Following on from Error accessing Sametime SIP Proxy Registrar in SSC I did indeed come across the same problem when building the customer’s production servers. This time I raised a PMR and it seems that it is known about though I only know if it is a possible match for HF#OHAH-9VMHYR. I sent IBM all the instances I had of ProxyRegCommon.jar on the SSC and combined PR & CF and they told me that the one I want to use is the one in bold below and that I should replace all other instances with it.

SSC

# locate ProxyRegCommon.jar

/opt/IBM/WebSphere/AppServer/profiles/STSCDMgrProfile/optionalLibraries/proxy-registrar/ProxyRegCommon.jar
/opt/IBM/WebSphere/AppServer/systemApps/isclite.ear/sipadmin.war/WEB-INF/lib/ProxyRegCommon.jar

# cp /opt/IBM/WebSphere/AppServer/systemApps/isclite.ear/sipadmin.war/WEB-INF/lib/ProxyRegCommon.jar /home/ldap/BenW/ProxyRegCommon.jar_from_sipadmin_war
# cp /opt/IBM/WebSphere/AppServer/profiles/STSCDMgrProfile/optionalLibraries/proxy-registrar/ProxyRegCommon.jar /opt/IBM/WebSphere/AppServer/systemApps/isclite.ear/sipadmin.war/WEB-INF/lib/

On SIP PR & CF

# locate ProxyRegCommon.jar
/opt/IBM/WebSphere/AppServer/lib/ext/ProxyRegCommon.jar

# cp /opt/IBM/WebSphere/AppServer/lib/ext/ProxyRegCommon.jar /home/ldap/BenW/

# scp BenW@ssc_hostname:/opt/IBM/WebSphere/AppServer/profiles/STSCDMgrProfile/optionalLibraries/proxy-registrar/ProxyRegCommon.jar /opt/IBM/WebSphere/AppServer/lib/ext/

Start the deployment manager, node agent and STMediaServer.

The problem is no more.

During a database transfer from Connections 4.5 CR05 (DB2 10.1) to Connections 5.5 (DB2 10.5.0.7) I ran across a number of transfer failures using the tool. After a bit of digging such as looking at db2diag.log and DB2 Technotes I found the problem was that the DB2 transaction logs were being filled. Below are some example errors.

[02/03/16 16:33:26.659 CET] com.ibm.db2.jcc.am.SqlTransactionRollbackException: Error for batch element #1: DB2 SQL Error: SQLCODE=-1476, SQLSTATE=40506, SQLERRMC=-964, DRIVER=3.69.49
[02/03/16 16:33:26.659 CET] com.ibm.db2.jcc.am.SqlException: [jcc][103][10843][3.69.49] Non-recoverable chain-breaking exception occurred during batch processing.  The batch is terminated non-atomically. ERRORCODE=-4225, SQLSTATE=null
[02/03/16 16:33:26.659 CET] error.executing.transfer
err.dbtransfer.exception.labelclass com.ibm.db2.jcc.am.BatchUpdateException: [jcc][t4][102][10040][3.69.49] Batch failure.  The batch was submitted, but at least one exception occurred on an individual member of the batch.
Use getNextException() to retrieve the exceptions for specific batched elements. ERRORCODE=-4229, SQLSTATE=null
com.ibm.db2.jcc.am.BatchUpdateException: [jcc][t4][102][10040][3.69.49] Batch failure.  The batch was submitted, but at least one exception occurred on an individual member of the batch.
Use getNextException() to retrieve the exceptions for specific batched elements. ERRORCODE=-4229, SQLSTATE=null

Db2diag.log

EDUID   : 1580                 EDUNAME: db2agent (METRICS) 0
FUNCTION: DB2 UDB, data protection services, sqlpgResSpace, probe:6666
MESSAGE : ZRC=0x85100009=-2062548983=SQLP_NOSPACE
“Log File has reached its saturation point”
DIA8309C Log file was full.

In http://www-01.ibm.com/support/docview.wss?uid=swg21623212 it suggests increasing the sizes for LogFilSiz, LogPrimary, and LogSecond. On the second attempt changing these settings I found values that worked (for me).

db2 update db cfg for metrics using LOGFILSIZ 10000
db2 update db cfg for metrics using LOGPRIMARY 80
db2 update db cfg for metrics using LOGSECOND 40
db2stop
db2start

I had to increase the default values for Metrics and Profiles as they contain a lot of data.

You may want to reset the values after migration so you do not impact disk space.

