RDP issues after latest Windows update

There was much shouting this morning when I realised that all of my RDP sessions were failing due to a pesky little error. They worked no problem at all yesterday, then I remembered .. windows updated last night!!

Said error was all but useless .. as everyone knows you can’t copy the url it shows in that dialog box.

 

A quick google resolved this with a very simple reg change.

reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" /f /v AllowEncryptionOracle /t REG_DWORD /d 2

I ran this with elevated privilege on my Windows 10 desktop and as if by magic I can now RDP again.

There are more fixes coming both Client and Server to resolve this, but the reg change will keep me going until Microsoft release those.

 

Issues with IBM Connections 5 / 5.5 and Chrome 60

There is a known issue with Connections 5 CR4 and all versions of Connections 5.5 when using Chrome version 60.

It affects events not being displayed and errors relating to events in the UI. It has also been reported that comments can be affected also.

After multiple BP’s and Customers reported this IBM Support have come up with a fix very quickly.

The fix you need is IFLO92844 – currently it is only available from IBM support – not sure how long it will be until it is available on fix central.

Open a PMR with IBM and reference these 3 PMR numbers: 76364,082,000 – 76379,082,000 – 38309,756,000 and ask for IFLO92844. You will need to specify the Connections version and CR.

The fix updates the Common app and takes about 10 mins to deploy.

Thank you IBM Connections Support / Dev for resolving this so quickly

FEB / Connections Surveys – custom LDAP attributes

Thanks to Christopher Dawes in the IBM Forms support team a long running issue I have seen with FEB (Forms Experience Builder) / Connections surveys is now resolved!!

Once of my long standing very awesome customers was seeing a problem with Connections surveys. They do not use a standard LDAP attribute for their displayname – the cn is the employee number and the uid is a short name which is not always easy to differentiate between users. These are the 2 attributes that FEB expect to use as the user display name. Not always easy to tell who abc12345 is .. or sbell123 so I opened a PMR to get to the bottom of how to change this to a custom LDAP attribute – in this case we use fullName – which displays my user as Sharon E Bellamy.

After a bit of backwards and forwards, many logs and tracing and a bit of DB hacking to prove the theory we now have a solution.

So here is how to resolve it.

Firstly you need your custom LDAP attribute – fullName
You will the repository Id of your LDAP – this is basically the label you have given the LDAP in the configuration. In this case it was novell as the LDAP is Novell E Directory

LDAPID

 

 

 

 

 

 

but in another example here you can see an Active Directory example (ADInternal)

 

 

LDAPID2

 

 

 

 

 

 

 

Step 1:

Add a new WebSphere Entity Type – wsadmin

open a command prompt to the deployment manager/bin directory

run wsadmin (you do not need to set the lang type to jython)

enter the command to set the new entity type – were name = your LDAP attribute name and repositoryIds is your LDAP identifier

 

[blockquote]

$AdminTask addIfMgrPropertyToEntityTypes { -name fullName -dataType String -isMultiValued false -entityTypeNames PersonAccount -repositoryIds Novell}

[/blockquote]

 

 

 

 

 

This registers the attribute in the WIM config.

 

 

 

Step2:

Add the entity type into WebSphere

open the WebSphere admin console / ISC

browse to Security > Global Security > Configure federated repositories

Click on the link for your repository identifier (novell in my case)

LDAPID3

 

 

 

Once in the repository config, click on the Federated repositories property names to LDAP attribute mappings

 

LDAPIDs4

 

Enter a the new attribute for our custom LDAP entry (fullName)

 

LDAPIDs5

 

Where Name = a meaningful name for the new attribute

 

Property name = the LDAP attribute name

 

Entity types = PersonAccount

 

Apply and save

 

Save a lot

 

then restart the deployment manager.

 

Step 3:

Edit the Builder_config.properties on the node where FEB is installed (in my case the primary connections node)

the default directory where this is kept is

Windows – C:\IBM\Forms\extentions

Linux – /opt/IBM/Forms/extentions

Open the property file in your favourite text editor

near the top of the file ensure the

ibm.was.MemberManager.userProps.displayName property is not commented out and add your new LDAP attribute

in my case

 

[blockquote]

ibm.was.MemberManager.userProps.displayName = fullName

[/blockquote]

 

 

 

 

 

Save and close the file

 

and restart everything

 

Now when you create a survey or fill one in your new attribute it used.

Existing surveys are updated with the owner / creators name when they log in. The freedom (FEB) DB is updated when the user logs on and the display name is updated.

 

There you have it – took a while as there was a little bit of jiggery pokery with the wsadmin command and the PersonAccount attribute but it works 🙂

Hope this helps anyone else seeing the same problem

Fun and games with Commuity wigets

Last night we managed to close a PMR that had been open for a few weeks on a strange issue with Community Widgets.

After remapping the connections admin user everything worked exactly as expected except for 2 tiny issues – Adding the blogs and surveys widgets inside a community thew a nasty error.

communityError

 

Thanks to Justin Cornell in IBM support we managed to get to the bottom of the issue by remapping the widgets admin user even though it was mapped correctly.

Jump over to the Cube Soft Blog –  Fun and games with Community Widgets for the full diagnosis and resolution.

Fun and Games – O yes 🙂

 

 

 

 

 

Connections 4.x search – well that was a weird problem

If you have migrated or moved an IBM Connections instance from 3.0.1 > 4.x (either 4.0 or 4.5) or moved data between 4.x servers you may have noticed a weird issue with searching, especially around communities.

