Installation and Planning

Should you install Enfold Server before Enfold Proxy or vice versa?

In most cases you will install Enfold Server first before you even know what settings to give for Enfold Proxy. However, after you set up EP, you can uninstall ES and reinstall it later on without upsetting your EP settings. EP is closely tied to IIS and should be unaffected by changes to ES.

How many Zope clients should I create with Enfold Server?

The answer depends mainly on the CPU and RAM on the machine running Enfold Server as well as your load balancing needs. Generally, as a conservative estimate, you need to allocate 1-2 gigabytes of RAM per Zope client and have one Zope client per processor on your machine. Note that Enfold Server lets you bind a Zope process to a specific processor when using multiprocessors. This feature is called process affinity. (Read how to configure Process Affinity).

When installing/upgrading Enfold Server, how much down time is required?

The installation wizard itself can take up to 15-20 minutes (not including the time it takes to back things up).

When installing ES, Avast antivirus gives a warning. Help!

This is a known issue. One of the files is a MS Word file with a superficial resemblance to a MS Word macro. Go to your antivirus program and specify an exception. You can read more here at http://plone.org/support/forums/general#nabble-td663448.

How do I determine the Plone or Enfold Server version number I am using?

To find your current Plone version number, log in with a manager/administrator account into Plone. Then go to Plone Site Setup (an option listed on the top right part of the page. The information will appear in the Plone Version Overview section. To see your Enfold Server version number, open up the configuration utility (Start --> Enfold Server) and choose the About tab.

The client starts initially, but it stops soon after. Why?

It is possibly a license problem. If the license is absent or invalid for some reason, no clients will be able to start. Open up the Encontrol utility and select License. This screen will either confirm the license on your machine or warn you that your license has expired. Contact Enfold Systems if there is a problem. Other than licensing problems, file system permissions and conflicting ports could also cause this behavior. In all of these cases, a message will be logged to the Windows Event log (Control Panel --> Administrative Tools --> Event Viewer). Also try the event.log in the Enfold Server install directory (Read more about Enfold Server logs).

When I created a new Plone site, I don't see the Enfold-specific products or the Enfold theme. What do I do?

After Enfold Server is installed, one Plone instance will already be made (which you can generally access on http://localhost:8080/Plone). This first instance should have the correct skin and products installed and working. But if you create additional Plone sites, they might be disabled by default (that happens if you didn't enable the Enfold Server extensions when you added a Plone site from the ZMI). You can easily add and enable the same products from Plone Control Panel --> Add on Products. For more, see Adding a new Plone site).

Does Enfold Server have blob support?

A blob is a binary large object which is handled by a database. Blobs are typically images, audio or other multimedia. As of February 2009, neither Plone nor Enfold Support has native support for blobs. From time to time there has been talk of incorporating blob support into the Plone core, but nothing definite. However, various libraries/products can be used with Plone to allow large files to be handled. Some Plone deployments have allowed users to connect to external storage with an archetype-based Plone product. Check the Plone mailing lists and plone.org for the most up-to-date information.

Can I use Enfold Server if I have a ZODB from standard Plone?

Yes, but Enfold Server 4.0 supports ZODB from standard Plone only if it is Plone 3.0 or above. If you have a 2.x version of Plone, you will need to upgrade to Plone 3.x first and then import the ZODB into Enfold Server.

Can Enfold Server work with Apache on Windows? Is this recommended?

Apache server is available in a Windows environment or Linux environment. Apache can even be configured to do NTLM authentication with mod_ntlm. You could even do proxying with mod_proxy (if you use a trusted proxy authentication profile in Enfold Server). Whether this option is best for you depends on a variety of factors (such as your network, the skill sets of your SysAdmins, etc). Enfold Proxy for IIS offers a GUI-based configuration utility for setting up caching and proxying. For more information, see http://www.enfoldsystems.com/software/proxy/docs/4.0/.

Should new Zope clients use the same service account or a different one?

Generally, the service user for the Server and every client should be exactly the same. The only possible case where you would need to choose a different user for different Zope clients would be if a Zope client is on a different machine from the ZEO Server and needs to authenticate users against a different Windows domain.

Daily Use

How do I turn off inline editing?

Inline editing is a Plone 3 feature that allows text fields to be editable by logged in users as soon as you mouse over the area of the web page. Some users said they didn't like this feature, so there is now a way for site administrations to disable it globally. Go to Plone Site Setup --> Site --> Enable Inline Editing. Uncheck this option.

