I had a few problems with a customer’s deployment of Sametime 9 which probably come down to deployment plans and the order of the servers being installed.

During installation I had problems detailed in “System version is null” on new IBM Sametime Video Manager installation which forced me to uninstall the VMGR and install again with a new deployment plan. The outcome of this was that I could not administer the default policies nor create new Media Manager policies in the SSC, I saw the following error, “AIDSC#####: Could not connect to Sametime Video Manager. Either VMgr is not installed or server is not up. Please retry after installing VMgr or starting it.”

1

I saw in the deployment manager SystemOut.log “[17/10/14 17:02:04:101 BST] 00000220 SametimeVmgrU E   Forbidden” but nothing much else to write home about.

I raised a PMR with IBM and gathered some trace and sent it off. The PMR ended up with Ankit Vij in L3 who worked as a developer on the propagation of policies from the SSC to the VMGR.

After some to’ing and fro’ing it was identified that there were missing credentials in the DEPLOYMENT table of the SSC database. In the DEPCONF  column of the Conference Manager deployment plan lies XML data. In the data are two fields VMGRUSER and VMGRPASSWORD. In the customer’s data these values were empty, this is why the SSC couldn’t access the VMGR’s policies.

There are few ways in which to edit the data, Data Studio is nice and easy and can export the table, edit it and then import it again in no time at all but as I was accessing their environment using Citrix this wasn’t an option because I couldn’t install any software. Using the CLI was the only way to do it.

My first attempts of using the DB2 EXPORT command failed because the tables have LOBs which are truncated when you export the data to a csv file. The way around it is to export to a csv file but also export all the data to LOB files. This can be achieved using the following command.

C:\Windows\system32>db2 “export to d:\export\deployment.csv of del lobs to d:\export\lobs\ modified by lobsinsepfiles select * from ssc.deployment”
SQL3104N  The Export utility is beginning to export data to file
“d:\export\deployment.csv”.

This produces a csv. Where there was LOB data a .lob file is produced and the csv details which number .lob file holds the information for that particular entry.

Once I had found the .lob file referenced for the Conference Manager deployment plan in the DEPCONF  column I had to copy the contents of the .lob to a new text file.

The VMGRUSER and VMGRPASSWORD values were empty so I then updated them with wasadmin (could be admin/admin) and the password associated with it.

Next I had to add to the beginning of the xml data UPDATE SSC.DEPLOYMENT SET DEPCONF=’ and to the end ‘ WHERE DEPID=’14908a6aa1d-00000000000a-MediaDep’

The DEPID is easy to come about and is listed DEPID column for the Conference Manager deployment plan.

The end result is a single line containing 18000+ characters looking something like this.

UPDATE SSC.DEPLOYMENT SET DEPCONF='<?xml version=”1.0″ encoding=”UTF-8″?>………………………….</parameter></parameters></Config>’ WHERE DEPID=’14908a6aa1d-00000000000a-MediaDep’

As the command was too large to paste into the CLI I saved it to a .sql file.

I stopped STConsoleServer, the node agent and the deployment manager.

Before changing the database I needed to back it up.

C:\Windows\system32>db2 backup database stsc
SQL1035N  The database is currently in use.  SQLSTATE=57019

I then needed to force the application connections from the database.

C:\Windows\system32>db2 list applications

Auth Id  Application    Appl.      Application Id                                                 DB       # of
Name           Handle                                                                    Name    Agents
——– ————– ———- ————————————————————– ——– —–
DB2ADMIN db2jcc_applica 41961      192.168.x.x.49442.141124093130                              STSC     1
DB2ADMIN db2jcc_applica 45374      192.168.x.x.61230.141125142939                              STMS     1
DB2ADMIN db2jcc_applica 45483      192.168.x.x.61666.141125152718                              STMS     1
DB2ADMIN db2jcc_applica 41949      192.168.x.x.49385.141124093116                              STMS     1

C:\Windows\system32>db2 force application(41961)
DB20000I  The FORCE APPLICATION command completed successfully.
DB21024I  This command is asynchronous and may not be effective immediately.

After all applications are disconnected I could run the backup.

 C:\Windows\system32>db2 backup database stsc

Backup successful. The timestamp for this backup image is : 20141125154621

C:\Windows\system32>db2 connect to stsc

   Database Connection Information

 Database server        = DB2/NT64 10.1.0
 SQL authorization ID   = DB2ADMIN
 Local database alias   = STSC

At this point I am going to run the UPDATE command using the .sql file I created.

C:\Windows\system32>db2 -vf C:\DB2\ssc.sql

DB20000I  The SQL command completed successfully.

Normally I would run db2 -tvf but that didn’t work, I think because I didn’t use semicolons for delimiters in the .sql file. Anyway, it worked.

I started the deployment manager, node agent and STConsoleServer and I could now edit the Media Manager policies.

Many thanks to Imran and Ankit at IBM for helping me through this frustrating but interesting problem.

I am installing Sametime 9 for a customer but had a prickly moment after installing the VMGR on RHEL 6.5.

After installing I couldn’t access the VMGR from the SSC, it was registered, I couldn’t get access to the SIP peer and other details. Looking in the VMGR SystemOut.log I saw the following:

[10/13/14 12:24:02:709 BST] 000000a0 APIAuthorizat I com.polycom.proximo.api.support.servlet.APIAuthorizationFilter passLicensingTest API Licensing: rejecting request; API is not licensed and not a peer request.
[10/13/14 12:24:02:733 BST] 000000a0 APIAuthorizat I com.polycom.proximo.api.support.servlet.APIAuthorizationFilter doFilter API Licensing: rejected request from address [x.x.x.x].
[10/13/14 12:24:02:742 BST] 0000009c DMANodeImpl   E   Error Fetching Active Conferences
[10/13/14 12:24:02:746 BST] 0000009c DMANodeImpl   E DMANone Impl updateConferenceList() Failed to get conference-list
com.ibm.sametime.vmgrloadbalancer.exception.DMAUnavailableException: Failed to get conference-list
at com.ibm.sametime.vmgrloadbalancer.core.dma.DMANodeImpl.updateConferenceList(DMANodeImpl.java:402)
at com.ibm.sametime.vmgrloadbalancer.core.dma.DMANodeImpl.poll(DMANodeImpl.java:274)
at com.ibm.sametime.vmgrloadbalancer.core.dma.DMANodeMonitor.run(DMANodeMonitor.java:28)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:450)

