Wednesday, 28 March 2012

Connections 101 is here … well, there actually

Gab Davis and Paul Mooney have launched this new site - http://www.connections101.net/ - to provide a useful launchpad to an IBM Connections deployment.

Gab and Paul explain it best here: -

This is a joint post by Paul and Gab…   As posted here a few weeks ago and due to the feedback from the community and IBM, we have decided to go live with an education site dedicated to IBM connections software.  So… (drum roll), www.connections101.net is now up.  To start, we are going to take you through our steps and tips on how to install a pilot connections deployment.  This may take some time, but we will get there.  As we are finding our feet, the site may change a bit over the coming weeks, but as ever, we focus on content.

Great work, folks, keep it up.

IBM Connections 3.0.1.1 Administration Command: Preview commands for synchronizing user data

Saw this Technote earlier today, and thought it worth sharing: -

(Q)

Improvements in version 3.0.1.1 include preview commands for user data synchronization that shows you what the synchronization command would do if you ran it. For example, the FilesMemberService.previewSyncAllMemberByExtId command generates a log showing what the FilesMemberService.syncAllMemberByExtId command would do if you ran it.

(A)

Many of the synchronization commands have a matching "preview" command that shows you what the synchronization command would do if you ran it. For example, the FilesMemberService.previewSyncAllMemberByExtId command generates a log showing what the FilesMemberService.syncAllMemberByExtId command would do if you ran it.

You should run preview versions of commands before running the actual commands. When you are sure the command will do what you want, run the actual command.

Tuesday, 27 March 2012

How to serve static files from both IBM HTTP Server and an application in WebSphere Application Server

Saw this Technote in my Twitter river of news earlier : -

Q:

How can I configure IBM HTTP Server (IHS), and the IBM web server Plug-in, and my web application running in WebSphere Application Server (WAS), to serve some of my static files (JPG, GIF, CSS, JS, etc) from the IHS web server, but serve other static files from my web app running in WAS?

A:

If you want to serve any static files (JPG, GIF, CSS, JS, etc) from your web application in WAS, you must use fileServingEnabled="true" in the ibm-web-ext.xmi file. That will cause the plug-in to use a wildcard entry for the context-root of your web application. For example, if the context-root is "myapp", then there will be a URI entry for "/myapp/*" in the plug-in config, and everything starting with "myapp" will be routed to the application in WAS.

Want to know more ? Then you know what to do ….

Sunday, 25 March 2012

IBM Connections 3.0.1.x - March Mobile Update

Following on from my previous post, a new Mobile Update was released on March 22: -

3.0.1.0-IC-Multi-Mobile-IFLO67638

March 2012 mobile update. This update is cumulative and includes changes from previous mobile updates. Please use the latest Update Installer for IBM Connections published to Fix Central to apply this fix.

Thanks to Kieran for sharing this with me ….


Friday, 23 March 2012

IBM Tivoli Directory Integrator solutions for IBM Connections real-world scenarios

Thanks to Sonia and Lorraine for sharing this via Twitter 

The intent of this article is to give you an insight into the real-world scenarios occurring with IBM® Connections 3.0.1 with respect to IBM Tivoli® Directory Integrator (TDI) scripts and user population. It is assumed that the reader is familiar with basic concepts of TDI and its corresponding usage in IBM Connections Profiles population activity. 

For details on setting up TDI and IBM Connections 3.0.1, refer to the IBM Connections 3.0.1 product documentation topic, "Configuring Tivoli Directory Integrator." 

• 1 Introduction
• 2 Scenarios
• 2.1 Populating users from a Domino group
• 2.2 Populating users from multiple directories
• 2.3 Loading photos from files with inconsistent data
• 2.4 Population fails for secured connections to LDAP cluster
• 3 Conclusion
• 4 Resources
• 5 About the author

What's even better is that the author is an acquaintance of mine, Chirag Barhate, from the ISSC team in India - he and attended the IBM Connections 2.5 boot camp in Littleton in early 2010 :-)


IBM WebSphere Portal Unified Task List Portlet version 5.0

The IBM WebSphere Portal Unified Task List Portlet version 5.0 for WebSphere Portal 7.0 aggregates tasks and activities from multiple systems into a single user interface. WebSphere Portal 7.0 users access the Unified Task List portlet to view all tasks relevant to them. They can then complete these tasks using task processing portlets created with the included Unified Task List Business Process Support package for Web Experience Factory. The Unified Task List portlet in this release contains a task provider for WebSphere Process Server 6, WebSphere Process Server 7.0.0.4, IBM WebSphere Lombardi Edition 7.2, IBM Business Process Manager 7.5 and 7.5.1. Also Included are two Coach portlets for Lombardi and Business Process Manager Coach processing in Portal Server.

Want to know more ? Then go here to download it …...

Configuration Changes and Options introduced in WP/WCM V7.0.0.1 and 7.0.0.2 Combined Cumulative Fixes

To address some changes or updates in code, occasionally there are new options added that must be manually added or configured to use them.
This page provides a list of those changes delivered in the CFs and integrated into the fix pack.

For (much) more information, check out the Technote here.

IBM WebSphere Portal v7 - Upgrades and Best Practices

A useful Technote for upgrading to WP v7 is here.

Much of it is/should be self-explanatory, but it's always good to have a reminder. Remember, folks, if you don't write it down ….. it never happened :-)


Open Mic Webcast: Troubleshooting WebSphere Portal performance issues with Visual Configuration Explorer and the Health Center - 3 April 2012

Abstract

IBM will host an Open Mic webcast with Lotus Development and Support Engineers on 3 April 2012. The topic will be "Troubleshooting WebSphere Portal performance issues with Visual Configuration Explorer and the Health Center ."

Content

Date: 3 April 2012

Time: 11:00 AM EDT (15:00 UTC, or GMT -4), for 60 minutes

For dial-in information etc., please see this link …

The Visual Configuration Explorer (VCE) is not something that I've YET done much with: -

The IBM Visual Configuration Explorer (VCE) is a graphical tool that enables system administrators and developers to quickly and conveniently locate specific configuration properties, compare configurations at multiple levels, build graphical representations of configurations, and transfer configurations to other administrators, developers, and technical support professionals. VCE includes robust support for WebSphere and many other IBM software products. This forum enables the VCE user community to interact with each other and with the VCE development team on questions and issues related to the VCE product. Use this forum to better understand VCE, to debug problems, to make requests, and to get answers. This forum is monitored by VCE architects, developers, and testers.


IBM Sametime Proxy Server 8.5.2 - Integration with IBM Connections 3.0.1.1 and WebSphere Portal 7.0.02

This came into my inbox today: -

A fix is available on IBM Fix Central that provides support for IBM Sametime integration into IBM Connections 3.0.1.1 and IBM WebSphere Portal 7.0.0.2 using the Sametime Proxy Server 8.5.2 Interim Feature Release 1 (IFR 1). This fix also brings a number of enhancements and problem resolutions to the mobile Sametime client (both iOS and Android).

This fix provides the following enhancements to IBM Sametime Proxy Server 8.5.2 Interim Feature Release 1 (IFR 1):

Support for IBM Connections 3.0.1.1

With this fix installed, it is possible to integrate Connections 3.0.1.1 with Sametime 8.5.2 IFR 1.

Support for IBM WebSphere Portal 7.0.0.2

With this fix installed, it is possible to integrate Portal 7.0.0.2 with Sametime 8.5.2 IFR 1. Note that this integration is possible only when using the new Page Builder theme.

