Debugging Kofax Web Capture Service Installation

Debugging Kofax Web Capture Service Installation

Verify the Service is Running

Navigate to https://127.0.0.1:23024/sessions.
If you receive a certificate error, proceed to run the script in section 2 below.

Certificate Error


Success (No Error)


Run the Debug Script

The debug script below will help determine which component of the Web Capture Service is not available. Once the component is identified, perform an investigation into what is blocking or removing it. Commonly this is antivirus solutions, application control (e.g. airlock), group policy and centralised certificate management.

Open command prompt as an administrator.

Run the script below. For ease of use, copy and paste the script into a .cmd file and run it.
  1. cd /d %~dp0
  2. set log=WebCaptureInstallDetails.txt
  3. echo Web Capture Install Details > %log%
  4. echo. >> %log%
  5. echo. >> %log%
  6. echo Server Cert  >> %log%
  7. echo. >> %log%
  8. certutil -store "MY" Kofax.WebCapture.Localhost 1>> %log% 2>>&1
  9. echo. >> %log%
  10. echo. >> %log%
  11. echo CA Cert  >> %log%
  12. echo. >> %log%
  13. certutil -store "Root" "Kofax Web Capture Service" 1>> %log% 2>>&1
  14. echo. >> %log%
  15. echo. >> %log%
  16. echo URL ACL  >> %log%
  17. echo. >> %log%
  18. netsh http show urlacl 1>> %log% 2>>&1
  19. echo. >> %log%
  20. echo. >> %log%
  21. echo SSL Cert Binding  >> %log%
  22. echo. >> %log%
  23. netsh http show sslcert 1>> %log% 2>>&1

Review Script Results

Running the script will create a file called WebCaptureInstallDetails.txt. Open the file and review the contents. It has 4 sections as follows.

Server Cert

If you see the text in the installed section below, then the server certificate is installed correctly.

If you see the text in the not installed section below, then the server certificate are not installed correctly.

Installed

  1. MY "Personal"
  2. ================ Certificate 1 ================
  3. Serial Number: 1000
  4. Issuer: CN=Kofax Web Capture Service, OU=Atalasoft, O=Kofax, L=Irvine, S=California, C=US
  5. NotBefore: 1/11/2022 12:52 AM
  6. NotAfter: 2/11/2052 12:52 AM
  7. Subject: CN=127.0.0.1, OU=Atalasoft, O=Kofax, S=California, C=US
  8. Non-root Certificate
  9. Cert Hash(sha1): 84f9a25dfcc64ab15f7cdc96e85aa579fdf790a3
  10.   Key Container = Kofax.WebCapture.Localhost
      Unique container name: 9b4d0c1ab0a6ecd901671939473da25c_a27e20d6-365c-4049-991f-34f2a284a869
  11.   Provider = Microsoft Enhanced Cryptographic Provider v1.0
  12. Private key is NOT exportable
  13. Encryption test passed
  14. CertUtil: -store command completed successfully.

Not Installed

  1. MY "Personal"
  2. CertUtil: -store command FAILED: 0x80090011 (-2146893807 NTE_NOT_FOUND)
  3. CertUtil: Object was not found.

CA Cert

If you see the text in the installed section below, then the CA certificate is installed correctly.

If you see the text in the not installed section below, then the CA certificate are not installed correctly.

Installed

  1. Root "Trusted Root Certification Authorities"
  2. ================ Certificate 4 ================
  3. Serial Number: 9e3478ffcab3bba9
  4. Issuer: CN=Kofax Web Capture Service, OU=Atalasoft, O=Kofax, L=Irvine, S=California, C=US
  5. NotBefore: 1/11/2022 12:49 AM
  6. NotAfter: 2/11/2052 12:49 AM
  7. Subject: CN=Kofax Web Capture Service, OU=Atalasoft, O=Kofax, L=Irvine, S=California, C=US
  8. Signature matches Public Key
  9. Root Certificate: Subject matches Issuer
  10. Cert Hash(sha1): 9a8df5d00728ec451a0eed52f6fea373bd4f2bd5
  11. No key provider information
  12. Cannot find the certificate and private key for decryption.
  13. CertUtil: -store command completed successfully.

Not Installed

  1. Root "Trusted Root Certification Authorities"
  2. CertUtil: -store command FAILED: 0x80090011 (-2146893807 NTE_NOT_FOUND)
  3. CertUtil: Object was not found.


URL ACL

The following two entries must exist.
  1.     Reserved URL            : http://127.0.0.1:23023/
  2.         User: BUILTIN\Users
  3.             Listen: Yes
  4.             Delegate: No
  5.             SDDL: D:(A;;GX;;;BU)

  6.     Reserved URL            : https://127.0.0.1:23024/
  7.         User: BUILTIN\Users
  8.             Listen: Yes
  9.             Delegate: No
  10.             SDDL: D:(A;;GX;;;BU)

SSL Cert Binding

The following entry must exist.
  1.     IP:port                      : 0.0.0.0:23024
  2.     Certificate Hash             : 84f9a25dfcc64ab15f7cdc96e85aa579fdf790a3
  3.     Application ID               : {44140043-5cd0-460e-bf47-c77ca5da537d}
  4.     Certificate Store Name       : (null)
  5.     Verify Client Certificate Revocation : Enabled
  6.     Verify Revocation Using Cached Client Certificate Only : Disabled
  7.     Usage Check                  : Enabled
  8.     Revocation Freshness Time    : 0
  9.     URL Retrieval Timeout        : 0
  10.     Ctl Identifier               : (null)
  11.     Ctl Store Name               : (null)
  12.     DS Mapper Usage              : Disabled
  13.     Negotiate Client Certificate : Disabled
  14.     Reject Connections           : Disabled
  15.     Disable HTTP2                : Not Set
  16.     Disable QUIC                 : Not Set
  17.     Disable TLS1.2               : Not Set
  18.     Disable TLS1.3               : Not Set
  19.     Disable OCSP Stapling        : Not Set
  20.     Enable Token Binding         : Not Set
  21.     Log Extended Events          : Not Set
  22.     Disable Legacy TLS Versions  : Not Set
  23.     Enable Session Ticket        : Not Set
  24.     Disable Session ID           : Not Set
  25. Extended Properties:
  26.     PropertyId                   : 0
  27.     Receive Window               : 1048576
  28. Extended Properties:
  29.     PropertyId                   : 1
  30.     Max Settings Per Frame       : 2796202
  31.     Max Settings Per Minute      : 4294967295
  32. Extended Properties:
  33.     PropertyId                   : 2
  34. Extended Properties:
  35.     PropertyId                   : 3
  36. Extended Properties:
  37.     PropertyId                   : 4
  38. Extended Properties:
  39.     PropertyId                   : 5



    • Related Articles

    • Working in My Area and Managing Tickets

      Please refer to this article that is kept up to date our Service Desk vendor: https://help.zoho.com/portal/en/kb/desk/for-end-users/help-center/articles/working-with-my-area-in-help-center#Accessing_My_Area
    • PAG Support Portal Overview

      Signing Up You must sign up in order to do any of the following on the support portal: View your tickets View your colleagues' tickets Submit a new ticket There are 2 ways to sign up. Select the one appropriate to you. Single Sign On with Office 365 ...