The tips on this page are written in English only.
Troubleshooting Buypass «Javafri»
Depending on the environment it is possible to end up with a non-functioning Javafri installation. This document describes a number of steps that can be taken to troubleshoot and repair errors.
Buyass Javafri will automatically install in one of two “modes” depending on the host OS:
- On Windows Server platforms, Javafri configures itself to support a Terminal Server environment with remote users. Two components will be installed
- A Windows Service, Smart Card Gatekeeper, which should auto-start under Local System account.
- The smart card proxy, Buypass.SCProxy.exe, of which one instance should auto-start for each logged-in user and run under the user’s account.
- On Windows desktop and OSX platforms, only the smart card proxy is installed. Only one instance of this process should run on the system.
Most of the troubleshooting steps described below apply to both types of installations; steps that apply only to Terminal Server environments are market with [Server].
NOTE: Some of the troubleshooting procedures require Administrator privileges. If your account does not have Administrator rights, you may therefore need assistance from a person who has access to an account with Local Administrator privileges.
Content on this page:
| Table of Contents |
|---|
Other tips:
| Child pages (Children Display) |
|---|
System requirements
- Operating System : Windows Server 2008 or later, Windows Vista or later, OS X 10.10 or later.
- .NET Framework 4.0 or later. When using the .exe installer, the required version of .NET FW will be downloaded and installed automatically. For the .msi installer, it is a prerequisite.
- Browser: Edge, Internet Explorer 11, Firefox, Chrome, Opera have been tested. Other browser may work.
- Ports: The Smart Card proxy sets up an HTTPS listener on port 31505, which must not be in use by other processes. On server platforms, Javafri also requires the port range 31506 - 315099 to be available since each user’s SCProxy process reserves its own port.
Installation overview
Buypass Javafri installs in “%ProgramFiles(x86)\Buypass\Javafri løsning”. On a server platform, a typical installation has the following contents:
On a desktop platform, the installation directory should look like this:
Auto-start of the SCProxy on user logon is configured in the Registry key
HKLM\Software\WOW6432Node*\Microsoft\Windows\CurrentVersion\Run:
*) WOW6432Node => on 64 bit systems
Basic Troubleshooting steps
This section describes a few simple steps to verify that Buypass Javafri has been correctly installed.
Software version
Buypass has released several versions of Javafri, so any problem you experience with your installation may have been fixed in a more recent version. As a first step, you should therefore check if you have the latest version and upgrade if necessary.
To find the version number of your installed Buypass Javafri:
- Open File Manager
- Navigate to %ProgramFiles(x86)%\Buypass\Javafri løsning
- Right-click on the file Buypass.SCProxy.exe and select Properties
Select the Details tab and check the Product Version field:
You can download the latest version from Buypass Download Center.
SCProxy does not autostart
There should be one SCProxy process, running under the currently logged-in user, visible in Task Manager:
[Server] On server platforms, there should be one SCProxy process for each logged-in user as well as the Smart Card Gatekeeper service:
If the Buypass.SCProxy.exe process does not start:
- Check the Registry key described in Basic installation
- Check with your Systems Administrator if there are policy restrictions in effect to prohibit auto-start of programs for ordinary users. This particularly applies to Server installations and is a problem often encountered on Citrix Terminal Servers.
If your environment has another preferred mechanism for auto-start of programs at logon, that mechanism may be used instead of the Run Registry key.
[Server] If the Buypass.SCProxy.Service process is absent from the process list:
Check that Smart Card Gatekeeper service is installed and configured to Automatic start:
Browser does not detect the Smart Card Proxy
If the SCProxy is running and you are still, when attempting identification or signing, either
- prompted to install “Buypass Javafri”,
or - presented with the old Java-based solution,
then you can perform the following steps to verify the installation:
- If your browser is IE 10 or IE 11, check that it is not set up to run in “Compatibility mode” for the web sites you access to authenticate or sign. By default, IE 10/11 runs intranet pages in Compatibility Mode; other sites may be configured explicitly under Tools/Compatibility View.
