Friday, April 7, 2017

IBM Docs 2.0 CR2 upgrade issue with the Conversion app. Deja vu with a twist.

We´ve seen it before on CR1 for Docs 2.0, first discovered by Roberto Boccarodo (See this blog post about that issue),  and now we see it again, with a twist...

Here´s the output of the attempted upgrade:


And the iFixInstall.log file says:

WASX7017E: Exception received while running file “../execwas.py”; exception information: com.ibm.websphere.management.exception.AdminException: CWWSY0102E: Target with name docsserver.yourdomain.com was not found.

The fix last time was to edit the "applypatch.py" script where you had to comment out 2 lines + do some additional steps. (These additional steps are now described in the "Patch Guide.pdf" which is in the CR2 package btw. I´ll talk about those steps later on.)

The twist this time is that "applypatch.py" has changed and has more code in it. It´s not just a matter of uncommenting 2 lines. It has multiple if-statement for this specific part now....

This was CR1 code, where 2 lines needed to be commented out:


 This is the code in applyPatch.py in CR2:



As you can see, it´s hard to figure out what to comment out.

So, I tried to just uncomment the line "update_conversion_binary()" like this:

I also added a logging.info line, just to be sure that the indent order in the py file is kept. python is mean if you don´t....

I then deleted the file "concord-config.json", which is in the CR2 installation catalog under the
DocsApp subdirectory. (This file gets created when you attempted the first upgrade).

Then, I ran the update again:

So, it has already been updated. Good.

Now, you have to fix the "soffice" part and the scheduled tasks part manually:

See in the "Patch guide.pdf" and go to the bottom, where the part about "Installing CR2 without job manager" is described, and start at step 3, which goes like this:

3. Copy the file [CR2_install_dir]\DocsConversion\docs_remote_installer.zip, extract it to directory "C:\temp\docs_remote_installer" for instance.
4. From Start, run cmd.exe, and then run command:
a. cd c:\temp\docs_remote_installer\installer\
b. Run command:
"upgrade_node.bat --installroot [CONVERSION_INSTALL_ROOT] --symcount [SYM_COUNT]"
(Remember the double hyphens!!)
• [CONVERSION_INSTALL_ROOT] is the install directory of Conversion, you can get it through WebSphere Console > Environment > WebSphere variables > CONVERSION_INSTALL_ROOT
• [SYM_COUNT] is the number of symphony instances, you can get this by counting how many inst* in [CONVERSION_INSTALL_ROOT]\symphony. Usually it is 4 or 8, but you should confirm it by yourself.

The command I used was:
"upgrade_node.bat --installroot D:\IBM\ConnectionsDocs\Conversion --symcount 8"

5. Check fixpack.log in directory [CONVERSION_INSTALL_ROOT]\logs\.
6. Repeat 3-5 for other Conversion servers.
7. Start IBMConversionCluster by clicking Websphere Console > Servers > Clusters > WebSphere application server clusters > IBMConversionCluster > Start.

Then check the url https://docs.yourdomain.com/conversion/version to see if it says 2.0.0.2.

Then, update the jar files which is described in the "Apply patch.pdf" regarding the viewerDaemonLib, the DocsExtention and the ViewExtention.

Then, do some testing of course.

And yeah. Running this upgrade_node.bat command deletes your scheduled tasks "sym_monitor" and "kill_timeout".
You have to reconfigure them if needed. I´ve blogged about this before here:
http://blog.robertfarstad.com/2016/11/automate-startup-of-ibm-docs-20-server.html

I don´t know how to check if my jobmanager works or not. The "Apply Patch.pdf" describes this:


 3. If updating DocsConversion fails because jobmanager does not work, or updating conversion node fails, you can update DocsConversion according to Install IBMDocs CR2 Without Jobmanager at the end of the guide. 
If I knew how to check if my JobManager was working, then I could have followed the "without Jobmanager" install guide, and perhaps this would not be an issue for me.
I installed this CR2 on 2 different environments now, and the first time I got no issues. The second time, this happened.....
We will ask IBM about this.



Friday, February 10, 2017

TDI / SDI - Connect to Active Directory over SSL - How to

I mostly write this post as a reminder to my self the next time I have a similar need.

I had a case where I had to connect to Active Directory to be able to create users and set passwords on that user, off course, using TDI.


