Wednesday, 2 June 2010

Firewall Fun and Games with Lotus Connections 2.5.0.1

I've been seeing the following message in the browser: -

com.ibm.websphere.servlet.error.ServletErrorReport: CLFRQ0355E: It is not possible to retrieve the tab instance ID. An error occurred while getting the internal ID of the authenticated user from the session.

when I access the Homepage feature via a load balanced pair of HTTP servers.

I was also seeing the following exceptions in SystemOut.log: -

...
[02/06/10 12:06:52:498 BST] 0000007a WaltzSyncServ E com.ibm.lotus.connections.dashboard.service.core.internal.impl.WaltzSyncService getUserByLoginName CLFRQ0221E: Reference to directory services could not be retrieved.
...

...
com.ibm.lotus.connections.dashboard.common.core.exceptions.service.DboardInfraException: CLFRQ0221E: Reference to directory services could not be retrieved.
...

...
Caused by: com.ibm.connections.directory.services.exception.DSException: com.ibm.connections.directory.services.exception.DSOutOfServiceException: java.net.NoRouteToHostException: No route to host
...

...
Caused by: com.ibm.connections.directory.services.exception.DSOutOfServiceException: java.net.NoRouteToHostException: No route to host
...

...
[02/06/10 12:06:52:506 BST] 0000007a UserInfoFilte E com.ibm.lotus.connections.dashboard.web.webui.internal.filters.UserInfoFilter doFilter CLFRQ0341E: Could not retrieve details for the user with login ID: lcadmin due to an exception. The exception occurred when retrieving the details via Profiles Directory Service Extension: CLFRQ0221E: Reference to directory services could not be retrieved.
...

...
javax.servlet.ServletException: CLFRQ0341E: Could not retrieve details for the user with login ID: lcadmin due to an exception. The exception occurred when retrieving the details via Profiles Directory Service Extension: CLFRQ0221E: Reference to directory services could not be retrieved. 
...

Whilst this Technote: -


is interesting, it's not totally relevant in my scenario.

Similarly, this section of the Information Centre: -


is of some use: -

CLFRQ0221E: Reference to directory services could not be retrieved. It was not possible to access Lotus Connections directory services while running an administration configuration task.

• Verify that Lotus Connections directory service is installed correctly.
• Check that the LDAP server for the configuration is available (if you choose to use one).
• Verify that the database for the directory service has been installed correctly.

CLFRQ0341E: Could not retrieve details for the user with login ID: {0} due to an exception. The exception occurred when retrieving the details via Profiles Directory Service Extension: {1} Information about a user could not be retrieved from the directory service.

• Verify that Lotus Connections directory service is configured correctly.
• Check that the LDAP server for the configuration is available (if you choose to use one).
• Verify that the Home page database has been installed correctly.

again it didn't really help.

I *think* I have cracked the problem; it's my old friend IPTables again, this time blocking connections from the HTTP servers to the Connections servers ( each feature is deployed as a clustered pair of application servers, deployed across two physical nodes ).

In my use case, when I attempt to authenticate from Homepage ( listening on 9082 ), the request is sent, via HTTP ( no SSL here ) to Profiles, which listens on port 9088.

I've semi-proved this by attempting to connect from the HTTP server, via the TELNET command, to the respective ports on my Connections nodes: -

telnet connections1.demo.uk.ibm.com 9082

telnet connections1.demo.uk.ibm.com 9088

etc. where 9082 is the "real" port for Homepage and 9088 is the "real" port for Profiles.

Both commands fail with: -

telnet: Unable to connect to remote host: No route to host

which is kinda familiar.

I'm waiting for the firewall guru to fix this but ....

No comments: