Gone, but not forgotten

For over twelve years I have worked for an IBM Business Partner in the UK focusing on IBM Collaboration Solutions and I have loved every minute of it but it’s time to move on to a new challenge which is not within the ICS community.

Coming from Domino third level support I crossed over easily to Sametime 6.5.1 which at that time was an add on to the underlying Domino server (still true to an extent now). Sametime was my first love. It should have been easy, right? An additional installer on top of Domino and for many deployments it was and still is although not so much now with WebSphere and DB2 in the mix.

What I loved were the problems Sametime caused or should I say, problems caused when you introduced Sametime to a large user base. I wrestled for many days tuning Sametime for a large deployment of over 40,000, tracing LDAP, debugging the text files and tweaking the sametime.ini. This was a baptism of fire and I loved Sametime more for the pain it caused me. I learnt so much, much of it I still remember and often come across when deploying Sametime for customers.

In 2007 I went to Collaboration University in London as Quickr had been recently released. It was my first introduction to the ICS community. Being in the same place as dozens of others all with the same approach of making Sametime, Quickr and Domino successful was intoxicating. I had already quite a bit of experience of Sametime but it helped to be in the same place as Chris Miller, Carl Tyler, Rob Novak and Warren Elsmore to bolster that knowledge and start learning about Quickr. Quickr took off incredibly quickly being easy to implement and manage which is why it’s still being used now long after it went end of life.

In recent years Connections has been the application that seems to be more in demand so I have seen my time split between the two applications. I remember being introduced to Connections, also in 2007, at a course in Hursley which described deploying and configuring Connections 2.0. At that point there were only six applications and Bookmarks was called Dogear!

Connections is a wonderfully complex set of applications which has come a long way from the days when they were a collection of disparate applications bundled together with WAS acting as the glue. The premise to get people working together better and allow you to find information quickly so you can focus on your job. For many people like me that resonates. I get paid to work with software that allows people to work together better, to formulate relationships with one another and most importantly to share. You might argue the case that is the same of all software but that’s not true. Connections is unique to that extent.

I don’t know whether it was Connections that started my journey or whether it was already something inside of me but sharing is one of the most important aspects of my job. Connections is all about sharing. Information is put into Connections for others to consume. They have a subject of interest and Connections allows them to find a person with knowledge of that subject, to follow them, to communicate with them, to add their take on the subject.

This approach to sharing makes public all your knowledge. No more do you find that people are keeping information in their mail files or P drives, it’s all there to be found. The days when you hoarded your information to make you seem indispensable to your employer are gone. People who are actively sharing their information are now seen to be those who are indispensable.

This sharing concept is underlined by two excellent Skype chat groups for Sametime and Connections. Within these two chat rooms are people such as Gabriella Davies, Robert Farstad, Michele Buccarello, Sharon James, Christoph Stoettner, Keith Brooks, Marco Ensing, Matteo Bisi, Michael Urspringer, Nico Meisenzahl, Roberto Boccadoro, Wannes Rams, Chris Whisonant and many others I haven’t mentioned. They are busy people but they help with problems whenever they have a spare 10 minutes. They share their wisdom and experience with whomever asks regardless of the complexity of question. The underlying sharing ideology runs through all these people, through the software into the wider ICS community.

As I alluded to in the opening paragraph, I am set for a new challenge and searching for the right challenge has taken me outside of the ICS product portfolio but I am staying within the larger IBM sphere. I am joining IBM Resilient working on their security incident response platform which was bought by IBM last year. It looks like an exciting time to be joining what is a growing industry.

I am sad to leave such a wonderful community at such an exciting stage with Pink gaining traction. I strongly believe Pink and it’s underlying platform will be a success especially with the aforementioned people driving the product forward.

Whilst I will soon be gone, the years working with this software will not be forgotten and neither will the friends and colleagues I have made along the way.

