CASPOL Troubleshooting Tips

 

The Code Access Security Policy Tool (CASPOL) is a Microsoft product used to install the .NET security policy on the client workstation. This executable must be run on every workstation that utilizes AINS application controls (for Correspondence Templates, Document Management, Scanning, etc.).

The instructions in this topic will address common questions and issues that prevent access to the AINS application controls and/or prevent the controls from functioning properly. Most problems can be solved by following the instructions on this page. However, if a problem persists, please contact our Technical Support team at support@www.ains.com.

The CASPOL program can only be executed by members of the Admin group. If you have administrator rights to your client workstation you may be able to execute these instructions. Otherwise, please consult your local workstation Administrator for assistance.

Basic CASPOL Tips (Important)

CASPOL can only be installed using Internet Explorer 32-bit version. CASPOL does not operate with Internet Explorer 64-bit version.

Microsoft .NET Frameworks v4.5, v4.5.1, and v4.5.2 are not supported on a server environment by AINS COTS products.

Add the Application URL to Internet Explorer Trusted Sites

  1. Open Internet Explorer.
  2. Select Tools > Internet Options > Security tab.
  3. Click Trusted Sites to enable the Sites button.
  4. Click the Sites button. Make sure the application URL is present in the textbox. (For example: http://training01/atipxpress or http://training01/foiaxpress)
  5. Click the Add button. If you receive an error message, remove the check mark in the Require server verification (https) for all sites in this zone option.
  6. Click the Close button on the Trusted Sites window.
  7. Click the OK button to exit the Internet Options window.

Create the CASPOL Batch Files

 

The CASPOL tool is automatically copied onto the workstation during the installation of Microsoft .NET Framework or Microsoft Visual Studio. However, you can create  batch files to execute CASPOL and verify the installation on your client workstation. Before you begin, make sure your user account is assigned with Administrator privileges.

  1. Open the Notepad application and type the following text as it appears below:@echo off
    chdir /d C:\windows\Microsoft.net\framework\v2*
    set /p servername=”Please enter the FOIAXpress or ATIPXpress server name:”
    rem add computer to the trusted root directory
    caspol -pp off -m -ag 1. -url “http://”%servername%”/*” FullTrust -n AINSLIB.Controls -d “FOIAXpress Controls”
    caspol -pp off -m -ag 1. -url “https://”%servername%”/*” FullTrust -n AINSLIB.Controls -d “FOIAXpress Controls”
    pause
  2. Save the file as Caspol Setup.txt onto the desktop of the client workstation.
  3. Right-click on the CASPOL Setup file and select Rename then change the TXT extension to BAT. Click OK on any message window that may appear. The file will be renamed to Caspol Setup.bat.
  4. Right-click on the Caspol Setup.bat file and select Edit. The text from step 1 above should be displayed in the file. Congratulations! You have just created the executable file to install CASPOL onto your client workstation.
  5. Open a new Notepad file and type the text as it appears below:@echo off
    chdir /d C:\windows\Microsoft.net\framework\v2*
    caspol -m -lg
    pause
  6. Save the file as Caspol Test.txt onto the desktop of the client workstation.
  7. Right-click on the Caspol Test file and select Rename then change the TXT extension to BAT. Click OK on any message window that may appear. The file will be renamed to Caspol Test.bat.
  8. Right-click on the Caspol Test.bat file and select Edit. The text from step 5 above should be displayed in the file. Congratulations! You have just created the file that verifies CASPOL ran correctly on your client workstation.
  9. Make sure to store the batch files in a folder/directory that is accessible to you at any time.

Execute the CASPOL Batch Files

 

Now that the batch files are created, you are now ready to install CASPOL onto the client workstation. Before you begin, make sure your user account is assigned with Administrator privileges.

  1. Locate the Caspol Setup.bat and Caspol Test.bat files created from the section above.
  2. Copy both files to the desktop of the client workstation, if necessary.
  3. Right-click on the Caspol Setup.bat file and select Run as administrator.
  4. The User Account Control Window will appear. Click Yes to proceed.
  5. Enter the name of the server as instructed in the Command window then press the Enter key. For example, ‘Training01’.
  6. The text in the window will change to indicate whether or not the security policy was successfully applied to the client workstation.
  7. Press any key on the keyboard to exit the Command window.
  8. Right-click on the Caspol Test.bat file and select Run as administrator.
  9. The User Account Control Window will appear. Click Yes to proceed.
  10. The Command window will display two URLs for the application. This indicates a successful installation.
  11. Press any key to exit the Command window.

Problems and Resolutions

I attempted to launch the Document Management, Scan, or the Correspondence module but the screen displayed an icon.

