MEAP/SSO

This category describes how to install MEAP applications and use login services.



Overview of SMS

SMS (Service Management Service) is software that enables you to access iR or imagePRESS machines (hereafter called machines) via a network from a web browser, and install and manage MEAP applications. The software (web server software) required to use SMS is included in this software. To be able to use the SMS, all you need is a web browser and a network connection between your computer and the machine.
You can use SMS if the machine is connected to the same network that your computer is using.

Using SMS, you can do the following:

  • Confirming the machine's MEAP application status from a computer on the same network

SMS enables you to access a machine via the network and display the status of installed applications, as well as various other data.
When you start SMS, enter your password in the [Log In] page, and log in, the following top page is displayed.


[Application List] Click to display the [Application List] page.
The status of MEAP applications installed in the machine is displayed on the [Application List] page.
[Install] Click to display the [Install] page.
You can install MEAP applications from the [Install] page.
[System Management] Click to display the [System Management] page.
On the [System Management] page, you can switch login services, and change the order of MEAP application buttons displayed on the touch panel display.
[Log Out] Click to finish SMS operations and log off. When you click this, the [Log In] page is displayed.

Remark
  • Do not use the browser's [Back] button. If you use [Back] to change pages, SMS may not operate correctly.

  • Installing and uninstalling MEAP applications on the machine

You can install and uninstall MEAP applications that correspond to the machine from your computer.


Remark
  • A license file is necessary to install a MEAP application.

  • Updating installed MEAP applications and license files

You can reinstall and update MEAP applications and license files if they have expired.

  • Changing the order of MEAP application buttons on the touch panel display.

You can set the order of the MEAP application buttons displayed at the top of the touch panel display of the machine.

  • You can set to allow a user to log in to SMS with the user name and password used when logging on to the machine.

You can also set to allow a user to log in to SMS with the user name and password of a user registered as an administrator.



Overview of Login Services

A login service is a service for authenticating users of the machine.
User authentication is performed in the following two cases:

  • Performing user authentication by displaying a login screen on the touch panel display
  • Performing user authentication by displaying a login page when accessing the machine via a Web browser

The login services included with the machine by default are Default Authentication (Department ID Management) and SSO-H (Single Sign-On H).
This category explains these two login services.


Remark
  • Default Authentication (Department ID Management) is set to a usable state as the default.


Default Authentication (Department ID Management)

Select this login service if you want to use Department ID Management, or do not want to authenticate users. Default Authentication has two types of users: administrator users and end users. The functions of the machine, the Remote UI, and MEAP applications that can be used differ according to the type of user.
Which users become administrator users or end users depends on whether Department ID Management and System Manager Settings are set, as indicated in the table below.


Administrator User End User
Department ID Management set to 'On' System Manager Settings set System Manager Users authenticated with a Department ID and password.
System Manager Settings not set Users authenticated with a Department ID and password. None
Department ID Management set to 'Off' System Manager Settings set System Manager Users other than the system manager
System Manager Settings not set All users None

Remark
  • For information on whether to use Department ID Management and registering Department IDs/passwords, see "Security" or "Remote UI."


Login Screens

When Default Authentication is set as the login service, three types of login screens exist.



Touch Panel Display

  • If Department ID Management is set to 'On':
  • Enter a Department ID/password or System Manager ID/System Password to log in to the machine.


Remark
  • If Department ID Management is set to 'Off', a login screen is not displayed, and user authentication is not performed.
  • If Department ID Management is set to 'Off' and System Manager Settings are set, a login screen is not displayed, but a screen prompting you to enter the System Manager ID and System Password may be displayed when operating the machine.


Web Browser


  • Enter a Department ID/password or System Manager ID/System Password to log in to the Remote UI or a MEAP application (including login applications).


  • Enter the System Manager ID/System Password, and click [Administrator Login] to log in to the Remote UI or a MEAP application (including login applications).
  • End users should click [Regular User Login] to log in.


Remark
  • End users may not be able to log in to some MEAP applications.
  • It is not necessary to enter a Department ID/password when logging in as an end user.
  • If Department ID Management is set to 'Off' and System Manager Settings are not set, a login screen is not displayed, and user authentication is not performed.


SSO-H (Single Sign-On H)

This is a login service which can be used in an Active Directory environment network or in the machine. You can register/edit user data and specify administrator/end user settings in the following location:

  • Domain authentication is performed in Active Directory.
  • Local device authentication is performed in the memory of the machine from a Web browser.

SSO-H contains the following functions:

  • Enables the functions of the machine and MEAP applications, etc., to be used after being authenticated once.
  • Contains a user authentication system that connects with the domain controller, and has two compatible user authentication systems, which can be used even when there is network trouble and only the machine can be authenticated. These two user authentication systems can be used together or alone.


User Authentication Systems

SSO-H includes the following three user authentication systems:

  • 'Domain Authentication'
  • 'Local Device Authentication'
  • 'Domain Authentication + Local Device Authentication'

Remark
  • The three user authentication systems can be switched using a Web browser.
  • The default setting is 'Domain Authentication + Local Device Authentication'. To ensure the security of your system, change the SSO-H user authentication system to 'Domain Authentication', or change the user name and password for the Local Device Authentication administrator to something other than the default setting, as soon as you start using SSO-H.

  • 'Domain Authentication'

A user authentication system which is linked to the domain controller in an Active Directory environment on a network, and performs authentication for connecting to the network domain while logging in to the machine. Users belonging to up to 200 trusted domains (in addition to users belonging to the domain which includes the machine) can be authenticated. The name of the domain to log in to is selected by the user when logging in.


  • 'Local Device Authentication'

A user authentication system which only uses the machine. This users to be authenticated are registered/managed using a database inside the machine. [This device] is the login destination.


  • 'Domain Authentication + Local Device Authentication'

A user authentication system which includes the functions of both Domain Authentication and Local Device Authentication. This is useful for using Domain Authentication to authenticate users registered/managed in Active Directory, and using Local Device Authentication to authenticate temporary users which cannot be added to Active Directory.

In the example below, users belonging to Domain A (which includes the machine), and users belonging to Domain B (which is bi-directionally trusted by Domain A), can be authenticated, and users registered in the machine itself can be authenticated. The location to log in to (domain name or [This device]) is selected by the user when logging in.


Remark
  • When using Domain Authentication, if the server cannot be accessed because of trouble such as network failure, it may take up to five minutes for the login screen to be displayed on the touch panel display after the machine is started.
  • To use Local Device Authentication and Department ID Management at the same time, the information registered for Local Device Authentication and the user information for Department ID Management (Department ID and passwords) must match.
  • If you want to manage print totals and scan totals for each Department ID when using Local Device Authentication and Department ID Management at the same time, set Department ID Management to 'On'.
  • You cannot use the optional control card reader with 'Domain Authentication' or with 'Domain Authentication + Local Device Authentication'.


Login Screens

When SSO-H is set as the login service, two types of login screens exist.



Touch Panel Display

Select the login destination, and enter a user name and password to log in to the machine.

Select the login destination using the Login Destination drop-down list.


Remark
  • If 'Local Device Authentication' is set as the user authentication system, the Login Destination drop-down list is not displayed.
  • The names of the domains which allow user authentication are displayed in the Login Destination drop-down list.
  • The items in the drop-down list are displayed in alphabetical order by default.
  • Regardless of the items displayed in the Login Destination drop-down list, the domain which the machine belongs to is displayed at the top of the list, and [This device] is displayed at the bottom of the list.
  • If seven or more items are displayed in the Login Destination drop-down list, [Alphabetical], [], and [] are displayed in the Login Destination drop-down list.
  • If you press [Alphabetical], the items displayed in the Login Destination drop-down list are displayed in reverse alphabetical order, and the button changes to [Alphabetical].
  • If you press [Alphabetical], the items displayed in the Login Destination drop-down list are displayed in reverse alphabetical order, and the button changes to [Alphabetical].
  • Press [] to scroll down the list.
  • Press [] to scroll up the list.


Web Browser

Select the login destination, and enter a user name and password to log in to the Remote UI or a MEAP application (including login applications).

Select the login destination using the Login Destination drop-down list.


Remark
  • The names of the domains which allow user authentication are displayed in the Login Destination drop-down list in alphabetical order. However, regardless of the items displayed in the Login Destination drop-down list, the domain which the machine belongs to is displayed at the top of the list, and [This device] is displayed at the bottom of the list.


System Requirements


SMS (Service Management Service)

SMS can be used in the following system environments:


Operating System Software Web Browsers
Windows 2000 Professional Microsoft Internet Explorer 6 SP1
Windows XP Professional Microsoft Internet Explorer 6 SP1,
Microsoft Internet Explorer 6 SP2,
Microsoft Internet Explorer 7
Windows Server 2003
Windows Server 2003 R2
Microsoft Internet Explorer 6 SP1,
Microsoft Internet Explorer 6 SP2,
Microsoft Internet Explorer 7
Windows Vista Microsoft Internet Explorer 7
Mac OS X 10.3 Safari 1.3.2
Mac OS X 10.4 Safari 2.0.4

Remark
  • Your browser requires the following settings:
  • JavaScript should be enabled.
  • Cookies should be enabled for each session.
  • No web server or software other than that described above is required (a web server is included in the supported machine).


SSO-H (Single Sign-On H)


Domain Authentication

A Windows server in which Active Directory is installed and a DNS server for name resolution are necessary to use Domain Authentication.

  • Windows Server to Install Active Directory (Domain Controller)
  • Software
  • Operating system:
    Microsoft Windows 2000 Server SP4
    Microsoft Windows Server 2003 SP1
    Microsoft Windows Server 2003 R2

  • System Requirements for Administrators and End Users
Operating System Software Web Browsers Java Runtime Environment
Windows 2000 Professional Microsoft Internet Explorer 6 SP1
  • Microsoft Internet Explorer 6:
    Sun Java Runtime Environment 1.4 or later
  • Microsoft Internet Explorer 7:
    Sun Java Runtime Environment 1.4 or later
Windows XP Professional Microsoft Internet Explorer 6 SP1,
Microsoft Internet Explorer 6 SP2,
Microsoft Internet Explorer 7
Windows Server 2003
Windows Server 2003 R2
Microsoft Internet Explorer 6 SP1,
Microsoft Internet Explorer 6 SP2,
Microsoft Internet Explorer 7
Windows Vista Microsoft Internet Explorer 7
Mac OS X v10.3 Safari 1.3.2 Sun Java Runtime Environment 5.0
Mac OS X v10.4 Safari 2.0.4

  • System Requirements for Administrators and End Users (When Using IPv6 Communications)
Operating System Software Web Browsers Java Runtime Environment
Windows XP Professional Microsoft Internet Explorer 6 SP2,
Microsoft Internet Explorer 7
  • Microsoft Internet Explorer 6:
    Sun Java Runtime Environment 1.4 or later
  • Microsoft Internet Explorer 7:
    Sun Java Runtime Environment 1.4 or later
Windows Server 2003
Windows Server 2003 R2
Microsoft Internet Explorer 6 SP2,
Microsoft Internet Explorer 7
Windows Vista Microsoft Internet Explorer 7

  • Other System Requirements
  • Access privilege to Windows 2000/2003 Domain Name System (DNS)
  • Access privilege to Domain Controller

Remark
  • The Java Runtime Environment must be installed to use a computer running Windows 2000 (Service Pack 4 or later), Windows XP Professional (Service Pack 1a or later), Windows Server 2003, or Windows Server 2003 R2 as a client computer. For information on obtaining the Java Runtime Environment, see the Sun Microsystems Web site.
  • When accessing the machine from a computer using IPv6 communications, JAVA 2 Runtime Environment Standard Edition 1.5 or later is required.
  • You must use the user logon name (pre-Windows 2000) registered in Active Directory in order to then enter a user name for Domain Authentication.
  • You can use only alphanumeric characters, . (period), - (hyphen), _ (underscore), or % (percent) for a user name for Domain Authentication. You can log in only if you use valid characters.
  • When using Internet Explorer, it is necessary to enable the Active X plugin.
  • If there is a difference between the language set on the machine and the one set on the Active Directory, the sender's Full name is not displayed on the e-mail recipient's machine.
  • If there is more than a 30 minute difference between the time set on the computer with Active Directory, the time set on the machine, and the time set on the computer used for logging in, an error occurs when you log in using Domain Authentication. To be able to log in using Domain Authentication, it is necessary to match the current time on both computers and the machine.
  • When using Domain Authentication, make sure you register an administrator. If you do not register an administrator, some settings and management functions will not be available, depending on the application. The method of registering differs depending on your system environment.
  • When using iW Accounting Manager, the users registered as administrators in iW Accounting Manager will also be recognized as administrators in Domain Authentication. For instructions on registering an administrator, see the manual for iW Accounting Manager.
  • When not using iW Accounting Manager, the users belonging to the group "Canon Peripheral Admins" in Active Directory will be recognized as administrators in Domain Authentication. Follow the instructions in the manual for Active Directory to create a group called "Canon Peripheral Admins," and register the administrators.

