A customer wanted more files to be added to a particular five communities. The default is a cumulative 512MB allowed to be uploaded to a community library. Changing the global value from 512MB to 1GB wasn’t the way to go about it so a new policy needed to be created to be applied to these five communities.

The customer wasn’t allowed access to the communities so the easiest way was to use the browse option as we only had the user’s word on what the name of all five were and searching on the name would require the syntax to be correct which it turns out was not the case…..

Start wsadmin

execfile(“D:\IBM\WebSphere\AppServer\profiles\Dmgr01\config\bin_lc_admin\filesAdmin.py”)

FilesLibraryService.browseCommunity(“title”, “true”, 1, 20)

FilesLibraryService.browseCommunity(“title”, “true”, 2, 20)

And so forth
FilesLibraryService.browseCommunity(“title”, “true”, 3, 20)

As I mentioned above, the communities were not listed. I’m not sure why as I do not have access to the servers nor saw the output.

As a catch all I asked the customer to dump all the communities using the following command

FilesLibraryService.exportSyncedResourceInfo(“c:/community_output.xml”, “community”)

(Note – It is meant to be a forward slash as it’s an xml).

This listed all their communities and from it I was able to find that the community names provided by the user were incorrect.

Now the syntax of the community names were corrected the following command was used which provided the community information.

commList = FilesLibraryService.browseCommunity(“title”, “true”, 1, FilesLibraryService.getCommunityCount())

FilesUtilService.filterListByString(commList, “title”, “Community”)

Output of the command is as follows (actual output after new policy applied):

FilesLibraryService.getById(“66530fc2-2859-48aa-a376-8ade74782611″)
{maximumSize=1073741824, size=523164256, percentUsed=0.4872346818447113, summary
=, createDate=Tue Feb 05 12:02:54 CET 2013, policyId=a4785094-6804-40a0-b68c-005
8e0541d91, externalContainerId=c702d7f1-c297-418e-b4a8-50ac1ee0aff2, themeName=d
efault, label=W59c3266be40d_4d80_925a_e8e85a278ec2, title=Community, own
erUserId=00000000-0000-0000-0000-000000000000, type=community, id=66530fc2-2859-
48aa-a376-8ade74782611, externalInstanceId=W59c3266be40d_4d80_925a_e8e85a278ec2,
lastUpdate=Tue Apr 16 14:09:51 CEST 2013}

The libraryid is listed “id” in bold above, that is the value needed.

You can also get this value (which I didn’t realise at the time) in community_output.xml which was run earlier. The xml produced below shows the libraryid which is in bold.

-<snx:resource xmlns:snx=”http://www.ibm.com/xmlns/prod/sn&#8221; name=”Community” widgetInstanceId=”W59c3266be40d_4d80_925a_e8e85a278ec2″ id=”c702d7f1-c297-418e-b4a8-50ac1ee0aff2″ type=”community”>-<snx:creator xmlns:snx=”http://www.ibm.com/xmlns/prod/sn”><email xmlns=”http://www.w3.org/2005/Atom”/><snx:userid xmlns:snx=”http://www.ibm.com/xmlns/prod/sn”>00000000-0000-0000-0000-000000000000</snx:userid></snx:creator>-<snx:lastmodby xmlns:snx=”http://www.ibm.com/xmlns/prod/sn”><email xmlns=”http://www.w3.org/2005/Atom”>joe.bloggs@collaborationben.com</email><snx:userid xmlns:snx=”http://www.ibm.com/xmlns/prod/sn”>88aff0d8-465d-4987-bb4e-c3eea13b51be</snx:userid></snx:lastmodby><snx:property xmlns:snx=”http://www.ibm.com/xmlns/prod/sn&#8221; name=”communityType”>private</snx:property><snx:property xmlns:snx=”http://www.ibm.com/xmlns/prod/sn&#8221; name=”communityThemeId”>default</snx:property><snx:property xmlns:snx=”http://www.ibm.com/xmlns/prod/sn&#8221; name=”contentApproval”>false</snx:property><snx:property xmlns:snx=”http://www.ibm.com/xmlns/prod/sn&#8221; name=”contentFlagging”>false</snx:property><snx:objectIdentifyingTerm xmlns:snx=”http://www.ibm.com/xmlns/prod/sn”>Community</snx:objectIdentifyingTerm><snx:objectIdentifyingId xmlns:snx=”http://www.ibm.com/xmlns/prod/sn”&gt;66530fc2-2859-48aa-a376-8ade74782611</snx:objectIdentifyingId></snx:resource>

Now the libraryid is obtained you have to create a new policy.

Create the policy

FilesPolicyService.add(“1GB Community Policy”, 1073741824)

Take a note of the UUID created (in this format 00000000-0000-0000-0000-000000000000) as this will need to be applied replacing the values in red.

Apply the new policy to the community

FilesLibraryService.assignPolicy(“66530fc2-2859-48aa-a376-8ade74782611″, “string policyId“)

Check that the community is now applied

FilesLibraryService.getById(“66530fc2-2859-48aa-a376-8ade74782611″)

You should see that the values in blue below have changed and are in line with the new policy.

{maximumSize=1073741824, size=523164256, percentUsed=0.4872346818447113, summary
=, createDate=Tue Feb 05 12:02:54 CET 2013, policyId=a4785094-6804-40a0-b68c-005
8e0541d91, externalContainerId=c702d7f1-c297-418e-b4a8-50ac1ee0aff2, themeName=d
efault, label=W59c3266be40d_4d80_925a_e8e85a278ec2, title=Community, own
erUserId=00000000-0000-0000-0000-000000000000, type=community, id=66530fc2-2859-
48aa-a376-8ade74782611, externalInstanceId=W59c3266be40d_4d80_925a_e8e85a278ec2,
lastUpdate=Tue Apr 16 14:09:51 CEST 2013}

A customer has raised some interest in Bandwidth Manager to help monitor and control the bandwidth being used between their various offices in various locale so I went about installing it on my home environment. I won’t add all the screen shots but I will run through the high level steps and add my thoughts.

Before you start though you will want to raise a PMR and reference LO67698: BANDWIDTH MANAGER MODULES DO NOT START UP WITH THE BANDWIDTH MANAGER WAS SERVER which describes a problem where the BWM modules do not start automatically. I noticed this after I installed BWM and have been sent the hot fix which requires a reinstall.

DB2

You are required to create a new database. I installed on CentOS 6.4 (64bit) and running the Control Center is difficult. So below is the command you can run using the DB2 command line. This assumes that you already have DB2 installed and that your instance owner is db2inst1.

CREATE DATABASE BWM_DATA AUTOMATIC STORAGE YES  ON ‘/opt/IBM/DB2/db2inst1′ DBPATH ON ‘/opt/IBM/DB2/db2inst1′ USING CODESET UTF-8 TERRITORY US COLLATE USING UCA400_NO PAGESIZE 8192;

WAS

I used the part number CZYA2ML to instal WAS 7.0.0.15 and CZYH1ML for the iFixes.

LDAP

The wiki insinuates that you need to use a bind account that has read and write access to LDAP. This is not the case, a read only bind account is fine.

“The bandwidth manager requires an LDAP server to which it has administrative “read/write” access since it looks up, creates, and modifies both users and groups while applying bandwidth management policies. This LDAP server can be any supported LDAP server using the Virtual Member Manager through federated repositories in WebSphere Application Server; use the same LDAP server that is used by the rest of the Sametime deployment. Configuring the WebSphere Application Server LDAP directory for bandwidth manager requires a Bind DN that is a valid LDAP user with administrative privileges.”

Ports

When at the “Verifying the SIP Proxy and Registrar virtual host used by the Bandwidth Manager” step of the wiki make a note of the port number for SIP_ProxyRegHOST of the SIP Proxy and Registrar.

When creating the two rules in “Setting up routing from the SIP Proxy and Registrar to the Bandwidth Manager” then use the port number for the port name SIP_DEFAULTHOST of the Conference Manager in the “Conditions” section and also SIP_DEFAULTHOST for the BWM in the “Destination” section.

Problems

At first I couldn’t get the traffic filtering from the SIP Proxy Registrar through the BWM. I wasn’t sure whether it was due to mismatch with SIP and TLS. The clients were using TLS to connect to the SIP Proxy Registrar and I configured the routing between the SIP Proxy Registrar and the BWM using SIP over TCP. I wanted to take encryption and certificate exchange out of the equation so I did the following.

Disabled TLS by following the steps in Using the Transport Layer Security (TLS) protocol with Sametime Audio/Video in a load balancing environment. I also changed from TLS to TCP in the screen shot below which is also documented in Changing the SIP transport protocol in the Sametime Media Manager.

I also added the BWM to the trusted IP list as mentioned in Configuring the trusted IP list for the SIP Proxy/Registrar server.

I restarted the Community server as well as BWM and Media Manager components and it still didn’t work.

I then changed from using IP addresses to using host names in both rules on the SIP Proxy Registrar and the configuration section of the BWM and after a restart it started working.

Notes

• It’s worth mentioning that if your BWM stops then all audio and video will fail and the clients will have errors pop up.
• I installed this on a new node so I had to install WAS. You can co-locate this and run the Profile Management Tool to create a new profile.
• I would refrain from installing this on another SIP application unless you want to fiddle with ports and virtual hosts.
• If installing on an unsupported OS then ensure all the libraries are installed prior.
• Use the hot fix supplied by IBM.
• Useful documents to help
  • IBM Lotus Sametime 8.5.2 Media Manager From Zero to Hero – Small Pilot Deployment
  • IBM Lotus Sametime 8.5.2 Media Manager Cluster Deployment Walk-through Part I – Overview and Planning

A customer has exposed their Sametime Proxy to the internet so that they can access it using the Sametime client on mobile devices. One step is to import SSL certificates which the customer did using the very good Zero to Hero presentations.

I queried the application of the intermediary and root Certificate Authority (CA) certificates. The Zero to Hero and all other IBM documentation tells you to import the root and intermediary certificates into the CellDefaultTrustStore. I have for the STProxy and Sametime Gateway always installed into the CellDefaultKeyStore along with the CA signed device certificate. This creates a chain of certificates.

Anyway, once the customer had imported the certificates and I had imported them to the OS (Windows) so the Windows services would work the customer could not connect using his Android Sametime client but via a web browser it worked not problems.

I asked him to enable debugging and the logs he sent me from his handset showed the following (extract):

2013/06/21 16:28:15.891    340    FINE    CommonHttpClient$QueryX509TrustManager.checkServerTrusted:928    ENTRY: Server certificate validation errorjava.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
2013/06/21 16:28:15.895    340    FINE    HTTPComm.BadCertificateNotifier:579    Enter HTTPComm.BadCertificateNotifier()
2013/06/21 16:28:15.895    340    FINE    CommonHttpClient$QueryX509TrustManager.checkServerTrusted:937    Trust anchor for certification path not found.
java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
    at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:192)
    at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:163)
    at com.lotus.android.common.CommonHttpClient$QueryX509TrustManager.checkServerTrusted(CommonHttpClient.java:923)
    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:597)
    at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method)
    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:395)
    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl$SSLInputStream.<init>(OpenSSLSocketImpl.java:647)
    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:618)
    at org.apache.http.impl.io.SocketInputBuffer.<init>(SocketInputBuffer.java:70)
    at org.apache.http.impl.SocketHttpClientConnection.createSessionInputBuffer(SocketHttpClientConnection.java:83)
    at org.apache.http.impl.conn.DefaultClientConnection.createSessionInputBuffer(DefaultClientConnection.java:170)
    at org.apache.http.impl.SocketHttpClientConnection.bind(SocketHttpClientConnection.java:106)
    at org.apache.http.impl.conn.DefaultClientConnection.openCompleted(DefaultClientConnection.java:129)
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:172)
    at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
    at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:360)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
    at com.ibm.android.sametime.stproxy.HTTPComm.sendURLRequest(HTTPComm.java:468)
    at com.ibm.android.sametime.stproxy.HTTPComm.sendURLRequestSync(HTTPComm.java:401)
    at com.ibm.android.sametime.stproxy.HTTPComm$HttpRequestThread.run(HTTPComm.java:320)

2013/06/21 16:28:15.895    340    FINE    CommonHttpClient$QueryX509TrustManager.checkServerTrusted:953    ENTRY: User rejected server’s certificate
2013/06/21 16:28:15.901    340    FINE    STProxy.retryComm:1773    retryComm – command = 1 retries = 20
2013/06/21 16:28:15.901    340    INFO    HTTPComm.sendURLRequest:501    _sendurlrequest: Connection rejected. req = POST, cmd = 1, exception = javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

I then found the following resource which suggested that I query the customers Sametime Proxy using an OpenSSL client using the command

openssl s_client -debug -connect http://www.thedomaintocheck.com:443

The last line from the output was Verify return code: 21 (unable to verify the first certificate)

So I imported the intermediary and root certificates in to the CellDefaultKeyStore and after a restart of STProxy his device could connect.