[10/13/14 13:03:55:759 BST] 00000041 DmaStartupSer E com.polycom.proximo.startup.DmaStartupServlet init Startup Serlvet experienced Problems: java.lang.RuntimeException: System version is null
java.lang.RuntimeException: System version is null
at com.polycom.proximo.service.core.CoreUtil.getSystemVersion(CoreUtil.java:90)
at com.polycom.proximo.core.mbean.CoreService.getSystemVersion(CoreService.java:415)
at com.polycom.proximo.core.cfs.CFS.resolveFeatures(CFS.java:152)
at com.polycom.proximo.core.cfs.CFS.start(CFS.java:50)
at com.polycom.proximo.core.mbean.CFSService.startService(CFSService.java:61)
at com.polycom.proximo.core.mbean.CFSServiceRuntimeExt.initialize(CFSServiceRuntimeExt.java:53)
at com.polycom.proximo.startup.DmaStartupServlet.init(DmaStartupServlet.java:138)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:338)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.init(ServletWrapperImpl.java:168)

Having access to the Lotus Software Knowledge Base via a Notes client allowed me to find Technote 1682860 “VMGR dma fails to start resulting in licensing and rejecting connections for conferences” which is at a status of “draft information.”

I raised a PMR and quickly I got a response with a hotfix RVVV-9L2CFZ.

Performing the steps to apply it worked a treat.

VMGR dma fails to start resulting in licensing and rejecting connections for conferences
Product:
IBM Sametime  >  Media Manager  >  Versions 9.0.0.1, 9.0
Platform(s):
Linux
Edition(s):
Complete
Doc Number:
1682860

Draft Information – Subject to change.  Updated   27/08/2014
Technote

Problem

VMGR loads but with Licensing errors, and rejects all connections
System.out shows this DMAStartup error
[8/27/14 8:55:30:210 EDT] 00000043 DmaStartupSer E com.polycom.proximo.startup.DmaStartupServlet init Startup Serlvet experienced Problems: java.lang.RuntimeException: System version is null
java.lang.RuntimeException: System version is null
at com.polycom.proximo.service.core.CoreUtil.getSystemVersion(CoreUtil.java:90)
at com.polycom.proximo.core.mbean.CoreService.getSystemVersion(CoreService.java:415)
at com.polycom.proximo.core.cfs.CFS.resolveFeatures(CFS.java:152)
at com.polycom.proximo.core.cfs.CFS.start(CFS.java:50)
at com.polycom.proximo.core.mbean.CFSService.startService(CFSService.java:61)
at com.polycom.proximo.core.mbean.CFSServiceRuntimeExt.initialize(CFSServiceRuntimeExt.java:53)
at com.polycom.proximo.startup.DmaStartupServlet.init(DmaStartupServlet.java:138)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:338)

ADDITIONAL ERROR THAT ARE A RESULT OF THE DMA FAILING (VMGR system.out)
[8/27/14 8:55:33:411 EDT] 00000043 webapp        E com.ibm.ws.webcontainer.webapp.WebApp commonInitializationFinally SRVE0266E: Error occured while initializing servlets: {0}
javax.servlet.ServletException: Resource class com.polycom.proximo.api.conference.PlcmConferenceResourceImpl can not be instantiated due to InvocationTargetException
at org.apache.cxf.jaxrs.servlet.CXFNonSpringJaxrsServlet.createSingletonInstance(CXFNonSpringJaxrsServlet.java:330)
at org.apache.cxf.jaxrs.servlet.CXFNonSpringJaxrsServlet.getResourceProviders(CXFNonSpringJaxrsServlet.java:291)
at org.apache.cxf.jaxrs.servlet.CXFNonSpringJaxrsServlet.init(CXFNonSpringJaxrsServlet.java:107)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:338)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.init(ServletWrapperImpl.java:168)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.loadOnStartupCheck(ServletWrapper.java:1363)
at com.ibm.ws.webcontainer.webapp.WebApp.doLoadOnStartupActions(WebApp.java:606)
at com.ibm.ws.webcontainer.webapp.WebApp.commonInitializationFinally(WebApp.java:576)
at com.ibm.ws.webcontainer.webapp.WebAppImpl.initialize(WebAppImpl.java:425)
at com.ibm.ws.webcontainer.webapp.WebGroupImpl.addWebApplication(WebGroupImpl.java:88)
at com.ibm.ws.webcontainer.VirtualHostImpl.addWebApplication(VirtualHostImpl.java:169)
at com.ibm.ws.webcontainer.WSWebContainer.addWebApp(WSWebContainer.java:749)
at com.ibm.ws.webcontainer.WSWebContainer.addWebApplication(WSWebContainer.java:634)
at com.ibm.ws.webcontainer.component.WebContainerImpl.install(WebContainerImpl.java:426)
at com.ibm.ws.webcontainer.component.WebContainerImpl.start(WebContainerImpl.java:718)
at com.ibm.ws.runtime.component.ApplicationMgrImpl.start(ApplicationMgrImpl.java:1175)
at com.ibm.ws.runtime.component.DeployedApplicationImpl.fireDeployedObjectStart(DeployedApplicationImpl.java:1370)
at com.ibm.ws.runtime.component.DeployedModuleImpl.start(DeployedModuleImpl.java:639)
at com.ibm.ws.runtime.component.DeployedApplicationImpl.start(DeployedApplicationImpl.java:968)
at com.ibm.ws.runtime.component.ApplicationMgrImpl.startApplication(ApplicationMgrImpl.java:774)
at com.ibm.ws.runtime.component.ApplicationMgrImpl.start(ApplicationMgrImpl.java:2182)
at com.ibm.ws.runtime.component.CompositionUnitMgrImpl.start(CompositionUnitMgrImpl.java:445)
at com.ibm.ws.runtime.component.CompositionUnitImpl.start(CompositionUnitImpl.java:123)
at com.ibm.ws.runtime.component.CompositionUnitMgrImpl.start(CompositionUnitMgrImpl.java:388)
at com.ibm.ws.runtime.component.CompositionUnitMgrImpl.access$500(CompositionUnitMgrImpl.java:116)
at com.ibm.ws.runtime.component.CompositionUnitMgrImpl$CUInitializer.run(CompositionUnitMgrImpl.java:994)
at com.ibm.wsspi.runtime.component.WsComponentImpl$_AsynchInitializer.run(WsComponentImpl.java:502)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1862)