How do I turn off the Enfold theme?

Enfold makes some customizations to the look and feel of a standard Plone theme. It is not a separate theme per se. The way to turn these theme customizations on/off is to go to Plone Site Setup --> Add/Remove Products --> Install/Uninstall Enfold Theme.

How do I change the home page?

When you install Enfold Server for the first time, a default Welcome page will appear, with links to configuration screens for Enfold products (which are also accessible from Plone Site Setup).

There are two ways to change this home page:

  1. Simply edit this page and insert your own content.
  2. Add a page to the root directory. Then go to the Display dropdown menu on top right and choose Change Content Item as Default View. At this point you will be prompted to choose the page in this directory which will be the default view. (FYI: the default page set after installation is http://localhost:8080/Plone/front-page).

How can I change the default editor away from Kupu?

First, every user can choose whether Kupu should be turned on or off. You can do this by clicking on your login name (at the top right side of the browser page) and choosing Personal Preferences. From there, you can choose your Content Editor (and turn off Kupu or use another rich text editor).

Another option is to install the FCKEditor implementation for Plone. For more information, see http://plone.org/products/fckeditor. Although you can install FCKEditor just like you would any other Plone product, you can also use easy install to install FCKEditor.

Encontrol shows that the Zope client is turned off, but in fact it's running (or vice versa). What's happening?

Occasionally, the Encontrol utility freezes or does not refresh; for this reason the green/red arrow status icon may not be up-to-date. Most of the time, just clicking on a different link in the interface will refresh the screen. If that fails, stopping Encontrol and restarting will generally fix the problem. The most reliable way to tell if the Zope client or ZEO server is running is to go to Start --> Control Panel --> Administrative Tools --> Services and see if a service named Zope instance or ZEO instance is running.

My binary file is not being indexed; why?

If you install IFilters after Enfold Server, you may need to go to Plone Site Setup --> Addon Products and uninstall/reinstall the Plone product called Enfold Server. Note Enfold Server here refers to a Plone product which includes some Enfold customizations (not to be confused with Enfold Server itself). After uninstalling this customized product, you can reinstall the same product on the same screen. Afterwards, IFilters should work.

In Encontrol, Server starts, but my client does not start. Why?

There are many possible causes. As a first check, check the License link on Encontrol and make sure a license has been properly registered. If not, the Client will appear to start (showing the green arrow), but this will quickly halt (and the Red Arrow will appear). Other causes may be responsible. Another common culprit is a buggy product after it is placed inside the Products directory.

Enfold Server starts automatically, how do I turn this feature off?

In most cases administrators will want Enfold Server to start as a service whenever Windows start. But it's easy to turn this off. To turn off automatically startup on Windows boot, open the ES Configuration Utility. Select the Start or Stop link on the right. (You will need to do this for the Server as well as each client). Turn off ES and push the Manual button for starting Enfold Server.

How do I set up compression on Plone pages so that they are gzipped?

You can customize a script in the ZODB that will turn on gzip. 1. Within the ZMI, navigate to the path http://localhost:8080/Plone/portal_skins/plone_scripts/enableHTTPCompression/. 2. Choose Customize. 3. Edit this line (ENABLE_ZLIB_COMPRESSION = 0) and change the value to 1. 4. Click Save Changes. When you do that, the script will be copied onto the /Plone/portal_skins/custom directory and activated. You can verify that this has taken place by viewing the HTTP headers. Note: You can also do this with caching.

I can login to the ZMI with my Zope account, but I cannot login to the Plone site. Can you explain?

The Zope user can always login to the ZMI and usually to the Plone site(s) as well. However, if you select an authentication profile that requires a domain user (from Active Directory or LDAP), the Zope user would be unable to login. However, the Zope user can still access the Plone site by bypassing the authentication profiles. (See How to avoid being locked out of your Plone site).

How do I verify that caching is taking place on Enfold Server?

Generally, Plone deployments rely on separate caching mechanisms to cache content. When Enfold Server is deployed, a separate caching mechanism is used to handle caching. For example, Enfold Proxy (a commercial Windows-based caching product) has many controls for caching (and the EP documentation contains excellent methods to verify caching-- see Enfold Proxy's documentation at http://www.enfoldsystems.com/software/proxy/docs/4.0/epcaching.html ). It's also possible to verify that Zope objects are being successfully cached. To do this, login to the ZMI and go to /Plone/RAM Cache Manager/Statistics or /Plone/HTTPCache/Statistics.

