Error accessing Sametime SIP Proxy Registrar in SSC

During a build in a development environment on RHEL 6.7 for a customer I came across “unable to read data from SIP Proxy, check error logs for more detail.” This was after installing the combined PR & CF and attempting to update the domain name.

2

I found a Technote, Audio and Video is not available in Sametime – Error: “Unable to read data from SIP registrar, check error logs for more details” which was of no use to me.

In the deployment manager  SystemOut.log I saw the following:

[10/29/15 10:07:15:105 GMT] 000001cc config        W ConfigurationHelper validateConfig AVKPR1008E: Exception
org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content was found starting with element ‘locationServiceType’. One of ‘{domains}’ is expected.
at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
at org.apache.xerces.util.ErrorHandlerWrapper.error(Unknown Source)

**************

[10/29/15 10:08:41:475 GMT] 00000170 proxy         E ProxyConfigWriter writeConfigFile AVKPR1008E: Exception
com.ibm.sip.config.ConfigurationMBeanException: cells/devsama001SSCCell/nodes/devsama00STMSNode2/servers/STMediaServer/proxy.xml

*************

[10/29/15 10:08:44:321 GMT] 00000170 registrar     E RegistrarConfigWriter writeConfigFile AVKPR1008E: Exception
com.ibm.sip.config.ConfigurationMBeanException: cells/devsama001SSCCell/nodes/devsama00STMSNode2/servers/STMediaServer/registrar.xml

# vi ./opt/IBM/WebSphere/AppServer/profiles/STSCDMgrProfile/config/cells/CELL/nodes/NODE/servers/STMediaServer/proxy.xml

<?xml version=”1.0″ encoding=”UTF-8″?>
<!– Copyright IBM Corp. 2008, 2014  All Rights Reserved.              –>

<!–
SIP Proxy server configuration file.
–>
<config>

<!–
Proxy settings:
isRecordRoute – true/false
Indicates whether the SIP Proxy remains on the SIP signaling path (works in a record-route mode)

isParallel – true/false
Indicates whether the SIP Proxy uses parallel or sequential search.

appSessionExpiration
Specifies application session expiration value in minutes

timerC
timer C value in minutes. This value must be greater than or equal to 3, recommended value is
3-5 minutes. This timer is set for each client transaction when an INVITE request is proxied.

routeRules –
Specifies a set of route rules that contains route conditions and destination address.
The routing rules are used to to determine the destination of the request.

–>

<proxy isRecordRoute=”true” isParallel=”false” appSessionExpiration=”10″
timerC=”4″ addDestinationPublicIP=”false”
locationServiceType=”dynamicCache”/>
<!–
<routeRules>
<rule priority=”” name=”” description=””>
<condition type=”method”></condition>
<condition type=”sourceAddress”></condition>
<condition type=”requestURI”></condition>
<condition type=”header” headerName=””></condition>
<destination>
<output>
<inputPattern type=”requestURI” value=””/>
<outputPattern type=”header” headerName=”Route” value=””/>
</output>
</destination>
</rule>
</routeRules>
–>
<domains>       <domain name=”devsama004.brockcloud.uk”/>       </domains> </config>

I compared this with another deployment which runs a slightly older version of 9 and it doesn’t have the text in bold above and looks like the following.

    <proxy isRecordRoute=”true” isParallel=”false” appSessionExpiration=”10″
timerC=”4″ addDestinationPublicIP=”false”/>

# cd /opt/IBM/WebSphere/AppServer/profiles/STSCDMgrProfile/config/cells/devsama001SSCCell/nodes/devsama00STMSNode2/servers/STMediaServer/

# cp ./proxy.xml ./proxy.xml.orig

# vi ./proxy.xml

I removed the offending line and then sync’d the nodes, logged out of the SSC and now I can update the Handled Domains sections without an error.

Once I build in production I will see whether the same problem is observed. If so, I will raise a PMR to check whether my workaround is valid. BTW – I was using the latest version of the SSC and Media Manager available from Fix Central.