I’m, not sure why IBM’s documentation tells me to do it the other way but I do know that for this instance my way works!!

A customer notified me of a problem a user faced when trying to share a folder to a community. Quickly we found the problem was with the community and not the folder as the folder could be shared with other communities and various folders could not be shared with this specific community. This was a community that was created in Connections 3.0.1.

The user saw different errors in the web browser compared with the Windows connector.

I found  a forum entry but it did not provide any resolution or technical details. I did some looking into SNCOMM and FILES and could not see anything obviously wrong so I raised a PMR.

IBM quickly came back and asked me to run FilesDataIntegrityService.syncAllCommunityShares(). This is a command that should be run after upgrade/migration to Connections 4.0 so with some dubiousness I ran the command. In my wsadmin window I observed a number of lines of output but two for the particular community.

[08/07/13 15:08:18:462 IST] 000028fd SyncCommunity I   EJPVJ9418I: The community 8ac6c344-43d8-4321-a292-2b952c55bd9d has been synchronized and now has visibility PRIVATE and name Parent Community.
[08/07/13 15:08:20:541 IST] 000028fd SyncCommunity I   EJPVJ9418I: The community feba9b69-6b05-45db-adb9-ea1c6d26073f has been synchronized and now has visibility PRIVATE and name sub-community.

I’m not sure what these lines mean (awaiting an answer from IBM) but it worked and the user can now share his folder with the community.

A customer wanted to use a series of nested groups to populate Profiles. The theory is that the parent group has a number of child groups which are controlled by various location specific administrators.

Initially I hoped to be able to achieve this by using a special query (LDAP_MATCHING_RULE_IN_CHAIN) which would walk to the root and thus include all members of the nested groups.

“(&(objectClass=user)(member:1.2.840.113556.1.4.1941:(=CN=IBM Connections Users,DC=acme,DC=com)))”

I couldn’t get this to work using ldapsearch so I had their AD admins investigate. They too could not get it to work so the work around was to add all the groups to the source_ldap_search_filter value in profiles_tdi.properties. The search filter consisted of over 26000 characters!!

On running sync_all_dns I saw failures (after enabling debug from Profiles MustGather) in the ibmdi.log. The errors matched Population or Synchronization fails trying to update the Peopledb with the error SQLCODE: -302, SQLSTATE: 22001

I was hesitant to go ahead and make the changes details and read else where that LONG VARCHAR is deprecated in 9.7 potentially meaning CLOB datatype was required. I raised a PMR with IBM to check and they came back and said that there is no change made to PROF_SOURCE_URL in the later versions of Connections. The one pain could be if a side by side migration to 4.5 (or later) is performed as the new database will have VARCHAR as the datatype. With some forward planning this migration failure can be removed.

My DB2 colleague and I decided to back up PEOPLEDB and then run the following command to dump the definitions of the database before altering the datatype.

db2look -d PEOPLEDB -f -l -e -x > D:\db2look_peopledb_prechange.txt

To alter the datatype we used the Control Center which gave us the below SQL.

CONNECT TO PEOPLEDB;
CALL SYSPROC.ALTOBJ ( ‘APPLY_CONTINUE_ON_ERROR’, ‘CREATE TABLE EMPINST.EMPLOYEE ( PROF_KEY VARCHAR (36)  NOT NULL , PROF_UID VARCHAR (256)  NOT NULL , PROF_UID_LOWER VARCHAR (256)  NOT NULL , PROF_LAST_UPDATE TIMESTAMP  NOT NULL , PROF_MAIL VARCHAR (256) , PROF_MAIL_LOWER VARCHAR (256) , PROF_GUID VARCHAR (256)  NOT NULL , PROF_SOURCE_UID VARCHAR (256)  NOT NULL , PROF_DISPLAY_NAME VARCHAR (256) , PROF_LOGIN VARCHAR (256) , PROF_LOGIN_LOWER VARCHAR (256) , PROF_GIVEN_NAME VARCHAR (128) , PROF_SURNAME VARCHAR (128) , PROF_ALTERNATE_LAST_NAME VARCHAR (64) , PROF_PREFERRED_FIRST_NAME VARCHAR (32) , PROF_PREFERRED_LAST_NAME VARCHAR (64) , PROF_TYPE VARCHAR (64) , PROF_MANAGER_UID VARCHAR (256) , PROF_MANAGER_UID_LOWER VARCHAR (256) , PROF_SECRETARY_UID VARCHAR (256) , PROF_IS_MANAGER CHARACTER (1) , PROF_GROUPWARE_EMAIL VARCHAR (128) , PROF_GW_EMAIL_LOWER VARCHAR (128) , PROF_JOB_RESPONSIBILITIES VARCHAR (128) , PROF_ORGANIZATION_IDENTIFIER VARCHAR (64) , PROF_ISO_COUNTRY_CODE VARCHAR (3) , PROF_FAX_TELEPHONE_NUMBER VARCHAR (32) , PROF_IP_TELEPHONE_NUMBER VARCHAR (32) , PROF_MOBILE VARCHAR (32) , PROF_PAGER VARCHAR (32) , PROF_TELEPHONE_NUMBER VARCHAR (32) , PROF_WORK_LOCATION VARCHAR (32) , PROF_BUILDING_IDENTIFIER VARCHAR (64) , PROF_DEPARTMENT_NUMBER VARCHAR (24) , PROF_EMPLOYEE_TYPE VARCHAR (256) , PROF_FLOOR VARCHAR (16) , PROF_EMPLOYEE_NUMBER VARCHAR (16) , PROF_PAGER_TYPE VARCHAR (16) , PROF_PAGER_ID VARCHAR (32) , PROF_PAGER_SERVICE_PROVIDER VARCHAR (50) , PROF_PHYSICAL_DELIVERY_OFFICE VARCHAR (32) , PROF_PREFERRED_LANGUAGE VARCHAR (100) , PROF_SHIFT VARCHAR (4) , PROF_TITLE VARCHAR (256) , PROF_COURTESY_TITLE VARCHAR (64) , PROF_TIMEZONE VARCHAR (64) , PROF_NATIVE_LAST_NAME VARCHAR (256) , PROF_NATIVE_FIRST_NAME VARCHAR (256) , PROF_BLOG_URL VARCHAR (256) , PROF_FREEBUSY_URL VARCHAR (256) , PROF_CALENDAR_URL VARCHAR (256) , PROF_DESCRIPTION CLOB  (1048576   )  LOGGED  NOT  COMPACT , PROF_EXPERIENCE CLOB  (1048576   )  LOGGED  NOT  COMPACT , PROF_SOURCE_URL “LONG VARCHAR” , PROF_SRC_UID_LOWER VARCHAR (256)  NOT NULL , TENANT_KEY VARCHAR (36)  NOT NULL  WITH DEFAULT ’00000000-0000-0000-0000-040508202233′ , PROF_STATE INTEGER  NOT NULL  WITH DEFAULT 0   ) IN USERSPACE32K INDEX IN USERSPACE4K LONG IN USERSPACE32K ‘, -1, ? );
CONNECT RESET;

After running this the datatype of the column changed to LONG VARCHAR.

We run the definitions dump again and compared the contents with the pre-change information. The contents were the same albeit in a different order.

db2look -d PEOPLEDB -f -l -e -x > D:\db2look_peopledb_prechange.txt

This gave us confidence to continue and started Connections. At which point the sync_all_dns completed successfully and the users in the nested groups are populated to Profiles. Checking EMPLOYEE.PEOPLEDB shows the very long search filter in the PROF_SOURCE_URL for those that were added recently.

The one problem I had out the back of the Metrics install which was post-Connections 4.0 was the when users clicked on the Metrics tab they were not signed into Metrics automatically. Users were faced with the following screen.

The User ID field was pre-populated with the users userPrincipalName (joe.bloggs@acme.com) which was not accepted. To log in to metrics the @acme.com needed to be removed leaving the users sAMAccountName which did work.

I changed the following fields in Cognos BI which worked and the user was signed in BUT it broke the daily and weekly cube refresh/build and no data appeared in Metrics.

User lookup – (userPrincipalName=${userID})
External identity mapping – (userPrincipalName=${environment(“REMOTE_USER”)})

I reverted back to using sAMAccountName so data was presented but the user had to remove the domain and log in manually.

I spoke with a colleague who performed the migration from 3.0.1 to 4.0 and it turns out that there was a change to the wimconfig.xml to allow the customer to log in with different attributes.

Replaced:
<config:attributes name=”samAccountName” propertyName=”uid”>
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>

With this:
<config:attributes name=”userPrincipalName” propertyName=”uid”>
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
<config:attributes name=”samAccountName” propertyName=”cn”>
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>

So I looked more closely at it and read an interesting piece http://publib.boulder.ibm.com/infocenter/c8bi/v8r4m0/index.jsp?topic=/com.ibm.swg.im.cognos.crn_arch.8.4.0.doc/crn_arch_id4601Securing_Access_to_Cognos_Connection.html which talks about using the replace function to remove the domain name from the string. The example given is (&(uid=${replace(${environment(“REMOTE_USER”)},”ABC\\”,”")}

I added (&(sAMAccountName=${replace(${environment(“REMOTE_USER”)},”acme.com\\”,”")} to External identity mapping and changed the syntax a few times before realising that it was supposed to be stripping the domain in from a format such as ACME\Joe Bloggs. I then changed it and after a couple of goes I got the correct syntax of (sAMAccountName=${replace(${environment(“REMOTE_USER”)},”@acme.com”,”")}) and after I restarted the Cognos application server the user was able to sign in automatically and all the data was there.

An internal user described a problem where as a leaver was showing as on line to IBM colleagues via their Sametime client, further more chats sent to the leaver was being received by the leaver’s manager. Our Gateway is federated with IBM’s so I can chat with them. I was a bit sceptical at first but after reproducing it I took a peek.

The manager had added the leaver’s email address to their person document so that email sent to the leaver was routed to them. Running a query for the leaver’s email address using ldapsearch resolved the email address to the  manager.Looking at the trace.log on the Gateway I could see the interaction and the email address resolving to the manager.

I created a mail in database document and added the email addresses of the leaver to it, gave it a name and then pointed the database to the manager’s mail file but still the leaver showed as on line. Looking at the trace.log again showed that

VPUsersCache  3 com.ibm.rtc.gateway.vp.util.cache.VPUsersCache getSTId Retrieved STId: {CN=Manager,O=ACME,}, for email: leaver@acme.com

This tells me that the email is being cached against the manager’s ID. After a restart of the Gateway the leaver does not show on line.

It’s not the first time I have federated the Gateway with OCS/Lync servers, all previous federations went smoothly, this one didn’t. Prior to federating I updated to 8.5.2.1 HF2 which involves applying FP19 to WAS 7 so that it brings it to the latest and greatest and should combat any problems with Lync.

When I got round to federating I found that awareness worked and the Lync users could chat with me but I couldn’t initiate a chat with them. I enabled the following trace and delved through the trace.log.

*=info: com.ibm.rtc.gateway.*=all: com.ibm.ws.sip.stack.transaction.transport.TransportCommLayerMgr=all

Looking at the trace.log I found the following errors.

18/07/13 11:19:10:675 BST] 00000029 TransportComm 3 TransportCommLayerMgr onMessage In Message:
SIP/2.0 488 Not Acceptable Here
ms-asserted-verification-level: ms-source-verified-user=verified
Content-Length: 0
Ms-client-diagnostics: 52063;reason=”Unsupported session description”
User-Agent: UCCAPI/15.0.4454.1504 OC/15.0.4454.1506 (Microsoft Lync)
CSeq: 2 INVITE
Call-ID: 8301348675246938@*******
To: <sip:joe.bloggs@acme.com>;epid=6cefe9b8de;tag=2ef08a07f6
From: <sip:ben.williams@collaborationben.com>;tag=563671771882337_local.1373296073078_269626_344492
Via: SIP/2.0/TLS ********:5061;rport;ibmsid=local.1373296073078_269626_344492;branch=z9hG4bK309775045542683;received=********;ms-received-port=33942;ms-received-cid=F00

I didn’t get very far pouring through the log so I raised a PMR and quickly Khalid Abbas got back to me asking me to apply DLAR-97EC3X which is specifically built for OCS/Lync. This hotfix is designed to change the SDP for OCS/Lync from “5061 tcp/sip *” to “5060 sip null” and add “a=accept-types:text/plain. This related to SDP for IM Session which describes the format the Session Description Protocol must be in for Lync/OCS.