The AD administrator gave me a .pfx format of the certificate which is stored in AD.
Installing this file in Windows is easy. Just double click it and install.
Then, starting the "certmgr.msc" from Start - Run inn Windows, I was able to right click the cert, selected "export".


Then, go like this:
And select the DER format:

Saved this exported cert on d:\temp as "cert.der"


Then, open up a command prompt and go to the tdi\jvm\jre\bin catalog:

cd D:\IBM\TDI\V7.1.1\jvm\jre\bin

Then, create a .jks keystore and import the cert.der into it:

keytool -import -file d:\temp\cert.cer -keystore ADKEYSTORE.jks -storepass PaSsW0Rd -alias ADKEYSTORE

If all goes good, output will be:

Owner:
Issuer: CN=FS03-CA, DC=CUSTOMER, DC=local
Serial number: 7a638e0a000000000001
Valid from: 10.02.17 14:20 until: 10.02.19 14:30
Certificate fingerprints:
MD5:  F8:2E:4B:C7:1B:04:58:5F:E1:FF:2E:B1:88:EE:02:4A
SHA1: 06:97:8F:E":93:21:FB:BB:71:E2:C2:FF:02:06:17:8E:8E:02:8C:A5
Trust this certificate? [no]:  yes
Certificate was added to keystore

And to check the content of the .jks keystore:
keytool -list -keystore ADKEYSTORE.jks -storepass PaSsW0Rd

Output will be:

Keystore type: jks
Keystore provider: IBMJCE

Your keystore contains 1 entry

ADKEYSTORE, 10.feb.2017, trustedCertEntry,
Certificate fingerprint (MD5): F8:2E:4B:B7:1B:14:58:5F:A1:FF:2E:91:88:3E:02:4A

I then moved the ADKEYSTORE.jks file to my TDI Solutions directory, which is in this case:

From:
D:\IBM\TDI\V7.1.1\jvm\jre\bin
over to:
E:\TDISOL\TDI_custom

I then modified the file "E:\TDISOL\TDI_custom\solution.properties"

Where I inserted:

#server authentication
#example
javax.net.ssl.trustStore=E:\TDISOL\TDI_custom\ADKEYSTORE.jks
javax.net.ssl.trustStorePassword=PaSsW0Rd
javax.net.ssl.trustStoreType=jks
#client authentication
#example
javax.net.ssl.keyStore=E:\TDISOL\TDI_custom\ADKEYSTORE.jks
javax.net.ssl.keyStorePassword=PaSsW0Rd
javax.net.ssl.keyStoreType=jks

After restarting TDI, I was able to connect to the AD server on port 636 in TDI.


Thursday, January 19, 2017

IBM Connections 5.5 - Make top header/menu sticky

Update: Now also supports Safari on Mac. I got a comment on this blog-entry from Stanislav Shvachko, who pointed out that it does not work on Safari on Mac.
I went through the code and fixed it. So no it also works for Safari, Internet Explorer 11, Firefox and Chrome.

Original Blog:

I had this challenge given to me from a customer;
"Can you make the top menu/header always visible when scrolling the pages downwards in Connections?"

Originally, my answer was NO, because this is not an out-of-the-box option.

But, being the html/css enthusiast as I am, I started looking into it.

I played around a bit with it in Firefox using Firebug. And I noticed that when I put in a "position: fixed" css property on the correct Divs, I was actually getting somewhere.

Along the way, I tested all the different apps in Connections, and in some of the apps, like Homepage, Files and the Profiles Directory Search, there were already some elements that was "sticky" when you were scrolling down.

Plus, when I tried accessing the top-menus in Connections, after I put the header in sticky-mode, the drop-down menus needed some tweaking regarding it´s position.

So, in the end, here´s the custom.css that I came up with.

Disclaimer:
I can not promise that I´ve covered all the areas and that this will work in all browsers, in all scenarios. But this one worked in my Connections 5.5 CR2 server in Firefox, Internet Explorer 11 and in Chrome.

NOTE that if you have a logo already present in the custom.css, as described here you need to edit my css regarding the "top" and the "margin-top" pixel sizes. Because if you have a logo which is larger in height and is pushing the header-height downwards a bit, you need to add more pixels in those 2 css properties.

