If you can't get USPTO Direct to work

If you can't get USPTO Direct to work. If you can't get USPTO Direct to work, check with your system administrator to see if your firewall is blocking some ports. If you can't get USPTO Direct to work, then you will not be able to get ePave (which is part of EFS) to work, and you will not be able to get PAIR to work (that is, the secure version of pair that lets you see status of your pending applications). See discussion below of a program called "USPTO Direct Diagnostics" which may be of some help in troubleshooting.

The USPTO has said "The USPTO/Direct client requires ports 389 and 709 be available." Unfortunately the USPTO is not clear on which type of ports they are talking about. TCP ports? UDP ports? Nonetheless you could ask your system administrator to open UDP ports 389 and 709 and see if that works, and then try opening TCP ports 389 and 709 to see if they work. My best guess is that the ports that need to be open are TCP ports.

Port 443? USPTO personnel have also suggested to me that USPTO Direct additionally requires that port 443 be open. The people who tell me this were not able to say whether the port 443 that needs to be open is a TCP port or a UDP port. Note that the USPTO Direct Diagnostics, discussed below, do not mention port 443, but only mention ports 389 and 709. This suggests that you probably really need only ports 389 and 709.

To get the ports open, contact your system operator and ask them to open up a tiny hole in your firewall. Please make your sysop aware of the above-mentioned page at the USPTO web site. So make sure your sysop gets these ports open for you.

Your sysop will be nervous about making a new opening in your firewall. Please tell your sysop that the opening can be extremely narrow and closely controlled. A typical approach is a firewall opening that is one-way only -- that permits only TCP sessions that originate at your end (the only incoming packets that are permitted are for "established" TCP sessions) and that only permit packets between your exact IP address and the IP addresses for "dir-01.uspto.gov" and "ca-01.uspto.gov". The opening need only include the ports that you actually need -- 80, 389, and 709 apparently. With some urging, your sysop may agree that such an opening represents a negligible security risk.

The USPTO/Direct software comes from a company called Entrust. There is a rather cryptic article on the Entrust web site that talks about ports 389 and 709. Perhaps someone can make sense of the article; I can't.

Here is some information from the USPTO on port numbers used to reach USPTO/Direct, and additional information from the USPTO about USPTO/Direct.

With the USPTO Direct software as originally released by the USPTO, the steps above were the only troubleshooting steps known to users. Some time in 2001, the USPTO quietly changed its download for USPTO Direct to include something called "diagnostic tool". It seems that the diagnostic tool is intended to assist USPTO personnel in troubleshooting problems with USPTO Direct. If you are trouble getting USPTO Direct to work, probably your first step should be to check to see whether your version of USPTO Direct is recent enough to include the diagnostic tool (in USPTO Direct, look in your "help" menu for a "diagnostics" choice). If your version of USPTO Direct doesn't include the "diagnostics", then you should probably do the following:

make a copy of your cryptographic certificate files (these are in your directory "C:\Program Files\USPTO\" and have extensions of ".crl", ".cch", ".pch", ".epf", and ".ckl") in a safe place in some other directory.
uninstall USPTO Direct
download the latest version of USPTO Direct
install the latest version of USPTO Direct
try using USPTO Direct
if you have problems, run the USPTO Direct Diagnostic
email the resulting "etdrx.log" to an appropriate person at the USPTO help desk
if that doesn't do any good, consider posting your "etdrx.log" file to the EFS discussion group so that users can look at it and try to guess what the problem is

There are several ways to start the diagnostic tool:

From the USPTO Direct main menu, click "help" and "Diagnostic tool", or
From the Windows desktop, click "start" and "programs" and "USPTO electronic business center" and "USPTO Direct" and "USPTO Direct Diagnostics".

When the diagnostic tool is running, you then click through the following screens.