As a result you may see rejecting errors on Media Components
[8/15/14 8:47:38:260 EDT] 000000a1 APIAuthorizat I com.polycom.proximo.
api.support.servlet.APIAuthorizationFilter passLicensingTest API
Licensing: rejecting request; API is not licensed and not a peer
request.
[8/15/14 8:47:38:260 EDT] 000000a1 APIAuthorizat I com.polycom.proximo.
api.support.servlet.APIAuthorizationFilter doFilter API Licensing:
rejected request from address [n.n.n.n].

Conference Focus Manager
[8/15/14 8:41:52:808 EDT] 00000109 DMARestClient I   HTTPException response code : 403
[8/15/14 8:41:52:808 EDT] 00000109 TemplateCache E   Failed to fetch template list
com.ibm.vmgrconnector.exception.
InternalServerException: org.apache.cxf.transport.http.HTTPException:
HTTP response ‘403: Forbidden’ when communicating with https://YourVMGRHost:8443/api/rest/conference-templates
at com.ibm.vmgrconnector.core.DMAClient.getConferenceTemplateList(DMAClient.java:154)
at com.ibm.vmgrconnector.core.TemplateCache$TemplateMonitor.fetchTemplateList(TemplateCache.java:48)
at com.ibm.vmgrconnector.core.TemplateCache$TemplateMonitor.run(TemplateCache.java:41)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java: 450)
at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:328)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:161)
at java.util.concurrent.
ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:109)
at java.util.concurrent.
ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodic(ScheduledThreadPoolExecutor.java:191)
at java.util.concurrent.
ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:215)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:908)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:931)
at java.lang.Thread.run(Thread.java:773)
Caused by: org.apache.cxf.transport.http.HTTPException: HTTP response ‘403: Forbidden’ when communicating with https://YourVMGRHost:8443/api/rest/conference-templates
at com.ibm.vmgrconnector.util.HttpUtil.checkForErrors(HttpUtil.java: 177)
at com.ibm.vmgrconnector.web.DMARestClient$1.handleResponse(DMARestClient.java:318)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:735)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:717)
at com.ibm.vmgrconnector.web.DMARestClient.sendHttpRequest(DMARestClient.java:328)
at com.ibm.vmgrconnector.web.DMARestClient.get(DMARestClient.java:211)
at com.ibm.vmgrconnector.core.DMAClient.getConferenceTemplateList
(DMAClient.java:148)
… 11 more

Diagnosing the problem
System.out shows this DMAStartup error which is the core issue.

[8/27/14 8:55:30:210 EDT] 00000043 DmaStartupSer E com.polycom.proximo.startup.DmaStartupServlet init Startup Serlvet experienced Problems: java.lang.RuntimeException: System version is null
java.lang.RuntimeException: System version is null
at com.polycom.proximo.service.core.CoreUtil.getSystemVersion(CoreUtil.java:90)
at com.polycom.proximo.core.mbean.CoreService.getSystemVersion(CoreService.java:415)
at com.polycom.proximo.core.cfs.CFS.resolveFeatures(CFS.java:152)
at com.polycom.proximo.core.cfs.CFS.start(CFS.java:50)
at com.polycom.proximo.core.mbean.CFSService.startService(CFSService.java:61)
at com.polycom.proximo.core.mbean.CFSServiceRuntimeExt.initialize(CFSServiceRuntimeExt.java:53)
at com.polycom.proximo.startup.DmaStartupServlet.init(DmaStartupServlet.java:138)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:338)

Resolving the problem
Contact IBM support and request a hotfix RVVV-9L2CFZ to resolve VMGR startup issues.

The customer told me that his search index never completed correctly when Connections was initially deployed and now users are complaining that search results do not contain CCM documents.

The customer had tried recreating the index but to no avail and called me to take a look.

I first enabled trace on one of the infrastructure nodes (*=info: com.ibm.connections.search.index.indexing.*=all: com.ibm.connections.search.seedlist.*=all: com.ibm.connections.httpClient.*=all: com.ibm.connections.search.index.indexing.EcmFilesIndexer=all) as detailed in http://www-01.ibm.com/support/docview.wss?uid=swg21636559

I then created a back ground index as detailed in, Creating a back ground index and tailed the trace.log and SystemOut.log. To create the background index I ran the following commands on the Windows server.

cd c:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin

wsadmin.bat -lang jython -username wasadmin -password ********

execfile(“searchAdmin.py”)

SearchService.startBackgroundIndex(“c:/IBM/Connections/background/crawl”, “c:/IBM/Connections/background/extracted”, “c:/IBM/Connections/background/index”, “ecm_files”)

I found that the indexing process finished abruptly about 3500 documents in (with another 6500 odd remaining).