What happens when the Client is started but the Server is not running?

You need to have the server running and one or more Zope clients running for the website to work. The Server essentially contains the data/storage. If Server is turned off, the Zope client is poised to receive requests at http://localhost:8080. It just cannot do anything!

Where is the backup directory (or log directory)? Why can't I find it?

The default directory is listed in the Encontrol utility under Tasks. (Read more about Encontrol). If you have recently installed Enfold Server, some of the scheduled tasks may not have been run yet. To verify this, go to Start > Settings > Control Panel > Scheduled Tasks from the Windows start menu. You should see the three tasks listed, plus a record of the last time the task was run. If you wish, you can run the task manually by right-clicking the task and choosing Run. By default, the backup task is scheduled to run once a week (Read more about Scheduled Tasks). If you are still unable to identify the problem, verify that you have the permission scheduled tasks were configured correctly. (See next question).

My scheduled tasks won't run (or the Install Wizard doesn't let me create these tasks) Why?

First, make sure that the user running the Install program has local administrator rights. See Giving a Domain User Local Administrator Privileges. Second, if you are running Scheduled Tasks on Windows 2003, you need to make some special adjustments.

If I use Encontrol to remove a Zope client, does that mean I am removing its data as well?

In typical scenarios, ZODB data is stored as a Data.fs file inside the /var directory C:\Program Files\Enfold Server\Server\var. (In less common scenarios, ZOBDs are stored in separate Data.fs files and use a different mount point). Removing a client does not remove the data; it merely reduces the number of system processes that are making http requests. See more information about ZEO and Zope instances.

I'm logged on as the Zope User. If I list groups and users from Plone Site Setup, why can't I see any groups or users from Active Directory?

A fresh install of Enfold Server will use a default Authentication Profile called Default Plone with Cookie Authentication. You cannot access AD data when you use this profile. You need to change it to another profile. (See Selecting the right authentication profile). However, once you have configured the correct profile, the Zope user will be able to view AD groups and users.

When I come to a web page, I immediately enter the Edit screen even if I didn't press the Edit tab. Why?

Inline editing is a feature of Plone 3. There are ways to configure this or turn it off. (For more, read http://plone.org/documentation/manual/plone-3-user-manual/managing-content/editing-content/ or visit the plone.org site).

I've set up a caching profile in ES. What else do I need to do?

Although turning on caching in ES does improve performance somewhat by itself, most of the performance gains occur when you run it in conjunction with a proxy server. Enfold recommends Enfold Proxy, a product designed to cache Enfold Server and Plone in a Windows environment. You can also use other products like Squid.

Users and Permissions

Should I create new users with Plone Site Setup or with Active Directory?

Either way works, but Active Directory lets you pull in existing user information from outside Plone/Zope so users don't need to remember two passwords. Also, because Active Directory keeps track of password changes, password changes will be reflected inside Plone as well. Creating simple Plone users from Plone Setup may be easy, but this information will remain in the Zope Object Database (ZODB).

How do I allow/disallow self-registration of new users? Should I do this?

To allow self-registration, go to Plone Site Setup and choose Security. There you will be presented with various options for users. These determine whether a user should automatically receive a personal folder (for creating content) and a profile page.

Because Enfold Server usually is run inside Intranet, self-registration is disabled by default. This is done mainly to increase server security but also to eliminate potential conflicts with other authentication methods. Users would need to be assigned default roles to modify content and perhaps even to belong to a group with permissions specified for certain directories.

How long does user authentication last when authenticating from Active Directory?

By default, Enfold Server caches authentication information for users to reduce the number of queries to Active Directory. By default it is set for 10 minutes (this is configurable from the configuration tab under the authentication profile you have chosen). This can become an issue if you have changed an AD group name (or removed a group or user). For the next ten minutes after you make that kind of change, there exists the possibility that Enfold Server will "remember" the result of the recent query to Active Directory for the user sign on. After ten minutes, things will be fine, but if you wish, you can clear all authentication caches by going to Plone Site Setup --> Authentication Profiles and click the Clear Authentication Cache button on the bottom of the page.

How do I clear the authentication cache on the server?

See the previous question. This is especially useful if you make major changes to an AD group or have deleted certain accounts and wishes the changes to take effect immediately. If you are switching from one authentication profile to another, it is no longer necessary to push this button--it is now done automatically.

