Skip to main content
Skip table of contents

Upgrade to MyQ X 10.2

This document will guide you through the process of upgrading to the latest version of the product. Listed are requirements, prerequisites, and new features as well as individual steps to follow. 

The upgrade procedures for the Central Server and Print Server are described, as well as additional information regarding Embedded terminals and clients. 

Important changes in MyQ X 10.2 

Please note, that version 10.2 has major functional changes compared to previous versions, that will affect certain functions of the system. Please read this document carefully to understand the impact of such changes. 

See the list of changes and new features in the online Documentation. 

Please pay special attention to the following changes: 

Firebird Upgraded to Version 4 

During the installation, the database engine is upgraded to Firebird 4. This process will take time on large databases. Progress is displayed in the installer window. 

License Keys are no Longer Supported 

The system only supports installation keys (one key for all licenses). 

image-20241015-130827.png

If you are still using license keys, migrate them first to obtain and activate your installation key, before starting the upgrade process. 

Default *admin Password (1234) Removed 

The default *admin account’s password is not set to 1234 anymore.

If the *admin password is 1234 before the upgrade, the *admin account is disabled and prompts you to change of password in the Easy Config. This happens once after upgrading to the first 10.2 release. 

Improved Certificate Validation

This change enhances security by preventing the use of expired or improperly issued certificates, which could otherwise be exploited in man-in-the-middle attacks or other vulnerabilities.

Administrators should ensure that all certificates are issued by trusted authorities and kept up to date. If any certificates are invalid or incorrectly issued, they must be renewed or reconfigured.

MyQ Central and Print Server by default trust all certificates that are trusted by the operating system (and thus the issuing CAs are installed in the Windows Server’s Trusted Root Certificate Authorities vault). Read more about how MyQ X 10.2 handles certificate management.

The Default Minimal TLS Version Increased to 1.2

This change significantly enhances security by ensuring encrypted communication between the print servers, clients, and devices, and helps mitigate vulnerabilities associated with older TLS versions (1.0 and 1.1).

Administrators should verify that all devices and clients support TLS 1.2 to avoid compatibility issues. If legacy systems are in use, upgrading or configuring them to support TLS 1.2 will be necessary.

If any devices and clients existing in the system cannot support TLS 1.2, see the article Security Settings in config.ini to adjust this configuration and choose another TLS version as the minimum for your installation. While this adjustment is not recommended, it is possible.

Similarly, the following ciphers are not supported anymore: DES, IDEA, and 3DES. They are replaced by AES128 after the upgrade.

Support for 7.x Embedded Terminals

These terminal versions cannot be used with the MyQ X 10.2, read more in the Print Server upgrade manual.

Entra ID (Azure AD) Synchronization – Usernames

The option to alter what Azure AD property is used as the username was removed. User Principal Name (UPN) is now always used as a username.

This change may require additional configuration of aliases to maintain the current environment’s user detection for incoming print jobs.

IPPS Server Port Change 

IPP(S) printing queues are now accessible on the Web Server port configured in Easy Config, the full URL path of queues is:

https://{hostname}:{webServerPort}/queue/{queue-name} 

The default Web Server port for new 10.2 installations is 443. An example URL for IPPS printing would be https://print.acme.com:443/queue/Default

For upgraded installations that had IPPS enabled before the upgrade, port forwarding is configured to route traffic from the port that the IPPS Server was listening to before (configured in Settings > Jobs > Jobs via IPPS, by default 8631) to the Web Server port.

Administrators can use the option Use default port to disable port forwarding and set the port to the one used by the Web Server instantly.

Before changing the IPPS port or switching it to the Web Server port, you must reconfigure workstations in your environment to print to the Web Server port first, or else IPPS printing will stop working for your users.

Higher Requirements for PIN Codes

The default minimum length of PINs is 6 digits, and PINs also must be compliant with built-in complexity requirements.

