Difference between revisions of "Troubleshoot regify client"
Line 1: | Line 1: | ||
− | == | + | == Usage == |
===I get errors regarding the certificate of the mailserver=== | ===I get errors regarding the certificate of the mailserver=== | ||
You may encounter error messages like these: | You may encounter error messages like these: | ||
Line 52: | Line 52: | ||
On some Lenovo systems the regify client freezes after opening a regify message due to a tool called Lenovo SmartUpdate (smartUpdate.exe). Removing the tool solved the problem. | On some Lenovo systems the regify client freezes after opening a regify message due to a tool called Lenovo SmartUpdate (smartUpdate.exe). Removing the tool solved the problem. | ||
− | == | + | == Setup == |
===I like to install the client without installing a Outlook or Thunderbird AddIn=== | ===I like to install the client without installing a Outlook or Thunderbird AddIn=== | ||
Please choose the custom install option while setup. You can disable the Outlook AddIn and the Thunderbird AddIn in the further dialog. | Please choose the custom install option while setup. You can disable the Outlook AddIn and the Thunderbird AddIn in the further dialog. | ||
Line 61: | Line 61: | ||
# You might use '''Outlook 2013''' with an older regify client. This version is supportet since regify client V3.10 (April 2013). Maybe you need to update. | # You might use '''Outlook 2013''' with an older regify client. This version is supportet since regify client V3.10 (April 2013). Maybe you need to update. | ||
− | == | + | == Technical FAQ == |
+ | |||
+ | === What ports is regify using? === | ||
+ | In order to allow regify to work, you need to allow regify to access the Internet on TCP/IP ports 443 and 80. | ||
+ | |||
+ | === What domains do I need to white-list for regify usage? === | ||
+ | This only applies if you are using a proxy-server that blocks internet access to all sites that are not white-listed. | ||
+ | * In general, regify needs access to all '''*.regify.com''' domains. This is for using the PLS (Provider Lookup Service) and for automatic updates etc.<br> | ||
+ | * In addition, you need to white-list the '''domains of your regify provider'''. These domains depend on the regify provider your regify account is registered at.<br> | ||
+ | * In addition, if your proxy does not resolve automatically, you need to white-list the domains of the certificate revocation lists (CRL) used in the affected certificates. For the *.regify.com certificates, this are <br>''http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl'' and <br>''http://crl.comodoca.com/COMODORSACertificationAuthority.crl''.<br> It is very likely that you also have to add the CRL of the regify provider you are connecting to. In most cases, you are able to get the domains from the certificate information you can get from your webbrowser. | ||
+ | * For regibox usage, you also need to white-list '''all domains of regify providers that are hosting a box your users are members of'''. If a user A of your regular provider A becomes a member of a regibox created by user B of provider B, your user A also needs access to the provider B domains. You also might need to add the CRL's of them, too (see above). | ||
+ | |||
+ | == Debugging == | ||
===Start extended debug logging=== | ===Start extended debug logging=== | ||
'''Beginning version V4.0''' and newer, the regify client uses an extra structure in his regify_client.ini file. | '''Beginning version V4.0''' and newer, the regify client uses an extra structure in his regify_client.ini file. |
Revision as of 15:54, 30 October 2015
Contents
- 1 Usage
- 1.1 I get errors regarding the certificate of the mailserver
- 1.2 I'm having connection problems
- 1.3 Proxy issues
- 1.4 The regify client complains "The given file can not get opened (no regify file)."
- 1.5 I'm getting an Error: 20 when trying to read regify emails
- 1.6 Does no longer work after upgrading to MacOS 10.10 (Yosemite)
- 1.7 Known issues
- 2 Setup
- 2.1 I like to install the client without installing a Outlook or Thunderbird AddIn
- 2.2 Module c:\-path-\regify client\regifyAddIn.dll failed to register. HRESULT -2147467259. Contact your support personnel.
- 2.3 Fehler beim registrieren von Modul c:\-path-\regify client\regifyAddIn.dll. HRESULT -2147467259. Wenden Sie sich an den Support.
- 3 Technical FAQ
- 4 Debugging
Usage
I get errors regarding the certificate of the mailserver
You may encounter error messages like these:
- Peer Certificate can not be authentikated with given CA
- Certificate verify failed
- etc
In most cases, the wrong smtp server was chosen (or the wrong port). Try to find out if the mailserver certificates are correctly installed and you are really using the correct mailserver. Many mailservers are also having alias domains which are not having a matching certificate.
If you are not able to eliminate the problem, please enter all data like it should work and save the settings. Now, please close the program and open up its configuration file. There you need to locate a setting named MailIgnoreSSLError. Please set this value to 1 to let the program ignore all SSL related errors. Please remark that this setting is reset to 0 if you change the smtp server settings in the configuration dialogs.
I'm having connection problems
Common problems are:
- Error 58 -> Problem with SSL certificate
- Error 59 -> Most probably you need to enter a proxy server
- Error 2 -> Missing internet connection (check proxy and connectivity)
It may help you to activate the debug log (described below on this page). The CURL entries are giving more information about reasons.
If you find SEC_E_INVALID_TOKEN together with Error 59 in the debug logfiles - and being on a Windows 8 or 8.1 system - there might be a problem with the certificate chain of the regify provider. We found two cases regarding the certificate (chain):
- The domain certificate was signed using SHA1. Modern Windows does no longer accept SHA1 domain signatures. As a regify provider, please ask your certificate issuer to renew your certificate by using SHA256.