IBM Sametime native mobile (iOS and Android) clients improvements

With this fix installed, the user experience for users of the mobile native Sametime clients has been improved in the following ways:

• If a picture cannot be sent to an iOS Sametime native client user, then an error message is now displayed to the sender.
• An issue where the sender of a message to an iOS Sametime native client showed as question marks (?) in the notification has been resolved.
• The notification that a chat partner is a mobile native client user has now been made optional. Refer to the "Additional instructions" section below for steps to enable this notification.

The Technote with download and installation information is here.

Thursday, 22 March 2012

Kerberos Troubleshooting

This comes from a colleague of mine, with whom I've worked on and off over the past few years.

As most people know, I've been doing and blogging lots of stuff about Kerberos recently, including a delivering a presentation at the WebSphere User Group yesterday.

Mike's done a great job of writing up some of the tools that one really needs to have in the kitbag, including klist.

Thanks, Mike, great job ……..

WUG 2012 - Desktop Single Sign-On in an Active Directory - My Presentation

After an excellent WebSphere User Group at IBM South Bank yesterday, I've uploaded my presentation to SlideShare here.

Here's the objectives slide: -

This presentation tells the story of a particular ISSC project – however, the story is relevant to many other clients, projects and requirements
  • Understand how to integrate WebSphere Application Server, and related products, with Active Directory
  • Understand how to implement desktop single sign-on with WebSphere Portal, IBM Web Content Manager, IBM Connections etc.
  • Share the lessons that we learned
  • Consider the next steps
and here's the client requirements / desired outcomes slide: -

Many of our clients use Active Directory as their main user authentication mechanism

 Requirement is generally to provide "seamless login" to WebSphere Portal and IBM Connections for those users who are authenticated to a Windows desktop

– User logs in to Windows desktop using AD credentials
– User accesses IBM software without providing further credentials (explicitly)
– Portal, Connections etc. recognizes the user and provides access to her personal resources

– But... we also need to consider mobile device authentication, and these aren't Windows desktops …

Hope the presentation is of use, please feel free to provide feedback, here on the blog or via SlideShare or in person.

Tuesday, 20 March 2012

All new Rational Automation Framework and Rational Build Forge - Streamline devops and simplify your build and deploy

This is something that's currently seriously floating my boat: -

Discover what's new in the all-new Rational Automation Framework solution with new pricing and packaging, and a host of new features, while Rational Build Forge marches on with a new release and significant enhancements. Rational's software delivery automation solutions have led the market in helping software delivery teams streamline their builds, and manage the configuration and deployment of applications to target middleware solutions.

as part of an IBM Connections / WebSphere Portal project.

As a matter of interest, Stuart McIntyre mentioned this on ThisWeekInLotus recently in the context of automating IBM Connections deployments. Serendipity ? I think so :-)

The MP3 is here and the transcript is here.

There's also a useful analyst report, covering Rational Build Forge and Rational Automation Framework (RAF),  entitled Demonstrated Benefits of Software Delivery Automation – an Analyst Study - here - it requires IBM registration, but that's not a bad thing.

WebSphere and Kerberos

I'm presenting on this subject at the WebSphere User Group at IBM South Bank tomorrow.

Will I see you there ? I hope so .....

However, the conversation around two-way forest-level transitive trust has come up on another project, so I was looking for a good definition of it in a WebSphere context.

This section of the WAS 7 Info Centre is definitely worth a read: -

The Kerberos authentication mechanism enables interoperability with other applications (such as .NET, DB2 and others) that support Kerberos authentication. It provides single sign on (SSO) end-to-end interoperable solutions and preserves the original requester identity.

Note: Security support for Kerberos as the authentication mechanism was added for WebSphere Application Server Version 7.0. Kerberos is a mature, flexible, open, and very secure network authentication protocol. Kerberos includes authentication, mutual authentication, message integrity and confidentiality and delegation features. You can enable Kerberos on the server side. Support is provided to enable the rich Java client to use the Kerberos token for authentication to the WebSphere Application Server.

Kerberos (KRB5) authentication mechanism support for security

and includes a useful set of links, including: -
  •     What is Kerberos?
  •     The benefits of having Kerberos as an authentication mechanism
  •     Kerberos authentication in a single Kerberos realm environment
  •     Kerberos authentication in a cross or trusted Kerberos realm environment
  •     Things to consider before setting up Kerberos as the authentication mechanism for WAS
  •     Support information for Kerberos authentication
  •     Setting up Kerberos as the authentication mechanism for WAS
  •     Setting up Kerberos as the authentication mechanism for the pure Java client

Saturday, 17 March 2012

Strange behaviour with CUSTOMIZATION and COMMUNITY databases in WebSphere Portal 7

I saw some strange behaviour with my WebSphere Portal 7.0.0.2 environment, after a migration from Derby to DB2 UDB.

This occurred AFTER I'd restarted WebSphere Portal, immediately following a successful database migration.

As I watched the SystemOut.log during the startup, I saw errors relating to the Customization and Community databases, including: -

...
3/17/12 8:21:26:235 GMT] 00000012 DataStoreCont E com.ibm.wps.datastore.impl.DataStoreContext handleException EJPDB0002E: Error occurred during database access.
                                 com.ibm.wps.datastore.domains.FFDCDomainUnavailableException: EJPDB0101E: Database domain [Domain: cust] is currently unavailable.
...
Caused by: com.ibm.websphere.ce.cm.StaleConnectionException: [jcc][t4][2057][11264][4.8.87] The application server rejected establishment of the connection.
An attempt was made to access a database, cust, which was either not found or does not support transactions. ERRORCODE=-4499, SQLSTATE=08004DSRA0010E: SQL State = 08004, Error Code = -4,499
...
Caused by: java.sql.SQLNonTransientException: [jcc][t4][2057][11264][4.8.87] The application server rejected establishment of the connection.
An attempt was made to access a database, cust, which was either not found or does not support transactions. ERRORCODE=-4499, SQLSTATE=08004DSRA0010E: SQL State = 08004, Error Code = -4,499
...
3/17/12 8:21:29:769 GMT] 00000012 DataStoreCont E com.ibm.wps.datastore.impl.DataStoreContext handleException EJPDB0002E: Error occurred during database access.
                                 com.ibm.wps.datastore.domains.FFDCDomainUnavailableException: EJPDB0101E: Database domain [Domain: comm] is currently unavailable.
 
Caused by: com.ibm.websphere.ce.cm.StaleConnectionException: [jcc][t4][2057][11264][4.8.87] The application server rejected establishment of the connection.
An attempt was made to access a database, comm, which was either not found or does not support transactions. ERRORCODE=-4499, SQLSTATE=08004DSRA0010E: SQL State = 08004, Error Code = -4,499
...
Caused by: java.sql.SQLNonTransientException: [jcc][t4][2057][11264][4.8.87] The application server rejected establishment of the connection.
An attempt was made to access a database, comm, which was either not found or does not support transactions. ERRORCODE=-4499, SQLSTATE=08004DSRA0010E: SQL State = 08004, Error Code = -4,499
...

