After successful upgrade of standalone UCCX from 10.6 to 11.5SU1 our customer got a bunch of browser-related problems with Finesse Agent.
Almost all of the users who was using Internet Explorer got to the Finesse login-page without any input-boxes for the username/password.
They only had the bluish webpage.
After clearing the cookies and web-history in the browser they could log-on to the upgraded system.
Some users had to disable compability mode in their browser, but this is well-documented and something we have informed the users.
But the Finesse Agents that are using Firefox still have some problems. Cookies has been deleted in the browser but many of them are facing login-issues (but only when using Firefox).
After login has been made they are presented with an error box in the middle of the screen.
"Cannot authenticate with the notification service. There may be a configuration mismatch. Please contact your administrator"
The same Finesse-agents can login to Finesse with IE without problems.
When opening the Finesse Agent in Firefox Privacy-tab the user can log on as usual.
For some Agents the problem disappears after the above workaround, but not for all.
We have changed from a CA-signed SHA1-certificate to a CA-signed SHA256-certificate for the UCCX (Standalone) at the same time.
- What is the recommended procedure to clear the browser from previous Finesse-information when doing an UCCX upgrade ?
I have not yet found any official document regarding this. Is it more than Cookies that needs to be deleted ?
It sounds like agents need to delete the old SHA-1 certs from the Certificate Manager. IE and Chrome reference the same Cert Manager (i.e. certmgr.msc) whereas Firefox references a browser based Cert Manager; Options > Advanced > Certificates > View Certificates.
After you delete the old certs, make sure the Cert Manager contains the new certs as well as the CA and Intermediate Certs. Then, close and reopen the browser. Good Luck!
The Cert Manager in Firefox was one of the problems along with old cookies and temporary files.
For some users it was enough to change the config "security.enterprise_roots.enabled" to true to be able to trust the CA-certificates as these CA-certificates was in the correct Windows trust store.
On most of the others we had to manually add the Intermediate and root certificate to the Firefox trust store.
The problem is solved on each agents Firefox-browser by:
- manually add the new CA-certificates
- clear cookies for the UCCX-server