Important notes

Some folders may have been incorrectly marked as logical deleted in the Index

inPoint Server 2018.1 and 2018.2 is affected by a Bug, that if a Folder will be manually deleted it will not be set as logical deleted in the Index. The Bug was fixed in 2018.3. To repair the existing items from the Recycle Bin in the index, a new tool named RecycleBinFix will run during the upgrade. Sadly the tool has an own bug that adds the parent folder into the Recycle Bin instead of a document.

So only Customer which have or had 2018.1 or 2018.2 installed are affected!
If the Customer was already updated to any newer Version from one of the affected Versions, we highly recommend to upgrade to 2020.3 or Reindex everything (if possible)!

If you want to upgrade from one of the affected versions, you can execute the PowerShell Script below before starting any installation. This Script fakes some DB Entries, so the RecycleBinFix will not do anything.

$installDir = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\WOW6432Node\Heilig & Schubert\UnifySetup' -Name installdir).installdir
Add-Type -Path "$($installDir)\Pam.Archive\Configurator\Pam.Archive.dll"
[Pam.Archive.PamArchiveAccessInt]::ResetConfiguration("$($installDir)\Pam.Archive\Pam.Archive.config", $false, $true)
$paa = [Pam.Archive.PamArchiveAccessInt]::Single.Connect($env.UserName, $env:computername)
$toolLog = New-Object Pam.DB.Tools.ToolLog($paa.GetDbConnectionDefaultArchive(), $paa.DefaultArchiveDBScheme);
foreach($archive in $paa.ListArchives($true)) { $toolLog.LogAfterExecute("RecycleBinFix", "Archive: $($archive.Id)") }
$toolLog.Dispose()

Breaking Changes related inPoint users and groups

There are some breaking changes related to inPoint users in this Version.

Changes in the PAM_USERREFERENCE table

PAM_USERREFERENCE.USER_NAME has the following values based on the principal type:

• AD users
  FQDN = user principal name (UPN) associated with this principal
• Internal users  (tenant admin, ...)
  FQDN = [user_name]@ip
• External users
  FQDN = [email]
• Local users
  FQDN = [downlevel_logon_name]@local
• Dummy users
  FQDN = [user_name]@[user_id]

The USER_NAME column value is always in lower case.

The following not used columns are deleted in the PAM_USERREFERENCE table:

• SOURCE VARCHAR2(50)
• DBSERVER VARCHAR2(50)
• DBNAME VARCHAR2(50)
• PAMUSERNAME VARCHAR2(255)
• LCASE_USER_NAME NVARCHAR2(255)

Changes in the PAM_GROUPREF table

New column FQDN has been added.

PAM_GROUPREF.FQDN has the following values based on the principal type:

• AD groups
  FQDN = user principal name (UPN) associated with this principal
• Internal groups
  FQDN = [group_name]@ip
• External groups
  FQDN = [group_name]@[tenant_id].ip

The FQDN is always in lower case.

Customer that are using the Mail archiving

After the installation for any Server >=2018.1.x you have to check the two Scripts:

• MAILBOX_check_folder_ACLs_on_standard_mailboxes.sql
• MAILBOX_fix_folder_ACLs_on_standard_mailboxes.sql

Otherwise, it could happen that the security permissions is not correctly set.

Upgrading from 2017.3.5.1 will fail when importing the PCO on Oracle DB

Upgrading from 2017.3.5.1 using Oracle database will fail when importing the PCO with a foreign key exception.

Workaround:
Execute the following DELETE Statements before starting the upgrade:

DELETE FROM MY_FOLDERS WHERE SITE_ID = 0 AND ID <> 0 AND NAME = 'Root';
DELETE FROM GLOBAL_FOLDERS WHERE SITE_ID = 0 AND ID <> 0 AND NAME = 'Root';
DELETE FROM MAILBOX_FOLDERS WHERE SITE_ID = 0 AND ID <> 0 AND NAME = 'Root';

Archiving of large files (file size approx. 5GB)

There is an error message during archiving of large files after 10 minutes.