During a build in a development environment on RHEL 6.7 for a customer I came across “unable to read data from SIP Proxy, check error logs for more detail.” This was after installing the combined PR & CF and attempting to update the domain name.

2

I found a Technote, Audio and Video is not available in Sametime – Error: “Unable to read data from SIP registrar, check error logs for more details” which was of no use to me.

In the deployment manager  SystemOut.log I saw the following:

[10/29/15 10:07:15:105 GMT] 000001cc config        W ConfigurationHelper validateConfig AVKPR1008E: Exception
org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content was found starting with element ‘locationServiceType’. One of ‘{domains}’ is expected.
at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
at org.apache.xerces.util.ErrorHandlerWrapper.error(Unknown Source)

**************

[10/29/15 10:08:41:475 GMT] 00000170 proxy         E ProxyConfigWriter writeConfigFile AVKPR1008E: Exception
com.ibm.sip.config.ConfigurationMBeanException: cells/devsama001SSCCell/nodes/devsama00STMSNode2/servers/STMediaServer/proxy.xml

*************

[10/29/15 10:08:44:321 GMT] 00000170 registrar     E RegistrarConfigWriter writeConfigFile AVKPR1008E: Exception
com.ibm.sip.config.ConfigurationMBeanException: cells/devsama001SSCCell/nodes/devsama00STMSNode2/servers/STMediaServer/registrar.xml

# vi ./opt/IBM/WebSphere/AppServer/profiles/STSCDMgrProfile/config/cells/CELL/nodes/NODE/servers/STMediaServer/proxy.xml

<?xml version=”1.0″ encoding=”UTF-8″?>
<!– Copyright IBM Corp. 2008, 2014  All Rights Reserved.              –>

<!–
SIP Proxy server configuration file.
–>
<config>

<!–
Proxy settings:
isRecordRoute – true/false
Indicates whether the SIP Proxy remains on the SIP signaling path (works in a record-route mode)

isParallel – true/false
Indicates whether the SIP Proxy uses parallel or sequential search.

appSessionExpiration
Specifies application session expiration value in minutes

timerC
timer C value in minutes. This value must be greater than or equal to 3, recommended value is
3-5 minutes. This timer is set for each client transaction when an INVITE request is proxied.

routeRules –
Specifies a set of route rules that contains route conditions and destination address.
The routing rules are used to to determine the destination of the request.

–>

<proxy isRecordRoute=”true” isParallel=”false” appSessionExpiration=”10″
timerC=”4″ addDestinationPublicIP=”false”
locationServiceType=”dynamicCache”/>
<!–
<routeRules>
<rule priority=”” name=”” description=””>
<condition type=”method”></condition>
<condition type=”sourceAddress”></condition>
<condition type=”requestURI”></condition>
<condition type=”header” headerName=””></condition>
<destination>
<output>
<inputPattern type=”requestURI” value=””/>
<outputPattern type=”header” headerName=”Route” value=””/>
</output>
</destination>
</rule>
</routeRules>
–>
<domains>       <domain name=”devsama004.brockcloud.uk”/>       </domains> </config>

I compared this with another deployment which runs a slightly older version of 9 and it doesn’t have the text in bold above and looks like the following.

    <proxy isRecordRoute=”true” isParallel=”false” appSessionExpiration=”10″
timerC=”4″ addDestinationPublicIP=”false”/>

# cd /opt/IBM/WebSphere/AppServer/profiles/STSCDMgrProfile/config/cells/devsama001SSCCell/nodes/devsama00STMSNode2/servers/STMediaServer/

# cp ./proxy.xml ./proxy.xml.orig

# vi ./proxy.xml

I removed the offending line and then sync’d the nodes, logged out of the SSC and now I can update the Handled Domains sections without an error.

Once I build in production I will see whether the same problem is observed. If so, I will raise a PMR to check whether my workaround is valid. BTW – I was using the latest version of the SSC and Media Manager available from Fix Central.

When applying the latest version of the Video MCU available on Fix Central 9001-ST-Media-FP-SPIR-9ZTF3Z I faced problems when configuring the VMCU to use a TURN server.

1

I uninstalled and tried again but the result was the same. I found a draft Technote which didn’t help.