The first thing I did was to log into the WAS Integrated Solutions Console ( https://portal.uk.ibm.com:10032/ibm/console ) and test the JDBC data source for Customization - wpdbDS_customization - which immediately failed with: -

The test connection operation failed for data source wpdbDS_community on server WebSphere_Portal at node portal with the following exception: java.sql.SQLNonTransientException: [jcc][t4][2030][11211][4.8.87] A communication error occurred during operations on the connection's underlying socket, socket input stream, or socket output stream. Error location: Reply.fill(). Message: Connection reset. ERRORCODE=-4499, SQLSTATE=08001DSRA0010E: SQL State = 08001, Error Code = -4,499.

with the corresponding error: -

...
[3/17/12 16:10:08:873 GMT] 0000002f DSConfigurati W   DSRA8201W: DataSource Configuration: DSRA8040I: Failed to connect to the DataSource.  Encountered java.sql.SQLNonTransientException: [jcc][t4][2030][11211][4.8.87] A communication error occurred during operations on the connection's underlying socket, socket input stream,
or socket output stream.  Error location: Reply.fill().  Message: Connection reset. ERRORCODE=-4499, SQLSTATE=08001DSRA0010E: SQL State = 08001, Error Code = -4,499.
java.sql.SQLNonTransientException: [jcc][t4][2030][11211][4.8.87] A communication error occurred during operations on the connection's underlying socket, socket input stream,
or socket output stream.  Error location: Reply.fill().  Message: Connection reset. ERRORCODE=-4499, SQLSTATE=08001DSRA0010E: SQL State = 08001, Error Code = -4,499

...

in SystemOut.log.

I repeated this test for the other WebSphere Portal-related data sources: -

wpdbDS_community
wpdbDS_feedback
wpdbDS_jcr
wpdbDS_likeminds
wpdbDS_release

and saw the same "The test connection operation failed..." for Community; the other four worked just fine.

Hmmm, I thought.

I then compared and contrasted the two offending data sources with the four that worked, and then checked the DB2 directory ( as user db2inst1 on the DB2 server ): -

$ db2 list db directory

 Database alias                       = FDBKDB
 Database alias                       = COMMUN
 Database alias                       = JCRDB
 Database alias                       = CUSTOM
 Database alias                       = LMDB
 Database alias                       = RELEASE

It didn't take me long to realise that, for some strange reason, the Database Transfer wizard had apparently mis-entered the database names for Customization and Community.

instead of being stored as CUSTOM and COMMUN respectively, they were actually stored as CUST and COMM, hence the problems.

Once I manually updated the data sources, the Test Connection button worked a treat.

Now to restart WebSphere Portal ....

Scripting the creation of the WebSphere Portal v7 databases

I'm following this Wiki article: -

Configure WebSphere Portal to use DB2

and these are the scripts that I'm using to create the databases via this command: -

$  db2 -tvf CreatePortalDB.sql

CreatePortalDB.sql

CREATE DB release using codeset UTF-8 territory us PAGESIZE 8192;
UPDATE DB CFG FOR release USING applheapsz 4096;
UPDATE DB CFG FOR release USING app_ctl_heap_sz 1024;
UPDATE DB CFG FOR release USING stmtheap 32768;
UPDATE DB CFG FOR release USING dbheap 2400;
UPDATE DB CFG FOR release USING locklist 1000;
UPDATE DB CFG FOR release USING logfilsiz 4000;
UPDATE DB CFG FOR release USING logprimary 12;
UPDATE DB CFG FOR release USING logsecond 20;
UPDATE DB CFG FOR release USING logbufsz 32;
UPDATE DB CFG FOR release USING avg_appls 5;
UPDATE DB CFG FOR release USING locktimeout 30;
UPDATE DB CFG FOR release using AUTO_MAINT off;


CREATE DB commun using codeset UTF-8 territory us PAGESIZE 8192;
UPDATE DB CFG FOR commun USING applheapsz 4096;
UPDATE DB CFG FOR commun USING app_ctl_heap_sz 1024;
UPDATE DB CFG FOR commun USING stmtheap 32768;
UPDATE DB CFG FOR commun USING dbheap 2400;
UPDATE DB CFG FOR commun USING locklist 1000;
UPDATE DB CFG FOR commun USING logfilsiz 4000;
UPDATE DB CFG FOR commun USING logprimary 12;
UPDATE DB CFG FOR commun USING logsecond 20;
UPDATE DB CFG FOR commun USING logbufsz 32;
UPDATE DB CFG FOR commun USING avg_appls 5;
UPDATE DB CFG FOR commun USING locktimeout 30;
UPDATE DB CFG FOR commun using AUTO_MAINT off;

CREATE DB custom using codeset UTF-8 territory us PAGESIZE 8192;
UPDATE DB CFG FOR custom USING applheapsz 4096;
UPDATE DB CFG FOR custom USING app_ctl_heap_sz 1024;
UPDATE DB CFG FOR custom USING stmtheap 32768;
UPDATE DB CFG FOR custom USING dbheap 2400;
UPDATE DB CFG FOR custom USING locklist 1000;
UPDATE DB CFG FOR custom USING logfilsiz 4000;
UPDATE DB CFG FOR custom USING logprimary 12;
UPDATE DB CFG FOR custom USING logsecond 20;
UPDATE DB CFG FOR custom USING logbufsz 32;
UPDATE DB CFG FOR custom USING avg_appls 5;
UPDATE DB CFG FOR custom USING locktimeout 30;
UPDATE DB CFG FOR custom using AUTO_MAINT off;


CREATE DB jcrdb using codeset UTF-8 territory us PAGESIZE 8192;
UPDATE DB CFG FOR jcrdb USING applheapsz 4096;
UPDATE DB CFG FOR jcrdb USING app_ctl_heap_sz 1024;
UPDATE DB CFG FOR jcrdb USING stmtheap 32768;
UPDATE DB CFG FOR jcrdb USING dbheap 2400;
UPDATE DB CFG FOR jcrdb USING locklist 1000;
UPDATE DB CFG FOR jcrdb USING logfilsiz 4000;
UPDATE DB CFG FOR jcrdb USING logprimary 12;
UPDATE DB CFG FOR jcrdb USING logsecond 20;
UPDATE DB CFG FOR jcrdb USING logbufsz 32;
UPDATE DB CFG FOR jcrdb USING avg_appls 5;
UPDATE DB CFG FOR jcrdb USING locktimeout 30;
UPDATE DB CFG FOR jcrdb using AUTO_MAINT off;


CREATE DB fdbkdb using codeset UTF-8 territory us PAGESIZE 8192 ;
UPDATE DB CFG FOR fdbkdb USING applheapsz 4096;
UPDATE DB CFG FOR fdbkdb USING app_ctl_heap_sz 1024;
UPDATE DB CFG FOR fdbkdb USING stmtheap 32768;
UPDATE DB CFG FOR fdbkdb USING dbheap 2400;
UPDATE DB CFG FOR fdbkdb USING locklist 1000;
UPDATE DB CFG FOR fdbkdb USING logfilsiz 4000;
UPDATE DB CFG FOR fdbkdb USING logprimary 12;
UPDATE DB CFG FOR fdbkdb USING logsecond 20;
UPDATE DB CFG FOR fdbkdb USING logbufsz 32;
UPDATE DB CFG FOR fdbkdb USING avg_appls 5;
UPDATE DB CFG FOR fdbkdb USING locktimeout 30;
UPDATE DB CFG FOR fdbkdb using AUTO_MAINT off;