Apply this hotfix changed the SIP SDP from

v=0
o=- 0 0 IN IP4 gateway.collaborationben.com
s=session
c=IN IP4 gateway.collaborationben.com
t=0 0
m=message 5061 sip/tcp *

to

v=0
o=- 0 0 IN IP4 gateway.collaborationben.com
s=session
c=IN IP4 gateway.collaborationben.com
t=0 0
m=message 5060 sip null
a=accept-types:text/plain

This though wasn’t enough to get it working with the original 488 errors because the FQHN was still in the the SIP SDP. Finally I had to change the SIP SDP to put out an IP address rather than the FQHN. This was done by logging into the Gateway’s ISC and going to Servers – Server Types – WebSphere Application servers – RTCGWServer – Server Infrastructure – Administration – Custom Properties changing the propery “com.ibm.sametime.gateway.fqdn” replacing the FQHN with the external IP address of the Gateway.

On restart it worked as expected.

The odd thing is why did it work previously with a Lync 2010 and OCS 2007 R2 already federated but not for this new partner?

I have been working with a customer introducing Connections 4.0, Sametime Proxy and moving their current two Community servers away from native Domino to AD LDAP.

We are now at the point where as we are looking at migrating the users from their current Community server to their new one. Normally DNS could be used to do this but since the authentication method is changing too then some further steps are required. To do this two approaches are required 1) the Sametime client needs to always pull the buddy list from the server and 2) the client needs to be redirected to the new server.

This could be done with desktop policies in the address book but these are flaky and do not work as they should often enough. Personally I like the way that an xml file can be used and a Sametime policy created to reference it for a group or list of people. It keeps the actions in Sametime and separates it from the customers desktop policies which all to often don’t work.

The first step is well documented and is performed using managed-settings.xml. There are dozens of blogs from people detailing how to do this. Here is the contents of the customer’s managed-settings.xml:

<ManagedSettings>
<settingGroup name=”com.ibm.collaboration.realtime.imhub” lastModDate=”20130821T115100Z”>
<setting name=”buddyListConflictPref” value=”replaceLocal” isLocked=”true”/>
<setting name=”showBuddyListConflictDialog” value=”false” isLocked=”true”/>
<setting name=”showExternalModificationDialog” value=”false” isLocked=”false”/>
</settingGroup>
</ManagedSettings>

This changes the following setting in the client. This is important so that their local buddy list is always replaced with the server version which will have users listed in a different format.

The customer at present is not converting the user’s buddy list. My experience of using the name conversion tool is bad and is inconsistent although there have been a number of new fixes in the recent past so may be the conversion is better? They could also use a 3rd party such as Instant Technologies to convert the buddy list for them though there is a cost associated but there is a guarantee to the conversion accuracy.

The redirection of the client is where the documentation is confusing.

Below is the output that worked for me. I had to raise a PMR because my various attempts would redirect my client but would not blank out the user name. This would confuse users as they would attempt to log in using their Domino credentials rather than their AD ones.

The first managed-community-configs.xml below is what I created based on the documentation available and the end result was that the client would redirect but the user name was still populated which should not happen when using “createNewConfig.”

In my case there are two addresses that could be used by users to log in “oldserveralias1.domain.com” and “oldserveralias2.domain.com.” Listing both of them ensures that whatever DNS alias is used will be redirected.

<?xml version=”1.0″ encoding=”UTF-8″?>
<managed-communities>
<managed-community id=”oldserveralias1.domain.com” host=”oldserveralias1.domain.com” newHost=”newserver.domain.com”/>
<managed-community id=”oldserveralias2.domain.com” host=”oldserveralias2.domain.com” newHost=”newserver.domain.com”/>
<managed-community-action type=”update” createNewConfig=”true” managed-community-id=”oldserveralias1.domain.com”/>
<managed-community-action type=”update” createNewConfig=”true” managed-community-id=”oldserveralias2.domain.com”/>
</managed-communities>

With a little help from Cormac O’Leary and L3 the proper syntax was provided which is below.

<?xml version=”1.0″ encoding=”UTF-8″?>
<managed-communities>
<managed-community id=”oldserveralias1.domain.com” host=”newserver.domain.com”/>
<managed-community id=”oldserveralias2.domain.com” host=”newserver.domain.com”/>
<managed-community-action type=”reset” createNewConfig=”true” managed-community-id=”oldserveralias1.domain.com”/>
<managed-community-action type=”reset” createNewConfig=”true” managed-community-id=”oldserveralias2.domain.com”/>
</managed-communities>

I like to use CentOS in the lab to install all IBM software to avoid licensing costs and Windows when possible. CentOS has always had it’s challenges and I have blogged a few times about additional libraries required to get software working. I use the basic server install which is pretty minimal but that’s what you should be using, right?

With Sametime 9 I have noticed the following gotchas you should be aware of.

Do not use 64 bit CentOS for the Community server

I have never been able to install Sametime Community server on a 64 bit version of CentOS. The same is still true for Sametime 9.

When installing Domino on the 64 bit version it helpfully tells you that you need to install 32 bit packages.

To run this installer you need 32bit (i686) packages installed on your 64 bit Linux RedHat.
They are not installed by default, but are mandatory. The installer will exit after this message.
        libXtst-1.0.99.2-3.el6.i686
        libXmu-1.0.5-1.el6.i686
        libXp-1.0.0-15.1.el6.i686
        libXft-2.1.13-4.1.el6.i686
        libXi-1.3-3.el6.i686

When installing the Community server I get various errors.

[root@st9 Server]# ./setuplinux.bin

     Initializing Wizard……..
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 712: [: : integer expression expected
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 712: [: : integer expression expected
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 712: [: : integer expression expected
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 712: [: : integer expression expected
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 712: [: : integer expression expected
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 712: [: : integer expression expected
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 712: [: : integer expression expected
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 712: [: : integer expression expected
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 712: [: : integer expression expected
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 1551: [: : integer expression expected
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 1551: [: : integer expression expected
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 1551: [: : integer expression expected
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 1551: [: : integer expression expected
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 1551: [: : integer expression expected
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 1551: [: : integer expression expected
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 1551: [: : integer expression expected
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 1551: [: : integer expression expected
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 1551: [: : integer expression expected
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 690: [: : integer expression expected
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 690: [: : integer expression expected
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 690: [: : integer expression expected
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 690: [: : integer expression expected
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 690: [: : integer expression expected
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 690: [: : integer expression expected
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 690: [: : integer expression expected
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 690: [: : integer expression expected
./setuplinux.bin: line 472: bc: command not found
./setuplinux.bin: line 690: [: : integer expression expected

[root@st9 Server]# yum install bc

./install_tdiv70_linux_x86_64.bin -is:tempdir /opt/temp

Initializing Wizard……..
Extracting Bundled JRE.

Bundled JRE is not binary compatible with host OS/Arch or it is corrupt.  Testing bundled JRE failed.

[root@st9 Server]# ./setuplinux.bin -console -is:log /tmp/installlog.txt

Log file created by MultiPlatform installer @Mon Sep 30 10:20:15 BST 2013
INSTALLER_PATH=/opt/installs/sametime/SametimeStandardServer/Server/./setuplinux.bin
Checking the environment variables specifed in the JVM files to find the JVM…
No JVM can  be found using the shell environment variable. Searching JVM will co
ntinue with Path Hints specified in the JVM Files…
jvm files not specified. Searching a JVM can not be performed.
Extracting bundled JRE…
checking disk space on the parition /tmp/istemp6007273102015 for /tmp/istemp6007273102015/ibm_linux_15.bin
83843 512 bytes disk blocks required.
29139696 512 bytes disk blocks  available on the partition /tmp/istemp6007273102015
Disk space check on the parition /tmp/istemp6007273102015 succeeded.
checking disk space on the parition /tmp/istemp6007273102015 for /tmp/istemp6007273102015/ibm_linux_15.bin
Bundled JRE is not binary compatible with host OS/Arch or it is corrupt.  Testing bundled JRE failed.

[root@st9 Server]# ./setuplinux.bin -is:extract
9 files extracted in the directory /opt/installs/sametime/SametimeStandardServer/Server/istemp6336273102254

I have tried setting a temp directory, extracting the jar file, nothing works. I now always use the 32 bit version of CentOS which works like a charm.

Install Perl

When installing the Video MCU (VMCU) and Video Manager (VMgr) you need to install additional packages as detailed in list of RPMs to install on the Sametime Video MCU. What I found after applying all the packages listed and others to cater for the fact that it is not RHEL is the following errors on start-up.

[10/24/13 6:44:38:124 BST] 00000047 SystemCommand W com.polycom.proximo.util.runtime.SystemCommand setStatus status changed for cmd[/usr/bin/sudo /opt/IBM/WebSphere/MediaServerPNVMGR/proximo/current/bin/admin-cfg-scripts/getNetworkInfo.pl] exitValue[1] status[ENDED_FAILURE]
[10/24/13 6:44:38:125 BST] 00000047 RedHatSystemC E com.polycom.proximo.shared.system.RedHatSystemCommandManager logFailedSc failed command: cmd[/usr/bin/sudo /opt/IBM/WebSphere/MediaServerPNVMGR/proximo/current/bin/admin-cfg-scripts/getNetworkInfo.pl] exitValue[1] status[ENDED_FAILURE]
[10/24/13 6:44:38:126 BST] 00000047 RedHatSystemC E com.polycom.proximo.shared.system.RedHatSystemCommandManager logFailedSc stderr: sudo: unable to execute /opt/IBM/WebSphere/MediaServerPNVMGR/proximo/current/bin/admin-cfg-scripts/getNetworkInfo.pl: No such file or directory

[10/24/13 6:44:38:126 BST] 00000047 RedHatSystemC E com.polycom.proximo.shared.system.RedHatSystemCommandManager logFailedSc stdout:
[10/24/13 6:44:38:132 BST] 00000047 DmaStartupSer E com.polycom.proximo.startup.DmaStartupServlet init Startup Serlvet experienced Problems: java.lang.NullPointerException
                                 java.lang.NullPointerException
    at com.polycom.proximo.supercluster.SuperclusterService.startService(SuperclusterService.java:616)
    at com.polycom.proximo.supercluster.SuperclusterServiceRuntimeExt.initialize(SuperclusterServiceRuntimeExt.java:52)
    at com.polycom.proximo.startup.DmaStartupServlet.init(DmaStartupServlet.java:146)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:338)
    at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.init(ServletWrapperImpl.java:168)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.loadOnStartupCheck(ServletWrapper.java:1363)
    at com.ibm.ws.webcontainer.webapp.WebApp.doLoadOnStartupActions(WebApp.java:606)
    at com.ibm.ws.webcontainer.webapp.WebApp.commonInitializationFinally(WebApp.java:576)
    at com.ibm.ws.webcontainer.webapp.WebAppImpl.initialize(WebAppImpl.java:425)
    at com.ibm.ws.webcontainer.webapp.WebGroupImpl.addWebApplication(WebGroupImpl.java:88)
    at com.ibm.ws.webcontainer.VirtualHostImpl.addWebApplication(VirtualHostImpl.java:169)
    at com.ibm.ws.webcontainer.WSWebContainer.addWebApp(WSWebContainer.java:749)
    at com.ibm.ws.webcontainer.WSWebContainer.addWebApplication(WSWebContainer.java:634)
    at com.ibm.ws.webcontainer.component.WebContainerImpl.install(WebContainerImpl.java:426)
    at com.ibm.ws.webcontainer.component.WebContainerImpl.start(WebContainerImpl.java:718)
    at com.ibm.ws.runtime.component.ApplicationMgrImpl.start(ApplicationMgrImpl.java:1175)
    at com.ibm.ws.runtime.component.DeployedApplicationImpl.fireDeployedObjectStart(DeployedApplicationImpl.java:1370)
    at com.ibm.ws.runtime.component.DeployedModuleImpl.start(DeployedModuleImpl.java:639)
    at com.ibm.ws.runtime.component.DeployedApplicationImpl.start(DeployedApplicationImpl.java:968)
    at com.ibm.ws.runtime.component.ApplicationMgrImpl.startApplication(ApplicationMgrImpl.java:774)
    at com.ibm.ws.runtime.component.ApplicationMgrImpl.start(ApplicationMgrImpl.java:2182)
    at com.ibm.ws.runtime.component.CompositionUnitMgrImpl.start(CompositionUnitMgrImpl.java:445)
    at com.ibm.ws.runtime.component.CompositionUnitImpl.start(CompositionUnitImpl.java:123)
    at com.ibm.ws.runtime.component.CompositionUnitMgrImpl.start(CompositionUnitMgrImpl.java:388)
    at com.ibm.ws.runtime.component.CompositionUnitMgrImpl.access$500(CompositionUnitMgrImpl.java:116)
    at com.ibm.ws.runtime.component.CompositionUnitMgrImpl$CUInitializer.run(CompositionUnitMgrImpl.java:994)
    at com.ibm.wsspi.runtime.component.WsComponentImpl$_AsynchInitializer.run(WsComponentImpl.java:502)
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1862)

