This technical document describes the file structure, registry entries and other details of the MOVEit DMZ system. Generally this information is only important for administrators (i.e., SysAdmins) who set up and troubleshoot MOVEit DMZ systems.
Note: Location names like [Web Files] are used only as a notation in this document; they do not refer to literal directory names or registry key names on a MOVEit system.
File System
[Non-Web Files]
By default, the [Non-Web Files] directory is D:\MOVEitDMZ. This value is configurable during installation and may be changed by advanced administrators using the MOVEit DMZ Config program.
\Aspell - Contains the GNU Aspell spell-checking utility used by MOVEit DMZ's secure messaging spell-checking mechanism
\bin - Contains the Aspell executable and associated libraries as well as the source text files for the custom word lists included with MOVEit DMZ and the batch files used to compile them
\data - Data files used by Aspell
\dict - Compiled dictionary files, alias files, and .multi dictionary loading command files used by Aspell
\Certs - Used to communicate certificates between the MOVEit DMZ web application (which does not have permission to directly alter the Microsoft Certificate Store) and the MOVEit DMZ Helper service (which can and does). In standalone systems, a single C000 subfolder will be found here
\COM - Holds several COM object library files
\Files - Root filesystem of DMZ. This is where DMZ's files are actually stored
\Files\(OrgID) - Root filesystem of a single Organization
\Files\(OrgID)\(FolderID) - Contains encrypted files belonging to a specific folder
\InstallScripts - Various scripts used by the MOVEit DMZ install packages
\Logs - Debug log files generated by MOVEit DMZ applications
\MessageFiles - International message files for use by VB and C programs
\Scheduler - Various scripts used by the MOVEit DMZ scheduler
\Util - Various utilities for use by administrators and MOVEit DMZ install packages
\Codecs - Codec libraries used by the 7-Zip application
\Formats - Format libraries used by the 7-Zip application
passdict.txt - A cleartext, text file containing a list of dictionary words which are not allowed to be part of any password used in Organizations with a password complexity of Sturdy or higher. Each word or phrase is on its own line; entries are case-insensitive
[Web Files]
The [Web Files] directory is configurable during installation and may be changed by advanced administrators using the MOVEit DMZ Config program.
\bin - Holds MOVEit DMZ library files
\COM - Store of web-browser ActiveX controls
MOVEitUploadWizardxxx.ocx - MOVEitWizard high speed upload control
\images - Images used to display MOVEit DMZ web interface
\bullets - Stock bullets used when customizing organization appearance
\customscheme - Custom background images used in custom schemes (style sheets)
\en - English versions of text-based button images
\xx - Versions of text-based button images for language code xx
\InstLogos - Organization-specific logos and buttons
\java - Store of web-browser Java applets
MOVEitWizard.jar - MOVEit Wizard Java applet store
\templates - XSL templates, CSS stylesheets and Javascript used to format information for web interface display
\en - English versions of the internationalized XSL templates
\xx - Versions of the internationalized XSL templates for language code xx
AS2Rec2.ashx - Used to receive AS2 transmissions (file messages and MDNs) and store them in the MOVEit DMZ filesystem
apilink.aspx - This file does not actually exist in the web files directory. Instead, it is a trigger which is looked for by the MOVEit DMZ application to indicate that an instance of MOVEit DMZ API wishes to transfer its existing session to a user's browser.
ColorSchemePreview.aspx - Used by Administrators to preview alternate color schemes.
DMZTest.aspx - A very simple ASP.NET test application which simply prints the current date. Useful for making sure the .NET framework is installed correctly.
DownloadFile.aspx - Used by all web users to retrieve files from MOVEit DMZ.
DownloadReport.aspx - Used by administrators to download reports directly from MOVEit DMZ.
favicon.ico - Icon file displayed by most browsers in the URL bar, tabbed browsers and lists of favorites.
Human.aspx - The web interface.
Machine.aspx - Used by various MOVEit clients and modules to communicate with MOVEit DMZ.
Machine2.aspx - Used internally by various MOVEit components to manage high speed file transfers.
palette.htm - Static HTML page used to display a color palette for composing secure messages.
SpellCheck.aspx - Used to perform secure messaging spelling checks.
SysStat.aspx - Early display of system statistics. Not currently used.