CREATE DB lmdb using codeset UTF-8 territory us PAGESIZE 8192;
UPDATE DB CFG FOR lmdb USING applheapsz 4096;
UPDATE DB CFG FOR lmdb USING app_ctl_heap_sz 1024;
UPDATE DB CFG FOR lmdb USING stmtheap 32768;
UPDATE DB CFG FOR lmdb USING dbheap 2400;
UPDATE DB CFG FOR lmdb USING locklist 1000;
UPDATE DB CFG FOR lmdb USING logfilsiz 4000;
UPDATE DB CFG FOR lmdb USING logprimary 12;
UPDATE DB CFG FOR lmdb USING logsecond 20;
UPDATE DB CFG FOR lmdb USING logbufsz 32;
UPDATE DB CFG FOR lmdb USING avg_appls 5;
UPDATE DB CFG FOR lmdb USING locktimeout 30;
UPDATE DB CFG FOR lmdb using AUTO_MAINT off;


and then tune the JCR database as follows: -


$  db2 -tvf TuneJcrDB.sql

TuneJcrDB.sql



CONNECT TO jcrdb;
CREATE BUFFERPOOL ICMLSFREQBP4 SIZE 1000 PAGESIZE 4 K;
CREATE BUFFERPOOL ICMLSVOLATILEBP4 SIZE 8000 PAGESIZE 4 K;
CREATE BUFFERPOOL ICMLSMAINBP32 SIZE 8000 PAGESIZE 32 K;
CREATE BUFFERPOOL CMBMAIN4 SIZE 1000 PAGESIZE 4 K;
CREATE REGULAR TABLESPACE ICMLFQ32 PAGESIZE 32 K MANAGED BY SYSTEM USING ('ICMLFQ32') BUFFERPOOL ICMLSMAINBP32;
CREATE REGULAR TABLESPACE ICMLNF32 PAGESIZE 32 K MANAGED BY SYSTEM USING ('ICMLNF32') BUFFERPOOL ICMLSMAINBP32;
CREATE REGULAR TABLESPACE ICMVFQ04 PAGESIZE 4 K MANAGED BY SYSTEM USING ('ICMVFQ04') BUFFERPOOL ICMLSVOLATILEBP4;
CREATE REGULAR TABLESPACE ICMSFQ04 PAGESIZE 4 K MANAGED BY SYSTEM USING ('ICMSFQ04') BUFFERPOOL ICMLSFREQBP4;
CREATE REGULAR TABLESPACE CMBINV04 PAGESIZE 4 K MANAGED BY SYSTEM USING ('CMBINV04') BUFFERPOOL CMBMAIN4;
CREATE SYSTEM TEMPORARY TABLESPACE ICMLSSYSTSPACE32 PAGESIZE 32 K MANAGED BY SYSTEM USING ('icmlssystspace32') BUFFERPOOL ICMLSMAINBP32;
CREATE SYSTEM TEMPORARY TABLESPACE ICMLSSYSTSPACE4 PAGESIZE 4 K MANAGED BY SYSTEM USING ('icmlssystspace4') BUFFERPOOL ICMLSVOLATILEBP4;


Note that the scripts are "purely" text files, created using vi, gedit, Notepad, TextEdit etc.

The important thing to note is that the Wiki article assumes that you're running the commands interactively, hence the prefix of: -

db2 "

As we're running this "in batch", there's no need to do that.

In addition, the suffix of: -

;

is the default line terminator for the DB2 command-line interface (CLI). Other terminators are available ......

For more information about the terminator and the db2 -tvf command, please see this post. 



I'll be back ....... :-)

WebSphere Portal -> DB2 UDB - It's The Firewall, Stupid :-)

I saw this error: -



and: -

Attempting to connect to database: jdbc:db2://db2.uk.ibm.com:60000/release:returnAlias=0; using com.ibm.db2.jcc.DB2Driver, db2inst1, PASSWORD_REMOVED
Level.SEVERE, Error Connecting db
com.ibm.db2.jcc.am.ro: [jcc][t4][2043][11550][4.8.87] Exception java.net.NoRouteToHostException: Error opening socket to server db2.uk.ibm.com/192.168.1.73 on port 60,000 with message: No route to host. ERRORCODE=-4499, SQLSTATE=08001
99
RETURN_CODE_FOR_THIS_TASK: 99

in: -

/opt/IBM/WebSphere/wp_profile/ConfigEngine/log/configwizard.log

whilst trying to hook my newly minted WebSphere Portal 7 instance up to another VM ( VirtualBox on CentOS ) running DB2 UDB.

Having already checked that DB2 was listening on port 60,000: -

$ tail /etc/services

blp5            48129/udp               # Bloomberg locator
com-bardac-dw   48556/tcp               # com-bardac-dw
com-bardac-dw   48556/udp               # com-bardac-dw
iqobject        48619/tcp               # iqobject
iqobject        48619/udp               # iqobject
DB2_db2inst1    60000/tcp
DB2_db2inst1_1    60001/tcp
DB2_db2inst1_2    60002/tcp
DB2_db2inst1_END    60003/tcp
db2c_db2inst1    50001/tcp


$ netstat -aon | grep LISTEN

tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      off (0.00/0/0)
tcp        0      0 0.0.0.0:6000                0.0.0.0:*                   LISTEN      off (0.00/0/0)
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      off (0.00/0/0)
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      off (0.00/0/0)
tcp        0      0 0.0.0.0:48248               0.0.0.0:*                   LISTEN      off (0.00/0/0)
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      off (0.00/0/0)
tcp        0      0 0.0.0.0:60000               0.0.0.0:*                   LISTEN      off (0.00/0/0)
tcp        0      0 :::111                      :::*                        LISTEN      off (0.00/0/0)
tcp        0      0 :::6000                     :::*                        LISTEN      off (0.00/0/0)


I knew that DB2 was up and running and listening.

I conducted another basic test with Telnet: -

$ telnet db2.uk.ibm.com 60000

Trying 192.168.1.73...
telnet: connect to address 192.168.1.73: No route to host

At this point, I thought ..... "Ah ha, what about the firewall?"

I went to the DB2 box, and ran the firewall configuration programme: -

$ /usr/bin/python /usr/bin/system-config-firewall

and, lo and behold, we have: -



Now this is a demo environment, so the firewall is superfluous to my requirements.

I disabled it ... and now my TELNET test works: -

$ telnet db2.uk.ibm.com 60000

Trying 192.168.1.73...
Connected to db2.uk.ibm.com.
Escape character is '^]'.
^]quit

telnet> quit
Connection closed.

Job done, case closed, back to work :-)

Installing DB2 UDB 9.7 on CentOS Linux 6.2

More notes from the field ....

This time I'm installing DB2 UDB as a precursor for an IBM Connections and WebSphere Portal deployment.

I've unpacked DB2 as follows: -

$ cd /tmp
$ tar xvf /media/LenovoExternal/Products/DB297/db297linux64.tar

and then commenced the installation: -

$ ./db2setup

WARNING:
   The 32 bit library file libstdc++.so.6 is not found on the system.
   32-bit applications may be affected. 
DBI1190I  db2setup is preparing the DB2 Setup wizard which will guide
      you through the program setup process. Please wait.

Noting the WARNING re libstdc++, I've opened a new terminal window, and run: -

$ yum install libstdc++.so.6

which ties up with my other experiences of IBM software on CentOS: -

http://portal2portal.blogspot.co.uk/search?q=centos

Other than that, the DB2 installation has completed successfully.

I've then "logged in" as the DB2 instance owner - db2inst1: -

$ su - db2inst1

and attempted to create the sample database: -

$ db2sampl

  Creating database "SAMPLE"...
  Attempt to create the database "SAMPLE" failed.
  SQL0970N  The system attempted to write to a read-only file.  SQLSTATE=55009

  'db2sampl' processing complete.

Again I've seen this before: -

http://portal2portal.blogspot.co.uk/2009/06/sql0970n-when-running-db2sampl-on-unix.html

As before, look at the permissions for /tmp: -

$ ls -al /

drwxrwxr-x.  17 185101 330209  4096 Mar 17 04:24 tmp

and then change them: -

$ chmod 777 /tmp

Look again ...

$ ls -al /

drwxrwxrwx.  18 185101 330209  4096 Mar 17 04:25 tmp

$ db2sampl

  Creating database "SAMPLE"...
  Connecting to database "SAMPLE"...
  Creating tables and data in schema "DB2INST1"...
  Creating tables with XML columns and XML data in schema "DB2INST1"...