Advertisements

Sametime meeting widget on IBM Connections 5.0 CR02 – error 403

I like the integration points between Connections and Sametime. The meeting room widget is a useful bridge which allows you to create meeting rooms to be used for a community. This means there is no need to create your own and try to remember who needs access to the room, whether the content needs to be removed etc. The widget keeps the membership of the meeting room in line with the membership of the community via a member synchroniser (or synchronizer).

I had some problems with CR02. I didn’t have the same problems with 4.5 and various CRs.

Firstly, the documentation in the knowledge center is inaccurate and a bit sloppy though I think that was still the case with 4.5. You can see the various comments me and others have posted on the pages. Read these comments, as I don’t know whether IBM have updated the main text yet.

If you follow the instructions as well my comments you should get as far as getting 403 exceptions in the widget. This is an AJAX proxy error BUT based on the documentation the configuration is correct. I raised a PMR with IBM and over the weeks the following steps were taken which resolved the problem.

I will provide snippets of the various files I made changes to so please supplement the knowledge center with my findings.

Ifixes

There are two ifixes I applied.

LO84327: [CR2 IFIX NEEDED]BACK PORT IC DEFECTS 132826 \133551\ 133335\130590 TO THE 5.0 CR STREAM TO SUPPORT THE SAME
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1LO84327

LO84399: WIDGETS (3RD PARTY) NOT LOADING IN COMMUNITIES AFTER UPGRADING TO IC5.0 CR2
https://www-304.ibm.com/support/entdocview.wss?uid=swg1LO84399

widget-config.xml

The use of {communitiesSvcRef} is more in line with the other contents of this file. It avoids needing to hard code the “url” and “iconUrl” values. Also, never call the xml or jpg using c:\ or /opt/IBM/ as the images will not show properly in a web browser.

The last thing that got this working was to remove any reference to the port number from “sametimeMeetingsServerUrl.” I had followed the knowledge center and added “:443″ to the end of it.

</widgetDef>
<widgetDef defId=”Meeting Rooms” primaryWidget=”false” modes=”view fullpage” uniqueInstance=”true” url=”{communitiesSvcRef}/MeetingRoomsWidget/MeetingRoomsWidget1.xml” iconUrl=”{communitiesSvcRef}/MeetingRoomsWidget/meetings-icon.jpg”>
<itemSet>
<item name=”sametimeMeetingsServerUrl” value=”https://meetings.collaborationben.com&#8221; />
<item name=”widgetFilePath” value=”/communities/MeetingRoomsWidget/” />
<item name=”communitiesBaseUrl” value=”{communitiesSvcRef}”/>
</itemSet>
</widgetDef>
<widgetDef defId=”Members” primaryWidget=”false” modes=”view fullpage” showInPalette=”false” uniqueInstance=”true” url=”{webresourcesSvcRef}/web/lconn.comm/communityMembers/communityMembers.xml?etag={version}” helpLink=”{helpSvcRef}/topic/com.ibm.lotus.connections.communities.help/t_com_membership_view.html”>
<itemSet>
<item name=”membersPerPage” value=”12″/>
<item name=”membersPerPageFullPage” value=”16″/>
</itemSet>
</widgetDef>

proxy-config.tpl

Be mindful of the forward slash and star in the “policy url.” Also, if you follow the example in the knowledge center then wsadmin will error when you try to check the file in because the order is incorrect (unless they have updated the entry).