Ok, if you don´t have a "custom.css" already in place in you Connections installation, create this file in the "shared\customization\themes\hikariTheme" directory. (You might have to create this directory structure if it´s not already there)


Then, using your favorite text-editor, paste this into it:

/* Header code */
.lotusui30 .lotusBanner {
    background: #325c80 none repeat scroll 0 0;
    padding: 0;
    position: relative;
    width: 100%;
    z-index: 11;
    overflow: visible;
    text-align: left;
}

/* The top header/banner/menu - added position and width. The rest is default values. */
.lotusui30 div.lotusBanner .lotusRightCorner {
    background: #325c80 none repeat scroll 0 0;
    height: 44px;
    overflow: hidden;
    padding-bottom: 1px;
    position: fixed; /*NEW*/
    width: 100%; /*NEW*/
}

/* The body below the header/banner/menu, needs top padding of 42px */
.lotusui30 .lotusTitleBar, .lotusui30 .lotusTitleBar2 {
    background: rgba(0, 0, 0, 0) none repeat scroll 0 0;
    border: 0 none;
    border-radius: 0;
    margin: 0;
    padding: 42px 0 0; /*NEW*/
}

/* Fix for Files app - lefmenu which is already sticky. Adding some top margin */
.files-independent-scrollbars-compatible .lotusui30_body .lotusMain {
    padding-left: 50px;
    padding-right: 0;
    top: 42px;
}


/* Fix for the Homepage "what do you want to share" box, which was already sticky. Added som top margin */
.lotusStream #activityStreamMain.lotusWidgetBody .streamHeaderWrapper.isSticky {
    margin-top: 42px; /*NEW*/
    position: fixed; /*NEW*/
    top: 0;
    z-index: 2;
}

/* Fix for the homepage left-hand side menu, which was already sticky. Added some top margin */
#homepageLeftNavigationMenuContainer.isSticky {
    margin-top: 42px !important; /*NEW*/
    position: fixed; /*NEW*/
    top: 10px;
    width: 215px;
}

/* Fix for the dropdown menus in the banner. Needed 42px top margin */
.dijitPopup {
    background-color: transparent;
    border: 0 none;
/*    margin: 42px 0 0; /*NEW*/ */
    padding: 0;
    position: absolute;
}

/* Fix for the sticky grey search bar in Directory Search. Needed 45px top */
.lotusui30 .lconn_directoryPage .lconn_searchNode.fixed {
    background-color: #f0f0f0;
    padding-top: 15px;
    position: fixed; /*NEW*/
    top: 45px !important; /*NEW*/
    z-index: 900;
}

/* Thanks to @robertfarstad I now have a sticky top banner in Connections */

And then, a simple restart of the "Common" application should suffice, in order for you to see the changes. (Perhaps a browser cache wipe as well).

If you have issues with the fact that custom.css is not being picked up at all by Connections, you might find some tips here:

http://www.ibm.com/support/knowledgecenter/SSYGQH_5.5.0/admin/customize/t_admin_navbar_change_style.html


I ask of you. If you try this, could you please notify me if there´s anything that I´ve missed regarding sticky stuff? Positioning of other widgets, menus and such is something that can be tuned in this css, but I need to know which page/app you see that it´s not working on.
If you have a test server, it´s real simple to test this out. So please do and let me know the result, good or bad :-)

I have some fellow IBM Connections friends on Skype that is going to test this. I will update this blog post with their findings and results as well.

Oh, yeah... Here´s the result on "my profile" page:


Wednesday, January 18, 2017

IBM Connections 5.5 - change the name of "My Organization Communities"

I noticed a new feature In Connections 5.5.
The menu item for "Public Communities" has changed to "My Organization Communities". This is something we´ve all seen.


In CNX5.0: In CNX 5.5:

What I didn´t know, was that there´s now a possibility to change the name of "My Organization" to be of your choosing. There´s a new configuration in LotusConnections-config.xml called "<organization name="">

This you can change to <organization name="Your Company Name">

The recipe to do this is here: http://www.ibm.com/support/knowledgecenter/SSYGQH_5.5.0/admin/admin/t_admin_communities_change_org.html


Restrictions are as follows:
  1. The company name can only be maximum 20 characters long
  2. For special characters, like ÆØÅ in Norwegian, you have to use Unicode.
 That last one applies to all languages that has special characters. Norwegian, German, Swedish.... etc.