  'db2sampl' processing complete.

Job done :-)

Friday, 16 March 2012

IBM Connections 3.0.1.1 - We have a fix list ....

This document lists the fixed APARs included in IBM Connections 3.0.1 Fix Pack 1 (3.0.1.1). 


which is nice - and well overdue :-)

My System Is Smarter Than Your System ...

This from Jerry Cuomo, IBM Fellow, VP, WebSphere Chief Technology Officer

These days, everywhere you turn, technology is finding its way into our lives. Sometimes it is overt and sometimes it is hidden. Smarts are in our cars, in our homes, in the traffic systems, even in our TVs (which is funny considering people sometimes think watching too much TV makes you dumb).

When you peer inside of the IT department of any big enterprise – there is no questioning the level of smarts that occupy the data center. Today's hardware is brilliant by comparison to the systems that used to occupy the racks 20-years ago. The capabilities of the enterprise hardware and software are amazing to say the least. And everywhere you turn – there are even smarter people who are highly skilled, master craftsmen. Walk through the café at lunch and you'll hear people paying their colleagues compliments like "John is the best DBA ever" or "If you want to fix that online commerce application, you have to call Suzy".

Want to know more ?

Then check out Jerry's blog post here ….


Resolving a "deadlock" issue with IBM HTTP Server

I did a silly thing this morning - I deleted the IHS log files whilst the web server was still running - IHS and, I guess, Apache, from whence IHS is derived, is really dependant upon it's Process ID ( PID ) file, as evidenced below: -

$ sudo /sbin/service ibmhttpd start

Starting IBM HTTP Server:                                  [  OK  ]

$ ls /opt/IBM/HTTPServer/logs

error_log.20120316  httpd.pid  siddport

$ rm -Rf *

$ sudo /sbin/service ibmhttpd stop

Stopping IBM HTTP Server: httpd (no pid file) not running 
                                                           [  OK  ]

$ sudo /sbin/service ibmhttpd start

Starting IBM HTTP Server: (98)Address already in use: make_sock: could not bind to address [::]:80 
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80 
no listening sockets available, shutting down 
Unable to open logs 
                                                           [FAILED]

so now we have the "deadlock" - I can't stop OR start IHS …. but there is a hack solution

$ ps auxw | grep -i httpd

nobody    1227  0.0  0.0  66796  2876 ?        Sl   11:22   0:00 /opt/IBM/HTTPServer/bin/httpd -d /opt/IBM/HTTPServer -k start

ihsadmin  1940  0.0  0.0  61200   720 pts/0    S+   11:22   0:00 grep -i httpd 
root     32285  0.1  0.1  11392  7424 ?        Ss   11:21   0:00 /opt/IBM/HTTPServer/bin/httpd -d /opt/IBM/HTTPServer -k start

nobody   32292  0.0  0.0  11392  2792 ?        S    11:21   0:00 /opt/IBM/HTTPServer/bin/httpd -d /opt/IBM/HTTPServer -k start

nobody   32293  0.0  0.0  66924  4748 ?        Sl   11:21   0:00 /opt/IBM/HTTPServer/bin/httpd -d /opt/IBM/HTTPServer -k start

$ echo 32285 > /opt/IBM/HTTPServer/logs/httpd.pid

$ sudo /sbin/service ibmhttpd stop

Stopping IBM HTTP Server:                                  [  OK  ]

$ sudo /sbin/service ibmhttpd start

Starting IBM HTTP Server:                                  [  OK  ]

Seemples :-)

The Humax PVR and Me …. dia Streaming

I've blogged about the Hummy (!) before, as it's been a real pleasure to buy (!),set up and use.

Last week I acquired a WiFi adapter for it, so that I can choose to watch BBC iPlayer and YouTube on my telly … not something that I have a regular compelling requirement to do but ….

The more important reason that I took my TV wireless was to allow me to enable the Humax HDR-Fox T2 to work as a media streaming device, allowing me to watch recorded TV programmes on devices other than the TV.

It took roughly 1 minute to enable the streaming functionality on the Hummy - merely tell it to start acting as a Universal Plug n' Play (UPnP ) device.

Once I did this, I then had to work out how to get at the media.

I started, on the Mac, by downloading and installing the XBMC client - this took a matter of seconds, and gives me a very very compelling interface that initially only showed the media on the iPad, including WALL-E which I'd previously recorded and exported onto a USB hard disk.

However, within a few seconds, XBMC searched for, and found, the Humax, and I was in the game.

"I feel the need, the need for speed "

Yep, the first thing I streamed to the Mac was one of my old-school all-time favourite films, Top Gun. Yes, I know, but …..

I then decided to go to the next level, and find a way to access the Humax from the iPad 2.

I looked again at XBMC, but their client is NOT in the App Store, and requires me to "jail break" the device - almost certainly a fine thing to do, but not for me, thanks.

I tried a few more apps. and settled on media:connect for DLNA and UPnP media streaming - the free version is good enough to play the first three media files in a folder - I played a few songs from the iTunes library on the iPad ( I guess I could've done the same from the Mac, but I already have iTunes Sharing and the Remote app installed ).

Again, within a few seconds, the media:connect app had found the Humax, and I was playing media from there - this time it was Inspector Montalbano, all the way from Sicily.

I will almost certainly invest nearly £3 of my money for this app, having spent £250 on the Humax and £400 on the iPad, it seems like a fairly simple investment :-)

More to come, I'm sure ….

You Are Entitled …. to IBM Software

One of my colleagues pointed out that the IBM "You Are Entitled!" workshops are coming to Manchester, Edinburgh and London later this month: -

Wouldn't it be great if we were entitled to more with our investments? Find out about what additional software you may be entitled to as part of your existing IBM Collaboration Solutions license subscription, and delve into the latest and greatest version of IBM Lotus Notes/Domino, IBM Connections and IBM Portal.


Hope to see you there.

IBM Web Experience Factory - Always More To Look At … And a new version :-)

A useful set of resources, including: -


New features and enhancement in this release include:

• Support for the latest IBM WebSphere Portal Beta
• Support for a client-side mobile web UI architecture, for performance and scalability benefits - see link below for more details on this feature
• Automated support for Dojo Mobile, for an enhanced user experience on mobile devices
• Enhancements to the Web Experience Factory Designer IDE and developer tools, for improved productivity
• Support for the latest IBM software, to ensure simplified deployment and compatibility
• CMIS (Content Management Interoperability Services) builder, for integration with content management systems such as Filenet and Sharepoint 2010


The attachment below contains samples files for use with a lab on creating mobile/multi-channel web applications with Web Experience Factory.


IBM® Web Experience Factory (formerly WebSphere® Portlet Factory) is a powerful and flexible development tool that allows developers to rapidly build, customize, and deploy portlets to IBM WebSphere Portal. As a user navigates across various portal pages, WebSphere Portal server maintains the current state of the Web Experience Factory portlets and caches their view state.

Returning users might come to a previously visited page, either using portal page navigation from the theme or through wiring, links from other portlets, or through some other navigation mechanism. When users return to a previously visited page, they are presented with a cached view of the portlet.

Each portlet's state is independently maintained by WebSphere Portal so that, when a user navigates away from a portal page and then later returns, the portlet's state is persisted across page views. This is the default WebSphere Portal and Web Experience Factory behavior, and the cached view for the various portlets is cleared only when the user logs out and logs back in. 

In some cases, however, a portlet project may present the developer with a requirement to consistently display a Web Experience Factory portlet, using a page view that reflects a portlet's initial visual state. For these use cases, it is desirable to override the default WebSphere Portal and Web Experience Factory behavior by displaying portlet page views that ignore the portlet's cached state.