TestSettings.aspx - Used by MOVEit DMZ to test various settings, such as External Authentication sources.
ThinPoll.aspx - Provides quick idea of whether or not a particular user has new files. Not currently used.
ViewFile.aspx - Used by MOVEit DMZ to display thumbnails and full size images stored in the encrypted file store.
ViewGraph.aspx - Used by MOVEit DMZ to generate graph images for the Quick Statistics page.
WebPost.aspx - Used by web form submitters to send data into MOVEitDMZ.
web.config - .NET configuration file for the MOVEitDMZ application.
[ISAPI Files]
The [ISAPI Files] directory is configurable during installation and may be changed by advanced administrators using the MOVEit DMZ Config program.
MOVEitISAPI.dll - The MOVEitDMZ ISAPI filter used to handle high speed web transfers.
MOVEitFilt.dll - The MOVEitDMZ ISAPI filter used to get around bugs in various browsers that do not recognize certain suggested filename headers. This filter handles file downloads so that browsers display correct filenames when prompting to save.
[Database Files] (only if MySQL is the database engine)
If you are using MySQL as your database engine, the [Database Files] directory is configurable during installation and may be changed by advanced administrators using the MOVEit DMZ Config program. If the location of the MySQL data files is changed, this change will also need to be reflected in the MY.INI file. By default, it is D:\MySQL.
Bin - Location of MySQL server and client executables, as well as supporting libraries.
Data - Location of database data file folders and MySQL error file.
moveitdmz - Location of MOVEit DMZ database files. Note that this directory may not be named moveitdmz. This folder's name will be that of the MOVEit DMZ database given during installation. The default is moveitdmz.
mysql - Location of MySQL database files, which contain database user information as well as access lists.
Share - Contains language support files for MySQL database server.
[HOSTNAME].err - A running log file containing any significant events that have happened to the database server. Will include error information, such as located and repaired table corruption messages, as well as non-error information, such as startup and shutdown times.
%WINDIR%\MY.INI - This file does not reside in the [Database Files] directory, but instead can be found in the main Windows directory (usually C:\WINDOWS). This file contains paths and options for the MySQL server, most importantly the path to the data files. If the [Database Files] directory is changed, this file should also be changed.
Registry Entries
MOVEit DMZ uses the following base key in the registry:
For 64-bit systems: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Standard Networks\siLock
For 32-bit systems: HKEY_LOCAL_MACHINE\SOFTWARE\Standard Networks\siLock
[Root Key]
AllowInsecureQueryStrings - Security best practices call for using the POST method instead of the GET method. If your web integration uses HTTP GET, and you want to continue to use the GET method, you need to set this registry entry to allow the continued use of this method. Set to "1" to allow GET requests for sensitive transactions, and allow GET requests to include session IDs in apilink.aspx.
CacheFlushIntervalMB - The interval in MB for how frequently to flush the Windows file cache buffer to disk during file uploads (Default = 0). If CacheFlushIntervalMB doesn't exist or is 0, the cache buffer is flushed at the end of the upload, which is the standard behavior. For large file uploads, this can potentially cause client timeouts while waiting for the entire cache buffer to be flushed, especially if the target file system isn't local. Configure this setting to have MOVEit DMZ periodically flush the Windows file cache buffer in order to avoid doing one large cache flush at the end of the upload.
DBEngine - The database engine being used by MOVEit DMZ. Either MySQL or SQL Server. If the value is not present, MySQL is assumed.
DSN - The ODBC Data Source Name of the MOVEit DMZ database. (By default: moveitdmz)
EmailAddrAutomation - The email address from which MOVEit DMZ's automatically generated email messages will appear to originate.
EmailAddrForErrors - The email address to which significant MOVEit DMZ errors will be sent.
EmailRelayChoice - Used by the MOVEit DMZ Check utility to store which type of email relay check should be performed.
EmailRelayCustomEmailAddr - Used by the MOVEit DMZ Check utility to store the email address to be used if using an email relay check that goes to an alternate address.
EmailServer - The SMTP server through which email messages will be sent.
EmailServerConnectionTimeout - The number of seconds MOVEit DMZ will wait before timing out when it cannot connect to the configured SMTP server (Default = 30). This key will not be created by the program itself, and is only used to override the internal default value of the program.