  • Server Ports Used

The following server ports are used when using Domain Authentication with SSO-H:

Port Number Application
53 Communication with the DNS server
88 Domain Authentication with the KDC (Key Distribution Center)
389 LDAP communications with the directory service
(Default is 389, but it can be changed to a user-defined port at in the LDAP service properties.)


Local Device Authentication

An Active Directory environment network is not necessary to use Local Device Authentication.


Remark
  • User names and passwords are registered in a database inside the machine.
  • You can only use alphanumeric characters for the user names.
  • You can only use alphanumeric characters and symbols for the passwords.
  • In order to prevent unauthorized use, make sure to change the user name and password of the Local Domain Authentication administrator as soon as you start using SSO-H.

  • System Requirements for Administrators and End Users
Operating System Software Web Browsers Java Runtime Environment
Windows 2000 Professional Microsoft Internet Explorer 6 SP1
  • Microsoft Internet Explorer 6:
    Sun Java Runtime Environment 1.4 or later
  • Microsoft Internet Explorer 7:
    Sun Java Runtime Environment 1.4 or later
Windows XP Professional Microsoft Internet Explorer 6 SP1,
Microsoft Internet Explorer 6 SP2,
Microsoft Internet Explorer 7
Windows Server 2003
Windows Server 2003 R2
Microsoft Internet Explorer 6 SP1,
Microsoft Internet Explorer 6 SP2,
Microsoft Internet Explorer 7
Windows Vista Microsoft Internet Explorer 7
Mac OS X v10.3 Safari 1.3.2 Sun Java Runtime Environment 5.0
Mac OS X v10.4 Safari 2.0.4

  • System Requirements for Administrators and End Users (When Using IPv6 Communications)
Operating System Software Web Browsers Java Runtime Environment
Windows XP Professional Microsoft Internet Explorer 6 SP2,
Microsoft Internet Explorer 7
  • Microsoft Internet Explorer 6:
    Sun Java Runtime Environment 1.4 or later
  • Microsoft Internet Explorer 7:
    Sun Java Runtime Environment 1.4 or later
Windows Server 2003
Windows Server 2003 R2
Microsoft Internet Explorer 6 SP2,
Microsoft Internet Explorer 7
Windows Vista Microsoft Internet Explorer 7

Remark
  • The Java Runtime Environment must be installed to use a computer running Windows 2000 (Service Pack 4 or later), Windows XP Professional (Service Pack 1a or later), Windows Server 2003, or Windows Server 2003 R2 as a client computer. For information on obtaining the Java Runtime Environment, see the Sun Microsystems Web site.
  • When accessing the machine from a computer using IPv6 communications, JAVA 2 Runtime Environment Standard Edition 1.5 or later is required.
  • When using Internet Explorer, it is necessary to enable the Active X plugin.


Before Starting SMS (Preparations)

Before logging in to the SMS, start the machine and follow the procedure below:

  • Network Settings

Specify [Network Settings] in [System Settings] (from the Additional Functions screen). Confirm the IP address of the machine. If you do not know the IP address of the machine, consult the network administrator. (See "Network.")

  • Set Use HTTP to 'On' in MEAP Settings

Select [MEAP Settings] from [System Settings] and set [Use HTTP] to 'On'. If you do not set [Use HTTP] to 'On', you cannot access the machine from your web browser.


Remark
  • You cannot connect to the machine via a proxy server. Specify the following settings if you are working in an environment using a proxy server (as these settings differ depending on the network environment, consult the network administrator).
  • In the proxy server settings of your web browser, add the IP address of the machine to the [Exceptions] (addresses that do not use a proxy) list.
  • You cannot use SMS if your web browser is not set to enable cookies and JavaScript.
  • When entering characters from your web browser, use characters that can be entered from the touch panel display of the machine. Otherwise, the characters may not be displayed or recognized correctly on the touch panel display.


Activating Use HTTP in MEAP Settings

Use the control panel of the machine to set MEAP functions from your web browser.


Remark
  • The default setting is 'On'.

  1. Press → [System Settings].

If the Department ID and Password are set, press [System Settings] → enter the Department ID and password → press (Log In/Out).

  1. Press [] or [] until [MEAP Settings] appears → press [MEAP Settings].

  1. Press [Use HTTP].

  1. Press [On].

  1. Select [On] or [Off] for <Use SSL>.

[On]: Uses SSL (Secure Socket Layer) to communicate.

[Off]: SSL is not used to communicate.

  • Any changes made to <Use SSL> in <Use HTTP> in MEAP Settings are also applied to <Use SSL> in Remote UI in System Settings (from the Additional Functions screen).
  • To set <Use SSL> to 'On', it is necessary to set the key pair and server certificate necessary for performing Encrypted SSL communications in Certificate Settings in TCP/IP Settings (from the Additional Functions screen). For information on generating the key pair for SSL, see "Network."
  1. Press [OK].

The selected mode is set.

  1. Press [Done] repeatedly until the Basic Features screen appears.
  1. Turn the main power of the machine OFF, wait 10 seconds, and then turn the power ON.


Before Logging in to SSO-H Management Application

SSO-H is an authentication system that runs on the machine. It is necessary to specify the following settings in the machine to use SSO-H for authentication.



Network Settings

Set the items in Network Settings in System Settings (from the Additional Functions screen). Also, confirm the machine's IP address. For more information, see "Network."


Remark
  • If the optional Color Network Printer Unit/Network Multi-PDL Printer Unit is attached to the machine, see the documentation included with the Color Network Printer Unit/Network Multi-PDL Printer Unit.


Activating Use HTTP in MEAP Settings

Follow the procedure below to set [Use HTTP] to 'On'. Setting [Use HTTP] to 'On', enables you to access the machine from your Web browser.

Use the control panel of your machine to set up MEAP functions.


Remark
  • You cannot connect to the machine via a proxy server. Specify the following settings if you are working in an environment using a proxy server (as these settings differ, depending on the network environment, contact your network administrator).
  • In the proxy server settings of your Web browser, enter the IP address of your machine in the [Exceptions] (addresses that do not use a proxy) list.
  • You cannot use SSO-H if your Web browser is not set to enable cookies, JavaScript, and JavaApplet.
  • Only enter characters in your Web browser that can also be entered from the touch panel display of the machine. Otherwise, the characters you enter from your Web browser may not be displayed or recognized correctly on the touch panel display.
  • The default setting is 'On'.

  1. Press → [System Settings].

If the Department ID and Password are set, press [System Settings] → enter the Department ID and password → press (Log In/Out).

  1. Press [] or [] until [MEAP Settings] appears → press [MEAP Settings].

  1. Press [Use HTTP].

If <Use SSL> is not displayed on your machine, proceed to step 7.

  1. Press [On].

  • For machines that do not display <Use SSL>, Domain Authentication cannot be performed from Web browsers.
  1. Select [On] or [Off] for <Use SSL>.

[On]: Uses SSL (Secure Socket Layer) to communicate.

[Off]: SSL is not used to communicate.

  • <Use SSL> must be set to 'On' to be able to use 'Domain Authentication' from a Web browser.
  • Any changes made to <Use SSL> in <Use HTTP> in MEAP Settings are also applied to <Use SSL> in Remote UI in System Settings (from the Additional Functions screen).
  • To set <Use SSL> to 'On', it is necessary to set the key pair and server certificate necessary for performing Encrypted SSL communications in Certificate Settings in TCP/IP Settings (from the Additional Functions screen). For information on generating the key pair for SSL, see "Network."
  1. Press [OK].

The selected mode is set.

  1. Press [Done] repeatedly until the Basic Features screen appears.
  1. Turn the main power of the machine OFF, wait 10 seconds, and then turn the power ON.


Date and Time Settings

When using SSO-H, it is necessary to synchronize the date and time settings of the authentication server and machine. Set the date and time of the machine in Date & Time Settings to the same date and time set on the authentication server. For more information, see "Security."

You can also specify daylight saving settings to automatically advance the standard time of the machine forward by one hour for a certain period each year.


Remark
  • If the date and time settings of the authentication server and machine are not synchronized, a login error will occur when using Domain Authentication.
  • You can set a time difference of up to 5 minutes (default setting) between the time set on the machine and the time set on the server.
  • The allowed difference in times can be changed using the settings of Active Directory. However, if more than 5 minutes is specified, the allowed difference will not be changed.


DNS Settings

Set the machine to use a DNS server in Network Settings in System Settings (from the Additional Functions screen). For more information, see "Network."

The DNS server that manages the domain name registered in the machine requires the following:

  • The domain name of the Active Directory server used for authentication (the IP address of the domain controller) must be able to be retrieved.
  • The DNS server must support SRV records.

The following setting may also be required, depending on the functions you use.

  • If the port number used for LDAP on the Active Directory side is changed:
  • Information for the LDAP service of Active Directory must be registered as an SRV record as follows:
  • Service:

'_ldap'

  • Protocol:

'_tcp'

  • Port number:

The port number used by the LDAP service of Active Directory

  • Host offering this service:

Host name of the domain controller that is actually providing the LDAP service of the Active Directory domain (zone)



Department ID Management Settings

Department ID Management must be set to 'Off' before using SSO-H. For more information, see "Security."


Remark
  • If Department ID Management is set to 'On', a warning message will be displayed on the login screen.


Language Settings

Check the language settings of Active Directory and the machine. If the display language of Active Directory and the machine differ, the sender's full name will not be displayed in the destination for e-mail.



Logging in to the SSO-H Management Application

It is necessary for the SSO-H administrator to log in to the SSO-H Management Application in order to manage users for the Local Device Authentication System of SSO-H, and specify the various SSO-H settings. Also, it is necessary for end users to log in to the SSO-H Management Application in order to change their own password.


Remark
  • It is necessary to set SSO-H as the login service.
  • Only users registered as administrators in SSO-H can log in.
  • Do not use the browser's [Back]. If you use [Back] to change pages, SSO-H may not operate correctly.
  • If PortalService is installed, you can access as an administrator from the MEAP Portal page.
  • The default user authentication system is 'Domain Authentication + Local Device Authentication'. For information on setting the user authentication system, see "Setting the User Authentication System."
  • The default user name for the administrator of the Local Device Authentication System of SSO-H is 'Administrator', and the default password is 'password' (case sensitive).


Logging In

  1. Open your web browser.
  1. Enter the following URL in the address bar.

http://<IP address or host name of the machine>:8000/sso/

The [Log In] page is displayed.

  • If [Use HTTP] in [TCP/IP Settings] in Network Settings in System Settings (from the Additional Functions screen) is set to 'Off', enter <http://<IP address or host name of the machine>/sso/>.
  1. Enter/select each item, and click [Log In].

You are logged in to the SSO-H Management Application.


  • Select [This Device] in [Login Destination], and enter the user name and password of the Local Authentication administrator in [User Name] and [Password].

  • Select the domain name in [Login Destination], and enter the user name and password of the domain authentication administrator in [User Name] and [Password] on the authentication server of the selected domain.
  1. When you have finished using the SSO-H Management Application, click [Log Out].



Logging in from the MEAP Portal

Remark
  • MEAP Portal is a Web page which displays a list of Servlet type MEAP applications installed in the machine. It enables you to jump to the Web page for each MEAP application simply by clicking the application name displayed in the list, without the need for entering the URL of the application.
  • In order to use MEAP Portal, it is necessary to install Portal Service (included on the MEAP Administration Software CD-ROM).

  1. Open your Web browser.
  1. Enter the following URL in the address bar.

http://<IP address or host name of the machine>/

The [Log In] page is displayed.

  • If you entered <http://<IP address or host name of the machine>:8000/>, you can display the [MEAP Portal] page without performing step 4 (without displaying the Remote UI screen).
  • If [Use HTTP] in [TCP/IP Settings] in Network Settings in System Settings (from the Additional Functions screen) is set to 'Off', you can display the [MEAP Portal] page without performing step 4 (without displaying the Remote UI screen) if you restart the machine (the main power of the machine is turned OFF, and then ON again).
  1. Enter/select each item, and click [Log In].

You are logged in to the Remote UI.