[10/09/14 09:15:59:293 BST] 0000007a SeedlistPagin < com.ibm.connections.search.seedlist.parser.impl.SeedlistPaginationHandler resolve RETURN https://connections.acme.com/dm/atom/library/8DB6D184-AAF5-41F3-A28D-D1B7BEF17967%3BC11D230C-66A5-4CEB-8906-EAB19DFE0B8D/document/%7B5DEBC165-CDF6-4672-8300-A3345507867F%7D/media/%33%35%20%28%32%30%31%34%29%20%34%33%2d%38%35%20%54%68%65%20%53%79%73%74%65%6d%73%20%54%61%6e%74%6164%66?follow=true
[10/09/14 09:15:59:293 BST] 0000007a SystemErr     R   [Fatal Error] :23466:346: An invalid XML character (Unicode: 0x2) was found in the element content of the document.
[10/09/14 09:15:59:293 BST] 0000007a SeedlistEntry 2 com.ibm.connections.search.seedlist.crawler.impl.SeedlistEntryIterator hasNext CLFRW0063E: SAX parser error.
org.xml.sax.SAXParseException: An invalid XML character (Unicode: 0x2) was found in the element content of the document.
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
at com.ibm.connections.search.seedlist.crawler.impl.SeedlistPage.parse(SeedlistPage.java:86)
at com.ibm.connections.search.seedlist.crawler.impl.SeedlistEntryIterator.hasNext(SeedlistEntryIterator.java:102)
at com.ibm.connections.search.index.process.work.IndexingWork.run(IndexingWork.java:205)
at com.ibm.connections.search.index.process.initial.InitialProcess.index(InitialProcess.java:493)
at com.ibm.connections.search.index.process.initial.InitialProcess.index(InitialProcess.java:444)
at com.ibm.connections.search.index.process.initial.InitialProcess.run(InitialProcess.java:332)
at com.ibm.ws.asynchbeans.J2EEContext$RunProxy.run(J2EEContext.java:265)
at java.security.AccessController.doPrivileged(AccessController.java:229)
at com.ibm.ws.asynchbeans.J2EEContext.run(J2EEContext.java:1165)
at com.ibm.ws.asynchbeans.WorkWithExecutionContextImpl.go(WorkWithExecutionContextImpl.java:199)
at com.ibm.ws.asynchbeans.CJWorkItemImpl.run(CJWorkItemImpl.java:236)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1690)

I took the URL (which has been edited) and logged in using an administrative account and was provided with a pdf. I initially believed that it must have been the contents of the document that caused the problem so I uploaded the same document to a 4.5 CR4 server I run in the lab and couldn’t reproduce the problem.

I raised a PMR and they came back and said that problem is likely to be due a special character in the description and not in the document itself.

I looked at the trace.log and found reference to the seedlist xml that was being processed at the time.

[10/09/14 09:52:26:121 BST] 0000007a SeedlistPersi > com.ibm.connections.search.seedlist.crawler.impl.SeedlistPersistenceManager getSeedlistDirs ENTRY ecm_files
[10/09/14 09:52:26:121 BST] 0000007a SeedlistPersi < com.ibm.connections.search.seedlist.crawler.impl.SeedlistPersistenceManager getSeedlistDirs RETURN ecm_files, [c:\IBM\Connections\background\crawl\seedlists-ecm_files-initial-1410267828454]
[10/09/14 09:52:26:121 BST] 0000007a SeedlistPersi < com.ibm.connections.search.seedlist.crawler.impl.SeedlistPersistenceManager getSeedlistDir RETURN c:\IBM\Connections\background\crawl\seedlists-ecm_files-initial-1410267828454
[10/09/14 09:52:26:121 BST] 0000007a SeedlistFetch 3   seedlistFile = [c:\IBM\Connections\background\crawl\seedlists-ecm_files-initial-1410267828454\1410267828454-00007.xml]
[10/09/14 09:52:26:121 BST] 0000007a SeedlistFetch 2   Retrieving seedlist content: https://connections.acme.com/dm/atom/seedlist/myserver?useLocalFS=true&Start=3500&Action=GetDocuments&Format=xml&Range=500
[10/09/14 09:52:26:121 BST] 0000007a SeedlistFetch 3   Retrieving seedlist from file: 1410267828454-00007.xml

I opened the xml in Notepad++ and searched for the document name which I obtained from the URL previously and found a match. In one of the fields I see the following.

1

I provided the community and library that the document resided in and the customer couldn’t view the description data in the web browser. The customer made some changes to the field via the FileNet interface and once the special character was removed the data showed in the web browser.

To check whether the index is created correctly after this change I ran the background index again but wrote the files to a new location. If you run the command again to the same location as the initial background index then it will fail  because the seedlist will not have been recreated and the original special character is retained.

To speed things up, copy the extracted files from the previ0us location to the new extracted files. This customer had over ten thousand CCM documents so extracting them all again was time consuming.

I had to iterate this process four times until all the special characters were removed. Once you have an INDEX.READY file then I repeated the process for all the applications by copying over the extracted files and using SearchService.startBackgroundIndex(“c:/IBM/Connections/background/crawl”, “c:/IBM/Connections/background/extracted”, “c:/IBM/Connections/background/index”, “all_configured”) which built an index successfully.

I then used the steps in the IBM wiki to replace the current with the new index.

It turns out that the customer used a scripted import facility to import all the documents into CCM and this process introduced these characters.

Over the years I have always struggled to get to grips with business cards and particularly photos mainly because I do it for a customer, forget about it and then have to do it again six months later. I have a Sametime 9 build coming up and I wanted to revisit business cards and for once write a conclusive guide which I have decided to share in case it helps anyone else out there.

Note – I have not looked at (yet) the mobile applications and how business cards and photos are obtained from them. I believe that the mobile application needs to have a direct connection to the photo i.e. it needs to be resolvable from the internet, outside your fire wall. There may be a way around this buy using the STProxy setting “The URL where stproxy downloads users’ photos.” This writes to stproxyconfig.xml and instructs STProxy where to obtain photos from so only STProxy needs access to the photos and not the mobile clients in the internet.

I am running the following:

  • IBM Sametime 9 HF1 with latest patch.
  • IBM Domino 9x LDAP.
  • All servers sit on CentOS 6.4.

Where to store your photos?

