Overview
When creating a desktop connection to a vault using TCP/IP as the protocol, M-Files will try to establish an encrypted connection using RPC Encryption automatically. If unable to, M-Files will establish a normal unencrypted connection. You have the option to 'Enforce encrypted connection' which will restrict M-Files to establish an encrypted connection and if it fails it will throw an error and deny the connection.
The failed connection might throw an 'Access Denied' error which can have multiple causes.
Solution
First, if this connection passes through any firewalls they often block RPC over TCP by default so you want to enable port 2266 for traffic as documented here:
Firewall Settings Ports Needed
If you are on Windows 10 you may be running into a known issue with the Windows 10 Fall Creators Update which is documented with a workaround here:
M-Files and Windows 10 1709 Fall Creators Update: "Access is denied" error
You also need to ensure that both the source computer and destination computer are in your domain. When establishing a connection, it will try to authenticate both the user and the computer to the server. As such, non-domain computers will fail with an access denied error.
If you need to use an encrypted connection for external connections or computers not on the domain, we recommend you utilize gRPC (preferred) or RPC over HTTPS connections. You can see how to configure those connections with our documentation here:
Setting Up M-Files to Use gRPC
Enabling RPC over HTTPS Connections to M-Files Server
If you wish to know more about M-Files and encrypted connections our documentation can be accessed here:
Protecting Data in Transit with Encryption in M-Files.pdf
It can also be an issue when using a PIN or biometrics in place of a password. When first setting up the vault connection, you *must* sign in with a password. After that, signing in with a PIN or biometrics should not affect logging into M-Files.