I tried calling the .pl files explicitly like the application was doing.

root@vmgr admin-cfg-scripts]# /usr/bin/sudo vi /opt/IBM/WebSphere/MediaServerPNMGR/proximo/current/bin/admin-cfg-scripts/getNetworkInfo.pl
root@vmgr admin-cfg-scripts]# /usr/bin/sudo /opt/IBM/WebSphere/MediaServerPNVMG/proximo/current/bin/admin-cfg-scripts/getNetworkInfo.pl
udo: unable to execute /opt/IBM/WebSphere/MediaServerPNVMGR/proximo/current/binadmin-cfg-scripts/getNetworkInfo.pl: No such file or directory
root@vmgr admin-cfg-scripts]# /opt/IBM/WebSphere/MediaServerPNVMGR/proximo/currnt/bin/admin-cfg-scripts/getNetworkInfo.pl
bash: /opt/IBM/WebSphere/MediaServerPNVMGR/proximo/current/bin/admin-cfg-script/getNetworkInfo.pl: /usr/bin/perl: bad interpreter: No such file or directory

The errors show that the .pl (Perl files) could not be called. Once I installed both versions of Perl I could start the server and call the various .pl files.

root@vmgr admin-cfg-scripts]# yum install perl
[root@vmgr admin-cfg-scripts]# yum install perl*.i686
I can now run /opt/IBM/WebSphere/MediaServerPNVMGR/proximo/current/bin/admin-cfg-script/getNetworkInfo.pl

During the build of an internal Sametime 9 environment I came across problems with video calls via a meeting room, point-to-point was fine. I was getting the error “The call was not completed due to a dialling error. AVKCS2200E: Failure response 403 received in response to invitation to CN=Ben Williams, O=collaborationben. Reason is: Unspecified Dial Failure.”

I’ll explain how I have it set up. As this is all run on a bulky VMWare server at home I use hosts files to control DNS. I have called my domain “collaborationben.com” which is the same as my Blog. All servers can resolve themselves and can resolve DNS to the internet.

I enabled the following trace on the CF server:

*=info: com.ibm.mediaserver.*=all: com.ibm.telephony.conferencing.spi.*=all: com.ibm.ws.sip.*=all: com.lotus.sametime.telephonymanager.*=all: com.ibm.sip.*=all: com.ibm.vmgrconnector.*=all: com.lotus.sametime.telephony.*=all

On the VMgr I enabled:

“*=info: com.polycom.proximo.*=all

The errors in the VMgr were below:

[11/27/13 15:29:15:751 GMT] 000001a6 VideoMsMonito 3 com.polycom.proximo.mcu.VideoMsMonitorSupport$Ping run Connection to 192.168.1.45:8080 took 1 milliseconds connected: true
[11/27/13 15:29:16:028 GMT] 00000160 SuperclusterS 1 com.polycom.proximo.monitor.aggregator.SuperclusterStatusAggregateProviderImpl aggregateData Running supercluster status aggregation task.
[11/27/13 15:29:16:028 GMT] 00000160 SuperclusterS 1 com.polycom.proximo.monitor.aggregator.SuperclusterStateOfHealthAggregator getSuperclusterStateOfHealth Enter getSuperclusterStateOfHealth
[11/27/13 15:29:16:028 GMT] 00000160 RemoteCommand 3 com.polycom.proximo.supercluster.RemoteCommandSupport getLocalClusterRemoteCommandProxy Generate proxy for ProximoMonitorServiceRemoteCommands to local cluster
[11/27/13 15:29:16:028 GMT] 00000160 RemoteCommand 1 com.polycom.proximo.supercluster.RemoteCommandSupport call URL from call method: https://66.155.11.238:8444/PlcmRmWeb/remoteCommand?SuperclusterStateOfHealthAggregator_buildSuperclusterStateOfHealth_ArgsImpl
[11/27/13 15:29:16:028 GMT] 00000160 HttpUtils 1 com.polycom.proximo.util.HttpUtils makeHttpsUrlConnection Successfully established makeHttpsUrlConnection
[11/27/13 15:29:16:029 GMT] 00000160 RemoteCommand 3 com.polycom.proximo.supercluster.RemoteCommandSupport call Sending command: https://66.155.11.238:8444/PlcmRmWeb/remoteCommand?SuperclusterStateOfHealthAggregator_buildSuperclusterStateOfHealth_ArgsImplSuperclusterStateOfHealthAggregator_buildSuperclusterStateOfHealth_ArgsImpl[]
[11/27/13 15:29:16:121 GMT] 00000160 SuperclusterS E com.polycom.proximo.monitor.aggregator.SuperclusterStateOfHealthAggregator getSuperclusterStateOfHealth Unable to access server with virtual address. Using local info: Unexpected Exception
[11/27/13 15:29:16:121 GMT] 00000160 SuperclusterS 1 com.polycom.proximo.monitor.aggregator.SuperclusterStateOfHealthAggregator buildSuperclusterStateOfHealth Enter buildSuperclusterStateOfHealth
[11/27/13 15:29:16:121 GMT] 00000160 SuperclusterS 1 com.polycom.proximo.monitor.aggregator.SuperclusterStateOfHealthAggregator buildSuperclusterStateOfHealth Aggregating dashboard detail for cluster null.collaborationben.com
[11/27/13 15:29:16:121 GMT] 00000160 SuperclusterS 1 com.polycom.proximo.monitor.aggregator.SuperclusterStateOfHealthAggregator buildSuperclusterStateOfHealth Adding dashboard detail for missing cluster 66.155.11.238
[11/27/13 15:29:16:122 GMT] 00000160 SuperclusterS 1 com.polycom.proximo.monitor.aggregator.SuperclusterStateOfHealthAggregator updateActiveNodeStatus missing node detail for cluster null.collaborationben.com
[11/27/13 15:29:16:122 GMT] 00000160 SuperclusterS 1 com.polycom.proximo.monitor.aggregator.SuperclusterStateOfHealthAggregator updateActiveNodeStatus missing node detail for cluster 66.155.11.238
[11/27/13 15:29:16:122 GMT] 00000160 RawClusterDat 1 com.polycom.proximo.monitor.aggregator.RawClusterDataCleaner cloneElements Sip Enabled: SipStatusDetailImpl[sipEnabled=true, defaultAddress=, sessionTimer=1800, listeningPointList=[ListeningPointImpl[address=192.0.80.250, port=5060, transport=TCP], ListeningPointImpl[address=192.0.80.250, port=5061, transport=TLS]]]
[11/27/13 15:29:16:122 GMT] 00000160 RawClusterDat 1 com.polycom.proximo.monitor.aggregator.RawClusterDataCleaner cloneElements Sip Enabled: null
[11/27/13 15:29:16:122 GMT] 00000160 Responsibilit E com.polycom.proximo.monitor.aggregator.ResponsibilityAggregator setAggregatedResponsibility NodeUID could not be determined for cluster: null.collaborationben.com
[11/27/13 15:29:16:122 GMT] 00000160 Responsibilit 1 com.polycom.proximo.monitor.aggregator.ResponsibilityAggregator setAggregatedResponsibility Cluster 66.155.11.238 uid[3b07956e-fff9-4d92-8fb0-7832ae60cd96]
[11/27/13 15:29:16:122 GMT] 00000160 Responsibilit 1 com.polycom.proximo.monitor.aggregator.ResponsibilityAggregator setAggregatedResponsibility Territory 76.74.254.120controlled[false] primary[true] backup[false] unowned[false]
[11/27/13 15:29:16:122 GMT] 00000160 Responsibilit 1 com.polycom.proximo.monitor.aggregator.ResponsibilityAggregator setAggregatedResponsibility Cluster 66.155.11.238 confRoom[INACTIVE_PRIMARY] calendaring[DISABLED] enterpriseDirectory[DISABLED]
[11/27/13 15:29:16:123 GMT] 00000160 SuperclusterS W com.polycom.proximo.monitor.aggregator.SuperclusterStateOfHealthAggregator buildSuperclusterStateOfHealth Unable to determine local node name using hostname ‘vmgr.collaborationben.com’ instead
[11/27/13 15:29:16:123 GMT] 00000160 SuperclusterS W com.polycom.proximo.monitor.aggregator.SuperclusterStateOfHealthAggregator buildSuperclusterSummary Unable to find cluster info for null.collaborationben.com
[11/27/13 15:29:16:123 GMT] 00000160 SuperclusterS W com.polycom.proximo.monitor.aggregator.SuperclusterStateOfHealthAggregator buildSuperclusterSummary Info built for a cluster currently unreachable or in trouble.
[11/27/13 15:29:16:123 GMT] 00000160 SuperclusterS 1 com.polycom.proximo.monitor.aggregator.SuperclusterStateOfHealthAggregator updateServerCounts Currently configured to connect to MCUs: [null.collaborationben.com]
[11/27/13 15:29:16:124 GMT] 00000160 SuperclusterS 1 com.polycom.proximo.monitor.aggregator.SuperclusterStateOfHealthAggregator buildSuperclusterStateOfHealth Exit buildSuperclusterStateOfHealth
[11/27/13 15:29:16:124 GMT] 00000160 DashboardMana 1 com.polycom.proximo.monitor.DashboardManager getDashboardDetail Getting dashboard info
[11/27/13 15:29:16:124 GMT] 00000160 SuperclusterA I com.polycom.proximo.supercluster.SuperclusterAccessCommands loadJuniperConfiguration loadJuniperConfiguration returning config: JuniperConfiguration[enableSRC:false, port:8080, forceHTTPS:false, useEPAddrForSubURI:true]
[11/27/13 15:29:16:126 GMT] 00000160 SuperclusterS 1 com.polycom.proximo.monitor.aggregator.SuperclusterStatusAggregateProviderImpl aggregateData Supercluster status aggregation task complete.
[11/27/13 15:29:17:612 GMT] 00000a63 LTPAServerObj E SECJ0369E: Authentication failed when using LTPA. The exception is com.ibm.websphere.wim.exception.PasswordCheckFailedException: CWWIM4537E No principal is found from the ‘admin’ principal name..
[11/27/13 15:29:17:614 GMT] 00000a63 LoginContextA I com.polycom.proximo.api.support.servlet.LoginContextAuthSession open Attempting to login to context: proxias-users requiring role: null, locale: en_us
[11/27/13 15:29:17:615 GMT] 00000a63 ProxiasLoginM I com.polycom.proximo.admin.login.ProxiasLoginModule initialize ProxiasLogin : Initialize …
[11/27/13 15:29:17:615 GMT] 00000a63 CustomLoginMo 1 com.polycom.proximo.admin.login.websphere.CustomLoginModuleWS initialize Initializing CustomLoginModuleWS class class com.polycom.proximo.admin.login.websphere.CustomLoginModuleWS
[11/27/13 15:29:17:616 GMT] 00000a63 ProxiasLoginM 1 com.polycom.proximo.admin.login.ProxiasLoginModule login Entering login()
[11/27/13 15:29:17:616 GMT] 00000a63 CustomLoginMo 1 com.polycom.proximo.admin.login.websphere.CustomLoginModuleWS createIdentity Inside CreateIdentity() method the Username : adminprincipalClassName value: com.ibm.security.auth.JAASPrincipal
[11/27/13 15:29:17:617 GMT] 00000a63 ProxiasLoginM I com.polycom.proximo.admin.login.ProxiasLoginModule validatePassword validating password for: LOCAL\admin
[11/27/13 15:29:17:618 GMT] 00000a63 ProxiasLoginM W com.polycom.proximo.admin.login.ProxiasLoginModule validatePassword Failed getting x509 certificate from HttpServletRequest

I highlighted a number of IP addresses all of which did not fit my internal 192.168.x.x addresses. After researching the IP addresses seen in the SystemOut.log I find links to ServerBeach and after a bit more digging I see they are associated with WordPress. Some of the other IP addresses are to WordPress themselves.