You have three options although there is only really two:

  1. In your LDAP which is the Domino directory in my case.
  2. Web server.
  3. Domino database.

Option 1 is really a no go. Increasing the size of names.nsf is a no no and can lead to administration problems going forward especially if you have a large user base. So the remaining options are discussed as follows.

Web server

Pretty simple really. Remember though that you cannot force authentication to the web server so anyone can access it but it can be behind a firewall (see notes above). For ease I put my photos on the Community server in /opt/ibm/dominodata/domino/html/sametime/photos/

Domino database

I like this approach for the following reasons:

  • You can build in checks for file size, name and case when attaching an image.
  • You can control the ACL.
  • You could offer a means of bulk uploading files.
  • Replicate the database to a server that is accessible to users.
  • Stop abuse by only allowing users to edit their own photo.
  • Allow a URL template to be followed so all photos are obtainable from a URL such as http://abc.collaborationben.com/bcard.nsf/Ben.Williams@collaborationben.com.jpg. Changing the email address for each user.

I have been using a basic database provided by IBM for my testing purposes so all the good stuff above has been verified by a developer as doable.

Things to remember

  • The case of the photo must be as follows, Ben.Williams@collaborationben.com. Mindful of the capital “B” and “W.”
  • The size of the file should be small, ideally under 10kb though some Technotes say under 64kb. Smaller is better in this case.
  • If you need to clear the cache then delete the following directories (taken from a standalone Connect client on Windows 7).
    • C:\Users\ben williams\AppData\Roaming\IBM\Sametime\.metadata\.plugins\com.ibm.collaboration.realtime.people.impl\PersonCache
    • C:\Users\ben williams\AppData\Roaming\IBM\Sametime\.metadata\.plugins\com.ibm.rcp.bizcard\Cache
  • I do not have a database available which does what I want i.e. provide a URL template so I have to fudge it in my steps but you should get the idea.
    • The URL template is really only required for meetings BUT it makes sense to keep all the values the same.

Photos using a database

Notes client

Create a form in bcard.nsf attaching the image and adding your email address. The email address is used to look up your image.

form

Update your person document with the URL to your photo. Ideally this will use a URL template but for my purposes I have used the fixed URL

persondoc1

Stop your Community server and locate UserInfoConfig.xml. Make a back up of the file and then edit it.

Add your bind username and password whihc will be removed and encrypted automatically later. Importantly add the text in bold.

<?xml version =”1.0″ encoding=”UTF-8″ ?>
<!– ***************************************************************** –>
<!–                                                                   –>
<!– IBM Confidential                                                  –>
<!–                                                                   –>
<!– OCO Source Materials                                              –>
<!–                                                                   –>
<!– (C) Copyright IBM Corp. 2006                                      –>
<!–                                                                   –>
<!– The source code for this program is not published or otherwise    –>
<!– divested of its trade secrets, irrespective of what has been      –>
<!– deposited with the U.S. Copyright Office.                         –>
<!–                                                                   –>
<!– ***************************************************************** –>

<UserInformation>
<Resources>
<Storage type=”LDAP”>
<StorageDetails  HostName=”****.collaborationben.com” Port=”389″  UserName=”” Password=”” UserEncodedAuth=”*****************************” SslEnabled=”false”  SslPort=”636″ BaseDN=””  Scope=”2″ SearchFilter=”(&(objectclass=organizationalPerson)(|(cn=%s)(givenname=%s)(sn=%s)(mail=%s)))”/>
<!– Add another StorageDetails tag to support another ldap server. The listing order implies the searching order –>

<!– Scope: 0=OBJECT_SCOPE 1=ONELEVEL_SCOPE 2=SUBTREE_SCOPE–>
<SslProperties KeyStorePath=””  KeyStorePassword=””/>
<Details>
<Detail Id=”MailAddress” FieldName=”mail” Type=”text/plain”/>
<Detail Id=”Name”  FieldName=”cn” Type=”text/plain”/>
<Detail Id=”Title”  FieldName=”title” Type=”text/plain”/>
<Detail Id=”Location”  FieldName=”postalAddress” Type=”text/plain”/>
<Detail Id=”Telephone”  FieldName=”mobile,telephoneNumber” Type=”text/plain”/>
<Detail Id=”Company” FieldName=”ou” Type=”text/plain”  />
jpeg”  />
</Details>
</Storage>

<Storage type=”NOTES_CUSTOM_DB”>
<StorageDetails DbName=”bcard.nsf” View=”viewPerson”/>
<Details>
jpeg”/>
</Details>
</Storage>

</Resources>

<ParamsSets>
<Set SetId=”0″ params=”MailAddress,Name,Title,Location,Telephone,Photo,Company”/>
<Set SetId=”1″ params=”MailAddress,Name,Title,Location,Telephone,Photo,Company”/>
</ParamsSets>
<BlackBoxConfiguration>
<BlackBox  type=”LDAP” name=”com.ibm.sametime.userinfo.userinfobb.UserInfoLdapBB”  MaxInstances=”5″ />
<BlackBox type=”NOTES_CUSTOM_DB” name=”com.ibm.sametime.userinfo.userinfobb.UserInfoNotesCustomBB” MaxInstances=”4″/>

</BlackBoxConfiguration>

</UserInformation>

Save and close and in the SSC (Sametime System Console – Sametime Servers – Sametime Community Servers – Deployment Identifier – Business Card) configure the following in line with the image.

ssc1

Note: The photo value is “user defined” and blank to ensure it is retrieved from the secondary repository (the Notes application) and not from the primary repository, which is the LDAP directory.

mobile,telephoneNumber

I added two values here so that both my office and mobile numbers appear on the same line in the business card. You can read more here.

At this point I hit a snag and a photo wasn’t appearing in my client. I added the following to the sametime.ini.

[Debug]
USERINFO_DEBUG_LEVEL=5

After restarting the Community server I got the following in STUserInfoSA*.txt in the Trace directory.