Problem
“service soft_mcu status” returns “SoftMcu service is unavailable” although soft_mcu is up.
Symptom
“service soft_mcu status” returns “SoftMcu service is unavailable” although soft_mcu is up.
You will encounter errors in accessing setting of MCU in System Console Server (SSC).
“An error occurred while retrieving the IP service.” in accessing “Video MCU global settings”.
“An error occurred while retrieving Video MCU users.” in accessing “Manage Users”.
“An error occurred while retrieving alarm health status” in accessing “Active Alarms”.
“An error occurred while logger configuration data” in accessing “Configure Logging Settings”

Cause
Due to deletion of necessary files under /tmp by tmpwatch cron.
Environment
Linux OS.
Diagnosing the problem
Video MCU places some files under /tmp directory including httpd.listen.conf that is necessary for status check of Video MCU (“service soft_mcu status”).

Resolving the problem
If you can not find it, tmpwatch cron has deleted files under /tmp unaccessed for more than 10 days as default.  Chek your cron setting and delete or modify the settings.
Stopping and starting re-create necessary files under /tmp.

I also found After updating Sametime System Console not able to see settings for VMCU which I followed even though I had not installed the SSC hot fix SPIR-9VM7XJ. This didn’t work either. I raised a PMR. Waiting for it to make it’s way up to L3 is slow going so I decided to uninstall and use an older version of the VMCU, 9001-ST-Media-FP-SPIR-9RHDAJ, which I could configure and didn’t get “an error occurred while retrieving the IP service.”

There was a bit of too’ing and fro’ing and the long and short of it is that I got the SSC hotfix, which I applied, and then upgraded the VMCU but I still got “an error occurred while retrieving the IP service” when attempting to update the settings.

L3 responded and told me that there is a known problem configuring the TURN server from the SSC and below is how to manually configure these settings.

  1. Open /mcms/Cfg/IPServiceListTmp.xml  (Make the backup of IPServiceListTmp.xml in case something goes wrong, so you can recover)
  2. In SIP_ADVANCED section, set three parameters as below:
    1. Set ICE_ENVIRONMENT to iceEnvironment_standard. By default, value is iceEnvironment_none.
    2. Set STUN_SERVER_IP to TURN server IP.  By default, value is 0.0.0.0
    3. Set TURN_SERVER_IP to TURN server IP.  By default, value is 0.0.0.0
After these changes, SIP_ADVANCED section will look like this.
<SIP_ADVANCED>
<SIP_ADVANCED_USER_NAME></SIP_ADVANCED_USER_NAME>
<ICE_ENVIRONMENT>iceEnvironment_standard</ICE_ENVIRONMENT>
<ICE_STANDARD_PARAMS>
<IS_PASSWORD_SERVER>false</IS_PASSWORD_SERVER>
<PASSWORD_SERVER_IP>0.0.0.0</PASSWORD_SERVER_IP>
<PASSWORD_SERVER_PORT>0</PASSWORD_SERVER_PORT>
<PASSWORD_SERVER_USER_NAME></PASSWORD_SERVER_USER_NAME>
<PASSWORD_SERVER_PASSWORD></PASSWORD_SERVER_PASSWORD>
<STUN_SERVER_IP>9.42.139.62</STUN_SERVER_IP>
<STUN_SERVER_PORT>3478</STUN_SERVER_PORT>
<TURN_SERVER_IP>9.42.139.62</TURN_SERVER_IP>
<TURN_SERVER_PORT>3478</TURN_SERVER_PORT>
</ICE_STANDARD_PARAMS>
</SIP_ADVANCED>
3. Restart the MCU service with “service soft_mcu restart” command. This will copy the TURN configuration from IPServiceListTmp.xml to IPServiceList.xml. MCU is now configured with TURN server. If you have any issues, send us  IPServiceList.xml and  IPServiceListTmp.xml files.
After doing this the the settings were populated correctly BUT you cannot update the values from the SSC, you need to change them in IPServiceListTmp.xml.
IBM tell me that an SSC fix will be available in 9.0.1 release soon.

For a customer I federated a secondary directory (SDS) to store external users in Connections 5.0 CR02. Their primary LDAP (AD) is used for employees. This is nothing new but what I found was that I couldn’t add groups from SDS as members within the external community. I also, couldn’t add groups from SDS to wikis or activities not that there’s any point doing this since external users cannot access these applications outside the community container.

Below is the stack trace I was seeing.