What was happening was that the host file entries were being ignored and the VMgr was resolving the domain .collaborationben.com and being directed to WordPress. I had to change the resolv.conf removing the nameserver which was router from all my Sametime 9 servers. After a reboot of all the servers video worked perfectly.

I questioned IBM as to why the host file is ignored but as yet I have not had a response. I’m aware that for the vast majority of people using Sametime 9 they will have DNS configured properly but for those who don’t…….

We all know that LDAP is the biggest threat to Sametime, don’t we? Are we all aware of how that impacts audio and video through business cards?

Well, a customer logged a problem yesterday after audio and video failed on their 8.5.2.1 infrastructure. What made this more difficult to troubleshoot was the fact that last week and we had other problems relating to audio and video which was “taken out” after a network change the weekend prior. With last weeks problem clouding my judgement I went down the route of checking for network and synchronisation issues (last weeks problem) that I failed to look at LDAP.

It wasn’t until I spent some hours checking that last weeks problem hadn’t reared it’s head again that I looked at client side trace and saw the following exception.

CLFRB1232W: When processing the softphone configuration encountered an error: com.ibm.collaboration.realtime.telephony.exception.TelephonyRuntimeException: Required directory or missing required configuration information. Voice and video services are not available. Please contact the administrator.

The error in the client was:

These errors indicate that the UserInfo service isn’t providing the email address to the client’s business card. Audio and video requires the email address to function. This was detailed in a Technote which now seems to be broken http://www-01.ibm.com/support/docview.wss?uid=swg21447891

I also checked the registered bindings in the SSC and saw people connected to the SIP Proxy Registrar with audio and video working for some. Business cards were not showing the email address and in the client trace there was further signs of UserInfo problems.

User attribute search returned 0 attributes for person CN=Joe Bloggs,OU=London,O=ACME (chat01.acme.com)

New DirectoryLookupThread created for [CN=Joe Bloggs,OU=London,O=ACME]
java.lang.Throwable
at com.ibm.collaboration.realtime.people.internal.DirectoryLookupThread.<init>(Unknown Source)
at com.ibm.collaboration.realtime.people.internal.PeopleCacheMgr.loadPersonData(Unknown Source)
at com.ibm.collaboration.realtime.people.internal.PeopleCacheMgr.loadPersonData(Unknown Source)
at com.ibm.collaboration.realtime.people.internal.PeopleCacheEventHandler.handlePartnerInteraction(Unknown Source)
at com.ibm.collaboration.realtime.people.internal.PeopleCacheEventHandler.handleBuddySelected(Unknown Source)
at com.ibm.collaboration.realtime.people.internal.PeopleCacheEventHandler.handleMessageEvent(Unknown Source)
at com.ibm.collaboration.realtime.magiccarpet.MessageEventHandlerProxy.handleMessageEvent(Unknown Source)
at com.ibm.collaboration.realtime.magiccarpet.MessageEventAdapter.processEvent(Unknown Source)
at com.ibm.collaboration.realtime.magiccarpet.messageprocessor.WorkItemRunnable.run(Unknown Source)
at com.ibm.collaboration.realtime.magiccarpet.messageprocessor.WorkThread.run(Unknown Source)

Calling the servlet via a web browser returned the correct results chat01.acme.com/servlet/UserInfoServlet?operation=3&userId=cn=Joe%20Bloggs,ou=London,o=Acme&setid=1.

 <?xml version=”1.0″ encoding=”UTF-8″ ?>
- <userinfo>
- <user id=”cn=Joe Bloggs,ou=London,o=acme“>
<field name=”Name” type=”text/plain”>Joe Bloggs</field>
<field name=”Company” type=”" error=”UNAVAILABLE” />
<field name=”Title” type=”" error=”UNAVAILABLE” />
<field name=”Telephone” type=”" error=”UNAVAILABLE” />
<field name=”MailAddress” type=”text/plain”>Joe.Bloggs@acme.com</field>
<field name=”Location” type=”" error=”UNAVAILABLE” />
<field name=”Photo” type=”" error=”UNAVAILABLE” />
</user>
</userinfo>

This customer has problems with LDAP and changing the max and low pending variables has been tried before but it broke other Sametime components. Until a test environment is provisioned or it is agreed that I can fix forward in production not much can be done with regards to performance tuning.

Anyway, the Community server was restarted this morning and business cards worked and so did audio and video. For the time being.

When testing audio and video via a web browser of mobile phone I would see the following error in a browser when trying to use audio and video in a meeting. Using the thick client worked.

Looking at the SIP Proxy Registrars SystemOut.log I saw the following exceptions.

[2/11/14 18:08:43:660 GMT] 000000a7 LdapPasswordS I LdapPasswordServer  CWSCT0359I: Hashed Credential attributes not found.
[2/11/14 18:08:43:661 GMT] 000000a7 SIPDigestServ E SIPDigestService  CWSCT0340E: Error – cannot retrieve password attribute.

I enabled trace on the SIP PR ( *=info:com.ibm.ws.security.*=all:com.ibm.ws.sip.*=all) and found that the LtpaToken was “undefined.”

REGISTER sip:prcf.collaborationben.com;transport=tls SIP/2.0
Content-Length: 0
Expires: 1800
Max-Forwards: 70
Cookie: LtpaToken=”undefined”
Supported: path, outbound
User-Agent: Sametime-ST9.0-Softphone
Contact: <sip:WebAVClient-Ben.Williams%40collaborationben.com@**********:54303;transport=tls>;methods=”INVITE,ACK,BYE,CANCEL,OPTIONS,INFO,MESSAGE,SUBSCRIBE,NOTIFY,PRACK,UPDATE,REFER”;reg-id=1;+sip.instance=”<urn:uuid:********************>”
Call-ID: *****************@192.0.1.58
CSeq: 1 REGISTER
To: sip:WebAVClient-Ben.Williams%40collaborationben.com@prcf.collaborationben.com
From: WebAVClient-Ben.Williams%40collaborationben.com <sip:WebAVClient-Ben.Williams%40collaborationben.com@prcf.collaborationben.com>;tag=BCF17103-85B0EEA0
Via: SIP/2.0/TLS 192.0.1.58:54303;branch=z9hG4bK42f99901F8B8AD8E

I also saw that when I logged in as an LDAP user the trace showed my file system administrative user.

user:defaultWIMFileBasedRealm/uid=wasadmin,o=defaultWIMFileBasedRealm

The LtpaToken must be working because the SIP PR is in the same cell as the majority of the other application servers and awareness works which means SSO must be working but the above shows that it isn’t. Odd.

I also noticed that if I authenticated with the Community server first and then switched to the meeting server URL, audio and video worked. It was the LtpaToken being provided by the WAS application server that was a problem.

I tried a couple of things such as changing the realm name to match the LDAP server as opposed to the default (defaultWIMFileBasedRealm) but this did not work.

Thankfully Khalid arranged a call with development and he asked me to uncheck “Set security cookies to HTTPOnly to help prevent cross-site scripting attacks.”

After I resynchronised and stopped and started all the application servers and proxies I could then use audio and video in my clients!

This should be making its way into a Technote soon.

During an install of Connections 4.5 I came across a problem when Configuring the IBMConnectionsMetricsAdmin role on Cognos which required me to disable anonymous access in the Cognos Configuration tool (Local Configuration -> Security -> Authentication -> Cognos to set Allow anonymous access? -> False) and save.

On saving I was getting the following error in the client.

I had previously applied 10.1.1 FP001 and believed something had happened during the upgrade.

Googling came up with some suggestions all around cryptography with How to Regenerate Cryptographic Keys seemingly the best way to try and get this working. The problem was that I couldn’t export a copy of the configuration.

I tried various approaches including configuring cogstartup.xml manually removing the encryption variables so no password was set, nothing worked.

The more I Googled and researched IBM/Cognos forums the more Java was mentioned. After burning the best part of a day I started to look at what version of Java was being used.

I have installed on CentOS (not supported I know) and the version of java is as follows.

[root@cognos ~]# java -version
java version “1.7.0_09-icedtea”
OpenJDK Runtime Environment (rhel-2.3.4.1.el6_3-x86_64)
OpenJDK 64-Bit Server VM (build 23.2-b09, mixed mode)

This is reading it from /usr/bin/java.

I didn’t set JAVA_HOME when installing Connections which installs Cognos so what version of Java is it using? I looked at the WebSphere SystemOut.log for the application server and noted that it is using the IBM JRE (/opt/IBM/WebSphere/AppServer/java).

After setting export JAVA_HOME=/opt/IBM/WebSphere/AppServer/java I could save my settings in the Cognos Configuration client.

Yesterday I moved a customers single Sametime 8.0.2 server to a new 8.5.2.1 server. The planning and execution went well apart for pesky iNotes integration with STLinks. The customer isn’t huge so going Sametime 9 with SSC and DB2 really didn’t warrant increased consultancy and support costs and certainly not a Sametime Proxy.

Anyway, the problem I had (which wasn’t happening with 8.0.2) was that in IE awareness wouldn’t appear. The buddy list would load and show users added to local groups and show the public groups but not the public groups content. Firefox and Chrome worked fine.

I enabled the Java console and saw errors when the browser tries to download STLinks from the Community server. The URL the browser was trying to use was prepended with HTTPS but the Community server has not been configured for SSL whilst iNotes has.

I then found the following draft Technote in IBM’s knowledge base which gave me two options, 1) to configure SSL on the Community server or 2) to use STLinks on the iNotes server instead thus meaning that SSL can be used.

I followed the instructions and after restarting HTTP on the two iNotes servers awareness and chat in IE worked.

Problem
sametime connection issue with INotes when SSL is used

Cause
There should be the internet hostname of the sametime server, not the domino name, update the Domino name and restart the inotes server.

Solution
A.  configure SSL on the sametime server

OR

B.  Make the following changes to download all stlinks files from the inotes server, but have the applet continue to contact sametime over http.

On the inotes servers please make the following changes.

1.  In the notes.ini set the following parameter:
iNotes_WA_STLinksCodebase=/sametime/stlinks

2.  Backup the stlinks directory on teh inotes server, replace it with the stlinks directory from the Sametime server

3.  In the hostInfo.js make sure you have the following set:

var HTTP_TUNNELING_PORT=8082;                 ** Note this may also be 80, it depends on the st config, either should be fine, just leave it as it’a already set **
var TUNNELING_ADDRESS=””;

4.  In the stlinks.js
set the following variable to the hostname of the sametime server:
var STHost=”sametime.moi.gov.kw”;

NOTE:  this variable already exists in the file, you simply need to update the value it’s set to.

4.  use the signed stlinks.jar
backup the existing stlinks.jar in lotus/domino/data/domino/html/sametime/stlinks
copy signed/stlinks.jar to the stlinks folder

5.  restart inotes to pick up all the changes
on the client you are testing with delete all temp internet and jvm files (control panel – java) and test inotes again.

I have seen this problem a couple of years ago but didn’t follow it up with IBM through a PMR. For another customer I found the following happened after I applied the latest Sametime Proxy 8.5.2.1 (STProxy) patch available on Fix Central.

After applying the update the stproxyconfig.xml was changed and the bespoke values that were previously there removed. This was odd in itself but after applying the values again through the SSC the values sticked.

The values that were removed are as follows.

Before update:

<appleNotificationHostName>gateway.push.apple.com</appleNotificationHostName>
<appleNotificationPort>2195</appleNotificationPort>
<appleFeedbackHostName>feedback.push.apple.com</appleFeedbackHostName>
<appleFeedbackPort>2196</appleFeedbackPort>

<meeting>
<host>stmeeting.collaborationben.com</host>
<port>80</port>
<type>2</type>
<isSecure>true</isSecure>
</meeting>

After update:

<appleNotificationHostName>gateway.push.apple.com</appleNotificationHostName>
       <appleNotificationPort>2196</appleNotificationPort>
<appleFeedbackHostName>feedback.push.apple.com</appleFeedbackHostName>
<appleFeedbackPort>2196</appleFeedbackPort>

<meeting>
        <host/>
        <port/>
        <type>0</type>
<isSecure>true</isSecure>
</meeting>

After I corrected the Meeting server URL and the appleNotificationPort I synced the node and restarted STProxy.