[ 11:23:27.664 | 19.08.2014 | INFO | 22 ] : ImageExtractor : extractImage : export field to XML is now completed.
[ 11:23:27.678 | 19.08.2014 | SEVERE | 22 ] : ImageExtractor : extractImage : extractImage Exception:
com.ibm.sametime.userinfo.userinfobb.ImageExtractor$ImageNotFoundException: Image file type not supported: williams@collaborationben.com.jpg
at com.ibm.sametime.userinfo.userinfobb.ImageExtractor$ImageParsingHandler.handleFileDataTag(ImageExtractor.java:240)
at com.ibm.sametime.userinfo.userinfobb.ImageExtractor$ImageParsingHandler.startElement(ImageExtractor.java:188)

I changed the file name and attached it to my form in bcard.nsf again and the photo appeared.

A good test at this point is to call the UserInfoServlet from a web browser. The URL will be something like http://communityserver.collaborationben.com/servlet/UserInfoServlet?operation=3&userId=CN=ben%20williams,O=Collaborationben&setid=1

You should see the xml data that makes up the business card. Most importantly you want to see the binary data where the photo should be.

servlet

If you see “UNAVAILABLE” or similar then enable trace.

You should see.

client_bizcard

Sametime Proxy

Open UserInfoConfig.xml and add the values in bold.

<Detail Id=”Location”  FieldName=”postalAddress” Type=”text/plain”/>
telephoneNumber” Type=”text/plain”/>
<Detail Id=”Company” FieldName=”ou” Type=”text/plain”  />
jpeg”  />
PhotoURL” FieldName=”PhotoURL” Type=”text/plain”/>
</Details>
</Storage>

<Storage type=”NOTES_CUSTOM_DB”>
<StorageDetails DbName=”bcard.nsf” View=”viewPerson”/>
<Details>
jpeg”/>
</Details>
</Storage>

</Resources>

<ParamsSets>
<Set SetId=”0″ params=”MailAddress,Name,Title,Location,Telephone,Photo,PhotoURL,Company”/>
<Set SetId=”1″ params=”MailAddress,Name,Title,Location,Telephone,Photo,PhotoURL,Company”/>
</ParamsSets>

Restart the Community server and Sametime Proxy.

What is odd is why the address doesn’t appear in the STProxy web client but it does in the thick client. Hmm..

stproxy2

Photos in meetings using web server

The meeting server uses a different approach and does not use the PhotoURL value in you person document. I guess this is because they do not want VMM from having to lookup to LDAP and then follow the URL to another source. So, with this in mind it uses a URL template which I mentioned previously.

Since my database doesn’t allow for anything fancy I have had to cheat and copy the image that is attached to my form in bcard.nsf to /opt/ibm/dominodata/domino/html/sametime/photos/ and save it Ben.Williams@collaborationben.com.jpg. The case matters. It may matter because I am using Linux or it could be because Java cares too.

In the SSC go to (Sametime System Console – Sametime Servers – Sametime Meeting Servers – Deployment Identifier) and change the values as follows:

userInfoImageAttr – You can enter anything here, it doesn’t matter.
userInfoRedirect – true
userInfoUrlTemplate – http://communityserver.collaborationben.com/sametime/photos/{0}.jpg

Explanation:

userInfoImageAttr – this will use an LDAP attribute and is ignored if userInfoRedirect is set to true. This is used when you have uploaded your image to LDAP.
userInfoRedirect – set to true so that the userInfoUrlTemplate is used. Set to false and userInfoImageAttr is used.
userInfoUrlTemplate – This is a URL template where you will store your images.

meetingserver_ssc

Apply and OK the changes and restart the meeting server.

On joining your meeting room you will see the following written to the SystemOut.log.

[8/19/14 15:31:27:797 BST] 0000010b ServletWrappe I com.ibm.ws.webcontainer.servlet.ServletWrapper init SRVE0242I: [Sametime Meeting Server] [/userinfo] [ImageServlet]: Initialization successful.
[8/19/14 15:31:27:802 BST] 0000010b ImageServlet  I   UserInfo template URL changed from[] to[http://communityserver.collaborationben.com/sametime/photos/{0}.jpg], flushing cache

You will see an image but if you initiate the business card that will use STProxy.

meetingserver_browser

In the client the image will be taken from client via UserInfoServlet and the normal client based business card.

meetingserver_client

Finally, if you do not want to use a Domino database and put all your images on a web server then take a look at what follows.

Web server

Edit UserInfoConfig.xml as follows. Take notice of the bold test.

<?xml version =”1.0″ encoding=”UTF-8″ ?>
<!– ***************************************************************** –>
<!–                                                                   –>
<!– IBM Confidential                                                  –>
<!–                                                                   –>
<!– OCO Source Materials                                              –>
<!–                                                                   –>
<!– (C) Copyright IBM Corp. 2006                                      –>
<!–                                                                   –>
<!– The source code for this program is not published or otherwise    –>
<!– divested of its trade secrets, irrespective of what has been      –>
<!– deposited with the U.S. Copyright Office.                         –>
<!–                                                                   –>
<!– ***************************************************************** –>

<UserInformation>
<ReadStConfigUpdates value=”false”/>
<Resources>
<Storage type=”LDAP”>
<StorageDetails  HostName=”ldap.collaborationben.com” Port=”389″  UserName=”” Password=”” UserEncodedAuth=”Y249c3Q5LWJpbmQsbz1jb2xsYWJvcmF0aW9uYmVuOnBhc3N3MHJk” SslEnabled=”false”  SslPort=”636″ BaseDN=””  Scope=”2″ SearchFilter=”(&(objectclass=organizationalPerson)(|(cn=%s)(givenname=%s)(sn=%s)(mail=%s)))”/>
<!– Add another StorageDetails tag to support another ldap server. The listing order implies the searching order –>