- The root CA certificate of the chain was signed with less than 2048 bits. Modern Windows and Mozilla does no longer accept root CA's with less than 2048 bits. Try to import the certificates without the root certificate to let the regify appliance choose the root CA. If you can't get it to work, as a regify provider, please ask your certificate issuer for support.
As a customer, please ask the support of your regify provider to update the certificates.
Proxy issues
The regify client support proxy servers for connections. The proxy settings have to be entered manually.
Only with regify client V4 and newer, it also supports PAC files.
For authentication, the regify client supports the following authentication schemes: AUTH_BASIC and AUTH_DIGEST. Beginning with regify client V4, it also supports AUTH_NTLM.
Please always test with the most recent regify client version!
If you believe there is some protocol problem, try to use a prefix to specify alternative proxy protocols like socks4://, socks4a://, socks5:// or socks5h://.
The regify client complains "The given file can not get opened (no regify file)."
German: "Die angegebene Datei kann nicht geöffnet werden (keine regify® Datei)."
Up to version V3.6.5 of the regify-client, this error occurs if there are more than 15 to 22 attachments added to the regify file (depending on the length of the filename and the version of the regify client used for regify generation). To fix this, update to a client newer than V3.6.5 or open the regify-file by uploading to the regify portal of your regify-provider.
I'm getting an Error: 20 when trying to read regify emails
Most of the time this happens because the recipient is trying to read an email that is addressed to one of their email addresses that is not registered with their regify account. Up to 5 email addresses can be registered with a regify account. Log into the provider portal and add the missing email address.
In rare cases this error can be caused by older regify clients when the recipient email address was passed in as mixed case. Example Jane.Doe@company.com. To resolve this, the sender needs to upgrade their regify client or insure that the recipient email address is lowercase, in our example: jane.doe@company.com
Does no longer work after upgrading to MacOS 10.10 (Yosemite)
This is a known incompatibility of the Mac regify client V4.0.0 on MacOS Yosemite.
Please upgrade your Mac regify client to V4.0.1 or even newer to fix this problem. [Download current Mac Client]
Known issues
On some Lenovo systems the regify client freezes after opening a regify message due to a tool called Lenovo SmartUpdate (smartUpdate.exe). Removing the tool solved the problem.
Setup
I like to install the client without installing a Outlook or Thunderbird AddIn
Please choose the custom install option while setup. You can disable the Outlook AddIn and the Thunderbird AddIn in the further dialog.
Module c:\-path-\regify client\regifyAddIn.dll failed to register. HRESULT -2147467259. Contact your support personnel.
Fehler beim registrieren von Modul c:\-path-\regify client\regifyAddIn.dll. HRESULT -2147467259. Wenden Sie sich an den Support.
- The most likely cause of the error is an installed Microsoft Outlook with 64 Bit. The regify AddIn is only able to run on 32 Bit Outlook installations. Please uninstall your Microsoft Office and reinstall the 32 Bit version. If you do not plan to use the Outlook AddIn, you may exclude the AddIn from installation by using the custom setup option.
If you like to test the new AddIn for 64 bit you can contact us at support@regify.com. - You might use Outlook 2013 with an older regify client. This version is supportet since regify client V3.10 (April 2013). Maybe you need to update.
Technical FAQ
What ports is regify using?
In order to allow regify to work, you need to allow regify to access the Internet on TCP/IP ports 443 and 80.
What domains do I need to white-list for regify usage?
This only applies if you are using a proxy-server that blocks internet access to all sites that are not white-listed.
- In general, regify needs access to all *.regify.com domains. This is for using the PLS (Provider Lookup Service) and for automatic updates etc.
- In addition, you need to white-list the domains of your regify provider. These domains depend on the regify provider your regify account is registered at.
- In addition, if your proxy does not resolve automatically, you need to white-list the domains of the certificate revocation lists (CRL) used in the affected certificates. For the *.regify.com certificates, this are
http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl and
http://crl.comodoca.com/COMODORSACertificationAuthority.crl.
It is very likely that you also have to add the CRL of the regify provider you are connecting to. In most cases, you are able to get the domains from the certificate information you can get from your webbrowser. - For regibox usage, you also need to white-list all domains of regify providers that are hosting a box your users are members of. If a user A of your regular provider A becomes a member of a regibox created by user B of provider B, your user A also needs access to the provider B domains. You also might need to add the CRL's of them, too (see above).
Debugging
Start extended debug logging
Beginning version V4.0 and newer, the regify client uses an extra structure in his regify_client.ini file.
The locations:
- Windows: %APPDATA%\regify\regify_client.ini
- MacOS: ~/.regify/regify_client.ini
- Linux: ~/.regify/regify_client.ini
Follow this guide:
- Close any regify client!
- Open the ini file (see locations above).
- Locate the section with [GUI] and update this entry:
debugLevel = 5 - Save settings file and close the editor.
- Try the things you need to log.
- Close any error messages and the regify client!
- To deactivate debugging, please remove the line with "debugLevel" or set debugLevel = 0.
If the file does not exist or you need to get debug information before the file was created (PLS or Proxy problems), please create the file and simply insert the content from above.
Debugging in client 4.0 or earlier creates two debug-log files in the systems temp-directory: regify_client.log and regify_client_sdk.log.
In order to find problems, regify support will need both files from you.
An alternative way to activate debugging is to call the regify client using the comandline parameters -v and -l.
regify_client.exe -v -l "c:\temp\mylog.txt"
The example above is for Windows.