FilesBaseDir - The real location of root filesystem of DMZ, usually [Non-Web Files]\Files.
FilesBaseDirPassword - An encrypted copy of the password used to access a remote filesystem, if one is being used as FilesBaseDir.
FilesBaseDirUsername - The username used to access a remote filesystem, if one is being used as FilesBaseDir.
ForceFileSystemAS2MDN - Typically, using the file system to manage synchronous AS2 MDNs is only necessary when MOVEit DMZ is part of a WebFarm system. Enabling this option will force MOVEit DMZ to ALWAYS use the file system for managing synchronous AS2 MDNs. This may be desirable in certain situations, for instance when a standalone MOVEit DMZ installation uses advanced IIS related configurations. (0=no, 1=yes)
ForceMachine2 - Whether MOVEitISAPI should always use the traditional machine2.aspx approach to accessing the database. You may wish to set this obscure option if you are having difficulty with the optimizations in MOVEitISAPI that bypass machine2 in favor of direct database access. (0=no [the default], 1=yes)
IPLockoutEnable - Whether or not IP Lockout is enabled. (0=no, 1=yes)
IPLockoutExpireTime - How many minutes IPs will be locked out before they are automatically reenabled.
IPLockoutNumber - How many login failures must occur in X minutes to lock out a single IP. (Default = 15)
IPLockoutTime - In how much time X login failures must occur to lock out a single IP. (Default = 5)
ISAPIDir - The real location of [ISAPI Files].
LangSiteDefault - Default language to use for the system.
LangsSiteAllowed - A comma-delimited list of language codes available to the organizations on the system. Set by the system administrator.
LicenseKey - The MOVEit DMZ license key
LogAuditEventSource - Which Windows Event Log entries are written to and with what name. (MOVEit_DMZ_Audit = MOVEit Event Log; MOVEit DMZ Audit or missing = Application Event Log)
LogAuditSyslogFacility - Which facility to be used when logging audit entries to a remote Syslog server. (Default = FTP)
LogAuditSyslogHost - The host name or IP address of the remote Syslog server to send audit entries to.
LogAuditSyslogPort - Which port to be used when logging audit entries to a remote Syslog server. (Default = 514)
LogAuditToEventLog - Whether or not audit log entries are also sent to the Windows Event Log. (0=no, 1=yes)
LogAuditToSyslog - Whether or not audit log entries are also sent to a remote Syslog server. (0=no, 1=yes)
LongTermCookieDuration - A duration code determining how long the long term cookies will be set to last. Format is a number and a duration letter (s = seconds, n = minutes, h = hours, d = days, m = months, y = years). For example, 15n would indicate 15 minutes, 6m would indicate 6 months, and 2y would indicate 2 years. (Default = 2y)
MaxSessionTimeoutMinutes - The number of minutes the session timeout will be extended to for HTTP and HTTPS file transfers (Default = 120)
MetaRefreshEnabled - Whether or not pages will include a meta refresh tag to force a refresh after the session has timed out. (0=no, 1=yes)
MinWizVersion - Minimum version of ActiveX Wizard this server supports.
MultipleWebsites - Retired option used by MOVEit DMZ 3.2-3.4.1 to determine whether or not multiple websites point to the same copy of MOVEit DMZ. (0=no, 1=yes) In versions 3.4.2+ of MOVEit DMZ, this option should always be set to 0 for best performance. (Multiple web sites are handled automatically through different IIS session handling.)
MySQLDir - The location of the MySQL database installation (Default = c:\mysql). Used only if MySQL is being used as the database engine.
MySQLMoveitPW - An encrypted copy of the DMZ MySQL user password. Used only if MySQL is being used as the database engine.
MySQLRootPW - An encrypted copy of the root MySQL password. Used only if MySQL is being used as the database engine.
NonWebBaseDir - The real location of [Non-Web Files].
NoWiz - Bit field indicating the enabled/disabled status of the various MOVEit Wizard objects. When the first bit is enabled (NoWiz & 1 > 0) the ActiveX wizard will not be loaded. When the second bit is enabled (NoWiz & 2 > 0) the Java wizard will not be loaded.