Advertisements

Error accessing Sametime SIP Proxy Registrar in SSC

During a build in a development environment on RHEL 6.7 for a customer I came across “unable to read data from SIP Proxy, check error logs for more detail.” This was after installing the combined PR & CF and attempting to update the domain name.

2

I found a Technote, Audio and Video is not available in Sametime – Error: “Unable to read data from SIP registrar, check error logs for more details” which was of no use to me.

In the deployment manager  SystemOut.log I saw the following:

[10/29/15 10:07:15:105 GMT] 000001cc config        W ConfigurationHelper validateConfig AVKPR1008E: Exception
org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content was found starting with element ‘locationServiceType’. One of ‘{domains}’ is expected.
at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
at org.apache.xerces.util.ErrorHandlerWrapper.error(Unknown Source)

**************

[10/29/15 10:08:41:475 GMT] 00000170 proxy         E ProxyConfigWriter writeConfigFile AVKPR1008E: Exception
com.ibm.sip.config.ConfigurationMBeanException: cells/devsama001SSCCell/nodes/devsama00STMSNode2/servers/STMediaServer/proxy.xml

*************

[10/29/15 10:08:44:321 GMT] 00000170 registrar     E RegistrarConfigWriter writeConfigFile AVKPR1008E: Exception
com.ibm.sip.config.ConfigurationMBeanException: cells/devsama001SSCCell/nodes/devsama00STMSNode2/servers/STMediaServer/registrar.xml

# vi ./opt/IBM/WebSphere/AppServer/profiles/STSCDMgrProfile/config/cells/CELL/nodes/NODE/servers/STMediaServer/proxy.xml

<?xml version=”1.0″ encoding=”UTF-8″?>
<!– Copyright IBM Corp. 2008, 2014  All Rights Reserved.              –>

<!–
SIP Proxy server configuration file.
–>
<config>

<!–
Proxy settings:
isRecordRoute – true/false
Indicates whether the SIP Proxy remains on the SIP signaling path (works in a record-route mode)

isParallel – true/false
Indicates whether the SIP Proxy uses parallel or sequential search.

appSessionExpiration
Specifies application session expiration value in minutes

timerC
timer C value in minutes. This value must be greater than or equal to 3, recommended value is
3-5 minutes. This timer is set for each client transaction when an INVITE request is proxied.

routeRules –
Specifies a set of route rules that contains route conditions and destination address.
The routing rules are used to to determine the destination of the request.

–>

<proxy isRecordRoute=”true” isParallel=”false” appSessionExpiration=”10″
timerC=”4″ addDestinationPublicIP=”false”
locationServiceType=”dynamicCache”/>
<!–
<routeRules>
<rule priority=”” name=”” description=””>
<condition type=”method”></condition>
<condition type=”sourceAddress”></condition>
<condition type=”requestURI”></condition>
<condition type=”header” headerName=””></condition>
<destination>
<output>
<inputPattern type=”requestURI” value=””/>
<outputPattern type=”header” headerName=”Route” value=””/>
</output>
</destination>
</rule>
</routeRules>
–>
<domains>       <domain name=”devsama004.brockcloud.uk”/>       </domains> </config>

I compared this with another deployment which runs a slightly older version of 9 and it doesn’t have the text in bold above and looks like the following.

    <proxy isRecordRoute=”true” isParallel=”false” appSessionExpiration=”10″
timerC=”4″ addDestinationPublicIP=”false”/>

# cd /opt/IBM/WebSphere/AppServer/profiles/STSCDMgrProfile/config/cells/devsama001SSCCell/nodes/devsama00STMSNode2/servers/STMediaServer/

# cp ./proxy.xml ./proxy.xml.orig

# vi ./proxy.xml

I removed the offending line and then sync’d the nodes, logged out of the SSC and now I can update the Handled Domains sections without an error.

Once I build in production I will see whether the same problem is observed. If so, I will raise a PMR to check whether my workaround is valid. BTW – I was using the latest version of the SSC and Media Manager available from Fix Central.