- Check that the TLS certificate for the SCProxy is properly installed.
- During installation, a self-signed TLS certificate is generated and set as a Trusted Root in Windows Certificate Store. This certificate and its corresponding private key is used to set up an https connection between a web page and the local SCProxy process.
For Internet Explorer, Edge, Chrome and Opera, the following procedure applies:
Double-click on the SC Proxy certificate in the right-hand pane to see details. Check that the certificate has a private key:
If the “SC Proxy” certificate is missing from the list:
- Close all Firefox instances
- Open %ProgramFiles(x86)%\Buypass\Javafri løsning in File Explorer.
- Double-click (i.e. run) FFInstall.vbs
netsh http show sslcert
The result should look like this for IP:port 127.0.0.1:31505:
(Note that the fields Certificate Hash and Application ID may have different values).
Then, in the same command window, issue the command:
netsh http show urlacl
The result should look like this for https://127.0.0.1:31505/ :
[Server] Depending on the number of currently logged-in users, the netsh commands may yield corresponding entries for several 315XX ports.
Signing error 32105
If you receive error 32105 when attempting to sign a document, this means SCProxy is unable to fetch the document from an external server.
The most likely cause of this error is the network proxy setup.
By default, SCProxy uses the default network proxy configuration for the computer. Also by default, SCProxy does not provide credentials to the network proxy.
To resolve, you may need to work with your System Administrator to reconfigure the network proxy; for instance, it may be necessary to remove a requirement for credentials.
Another option is to specify a different network proxy setup for SCProxy by introducing a section in the application’s configuration file:
%ProgramFiles(x86)\Buypass\Javafri løsning\Buypass.SCProxy.exe.config *)
This MSDN article describes how to specify network proxy settings in the configuration file.
*) The file must be created if it does not already exist.
Logging and advanced troubleshooting
If the issue cannot be resolved by going through the points listed in the previous sections, more detailed diagnostic information may be obtained from the following type of logs:
- Application log in the installation directory
- Network log in the browser’s developer console
- Windows Installer log from the installation
Application log
As installed, the “Javafri” main process, Buypass.SCProxy.exe, writes error messages to an automatically created log file in the installation directory. By default, the log file is named log.txt and is limited to 10MB in size.
[Server] In a server installation, the Smart Card Gatekeeper service has its own log file named servicelog.txt in the same directory. Error messages are also written to the Windows Event Log.
In case of unresolved problems, a higher log level may be set in the configuration file described in the previous section. To change the log level, enter the following section in the configuration file.<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net"/>
</configSections>
<log4net>
<appender name="RollingLogFileAppender" type="log4net.Appender.RollingFileAppender">
<file value="log.txt"/>
<appendToFile value="true"/>
<rollingStyle value="Size"/>
<maxSizeRollBackups value="10"/>
<maximumFileSize value="10MB"/>
<lockingModel type="log4net.Appender.FileAppender+MinimalLock"/>
<layout type="log4net.Layout.PatternLayout">
<conversionPattern value="%date %-5level : %message%newline%exception"/>
</layout>
</appender>
<root>
<level value="DEBUG"/>
<appender-ref ref="RollingLogFileAppender"/>
</root>
</log4net>
<!—Any custom proxy settings here -->
</system.net>
</configuration>
With the DEBUG setting active, the log file will contain a lot more details that may be particularly useful to Buypass Support.
When the problem has been diagnosed and fixed, you should delete the logging section from the configuration file or set the log level to its default value of ERROR in order to avoid excessive details in the log file.
Network log
In case the problem cannot be resolved by examining the application log, Buypass Support may ask you to produce a network log from an authentication or signing session. This is most easily done through the browser’s Developer Console as follows:
Installation log
During installation of “Javafri”, Windows installer produces log files that may be useful for diagnostic purposes and may be requested by Buypass Support. The path to these log files have the format:
%LOCALAPPDATA%\Temp\Javafri_løsning*.log
NOTE: The AppData folder is hidden by default and may not be visible without modification of the File Explorer settings.