[9/25/15 7:59:19:491 BST] 0000472f MemberHelper  E com.ibm.tango.util.MemberHelper parseMemberDirectoryUuids
com.ibm.tango.exception.NotInDirectoryException: Received null directory data for group uuid: 6c97c140-f58e-1034-9213-b1677db2f55d
at com.ibm.tango.internal.service.core.GroupProfileBo.openByDirectoryUuid(GroupProfileBo.java:104)
at com.ibm.tango.internal.service.TangoServiceImpl.getGroupProfileByDirectoryUuid(TangoServiceImpl.java:7152)
at com.ibm.tango.internal.service.TangoServiceImpl.getGroupProfileByDirectoryUuid(TangoServiceImpl.java:7158)
at com.ibm.tango.util.MemberHelper.parseMemberDirectoryUuids(MemberHelper.java:183)
at com.ibm.tango.web.ui.actions.MemberAddSubmitAction.doActionExecute(MemberAddSubmitAction.java:239)
at com.ibm.tango.web.ui.actions.TangoAction.execute(TangoAction.java:144)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:421)…………………………….

I raised a PMR and quickly David McCarthy got on the case. He was able to reproduce. He found that by deleting the AD repository, leaving just SDS, he could add a group. After escalation to L3 they reported that there was a problem with the code and Directory Services (Waltz) were looking into it.

Today I was sent LO87091 which I applied and it now works.

This fix will be included in CR04 which I hear will be released in the new year after 5.5 has landed.

I like using objectGUID for Sametime servers that use AD as an LDAP source as it avoids running the name change task which quite frankly no one ever did.

The one thing that bugged me was checking user’s buddy lists from within vpuserinfo.nsf which is harder now the users name is replaced with their objectGUID.

You can get the users objectGUIID by running ldapsearch to get their ldif. The value returned is base64 encoded as seen below.

objectGUID:: rsfXUe2YI0uTmVfDZ0gMSQ==

This value does not match the documents in vpuserinfo.nsf.

bl2

If you get your hands on a Linux machine you can put the string through a decoder. There are web based alternatives available.

# echo rsfXUe2YI0uTmVfDZ0gMSQ== | base64 -d | xxd
0000000: aec7 d751 ed98 234b 9399 57c3 6748 0c49  …Q..#K..W.gH.I

If you add slashes after each two characters you can quickly see which document relates to the user.

bl3

Redirection of HTTP to HTTPS for Sametime is made possible by deploying a WebSphere proxy in front of Sametime Proxy or a Meeting server. Once configured you can use a routing rule to redirect a specific URL to another specific URL. What if you want every possible permutation to be directed to HTTPS?

1

It is well documented in http://blog.msbiro.net/2014/02/redir-htp-https-websphere-proxy-sametime-server.html and http://www-10.lotus.com/ldd/stwiki.nsf/dx/Forcing_Sametime_8.5.2_WebSphere_Application_server_to_use_HTTPS_TLS_encryption how to achieve this.

I have used the above method successfully for a while but it got me thinking how I would control a user accessing a meeting room directly as opposed to going to the meeting center which would be captured by the routing rule.

I raised a PMR after testing many scenarios with a WebSphere proxy fronting a Sametime Proxy and Meeting server and IBM told me that it is not possible with a WebSphere proxy but suggested I use IHS. Not his fault, he wasn’t a Sametime guy. But he did suggest that I take a look at using <transport-guarantee>CONFIDENTIAL</transport-guarantee>.

http://docs.oracle.com/javaee/5/tutorial/doc/bncbe.html describes how to achieve this. If you Google <transport-guarantee>CONFIDENTIAL</transport-guarantee> you will find a number of IBM docs on this which helps.

What I wasn’t sure of is whether to make the change in multiple places ie each war’s web.xml where there is a “<security-constraint>” stanza. It may be only appropriate to make the change on the login page and thus the war that relates to it but what if people went directly to a specific page bypassing the login page’s war.

I made the following changes on the SSC and then issued a full sync and restarted the STProxy. I also ensured that I had disabled the WebSphere proxies rule so that it didn’t step in.

[root@st9ssc ~]# cd /opt/IBM/WebSphere/AppServer/profiles/STSCDMgrProfile/config/cells/st9sscSSCCell/applications
[root@st9ssc applications]# cp -r ./SametimeProxy.ear/ /tmp/SametimeProxy.ear.backup