  • Select [This Device] in [Login Destination], and enter the user name and password of the Local Authentication administrator in [User Name] and [Password].

  • Select the domain name in [Login Destination], and enter the user name and password of the domain authentication administrator in [User Name] and [Password] on the authentication server of the selected domain.
  1. On the top page of the Remote UI, click the link to the MEAP Portal URL.

The [MEAP Portal] portal page is displayed.

  • The link to the MEAP Portal URL differs according to whether SSL is being used.
    If SSL is used: https://<IP address of the machine>:8443
    If SSL is not used: http://<IP address of the machine>:8000
  1. Click [Sys. Admin. Applications].

[Sys. Admin. Applications] page is displayed.

  1. Click [Single Sign-On H].

The SSO-H Management Application is displayed.

  1. When you have finished, click [Log Out].



Starting and Closing SMS

The following two methods exist for logging in to SMS:

  • Logging in with the SMS password (Password Authentication). On the [Log In] page for SMS, enter the SMS password to log in.
  • Logging in with the user name and password of the machine (Remote Login Service Authentication).
    Log in with the user name and password of the machine (except for Default Authentication).
    Only users registered as administrators can log in.

Use the [Utility] page in [System Management] to start and stop the login methods for SMS. (See "Setting the Login Method for SMS.")


Remark
  • Only Password Authentication is set as the default.
  • The URL to specify differs according to the login service.
  • If Default Authentication is set as the login service, you cannot log in to SMS with the user name and password of the machine.
  • Multiple users cannot log in to SMS at the same time.


Logging in with the SMS Password

Remark
  • The default password is "MeapSmsLogin" (case sensitive).
  • This password is to prevent unauthorized operation of the machine. Do not inform anyone other than the system manager of this password.
  • In order to prevent erroneous usage, change the password to one that only the network administrator knows (when you begin using it). If you want to change the password, see "Changing the Password."
  • Make sure that you do not forget your password. Otherwise, you will not be able to access SMS. In this case, contact your local authorized Canon dealer.
  1. Open your web browser.
  1. Enter the following URL in the address bar.

http://<IP address or host name of the machine>:8000/sms/

The SMS [Log In] page is displayed.

  • The device serial number is displayed in the bottom right of the screen. This serial number is necessary when retrieving a license file from the license management system.
  • A drop-down list for switching the displayed language is displayed on the top right of the screen. Select the displayed language as necessary. (English and Japanese only)
  1. Enter the password → click [Log In].

If you cannot log in because the password is incorrect, a message prompting you to re-enter the password will be displayed.

  • If you do not access SMS after five minutes, it will timeout and automatically logout. If this happens, log in again from the [Log In] page.
  • If you do not log in within five minutes of displaying the [Log In] page, you will become unable to log in even if you enter the correct password. Re-enter the password according to the message displayed on the screen.


Logging in with the User Name and Password of the Machine

  1. Open your Web browser.
  1. Enter the following URL in the address bar.

http://<IP address or host name of the machine>:8000/sms/rls/

The [Log In] page for the selected login service is displayed.

  1. Enter the user name and password of a user registered as an SSO-H administrator → select the login destination → click [Log In].

If you cannot log in because the user name or password that you entered is incorrect, a message appears prompting you to re-enter your user name and password.

  • If SMS times out, it automatically logs out. (The time it takes before logging out depends on the login service.) If this happens, log in again from the [Log In] page.
  • If SMS times out on the [Log In] page, you cannot log in even if you enter the correct password. Follow the instructions on the screen to re-enter the password.


Logging Out

  1. Click [Log Out].

The [Log In] page is displayed.

  • When you finish using SMS, make sure you log out. If you close the web browser without logging out, SMS becomes temporarily unusable.


Installing Applications

You can install MEAP applications. There are two types of installation: installing a new MEAP application, and updating an existing MEAP application to a newer version.


Remark
  • You will need a valid license file in order to install a MEAP application.
  • If your application comes with a License Access Number, you must access the License Management System at the following URL to acquire your license file:
    http://www.canon.com/lms/license/
    Follow the online directions to create and download your license file. You will need to have your License Access Number and your MEAP device serial number(s) available in order to complete the license generation process.
  • If your application does not come with a License Access Number, your license file will be provided by your MEAP Application provider.
  • If you are updating an existing MEAP application to a newer version, stop the application before installing the new version. You cannot update the application unless you stop it first. (See "Stopping Applications.")
  • The maximum number of applications that can be installed is 19.
  • The maximum amount of hard disk space allocated to install MEAP applications is 1GB.
  • You can confirm the hard drive space allocated to MEAP applications in [Hard Disk], under [Resource Information] displayed in the [Application List] page.
  • There may be other system requirements for installation, depending on the applications.
    For instructions on settings, see the manual provided with the application.
  • If the machine enters the Shutdown mode while installing a MEAP application, an error message may be displayed on the [Install] page for SMS, and the installation canceled.
    In this case, try installing the MEAP application again after the machine is restarted (the main power switch is turned OFF, and then back ON again). For instructions on how to turn ON/OFF the machine, see "Before You Start Using This Machine."

  1. Click [Install].

The [Install Application/License] page is displayed.

  1. Select the application file and license file you want to install.
  • Click [Browse] for [Application File] → select the application file.
  • Click [Browse] for [License File] → select the license file.
  • Click [OK].

File extensions:

Application File: A file with the 'jar' extension.
License File: A file with the 'lic' extension.

The message <Installing... Please wait a moment.> is displayed.

  • You cannot install license files only.
  • When installing an application, make sure you specify the license file. You cannot install the application without specifying the license file.
  • To add a license file for an application that is already installed, see "Adding License Files."
  • You can also specify the file path by entering it directly.
  1. Confirm the information displayed on the install confirmation page → click [OK].

Depending on the application, a software license agreement screen may be displayed. Confirm the information displayed on the screen → click [OK].


The following information is displayed when you update a MEAP application.

Application Information

<New Application>: Displays information about the new version of the MEAP application.
<Current Application>: Displays information about the existing MEAP application.

License Information

<Add>: Displays the additional validity period and counter information for the upgrade.
<Current>: Displays the validity period and counter information from when the application was installed.
<Total>: Displays the total of the validity periods and counter information in <Current> and <Add>.

Installation will start after the message <Installing... Please wait a moment.> is displayed again.
After installation is complete, the [Application List] page is displayed.



Starting/Stopping Applications

These procedures enable you to place installed applications in a started or stopped state.



Starting Applications

  1. Click [Application List].

The details of each item are shown below.

Name: Displays the name of the application.
Installed on: Displays the date on which the application was installed.
Application ID: Displays ID which is unique to each application, distinguishing one from another.
Status: Displays the status of the application.
Installed: Application has been installed, but not started. Or, the application has not been restarted after stopping the application and then restarting the machine.
Started: Application is running.
Stopped: Application is starting up.
Stopping: Application is closing down.
License: Displays the license status of the application.
installed: An effective license file has been installed.
Not Installed: License file is disabled.
Excess: Expiration date and the types of counters set for the installed license file, and any counter value(s) exceeding the upper limit of the license file.
Invalid: Installed license file has exceeded its expiration date. Alternatively, current counter value has exceeded the upper limit of the license file. (When a license file is set to many types of counters, it will expire when any counter exceeds the upper limit.)
Resource Information: Displays the resources being used by the applications.
Hard Disk: Amount of hard disk space being used. Shown in kilobytes.
Memory: Amount of memory being used. Shown in kilobytes.
Threads: Number of threads.
Sockets: Number of sockets.
File Descriptor: Number of file descriptors.
  • Hard disk information is updated when an application is installed or uninstalled. All other items are updated when an application is started or stopped.
  1. Select the radio button for the application you want to start → click [Start].

The application is started.

  • You cannot start applications whose required license file has not been installed.
  • When the resources required for memory, threads, sockets, or file descriptors has run out, the application will not start, even if you press [Start].


Stopping Applications

Remark
  • To update an application, you must close the application you want to update.

  1. Click [Application List].

The [Application List] page is displayed.

  1. Select the radio button for the application you want to stop → click [Stop].

The application is stopped.



Uninstalling Applications

You can uninstall MEAP applications.


Remark

  1. Click [Application List].

The [Application List] page is displayed.

  1. Select the radio button for the application you want to uninstall → click [Uninstall].

When you cannot uninstall the selected application, [Uninstall] is grayed out and cannot be clicked.

  1. Confirm the application you want to uninstall is selected → click [OK].

The application is uninstalled.

  • You can uninstall the application only if the status of its license is [Not Installed]. To uninstall applications with a different status, disable the license file from the [License File Management] page and delete the license file. (See "Downloading/Deleting Disabled License Files.")
  • To disable the license file, its application must be in a stopped state.
  • If the application you want to uninstall is linked with another application, a confirmation message will be displayed. If such applications are uninstalled, you may not be able to use the linked applications.


Confirming/Setting Application Preferences

You can confirm the details of installed applications.


  1. Click [Application List].

The [Application List] page is displayed.

  1. Click the name of the application in the [Application List] whose details you want to confirm.

The [Application Information] page is displayed.

  • Depending on the application you are using, [Set Authentication] is displayed. This type of application performs jobs, including print jobs, regardless the control from the touch panel display.
  • The detailed information that is displayed may differ depending on the application.


Application License Settings

You can add, disable, or delete license files for installed applications.



Adding License Files

You can install license files for applications that are already installed. You can also increase counter values and extend terms of validity by adding a license file.


  1. Click [Application List].

The [Application List] page is displayed.

  1. Click the name for the application in the [Application List].

The [Application Information] page is displayed.

  1. In the [Application Information] page, click [License Management].

The [License Management] tab page is displayed.

  1. Click [Browse] → select the license file you want to add → click [Install].

The message <Installing... Please wait a moment.> is displayed.

  1. Confirm the information displayed on the install confirmation page → click [OK].

The following information is displayed when adding a license file.

<Current>: Displays the validity period and counter information from when the application was installed.
<Add>: Displays the additional validity period and counter information for the upgrade.
<Total>: Displays the total of the validity periods and counter information in <Current> and <Add>.

Depending on the application, a software license agreement screen may be displayed. Confirm the information displayed on the screen → click [OK].

Installation will start after the message <Installing... Please wait a moment.> is displayed again.

  • If the license of an application is expired or disabled, it is necessary to restart (stop and start) the application after the new license file is added.


Disabling License Files

You can disable installed license files. You must disable a license file before deleting or downloading it.


Remark
  • Disabling a license file must be performed after closing the application you want to disable. You cannot disable a license file if the application is still running.
  • When a disabled license file is generated, the status of that license file becomes [Uninstalled] and the application becomes unusable.
  • The disabled license file can be reinstalled to the same machine.

  1. Click [Application List].

The [Application List] page is displayed.

  1. Click the name of the application in the [Application List].

The [Application Information] page is displayed.

  1. In the [Application Information] page, click [License Management].

The [License Management] tab page is displayed.

  1. Click [Disable].

A page confirming whether you want to disable the license file is displayed.

  1. Click [OK].


Downloading/Deleting Disabled License Files

Before uninstalling an application, you must delete the disabled license file(s). It is recommended to download the license file you want to delete to your computer and save it for reinstalling later.


Remark
  • Once you have deleted the disabled license file, you cannot download it from the machine.
  • The disabled license file can be reinstalled to the same machine.
  • You can only download or delete disabled license files.

  1. Click [Application List].

The [Application List] page is displayed.

  1. Click the name of the application in the [Application List].

The [Application Information] page is displayed.

  1. In the [Application Information] page, click [License Management].

The [License Management] tab page is displayed.

  1. To download or delete the selected license file, follow the procedure below.

  • Select [Download].

  • Specify the location where you want to save the license file.
  • Click [OK].

The license file is stored.


  • Select [Delete].

The dialog box confirming whether you want to delete the file is displayed.

  • Click [OK].

The license file is deleted and the display returns to the [License File Management] page.



Setting Application Authentication Information

You can set the authentication information for MEAP applications that do not require operations from the control panel.
If the Default Authentication (Department ID Management) login service is set, enter a Department ID and password. If the SSO-H login service is set, enter a user name and password.


Remark
  • If you change the login application, confirm the authentication information. It may be necessary to re-enter the authentication information.

  1. Click [Application List].

The [Application List] page is displayed.

  1. Click the name of the application in the [Application List].

The [Application Information] screen is displayed.

  1. In the [Application Information] page, click [Authentication Information Settings].

The [Authentication Information Settings] tab page is displayed.