NoXSLObjectCache - An optional key which when set to 1 will cause MOVEit DMZ to not use its internal XSL template cache. In this case, each template will be loaded from disk every time it is used. This is useful for development environments where templates are being modified frequently, but should not be present on production systems.
ShowSystemErrorMessages - Whether or not system error messages will be shown to users who run across them. (0=no, 1=yes)
SSLCipherSuites - A list of all ciphers suites available system-wide for use with SSL (including both HTTPS and FTPS), in order of preference, with the enabled/disabled status of each. Note: This list is maintained only for convenience and replication purposes. The actual settings are controlled via Windows API functions. Thus, changing this setting directly in the registry will NOT change the system's SSL settings.
SSLVersions - A list of the SSL and TLS versions enabled for use by all SCHANNEL-based servers on this system. Note: This list is maintained only for convenience and replication purposes. The actual settings are controlled via registry keys in HKLM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols. Thus, changing this setting directly in the registry will NOT change the system's SSL version settings.
SuppressHashing - Whether to suppress adding a tampercheck hash to each log record. (0=no, 1=yes). By default, this value is not present; it defaults to 0. Setting this value to 1 increases performance, at the cost of security. If hashing is suppressed, tampering of the database will not be detected.
SysCheckMinDiskSpaceMB - The minimum number of megabytes the local drives on the server must have before the SysCheck application will begin sending notifications to the system errors email address (Default = 1024 (1GB)). This key will not be created by the program itself, and is only used to override the internal default value of the program.
SysStatsOldDays - The number of days worth of data the system statistics service should keep in the database (Default = 30). This key will not be created by the program itself, and is only used to override the internal default value of the program.
SysStatsSkipByteCountEvery - The number of cycles the system statistics service will skip between per-file folder size checks. These checks take time, so they are not executed every cycle (Default = 72). This key will not be created by the program itself, and is only used to override the internal default value of the program.
SysStatsSleepTime - The number of seconds the system statistics service will sleep between cycles (Default = 323). This key will not be created by the program itself, and is only used to override the internal default value of the program.
Update - An incrementing counter used to determine when registry changes have been made and need to be propagated.
URLHuman - The URL users SHOULD use to access this site. This value is to compose click here links back to the MOVEit DMZ web interface. (Generally should be similar to https://moveit.myhost.com.)
URLMachine - The URL of machine.aspx. (Should be identical to URLMachine2, but missing the 2.)
URLMachine2 - The URL of machine2.aspx. (Should be identical to URLMachine, plus the 2.)
WebBaseDir - The real location of [Web Files].
WebNum - The IIS Website number of the DMZ website.
\Farm
Appnode - Indicates the unique identifier (1, 2, 3, etc) of the current node.
\I18N
\DMZB
IDFile - Path to the VB message ID file
MsgFilePrefix - Full path prefix for VB message files
\DMZC
IDFile - Path to the C message ID file
MsgFilePrefix - Full path prefix for C message files
\Institutions
\[OrgID]
Key - The AES-encrypted Organizational passphrase
\MySQL - This key contains database access settings for the MySQL database. These values are only used when MySQL is the database engine being used by MOVEit DMZ.
Database - Name of the MySQL database.
OptionA - Primary MySQL database connection string.
OptionB - First backup MySQL database connection string.
OptionC - Second backup MySQL database connection string.
OptionN - Non-pooled MySQL database connection string.
Password - Encrypted copy of the password used to access the MySQL database.
RetryConnectCount - Number of times to retry failed database connections (default 1).
RetryConnectSleep - Number of milliseconds to wait between retry attempts (default 750).
Server - Hostname or IP address of the MySQL database.
User - Username used to access the MySQL database.
\SNICOMLog
AlwaysFlush - When set to 1, every debug message will be written to disk as soon as it comes in. This can slow down the debug log writing process, but can be helpful when you want to see the latest debug entries as soon as they come in.
Debug - Current debug level (0-60)
LogFile - Current log file location (Default: [Non-Web Files]\Logs\MOVEit.Log)
MaxLogFileSize - The value of the maximum size of the debug log file. When the debug log file exceeds this value, a new one will be started and the old one will be renamed from *.Log to *.OL1.