Can I use AD nested groups with Enfold Server?

Enfold Server does not currently supported nested groups (that is, putting one Active Directory group inside another Active Directory group). It is not compatible with the current Enfold product which handles Active Directory.

Do I need to set roles in Plone?

Roles are common sets of Plone permissions for users who handle content. Examples include: contributor (can add content), editor (can edit content by self or others), reader (can read content by others), reviewer (can edit/publish content/metadata but cannot create new content) and manager (can access the Plone control Panel and ZMI for the Plone instance; this is essentially the Administrator role). If a user does not have a role, then he/she can create content (in a public directory on Plone or a user's own folder), but will have very limited collaboration possibilities.

When I edit user rights on Plone Site Setup and save, the permission change doesn't seem to take effect. Why?

The Users tab presents a view of what rights are active. That includes any rights assigned to it because of a group membership.

To remove a right, you need to confirm that this right has not been added because of any of a user's current group membership(s).

Can LDAP work with NTLM authentication?

No, NTLM authentication is specific to Active Directory and thus cannot work with LDAP authentication.

Can I switch my service user from local user to domain user (or vice versa)?

If you intend to switch, you need to switch authentication profiles on Plone's site setup before doing so. It's best to use cookie-based authentication while you make the transition (You can turn this back on later). As a general rule, Enfold discourages unnecessary switching of the service user. When changing from a local user to domain user as the service user, it might be easier to run the second part of the Installation wizard again (Start --> Enfold Server --> Development --> Installation Wizard --> Second Stage ) to make sure permissions are set correctly.

Can the service user log onto the website? How is this possible? Is it a good idea to use this account when logging onto the website?

(This applies to authentication profiles using Active Directory with cookies). Inside Windows domains, a service user is also a domain user. Because the website accepts authentication through Active Directory, a service user could use the domain user credentials to sign on to the website. This service user would not have access to the Plone Site Setup menu (unless explicitly given the Manager role).

How do I let users outside the Intranet login ?

For AD users, they can use VPN software to login remotely as an authenticated domain user.

Another solution is to use Enfold Proxy to set up different hosts, each with different authentication profiles. (See Authenticating users inside the domain and outside the domain).

One additional option is to use Plone Control panel to create additional groups/users. In this case, user data lives only inside the Plone server. This is a straightforward solution, but it means often means managing two different sets of users in two different places(the first inside Active Directory, the other inside Plone). You will need to set up sharing in a way that the users/groups created in Plone resemble the permissions set for the AD group. For these kinds of users, Plone will use cookie-based authentication.

What do I do if I forget my Zope password?

Open Enfold Server configuration utility. Click on your Zope client, Emergency Access. See Setting Up and Using the Emergency User in Zope.

Should the service user be the same as the user who installs Enfold Server?

No! Generally the Windows user who installs Enfold Server requires local administrator privileges, and the service user is not supposed to have local administrative privileges. Doing this prevents other services, applications or data from being affected if the account is compromised. (Read more about the Windows service user).

When should I use an existing service user and when should I create a new service user?

The Installation wizard gives the option to create a new user or use an existing one. First, for security reasons it's useful for Enfold Server to run under a separate Windows account. Practically speaking, the person installing Enfold Server may not have the rights to create another domain user; in this case, it may be easier to request a domain user account from the Active Directory administrator. This service user must not be a local Administrator on the machine with Enfold Server. (Read more about the Windows service user).

Licenses and Support

How do I activate the license for Enfold Server?

After the trial period is over, a permanent license file for Enfold Server is needed. Enfold Systems provides a .reg file to license holders. In order to install this file, copy it to the machine running Enfold Server and then double click on it. This will install the license information into the windows registry. Now open the Enfold Server configuration utility and click on the license page link. Ensure the license is recognized by the server.

Does the Enfold Server license let me install Enfold Server on more than one machine?

You need to purchase one license for each machine you will install Enfold Server on. When you do this, you will also be able to have Zope clients on one machine access the ZEO server on another machine.

Can I install two instances of Enfold Server on the same machine?

Yes, the license allows you to install more than one instance of Enfold Server on the same machine, but doing so is not supported by Enfold. Some have created a second instance of Enfold Server to test configurations before they are deployed on the main installation. There are reports of the Encontrol utility managing only the 'last' installed instance of Enfold Server. Also, you may see only one instance of Enfold Server on Add/Remove Programs if you try this.