A customer was having a problem with notifications sent to someone using a mobile device logged into an STProxy server. The name of the server was not “Server” as it is normally but rather a random other server. There were two approaches, continue fixing it or remove the “Server” name and replace it with the name of the recipient which personally sounded a far better option.

The (always) helpful Cormac O’Leary from the Sametime PMR team assisted and liaised with L3 and provided me with a new cumulative hot fix. Once installed I had to add  to edit stproxyconfig.xml, located in AppServer/profiles/<Profile_Name>/config/cells/<Cell_Name>/nodes/<Node_Name>/servers/STProxyServer/stproxyconfig.xml

Add the following values to the <configuration> element. If a <mobile> element is already present, add the <disableSystemNoficiations> element to that existing element.

<mobile>

<disableSystemNotifications>true</disableSystemNotifications>

</mobile>

Now when an IM is sent to a using on a mobile device the name of the announcement is not “Server” as it is currently but rather the recipient’s name.

new STProxy announcement

Following on from Sametime on iPhone – APNS test application I was sent another APNs test application during troubleshooting another STProxy/iPhone problem. This time you can return the certificate being used and also resend notifications to the device. The application can be obtained here.

Running the following will provide you with the details of the certificate being used which can be checked against Apple’s documentation.

/opt/IBM/WebSphere/AppServer/java/bin/java -jar apnstest.jar
Testing using default key
About to attempt to connect to APNS
Initialized SSL Context
SSL Socket Created
Starting SSL Handshake
SSL Handshake Complete
CN=gateway.push.apple.com, OU=iTMS Engineering, O=Apple Inc., L=Cupertino, ST=California, C=US
CN=Entrust Certification Authority – L1C, OU=”(c) 2009 Entrust, Inc.”, OU=www.entrust.net/rpa is incorporated by reference, O=”Entrust, Inc.”, C=US
Successfully Connected to APNS

To resend notifications, first of all you need to change the format of the APNs trace output to something meaningful such as Base-64. To do that you need to backup and then replace stproxyservices.jar with the edited version here. The location of the file is /AppServer/profiles/STPAppProfile/optionalLibraries/stproxy/stproxyservices.jar

Now add *=info:  com.ibm.rtc.stproxy.*=all: com.ibm.collaboration.realtime.*=all to the STProxyServer.

You will see that within trace.log that the text is now viewable with the Base-64 encoding. You will need to find the notification sent which will start with “sendMessageAPNS-B64″

[04/01/13 11:03:27:966 GMT] 0000003e APNSService   3   sendMessageAPNS-B64 (******************************************hB8+OIzkdBjW0wJEAaHsiYXBzIjp7ImFsZXJ0Ijp7I***************************************ZSI6MSwic291bmQiOiJkZWZhdWx0In19)

Using the same jar you can replay this notification with the following command.

/opt/IBM/WebSphere/AppServer/java/bin/java -jar ./apnstest.jar ******************************************hB8+OIzkdBjW0wJEAaHsiYXBzIjp7ImFsZXJ0Ijp7I***************************************ZSI6MSwic291bmQiOiJkZWZhdWx0In19
Testing using default key
About to attempt to connect to APNS
Initialized SSL Context
SSL Socket Created
Starting SSL Handshake
SSL Handshake Complete
CN=gateway.push.apple.com, OU=iTMS Engineering, O=Apple Inc., L=Cupertino, ST=California, C=US
CN=Entrust Certification Authority – L1C, OU=”(c) 2009 Entrust, Inc.”, OU=www.entrust.net/rpa is incorporated by reference, O=”Entrust, Inc.”, C=US
Successfully Connected to APNS
About to send message…
Parsed message:  ◄?q??T?j?$?0?qa?#9↔♠5??h{“aps”:{“alert”:{“loc-key”:”NEW_CHAT_MESSAGE”,”loc-args”:["Ben  Williams"]},”badge”:1,”sound”:”default”}}
Sent message to APNS

All of the above was run on Linux.

Having upgraded a customers deployment of Sametime to 8.5.2.1 we found that notifications were not appearing on the devices when the device was in a “paused” state.

How this works is that User A (Notes client) sends an IM to User B (using iPhone application) and the IM is received instantly. The iPhone is registered with the APNS and is assigned a device token which has been sent that same device token to STProxy.

If the iPhone is locked the Sametime application is running in the background in a “paused” state. The application sends to STProxy the “pause” command and it then goes to the back ground. After 10 minutes the application goes into “APNS mode” before then IM’s will be received via a direct connection with STProxy.

User A sees User B’s Sametime status as “Away” and on sending an IM User A receives an announcement in his Notes client (configurable) that User B is on a mobile device and the message may be delayed. At this point STProxy knows the user is in a paused state and stores the IM in a database.

STProxy knows that User B is in a “paused” state so sends the device token to the APNS and requests that a push notification be sent to the device. APNS sends this push notification and the device displays a notification that there is an IM waiting to be read.

When User B views the notification it brings the application on the iPhone to the foreground and connects to STProxy and sends a command to it to retrieve messages.

STProxy then sends the queued IMs which were stored in the database to the device. The IMs are then removed from the database.