The reason I have been a bit quiet on the blog of late is because I am working on a few Connections projects many of which have involved migrating data between test and live servers or replicating data between servers. I have come across a few issues relating to search so I thought I would share them to save you guys the pain.

Everyone knows when you migrate or move data between servers you should clear the scheduled tasks and rebuild the search indexes – but in V4.x a new set of search data came in for Community searching – the catalog.

When the search task runs is collects a bunch of information about communities for the lists you see under the my communities tab and public communities – it collects this in the catalog.

The issues I was seeing was that all historical data regarding Community membership and Public communities was not being shown and that is because of the catalog.

There are a couple of places that catalog data is stored and you can check this by looking up the WebSphere variables :

CATALOG_INDEX_DIR
CATALOG_REPLICATION_DIR

Typically CATALOG_INDEX_DIR is stored in < Connections install > /data/local/catalog/index

and CATALOG_REPLICATION_DIR is stored in < Connections install > /data/shared/catalog/indexReplication

there is also a temporary folder in your os tmp directory called indexCreationDir in the case of most linux systems it is /tmp/indexCreationDir

When you run your data migration and delete the search index under < Connections install > data/local/search ( I normally rename the index folder to #index)

also rename or remove the Places folder under < Connections install >/data/local/catalog/index/ and < Connections install > /data/shared/catalog/indexReplication and remove or rename the /tmp/indexCreationDir

once you restart Connections run an index now to rebuild the indexes, seedlist and the catalog data and your search will function as expected.

for example:

execfile(“searchAdmin.py”)

SearchService.indexNow(“activities, blogs, calendar, communities, dogear, files, forums, profiles, status_updates, wikis”)

 

I am sure that our resident Community script guru (Mr Christoph Stoettner) could script clearing these but for now its a manual process – hope this will save you some head aches on upgrades and migrations 🙂

 

 

 

 

 

Issues with TAM and Connections – SOLVED

Issues with TAM and Connections

For those of you that follow me on Twitter you will all know that I have had huge issues with Connections and TAM integration.
I am pleased to report that the issue is now resolved – Instructions below:

Created the transparent junctions as per the info center
Created the ACL defs as per the info center
Created default acl – connectionsdefaultacl and attached to junctions as per the info center
Created additional acl – connectionsacl as per the info center

Resources that do not require authentication which should have connectionsacl applied

/activities/images – Information present in the Lotus Connections wiki but not the official IBM Infocenter documentation.
/files/basic/anonymous/atom – Information present in the Lotus Connections wiki but not the official IBM Infocenter documentation.
/files/form/anonymous/atom – Missing from ALL official IBM documentation

Resources that require basic authentication which should have connectionsacl applied

/blogs/blogsapi – Information present in the Lotus Connections wiki but not the official IBM Infocenter documentation.
/blogs/blogsfeed – Information present in the Lotus Connections wiki but not the official IBM Infocenter documentation.
/communities/dsx – Missing from ALL official IBM documentation
/profiles/dsx – Missing from ALL official IBM documentation

Applied the require forms authentication which should have connectionsdefaultacl applied as per the info center
Created dynurl file as per the info center and applied connectionsacl to /blogs/blogsfeed, /blogs/blogsapi
Edited the web seal config added dynurl-allow-large-posts = yes, forms-auth = https or both, use-same-session = yes
Add the filter types as per the info center
Adding FQDN of load balanced TAM server virtual host – web-host-name = tam.your.domain.com
Import the connectionsAdmin user into TAM via the Web Portal Manager or pdadmin – This step is missing from ALL official IBM documentation
Update LC config file
set dynamic host enabled to “true” and the href/ssl_href to FQDN of load balanced TAM server virtual host i.e my.city.ac.uk
Ensure that the static href, static ssl_href and interService URLs for all services are pointing at the WebSEAL cluster i.e my.city.ac.uk
Set cusom authenticator to TAMAuthenticator and check timeout settings as per the info center
Configure the Lotus Connections directory service extensions to point to the Tivoli Access Manager server i.e setting the extension hrefs to:
http://tam.your.domain.com/ communities/dsx/ & http://tam.your.domain.com/profiles/dsx/

Lotus Connections applications will attempt to open server to server communications with other Lotus Connections applications via Tivoli Access Manager. If forms-auth has been set to https in the webseald-.conf file, then the signer certificate for WebSEAL client-side SSL communications should be added to the WebSphere trust stores – Missing from ALL official IBM documentation

Add the log out button to the HTTP server rewrite config / http config (depending on the set up)

Big thanks to Stephen Swann for the assist (@stephenjswann) – It is now deployed live and working as expected

Issues with Oracle with Connections 2.5 RESOLUTION

as posted by me on the Connections Blog earlier today :

IBM have now released new trigger code to resolve this issue.

The steps are simple

* Stop the application
* Backup the DB
* Run through the code to remove the Trigger
* Recreate the Trigger
* Start the primary server and test
* Assuming all is well start the other App Servers in the clusters

As yet IBM are unsure as to how they are going to release the fix as it falls out of the typical iFix scope.
If you are seeing this specific issue please contact the Lotus Connections Support team who will furnish you with the appropriate code to resolve the issue.
As soon as I have confirmation on how this will be distributed I will add what will hopefully be the final update to this on-going saga.

Big thanks to Kieran Reid at IBM and Andrew Frayling and his team at Cardiff Uni for assistance and support in resolving this issue. Great work all round.