It wasn’t until making a change to the userTimeout value and applying the change in the SSC I noticed that the value for appleNotificationPort was changed (again) from 2195 to the incorrect value of 2196.

I logged a PMR and was told that the problem with saving the STProxy configuration in the SSC and it changing the appleNotificationPort value was reported in SPR #DMWR8UCR58 and APAR  LO69429.

I have tested on a Sametime 9 Proxy with the latest patch and cannot reproduce the behaviour.

It’s something to be aware of when updating STProxy and making changes in the SSC.

Over the years I have always struggled to get to grips with business cards and particularly photos mainly because I do it for a customer, forget about it and then have to do it again six months later. I have a Sametime 9 build coming up and I wanted to revisit business cards and for once write a conclusive guide which I have decided to share in case it helps anyone else out there.

Note – I have not looked at (yet) the mobile applications and how business cards and photos are obtained from them. I believe that the mobile application needs to have a direct connection to the photo i.e. it needs to be resolvable from the internet, outside your fire wall. There may be a way around this buy using the STProxy setting “The URL where stproxy downloads users’ photos.” This writes to stproxyconfig.xml and instructs STProxy where to obtain photos from so only STProxy needs access to the photos and not the mobile clients in the internet.

I am running the following:

• IBM Sametime 9 HF1 with latest patch.
• IBM Domino 9x LDAP.
• All servers sit on CentOS 6.4.

Where to store your photos?

You have three options although there is only really two:

1. In your LDAP which is the Domino directory in my case.
2. Web server.
3. Domino database.

Option 1 is really a no go. Increasing the size of names.nsf is a no no and can lead to administration problems going forward especially if you have a large user base. So the remaining options are discussed as follows.

Web server

Pretty simple really. Remember though that you cannot force authentication to the web server so anyone can access it but it can be behind a firewall (see notes above). For ease I put my photos on the Community server in /opt/ibm/dominodata/domino/html/sametime/photos/

Domino database

I like this approach for the following reasons:

• You can build in checks for file size, name and case when attaching an image.
• You can control the ACL.
• You could offer a means of bulk uploading files.
• Replicate the database to a server that is accessible to users.
• Stop abuse by only allowing users to edit their own photo.
• Allow a URL template to be followed so all photos are obtainable from a URL such as http://abc.collaborationben.com/bcard.nsf/Ben.Williams@collaborationben.com.jpg. Changing the email address for each user.

I have been using a basic database provided by IBM for my testing purposes so all the good stuff above has been verified by a developer as doable.

Things to remember

• The case of the photo must be as follows, Ben.Williams@collaborationben.com. Mindful of the capital “B” and “W.”
• The size of the file should be small, ideally under 10kb though some Technotes say under 64kb. Smaller is better in this case.
• If you need to clear the cache then delete the following directories (taken from a standalone Connect client on Windows 7).
  • C:\Users\ben williams\AppData\Roaming\IBM\Sametime\.metadata\.plugins\com.ibm.collaboration.realtime.people.impl\PersonCache
  • C:\Users\ben williams\AppData\Roaming\IBM\Sametime\.metadata\.plugins\com.ibm.rcp.bizcard\Cache
• I do not have a database available which does what I want i.e. provide a URL template so I have to fudge it in my steps but you should get the idea.
  • The URL template is really only required for meetings BUT it makes sense to keep all the values the same.

Photos using a database

Notes client

Create a form in bcard.nsf attaching the image and adding your email address. The email address is used to look up your image.

Update your person document with the URL to your photo. Ideally this will use a URL template but for my purposes I have used the fixed URL

Stop your Community server and locate UserInfoConfig.xml. Make a back up of the file and then edit it.

Add your bind username and password whihc will be removed and encrypted automatically later. Importantly add the text in bold.

<?xml version =”1.0″ encoding=”UTF-8″ ?>
<!– ***************************************************************** –>
<!–                                                                   –>
<!– IBM Confidential                                                  –>
<!–                                                                   –>
<!– OCO Source Materials                                              –>
<!–                                                                   –>
<!– (C) Copyright IBM Corp. 2006                                      –>
<!–                                                                   –>
<!– The source code for this program is not published or otherwise    –>
<!– divested of its trade secrets, irrespective of what has been      –>
<!– deposited with the U.S. Copyright Office.                         –>
<!–                                                                   –>
<!– ***************************************************************** –>

<UserInformation>
<Resources>
<Storage type=”LDAP”>
<StorageDetails  HostName=”****.collaborationben.com” Port=”389″  UserName=”” Password=”” UserEncodedAuth=”*****************************” SslEnabled=”false”  SslPort=”636″ BaseDN=””  Scope=”2″ SearchFilter=”(&(objectclass=organizationalPerson)(|(cn=%s)(givenname=%s)(sn=%s)(mail=%s)))”/>
<!– Add another StorageDetails tag to support another ldap server. The listing order implies the searching order –>

<!– Scope: 0=OBJECT_SCOPE 1=ONELEVEL_SCOPE 2=SUBTREE_SCOPE–>
<SslProperties KeyStorePath=””  KeyStorePassword=””/>
<Details>
<Detail Id=”MailAddress” FieldName=”mail” Type=”text/plain”/>
<Detail Id=”Name”  FieldName=”cn” Type=”text/plain”/>
<Detail Id=”Title”  FieldName=”title” Type=”text/plain”/>
<Detail Id=”Location”  FieldName=”postalAddress” Type=”text/plain”/>
<Detail Id=”Telephone”  FieldName=”mobile,telephoneNumber” Type=”text/plain”/>
<Detail Id=”Company” FieldName=”ou” Type=”text/plain”  />
jpeg”  />
</Details>
</Storage>

<Storage type=”NOTES_CUSTOM_DB”>
<StorageDetails DbName=”bcard.nsf” View=”viewPerson”/>
<Details>
jpeg”/>
</Details>
</Storage>

</Resources>

<ParamsSets>
<Set SetId=”0″ params=”MailAddress,Name,Title,Location,Telephone,Photo,Company”/>
<Set SetId=”1″ params=”MailAddress,Name,Title,Location,Telephone,Photo,Company”/>
</ParamsSets>
<BlackBoxConfiguration>
<BlackBox  type=”LDAP” name=”com.ibm.sametime.userinfo.userinfobb.UserInfoLdapBB”  MaxInstances=”5″ />
<BlackBox type=”NOTES_CUSTOM_DB” name=”com.ibm.sametime.userinfo.userinfobb.UserInfoNotesCustomBB” MaxInstances=”4″/>

</BlackBoxConfiguration>

</UserInformation>

Save and close and in the SSC (Sametime System Console – Sametime Servers – Sametime Community Servers – Deployment Identifier – Business Card) configure the following in line with the image.

Note: The photo value is “user defined” and blank to ensure it is retrieved from the secondary repository (the Notes application) and not from the primary repository, which is the LDAP directory.

mobile,telephoneNumber

I added two values here so that both my office and mobile numbers appear on the same line in the business card. You can read more here.

At this point I hit a snag and a photo wasn’t appearing in my client. I added the following to the sametime.ini.

[Debug]
USERINFO_DEBUG_LEVEL=5

After restarting the Community server I got the following in STUserInfoSA*.txt in the Trace directory.

[ 11:23:27.664 | 19.08.2014 | INFO | 22 ] : ImageExtractor : extractImage : export field to XML is now completed.
[ 11:23:27.678 | 19.08.2014 | SEVERE | 22 ] : ImageExtractor : extractImage : extractImage Exception:
com.ibm.sametime.userinfo.userinfobb.ImageExtractor$ImageNotFoundException: Image file type not supported: williams@collaborationben.com.jpg
at com.ibm.sametime.userinfo.userinfobb.ImageExtractor$ImageParsingHandler.handleFileDataTag(ImageExtractor.java:240)
at com.ibm.sametime.userinfo.userinfobb.ImageExtractor$ImageParsingHandler.startElement(ImageExtractor.java:188)

I changed the file name and attached it to my form in bcard.nsf again and the photo appeared.

A good test at this point is to call the UserInfoServlet from a web browser. The URL will be something like http://communityserver.collaborationben.com/servlet/UserInfoServlet?operation=3&userId=CN=ben%20williams,O=Collaborationben&setid=1

You should see the xml data that makes up the business card. Most importantly you want to see the binary data where the photo should be.

If you see “UNAVAILABLE” or similar then enable trace.

You should see.

Sametime Proxy

Open UserInfoConfig.xml and add the values in bold.

<Detail Id=”Location”  FieldName=”postalAddress” Type=”text/plain”/>
telephoneNumber” Type=”text/plain”/>
<Detail Id=”Company” FieldName=”ou” Type=”text/plain”  />
jpeg”  />
PhotoURL” FieldName=”PhotoURL” Type=”text/plain”/>
</Details>
</Storage>

<Storage type=”NOTES_CUSTOM_DB”>
<StorageDetails DbName=”bcard.nsf” View=”viewPerson”/>
<Details>
jpeg”/>
</Details>
</Storage>

</Resources>

<ParamsSets>
<Set SetId=”0″ params=”MailAddress,Name,Title,Location,Telephone,Photo,PhotoURL,Company”/>
<Set SetId=”1″ params=”MailAddress,Name,Title,Location,Telephone,Photo,PhotoURL,Company”/>
</ParamsSets>

Restart the Community server and Sametime Proxy.

What is odd is why the address doesn’t appear in the STProxy web client but it does in the thick client. Hmm..

Photos in meetings using web server

The meeting server uses a different approach and does not use the PhotoURL value in you person document. I guess this is because they do not want VMM from having to lookup to LDAP and then follow the URL to another source. So, with this in mind it uses a URL template which I mentioned previously.

Since my database doesn’t allow for anything fancy I have had to cheat and copy the image that is attached to my form in bcard.nsf to /opt/ibm/dominodata/domino/html/sametime/photos/ and save it Ben.Williams@collaborationben.com.jpg. The case matters. It may matter because I am using Linux or it could be because Java cares too.

In the SSC go to (Sametime System Console – Sametime Servers – Sametime Meeting Servers – Deployment Identifier) and change the values as follows:

userInfoImageAttr – You can enter anything here, it doesn’t matter.
userInfoRedirect – true
userInfoUrlTemplate – http://communityserver.collaborationben.com/sametime/photos/{0}.jpg

Explanation:

userInfoImageAttr – this will use an LDAP attribute and is ignored if userInfoRedirect is set to true. This is used when you have uploaded your image to LDAP.
userInfoRedirect – set to true so that the userInfoUrlTemplate is used. Set to false and userInfoImageAttr is used.
userInfoUrlTemplate – This is a URL template where you will store your images.

Apply and OK the changes and restart the meeting server.

On joining your meeting room you will see the following written to the SystemOut.log.

[8/19/14 15:31:27:797 BST] 0000010b ServletWrappe I com.ibm.ws.webcontainer.servlet.ServletWrapper init SRVE0242I: [Sametime Meeting Server] [/userinfo] [ImageServlet]: Initialization successful.
[8/19/14 15:31:27:802 BST] 0000010b ImageServlet  I   UserInfo template URL changed from[] to[http://communityserver.collaborationben.com/sametime/photos/{0}.jpg], flushing cache

You will see an image but if you initiate the business card that will use STProxy.

In the client the image will be taken from client via UserInfoServlet and the normal client based business card.

Finally, if you do not want to use a Domino database and put all your images on a web server then take a look at what follows.

Web server

Edit UserInfoConfig.xml as follows. Take notice of the bold test.