Sametime meeting widget on IBM Connections 5.0 CR02 – error 403

I like the integration points between Connections and Sametime. The meeting room widget is a useful bridge which allows you to create meeting rooms to be used for a community. This means there is no need to create your own and try to remember who needs access to the room, whether the content needs to be removed etc. The widget keeps the membership of the meeting room in line with the membership of the community via a member synchroniser (or synchronizer).

I had some problems with CR02. I didn’t have the same problems with 4.5 and various CRs.

Firstly, the documentation in the knowledge center is inaccurate and a bit sloppy though I think that was still the case with 4.5. You can see the various comments me and others have posted on the pages. Read these comments, as I don’t know whether IBM have updated the main text yet.

If you follow the instructions as well my comments you should get as far as getting 403 exceptions in the widget. This is an AJAX proxy error BUT based on the documentation the configuration is correct. I raised a PMR with IBM and over the weeks the following steps were taken which resolved the problem.

I will provide snippets of the various files I made changes to so please supplement the knowledge center with my findings.

Ifixes

There are two ifixes I applied.

LO84327: [CR2 IFIX NEEDED]BACK PORT IC DEFECTS 132826 \133551\ 133335\130590 TO THE 5.0 CR STREAM TO SUPPORT THE SAME
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1LO84327

LO84399: WIDGETS (3RD PARTY) NOT LOADING IN COMMUNITIES AFTER UPGRADING TO IC5.0 CR2
https://www-304.ibm.com/support/entdocview.wss?uid=swg1LO84399

widget-config.xml

The use of {communitiesSvcRef} is more in line with the other contents of this file. It avoids needing to hard code the “url” and “iconUrl” values. Also, never call the xml or jpg using c:\ or /opt/IBM/ as the images will not show properly in a web browser.

The last thing that got this working was to remove any reference to the port number from “sametimeMeetingsServerUrl.” I had followed the knowledge center and added “:443″ to the end of it.

</widgetDef>
<widgetDef defId=”Meeting Rooms” primaryWidget=”false” modes=”view fullpage” uniqueInstance=”true” url=”{communitiesSvcRef}/MeetingRoomsWidget/MeetingRoomsWidget1.xml” iconUrl=”{communitiesSvcRef}/MeetingRoomsWidget/meetings-icon.jpg”>
<itemSet>
<item name=”sametimeMeetingsServerUrl” value=”https://meetings.collaborationben.com&#8221; />
<item name=”widgetFilePath” value=”/communities/MeetingRoomsWidget/” />
<item name=”communitiesBaseUrl” value=”{communitiesSvcRef}”/>
</itemSet>
</widgetDef>
<widgetDef defId=”Members” primaryWidget=”false” modes=”view fullpage” showInPalette=”false” uniqueInstance=”true” url=”{webresourcesSvcRef}/web/lconn.comm/communityMembers/communityMembers.xml?etag={version}” helpLink=”{helpSvcRef}/topic/com.ibm.lotus.connections.communities.help/t_com_membership_view.html”>
<itemSet>
<item name=”membersPerPage” value=”12″/>
<item name=”membersPerPageFullPage” value=”16″/>
</itemSet>
</widgetDef>

proxy-config.tpl

Be mindful of the forward slash and star in the “policy url.” Also, if you follow the example in the knowledge center then wsadmin will error when you try to check the file in because the order is incorrect (unless they have updated the entry).