<!– Scope: 0=OBJECT_SCOPE 1=ONELEVEL_SCOPE 2=SUBTREE_SCOPE–>
<SslProperties KeyStorePath=””  KeyStorePassword=””/>
<Details>
<Detail Id=”MailAddress” FieldName=”mail” Type=”text/plain”/>
<Detail Id=”Name”  FieldName=”cn” Type=”text/plain”/>
<Detail Id=”Title”  FieldName=”title” Type=”text/plain”/>
<Detail Id=”Location”  FieldName=”postalAddress” Type=”text/plain”/>
telephoneNumber” Type=”text/plain”/>
<Detail Id=”Company” FieldName=”companyname” Type=”text/plain”  />
PhotoURL” FieldName=”PhotoURL” Type=”text/plain”/>
ImagePath” FieldName=”PhotoURL” Type=”text/plain”/>
</Details>
</Storage>

</Resources>

<ParamsSets>
<Set SetId=”0″ params=”MailAddress,Name,Title,Location,Telephone,PhotoURL,ImagePath,Company”/>
<Set SetId=”1″ params=”MailAddress,Name,Title,Location,Telephone,PhotoURL,ImagePath,Company”/>
</ParamsSets>
<BlackBoxConfiguration>
<BlackBox  type=”LDAP” name=”com.ibm.sametime.userinfo.userinfobb.UserInfoLdapBB”  MaxInstances=”5″ />

</BlackBoxConfiguration>

</UserInformation>

You’ll notice that the custom database (bcard.nsf) has been removed. There’s no need for it now we are using a web server to host the images.

<ReadStConfigUpdates value=”false”/>
This setting, when set to false, will force the STUserInfo SA to use the configuration information stored in UserInfoConfig.xml rather than the settings in the SSC (Sametime System Console – Sametime Servers – Sametime Community Servers – Deployment Identifier – Business Card). Without setting this value as false you would not be able to add ImagePath which is what the Notes client needs to display the URL based jpg.

PhotoURL
This value will be used by STProxy and is linked in the UserInfoConfig.xml to PhotoURL on the user’s person document.

ImagePath
This is used by the Notes client to find the image from the web server.

Make the changes and restart the Community server and probably STProxy and meetings for good measure. Remember you have already set the URL template for meetings.

The results are the same as in my previous screen shots.

The web server approach can be used for populating images from Connections and there are a number of good Technotes and blogs from others as to what URL template to use. You can even configure STProxy to use the Connections business card which provide Profiles, Blogs and more data in the business card. I haven’t yet populated it with my Connections 5 business card but will get around to it soon.

UPDATE

Cormac O’Leary (Team Lead of Sametime PMR team in Dublin) pinged me an email and suggested that I add the DisplaySeparator detailed here. The documentation says to use…

FieldName=”telephoneNumber,mobile” Type=”text/plain” DisplaySeparator=”/”/>

This didn’t work for me but Cormac’s example had additional spaces which are not documented in the Knowledge Center.

I updated my UserInfoConfig.xml and changed my person document so you don’t know my mobile and home address as follows.

<?xml version =”1.0″ encoding=”UTF-8″ ?>
<!– ***************************************************************** –>
<!–                                                                   –>
<!– IBM Confidential                                                  –>
<!–                                                                   –>
<!– OCO Source Materials                                              –>
<!–                                                                   –>
<!– (C) Copyright IBM Corp. 2006                                      –>
<!–                                                                   –>
<!– The source code for this program is not published or otherwise    –>
<!– divested of its trade secrets, irrespective of what has been      –>
<!– deposited with the U.S. Copyright Office.                         –>
<!–                                                                   –>
<!– ***************************************************************** –>

<UserInformation>
<ReadStConfigUpdates value=”false”/>
<Resources>
<Storage type=”LDAP”>
<StorageDetails  HostName=”ldap.collaborationben.com” Port=”389″  UserName=”” Password=”” UserEncodedAuth=”Y249c3Q5LWJpbmQsbz1jb2xsYWJvcmF0aW9uYmVuOnBhc3N3MHJk” SslEnabled=”false”  SslPort=”636″ BaseDN=””  Scope=”2″ SearchFilter=”(&amp;(objectclass=organizationalPerson)(|(cn=%s)(givenname=%s)(sn=%s)(mail=%s)))”/>
<!– Add another StorageDetails tag to support another ldap server. The listing order implies the searching order –>

<!– Scope: 0=OBJECT_SCOPE 1=ONELEVEL_SCOPE 2=SUBTREE_SCOPE–>
<SslProperties KeyStorePath=””  KeyStorePassword=””/>
<Details>
<Detail Id=”MailAddress” FieldName=”mail” Type=”text/plain”/>
<Detail Id=”Name”  FieldName=”cn” Type=”text/plain”/>
<Detail Id=”Title”  FieldName=”title” Type=”text/plain”/>
<Detail Id=”Location”  FieldName=”officestreetaddress,l,st,postalcode,c” DisplaySeparator=” / ” Type=”text/plain”/>
<Detail Id=”Telephone”  FieldName=”mobile,telephoneNumber” DisplaySeparator=” / ” Type=”text/plain”/>
<Detail Id=”Company” FieldName=”companyname,department” DisplaySeparator=” / ” Type=”text/plain”/>
<Detail Id=”PhotoURL” FieldName=”PhotoURL” Type=”text/plain”/>
<Detail Id=”ImagePath” FieldName=”PhotoURL” Type=”text/plain”/>
</Details>
</Storage>

</Resources>

<ParamsSets>
<Set SetId=”0″ params=”MailAddress,Name,Title,Location,Telephone,PhotoURL,ImagePath,Company”/>
<Set SetId=”1″ params=”MailAddress,Name,Title,Location,Telephone,PhotoURL,ImagePath,Company”/>
</ParamsSets>
<BlackBoxConfiguration>
<BlackBox  type=”LDAP” name=”com.ibm.sametime.userinfo.userinfobb.UserInfoLdapBB”  MaxInstances=”5″ />

</BlackBoxConfiguration>

</UserInformation>

I opted for a forward slash to use as the display separator, you could use pipes or whatever, see what works.