Looking at STProxy’s SystemOut.log and trace.log (if enabled) you can see output similar to:

[10/10/12 17:32:51:786 BST] 0000002a APNSService   W com.ibm.collaboration.realtime.stproxy.services.APNS.APNSService startAPNS CLFRX0079W: Unable to establish an SSL connection to the APNS service Connection timed out
[10/10/12 17:32:51:790 BST] 0000002a APNSService   W com.ibm.collaboration.realtime.stproxy.services.APNS.APNSService startAPNS CLFRX0080W: Unable to send message to the APNS: null ssl socket
[10/10/12 17:44:22:038 BST] 00002e89 APNSService   W com.ibm.collaboration.realtime.stproxy.services.APNS.APNSService monitorFeedbackService CLFRX0081W: Unable to establish an SSL connection to the APNS feedback service Connection timed out

This could be explained by Updated security certificate for Push Notifications (iOS) but I know that is not the case as I applied the patch during the upgrade.

I tried using telnet but couldn’t connect so asked the customer to check with networks whether the ports had actually been opened.

# telnet gateway.push.apple.com 2195
Trying 17.172.238.214…

# telnet feedback.push.apple.com 2196
Trying 17.172.238.216…

It turns out the ports have not been opened but IBM did send me a useful test application which you can use to test connection to APNS. You can download apnstest.jar and follow the instructions below.

Windows
——-
From a command prompt in the directory to which the above file was copied, run the following commands:
(Replace C:\IBM\WebSphere\AppServer with the path to the AppServer directory)
C:\IBM\WebSphere\AppServer\java\bin\java -jar apnstest.jar

(Replace <ST Proxy Cell> with the cell name which ST Proxy is deployed to. Replace <ST Proxy Node Name> with the name of the node which ST Proxy is deployed on)
C:\IBM\WebSphere\AppServer\java\bin\java -jar apnstest.jar “C:\IBM\WebSphere\AppServer\profiles\STPAppProfile\config\cells\<STProxy Cell Name>\nodes\<ST Proxy Node Name>\apns-prod.pkcs12″

Linux
—–
From a terminal in the directory to which the above file was copied, run the following commands:
(Replace /opt/IBM/WebSphere/AppServer with the path to the AppServer directory)
/opt/IBM/WebSphere/AppServer/java/bin/java -jar apnstest.jar

(Replace <ST Proxy Cell> with the cell name which ST Proxy is deployed to. Replace <ST Proxy Node Name> with the name of the node which ST Proxy is deployed on)
/opt/IBM/WebSphere/AppServer/java/bin/java -jar apnstest.jar “/opt/IBM/WebSphere/AppServer/profiles/STPAppProfile/config/cells/<ST Proxy Cell Name>/nodes/<ST Proxy Node Name>/apns-prod.pkcs12″

This should produce output similar to the following:

Testing using default key
About to attempt to connect to APNS
Initialized SSL Context
SSL Socket Created
Starting SSL Handshake
SSL Handshake Complete
Successfully Connected to APNS

A while ago I worked with Frank Altenburg of ISSL on a customer engagement and one of the many titbits of information he gave me was how to change the context root so that users could enter http://server.company.com or http://server.company.com/chat for example and be redirected to http://server.company.com/stwebclient/index.jsp automatically.

I used this approach in a proof of concept environment whilst deploying Sametime 8.5 some time ago for a customer and worked well for redirecting the URL for the Proxy.

You can get the war file here.

In Sametime 8.5.1 the Meeting Server already has this application and does not need this war any more.

Log into the SSC.

Stop the Sametime Proxy.

Change to applications.

Install a new application.

Browse in the “Local file system” if you have the war locally on your workstation (from where you have started the browser and accessed the SSC).
Use “Remote file system” if you have already copied the war file to the Proxy server’s OS.

Select the “proxy.server.root.war” file and select Next.

Select the default “Fast Path” and click “Next.”

Accept the default and click “Next.”

If you are installing in a single node just accept the defaults and click the “Next” button. If you are installing in a Cluster, then change the setting In the “Cluster and services” select the node / server or Cluster (the Proxy Cluster) you want to install the application to. Then check the “Select” check box. Then click the “Apply” button. Then click the “Next” button.

The context root path normally is “/.” This means that when a user enters “http://server.company.com&#8221; it will be automatic redirected to “http://server.company.com/stwebclient/index.jsp.&#8221; If you want the users accessing the system with “http://server.company.com/chat&#8221; then enter in this field just “/chat.” Then click the “Next” button.

I read with interest Carl Tyler’s recent blog entry Sametime Proxy in which he talks about the Sametime Proxy. I agree with Carl that the Proxy is a great piece of technology and a great replacement for STLinks.

I demo’d in my blog entry Sametime Proxy in iNotes – death of STLinks? how the Proxy can be used to replace STLinks in iNotes which should be supported in Sametime 8.5.2 (from what I was told last)…..

Not being of a development mindset I do not fully appreciate it as a toolkit but I do appreciate it from an infrastructure and functionality standpoint and the customers who have adopted it appreciate it’s features.

I look forward to Carl’s forthcoming blog entries so keep an eye on his blog.

I noticed that a white paper from Andy Yiu was released two weeks ago focusing on the architecture of Sametime 8.5x. There is some good information in there and I’d recommend that anyone working with the technology should read it. It’s good to see that information is continuing to be released.

developerWorks article

An IBM’er dropped me an email this afternoon about a portlet which has been released for Portal 7 which integrates with the STProxy. This looks to replace the out dated Sametime Contact List portlet and remove STLinks from Portal.

Now, I haven’t had the chance to try it out but I will soon and post more information.

If someone gets the chance to deploy it please let me know how you get on.

You can get it from the Greenhouse

More information has  become available this morning and a Wiki article has been written.

Follow

Get every new post delivered to your Inbox.

Join 57 other followers