\SNICOMUtil
IPMasksToIgnoreDNS - A comma-separated list of IP addresses for which no attempts to look up DNS entries should be made. (Wildcards are allowed.) Use to optimize speed in environments where no internal DNS exists.
\siLockFTPServer
AllowCCC - Whether CCC transfer mode is enabled on the FTP server. (0=no, 1=yes)
AllowNonSecure - Whether non-secure FTP sessions will be accepted by the FTP server. (0=no, 1=yes)
CertImplicitPort - The port number used by a implicit control port that requires client certificates.
CertIssuer - Issuer of the certificate being used by the FTP server.
CertPort - The port number used by a explicit control port that requires client certificates.
CertSerial - The serial number of the certificate being used by the FTP server.
ConnectionLimit - Maximum number of connected FTP sessions (Default 32).
IdleTimeout - Number of seconds after which an idle FTP session will be disconnected. (the FTP server only checks for idle connections every 30 seconds)
IgnoreCertProbs - When set to 1, the FTP server (and SSH server) will ignore certificate problems when communicating with the MOVEit DMZ server. (useful when a test certificate is currently being used)
LocalPort - The value of the port to listen on for standard FTP active data connections (Default 0x14, decimal 20)
LogMessages - When set to 1, debug messages will be logged to the file specified in the MsgLogFilename key.
MaxLogSize - The value of the maximum size of the debug log file. When the debug log file exceeds this value, a new one will be started and the old one will be renamed from *.log to *.old.
MoreCerts - List of addition certificate-to-IPAddress mappings. Each mapping is of the format IPMask,CertSerial,CertIssuer. Mappings are separated by the pipe character |.
MsgLevel - The value of the current debugging level (Default 0x2, decimal 2)
MsgLogFilename - The location of the FTP server debug log file (Default c:\moveitdmz\logs\moveitdmzftp.log).
NATMappings - List of NAT address mappings. Each mapping is of the format IPMask,IPMapTo. Mappings are separated by the pipe character |.
NonSecureIPs - List of IP addresses allowed to do non-secure FTP to the FTP server.
PassivePortHigh - The value of the highest port in a specified passive port range (Default 0x1388, decimal 5000)
PassivePortLow - The value of the lowest port in a specified passive port range (Default 0x400, decimal 1024)
Port - The value of the port to listen on for standard (explicit) FTP control connections (Default 0x15, decimal 21)
RequireClientCert - This registry key is ignored. It is used to turn on the require client certs on all FTP connections feature, but that feature since been replaced with one that allows you to support clientcert and non-clientcert connections at the same time on different ports.
RequirePassive - When set to 1, only passive data connections will be accepted.
RestrictedBindIP - IP address for the FTP server to bind to. If blank or non-existent, FTP server will bind to all IP addresses on the server.
RestrictPassivePortRange - When set to 1, the FTP server will only use ports in the range specified by the PassivePortLow and PassivePortHigh keys.
SecurePort - The value of the port to listen on for implicit secure FTP control connections (Default 0x3DE, decimal 990)
StoreLocation - Location of the certificate store where the certificate being used by the FTP server is located.
StoreName - Name of the certificate store where the certificate being used by the FTP server is located.
Update - An auto-incrementing number which the FTP server uses to determine if other registry entries have been updated.
\SQLServer - This key contains database access settings for the SQL Server database. These values are only used when SQL Server is the database engine being used by MOVEit DMZ.
Database - Name of the SQL Server database.
OptionA - Primary SQL Server database connection string.
OptionB - First backup SQL Server database connection string.
OptionC - Second backup SQL Server database connection string.
OptionN - Non-pooled SQL Server database connection string.
Password - Encrypted copy of the password used to access the SQL Server database.
RetryConnectCount - Number of times to retry failed database connections (default 1).
RetryConnectSleep - Number of milliseconds to wait between retry attempts (default 750).
Server - Hostname or IP address of the SQL Server database.
User - Username used to access the SQL Server database.
\SSHServer
IdleTimeoutSecs - Number of seconds after which an idle SFTP session will be disconnected; defaults to 600. Note: Independent of this setting, the SFTP server sends SSH keepalive messages if the session is idle for more than 30 seconds. If the client does not respond, the session is disconnected even if it has not been idle for IdleTimeoutSecs seconds.