Solution:
Increase the timeouts inside the following configs:

• web.config
• Pam.Archive.config (inPoint.Admin)
• HybridStoreSv.exe.Config
• inPoint.config (%appdata%/inPoint -> on client side)

to receiveTimeout="02:00:00" and sendTimeout="01:00:00"

Example:
5GB = ~10min

web.config:
Path: %installdir%\H&S Heilig und Schubert Software AG\Pam.Storage\Web\web.config

HybridstoreSv.exe.config:
Path: %installdir%\HS Europe\inPoint.HybridStore\HybridStoreSv.exe.Config

inPoint.Admin (for HybridStore):
Default: 60 minutes

inPoint.config: Path: %appdata%\inPoint\inPoint.config (client side)
Default: 300 seconds

Sending emails with a new inPoint.Notification.Job

The Pam4.Notification.Scheduler windows service is replaced with the new inPoint.Notification.Job. The inPoint.Notification.Job is automatically installed by the setup. The Pam4.Notification.Scheduler windows service is not installed anymore. During the upgrade the old Pam4.Notification.Scheduler service will be uninstalled and the %installdir%\H&S Heilig und Schubert Software AG\Pam.Storage\Pam.NotificationService folder will be removed.

There are no changes in the PamNotification configuration section in the inPoint Server web.config.

User setting EmailPostArchiveCategory is not migrated

The user setting EmailPostArchiveCategory will not be migrated during upgrade to the current release setup.

Old:

• Settings > Preferences > E-mail > Category after Assignment (user setting)

New (Cascading Setting):

• Settings > Preferences > E-mail > Category after Assignment (for user)
• Admin > General Settings > E-mail > Category after Assignment (for Admin/Tenant)

inPoint.Client Setup is not possible to uninstall or upgrade in silent mode (for 2018.2.*)

• Uninstall is not working when running as a background process if no user is logged in interactively.
• Uninstall is working if the user is doing it via programs & features.
• Upgrade is working if the MSI package is started manually.

Workaround (version 2018.2.4):

• User should be logged in. (can be used with 2018.2.*)
  OR
• Call the MSI package inPoint.Client_2018.2.4.003_Repair.msi in repair mode: (can be used only with 2018.2.4)
  Command: msiexec.exe /fv %msiPath%
  The repair MSI package should be in the SAME DIRECTORY like the original MSI package.

Now you can uninstall the old inPoint.Client Setup 2018.2.4 with the original MSI package or upgrade to the new one.

Pam4AppConn/ColdScript: Pam4AppConn.dll cannot be registered

... because of missing MV C++ Redistributable for VS 2015
ColdScript is not working correctly because of a missing prerequisite.

Solution:
Install the prerequisite and continue.

Installing 2019.1 or later releases on systems having large Mail archive units

There might be a timeout during running the release setup of 2019.1 or later versions on systems having large Mail archive units (more than 1 million archived mails).

Solution:
Execute the following custom DB script, deployed by the setup: MAILBOX_Extend_EWS_ID.sql. This script can be executed only once.

Use this script to FIX the maximum character length allowed for an internet Message-ID (EWS_ID) field in the MAILBOX site for all tenants. Based on RFC-2822 it's 998 characters.
Script execution might take longer.
In the case your default schema differs from "PAM" then: replace the string "[PAM]." with "[your default schema]." in this file.

Missing rights for the Tenant Admin group

There might be missing rights for the Tenant Admin group on Global site/My site/GSR created in earlier versions of the inPoint server.

Solution:
The setup is executing a command line tool AddTenantAdminToGlobalMyGsr.exe to assign full rights for the Tenant Admin group to all Global sites/My sites/GSR for all tenants except where the Tenant Admin group is already present.
This tool will be executed only once.
If Tenant Admin is not needed in any all Global sites/My sites/GSR it should be manually removed after the setup.

Microsoft Windows TIFF IFilter (Windows Server 2012 R2)

On Windows Server 2012 R2 the Microsoft TIFF IFilter does not support all formats. LZW Encoding with black & white works.
"CCITT Group 4 Fax Encoding" is not working.
It can be tested with inPoint.Indexer.exe CONVERT

Solution:
Update to Windows Server 2016 if possible.