[root@st9ssc applications]# cd /opt/IBM/WebSphere/AppServer/profiles/STSCDMgrProfile/config/cells/st9sscSSCCell/applications/SametimeProxy.ear/deployments/SametimeProxy
[root@st9ssc SametimeProxy]# ll
total 56
drwxr-xr-x 4 root root 4096 Jan  6  2014 autoaway.war
-rw-r–r– 1 root root 5208 Jun 15 11:49 deployment.xml
drwxr-xr-x 2 root root 4096 Oct 24  2013 META-INF
drwxr-xr-x 4 root root 4096 May 26 17:42 proxyutils.war
drwxr-xr-x 4 root root 4096 Oct 24  2013 screencapture.war
drwxr-xr-x 4 root root 4096 Jan  6  2014 stmobileweb.war
drwxr-xr-x 4 root root 4096 Oct 24  2013 stproxybase.war
drwxr-xr-x 4 root root 4096 Oct 24  2013 stproxymobile.war
drwxr-xr-x 4 root root 4096 Oct 24  2013 stproxyredirect.war
drwxr-xr-x 4 root root 4096 Oct 24  2013 stproxyservlet.war
drwxr-xr-x 4 root root 4096 Oct 24  2013 stproxyweb.war
drwxr-xr-x 4 root root 4096 Oct 24  2013 stwebav.war
drwxr-xr-x 4 root root 4096 Jan  6  2014 workclasses

[root@st9ssc SametimeProxy]# vi /opt/IBM/WebSphere/AppServer/profiles/STSCDMgrProfile/config/cells/st9sscSSCCell/applications/SametimeProxy.ear/deployments/SametimeProxy/stmobileweb.war/WEB-INF/web.xml

<security-constraint>
<web-resource-collection>
<web-resource-name>SametimeProxy methods</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>HEAD</http-method>
</web-resource-collection>
<auth-constraint>
<description />
<role-name>AllUsers</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

[root@st9ssc SametimeProxy]# vi /opt/IBM/WebSphere/AppServer/profiles/STSCDMgrProfile/config/cells/st9sscSSCCell/applications/SametimeProxy.ear/deployments/SametimeProxy/stproxybase.war/WEB-INF/web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>SametimeProxy methods</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>HEAD</http-method>
</web-resource-collection>
<auth-constraint>
<description />
<role-name>AllUsers</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

[root@st9ssc SametimeProxy]# vi /opt/IBM/WebSphere/AppServer/profiles/STSCDMgrProfile/config/cells/st9sscSSCCell/applications/SametimeProxy.ear/deployments/SametimeProxy/stproxymobile.war/WEB-INF/web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Mobile installation</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint>
<description />
<role-name>AllUsers</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

[root@st9ssc SametimeProxy]# vi /opt/IBM/WebSphere/AppServer/profiles/STSCDMgrProfile/config/cells/st9sscSSCCell/applications/SametimeProxy.ear/deployments/SametimeProxy/stproxyredirect.war/WEB-INF/web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Sametime Proxy Server</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>AllAuthenticatedUsers</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

[root@st9ssc SametimeProxy]# vi /opt/IBM/WebSphere/AppServer/profiles/STSCDMgrProfile/config/cells/st9sscSSCCell/applications/SametimeProxy.ear/deployments/SametimeProxy/stproxyservlet.war/WEB-INF/web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>rtc4web based WebApp and GUI</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>HEAD</http-method>
</web-resource-collection>
<auth-constraint>
<description></description>
<role-name>AllUsers</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

[root@st9ssc SametimeProxy]# vi /opt/IBM/WebSphere/AppServer/profiles/STSCDMgrProfile/config/cells/st9sscSSCCell/applications/SametimeProxy.ear/deployments/SametimeProxy/stproxyweb.war/WEB-INF/web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>File Share methods</web-resource-name>
<url-pattern>/ajaxproxy/*</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>POST</http-method>
<http-method>DELETE</http-method>
<http-method>HEAD</http-method>
</web-resource-collection>
<auth-constraint>
<description>All users, registered and unregistered</description>
<role-name>AllAuthenticatedUsers</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>SametimeProxy methods</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>POST</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description>All users, registered and unregistered</description>
<role-name>AllAuthenticatedUsers</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

[root@st9ssc SametimeProxy]# vi /opt/IBM/WebSphere/AppServer/profiles/STSCDMgrProfile/config/cells/st9sscSSCCell/applications/SametimeProxy.ear/deployments/SametimeProxy/stwebav.war/WEB-INF/web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>WebAV Binaries Install Update</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint>
<description />
<role-name>AllUsers</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

Full sync.