  1. Enter the authentication information → click [Set].

The message <Authentication information is set> is displayed if the authentication information is set successfully. If an error occurs when setting the authentication information, an error message is displayed.


  • Enter the Department ID and Password.
  • Click [Set].


  • Enter a User Name and Password, and select the Login Destination.
  • Click [Set].



Touch Panel Display Order Settings

You can set the order in which application buttons are displayed on the machine's touch panel display.


Remark
  • You can display up to nine application buttons on the touch panel display.
  • There are some MEAP applications whose buttons cannot be displayed on the touch panel display of the machine. The buttons for applications that can be displayed on the touch panel display are known as applets.

  1. Click [System Management] → [Panel].

  1. Select the applets (from the drop-down list) in the order you want to display them on the machine's touch panel display.

To return the display to its original settings, click [Reset].

  • Select all the applet fields to leave no field blank.
  • The application buttons are displayed on the touch panel of the machine from left to right as Button 1, Button 2, and so on.
  • The applet names and application IDs of the applications are displayed in the drop-down list.
  • Only the buttons of operating applets are displayed on the touch panel display of the machine. However, all of the installed applet names are displayed on the drop-down list.
  1. Click [Set].

An asterisk (*) is displayed next to the applet names of applications that have been set.



Uninstalling System Applications

System applications are the basic applications that make up a MEAP system.


Remark
  • It is not necessary to delete a license file before uninstalling a system application.

  1. Click [System Management] → [Enhanced Sys. App].

The page where you can specify various settings, such as system applications and login services, is displayed.

  1. Select the radio button for the application you want to uninstall → click [Uninstall].

A page confirming whether you want to continue uninstalling is displayed.

  1. Click [OK].

The application is uninstalled, and the [Enhanced Sys. App] page is displayed.



Starting/Stopping System Applications

System applications can be started, stopped, and uninstalled from the [System Management] page.



Starting System Applications

  1. Click [System Management] → [Enhanced Sys. App].

The page where you can specify various settings, such as system applications and login services, is displayed.

  1. Select the radio button for the application you want to start → click [Start].

If the application has started correctly, the status of the specified system application is 'Started'.



Stopping System Applications

  1. Click [System Management] → [Enhanced Sys. App].

The page where you can specify various settings, such as system applications and login services, is displayed.

  1. Select the radio button for the application you want to stop → click [Stop].

If the application has stopped correctly, the status of the specified system application is 'Stopped'.



Login Service Settings

A login service is a service for authenticating users that log in to a machine. You can change or uninstall login services from the [System Management] page.

There are two kinds of factory default login services that you can use:

  • Default Authentication (Department ID Management)
  • SSO-H (Single Sign-On H)

SSO-H includes the following three user authentication systems:

  • 'Domain Authentication'
  • 'Local Device Authentication'
  • 'Domain Authentication + Local Device Authentication'

For details of Login Service, see "Overview of Login Services."



Login Service Selection

You can select the login service for user authentication.


Remark
  • If you have logged in with the user name and password of the machine, the login service will not be displayed on the top of screen. To change the login service, log in with the SMS password.
  • To switch to SSO-H, Department ID Management must be set to 'Off'.
  • To set Local Device Authentication, the registered information in Local Device Authentication and the registered user data (Department ID and Password) in Department ID Management of the machine have to match.
  • To use Local Device Authentication and Department ID Management at the same time, update the Local Device Authentication user data (Department ID and corresponding password) and set Department Management ID to 'On', after switching the login service to SSO-H.
  • If SSO-H is set, you cannot use the optional control card reader. If you want to stop using the optional control card reader and switch to SSO-H, contact your local authorized Canon dealer.
  • If there is more than a 30 minute difference between the time set on the computer with Active Directory, the time set on the machine, and the time set on the computer used for logging in, an error occurs when you log in. To be able to log in, it is necessary to match the current time on both computers and the machine.
  • If SSO-H is set as the login service, it takes time until the machine is ready to scan.
  • If SSO-H is set as the login service, it takes time to access the Remote UI.

  1. Click [System Management] → [Enhanced Sys. App].

The page where you can specify various settings, such as system applications and login services, is displayed.

  1. Select the radio button for the login service you want to use → click [Select].

The selected login service application is set to 'Start after Restart'.

  1. Turn the main power of the machine OFF, wait 10 seconds, and then turn the power ON.

The specified login service starts.

Changes to the login service settings are enabled after the machine is restarted.

For instructions on how to turn ON/OFF the machine, see "Before You Start Using This Machine."



Uninstalling a Login Service

Login services are not necessary to uninstall. However, you can uninstall a login service to increase hard disk space for other applications.


Remark
  • Login services, unlike other applications, do not require you to delete the license file before uninstalling.
  • You cannot uninstall Default Authentication (Department ID Management), the login service that is currently being used (the login service whose state is displayed as 'Started' or 'Stop after Restart'), or the login service you will use from the next time you start the machine (the login service whose state is displayed as 'Start after Restart').
  • Even if you uninstalled SSO-H by mistake, you can reinstall it using the file in the MEAP Administration Software CD-ROM.

  1. Click [System Management] → [Enhanced Sys. App].

The page where you can specify various settings, such as system applications and login services, is displayed.

  1. Select the radio button for the login service you want to uninstall → click [Uninstall].

A page confirming whether you want to continue uninstalling the login service is displayed.

  1. Click [OK].

The login service is uninstalled.



Installing System Applications

  1. Click [System Management] → [Enhanced Sys. App].

The page where you can specify various settings, such as system applications and login services, is displayed.

  1. Select the enhanced system application file and license file.
  • Click [Browse] for [Enhanced System Application] → select the enhanced system application file.

  • Click [Browse] for [License File to Install] → select the license file.
  1. Click [Install].

The message <Installing... Please wait a moment.> is displayed.

  • When installing a system application, you must specify both the application file and license file.
  • You can also specify the file paths of the application and license file by entering them directly.
  1. Confirm the information displayed on the install confirmation page → click [OK].

Depending on the application, a software license agreement screen may be displayed. Confirm the information displayed on the screen → click [OK].

Installation will start after the message <Installing... Please wait a moment.> is displayed again.



Confirming System Information

You can confirm version data relating to platforms (such as Java Virtual Machine), version data, date of installation, and the current status of system applications.


  1. Click [System Management] → [System Info].

  • If you want to see the detailed information, click [Details].
  • You can confirm MEAP Specifications on this screen.


Confirming Application Data

You can check data relating to an application.


  1. Click [System Management] → [Application Info].

Click [Installed] to check data relating to installed applications (except system applications).

Click [Uninstalled] to check data relating to applications (except system applications) that have been uninstalled.



Confirming License Files

You can check the content of license files before installation.


Remark
  • You cannot display the content of installed license files.

  1. Click [System Management] → [Utility].
  1. Click [Check License].

  1. Click [Browse] → select the license file whose content you want to check.
  • You can specify the file path by entering it directly.
  1. Click [Check].

The content of the license file is displayed.



Changing the Password

You can change the SMS password.


  1. Click [System Management] → [Utility].
  1. Click [Change Password].

  1. Enter the old password and the new password → click [Set].

  • Make sure that you do not forget your password. Otherwise, you will not be able to access SMS. In this case, contact your local authorized Canon dealer.
  • You must enter between 8 and 32 characters for the password.


Setting the Login Method for SMS

You can set to allow a user to log in to SMS with the user name and password used when logging on to the machine, or set to restrict a user from logging in to SMS with the SMS password.


Remark
  • The items you can set differ according to how you logged in.
  • If you have logged in with the user name and password of the machine:
    You can start/stop the service for allowing login with the SMS password (Password Authentication).
  • If you have logged in with the SMS password:
    You can start/stop the service for allowing login with the user name and password of the machine.

  1. Click [System Management] → [Utility].
  1. Click [Application Management Function].
  1. Select the radio button of the application for the service you want to start or stop → click [Start] or [Stop].


Name Displays the name of the application.
Installed on Displays the date on which the application was installed.
Application ID Displays the unique application ID.
Status Displays the status of the application.

The login method for SMS is set.

  • You can set both [Password Authentication] and [Remote Login Service Authentication] to 'Started', but you cannot set them both to 'Stopped'. (One of them must be set to 'Started'.)


Specifying the Various Settings of SSO-H

Specify the necessary settings to use SSO-H.



Setting the User Authentication System

You can select which of the three SSO-H user authentication systems to use.


Remark
  • The default setting is 'Domain Authentication + Local Device Authentication'. To ensure the security of your system, change the SSO-H user authentication system to 'Domain Authentication', or change the user name and password for the Local Device Authentication administrator to something other than the default setting, as soon as you start using SSO-H.

  1. Log in to MEAP Service → click [Settings].

The [Settings] page is displayed.

  • To change the pages between the [User Management] and [Settings] pages, click [Single Sign-On H].
  1. Select the desired user authentication system from the [User Authentication System] drop-down list → click [OK].

[User Authentication System]:
• Domain Authentication Uses only Domain Authentication.
• Domain Authentication + Local Device Authentication Uses both Domain Authentication and Local Device Authentication.
• Local Device Authentication Uses only Local Device Authentication.
  • Changes to the login service settings are enabled after the machine is restarted.
    After changing the settings, turn the main power of the machine OFF, wait 10 seconds, and then turn the power ON. For instructions on how to turn ON/OFF the machine, see "Before You Start Using This Machine."
  • Do not select 'Domain Authentication' if you do not have an Active Directory environment network configured which can perform Domain Authentication. You will become unable to log in. If you become unable to log in, set a login service other than SSO-H, and reinstall the SSO-H login service from the MEAP Administration Software CD-ROM.


Setting the User Group to Register the Domain Administrator

"Canon Peripheral Admins" is set in advance as the user group of the device administrator. This needs to be specified when changing the user name of the administrator.


Remark
  • Do not set "Canon Peripheral Admins" as a primary group.

  1. Log in to MEAP Service → click [Settings].

The [Settings] page is displayed.

  • To change the pages between the [User Management] and [Settings] pages, click [Single Sign-On H].
  1. Enter the group name in [User Group Name].

  1. Click [OK].


Specify the Number of Users Displayed on the Touch Panel Display

For SSO-H, you can specify the number of user's logs displayed on the touch panel display when logging in.


Remark
  • The Number of Login Users to Display setting can be set not only by the Local Device Authentication administrator, but also by the Domain Authentication administrator.
  • The default settings are as follows:
    Number of Login Users to Display: Prioritize Server Settings

  1. Log in to MEAP Service → click [Settings].

The [Settings] page is displayed.

  • To change the pages between the [User Management] and [Settings] pages, click [Single Sign-On H].
  1. Select the number of user names you want to display from [Number of Login Users to Display] → click [OK].

[Number of Login Users to Display]:

• 0 [] is not displayed when you log in from the touch panel display of the machine. If this is set, the login screen is displayed as follows.
• 1 Only the information of the last user who logged in from the touch panel display of the machine is displayed on the drop-down list. If this is set, the login screen is displayed as follows.
• MAX (Maximum Number of a Device) The information of the last seven users who logged in from the touch panel display of the machine is displayed on the drop-down list. If this is set, the login screen is displayed as follows.
  • The Number of Login Users to Display setting is enabled only after logging out of the machine, logging back in, and then logging out again.


Setting the Access Mode in Sites

If multiple sites are operating in the domain, you can set to retrieve Active Directory site information to prioritize access to the domain controller in the site the machine belongs to. If you set the Access Mode in Sites mode, you can also select one of the following settings:

  • Only access the domain controller in the site the machine belongs to.
  • Enable access to domain controllers outside the site the machine belongs to, but prioritize access to the domain controller in the site the machine belongs to.

Remark
  • Even for machines with IPv6 settings enabled, IPv4 communications are used when using the Access Mode in Sites mode.
  • For domain controllers that have an IPv6 address, if an IPv4 address is also registered, access is performed using the IPv4 address for dual stack configuration.
  • The access mode in sites is not set by default.

  1. Log in to MEAP Service → click [Settings].

The [Settings] page is displayed.

  • To change the pages between the [User Management] and [Settings] pages, click [Single Sign-On H].
  1. Select [Set access mode in sites] → click [OK].