Format is like this:
For the company name "Øre Nese Hals", you have to change to this, in LotusConnections-config.xml:
<organization name="\u00d8re Nese Hals">
 Where the capital letter "Ø" equals "\u00d8"

Or, by doing it via wsadmin:
LCConfigService.updateConfig("organization.name","\u00d8re Nese Hals")

So, for my company name, which has no special characters, this is what I got:


Monday, December 19, 2016

IBM Connections - Force setting the "share with external" option on files.

Open for debate, please comment if you have any insight in why this might not be a good thing to do.


When you upload a file in IBM Connections Cloud, the option "Files can be shared with people external to my organization" is automatically set for you:

Which is a good thing.

In On-Prem versions of IBM Connections (I tested this in Connections 5.5 CR2.), this option is left unchecked, so in order for you to be able to share this file with external users, you have to remember to set this EVERY TIME you upload a file.
Because, if you forget to set it, there is no way of setting this after the file has been uploaded.

Which is a bad thing.

And the only place this option exists, is when you use IBM Connections in a Browser!!
If you upload files in the Windows Desktop Plugin, using the Windows Explorer addition, this option does not even exist!!
See for yourself:

I think the whole "share with external users" is poorly made in IBM Connections. This could have been programmed a whole lot better.

Just the fact that if you forget to select the "Files can be shared with people external to my organization" option, you are not able to set it afterwards, is just incredible....

But, opinions aside, I started looking at possibilities to set this "share with external" option automatically, and so far, this is what I came up with:

First and foremost, you have to set your user, and the other users who should be able to share with external users, to actually be able to do just that. (This is for On-Prem only, of course)

This includes the running profilesAdmin.py wsadmin command
ProfilesService.setRole("ajones277@example.com", EMPLOYEE_EXTENDED)

(See more here: http://www.ibm.com/support/knowledgecenter/SSYGQH_5.5.0/admin/admin/t_admin_profiles_set_roles.html)


So, as we all know, there is a FILES database.
In this database, there is a table called "MEDIA".
This table has a list of all the files that´s been uploaded into IBM Connections.

So I did a test: I uploaded a file, leaving the "Files can be shared with people external to my organization" unchecked.
And then I uploaded the same file with a new name, where I checked the "Files can be shared with people external to my organization" option.

The only difference the 2 files had in the FILES.MEDIA table was this:



So, the column "SHARING_INTENT" is 0 on the file which I did not check the checkbox on, and it´s set to "1" on the file which I selected to share externally.

I then did a test in the Connections gui, where I tried sharing the "unshared" file with an external user. Result was that the external user did not show up in the gui.
I then performed the following SQL query to update the record, setting the "SHARING_INTENT" to the value 1:
update "FILES"."MEDIA" set SHARING_INTENT=1 where LABEL = 'kasper.docx';
And then I tried the same manoeuvre; tried to share the file with an external user, and this time, the external user came up in the type-ahead share box.

Is this enough? Are there other tables that also need to be updated?

I´m not sure, but I will test this on a customer who has been asking for this feature for a long time now.

So, what I´m thinking of doing now, is either running this SQL query as a scheduled script:
Where I always set every file to have the "SHARING_INTENT=1" where the query is:
update "FILES"."MEDIA" set SHARING_INTENT = 1;
commit; 
or, create a TDI job that does this for me.
In TDI I can run the job on all the files that has been uploaded today, for instance, so that not all files are edited every time.
Or, perhaps do a Date-check in SQL:
update "FILES"."MEDIA" set SHARING_INTENT = 1 where CREATE_DATE > (current date); 
commit;

And also, I have created a PMR to ask for this feature. I asked IBM why the Cloud version has this option set automatically, and not the on-prem version. And I also asked about the fact that the Desktop Plugin don´t have this option at all.
I´m eager to learn why.


UPDATE:
IBM Champion, Sharon Bellamy James, reminded me on Skype just now, that if users upload a file into a Community which is set to be shared externally, then this is not an issue. The files then gets automatically ticked with the "shared to eternal users" checkmark.
The issue is where you upload files directly into you own personal "FILES" and then share it to an external user or an "external community".