<?xml version =”1.0″ encoding=”UTF-8″ ?>
<!– ***************************************************************** –>
<!–                                                                   –>
<!– IBM Confidential                                                  –>
<!–                                                                   –>
<!– OCO Source Materials                                              –>
<!–                                                                   –>
<!– (C) Copyright IBM Corp. 2006                                      –>
<!–                                                                   –>
<!– The source code for this program is not published or otherwise    –>
<!– divested of its trade secrets, irrespective of what has been      –>
<!– deposited with the U.S. Copyright Office.                         –>
<!–                                                                   –>
<!– ***************************************************************** –>

<UserInformation>
<ReadStConfigUpdates value=”false”/>
<Resources>
<Storage type=”LDAP”>
<StorageDetails  HostName=”ldap.collaborationben.com” Port=”389″  UserName=”” Password=”” UserEncodedAuth=”Y249c3Q5LWJpbmQsbz1jb2xsYWJvcmF0aW9uYmVuOnBhc3N3MHJk” SslEnabled=”false”  SslPort=”636″ BaseDN=””  Scope=”2″ SearchFilter=”(&(objectclass=organizationalPerson)(|(cn=%s)(givenname=%s)(sn=%s)(mail=%s)))”/>
<!– Add another StorageDetails tag to support another ldap server. The listing order implies the searching order –>

<!– Scope: 0=OBJECT_SCOPE 1=ONELEVEL_SCOPE 2=SUBTREE_SCOPE–>
<SslProperties KeyStorePath=””  KeyStorePassword=””/>
<Details>
<Detail Id=”MailAddress” FieldName=”mail” Type=”text/plain”/>
<Detail Id=”Name”  FieldName=”cn” Type=”text/plain”/>
<Detail Id=”Title”  FieldName=”title” Type=”text/plain”/>
<Detail Id=”Location”  FieldName=”postalAddress” Type=”text/plain”/>
telephoneNumber” Type=”text/plain”/>
<Detail Id=”Company” FieldName=”companyname” Type=”text/plain”  />
PhotoURL” FieldName=”PhotoURL” Type=”text/plain”/>
ImagePath” FieldName=”PhotoURL” Type=”text/plain”/>
</Details>
</Storage>

</Resources>

<ParamsSets>
<Set SetId=”0″ params=”MailAddress,Name,Title,Location,Telephone,PhotoURL,ImagePath,Company”/>
<Set SetId=”1″ params=”MailAddress,Name,Title,Location,Telephone,PhotoURL,ImagePath,Company”/>
</ParamsSets>
<BlackBoxConfiguration>
<BlackBox  type=”LDAP” name=”com.ibm.sametime.userinfo.userinfobb.UserInfoLdapBB”  MaxInstances=”5″ />

</BlackBoxConfiguration>

</UserInformation>

You’ll notice that the custom database (bcard.nsf) has been removed. There’s no need for it now we are using a web server to host the images.

<ReadStConfigUpdates value=”false”/>
This setting, when set to false, will force the STUserInfo SA to use the configuration information stored in UserInfoConfig.xml rather than the settings in the SSC (Sametime System Console – Sametime Servers – Sametime Community Servers – Deployment Identifier – Business Card). Without setting this value as false you would not be able to add ImagePath which is what the Notes client needs to display the URL based jpg.

PhotoURL
This value will be used by STProxy and is linked in the UserInfoConfig.xml to PhotoURL on the user’s person document.

ImagePath
This is used by the Notes client to find the image from the web server.

Make the changes and restart the Community server and probably STProxy and meetings for good measure. Remember you have already set the URL template for meetings.

The results are the same as in my previous screen shots.

The web server approach can be used for populating images from Connections and there are a number of good Technotes and blogs from others as to what URL template to use. You can even configure STProxy to use the Connections business card which provide Profiles, Blogs and more data in the business card. I haven’t yet populated it with my Connections 5 business card but will get around to it soon.

UPDATE

Cormac O’Leary (Team Lead of Sametime PMR team in Dublin) pinged me an email and suggested that I add the DisplaySeparator detailed here. The documentation says to use…

FieldName=”telephoneNumber,mobile” Type=”text/plain” DisplaySeparator=”/”/>

This didn’t work for me but Cormac’s example had additional spaces which are not documented in the Knowledge Center.

I updated my UserInfoConfig.xml and changed my person document so you don’t know my mobile and home address as follows.

<?xml version =”1.0″ encoding=”UTF-8″ ?>
<!– ***************************************************************** –>
<!–                                                                   –>
<!– IBM Confidential                                                  –>
<!–                                                                   –>
<!– OCO Source Materials                                              –>
<!–                                                                   –>
<!– (C) Copyright IBM Corp. 2006                                      –>
<!–                                                                   –>
<!– The source code for this program is not published or otherwise    –>
<!– divested of its trade secrets, irrespective of what has been      –>
<!– deposited with the U.S. Copyright Office.                         –>
<!–                                                                   –>
<!– ***************************************************************** –>

<UserInformation>
<ReadStConfigUpdates value=”false”/>
<Resources>
<Storage type=”LDAP”>
<StorageDetails  HostName=”ldap.collaborationben.com” Port=”389″  UserName=”” Password=”” UserEncodedAuth=”Y249c3Q5LWJpbmQsbz1jb2xsYWJvcmF0aW9uYmVuOnBhc3N3MHJk” SslEnabled=”false”  SslPort=”636″ BaseDN=””  Scope=”2″ SearchFilter=”(&amp;(objectclass=organizationalPerson)(|(cn=%s)(givenname=%s)(sn=%s)(mail=%s)))”/>
<!– Add another StorageDetails tag to support another ldap server. The listing order implies the searching order –>

<!– Scope: 0=OBJECT_SCOPE 1=ONELEVEL_SCOPE 2=SUBTREE_SCOPE–>
<SslProperties KeyStorePath=””  KeyStorePassword=””/>
<Details>
<Detail Id=”MailAddress” FieldName=”mail” Type=”text/plain”/>
<Detail Id=”Name”  FieldName=”cn” Type=”text/plain”/>
<Detail Id=”Title”  FieldName=”title” Type=”text/plain”/>
<Detail Id=”Location”  FieldName=”officestreetaddress,l,st,postalcode,c” DisplaySeparator=” / ” Type=”text/plain”/>
<Detail Id=”Telephone”  FieldName=”mobile,telephoneNumber” DisplaySeparator=” / ” Type=”text/plain”/>
<Detail Id=”Company” FieldName=”companyname,department” DisplaySeparator=” / ” Type=”text/plain”/>
<Detail Id=”PhotoURL” FieldName=”PhotoURL” Type=”text/plain”/>
<Detail Id=”ImagePath” FieldName=”PhotoURL” Type=”text/plain”/>
</Details>
</Storage>

</Resources>

<ParamsSets>
<Set SetId=”0″ params=”MailAddress,Name,Title,Location,Telephone,PhotoURL,ImagePath,Company”/>
<Set SetId=”1″ params=”MailAddress,Name,Title,Location,Telephone,PhotoURL,ImagePath,Company”/>
</ParamsSets>
<BlackBoxConfiguration>
<BlackBox  type=”LDAP” name=”com.ibm.sametime.userinfo.userinfobb.UserInfoLdapBB”  MaxInstances=”5″ />

</BlackBoxConfiguration>

</UserInformation>

I opted for a forward slash to use as the display separator, you could use pipes or whatever, see what works.

The results are as follows and they look better.

One thing you might want to consider is if you are using a telephony solution like SUT which relies on telephone numbers in the business cards for click to call. Having various numbers on the same Detail Id may cause problems but it’s something to test.

The customer told me that his search index never completed correctly when Connections was initially deployed and now users are complaining that search results do not contain CCM documents.

The customer had tried recreating the index but to no avail and called me to take a look.

I first enabled trace on one of the infrastructure nodes (*=info: com.ibm.connections.search.index.indexing.*=all: com.ibm.connections.search.seedlist.*=all: com.ibm.connections.httpClient.*=all: com.ibm.connections.search.index.indexing.EcmFilesIndexer=all) as detailed in http://www-01.ibm.com/support/docview.wss?uid=swg21636559

I then created a back ground index as detailed in, Creating a back ground index and tailed the trace.log and SystemOut.log. To create the background index I ran the following commands on the Windows server.

cd c:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin

wsadmin.bat -lang jython -username wasadmin -password ********

execfile(“searchAdmin.py”)

SearchService.startBackgroundIndex(“c:/IBM/Connections/background/crawl”, “c:/IBM/Connections/background/extracted”, “c:/IBM/Connections/background/index”, “ecm_files”)

I found that the indexing process finished abruptly about 3500 documents in (with another 6500 odd remaining).

[10/09/14 09:15:59:293 BST] 0000007a SeedlistPagin < com.ibm.connections.search.seedlist.parser.impl.SeedlistPaginationHandler resolve RETURN https://connections.acme.com/dm/atom/library/8DB6D184-AAF5-41F3-A28D-D1B7BEF17967%3BC11D230C-66A5-4CEB-8906-EAB19DFE0B8D/document/%7B5DEBC165-CDF6-4672-8300-A3345507867F%7D/media/%33%35%20%28%32%30%31%34%29%20%34%33%2d%38%35%20%54%68%65%20%53%79%73%74%65%6d%73%20%54%61%6e%74%6164%66?follow=true
[10/09/14 09:15:59:293 BST] 0000007a SystemErr     R   [Fatal Error] :23466:346: An invalid XML character (Unicode: 0x2) was found in the element content of the document.
[10/09/14 09:15:59:293 BST] 0000007a SeedlistEntry 2 com.ibm.connections.search.seedlist.crawler.impl.SeedlistEntryIterator hasNext CLFRW0063E: SAX parser error.
org.xml.sax.SAXParseException: An invalid XML character (Unicode: 0x2) was found in the element content of the document.
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
at com.ibm.connections.search.seedlist.crawler.impl.SeedlistPage.parse(SeedlistPage.java:86)
at com.ibm.connections.search.seedlist.crawler.impl.SeedlistEntryIterator.hasNext(SeedlistEntryIterator.java:102)
at com.ibm.connections.search.index.process.work.IndexingWork.run(IndexingWork.java:205)
at com.ibm.connections.search.index.process.initial.InitialProcess.index(InitialProcess.java:493)
at com.ibm.connections.search.index.process.initial.InitialProcess.index(InitialProcess.java:444)
at com.ibm.connections.search.index.process.initial.InitialProcess.run(InitialProcess.java:332)
at com.ibm.ws.asynchbeans.J2EEContext$RunProxy.run(J2EEContext.java:265)
at java.security.AccessController.doPrivileged(AccessController.java:229)
at com.ibm.ws.asynchbeans.J2EEContext.run(J2EEContext.java:1165)
at com.ibm.ws.asynchbeans.WorkWithExecutionContextImpl.go(WorkWithExecutionContextImpl.java:199)
at com.ibm.ws.asynchbeans.CJWorkItemImpl.run(CJWorkItemImpl.java:236)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1690)

I took the URL (which has been edited) and logged in using an administrative account and was provided with a pdf. I initially believed that it must have been the contents of the document that caused the problem so I uploaded the same document to a 4.5 CR4 server I run in the lab and couldn’t reproduce the problem.

I raised a PMR and they came back and said that problem is likely to be due a special character in the description and not in the document itself.

I looked at the trace.log and found reference to the seedlist xml that was being processed at the time.

[10/09/14 09:52:26:121 BST] 0000007a SeedlistPersi > com.ibm.connections.search.seedlist.crawler.impl.SeedlistPersistenceManager getSeedlistDirs ENTRY ecm_files
[10/09/14 09:52:26:121 BST] 0000007a SeedlistPersi < com.ibm.connections.search.seedlist.crawler.impl.SeedlistPersistenceManager getSeedlistDirs RETURN ecm_files, [c:\IBM\Connections\background\crawl\seedlists-ecm_files-initial-1410267828454]
[10/09/14 09:52:26:121 BST] 0000007a SeedlistPersi < com.ibm.connections.search.seedlist.crawler.impl.SeedlistPersistenceManager getSeedlistDir RETURN c:\IBM\Connections\background\crawl\seedlists-ecm_files-initial-1410267828454
[10/09/14 09:52:26:121 BST] 0000007a SeedlistFetch 3   seedlistFile = [c:\IBM\Connections\background\crawl\seedlists-ecm_files-initial-1410267828454\1410267828454-00007.xml]
[10/09/14 09:52:26:121 BST] 0000007a SeedlistFetch 2   Retrieving seedlist content: https://connections.acme.com/dm/atom/seedlist/myserver?useLocalFS=true&Start=3500&Action=GetDocuments&Format=xml&Range=500
[10/09/14 09:52:26:121 BST] 0000007a SeedlistFetch 3   Retrieving seedlist from file: 1410267828454-00007.xml

I opened the xml in Notepad++ and searched for the document name which I obtained from the URL previously and found a match. In one of the fields I see the following.