If you select [Set access mode in sites]: Retrieves Active Directory site information to access the domain controller in the site the machine belongs to. If multiple domain controllers are in the same site as the machine, they are accessed in the same order as the list of domain controllers retrieved from the DNS server.
If you do not select [Set access mode in sites]: Does not retrieve Active Directory site information. domain controllers are accessed in the same order as the list of domain controllers retrieved from the DNS server.
  • If you select [Set access mode in sites]:
  • Set how to retrieve site information.
[Only at First Time]: Uses the list of domain controllers retrieved when the machine was logged in to for the first time.
[Every Time When Device Starts Up]: Updates the list of domain controllers every time the machine is started.
  • Set the site access range.
[Only Site of Device]: Accesses only domain controllers in the same site as the machine. An error occurs if there are no domain controllers in the same site as the machine.
[Access Other Sites in Addition to Site of Device]: Also accesses domain controllers outside the same site as the machine if there are no domain controllers in the same site as the machine. An error occurs if there are also no domain controllers outside the same site as the machine.
  • Even when [Set access mode in sites] is selected, site information is not retrieved when logging in from a Web browser.
  • Even when [Only Site of Device] is set, the machine may access sites outside the site it belongs to when performing domain controller access during the startup process. However, access to domain controllers in the same site as the machine is prioritized.


Registering/Editing User Data for Local Device Authentication

You can register and edit user data for authentication from a web browser for the Local Device Authentication. You can also import and export user data in bulk.


Remark
  • Only the Local Device Authentication administrator can register/edit user data on the [User Management] page. End users can only change their own password.
  • Click [User Name], [Displayed As], or [E-mail Address] on the [User Management] page to change the sort order of registered user data.
  • [MEAP Portal] is only displayed if PortalService is installed.


Registering User Data

You can register a new user.


Remark
  • You can register up to 1,000 users.
  • An asterisk (*) is displayed on left side of the check box for the registered Administrator on the [User Management] page.
  • It is recommended that you export the registered user data and make a backup copy.

  1. Log in to MEAP Service → click [User Management].

The [User Management] page is displayed.

  1. Click [Register].

  1. Enter the necessary data → click [OK].

The content and setting conditions that should be entered are as follows:

Item Setting Content Setting Conditions Default
Values
User Name Set user name when logging in. Must be from 1 to 32 characters. You cannot include spaces or the following symbols (\/: * ? | < > [ ] ; , = + @ ").
Case-sensitive.
You cannot register a name that has already been registered.
Administrator
Password Set password when logging in. You can leave this blank or enter up to 32 characters.
Case-sensitive.
password
Confirm Enter the password you entered in [Password]. You can leave this blank or enter up to 32 characters.
Case-sensitive.
password
Department ID Set Department ID to be used when scanning or printing with the machine. Must be from 1 to 7 digits
(this can be omitted if Department ID Management is set to 'Off').
If the number you enter does not contain enough digits, zeros are added to the front of the number.
0000000
Password Set password corresponding to Department ID. You can leave this blank or enter up to 7 digits.
(this can be omitted if Department ID Management is set to 'Off').
If the number you enter does not contain enough digits, zeros are added to the front of the number.
0000000
Confirm Enter the password you entered in [Password]. You can leave this blank or enter up to 7 digits.
(this can be omitted if Department ID Management is set to 'Off').
If the number you enter does not contain enough digits, zeros are added to the front of the number.
0000000
User Type Select Administrator or End User. You cannot set all users to End User (General User). Administrator
Displayed As Set the user display name (for example, user's full name, user's department name, etc.) You can leave this blank or enter up to 32 characters. Administrator
E-mail Address Set the user's e-mail address. You can leave this blank or enter up to 256 ASCII characters.
The format of e-mail addresses is not checked.
Blank
Card ID*1 If the control card reader is attached, enter the card ID. You can leave this blank or enter up to 8 characters.
You cannot enter only zeros, such as <0000>.
Blank
*1 Indicates items that appear only when the control card reader is attached.

The new user information is registered.

  • If you select [Administrator] for [User Type], the user name and password can be used when you log in using Local Device Authentication.
  • If Department ID Management is set to 'On', the registered information for Local Device Authentication and the registered user data and password in the machine's Department ID Management have to match. If the Department ID and password have been changed due to the delivery of device information, make sure to change the Local Device Authentication settings accordingly.
  • To set Department ID Management to 'On', it is necessary to register the Department ID and password as the user information of the administrator for Local Device Authentication beforehand.
  • It is necessary to enter an e-mail address. If you leave the e-mail address blank when Local Device Authentication is used, you cannot send e-mail.
  • If Local Device Authentication is set:
  • The login user name and e-mail address are displayed on the sender field ("from") on the e-mail recipient's machine. However, if an e-mail address that exceeds 194 characters is entered, only the first 193 characters of the address is displayed.
  • The login user's e-mail address is displayed on the sender field on the I-fax recipient's machine.
  • Multiple users can share the same Department ID.
  • Multiple users can be registered as an Administrator.
  • Enter the same password for [Password] and [Confirm]. If you enter a different password for [Password] and [Confirm], a message prompting you to re-enter the passwords is displayed.


Editing User Data

You can change registered user data.


Remark
  • It is recommended that you export the registered user data and make a backup copy. (See "Exporting User Data.")
  • You cannot change the User Name.
  • Only a user registered as [Administrator] in [User Type] can edit the user data.
  • If you edit user data when that user is logged in, the changes you made are validated only after that user is logged out.
  • If you want to change the user name, you must delete the user data and create and register new user data.

  1. Log in to MEAP Service → click [User Management].

The [User Management] page is displayed.

  1. Place a check mark next to the user data you want to edit → click [Edit].

  1. Edit the necessary items → click [OK].



Deleting User Data

You can delete registered user data.


Remark
  • If a user is logging in to the machine and his user data is deleted, he will be logged out automatically.
  • The user data that is logged in as [Administrator] cannot be deleted.

  1. Log in to MEAP Service → click [User Management].

The [User Management] page is displayed.

  1. Place a check mark next to the user data you want to delete → click [Delete].

The user data is deleted.

  • You can select all of the displayed users by placing a check mark next to [ALL Select].


Importing User Data

You can read and register user data registered in another machine from a file.

For more information on file formats for import, see "File Formats for Local Device Authentication User Information Files."


Remark
  • Imported user data is registered or overwritten as [End User]. (See "Editing User Data.")

  1. Log in to MEAP Service → click [User Management].

The [User Management] page is displayed.

  1. Click [Import].

  1. Click [Browse] → specify the file you want to import.

You can also specify the file by entering the file path directly.

  1. Specify the necessary items → click [Start].

Details of each item are shown below.

[File Format]: Specify the file format for importing.
• SDL Format Import the user data created in the file format used for SDL and the Local Device Authentication of SSO-H. (File extension: "ldif").
• NetSpot Accountant 3.x Format Import the user data created in NetSpot Accountant 3.x Format. (File extension: "csv").
• NetSpot Accountant 4.x Format Import the user data created in NetSpot Accountant 4.x/iW Accounting Manager Format. (File extension: "csv").
<When Netspot Accountant Format Is Selected>
[Encoding]: Specify the character code for importing.
• Windows Latin-1
(CP1252)
Import the file written in Windows Latin Format.
Windows Latin is a character code for European.
• Windows Japanese
(CP932)
Import the file written in Windows Japanese Format.
Windows Japanese is a character code for Japanese.
[User Name Type]: Select the type of user name used for logging in.
• User ID Use the user ID as user name
• Windows User Name Use User Name in Windows as user name
  • If user data with the same name is already registered, the imported user data will overwrite the old data.


Exporting User Data

You can save user data registered in the machine to a file in your computer. Use this function when you want to use the user data registered in the machine with another device or when you want to back up the user data.


Remark
  • User Type of all exported data is [End User].

  1. Log in to MEAP Service → click [User Management].

The [User Management] page is displayed.

  1. Click [Export].

  1. Specify the necessary items → click [Start].

Details of each item are shown below.

[File Format]: Specify the file format for exporting.
• SDL Format Export the user data in the file format used for SDL and the Local Device Authentication of SSO-H. (File extension: "ldif").
• NetSpot Accountant 3.x Format Export the user data created in NetSpot Accountant 3.x Format. (File extension: "csv").
• NetSpot Accountant 4.x Format Export the user data created in NetSpot Accountant 4.x/iW Accounting Manager Format. (File extension: "csv").
<When Netspot Accountant Format Is Selected>
[Encoding]: Specify the character code for file exporting.
• Windows Latin-1 (CP1252) Export the file written in Windows Latin Format.
Windows Latin is a character code for European.
• Windows Japanese (CP932) Export the file written in Windows Japanese Format.
Windows Japanese is a character code for Japanese.


Registering/Editing User Data for Domain Authentication


Registering User Data

When the Domain Authentication System of SSO-H is being used, login authentication is performed by users that belong to the Active Directory server of the domain specified as the login destination. Contact the system manager to register/edit user data for Domain Authentication.


Remark
  • When using Domain Authentication, you must use the user logon name registered in the Active Directory server of the domain specified as the login destination. However, the internal processes of SSO-H use the pre-Windows 2000 user logon name.

Make sure to meet the following conditions when registering user information for Domain Authentication. If you do not meet these conditions when you register the information, you will become unable to perform authentication with Active Directory users.

  • The value before the '@' in the user logon name matches the value in the pre-Windows 2000 user logon name

  • The value after the '@' in the user logon name matches the domain name of the Active Directory to perform authentication with


Registering a Domain Authentication Administrator User

When Domain Authentication is being used, only a Domain Authentication administrator user can log in to the SSO-H Management Application.

Add a registered user to the 'Canon Peripheral Admins' group, or an arbitrary administrator group of Active Directory to make that user a Domain Authentication administrator user. Follow the procedure below to add the 'Canon Peripheral Admins' group.


Remark
  • Do not set the 'Canon Peripheral Admins' group as the primary group.


Adding a Group

  1. Start the Active Directory management tool, "Active Directory Users and Computers."
  1. Right-click the container and organizational unit you want to add.
  1. Select [New] → [Group] from the pop-up menu that is displayed.

The [New Object - Group] dialog box is displayed.

  1. Enter the group name ('Canon Peripheral Admins') → click [OK].



Adding a User to the Canon Peripheral Admins Group

  1. Start the Active Directory management tool, "Active Directory Users and Computers."
  1. Right-click the user account you want to add to the 'Canon Peripheral Admins' group.
  1. Select [Add to a group] from the pop-up menu that is displayed.

The [Select Group] dialog box is displayed.

  1. Enter 'Canon Peripheral Admins' in the group selection dialog box → click [Check Names].

  1. Confirm that [Canon Peripheral Admins] is underlined → click [OK].



Changing a Local Device Authentication End User's Password

An end user for the Local Device Authentication can change their own password.
This increases the security of private information.


  1. Open your web browser.
  1. Enter the following URL in the address bar.

http://<IP address or host name of the machine>:8000/sso/

The [Log In] page is displayed.

  • If [Use HTTP] in [TCP/IP Settings] in Network Settings in System Settings (from the Additional Functions screen) is set to 'Off', enter <http://<IP address or host name of the machine>/sso/>.
  1. Enter the user name and password of a user registered as a user for the Local Device Authentication System of SSO-H → select [This Device] as the login destination → click [Log in].

You are logged in to the SSO-H Management Application.

  1. Click [User Management].

  1. Enter the new password in [New Password] and [Confirm].

  1. Click [OK].

  1. Click [Log Out].



File Formats for Local Device Authentication User Information Files

The following three file formats can be used for importing and exporting user information:

  • SDL format
  • NetSpot Accountant 3.x format
  • NetSpot Accountant 4.x format

Remark
  • It is recommended you use the SDL Format when exporting and importing user information with iW Accounting Manager (NetSpot Accountant).
  • Only the information for users that have a department ID assigned are exported with the NetSpot Accountant formats. If no users have department IDs assigned, a 0 byte file is exported.
  • If you use a NetSpot Accountant format, you may not be able to import users that are automatically registered.


SDL Format

The SDL format is the format used for local device authentication. This format adopts the LDIF file format, which sues the ldif file extension. LDIF (LDAP Data Interchange Format) is used for transferring directory information between LDAP directory servers, etc.

Each record in an LDIF file is separated by at least one empty line. A record comprises of multiple lines that do not include any empty lines. Each record contains an ID line (which can be omitted) and multiple entries. Each entry contains an attribute name and attribute value separated by a colon. If only blank spaces appear after the colon, that entry is ignored. However, if an entry is divided by a line break code and one space, that line break code and space are ignored. Characters after this are handled as if they are connected to the previous line, even if they are spaces. Either carriage return + line feed or line feed only can be used as the line break code. Line breaks are not allowed before the colon. Lines starting with # are ignored.

UTF-8 is used for character encoding.