It is recommended to use the option Generate PIN either in batches or individually in the user’s profile. The PINs created by MyQ are automatically compliant.

Rate Limit for Unsuccessful Authentication Attempts

For security reasons, multiple consecutive unsuccessful login attempts from a device will block its IP address for 5 minutes (by default). After this period, the device can be used again to successfully authenticate. The lockout period is configurable via the config.ini file.

Reports Require to be Signed 

All custom reports need to be signed; unsigned reports cannot be executed. Custom reports are signed by MyQ when provided to the customer/partner. If a custom unsigned report existed in the installation prior upgrade, it is removed. 

Backup of custom reports is recommended prior to upgrade so that they can be provided to MyQ and adjusted to 10.2 when needed by the partner/customer. 

New PIN Template Doesn’t Contain the %validity% Placeholder 

After the upgrade, the template of the email notification for a new PIN will not contain the %validity% placeholder. This is used especially when temporary PIN codes are enabled, these users are informed about when their new PIN expires.

Administrators need to add it to the template manually or revert the template to the default one, which contains the %validity% placeholder. 

The User’s storage Cannot Contain Email

The user’s parameter User's scan storage cannot contain emails anymore. The field can contain a local or network path to a folder to store the scans. 

After the upgrade, emails from this field are moved to Alternate email

Usernames and Aliases are Always Case-Insensitive

The related option (User name is case sensitive) was also removed from the queue settings.

Removed Features

The SMTP Server for Jobs via Email was Removed 

The listening SMTP server as part of MyQ was removed. Submission of jobs via print@myq.local is not possible. Use an external email inbox to download print jobs.

Emails to myqocr.*folder*@myq.local cannot be processed. Use Easy Scan and corresponding OCR profiles. 

Easy Scan: The user doing the scan Removed 

The password parameter on Embedded Terminals was removed. 

The password for secured folders is to be saved in the MyQ Web Interface. If not saved and the scan is performed, an email is sent to the user with a prompt to save the password, and the scan is delivered (if done within 24 hours). 

CASHNet Removed 

The CASHNet connector is removed and will stop working for installations where it was used. 

Old payment records will be preserved for reporting and auditing purposes; however, they might not be identified as bring via CASHNet; for this reason, backing up payment history via reports is recommended if this information is required by the customer. 

Lotus Domino Removed 

Lotus Domino has been moved to legacy mode. 

  • Installations using Lotus Domino: its functionality should be tested on-site before upgrading the production environment to MyQ 10.2; after the upgrade, configuration in MyQ is preserved.

  • New installations: Lotus Domino is not available for new deployments (can be enabled via config.ini feature flag for legacy purposes).

Desktop Client: Removed Login Methods 

For security reasons, the login method List of users was removed. REST API's corresponding scope was also removed. 

The previous implementation of Single Sign-on was removed. Instead, utilize the Integrated Windows Authentication for automatic sign-on of users in domain environments.

REST API v1 Removed 

After the deprecation of REST API v1, apps and integrations using API v1 will not be able to communicate with the server anymore. 

Use v2 or v3 instead. 

Other Removed Features

  • Allow unsecure communication on the Central Server. Communication between the CS, Sites, and other components is always encrypted.

  • Option to configure the Terminal package port manually. This port is used only for internal communication between the package and the server. It is now chosen automatically during terminal installation.

  • Terminal Manager. Use the remote installation from the MyQ Web Interface.

  • SW Lock via SNMP.

  • The “secondary terminal” feature.

  • config.ini: sqlServerSyncSource

  • config.ini: customSyncSource

  • config.ini: scheduleExternalCommand

  • config.ini: registerUserName

  • config.ini: enableReportSqlFilter

  • Managed by the printer credit account.

  • Recharge Credit (on a terminal attached to a printer).

  • Custom Easy Scan destination.

  • Custom data processing on the queue. Replaced by support for regular expressions.

  • Support for submitting jobs via myqurl files.

  • GPC file format for Credit bulk recharge.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close