Microsoft KB Archive/249924

{|
 * width="100%"|

PRB: MIFST Support for Distributed UserKeys Fails

 * }

Q249924

-

The information in this article applies to:


 * Microsoft Internet Finance Server Toolkit, versions 1.0, 1.01

-

IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs. For information about how to do this, view the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe.

SYMPTOMS
When an open financial exchange (OFX) client uses OFX UserKeys, Microsoft Internet Finance Server Toolkit (MIFST) may indicate that a UserKey is invalid if you have multiple translation servers in your MIFST configuration.

CAUSE
An OFX client typically sends the username and password of the given user in the body of every OFX request sent to an OFX server. The OFX specification provides support for a UserKey so that instead of sending the username and password with each request, the client sends the username and password with the first request along with the "Y" flag so that the server sends the client a UserKey that can be sent instead of the username and password for all subsequent requests. (Validating user name and password is an expensive operation and can negatively affect efficiency. Using a Userkey can make handling OFX requests more efficient.)

By default, MIFST supports UserKey requests and will generate a UserKey if the client specifies the GENUSERKEY flag. Since the UserKeys are cached in MIFST's local memory on the translation server, there is a problem if you attempt to send the UserKey to one of your other translation servers. If you have translation server TS1 and translation server TS2 in your MIFST installation, TS1 may generate a UserKey that will be sent in a later OFX request to TS2. Since TS2 does not have direct access to the UserKey cache in TS1, the request may be wrongly denied.

RESOLUTION
MIFST supports distributed UserKeys between translation servers. MIFST will attempt to use Distributed COM to communicate with the other translation servers to validate a UserKey, but the UserKey COM object does not get properly registered for this to work.

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT or Windows 2000, you should also update your Emergency Repair Disk (ERD).

After you have installed your translation server, you must make the following changes for distributed UserKeys to work:


 * 1) Create the following registry key:
 * 2) Add the following Registry value in the above key:
 * 3) In DCOMCNFG or OLEVIEW, add "everyone" to the UserKey object's access permissions.

Repeat these steps on all your translation servers.

Once you have performed these steps, restart Internet Information Server to make the changes take effect.

STATUS
Microsoft has confirmed this to be a problem in the Microsoft products that are listed at the beginning of this article.

MORE INFORMATION
Current versions of the most common OFX clients, Microsoft Money and Intuit Quicken, do not request UserKeys so this is not a problem for most sites. But other OFX clients may request UserKeys or future versions of Money and Quicken may request UserKeys. If no action is taken, these other clients may see invalid access errors for no valid reason.

The third-party products discussed in this article are manufactured by vendors independent of Microsoft; we make no warranty, implied or otherwise, regarding these products' performance or reliability.

Additional query words:

Keywords : kbDSupport

Issue type : kbprb

Technology : kbIFinanceServTKSearch kbIFinanceServTK101 kbIFinanceServTK100