<!– BEGIN CUSTOMIZATIONS HERE –>
<proxy:policy url=”https://meetings.collaborationben.com/*&#8221; acf=”none”>
<proxy:actions>
<proxy:method>GET</proxy:method>
<proxy:method>HEAD</proxy:method>
<proxy:method>POST</proxy:method>
<proxy:method>PUT</proxy:method>
<proxy:method>DELETE</proxy:method>
</proxy:actions>
<proxy:headers>
<proxy:header>X-ST-CSRF-Token</proxy:header>
<proxy:header>User-Agent</proxy:header>
<proxy:header>Accept.*</proxy:header>
<proxy:header>Content.*</proxy:header>
<proxy:header>Authorization.*</proxy:header>
<proxy:header>If-.*</proxy:header>
<proxy:header>Pragma</proxy:header>
<proxy:header>Cache-Control</proxy:header>
<proxy:header>X-Update-Nonce</proxy:header>
<proxy:header>WWW-Authenticate.*</proxy:header>
<proxy:header>Access.*</proxy:header>
</proxy:headers>
<proxy:cookies>
<proxy:cookie>LtpaToken</proxy:cookie>
<proxy:cookie>LtpaToken2</proxy:cookie>
<proxy:cookie>JSESSIONID</proxy:cookie>
</proxy:cookies>
</proxy:policy>

proxy-policy.dynamic

IBM suggested that I add this. I added the following entries early on in the course of the PMR to rule out AJAX proxy permissions. This may not be required but I haven’t tested it without it.

allow(“.*”, “.*”, “http\\:\\/\\/meetings\\.collaborationben\\.com\\/.*”);
allow(“.*”, “.*”, “https\\:\\/\\/meetings\\.collaborationben\\.com\\/.*”);

Creating a shared library

Don’t blindly copy and paste the contents of http://www-01.ibm.com/support/knowledgecenter/SSKTXQ_9.0.0/admin/install/inst_meet_rooms_widget_create_shared_lib.dita because in a previous step you unpacked the SDK files into different directories.

Error 412

The final error I got (after the 403) was a 412 error which is mentioned in the knowledge center and one that I came across in 4.5.

412 Failure to create a meeting room.
Possible cause:

The X-ST-CSRF-Token is invalid. Connections has set the HTTPONLY flag.

Workaround for error 412:
Note: Only implement this workaround if you understand its effects and consequences.

Log in to the WebSphere Integrated Solutions Console as the WebSphere administrator. (The URL ends with /ibm/console).
Click Servers > ServerTypes > WebSphere application servers.
Select the server you are working with.
In the Container settings section, click Web container settings > Web container.
In the Additional properties section, click Session management.
Click Enable cookies hyperlink.
Ensure that the Set session cookies to HTTPOnly to help prevent cross-site scripting attacks option is NOT selected.
Click Apply.
Resynchronize the nodes, and restart the WebSphere application server.

I disabled Set session cookies to HTTPOnly to help prevent cross-site scripting attacks for all the Connections applications servers, synced and restarted.

Testing

Since I only had the one community that had the widget applied to before the final changes I can’t say for sure they you will need to remove the widget and add it again or simply refresh it. You should experiment for yourselves and be mindful of any browser caching.

With this in mind, it should be working nicely for you.

2

View all

I have noticed that “view all” does nothing when clicked on it. I created six meeting rooms through the widget. The widget only shows five so I expected that it should take me to the “Meeting rooms” view where all rooms are shown. In Fiddler nothing is reported. I have asked the question of IBM.

Sametime Configuration Validator

I admit I was a bit late checking this out but I’m glad I finally took the time to install it. This Eclipse tool allows you to export data from your Community server such as sametime.ini, stconfig.nsf as well as the output from backupConfig.sh for the WebSphere components and check for configuration problems.

Like many of these tools the report makes suggestions as to possible configuration errors such as with LDAP which may not actually be a problem for a customer but does highlight potential problems and becomes invaluable if you are actually faced with problems highlighted in the report.

What I like about this tool is the fact that I can get a lot of data in one place and export it to pdf in a nice format. This replaces the need to delve in databases, text files and xmls and makes it easier to revert back to. Working for an IBM business partner I could see the benefit of using this to compliment a Sametime health check.

If you want to read more about it below are a selection of links that I found useful.

http://www-01.ibm.com/support/docview.wss?uid=swg27035839&aid=1

http://www-01.ibm.com/support/docview.wss?uid=swg27035839

http://www-10.lotus.com/ldd/stwiki.nsf/dx/Sametime_Configuration_Validator