The following chart explains what the characters mean in regard to CASPOL.

 

This symbol Means this…
There is definitely a CASPOL issue.
CASPOL is successfully installed. The control is loading.
The application URL is not added to the browser’s trusted sites.
  The .NET Framework registry key is missing EnabledIEHosting entry. Please refer to the last troubleshooting topic.

The control (Document Management, Correspondence, or Scan) does not load.

Clear the Internet Explorer cache.

  • Open Internet Explorer.
  • Select Tools > Internet Options.
  • Locate the Browsing History section and click Delete.  Make sure to check the Preserve Favorites website data, Temporary Internet files, Cookies, History and Download History options. If the Delete browsing history on exist option is checked, the history will be deleted once you close Internet Explorer.
  • Close Internet Explorer.

Delete the DL3 folder (Make sure Internet Explorer is closed first).

  • Open Windows Explorer.
  • Navigate to C:\Users\<User ID>\AppData\Local\Assembly. (If the AppData folder is not visible, click Organize > Folder and search options > View. Enable the Show hidden files and folders option.)
  • Delete the DL3 and TMP folders, if present. These folders will automatically be created once you access a file in Document Management or Correspondence.

Remove additional folders and files from the client workstation.

  • C:\Users\<User ID>\AppData\Roaming\AINS (remove the entire folder)
  • C:\Users\<User ID>\AppData\Roaming\AINS, Inc. (remove the entire folder)
  • C:\Users\<User ID>\AppData\Roaming\AINSLIB.ScanManager (remove the file)
  • Open Internet Explorer and select  Tools > Internet Options. Click the Settings button in the Browsing History section then click the View Files button. The location should be “C:\Users\<User ID>\AppData\Local\Microsoft\Windows\Temporary Internet Files”. Remove all the files in this location.

I’ve cleared the cache and removed the DL3 and TMP folders but the control still doesn’t load.

Verify the DL3 folder is cleared:

  1. If the DL3 folder is cleared, there is a communication issue with the workstation and server.
  2. If the DL3 folder is not cleared, check the control from the browser.
  • Edit the application URL to read http://<server name>/Controls/FOIAXpress or ATIPXpress/, e.g. http://training01/Controls/FOIAXpress/ or http://training01/Controls/ATIPXpress/. Controls is the location on the server where the DLLs are stored.
  • Type in the name of the DLL (i.e. at the end of the URL address) then press Enter. If a prompt appears the control should be functioning properly.

 

The cache is cleared and the DLL test indicates the control should be functioning properly but the control still doesn’t load.

Check the Fusion file:

  1. Open Internet Explorer and select Tools > Internet Options > Browsing History Settings > View Files > Temporary Internet Files.
  2. Sort the Name column in ascending order.
  3. Locate the file beginning with ?Fusion….
  4. Drag the Fusion file to the desktop to open.
  5. Examine the Fusion file:
    1. If there is a permission related error then there is a CASPOL issue. Re-run the CASPOL executable then try accessing the control again.
    2. If there is a File is missing or Not Found error then this is a version mismatch issue. Check the DLL files on the server to verify if they are the correct files. Right-click and select Properties to see the version of a file to determine which files are missing.

 

The DL3 folder is created and there is no Fusion file and no errors but the control still does not load.

Verify if SSL is enabled:

  1. Open Internet Explorer and select Tools > Internet Options > Advanced tab.
  2. Scroll down to the Security settings.
  3. Make sure the option Do not save encrypted page to disk is unchecked.

 

Microsoft .NET Framework v4.5, v4.5.1, or v4.5.2 is installed in my environment. What do I need to do to get the control to work?

Add an entry to the Registry:

For 64-Bit Systems

  1. Click Start, type regedit and press Enter in the textbox to launch the Registry Editor.
  2. Navigate to HKEY_Local_Machine \SOFTWARE\Wow6432Node\Microsoft\.NETFramework.
  3. Right-click on .NETFramework and select New > DWORD (32 bit) value.
  4. Name the entry EnableIEHosting. (Please note “EnableIEHosting” IS case sensitive.)
  5. Right-click on the Name and select Modify.
  6. Enter 1 as the Value Data.

For 32-bit Systems

  1. Click Start, type regedit and press Enter in the textbox to launch the Registry Editor.
  2. Navigate to HKEY_Local_Machine \SOFTWARE\Microsoft\.NETFramework.
  3. Right-click on .NETFramework and select New > DWORD (32 bit) value.
  4. Name the entry EnableIEHosting. (Please note “EnableIEHosting” IS case sensitive.)
  5. Right-click on the Name and select Modify.
  6. Enter 1 as the Value Data.