When the tool starts, it looks like this. It talks of "forwarding the results of these diagnostics" which is apparently a reference to the "etdrx.log" file. I guess your "Entrust support representative" means the USPTO help desk.
The second screen looks like this. I have no idea how a user could possibly know whether "the location of the Entrust/direct executable file" is correct. If, in your original installation of USPTO Direct, you accepted the default directory, then this probably is correct. Otherwise you will have to try to find the directory containing "etdirect.exe".
If you click the "advanced settings" button in the previous screen, you see this. If your reason for running the diagnostics is that you are having trouble getting USPTO Direct to work (for example, you are concerned that your firewall might be blocking access) then you should not check the "network offline mode" button. For firewall troubleshooting, the important tests are "network analysis" and "PKI analysis" and you could probably uncheck the other four diagnostics at least for the first troubleshooting effort.
When the diagnostics are finished, you see this. To send the report to someone via email, click the "open" button, which uses Notepad to open the report. Then click "edit" and "select all" and "edit" and "copy", which copies the report into your paste buffer. Then open your email client, create a new email message, and paste the report into the body of the email message.

What you accomplish by running USPTO Direct Diagnostics is that you create a file containing information which might be helpful in troubleshooting your problem. As far as I can tell, you don't get to choose the name of the file, nor do you get to choose the location of the file. The file is, apparently, always called "etdrx.log" and it is apparently always stored at "c:\Program Files\USPTO". This means that each time you run the USPTO Direct Diagnostics, you will create a new file "etdrx.log" which over-writes any previous file by that name. If you wish to preserve the results of a previous diagnostic, you should rename the file "etdrx.log" to some other name.

Here are the contents of a typical "etdrx.log" file, with some comments by the author in red. Much of the log is self-explanatory.

Entrust/Direct Client Diagnostic Utility Log File
Generated at: 03/10/2001 04:40:20
	
