only

Expand all | Collapse all

Do Datacap Server#1 and #2 Administrator passwords need to have the same value?

1. Do Datacap Server#1 and #2 Administrator passwords need to have the same value?

0 Like
dsakai
Posted Fri July 07, 2023 07:31 PM

Reply
This is my understanding. Is this correct?

[Datacap Server#1]
1) Login as Administrator
2) Install Datacap.
3) Execute "dcskey e" to export a private key to dc_KTF.xml

[Datacap Server#2]
0) Change Administrator's password to Datacap Server#1's Administrator password.
1) Login as Administrator
2) Install Datacap.
3) Copy dc_KTF.xml from Datacap Server#1.
4) Execute "dcskey i" to export private key from dc_KTF.xml

Correct me if I am wrong.
Datacap uses Microsoft CryptoAPI and CryptoAPI creates a private key based on Administrator's password.
CryptoAPI always authenticates to Administrator's password before it uses the private key to decode something.
Thus, two Datacap Servers need to have the same Administrator password for CryptoAPI to share the same private key.

------------------------------
dsakai
------------------------------
2. RE: Do Datacap Server#1 and #2 Administrator passwords need to have the same value?

0 Like
Blue Devil
Posted Wed July 12, 2023 02:12 PM

Reply
All you have to so is copy the dcskey.xml that's working in tms 1 to tms2. Then run the import on tms2 server using the same dckkey.xml.

No need to matched the password on tms1 and tms2. The cryto key is per user. That is why it's in the RSA profile per user.

------------------------------
Blue Devil
------------------------------

Original Message
3. RE: Do Datacap Server#1 and #2 Administrator passwords need to have the same value?

0 Like
dsakai
Posted Mon July 24, 2023 10:18 PM

Reply
Thank you Blue Devil.

My team has observed that if we changed password of Administrator on tms1, the rulerunner servers no longer were able to authenticate to tms1.

This led me to guess that the password of Administrator that has exported the encryption key must be part of the private key that is used to decrypt passwords from rulerunner servers. So it may be that tms2 must have the same password as that of tms1.

Thank you for the tip.

------------------------------
dsakai
------------------------------

Original Message
4. RE: Do Datacap Server#1 and #2 Administrator passwords need to have the same value?

0 Like
dsakai
Posted Tue January 09, 2024 12:29 AM
Edited by dsakai Tue January 09, 2024 12:43 AM

Reply
My current understanding after testing with Datacap 9.1.9 IF4 on Windows Server 2022.

1) Datacap Installation and Configuration user can be any user with an Administrator priviledge. (The user does not have be the Built-In Administrator.)

2) After exporting Encryption key using "dcskey e" command, you can change the password of Installation and Configuration user. BUT DO NOT use "dcskey" command again. Only change password. Do not execute dcskey i. dcskey command seems to alter the exported private key and thus the client components won't be able to communicate with Datacap Server. For daily maintenance, use the accounts different from Installation and Configuration user.

3) The password of Installation and Configuration user on Datacap Server#1 and Datacap Server#2 can be different. They do not need to have an identical password.

------------------------------
dsakai
------------------------------

Original Message
5. RE: Do Datacap Server#1 and #2 Administrator passwords need to have the same value?

0 Like
Duke Lam
Posted Tue January 09, 2024 12:35 PM

Reply
That is correct.

To your questions below. No need to change any OS password. Both OS do NOT need to have same PW.

The Crypto key is stored in the user profile. It's per user and stored in each user profile.

[Datacap Server#1]
1) Login as Administrator
2) Install Datacap.
3) Execute "dcskey e" to export a private key to dc_KTF.xml

[Datacap Server#2]
0) Change Administrator's password to Datacap Server#1's Administrator password.
1) Login as Administrator
2) Install Datacap.
3) Copy dc_KTF.xml from Datacap Server#1.
4) Execute "dcskey i" to export private key from dc_KTF.xml

Correct me if I am wrong.
Datacap uses Microsoft CryptoAPI and CryptoAPI creates a private key based on Administrator's password.
CryptoAPI always authenticates to Administrator's password before it uses the private key to decode something.
Thus, two Datacap Servers need to have the same Administrator password for CryptoAPI to share the same private key.

------------------------------
Duke Lam
------------------------------

Original Message

IBM Business Automation Community

Come for answers. Stay for best practices. All we’re missing is you.

Content Management and Capture

Do Datacap Server#1 and #2 Administrator passwords need to have the same value?

dsakaiFri July 07, 2023 07:31 PM

Blue DevilWed July 12, 2023 02:12 PM

dsakaiMon July 24, 2023 10:18 PM

dsakaiTue January 09, 2024 12:29 AM

Duke LamTue January 09, 2024 12:35 PM

1. Do Datacap Server#1 and #2 Administrator passwords need to have the same value?

2. RE: Do Datacap Server#1 and #2 Administrator passwords need to have the same value?

3. RE: Do Datacap Server#1 and #2 Administrator passwords need to have the same value?

4. RE: Do Datacap Server#1 and #2 Administrator passwords need to have the same value?

5. RE: Do Datacap Server#1 and #2 Administrator passwords need to have the same value?