The results are as follows and they look better.

client_bizcard2

stproxy3

One thing you might want to consider is if you are using a telephony solution like SUT which relies on telephone numbers in the business cards for click to call. Having various numbers on the same Detail Id may cause problems but it’s something to test.

I have seen this problem a couple of years ago but didn’t follow it up with IBM through a PMR. For another customer I found the following happened after I applied the latest Sametime Proxy 8.5.2.1 (STProxy) patch available on Fix Central.

After applying the update the stproxyconfig.xml was changed and the bespoke values that were previously there removed. This was odd in itself but after applying the values again through the SSC the values sticked.

The values that were removed are as follows.

Before update:

<appleNotificationHostName>gateway.push.apple.com</appleNotificationHostName>
<appleNotificationPort>2195</appleNotificationPort>
<appleFeedbackHostName>feedback.push.apple.com</appleFeedbackHostName>
<appleFeedbackPort>2196</appleFeedbackPort>

<meeting>
<host>stmeeting.collaborationben.com</host>
<port>80</port>
<type>2</type>
<isSecure>true</isSecure>
</meeting>

After update:

<appleNotificationHostName>gateway.push.apple.com</appleNotificationHostName>
       <appleNotificationPort>2196</appleNotificationPort>
<appleFeedbackHostName>feedback.push.apple.com</appleFeedbackHostName>
<appleFeedbackPort>2196</appleFeedbackPort>

<meeting>
        <host/>
        <port/>
        <type>0</type>
<isSecure>true</isSecure>
</meeting>

After I corrected the Meeting server URL and the appleNotificationPort I synced the node and restarted STProxy.

It wasn’t until making a change to the userTimeout value and applying the change in the SSC I noticed that the value for appleNotificationPort was changed (again) from 2195 to the incorrect value of 2196.

I logged a PMR and was told that the problem with saving the STProxy configuration in the SSC and it changing the appleNotificationPort value was reported in SPR #DMWR8UCR58 and APAR  LO69429.

I have tested on a Sametime 9 Proxy with the latest patch and cannot reproduce the behaviour.

It’s something to be aware of when updating STProxy and making changes in the SSC.

Yesterday I moved a customers single Sametime 8.0.2 server to a new 8.5.2.1 server. The planning and execution went well apart for pesky iNotes integration with STLinks. The customer isn’t huge so going Sametime 9 with SSC and DB2 really didn’t warrant increased consultancy and support costs and certainly not a Sametime Proxy.

Anyway, the problem I had (which wasn’t happening with 8.0.2) was that in IE awareness wouldn’t appear. The buddy list would load and show users added to local groups and show the public groups but not the public groups content. Firefox and Chrome worked fine.

I enabled the Java console and saw errors when the browser tries to download STLinks from the Community server. The URL the browser was trying to use was prepended with HTTPS but the Community server has not been configured for SSL whilst iNotes has.

I then found the following draft Technote in IBM’s knowledge base which gave me two options, 1) to configure SSL on the Community server or 2) to use STLinks on the iNotes server instead thus meaning that SSL can be used.

I followed the instructions and after restarting HTTP on the two iNotes servers awareness and chat in IE worked.

Problem
sametime connection issue with INotes when SSL is used

Cause
There should be the internet hostname of the sametime server, not the domino name, update the Domino name and restart the inotes server.

Solution
A.  configure SSL on the sametime server

OR

B.  Make the following changes to download all stlinks files from the inotes server, but have the applet continue to contact sametime over http.

On the inotes servers please make the following changes.

1.  In the notes.ini set the following parameter:
iNotes_WA_STLinksCodebase=/sametime/stlinks

2.  Backup the stlinks directory on teh inotes server, replace it with the stlinks directory from the Sametime server

3.  In the hostInfo.js make sure you have the following set:

var HTTP_TUNNELING_PORT=8082;                 ** Note this may also be 80, it depends on the st config, either should be fine, just leave it as it’a already set **
var TUNNELING_ADDRESS=””;

4.  In the stlinks.js
set the following variable to the hostname of the sametime server:
var STHost=”sametime.moi.gov.kw”;

NOTE:  this variable already exists in the file, you simply need to update the value it’s set to.

4.  use the signed stlinks.jar
backup the existing stlinks.jar in lotus/domino/data/domino/html/sametime/stlinks
copy signed/stlinks.jar to the stlinks folder

5.  restart inotes to pick up all the changes
on the client you are testing with delete all temp internet and jvm files (control panel – java) and test inotes again.

During an install of Connections 4.5 I came across a problem when Configuring the IBMConnectionsMetricsAdmin role on Cognos which required me to disable anonymous access in the Cognos Configuration tool (Local Configuration -> Security -> Authentication -> Cognos to set Allow anonymous access? -> False) and save.

On saving I was getting the following error in the client.

2014-03-19_101919

I had previously applied 10.1.1 FP001 and believed something had happened during the upgrade.

Googling came up with some suggestions all around cryptography with How to Regenerate Cryptographic Keys seemingly the best way to try and get this working. The problem was that I couldn’t export a copy of the configuration.

I tried various approaches including configuring cogstartup.xml manually removing the encryption variables so no password was set, nothing worked.

The more I Googled and researched IBM/Cognos forums the more Java was mentioned. After burning the best part of a day I started to look at what version of Java was being used.

I have installed on CentOS (not supported I know) and the version of java is as follows.

[root@cognos ~]# java -version
java version “1.7.0_09-icedtea”
OpenJDK Runtime Environment (rhel-2.3.4.1.el6_3-x86_64)
OpenJDK 64-Bit Server VM (build 23.2-b09, mixed mode)

This is reading it from /usr/bin/java.

I didn’t set JAVA_HOME when installing Connections which installs Cognos so what version of Java is it using? I looked at the WebSphere SystemOut.log for the application server and noted that it is using the IBM JRE (/opt/IBM/WebSphere/AppServer/java).

After setting export JAVA_HOME=/opt/IBM/WebSphere/AppServer/java I could save my settings in the Cognos Configuration client.

Follow

Get every new post delivered to your Inbox.

Join 60 other followers