Winsock 1.1 initialization successful.
 [ System Analysis ]
	Windows NT (5.0) Build: 2195
	Patches: Service Pack 1  (This means Windows 2000)
	Intel processor architecture
	Number of installed processors: 1
	Processor level: Intel Pentium Pro/Pentium II
	Total physical memory:	261600 K
	Free physical memory:	85672 K
	Total virtual memory:	2097024 K
	Free virtual memory:	2079064 K
	Total space on installation drive:	8329868 K
	Free space on installation drive:	8329868 K
 [ Directory Analysis ]
	C:\Program Files\USPTO\etdirect.exe	5.0.203.17	06/11/2000 16:20:48
     (This tells the version number for the USPTO Direct software)
	C:\Program Files\USPTO\etdirres.dll	5.0.203.17	06/14/2000 00:25:08
	C:\Program Files\USPTO\etdirpac.dll	5.0.203.17	06/11/2000 16:20:50
	C:\Program Files\USPTO\js32.dll	NO VERSION	06/11/2000 16:21:06
	C:\Program Files\USPTO\etdrcstm.dll	5.0.203.17	06/11/2000 16:20:50
	C:\Program Files\USPTO\ETDRXRES.DLL	5.0.203.17	06/11/2000 16:20:52
	C:\Program Files\USPTO\etsesn32.dll	5.0.203.107	06/11/2000 16:21:06
	C:\Program Files\USPTO\enterr.dll	5.0.203.110	06/11/2000 16:20:48
	C:\Program Files\USPTO\etfile32.dll	5.0.203.110	06/11/2000 16:20:58
	C:\Program Files\USPTO\entapi32.dll	5.0.203.108	06/11/2000 16:20:46
	C:\Program Files\USPTO\msvcirt.dll	6.0.8168.0	06/11/2000 16:21:08
	C:\Program Files\USPTO\msvcrt.dll	6.0.8397.0	06/11/2000 16:21:08
	C:\Program Files\USPTO\.	NO VERSION	01/11/2001 10:32:30
	C:\Program Files\USPTO\..	NO VERSION	01/02/2001 19:57:06
	C:\Program Files\USPTO\ePAVE	NO VERSION	01/11/2001 10:32:30
	C:\Program Files\USPTO\Uninst	NO VERSION	01/11/2001 10:34:54
	C:\Program Files\USPTO\ETDIRECT.EXE	5.0.203.17	06/11/2000 16:20:48
	C:\Program Files\USPTO\etdirrcv.exe	5.0.203.17	06/11/2000 16:20:50
	C:\Program Files\USPTO\etdrx.exe	5.0.203.17	06/11/2000 16:20:52
	C:\Program Files\USPTO\etdrx.ini	NO VERSION	06/11/2000 16:20:52
	C:\Program Files\USPTO\Readme.txt	NO VERSION	06/13/2000 22:39:14
	C:\Program Files\USPTO\license.txt	NO VERSION	06/13/2000 22:40:20
	C:\Program Files\USPTO\ETDIRECT.HLP	NO VERSION	07/27/1999 18:12:04
	C:\Program Files\USPTO\instr.hlp	NO VERSION	07/25/1999 21:02:20
	C:\Program Files\USPTO\entrust.ini	NO VERSION	03/09/2001 21:01:58
	C:\Program Files\USPTO\Doc	NO VERSION	01/11/2001 10:35:30
	C:\Program Files\USPTO\user.crl	NO VERSION	03/10/2001 04:38:46
	C:\Program Files\USPTO\user.cch	NO VERSION	03/10/2001 04:38:46
	C:\Program Files\USPTO\user.pch	NO VERSION	03/09/2001 21:02:12
	C:\Program Files\USPTO\user.epf	NO VERSION	12/09/1999 05:50:48
	C:\Program Files\USPTO\user.ckl	NO VERSION	01/11/2001 11:11:52
               (The previous five files relate to the 
                cryptographic certificate for someone named "user")
	C:\Program Files\USPTO\etdrx.log	NO VERSION	03/10/2001 04:40:22
	C:\Program Files\USPTO\instr.GID	NO VERSION	03/08/2001 10:08:18
	C:\Program Files\USPTO\ETDIRECT.GID	NO VERSION	03/08/2001 10:09:16
	C:\Program Files\USPTO\etdirect.tmp	NO VERSION	03/09/2001 21:02:12
 [ Network Analysis ]
	!!! An error occurred retrieving available protocol information (Too many installed protocols?).
          (My USPTO Direct works just fine, so I don't know whether this error message
           actually means anything.)
	Ping to Test Ping Server (www.entrust.com) at IP address 207.139.215.7 successful (time=100ms)
     (This tells the result of a "ping" test to the Entrust web server,
      which indicates whether your computer has working Internet connectivity)
 [ PKI Analysis ]
	Connection successful with Server (63.71.228.196) on port 389 
	Connection successful with Manager (63.71.229.67) on port 709 
 (This tests your ability to reach ports 389 and 709.  If your firewall
  is blocking access to ports 389 and 709, then this test will
  document the blocking by your firewall)
 
 [ Browser Analysis ]
	Default browser: Netscape Communicator
	Default browser exec string: "C:\PROGRA~1\Netscape\COMMUN~1\Program\netscape.exe".
	Supported browsers installed:
	- C:\PROGRA~1\Netscape\COMMUN~1\Program\netscape.exe	4.8.0.2	11/02/1998 05:23:28
	- C:\Program Files\Internet Explorer\iexplore.exe	5.0.2920.0	07/26/2000 12:00:00
	Browser settings:
	- Manual proxy setting
	- HTTP proxy server: 127.0.0.1:8080
	- Using HTTP 1.0 protocol through proxies
 [ Direct Analysis ]
	Direct is running in extranet mode
[ Contents of file: C:\Program Files\USPTO\entrust.ini ]
[Entrust Settings]
ClientType=Heavy
Server=dir-01.uspto.gov+389
Manager=ca-01.uspto.gov+709
LastProfile=C:\Program Files\USPTO\user.epf
[Entrust Direct]
initialBrowserURL=http://pto-ebc.uspto.gov
noDelaySockets=1
WindowLeft=562
WindowTop=297
[ End of file: C:\Program Files\USPTO\entrust.ini ]

Return to PAIR page.

Return to EFS page.

This page is http://www.patents.com/efs/firewalls.htm

Revised March 8, 2001