Service cannot be started or long Client startup times

inPoint.Core Service cannot be started. When you try to start the service in the Service Manager. After 30 seconds, an error message window appeared and the service is not running.
inPoint.Identity Service cannot be started. When you try to start the service in the Service Manager. After 30 seconds, an error message window appeared and the service is not running.
inPoint Standalone client: After the Application was started, it takes 30 seconds and then the window will appear and it starts Loading.
Can also happen in some other Applications.

Solution:
If you have any inPoint Server without an internet connection: I recommend to deactivate the "Check for publisher’s certificate revocation" check completely.
Steps:

• Click the Menu Start => Run, type "Control Panel", and click "OK"
• Double click "Internet Options"
• Navigate to the tab "Advanced"
• Uncheck the "Check for publisher’s certificate revocation" under the "Security" section

If you just want to disable this check for any certain process, then add to the Application configuration this line:

<generatePublisherEvidence enabled="false"/>

For more information see: Microsoft Documentation generatePublisherEvidence Element Make sure that you insert this line to the correct position in the .app Config File:

<configuration>
<runtime>
<generatePublisherEvidence>

When this problem appears on some Clients which don't have access to the internet:
Add the generatePublisherEvidence manually to the inPoint.Standalone.exe.config.
Change the setting in the "Internet Options".
If multiple clients are affected. This setting can also be changed with an Registry Key change.
See: GPO: Disable check for publisher's certificate revocation

Mailbox synchronization: Permissions are assigned to wrong folders

Security of the mailbox is assigned to a subfolder of other mailbox when their ids equal. This happens only when processing multiple mailbox synchronization requests for the same mailbox. In this case the subfolder of other mailbox will be not visible for the user.

Solution:
To check the subfolders with wrong security, execute the following custom DB script, deployed by the setup:

MAILBOX_check_folder_ACLs_on_standard_mailboxes.sql

When this script finds wrong security on subfolders, then similar output will be displayed:

permission check on folders in the standard mailboxes START:2019-04-11 17:34:45.067
3 subfolders have a wrong security for mailbox:max.mustermann@abc.com
2 subfolders have a wrong security for mailbox:erika.mustermann@abc.com
permission check on folders in the standard mailboxes END:2019-04-11 17:34:45.067

To fix the subfolders with wrong security, execute the following custom DB script, deployed by the setup:

MAILBOX_fix_folder_ACLs_on_standard_mailboxes.sql

Similar output will be displayed:

permission fix on folders in the standard mailboxes START:2019-04-11 17:43:22.383
3 subfolders were updated for mailbox:max.mustermann@abc.com
2 subfolders were updated for mailbox:erika.mustermann@abc.com
permission fix on folders in the standard mailboxes END:2019-04-11 17:43:22.383

Client does not start (XamlParseException is shown in the EventViewer)

When the inPoint.Standalone.exe was started (double clicked the inPoint Icon), nothing happens. Nothing was written into the %temp%/logs/inPoint.log File and in the EventViewer the Error System.Windows.Markup.XamlParseException is shown.

Solution:
Mostly when this Error happens, the .NET Framework 4.7.2 is not correctly installed or broken.

First, check which .NET Framework Version is installed in "Programs and Features". Must be .NET Framework 4.7.2! If no Framework installation is shown, see How to: Determine which .NET Framework versions are installed to check in the Registry, which Version is installed. Must be >= 461808

If multiple .Net Versions are installed (shown in "Programs and Features") uninstall all of them and just installed .NET Framework 4.7.2.

If only .NET Framework 4.7.2 is installed, download the Installer Download .NET Framework 4.7.2 and do a repair with this Setup.