Example:
dn: uid=J00001
userPassword: {sdl}1234567890abcdefghijklmn
canonUid: 1000001
canonPwd: 1010001
cn: SampleUser01
cn;lang-ja;phonetic:
mail: SampleUser.J00001@example.com
objectClass: top
objectClass: person

  • Input File Format

Attribute name Can be omitted? Default value used when omitted Item name in SSO-H Description
dn No - User Name "uid="login user name ("uid=" can be omitted). Must be from 1 to 32 characters. You cannot include spaces or the following symbols (\ / : * ? l < > [ ] ;, = + @ ").
userPassword Yes - Password (corresponding to the user name) When encrypted: the attribute value starts with "{sdl}". Use the encrypted value from the exported file.
When not encrypted: You can leave this blank or enter up to 32 characters.
canonUid Yes - Department ID Must be from 1 to 7 digits.
canonPwd Yes - Password (corresponding to the department ID) You can leave this blank or enter up to 7 digits.
cn Yes [null] Displayed As You can leave this blank or enter up to 32 characters.
cn;lang-ja;phonetic Yes [null] - -
mail Yes [null] E-mail Address You can leave this blank or enter up to 256 ASCII characters. The format of e-mail addresses is not checked.
objectClass Yes [null] "top" "top" (fixed)
objectClass No Not limited "person" "person" (fixed)
NOTE
1) The attribute names can be specified in any order. Unnecessary attribute names can be omitted.
2) User Type is not included in the input format. After the import is performed, edit it to "Administrator" as necessary.

  • Output File Format
Attribute name Corresponding user information on the [Register]/[Edit] screen of [User Management] Description
dn User Name The login user name.
userPassword Password (corresponding to the user name) The attribute value starts with "{sdl}" and the password is encrypted.
canonUid Department ID The department ID.
canonPwd Password (corresponding to the department ID) Not encrypted. If there are not enough digits, zeros are added to the start of the number.
cn Displayed As The display name.
cn;lang-ja;phonetic - -
mail E-mail Address The e-mail address.
objectClass - "top" (fixed)
objectClass - "person" (fixed)
NOTE
User Type is not output.


NetSpot Accountant 3.x Format

The NetSpot Accountant 3.x format is the file format for user information used in NetSpot Accountant 3.x. Windows Japanese (CP932) or Windows Latin-1 (CP1252) is used as the character code.


  • Input File Format
Item number Item name*1 Corresponding user information on the [Register]/[Edit] screen of [User Management]
1 Parent Department ID -
2 Account Type -
3 User ID User Name*2, Department ID
4 User Name Displayed As
5 Password Password
6 E-mail Address E-mail Address
7 Log In Name User Name*3
8 Domain Name -
9-10 Printing Usage Limit -
11 Card ID -

  • Output File Format
Item number Corresponding user information on the [Register]/[Edit] screen of [User Management] Item name*1 Description
1 - Parent Department ID Always [0]
2 - Account Type Always [1] (user)
3 Department ID User ID
4 Displayed As User Name
5 Password Password Always NULL
6 E-mail Address E-mail Address
7 User Name Log In Name
8 - Domain Name Always " "
9-10 - Printing Usage Limit Always NULL
NOTE
*1: The item name (The item name in NetSpot Accountant 3.0 or later. Item names are not displayed in the CSV file itself.)
*2: When [User ID] is set for [User Name Type] in [NetSpot AccountantFormat Is Selected] in [Import] in the SSO-H management application.
*3: When [Windows User Name] is set for [User Name Type] in [NetSpot AccountantFormat Is Selected] in [Import] in the SSO-H management application.


NetSpot Accountant 4.x Format

The NetSpot Accountant 4.x format is the file format for user information used in NetSpot Accountant 4.x or later and iW Accounting Manager 5.0 or later. Windows Japanese (CP932) or Windows Latin-1 (CP1252) is used as the character code.


  • Input File Format
Item number Item name*1 Corresponding user information on the [Register]/[Edit] screen of [User Management]
1 Parent Department ID -
2 Account Type -
3 User ID User Name*2, Department ID
4 User Name Displayed As
5 Password Password
6 E-mail Address E-mail Address
7 Log In Name User Name*3
8 Domain Name -
9-15 Printing Usage Limit -
16 Card ID -

  • Output File Format
Item number Corresponding user information on the [Register]/[Edit] screen of [User Management] Item name*1 Description
1 - Parent Department ID Always [0]
2 - Account Type Always [1] (user)
3 Department ID User ID
4 Displayed As User Name
5 Password Password Always NULL
6 E-mail Address E-mail Address
7 User Name Log In Name
8 - Domain Name Always " "
9-15 - Printing Usage Limit Always NULL
16 - Card ID Always "##########"
NOTE
*1: The item name (The item name in NetSpot Accountant 4.0 or later or iW Accounting Manager 5.0 or later. Item names are not displayed in the CSV file itself.)
*2: When [User ID] is set for [User Name Type] in [NetSpot AccountantFormat Is Selected] in [Import] in the SSO-H management application.
*3: When [Windows User Name] is set for [User Name Type] in [NetSpot AccountantFormat Is Selected] in [Import] in the SSO-H management application.


List of Error Messages

This section explains the various messages that appear on the display, along with possible causes and remedies.

If the machine displays an error message, follow the instructions on the display.

The following is a list of error messages, along with their possible causes and remedies.



Login Page

Cannot login because another user is logged in or logout operations have not been successfully performed. Please wait a moment and then try this operation again.

You do not have permissions to use Service Management Service. Log in with administrator rights.

The Service Management Service of the specified URL has not been started. Specify the correct URL.

Cannot use SMS Installer Service (Remote Login Service Authentication) because Default Authentication is selected as the login service.

Error: <Error Details>

Cannot login because another user is logged in or logout operations have not been successfully performed. Please wait a moment and then try this operation again.

Cause 1

Multiple browsers cannot log in using SMS at the same time. Therefore if another user has already logged in, you cannot log in even if you enter the correct password.

Remedy

Log out with the browser which is already logged in.

Cause 2

You cannot log in for a while if a user has closed their browser without pressing [Logout] to log out.

Remedy

Try to log in again after waiting for the time out.

You do not have permissions to use Service Management Service. Log in with administrator rights.

Cause

Only a user with administrator rights can log in to SMS with their user name and password. The user trying to log in cannot do so because they do not have administrator rights.

Remedy

Log in again with the user name and password of a user with administrator rights.

The Service Management Service of the specified URL has not been started. Specify the correct URL.

Cause

The login method you tried to use (Password Authentication or Remote Login Service Authentication) is not set to 'Started'.

Remedy

Log in to SMS using the login method which has been set to 'Started'. (Use another login method.)

Cannot use SMS Installer Service (Remote Login Service Authentication) because Default Authentication is selected as the login service.

Cause

If the login service is set as Default Authentication, you cannot use the SMS Installer Service (Remote Login Service Authentication).

Remedy

Log in with the SMS password to use SMS.

Error: <Error Details>

Cause

An error has occurred for some reason. Refer to <Error Details> for details.

Remedy

If countermeasures for the error are still not clear from <Error Details>, contact your local authorized Canon dealer.



Application List Page

Cannot start this application because the number of bootable applets has exceeded the limit. Start this application after stopping other applications.

A license is needed to start this application. Try to start it again after installing a license.

Cannot start this application because system resources (memory, threads, sockets, file descriptors, disk space, or screen size) required to start the application may not be available. <Resources>

Error: <Error Details>

Cannot start this application because the number of bootable applets has exceeded the limit. Start this application after stopping other applications.

Cause

The application cannot be started because it includes an applet, and the number of applets that can be started on the system would exceed the limit (nine applets) if the application was started.

Remedy

Stop an application running on the system which includes an applet, in order to reduce the number of applets running on the system, and then restart the application.

A license is needed to start this application. Try to start it again after installing a license.

Cause

A license file is necessary to start the application (the license file has not been installed).

Remedy

Install the license file, and then restart the application.

Cannot start this application because system resources (memory, threads, sockets, file descriptors, disk space, or screen size) required to start the application may not be available. <Resources>

Cause

The application cannot be started because system resources required to start the application are not able to be reserved.

Remedy

Stop another application, and then restart this application. It may be able to start this time.

Error: <Error Details>

Cause

An error has occurred for some reason. Refer to <Error Details> for details.

Remedy

If countermeasures for the error are still not clear from <Error Details>, contact your local authorized Canon dealer.



Install Page

The file for the application to install does not exist or the file path is incorrect. Try to specify the path again.

The file for the license to install does not exist or the file path is incorrect. Try to specify the path again.

The contents of the file for the application to install are incorrect or information is missing. Check the file.

The contents of the file for the license to install are incorrect or information is missing. Check the file.

The following information is missing in file for the specified application. Check the file. <Missing information>

The following information in the specified application is incorrect. Check the file. <Inaccurate information>

Cannot install this license because the specified application and license do not correspond. Try to specify a path for the license file again.

The number of applications that can be installed has exceeded the limit. Try to install this application after uninstalling other applications.

The specified license is already installed.

To install the specified application, a license file must be installed at the same time. Specify a license file.

The specified file is a system application. Install the application from the [Enhanced System Application] page.

The specified license does not match this device. Specify an installable license.

The specified application does not support this device.

The specified file is an update file. Stop the application that you want update and then install the file.

Cannot install the application because the license requirement is different. Uninstall the specified application, and then try to install the application again.

Cannot install this application because hard disk space has been exceeded. Uninstall other applications and then try to install it again.

Could not cancel installation. Installation has been successfully completed.

The specified application cannot be installed on this device.

This application does not support the MEAP version of the device. Contact your service representative after checking the application version.

Cannot find the specified application. It may have been uninstalled by another user.

Error: <Error Details>

The file for the application to install does not exist or the file path is incorrect. Try to specify the path again.

Cause

The application file does not exist in the specified path, or the file path is incorrect.

Remedy

Specify the file path correctly.

The file for the license to install does not exist or the file path is incorrect. Try to specify the path again.

Cause

The license file does not exist in the specified path, or the file path is incorrect.

Remedy

Specify the file path correctly.

The contents of the file for the application to install are incorrect or information is missing. Check the file.

Cause

The contents of the file specified as an application file are incorrect, or information is missing.

Remedy

This application file cannot be installed. Check the file. If there are no problems, contact your local authorized Canon dealer.

The contents of the file for the license to install are incorrect or information is missing. Check the file.

Cause

The contents of the file specified as a license file are incorrect, or information is missing.

Remedy

This license file cannot be installed. Check the file. If there are no problems, contact your local authorized Canon dealer.

The following information is missing in file for the specified application. Check the file. <Missing information>

Cause

The application cannot be installed because required information is not included in the application file.

Remedy

Check the file. If there are no problems, contact your local authorized Canon dealer to see if there is any <Missing information>.

The following information in the specified application is incorrect. Check the file. <Inaccurate information>

Cause 1

<Inaccurate information> in the application file cannot be recognized as correct information.

Remedy

Contact your local authorized Canon dealer.

Cause 2

If the <Inaccurate information> is the MEAP Specifications, the MEAP specifications of the application and of the machine do not match.

Remedy

Contact your local authorized Canon dealer.

Cannot install this license because the specified application and license do not correspond. Try to specify a path for the license file again.

Cause

The application cannot be installed because the specified license file does not correspond to the specified application.

Remedy

Specify a license file which corresponds to the application file.

The number of applications that can be installed has exceeded the limit. Try to install this application after uninstalling other applications.

Cause

You can install up to 19 applications. You are trying to install more applications than this number.

Remedy

You can install the new application by first uninstalling other applications (apart from system applications).

The specified license is already installed.

Cause

A license file which is already installed cannot be installed again. The specified license file has already been installed.

Remedy

The specified license file cannot be installed. Specify another license file.

To install the specified application, a license file must be installed at the same time. Specify a license file.

Cause

You cannot install the application unless you specify a corresponding license file with the application.

Remedy

When specifying an application to install, also specify a corresponding license file.

The specified file is a system application. Install the application from the [Enhanced System Application] page.

Cause

The specified file is a system application. You cannot install it from this [Install] page.

Remedy

Install the application from the [Enhanced Sys. App] page.

The specified license does not match this device. Specify an installable license.

Cause

In the license file, there is serial number information of machines in which the license file can be installed. The application you have specified cannot be installed, because your machine's serial number is not found in the serial number information in this license file.

Remedy

Specify a license file whose serial number information includes the serial number of your machine.

The specified application does not support this device.

Cause

The application file can only be installed in certain machine models. It cannot be installed in this machine.

Remedy

Specify an application which supports the machine.