This article explains the detailed steps to achieve this scenario in a Web Experience Factory portlet and briefly describes additional strategies to achieve a similar outcome, using a sample solution to guide you through these steps.


Thursday, 15 March 2012

Tuning and Troubleshooting IBM WebSphere Security

This came up on my Twitter "River O'News" this morning from @packtpub, and looks worthy of a re-post

It is not uncommon to run into issues when global security is first enabled in a WebSphere environment. Some of those situations may occur due to performing tasks out of order. Other problematic conditions related to security configuration may take place due to inadvertently omitting one or more steps in a set up process. Moreover, a third category of errors that may happen due to security configuration is caused by using the wrong values to one or more parameters.


This article by Omar Siliceo, author of IBM WebSphere Application Server v7.0 Security, briefly describes tuning in three major areas:
  • General security configuration
  • CSIv2 connectivity
  • LDAP and Web authentication

In this article we will be presented by a set of some conditions that may appear in a WebSphere Application Server ND version 7 (WAS ND7) when global security is first enabled. The first subsection covers circumstances that may come about during the configuration phase. Next, a subsection is included that presents circumstances that may happen at runtime.

Wednesday, 14 March 2012

Using Oracle VM VirtualBox to run Linux on Linux ....

Following on from my previous thread, I wanted to install the VirtualBox equivalent of VMware Tools, which Oracle call VBox Additions.

This requires one to mount a virtual CD image - VBOXADDITIONS_4.1.8_75467.

From this, one executes a binary: -

$ ./VBoxLinuxAdditions.run

This immediately failed: -

Building the main Guest Additions module [FAILED]
[Look at /var/log/vboxadd-install.log to find out what went wrong]

To cut a long story short, I was missing the Linux development tools, including gcc, make and the Kernel development tools.

I fixed this as follows: -

$ sudo yum install gcc
$ sudo yum install make
$ sudo yum install kernel-devel-2.6.32-220.el6.x86_64

Once I did this, the VBox Additions installed nicely, and I'm back in the game ...

Mountain mounting problems with Oracle VM VirtualBox on CentOS

I'm making more use of VirtualBox as a "free" virtualization tool on Linux, working alongside VMware Fusion that I use on the Mac.

My host OS is CentOS 6.2, and I'm using VirtualBox 4.1.8.

Having happily created VMs containing Windows Server 2003 R2 and Red Hat Enterprise Linux 5.5, I wanted to create a third VM running .... CentOS 6.2.

I went through the usual process to create the VM, and then added a new virtual CD/DVD drive to connect to the ISO that contains CentOS: -

CentOS-6.2-x86_64-LiveCD.iso

Sadly, however, VirtualBox through up a really useful ( NOT ) error message: -


Failed to open the CD/DVD image /media/LenovoExternal/Products/CentOS/CentOS-6.2-x86_64-LiveCD.iso.

The medium '/media/LenovoExternal/Products/CentOS/CentOS-6.2-x86_64-LiveCD.iso' can't be used as the requested device type.

Result Code: NS_ERROR_FAILURE (0x80004005)
Component: Medium
Interface: IMedium {53f9cc0c-e0fd-40a5-a404-a7a5272082cd}
Callee: IVirtualBox {c28be65f-1a8f-43b4-81f1-eb60cb516e66}


I did some digging around, but couldn't see anything obvious - I even tried re-running the setup script: -

$ sudo /etc/init.d/vboxdrv setup

but to no avail.

Knowing that this process had worked with other ISOs ( for W2K3 and RHEL ), I was pretty sure that the problem was with the ISO, rather than with VirtualBox.

I checked the permissions that I had to the ISO: -

$ ls -al /media/LenovoExternal/Products/CentOS/

total 714752
drwxr-xr-x. 1 nobody nobody         3 Jan 28 15:57 .
drwxrwxrwx. 1   1000   1000        63 Jan 28 15:57 ..
-rw-r-----. 1 nobody nobody 731906048 Dec 16 06:07 CentOS-6.2-x86_64-LiveCD.iso


I then compared this against the ISO for RHEL: -

$ ls -al /media/LenovoExternal/Products/RHEL/

total 6621424
drwxrwxrwx. 1 1000 1000          4 May 26  2010 .
drwxrwxrwx. 1 1000 1000         63 Jan 28 15:57 ..
-rwxrwxrwx. 1 1000 1000 3076845568 Jun 21  2009 RHEL5.2-Server-20080430.0-i386-DVD.iso
-rwxrwxrwx. 1 1000 1000 3703490560 May 25  2010 RHEL5.5-Server-20100322.0-x86_64-DVD.iso


Notice the difference ?

Yep, you guessed it - the permissions to the CentOS ISO were too restrictive e.g. the user that I'm running VirtualBox as - hayd - did not have access to the ISO.

I changed this as follows: -

$ chmod a+r CentOS-6.2-x86_64-LiveCD.iso

and VirtualBox popped into life.

Simple, now if only the VB message had been a BIT more revealing .....

IBM Connections 3.X - No need to use Xsoftrefthreshold16 any longer ...

I've been looking at our IBM Connections 3.0.1 environment, specifically focusing on the DEVELOPMENT server, as I was implementing CA Wily Introscope as part of a monitoring and diagnosis regime.

Introscope requires that we set some JVM parameters in order that the relevant Wily classes be loaded.

Whilst I was configuring the JVM for the WAS instance that hosts the Profiles cluster, I noticed that the parameter: -

-Xsoftrefthreshold16

had been set: -

….
   <jvmEntries xmi:id="JavaVirtualMachine_1312972602953" verboseModeClass="false" verboseModeGarbageCollection="false" verboseModeJNI="false" maximumHeapSize="2506" runHProf="false" hprofArguments="" debugMode="false" debugArgs="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=7777" genericJvmArguments="-Xgcpolicy:gencon -Djava.awt.headless=true -javaagent:/opt/IBM/WebSphere/wily/Agent.jar-Xsoftrefthreshold16" executableJarFileName="" disableJIT="false">
….


This parameter is referenced in the LC2.5 Tuning Guide and your JMP205 Lotus Connections Deployment Best Practices guide.

However, I was wondering whether we still needed it with Connections 3.0.1.

So I checked with my colleagues in the IC Development labs ….

… and the answer is "No, this parameter is no longer required or recommended".

Out it  comes ……..

And finally ….. Bluetooth ....

(1) Hold down the [Alt] key

(2) Click this: -

 

(3) See this: -


I'm going to stop now, and do some work :-)

And there's more - looking at the sound preferences on OSX using the "hidden" menu ...

Hot on the back of my previous two posts: -


More hidden secrets in OSX - battery strength indicator ...

I've just "discovered" another one.
If you hold down the [Alt] key and click on the sound/volume icon   you get this: -


which is very very useful, especially to me with an external Plantronics CS-60 USB/DECT headset.

IBM Collaboration Solutions - WW Partner Demo Community

One of our partners drew my attention to this Community out on the IBM Greenhouse: -

This community is used by the ICS team at IBM to provide information to our business partners WW. It's also meant to be a platform for partners to be able to share best practices, provide feedback, and share information with IBM, and among the partner community.

This community is your community. Please make the most of it, feel free to download the presentations/material you find relevant to your projects, use the IBM Connections social feature to provide recommendations, and leave feedback.

Feel also free to use the Forum capabilities in the community to get the conversation going between you and the IBM team, and more importantly among yourselves. We look forward working closely with all of you to push the use and adoption of our Messaging, Portal and Social collaboration offerings in the region.