LogMessages - When set to 1, debug messages will be logged to the file specified in the MsgLogFilename key.
MaxLogSize - The value of the maximum size of the debug log file. When the debug log file exceeds this value, a new one will be started and the old one will be renamed from *.log to *.old.
MsgLevel - The value of the current debugging level (Default 0x2, decimal 2)
MsgLogFilename - The location of the SSH server debug log file (Default c:\moveitdmz\logs\midmzssh.log).
Port - The value of the port to listen on for SSH connections (Default 0x16, decimal 22)
PrivKey - The (encrypted) private server key generated by the SSH server to be used for server identification.
RestrictedBindIP - IP address for the SSH server to bind to. If blank or non-existent, SSH server will bind to all IP addresses on the server.
Update - An auto-incrementing number which the SSH server uses to determine if other registry entries have been updated.
Cookies
MOVEit DMZ sends the following cookies to web client browsers. Cookies marked Session are deleted when the browser is closed. Those marked Persistent will be saved between browser restarts, unless the browser is configured otherwise.
ASP.NET_SessionId (Session) - The ASP.NET session identifier cookie. This is set by the ASP.NET environment and links the request to an existing session. For security reasons, this cookie will be marked as Secure when the current MOVEit DMZ organization is configured to require secure connections. This means the cookie will not be sent if the browser manages to access MOVEit DMZ via a non-secure page.
DesignModeTest (Session) - Indicates whether the browser supports Design Mode for iframes. Used to determine whether to display the WYSIWYG secure message editor.
DMZCookieTest (Session) - Indicates whether the browser supports cookies. If the user arrives from the signon screen without this cookie present, it generally means the browser does not support cookies, and an error message to that effect will be displayed.
FileListSortField (Persistent) - Stores the user's file list sort field preference for ordinary MOVEit DMZ folders.
FileListSortOrder (Persistent) - Stores the user's file list sort order preference for ordinary MOVEit DMZ folders.
InitialPage (Persistent) - Stores the initial page the user should be directed to. Currently only set after a successful use of the automatic client certificate-based login page.
JavascriptTest (Session) - Indicates whether the browser supports javascript. Used to determine whether to display certain portions of the MOVEit DMZ interface that require javascript, such as the MOVEit Wizard and the WYSIWYG secure message editor.
LongTermCookieExpireDate (Session) - Indicates the computed persistent cookie expiration date based on the current date and the current configured persistent cookie expiration period. Used by some javascript code when writing out persistent cookies to the browser.
MessageListSortField (Persistent) - Stores the user's message list sort field preference for MOVEit DMZ secure message mailboxes.
MessageListSortOrder (Persistent) - Stores the user's message list sort order preference for MOVEit DMZ secure message mailboxes.
MIDMZLang (Persistent) - Stores the language code of the most recently viewed language interface on the MOVEit DMZ server. Used to determine what language to display the initial signon screen in.
NoWiz (Session) - Indicates which MOVEit Wizard applications are available for use. Used by some javascript code to determine which MOVEit Wizard interface portions to display.
siLockLongTermInstID (Persistent) - Stores the ID of the most recently visited organization on the MOVEit DMZ server. Used to determine which organization's interface to display when the user arrives at the signon screen.
WebPostFileListSortField (Persistent) - Stores the user's file list sort field preferences for MOVEit DMZ webpost folders.
WebPostFileListSortOrder (Persistent) - Stores the user's file list sort order preferences for MOVEit DMZ webpost folders.
WizardVersions (Session) - Indicates which versions of the ActiveX-based MOVEit Wizard application are available for use. Used by some javascript code to determine when to prompt the user to upgrade their current MOVEit Wizard object.
WizPrefPerm (Persistent) - Stores the user's persistent MOVEit ActiveX Wizard preference - whether to use it or not.
WizPrefPermJava (Persistent) - Stores the user's persistent MOVEit Java Wizard preference - whether to use it or not.
WizPrefSess (Session) - Stores the user's single-session MOVEit ActiveX Wizard preference - whether to use it for this session or not.
WizPrefSessJava (Session - Stores the user's single-session MOVEit Java Wizard preference - whether to use it for this session or not.
Services
MOVEit DMZ services can be stopped and started by using the Windows Services program, or by using the DMZ Config program.