The specified file is an update file. Stop the application that you want update and then install the file.

Cause

The specified application file is a file for updating an application which is already installed. It is necessary to stop the application which is to be updated before updating.

Remedy

Stop the application that you want to update, and then perform the update again.

Cannot install the application because the license requirement is different. Uninstall the specified application, and then try to install the application again.

Cause

You have tried to upgrade an application which is already installed using a version of the same application with different license requirements.

Remedy

Try upgrading after uninstalling the application you are trying to upgrade.

Cannot install this application because hard disk space has been exceeded. Uninstall other applications and then try to install it again.

Cause

The application cannot be installed because there is not enough space left on the hard disk.

Remedy

Uninstall unnecessary applications to free up hard disk space.

Could not cancel installation. Installation has been successfully completed.

Cause

The cancel button was pressed when the installation could not be canceled. Installation has successfully been completed.

Remedy

Disable the license file and download it from the [License Management] page.

The specified application cannot be installed on this device.

Cause

Could not install the specified application because the machine's memory is full.

Remedy

Try installing again after expanding the machine's memory. For more information on expanding the machine's memory, contact your local authorized Canon dealer.

This application does not support the MEAP version of the device. Contact your service representative after checking the application version.

Cause

If the <Inaccurate information> is the MEAP Specifications, the MEAP Specifications of the application and of the machine do not match.

Remedy

Contact your local authorized Canon dealer.

Cannot find the specified application. It may have been uninstalled by another user.

Cause

The specified application is already uninstalled.

Remedy

Reinstall the application as necessary.

Error: <Error Details>

Cause

An error has occurred for some reason. Refer to <Error Details> for details.

Remedy

If countermeasures for the error are still not clear from <Error Details>, contact your local authorized Canon dealer.



Authentication Information Setting Page

Settings are incorrect.

  • Check to see if the password is incorrect.
  • Enter Dept. ID within 7 digits.
  • Check to see if the Department. ID is registered with the device.

Could not set authentication information because an error occurred.

Cannot find the specified application. It may have been uninstalled by another user.

Settings are incorrect.

  • Check to see if the password is incorrect.
  • Enter Dept. ID within 7 digits.
  • Check to see if the Department. ID is registered with the device.
Cause

Authentication information cannot be set because the entered Dept. ID does not exist, or the password is incorrect.

Remedy

Enter the correct Dept. ID and password registered for the machine.

Could not set authentication information because an error occurred.

Cause

The authentication number could not be set because an error has occurred for some reason.

Remedy

Contact your local authorized Canon dealer.

Cannot find the specified application. It may have been uninstalled by another user.

Cause

The specified application is already uninstalled.

Remedy

Reinstall the application as necessary.



License Management Page

The specified file does not exist or the path is incorrect. Try to specify the path again.

The contents of the file for the license to install are incorrect or information is missing. Check the file.

Cannot install this license because the specified license does not correspond to this application. Try to specify a path for the license file again.

The specified license is already installed.

The specified license does not match this device. Specify an installable license.

Could not cancel installation. Installation has been successfully completed.

Cannot disable the license file because this application has been started. Disable the license file after stopping the application.

Cannot find the specified application. It may have been uninstalled by another user.

Error: <Error Details>

The specified file does not exist or the path is incorrect. Try to specify the path again.

Cause

The specified file does not exist, or the file path is incorrect.

Remedy

Specify the file path correctly.

The contents of the file for the license to install are incorrect or information is missing. Check the file.

Cause 1

The contents of the file are incorrect.

Cause 2

Information is missing.

Remedy

This license file cannot be installed. Contact your local authorized Canon dealer.

Cannot install this license because the specified license does not correspond to this application. Try to specify a path for the license file again.

Cause

The license cannot be installed because the specified license file does not correspond to the application.

Remedy1

Specify a license file which corresponds to the application.

Remedy2

Contact your local authorized Canon dealer.

The specified license is already installed.

Cause

A license file which is already installed cannot be installed again. The specified license file has already been installed.

Remedy

The specified license file cannot be installed. Specify another license file.

The specified license does not match this device. Specify an installable license.

Cause

In the license file, there is serial number information of machines in which the license file can be installed. The application you have specified cannot be installed, because your machine's serial number is not found in the serial number information in this license file.

Remedy

Specify a license file whose serial number information includes the serial number of your machine.

Could not cancel installation. Installation has been successfully completed.

Cause

The cancel button was pressed when installation could not be canceled. Installation has successfully been completed.

Remedy

Disable the license file and download it from the [License Management] page.

Cannot disable the license file because this application has been started. Disable the license file after stopping the application.

Cause

The license file cannot be disabled because the application is not stopped. The application corresponding to a license file must be stopped when disabling the license file.

Remedy

Stop the application corresponding to the license file, and then retry to disable the license file.

Cannot find the specified application. It may have been uninstalled by another user.

Cause

The specified application is already uninstalled.

Remedy

Reinstall the application as necessary.

Error: <Error Details>

Cause

An error has occurred for some reason. Refer to <Error Details> for details.

Remedy

If countermeasures against the error are still not clear from the <Error Details>, contact your local authorized Canon dealer.



Panel Display Page

The following applets are multi-selected. Applets to display in a button cannot be duplicated. <Applet Name - Application ID>

Cannot set the order because there are buttons with applets to display that are not specified.

Set the Order in which to Display Applet Names on the Panel. The following applets are not selected. All applets must be selected. <Applet Name - Application ID>

Error: <Error Details>

The following applets are multi-selected. Applets to display in a button cannot be duplicated. <Applet Name - Application ID>

Cause

The applet display order could not be set because multiple applets of the same name are selected.

Remedy

Do not select multiple applets of the same name.

Cannot set the order because there are buttons with applets to display that are not specified.

Cause

The applet display order could not be set because there are applets which are not selected.

Remedy

Make sure to select all of the applets from the drop-down list to complete the list. However, do not select multiple applets of the same name.

Set the Order in which to Display Applet Names on the Panel. The following applets are not selected. All applets must be selected. <Applet Name - Application ID>

Cause

The applet display order could not be set because there are applets which are not selected.

Remedy

Specify the display order of the applets displayed in the bottom of the error message.

Error: <Error Details>

Cause

An error has occurred for some reason. Refer to <Error Details> for details.

Remedy

If countermeasures for the error are still not clear from <Error Details>, contact your local authorized Canon dealer.



Enhanced System Application Page

Cannot start this application because the number of bootable applets has exceeded the limit. Start this application after stopping other applications.

Cannot start this application because system resources required to start the application may not be available. <Resources>

The file for the application to install does not exist or the file path is incorrect. Try to specify the path again.

The file for the license to install does not exist or the file path is incorrect. Try to specify the path again.

The contents of the file for the application to install are incorrect or information is missing. Check the file.

The contents of the file for the license to install are incorrect or information is missing. Check the file.

Cannot install this license because the specified application and license do not correspond. Try to specify a path for the license file again.

The specified file is not system application. Check the file.

The specified license is already installed.

To install the specified application, a license file must be installed at the same time. Specify a license file.

The following information in the specified application is incorrect. Check the file. <Inaccurate information>

The following information is missing in file for the specified application. Check the file. <Missing information>

The specified license does not match this device. Specify an installable license.

The specified application does not support this device.

The specified file is an update file. Stop the system application that you want to update and then install the file.

The specified file is an update file for a login service that is currently being set. Select another login service, click [Set], restart the device, and the install this file.

Cannot install this application because hard disk space has been exceeded. Uninstall other applications and then try to install it again.

Could not cancel installation. Installation has been successfully completed.

Cannot find the specified application. It may have been uninstalled by another user.

Error: <Error Details>

Cannot start this application because the number of bootable applets has exceeded the limit. Start this application after stopping other applications.

Cause

The application cannot be started because it includes an applet, and the number of applets that can be started on the system would exceed the limit (nine applets) if the application was started.

Remedy

Stop an application running on the system which includes an applet, in order to reduce the number of applets running on the system, and then restart the application.

Cannot start this application because system resources required to start the application may not be available. <Resources>

Cause

The application cannot be started because system resources required to start the application may not be able to be reserved.
NOTE: The resources which can not be reserved may be one of the following:

  • Memory
  • Thread
  • Socket
  • File descriptor
Remedy

Stop another application, and then try restarting this application. It may be able to start this time.

The file for the application to install does not exist or the file path is incorrect. Try to specify the path again.

Cause

The application file does not exist in the specified path, or the file path is incorrect.

Remedy

Specify the file path correctly.

The file for the license to install does not exist or the file path is incorrect. Try to specify the path again.

Cause

The license file does not exist in the specified path, or the file path is incorrect.

Remedy

Specify the file path correctly.

The contents of the file for the application to install are incorrect or information is missing. Check the file.

Cause

The contents of the file specified as an application file are incorrect, or information is missing.

Remedy

This application file cannot be installed. Check the file. If there are no problems, contact your local authorized Canon dealer.

The contents of the file for the license to install are incorrect or information is missing. Check the file.

Cause

The contents of the file specified as a license file are incorrect, or information is missing.

Remedy

This license file cannot be installed. Check the file. If there are no problems, contact your local authorized Canon dealer.

Cannot install this license because the specified application and license do not correspond. Try to specify a path for the license file again.

Cause

The application cannot be installed because the specified license file does not correspond to the specified application.

Remedy

Specify a license file which corresponds to the application file.

The specified file is not system application. Check the file.

Cause

The specified file is not a system application. This application cannot be installed from this [Enhanced Sys. App] page.

Remedy

Install from the [Install] page.

The specified license is already installed.

Cause

A license file which is already installed cannot be installed again. The specified license file has already been installed.

Remedy

The specified license file cannot be installed. Specify another license file.

To install the specified application, a license file must be installed at the same time. Specify a license file.

Cause

You cannot install the application unless you specify a corresponding license file with the application.

Remedy

When specifying an application to install, also specify a corresponding license file.

The following information in the specified application is incorrect. Check the file. <Inaccurate information>

Cause 1

<Inaccurate information> in the application file cannot be recognized as correct information.

Remedy

Contact your local authorized Canon dealer.

Cause 2

If the <Inaccurate information> is the MEAP Specifications, the MEAP Specifications of the application and of the machine do not match.

Remedy

Contact your local authorized Canon dealer.

The following information is missing in file for the specified application. Check the file. <Missing information>

Cause

The application cannot be installed because required information is not included in the application file.

Remedy

Check the file. If there are no problems, contact your local authorized Canon dealer to see if there is any <Missing information>.

The specified license does not match this device. Specify an installable license.

Cause

In the license file, there is serial number information of machines in which the license file can be installed. The application you have specified cannot be installed, because your machine's serial number is not found in the serial number information in this license file.

Remedy

Specify a license file whose serial number information includes the serial number of your machine.

The specified application does not support this device.

Cause

The application file can only be installed in certain machine models. It cannot be installed in this machine.

Remedy

Specify an application which supports the machine.

The specified file is an update file. Stop the system application that you want to update and then install the file.

Cause

The specified application file is a file for updating an application which is already installed. It is necessary to stop the application which is to be updated before updating.

Remedy

Stop the application that you want to update, and then perform the update again.

The specified file is an update file for a login service that is currently being set. Select another login service, click [Set], restart the device, and the install this file.

Cause

Although the specified application file is an update file for the login service that is currently set, it cannot update a login service that has already started.

Remedy

To install the update file for the login service, start another login service, and then install the update file.

Cannot install this application because hard disk space has been exceeded. Uninstall other applications and then try to install it again.

Cause

The application cannot be installed because there is not enough space left on the hard disk.

Remedy

Uninstall unnecessary applications to free up hard disk space.

Could not cancel installation. Installation has been successfully completed.

Cause

The cancel button was pressed when installation could not be canceled. Installation has been successfully completed.

Remedy

Uninstall the application.

Cannot find the specified application. It may have been uninstalled by another user.

Cause

The specified application is already uninstalled.

Remedy

Reinstall the application as necessary.

Error: <Error Details>

Cause

An error has occurred for some reason. Refer to <Error Details> for details.

Remedy

If countermeasures for the error are still not clear from <Error Details>, contact your local authorized Canon dealer.



Utility Page

The specified file does not exist or the path is incorrect. Try to specify the path again.

The contents of the specified file is incorrect or information is missing. Check the file.

The specified license is already installed. Installed license file information cannot be displayed.

Error: <Error Details>

The old password is incorrect.

The new password is incorrect. Enter 8 or more characters for the password.

The new password and password to confirm do not match.