I provided the community and library that the document resided in and the customer couldn’t view the description data in the web browser. The customer made some changes to the field via the FileNet interface and once the special character was removed the data showed in the web browser.

To check whether the index is created correctly after this change I ran the background index again but wrote the files to a new location. If you run the command again to the same location as the initial background index then it will fail  because the seedlist will not have been recreated and the original special character is retained.

To speed things up, copy the extracted files from the previ0us location to the new extracted files. This customer had over ten thousand CCM documents so extracting them all again was time consuming.

I had to iterate this process four times until all the special characters were removed. Once you have an INDEX.READY file then I repeated the process for all the applications by copying over the extracted files and using SearchService.startBackgroundIndex(“c:/IBM/Connections/background/crawl”, “c:/IBM/Connections/background/extracted”, “c:/IBM/Connections/background/index”, “all_configured”) which built an index successfully.

I then used the steps in the IBM wiki to replace the current with the new index.

It turns out that the customer used a scripted import facility to import all the documents into CCM and this process introduced these characters.

I am installing Sametime 9 for a customer but had a prickly moment after installing the VMGR on RHEL 6.5.

After installing I couldn’t access the VMGR from the SSC, it was registered, I couldn’t get access to the SIP peer and other details. Looking in the VMGR SystemOut.log I saw the following:

[10/13/14 12:24:02:709 BST] 000000a0 APIAuthorizat I com.polycom.proximo.api.support.servlet.APIAuthorizationFilter passLicensingTest API Licensing: rejecting request; API is not licensed and not a peer request.
[10/13/14 12:24:02:733 BST] 000000a0 APIAuthorizat I com.polycom.proximo.api.support.servlet.APIAuthorizationFilter doFilter API Licensing: rejected request from address [x.x.x.x].
[10/13/14 12:24:02:742 BST] 0000009c DMANodeImpl   E   Error Fetching Active Conferences
[10/13/14 12:24:02:746 BST] 0000009c DMANodeImpl   E DMANone Impl updateConferenceList() Failed to get conference-list
com.ibm.sametime.vmgrloadbalancer.exception.DMAUnavailableException: Failed to get conference-list
at com.ibm.sametime.vmgrloadbalancer.core.dma.DMANodeImpl.updateConferenceList(DMANodeImpl.java:402)
at com.ibm.sametime.vmgrloadbalancer.core.dma.DMANodeImpl.poll(DMANodeImpl.java:274)
at com.ibm.sametime.vmgrloadbalancer.core.dma.DMANodeMonitor.run(DMANodeMonitor.java:28)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:450)

[10/13/14 13:03:55:759 BST] 00000041 DmaStartupSer E com.polycom.proximo.startup.DmaStartupServlet init Startup Serlvet experienced Problems: java.lang.RuntimeException: System version is null
java.lang.RuntimeException: System version is null
at com.polycom.proximo.service.core.CoreUtil.getSystemVersion(CoreUtil.java:90)
at com.polycom.proximo.core.mbean.CoreService.getSystemVersion(CoreService.java:415)
at com.polycom.proximo.core.cfs.CFS.resolveFeatures(CFS.java:152)
at com.polycom.proximo.core.cfs.CFS.start(CFS.java:50)
at com.polycom.proximo.core.mbean.CFSService.startService(CFSService.java:61)
at com.polycom.proximo.core.mbean.CFSServiceRuntimeExt.initialize(CFSServiceRuntimeExt.java:53)
at com.polycom.proximo.startup.DmaStartupServlet.init(DmaStartupServlet.java:138)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:338)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.init(ServletWrapperImpl.java:168)

Having access to the Lotus Software Knowledge Base via a Notes client allowed me to find Technote 1682860 “VMGR dma fails to start resulting in licensing and rejecting connections for conferences” which is at a status of “draft information.”

I raised a PMR and quickly I got a response with a hotfix RVVV-9L2CFZ.

Performing the steps to apply it worked a treat.

VMGR dma fails to start resulting in licensing and rejecting connections for conferences
Product:
IBM Sametime  >  Media Manager  >  Versions 9.0.0.1, 9.0
Platform(s):
Linux
Edition(s):
Complete
Doc Number:
1682860

Draft Information – Subject to change.  Updated   27/08/2014
Technote

Problem

VMGR loads but with Licensing errors, and rejects all connections
System.out shows this DMAStartup error
[8/27/14 8:55:30:210 EDT] 00000043 DmaStartupSer E com.polycom.proximo.startup.DmaStartupServlet init Startup Serlvet experienced Problems: java.lang.RuntimeException: System version is null
java.lang.RuntimeException: System version is null
at com.polycom.proximo.service.core.CoreUtil.getSystemVersion(CoreUtil.java:90)
at com.polycom.proximo.core.mbean.CoreService.getSystemVersion(CoreService.java:415)
at com.polycom.proximo.core.cfs.CFS.resolveFeatures(CFS.java:152)
at com.polycom.proximo.core.cfs.CFS.start(CFS.java:50)
at com.polycom.proximo.core.mbean.CFSService.startService(CFSService.java:61)
at com.polycom.proximo.core.mbean.CFSServiceRuntimeExt.initialize(CFSServiceRuntimeExt.java:53)
at com.polycom.proximo.startup.DmaStartupServlet.init(DmaStartupServlet.java:138)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:338)

ADDITIONAL ERROR THAT ARE A RESULT OF THE DMA FAILING (VMGR system.out)
[8/27/14 8:55:33:411 EDT] 00000043 webapp        E com.ibm.ws.webcontainer.webapp.WebApp commonInitializationFinally SRVE0266E: Error occured while initializing servlets: {0}
javax.servlet.ServletException: Resource class com.polycom.proximo.api.conference.PlcmConferenceResourceImpl can not be instantiated due to InvocationTargetException
at org.apache.cxf.jaxrs.servlet.CXFNonSpringJaxrsServlet.createSingletonInstance(CXFNonSpringJaxrsServlet.java:330)
at org.apache.cxf.jaxrs.servlet.CXFNonSpringJaxrsServlet.getResourceProviders(CXFNonSpringJaxrsServlet.java:291)
at org.apache.cxf.jaxrs.servlet.CXFNonSpringJaxrsServlet.init(CXFNonSpringJaxrsServlet.java:107)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:338)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.init(ServletWrapperImpl.java:168)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.loadOnStartupCheck(ServletWrapper.java:1363)
at com.ibm.ws.webcontainer.webapp.WebApp.doLoadOnStartupActions(WebApp.java:606)
at com.ibm.ws.webcontainer.webapp.WebApp.commonInitializationFinally(WebApp.java:576)
at com.ibm.ws.webcontainer.webapp.WebAppImpl.initialize(WebAppImpl.java:425)
at com.ibm.ws.webcontainer.webapp.WebGroupImpl.addWebApplication(WebGroupImpl.java:88)
at com.ibm.ws.webcontainer.VirtualHostImpl.addWebApplication(VirtualHostImpl.java:169)
at com.ibm.ws.webcontainer.WSWebContainer.addWebApp(WSWebContainer.java:749)
at com.ibm.ws.webcontainer.WSWebContainer.addWebApplication(WSWebContainer.java:634)
at com.ibm.ws.webcontainer.component.WebContainerImpl.install(WebContainerImpl.java:426)
at com.ibm.ws.webcontainer.component.WebContainerImpl.start(WebContainerImpl.java:718)
at com.ibm.ws.runtime.component.ApplicationMgrImpl.start(ApplicationMgrImpl.java:1175)
at com.ibm.ws.runtime.component.DeployedApplicationImpl.fireDeployedObjectStart(DeployedApplicationImpl.java:1370)
at com.ibm.ws.runtime.component.DeployedModuleImpl.start(DeployedModuleImpl.java:639)
at com.ibm.ws.runtime.component.DeployedApplicationImpl.start(DeployedApplicationImpl.java:968)
at com.ibm.ws.runtime.component.ApplicationMgrImpl.startApplication(ApplicationMgrImpl.java:774)
at com.ibm.ws.runtime.component.ApplicationMgrImpl.start(ApplicationMgrImpl.java:2182)
at com.ibm.ws.runtime.component.CompositionUnitMgrImpl.start(CompositionUnitMgrImpl.java:445)
at com.ibm.ws.runtime.component.CompositionUnitImpl.start(CompositionUnitImpl.java:123)
at com.ibm.ws.runtime.component.CompositionUnitMgrImpl.start(CompositionUnitMgrImpl.java:388)
at com.ibm.ws.runtime.component.CompositionUnitMgrImpl.access$500(CompositionUnitMgrImpl.java:116)
at com.ibm.ws.runtime.component.CompositionUnitMgrImpl$CUInitializer.run(CompositionUnitMgrImpl.java:994)
at com.ibm.wsspi.runtime.component.WsComponentImpl$_AsynchInitializer.run(WsComponentImpl.java:502)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1862)

As a result you may see rejecting errors on Media Components
[8/15/14 8:47:38:260 EDT] 000000a1 APIAuthorizat I com.polycom.proximo.
api.support.servlet.APIAuthorizationFilter passLicensingTest API
Licensing: rejecting request; API is not licensed and not a peer
request.
[8/15/14 8:47:38:260 EDT] 000000a1 APIAuthorizat I com.polycom.proximo.
api.support.servlet.APIAuthorizationFilter doFilter API Licensing:
rejected request from address [n.n.n.n].

Conference Focus Manager
[8/15/14 8:41:52:808 EDT] 00000109 DMARestClient I   HTTPException response code : 403
[8/15/14 8:41:52:808 EDT] 00000109 TemplateCache E   Failed to fetch template list
com.ibm.vmgrconnector.exception.
InternalServerException: org.apache.cxf.transport.http.HTTPException:
HTTP response ‘403: Forbidden’ when communicating with https://YourVMGRHost:8443/api/rest/conference-templates
at com.ibm.vmgrconnector.core.DMAClient.getConferenceTemplateList(DMAClient.java:154)
at com.ibm.vmgrconnector.core.TemplateCache$TemplateMonitor.fetchTemplateList(TemplateCache.java:48)
at com.ibm.vmgrconnector.core.TemplateCache$TemplateMonitor.run(TemplateCache.java:41)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java: 450)
at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:328)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:161)
at java.util.concurrent.
ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:109)
at java.util.concurrent.
ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodic(ScheduledThreadPoolExecutor.java:191)
at java.util.concurrent.
ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:215)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:908)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:931)
at java.lang.Thread.run(Thread.java:773)
Caused by: org.apache.cxf.transport.http.HTTPException: HTTP response ‘403: Forbidden’ when communicating with https://YourVMGRHost:8443/api/rest/conference-templates
at com.ibm.vmgrconnector.util.HttpUtil.checkForErrors(HttpUtil.java: 177)
at com.ibm.vmgrconnector.web.DMARestClient$1.handleResponse(DMARestClient.java:318)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:735)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:717)
at com.ibm.vmgrconnector.web.DMARestClient.sendHttpRequest(DMARestClient.java:328)
at com.ibm.vmgrconnector.web.DMARestClient.get(DMARestClient.java:211)
at com.ibm.vmgrconnector.core.DMAClient.getConferenceTemplateList
(DMAClient.java:148)
… 11 more

Diagnosing the problem
System.out shows this DMAStartup error which is the core issue.

[8/27/14 8:55:30:210 EDT] 00000043 DmaStartupSer E com.polycom.proximo.startup.DmaStartupServlet init Startup Serlvet experienced Problems: java.lang.RuntimeException: System version is null
java.lang.RuntimeException: System version is null
at com.polycom.proximo.service.core.CoreUtil.getSystemVersion(CoreUtil.java:90)
at com.polycom.proximo.core.mbean.CoreService.getSystemVersion(CoreService.java:415)
at com.polycom.proximo.core.cfs.CFS.resolveFeatures(CFS.java:152)
at com.polycom.proximo.core.cfs.CFS.start(CFS.java:50)
at com.polycom.proximo.core.mbean.CFSService.startService(CFSService.java:61)
at com.polycom.proximo.core.mbean.CFSServiceRuntimeExt.initialize(CFSServiceRuntimeExt.java:53)
at com.polycom.proximo.startup.DmaStartupServlet.init(DmaStartupServlet.java:138)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:338)

Resolving the problem
Contact IBM support and request a hotfix RVVV-9L2CFZ to resolve VMGR startup issues.