Check also the Windows Version if it is supported by us! (See our Prerequisites Document)

RSS Feed Configure HTTPS connection

The following lines should be added to the web.config if "RSS FEED" should be reachable via https:

<service behaviorConfiguration="UnifyWCFBehavior_wia" name="Pam.Unify.WCF.UnifyWcf">
	<endpoint address="/feed" binding="webHttpBinding" bindingConfiguration="wbBind_ssl" behaviorConfiguration="RESTFeed" contract="Pam.Unify.WCF.IUnifyFeed" />
</service>

<webHttpBinding>
	<binding name="wbBind_ssl">
		<security mode="Transport">
			<transport clientCredentialType="Windows" proxyCredentialType="Windows" />
		</security>
	</binding>
</webHttpBinding>

Infragistics NuGet Packages changes

In inPoint Version 2019.2 the Infragistics Packages was updated from 17.1 to 18.2.
Infragistics did some Controls to NuGet Package restructuring. Therefore, if you update any Custom Plugin that was using Infragistics 17.1 and now should use Infragistics 18.2, it could happen that some NuGet Packages cannot be found.

Solution:
See: Infragistics NuGet Packages
Check which Control you are using and then add the correct NuGet Package.

inPoint.Web and inPoint.IdentityServer compatibility with inPoint.Server

Because of some breaking DB changes in inPoint.Server 2019.3, inPoint.Web and inPoint.IdentityServer 2019.2 or lower will not work with inPoint.Server 2019.3.

If you are already using inPoint.Web and inPoint.IdentityServer 2019.1.X or 2019.2.X, do NOT upgrade to inPoint.Server 2019.3.

Journal Mailbox problems with ContentAccess 3.8 and inPoint prior to 2019.3

If ContentAccess 3.8 was already in use then mails from a Journal-Mailbox will not open in inPoint client.

Solution: To fix the already archived mails execute the following statement:

UPDATE _schema_.PAMAU_MAIL_CONT set CONINDEX = -2 where CONIMPORTNAME like 'EnvelopeData.eml'

inPoint.Server Setup Error dialog during upgrade FillUserNameWithUPN

During the upgrade, the short username will be replaced with the long user principal name (franz => franz@company.local). If a user is not found in AD then you will see this error dialog during upgrade:

If the ExitCode=1 is shown, then the reason is that some users were not found in the AD!

Inside the log file you can see the detailed error message for each missing user:

Unable to find the user (User name: franz _deleted:2029111214440634@da8e6b77-a922-4332344343-7dfad6', guid: 'da8e6b77-a922-tw3242-b766-fbf53434242dfa6asd')

Click on "Ignorieren" to continue the setup!
All users, which are not found in AD anymore, will have a GUID instead of the domain.

If you want to have a clean database then change to the correct domain in the table PAM_USERREFERENCE (Column: USER_NAME).

Unless the database is cleaned, the missing users are not able to connect to inPoint.

Close and Save with WebDav opened files in Office 2016

If files are opened with WebDav in Office 2016, then closed and saved, the Office Upload Center complains that it cannot save the file.

Solution:
Disable caching in Office Upload Center

• Open the Microsoft Office Upload Center, click on "Settings" and check the box: "Delete files from the Office Document Cache when they are closed"
• Use the Registry to directly set it (where XXX is your office version): HKEY_CURRENT_USER\Software\Microsoft\Office\XXX\Common\FileIO\ DisableLongTermCaching a REG_DWORD with a value of 1.

Save (wait some seconds), then close the file.

inPoint.Indexer: Hashtagfix command is stopping with a timeout exception

The command "inPoint.Indexer.exe HASHTAGFIX" is stopping with a timeout exception after 1 hour.

Workaround: Execute the command manually in a CMD (as administrator). Retry the execution of this command until it finishes successful.

If the same error is appearing after several retries then please create an otrs ticket.

inPoint.Wizard: Kibana cannot be upgraded because the directory is used by another processes

If the inPoint.Wizard is upgrading kibana and the installation directory is currently in use by another process then it shows a dialog with the error message "The directory is not empty" and with the options "retry" and "ignore".

Please check which processes are using this folder (its also listed inside the dialogs error message) and verify that those processes are stopped correctly and click on "Retry" to continue the upgrade process.

If you ignore this step then you have to upgrade kibana manually after the inPoint upgrade process is finished. Here you can check how to install kibana manually.