The specified file does not exist or the path is incorrect. Try to specify the path again.

Cause

The specified file does not exist, or the file path is incorrect.

Remedy

Specify the file path correctly.

The contents of the specified file is incorrect or information is missing. Check the file.

Cause 1

Contents of the file are incorrect. (A file other than the license file has been specified.)

Remedy

Check to see if the specified file is a license file.

Cause 2

File information is missing.

Remedy

Contact your local authorized Canon dealer.

The specified license is already installed. Installed license file information cannot be displayed.

Cause

You cannot display the information of a license file which is already installed in a machine.

Remedy

Specify another license file.

Error: <Error Details>

Cause

An error has occurred for some reason. Refer to <Error Details> for details.

Remedy

If countermeasures for the error are still not clear from <Error Details>, contact your local authorized Canon dealer.

The old password is incorrect.

Cause

The password differs from the current password.

Remedy

Enter the current password correctly.

The new password is incorrect. Enter 8 or more characters for the password.

Cause

The new password is incorrect, or has characters that cannot be used for a password.

Remedy

Enter a new password (eight alphanumeric characters or more (a-z, A-Z, 0-9)).

The new password and password to confirm do not match.

Cause

The password cannot be changed because the new password and the password you entered for confirmation do not match.

Remedy

Enter the same password as the new password in the password confirmation field.



Troubleshooting

This section includes troubleshooting information for SSO-H.



List of Error Messages and Their Causes and Remedies

This section explains the various messages that may appear on the display, along with possible causes and remedies.


The authentication server is not found. Contact the system manager for details.

The authentication server is not running. Contact the system manager for details.

Could not log in. The timer settings of your computer and the authentication server may not be in sync, or the user name or password is incorrect.

A password is not set on the authentication server side. Contact system manager.

The account expiration date has passed. Contact system manager.

The password expiration date has passed. Contact system manager.

Login failed due to an authentication error in Dept. ID Management. Contact system manager.

The machine will not operate normally because Dept. ID Management is set to ON. Contact system manager.

Could not obtain log in information. Contact system manager.

The authentication server is not found. Contact the system manager for details.

Cause 1

The LAN cable is not connected.

Remedy 1

Connect the LAN cable.

Cause 2

The primary/secondary DNS server settings in the machine are incorrect or not specified.

Remedy 2

Confirm the DNS server settings of the machine, and specify the correct values.

Cause 3

The DNS server specified in the machine is not started, or the service has been stopped.

Remedy 3

Follow the procedure below to confirm the settings.

  • Confirm the DNS server specified on the machine, and start the server if it has not been started.
  • Start the "Services" management tool on the DNS server.
  • Confirm the status of the DNS Server. If 'Started' is not displayed under <Status>, right-click [DNS Server] → select [Start].
Cause 4

Domain name resolution could not be performed with the DNS server.

Remedy 4

Confirm the following:

  • Confirm that the host record exists on the DNS server.
  • Confirm that the forwarding settings are correct.

The authentication server is not running. Contact the system manager for details.

Cause 1

The LAN cable is not connected.

Remedy 1

Connect the LAN cable.

Cause 2

The Active Directory server is not started.

Remedy 2

Start the Active Directory server.

Cause 3

The KDC (Key Distribution Center) service of Active Directory is stopped.

Remedy 3

Follow the procedure below to confirm the settings.

  • Start the "Services" management tool on the Active Directory server.
  • Check whether the Active Directory server is operating normally.

Could not log in. The timer settings of your computer and the authentication server may not be in sync, or the user name or password is incorrect.

Cause

The difference between the time set on the machine and the Active Directory server is greater than the allowed difference.

Remedy

Adjust the times of the machine and the Active Directory server so that they are within the allowed time difference. For more information, see "Security."

A password is not set on the authentication server side. Contact system manager.

Cause

The DES (Data Encryption Standard) key required for Domain Authentication has not been generated for Active Directory.

Remedy

Follow the procedure below to change the settings.

  • Start the Active Directory management tool, "Active Directory Users and Computers."
  • Right-click the user that failed to be authenticated.
  • Select [Reset Password] from the pop-up menu that is displayed.
  • Enter a new password in the [Reset Password] dialog box → click [OK].

The account expiration date has passed. Contact system manager.

Cause 1

The expiration date of the authenticated user account has expired.

Remedy 1

Follow the procedure below to confirm the settings.

  • Start the Active Directory management tool, "Active Directory Users and Computers."
  • Right-click the user account that has expired.
  • Select [Properties] from the pop-up menu that is displayed.
  • Select the [Account] tab → confirm the values in [Expiration Date] in [Account Expires].
  • If the expiration date has passed, extend the expiration date, or set it to 'None'.
Cause 2

The account of the authenticated user is disabled.

Remedy 2

Follow the procedure below to confirm the settings.

  • Start the Active Directory management tool, "Active Directory Users and Computers."
  • Right-click the user whose account is disabled.
  • Select [Properties] from the pop-up menu that is displayed.
  • Select the [Account] tab → confirm the [Disable Account] setting in [Account Options].
  • If [Disable Account] is selected, deselect it → click [OK].

The password expiration date has passed. Contact system manager.

Cause 1

The expiration date of the password for the authenticated user account has expired.

Remedy 1

Follow the procedure below to confirm the settings.

  • Start the Active Directory management tool, "Active Directory Users and Computers."
  • Right-click the user whose password expired.
  • Select [Reset Password] from the pop-up menu that is displayed.
  • Enter a new password in the [Reset Password] dialog box → click [OK].
Cause 2

The account of the authenticated user is set to 'Require Change of Password Next Login'.

Remedy 2

Follow the procedure below to confirm the settings.

  • Start the Active Directory management tool, "Active Directory Users and Computers."
  • Right-click the user that failed to be authenticated.
  • Select [Properties] from the pop-up menu that is displayed.
  • Select the [Account] tab → confirm the [Require Change of Password Next Login] setting in [Account Options].
  • If [Require Change of Password Next Login] is selected, deselect it → click [OK].

Login failed due to an authentication error in Dept. ID Management. Contact system manager.

The machine will not operate normally because Dept. ID Management is set to ON. Contact system manager.

Cause

The Department ID Management function of the machine is set to 'On'.

Remedy

Follow the procedure below to confirm the settings.

  • Change the current login service to a login application other than SSO-H.
  • Set Department ID Management to 'Off'. For information on setting Department ID Management to 'Off', see "Security."
  • Turn the main power of the machine to OFF, wait 10 seconds, and then turn the power back ON. For more information on turning ON/OFF the main power of the machine, see "Before You Start Using This Machine."

Could not obtain log in information. Contact system manager.

Cause

The port number specified in the '_ldap' SRV record (part of the DNS information of the domain specified as the login destination) is incorrect.

Remedy

Follow the procedure below to confirm the settings.

  • Start the DNS server management tool, "DNS."
  • Double-click [Forward Lookup Zones] → [<domain specified as the login destination>] → [_tcp], and then right-click the '_ldap' SRV record.
  • Select [Properties] from the pop-up menu that is displayed.
  • Select the [Service Location (SRV)] tab → confirm the value in [Port Number].
  • If the port number is different from the port number of the LDAP service, enter the correct port number for the LDAP service → click [OK].


Trouble That May Occur When Using the SSO-H Management Application

This section explains the various problems that may occur when using the SSO-H Management Application, along with possible causes and remedies.


Symptom: [Domain Authentication from Client PC] is not displayed on the Settings page.

Symptom: [Domain Authentication from Client PC] is not displayed on the Settings page.

Cause

The machine operating SSO-H does not support SSL communication.

Remedy

[Domain Authentication from Client PC] is only displayed when SSO-H is installed on a machine that supports SSL communication.



Trouble That May Occur When the Windows Server 2003 SP1 Firewall Is Set

This section explains the various problems that may occur when a firewall is set, along with possible causes and remedies.


Symptom: Service information fails to be retrieved when automatically retrieving domain information.

Symptom: Domain Authentication has failed. (The <Authentication server not operating.> error message is displayed.)

Symptom: User authentication has failed.

Symptom: Service information fails to be retrieved when automatically retrieving domain information.

Cause

Communication with the DNS server is blocked due to firewall settings.

Remedy

Unblock port 53 (the default port) for the UDP protocol and TCP protocol.
The DNS server normally uses port 53 to perform communications with the UDP protocol, but as data over a certain size may be processed using the TCP protocol, unblock port 53 for both the TCP protocol and UDP protocol.

Symptom: Domain Authentication has failed. (The <Authentication server not operating.> error message is displayed.)

Cause

Domain Authentication is blocked due to firewall settings.

Remedy

Unblock port 88 (the default port) for the UDP protocol and TCP protocol.
Domain Authentication normally uses port 88 to perform communications with the UDP protocol, but as data over a certain size may be processed using the TCP protocol, unblock port 88 for both the TCP protocol and UDP protocol.

Symptom: User authentication has failed.

Cause

Communication for LDAP searches is blocked due to the firewall settings.

Remedy

Unblock port 389 (the default port) for the TCP protocol.
User data is retrieved from Active Directory using LDAP searches. By default, LDAP searches are performed using the TCP protocol with port 389. Therefore, unblock port 389 for the TCP protocol. (If the port number used for the TCP protocol has been changed, unblock the port number used by the TCP protocol.)



Other Trouble

This section explains the various other problems that can occur, along with possible causes and remedies.


Symptom: Cannot log in using Domain Authentication with a user created before Active Directory was installed.

Symptom: It takes time for the application to start.

Symptom: It takes time to determine if a login is successful.

Symptom: Cannot log in using Domain Authentication with a user created before Active Directory was installed.

Cause

Accounts for users that were created before Active Directory was installed are automatically generated by placing them in the 'Users' folder after installing Active Directory. However, the accounts that are generated do not manage the DES (Data Encryption Standard) keys for Domain Authentication required by SSO-H. Also, as a user logon name is not set, the Domain Authentication System of SSO-H cannot be used for authentication because user data cannot be retrieved, even if a DES key is generated.

Remedy

Follow the procedure below to change the settings.

  • Start the Active Directory management tool, "Active Directory Users and Computers."
  • Right-click the user that failed to be authenticated.
  • Select [Properties] from the pop-up menu that is displayed.
  • Select the [Account] tab → enter a name in [User Logon Name] → click [OK].
  • Right-click the user name you changed.
  • Select [Reset Password] from the pop-up menu that is displayed.
  • Enter a new password in the [Reset Password] dialog box → click [OK].

Symptom: It takes time for the application to start.

Cause 1

A host whose name cannot be resolved is set in the SRV record retrieved with automatic domain retrieval.

Remedy 1

Perform the following on the DNS server to enable name resolution for the specified host.

  • Specify forwarding settings.
  • Add an A record.
  • Specify secondary settings.
Cause 2

The DNS server set cannot be found, or communication on is not possible.

Remedy 2

Confirm the network settings to see that the machine can communicate with the DNS server set on the machine, and adjust them if it cannot. Confirm things such as the following, and make the necessary adjustments:

  • Whether the LAN cable is connected correctly.
  • Whether the IP address of the DNS server set on the machine is correct.
  • Whether the specified DNS server exists.
  • Whether the specified DNS server is operating.
  • Whether the router settings are correct.
Cause 3

A network delay time is set.

Remedy 3

Adjust the network delay time.

Symptom: It takes time to determine if a login is successful.

Cause 1

Name resolution cannot be performed for the domain name specified as the login destination.

Remedy 1

Confirm the network settings to see that name resolution can be performed for the domain name specified as the login destination, and adjust them if it cannot. Confirm things such as the following, and make the necessary adjustments:

  • Whether the LAN cable is connected correctly.
  • Whether the IP address of the DNS server set on the machine is correct.
  • Whether the specified DNS server exists.
  • Whether the specified DNS server is operating.
  • Whether the router settings are correct.
Cause 2

The DNS server set cannot be found, or communication on is not possible.

Remedy 2

Confirm the network settings to see that the machine can communicate with the DNS server set on the machine, and adjust them if it cannot. Confirm things such as the following, and make the necessary adjustments:

  • Whether the LAN cable is connected correctly.
  • Whether the IP address of the DNS server set on the machine is correct.
  • Whether the specified DNS server exists.
  • Whether the specified DNS server is operating.
  • Whether the router settings are correct.
Cause 3

Multiple domain controllers exist for managing the specified domain. If multiple domain controllers exist for managing the specified domain when using SSO-H, it may take some time to perform authentication, as each domain controller called until one answers.

Remedy 3

Confirm the domain controllers, and adjust them, if necessary.