[7/24/15 16:52:50:087 BST] 00000072 FileRepositor A   ADMR0012I: The repository epoch is refreshed.
[7/24/15 16:52:50:123 BST] 00000072 FileRepositor A   Repository epoch refresh
[7/24/15 16:52:54:307 BST] 00000664 FileRepositor A   ADMR0016I: User ldap.collaborationben.com:389/server:st9sscSSCCell_st9proxySTPNode1_nodeagent modified document cells/st9sscSSCCell/applications/SametimeProxy.ear/deployments/SametimeProxy/stproxyweb.war/WEB-INF/web.xml.
[7/24/15 16:52:54:329 BST] 00000664 FileRepositor A   ADMR0017I: User ldap.collaborationben.com:389/server:st9sscSSCCell_st9proxySTPNode1_nodeagent deleted document cells/st9sscSSCCell/applications/SametimeProxy.ear/deployments/SametimeProxy/stproxyweb.war/WEB-INF/.web.xml.swp.
[7/24/15 16:52:54:362 BST] 00000664 FileRepositor A   ADMR0016I: User ldap.collaborationben.com:389/server:st9sscSSCCell_st9proxySTPNode1_nodeagent modified document cells/st9sscSSCCell/applications/SametimeProxy.ear/deployments/SametimeProxy/stwebav.war/WEB-INF/web.xml.
[7/24/15 16:52:54:416 BST] 00000664 FileRepositor A   ADMR0016I: User ldap.collaborationben.com:389/server:st9sscSSCCell_st9proxySTPNode1_nodeagent modified document cells/st9sscSSCCell/applications/SametimeProxy.ear/deployments/SametimeProxy/stproxyredirect.war/WEB-INF/web.xml.
[7/24/15 16:52:54:456 BST] 00000664 FileRepositor A   ADMR0016I: User ldap.collaborationben.com:389/server:st9sscSSCCell_st9proxySTPNode1_nodeagent modified document cells/st9sscSSCCell/applications/SametimeProxy.ear/deployments/SametimeProxy/stproxymobile.war/WEB-INF/web.xml.
[7/24/15 16:52:54:497 BST] 00000664 FileRepositor A   ADMR0016I: User ldap.collaborationben.com:389/server:st9sscSSCCell_st9proxySTPNode1_nodeagent modified document cells/st9sscSSCCell/applications/SametimeProxy.ear/deployments/SametimeProxy/stmobileweb.war/WEB-INF/web.xml.
[7/24/15 16:52:54:534 BST] 00000664 FileRepositor A   ADMR0016I: User ldap.collaborationben.com:389/server:st9sscSSCCell_st9proxySTPNode1_nodeagent modified document cells/st9sscSSCCell/applications/SametimeProxy.ear/deployments/SametimeProxy/stproxyservlet.war/WEB-INF/web.xml.
[7/24/15 16:52:54:609 BST] 00000664 FileRepositor A   ADMR0016I: User ldap.collaborationben.com:389/server:st9sscSSCCell_st9proxySTPNode1_nodeagent modified document cells/st9sscSSCCell/applications/SametimeProxy.ear/deployments/SametimeProxy/stproxybase.war/WEB-INF/web.xml.
[7/24/15 16:52:55:856 BST] 00000664 NodeSyncTask  A   ADMS0003I: The configuration synchronization completed successfully.
[7/24/15 16:52:56:612 BST] 0000066c AppBinaryProc I   ADMA7021I: Distribution of application SametimeProxy completed successfully.

I still have the WebSphere proxy in front of STProxy which isn’t needed now but when ever I hit the STProxy or WebSphere proxy on their unsecured ports (WC_defaulthost or PROXY_HTTP_ADDRESS) I am redirected to the secure port of the application server (WC_defaulthost_secure).

Early testing looks good. I haven’t tested integration with Meetings, AV or mobile but I will do in time. Mobile may be a bit tricky as this is asking the client to redirect but I would have hoped the mobile app would have been configured to use HTTPS anyway.

One problem would be that each time the STProxy is updated from a fix from fix Central or IBM support these changes will be overwritten and will need to be made again. Also, this would do away with the need for a WebSphere proxy if it is being used solely for redirection to SSL. If you have a cluster of Meeting servers then you will still need WebSphere proxies.

In the circumstance of clustered WebSphere proxies the problem I see arising is that the redirection uses the secure port listed in the virtual host for the application server and not that of the WebSphere proxy. This means that unless the WebSphere proxy is on another host or bound to port 443 on a second NIC on the same node as the Meeting application server then you will not be able to redirect to 443 properly. You can’t have two things listening on 443 on the same host using the same NIC.

Nevertheless, without being able to use Apache or IHS this provides a useful alternative.

 

 

Follow

Get every new post delivered to your Inbox.

Join 105 other followers