<!– BEGIN CUSTOMIZATIONS HERE –>
<proxy:policy url=”https://meetings.collaborationben.com/*&#8221; acf=”none”>
<proxy:actions>
<proxy:method>GET</proxy:method>
<proxy:method>HEAD</proxy:method>
<proxy:method>POST</proxy:method>
<proxy:method>PUT</proxy:method>
<proxy:method>DELETE</proxy:method>
</proxy:actions>
<proxy:headers>
<proxy:header>X-ST-CSRF-Token</proxy:header>
<proxy:header>User-Agent</proxy:header>
<proxy:header>Accept.*</proxy:header>
<proxy:header>Content.*</proxy:header>
<proxy:header>Authorization.*</proxy:header>
<proxy:header>If-.*</proxy:header>
<proxy:header>Pragma</proxy:header>
<proxy:header>Cache-Control</proxy:header>
<proxy:header>X-Update-Nonce</proxy:header>
<proxy:header>WWW-Authenticate.*</proxy:header>
<proxy:header>Access.*</proxy:header>
</proxy:headers>
<proxy:cookies>
<proxy:cookie>LtpaToken</proxy:cookie>
<proxy:cookie>LtpaToken2</proxy:cookie>
<proxy:cookie>JSESSIONID</proxy:cookie>
</proxy:cookies>
</proxy:policy>

proxy-policy.dynamic

IBM suggested that I add this. I added the following entries early on in the course of the PMR to rule out AJAX proxy permissions. This may not be required but I haven’t tested it without it.

allow(“.*”, “.*”, “http\\:\\/\\/meetings\\.collaborationben\\.com\\/.*”);
allow(“.*”, “.*”, “https\\:\\/\\/meetings\\.collaborationben\\.com\\/.*”);

Creating a shared library

Don’t blindly copy and paste the contents of http://www-01.ibm.com/support/knowledgecenter/SSKTXQ_9.0.0/admin/install/inst_meet_rooms_widget_create_shared_lib.dita because in a previous step you unpacked the SDK files into different directories.

Error 412

The final error I got (after the 403) was a 412 error which is mentioned in the knowledge center and one that I came across in 4.5.

412 Failure to create a meeting room.
Possible cause:

The X-ST-CSRF-Token is invalid. Connections has set the HTTPONLY flag.

Workaround for error 412:
Note: Only implement this workaround if you understand its effects and consequences.

Log in to the WebSphere Integrated Solutions Console as the WebSphere administrator. (The URL ends with /ibm/console).
Click Servers > ServerTypes > WebSphere application servers.
Select the server you are working with.
In the Container settings section, click Web container settings > Web container.
In the Additional properties section, click Session management.
Click Enable cookies hyperlink.
Ensure that the Set session cookies to HTTPOnly to help prevent cross-site scripting attacks option is NOT selected.
Click Apply.
Resynchronize the nodes, and restart the WebSphere application server.

I disabled Set session cookies to HTTPOnly to help prevent cross-site scripting attacks for all the Connections applications servers, synced and restarted.

Testing

Since I only had the one community that had the widget applied to before the final changes I can’t say for sure they you will need to remove the widget and add it again or simply refresh it. You should experiment for yourselves and be mindful of any browser caching.

With this in mind, it should be working nicely for you.

2

View all

I have noticed that “view all” does nothing when clicked on it. I created six meeting rooms through the widget. The widget only shows five so I expected that it should take me to the “Meeting rooms” view where all rooms are shown. In Fiddler nothing is reported. I have asked the question of IBM.

Sametime Configuration Validator

I admit I was a bit late checking this out but I’m glad I finally took the time to install it. This Eclipse tool allows you to export data from your Community server such as sametime.ini, stconfig.nsf as well as the output from backupConfig.sh for the WebSphere components and check for configuration problems.

Like many of these tools the report makes suggestions as to possible configuration errors such as with LDAP which may not actually be a problem for a customer but does highlight potential problems and becomes invaluable if you are actually faced with problems highlighted in the report.

What I like about this tool is the fact that I can get a lot of data in one place and export it to pdf in a nice format. This replaces the need to delve in databases, text files and xmls and makes it easier to revert back to. Working for an IBM business partner I could see the benefit of using this to compliment a Sametime health check.

If you want to read more about it below are a selection of links that I found useful.

http://www-01.ibm.com/support/docview.wss?uid=swg27035839&aid=1

http://www-01.ibm.com/support/docview.wss?uid=swg27035839

http://www-10.lotus.com/ldd/stwiki.nsf/dx/Sametime_Configuration_Validator