It includes useful content such as: -
  • ICS Integrated Demo Setup Guide

  • ICS Integrated Demo Images - User IDs and URLs

  • How to Download Demo Images

  • Demo Visuals - what does this demo look like?

  • ICS Integrated Demo related questions

  • Share your Demo stories/scripts/experiences ?

  • IBM Lotus Notes 8.5.3 and IBM Connections Demo ( Flash File )

  • Portal and Sametime integration

  • Portal and iNotes integration

  • Portal and Connections integration

  • Portal and Quickr integration
and it's definitely worth a look / bookmark: -


You will need a Greenhouse account to get full benefit from the Community, but the self-registration process is nice and simple, and is here.

Tuesday, 13 March 2012

More hidden secrets in OSX - battery strength indicator ...

Picking up on my previous blog post about the hidden signal strength indicator, as if by magic, whilst listening to the most recent @BritishTechMac podcast, I heard Gazmaz mention a similar tip for the battery health indicator on OSX 

As with the WiFi signal strength indicator, hold down the [Alt] key as you click on the Battery icon, and this is what you'll see 


Nice one, Gaz, thanks :-)




Monday, 12 March 2012

Mac OSX - Checking your WiFi signal strength

This came from a friend of mine, Mr Halman, and has solved a problem that's been bugging me for a very very long time.

Did you know that, on Apple  Mac OSX, holding down the [Alt] key whilst clicking on the  wireless link, then you can see the signal strength and other relevant characteristics of a WiFi network, as per the following example ...


Jonathan tells me that he found this from the book -  Mac Kung Fu - Over 300 Tips, Tricks, Hints, and Hacks for OS X Lion by Keir Thomas

After you've uncovered the basics in Lion, Mac Kung Fu is your next step. You'll learn how to master everyday tools such as the Dock, Spotlight, Mission Control, Launchpad, and Dashboard. You'll discover other amazingly useful tools and built-in add-ons that you never knew existed. You'll customize the OS X interface, refine your workflow, learn valuable security tricks, work better with photos, movies and documents, and test your Mac hardware. You'll wow friends with your insanely great Mac knowledge!

Mac Kung Fu details things even Mac Geniuses don't know. And why should they? Many of the tips in this book exploit settings or experimental features never officially made public.

Each tip in this unique book is deliberately short and readable, and you can dip in and out whenever you want. Most take less than a minute to complete, yet the results last for a lifetime of better computing.

Nice one, Keir
Nice one, Jon

:-)

Roll up, roll up, get your IBM Collaboration Solutions demos here ….

I was looking for a downloadable or on-line demo of IBM WebSphere Portal earlier, and ended up here at IBM developerWorks, where's there a whole slew of IBM product demos and trials, including: -

Live Demos
  • LotusLive Labs
  • Lotus Connections
  • Lotus Sametime
  • Lotus Quickr
  • Lotus iNotes
  • IBM Mashup Center
  • Lotus Forms Turbo
  • Lotus Notes Traveler
  • WebSphere® Portal
On-Demand Demos
  • What's New in IBM Lotus Domino Designer 8.5

  • XPages Components in the Notes 8.5.1 Client: Video Demonstrations

  • Creating a simple XPages application

  • Using XHTML on an XPage

  • Building a government mashup with IBM Mashup Center 2.0

  • Adding the Google Gadget widget to the mashup builder

  • Discover how LotusLive, the integrated social networking and online collaboration services, can help your business.

  • Lotus Foundations Overview

  • Introduction to Mashups

  • IBM Mashup Center

  • Lotus Web Content Management: Create Personalized Promotions
Some are old, all are good.

Worth checking out ….

Business Process Management For Dummies, IBM Limited Edition

Continuing to climb the learning curve, as IBM Business Process Management (BPM) has cropped up in a number of projects recently ….


In today's dynamic business environment, your organization needs to be ready to turn signals from the marketplace into strategic plays. BPM helps you quickly find and execute on missed opportunities trapped inside day-to-day operational processes. By unleashing the power of technology as a competitive advantage, your entire enterprise becomes far more agile, helping you meet your goals. BPM creates value through growth, improved performance, better productivity, higher staff effectiveness, and better customer service. Get your free copy of Business Process Management For Dummies, IBM Limited Edition today!

Click here for your copy …..

Friday, 9 March 2012

IBM Connections 3.0.1 Mobile Now Working

This popped up in my Twitter activity stream this morning



The Tweet takes us this thread: -



which links across to Tom Truitt's blog post: -


To make the iPad/iPhone/Android mobile client work for Connections, there's more required than just checkmarking the Mobile app when installing IBM Connections Applications.

Want to know more ? Then check out the blog post here….

*** UPDATE 12 March 2012 ***

One of my colleagues noticed that the original Mobile Update fix for IBM Connections had disappeared from Fix Central.

I checked with a colleague in the L2 team in Dublin: -

Quick question for you - do you happen to know whether  3.0.1.0-LC-Multi-MOBILE-CRLO63049 has been pulled and/or replaced by 3.0.1.0-IC-Multi-Mobile-IFLO64399 as the former no longer seems to available on Fix Central any longer ?

He replied saying: -


LO63049 is MOBILE AUGUST 2011 UPDATE FOR LC3.0.1 and has been replaced by
LO64399 which is SEPTEMBER 2011 MOBILE REFRESH.

Mobile fixes are cumulative so include all previously published fixes.


*** UPDATE 12 March 2012 ***


IBM Web Content Manager - Cluster Installation – setting WCM_HOST and WCM_PORT

Saw this on Graham Bucknell's blog this morning, and wanted to share it as it's something that has cropped up for me in the past

When you set up a WebSphere Portal cluster, the WCM_HOST and WCM_PORT environment variables need to be changed so they point to your webserver address. This is important for syndication. If you don't make this change, syndication will go through the individual node instead of the load balancing webserver. This is a problem if the individual node goes down – syndication will also stop too!

As you'd expect, Graham has the solution: -

This is easily remedied with a quick ConfigEngine script:

Want to know more ?

Then check out the post here 


Nice one, Graham, thanks for sharing ….

Wednesday, 7 March 2012

CWWIM4520E The 'javax.naming.ServiceUnavailableException - Fun and Games with WebSphere Application Server and Microsoft Active Directory

So I've seen two semi-related issues between WebSphere Application Server (WAS) 7 and Active Directory in the past 24 hours.

In the first instance, I saw: -

[06/03/12 17:00:58:130 GMT] 0000001a exception     E com.ibm.ws.wim.adapter.ldap.LdapConnection getDirContext CWWIM4520E  The 'javax.naming.ServiceUnavailableException: ldap_f5.server.ibm.com:636; socket closed' naming exception occurred during processing.

[06/03/12 17:00:58:131 GMT] 0000001a exception     E com.ibm.ws.wim.adapter.ldap.LdapConnection getDirContext 
                                 com.ibm.websphere.wim.exception.WIMSystemException: CWWIM4520E  The 'javax.naming.ServiceUnavailableException: ldap_f5.server.ibm.com:636; socket closed' naming exception occurred during processing.
...

This turned out to be due to a mis-configured load balancer ( Big IP F5 ) which wasn't "passing" traffic through to the back-end Active Directory domain controllers.

Once I changed WAS to use one of the DCs rather than the Big IP load-balanced hostname ( aka Virtual IP or VIP ), I then saw: -

...
[07/03/12 11:19:38:463 GMT] 0000002a ServerCache   I   DYNA1071I: The cache provider "default" is being used. 
[07/03/12 11:19:38:655 GMT] 0000002a exception     E com.ibm.ws.wim.adapter.ldap.LdapConnection getDirContext CWWIM4520E  The 'javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 775, vece^@]; Resolved object: 'com.sun.jndi.ldap.LdapCtx@4ae04ae0'' naming exception occurred during processing.

[07/03/12 11:19:38:657 GMT] 0000002a exception     E com.ibm.ws.wim.adapter.ldap.LdapConnection getDirContext 
                                 com.ibm.websphere.wim.exception.WIMSystemException: CWWIM4520E  The 'javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 775, vece\u0000]; Resolved object: 'com.sun.jndi.ldap.LdapCtx@4ae04ae0'' naming exception occurred during processing.
...

Thanks to this Technote: -


I fairly quickly discovered that the problem was: -

...
The AD-specific error code is the one after "data" and before "vece" or "v893" in the actual error string returned to the binding process

525 user not found
52e invalid credentials
530 not permitted to logon at this time
531 not permitted to logon at this workstation
532 password expired
533 account disabled
701 account expired
773 user must reset password
775 user account locked

e.g. that the so-called service account that we're using to bind to the Domain Controller had been locked.

My AD specialist confirmed this, and unlocked the account …..

Job done :-)

Performance management tools for IBM WebSphere Portal

A link to this article popped into my inbox this morning, thanks to a weekly newsletter that summarises the support position for IBM WebSphere Portal and IBM Web Content Manager

This article describes the tools and how they were used to evaluate an IBM® WebSphere® Portal 7.0 performance and/or problem determination issue during a recent engagement at a customer site.

The list of tools addressed here is not complete; specifically, it does not include well known commercial tools used in many environments for load testing, such as CA Wily Introscope, IBM ITCAM, and HP LoadRunner. Instead, the tools we will discuss are a supplement to the customer-supplied tools. The process of performance management is complex and beyond the scope of this document.


This has specific relevance to me as my project is about to implement CA Wily Introscope and IBM Tivoli Composite Application Manager to monitor WebSphere Application Server ( underlying WebSphere Portal, IBM Web Content Manager and IBM Connections ) and DB2 UDB respectively.

Will be having a good read …..

Sunday, 4 March 2012

Blue Screen of Death … well almost

Yesterday I took delivery of a Humax HDR-FOX T2 device; this is a so-called Personal Video Recorder (PVR), which is somewhat anacrhonistic - a Hard Disk Recorder is, perhaps, a better name, hence the model name :-)

The Humax ( also known as a Hummy ) contains a pair of Freeview HD tuners, allowing me to record two different Freeview digital TV channels at the same time, which is rather useful.

There were a number of reasons for the purchase, including the fact that the Humax devices were listed as Best Buys by Which? a wee while back.

As an example, the Humax can connect to the internet, via Ethernet or a USB WiFi adapter, providing access to internet TV and radio - for me, access to the BBC iPlayer was a definite advantage.

This also allows me to use the Hummy (!) as a DLNA media server, which should allow me to play media recorded from Freeview across my home network using my Mac, iPad and iPhone - we'll see :-)

Thus far, I've only tested the so-called TV Portal feature of the device, via an Ethernet cable, contacted to my Mac, which was sharing it's WiFi connection.

I've ordered a USB WiFi adapter - an Edimax EW-7711USN N150 High Power WiFi USB Adapter with Detachable 3dBi Antenna - from Amazon; once it arrives, I'll test DLNA etc. and report back ...

In the meantime, back to the purpose of this post ….

Having plugged the Humax into my LCD TV, a Toshiba 32KV500B, via the supplied HDMI cable, I was soon up and running, and happily recording and scheduling.

However, I was somewhat perturbed to note that the telly displayed a blue screen ( hence the title of this post ) for 3-4 seconds each time I changed channels, either via the [Program Up] and [Program Down] buttons, or via the Electronic Programme Guide (EPG).

I tried switching the HDMI cable from one port to another ( the telly has two ports, the other is used for the iPad and iPhone via an Apple HDMI adapter ).

Sadly, I wasn't able to resolve the problem, and assumed that it was a fault with my TV - my aunt has the same model of Humax, used with a Sanyo LCD telly, and doesn't see the same problem.

However, before I "wrote off" the TV, I thought back to the initial set up of the Humax - one of the first screens that I saw, having set  the language, tuned the Freeview channels, confirmed the location of my TV transmitter etc. I'd seen a screen that asked me about the display resolution.

At the time, I accepted the default … which was 1080i.

Can you see what I did wrong ?

My telly is "HD-ready" rather than "Full HD" which, apparently, means that it's not capable of displaying a full High Definition - it can only handle 720p

 Supports High Definition 720p resolution. A HD ready TV will be able to display High Definition images from any HD source.

whereas the Humax can generate all the HD outputs; 1080p, 1080i, 720p, 576p and 576i.

So, as a final confirmation, I ran back through the initial setup of the TV ( sadly losing all my scheduled programmes ! ), and chose 720p this time around.

Having done that, I'm pleased to report that there's no longer any blue screen ( or, more seriously, loud popping noise which I heard intermittently ) when I toggle through the channels.

So, I'm feeling rather pleased with myself :-)

*UPDATE* Having read the Humax User Manual [PDF] I note that there's a rather useful V-FORMAT button on the Hummy's remote control: -

Note: Some TVs/Displays may not support all Video Resolutions, to change this in the future please use the V-FORMAT button on your remote control.

so I needn't have reset the device, thus losing all my scheduled programmes :-(

Still I do love the Find feature within the Humax's EPG; it allows me to search for programmes by name or genre e.g. drama, movie etc.

Will post back re the WiFi access in a week or so ….

Friday, 2 March 2012

IBM Web Content Manager delivery solutions for your website

This came to my attention earlier; one of my IBM UK colleagues kindly shared the link via a blog post in IBM Connections, which then popped up in Notes via the Connections Alerts plugin in my sidebar :-)

Stefan Hepper - Comment lines: Choosing the right web content management delivery solution

The IBM Web Content Manager software offers different solutions for delivering web content to your users. This article explains all the solutions available and why you would chose each.

The article is here - it's definitely worth checking out, whether you yet use IBM Web Content Manager, or not.

Thursday, 1 March 2012

More on the Global Security Toolkit (GSK) and OpenSSL on Linux

This is just a bunch of links right now, but has been extremely useful to me in the past few days …..

IBM SDK for Java 6 - Security information


IBM SDK Policy files

I needed to use this as I have a requirement to import 2048-bit SSL root/intermediate certificates into the SSL keystore for IBM HTTP Server, and IHS only supports 1024-bit certificates out-of-the-box

IBM's SDKs ship with strong but limited jurisdiction policy files. Unlimited jurisdiction policy files can be obtained from the link above. The ZIP file should be unpacked and the two JAR files placed in the JRE's jre/lib/security/ directory. These policy files are for use with IBM developed SDKs. The same files are used for the Version 1.4 and Version 5 SDKs. Details of downloads of unlimited jurisdiction policy files for the Solaris and HP platforms can be found in the IBM Security Guide for those platforms.


Key Management Utility command-line interface (gsk7cmd) syntax

This is somewhat self-explanatory, but extremely useful.


Migrating OpenSSL certificates from the Apache HTTP Server to the IBM HTTP Server KDB file

This was useful in helping me understand how to move certificates from one format to another e.g. PKCS12 to PEM etc.


Setting up a public key infrastructure

This includes some examples of how to use gsk7cmd to view certificate details etc.

$ gsk7cmd -cert -details -db myBrokerTruststore.jks -label CACert


Can't receive certificate in Ikeyman: All the signer certificates must exist in the key database

This has some great examples of how to use the openssl command to look at certificates e.g.

$ openssl x509 -text -in certificate_from_certificateauthority.crt|grep Issuer: