IBMCONNECTIONS.org

The River-of-News functionality in IBM Connections sometimes can get stuck.
All events that are happening inside the Connections platform are no longer being sent
to the Homepage Updates tab.

  When users puts up a new status for
  their Profile it will be visible on their
  own Profile page. But this event will
  not be pushed to the different
  sections on the Updates tab.

  For example the Status Updates
  section or the Discover section.

  For as far I’m aware all the other
  functionality in Connections will
  still work okay.

 

All will run fine until the messagestores get entirely clogged up and the queue reaches
the default max level of 50.000 messages. When this occur you will notify the system
becoming unstable.

Ofcourse the best approach is to fix it as soon as you notice that the River-of-News
no longer is being updated. Besides checking the Updates tab on the Homepage you
can check the following overviews in the WAS console to verify if messages are stuck.

( Screenshots are based on a medium Connections deployement. )

When the queue depths are around 70-100 and increasing you can be pretty
sure that  messages are stuck and are failing to be delivered.

Navigate to the Messaging Engines section and check if all of them are indeed
running else you can try to just start them up and see if that fixes it.

To fix clogged up message stores I found the quickest solution to stop all JVM servers
and delete all the messagestore files.

Find out the locations of the messagestore files by checking the File store section for
all the Messaging engines on your Connections system.

Delete all the files under this location and the one under the log directory. 
This action will only remove the events that are in the messagestore at
that moment. ( So starting from the point that messages were no longer
delivered to the River-of-News section )

Content that already reached the River-of-News will stay available as
messages that were received successfully are stored in the database.
The messagestores seem to be a temporary location to store event messages.

  For a medium deployment
  you wil have three sub
  directories to clean up.

 

After you have cleaned up the files in the above mentioned sub directories
you can start up the  JVM servers again.
Starting up the JVM servers will recreate these messagestore files.

Trying to stop, remove the messagestore files and startup the message
engines while the JVM servers were still up-and-running wasn’t a big success.

When you are using Edge Proxy server in your Connections environment
you have to take note that you edit the LimitRequestBody value in the ibmproxy.conf
to reflect the value of the largest file size you allow to be uploaded across the IC parts.

When the value of LimitRequestBody is set to 50 MB and you try to upload a
100 MB video file into the Media Gallery widget you will bump into the following
weird error message.

“This file does not exist.  Please select a file using the browse button.”

The same goes for the other IC parts, it will spit out a fuzzy error message
caused by the limit that is configured on the Edge Proyx server.

Just edit the LimitRequestBody value in the ibmproxy.conf configuration file
and restart the Edge proxy server.

As all the parts in IBM Connections are somehow developped on its own there is no
global configuration interface to set options like the maximum allowed file size and
what kind of files are allowed.

Every part has it own configuration and also its own way how to configure it.

For Blogs there is an administration interface to do this but for now this is
the only part which will give you a GUI to administer the application.

The other parts require you to either find your way through WebSphere wsadmin
commands or to edit XML files.

By browsing through the configuration XML files you will find that some parts are
simulair to eachother. The configuration and administration for Files and Wikis
feels like the same people were involved when it was developped.

Find below an overview of the different max. file sizes and the file restrictions per
IC component and where to edit them.

Activities

Global setting applies to stand-alone Activities and Communities Activities, max default attachement
size is 10 MB. ( Adjustable )
Limitations for extensions are configurable on a global level.

Edit to be done in the oa-config.xml file.

See -> http://www-10.lotus.com/ldd/lcwiki.nsf/dx/Setting_limits_on_uploaded_files_ic301

Blogs

Global settings applies to stand-alone Blogs and Communities Blogs, max file size 50 MB. ( Adjustable )
Forbidden and allowable extensions are configurable on a global level.

Login as a user who is assigned the admin role and go to the administration tab.

Communities

A community itself has no limits. The limits of the parts it contains are per default the same as for the standalone parts.

Dogear/Bookmarks

Not applicable

Files

The default maximum file size is 512 MB. ( Adjustable )
The default personal Files library space limit is 512 MB.   ( Adjustable )
FilesPolicyService.editPersonalDefault(long maximumSize)

The default Community Files library limit is 512 MB. ( Adjustable )
FilesPolicyService.editCommunityDefault(long maximumSize)

See -> http://www-10.lotus.com/ldd/lcwiki.nsf/dx/Setting_a_maximum_size_on_files_ic301

Limitations for extensions are configurable on a global level.

See -> http://www-10.lotus.com/ldd/lcwiki.nsf/dx/Restricting_file_types_in_Files_ic301

Policies can be created to adjust the limit for a personal Files library or a Community Files library.

A note about the max files error message for the Files component as used in the different scenarios.
The max file size error behavior for uploading files into the Files component differs per scenario.

APAR pending….

[ Upload a file into a Communities Files section ]

“The file could not be uploaded because it is larger than the maximum allowed file size of 500 MB”
// The error message is static.

Moment of max. file size notification = After the file is uploaded

[Upload a Video/Photo file into the MediaGallery section ]

“ErrorThe file could not be uploaded. Please try again later Hide details

The field cmis:contentStream exceeds its maximum permitted size of 104857600 characters.”
// size in characters ?! of course :-p, dynamic error message

Moment of max. file size notification = After the file is uploaded

[ Upload a file in the stand-alone Files app. ]

“The file could not be uploaded because it is larger than the maximum allowed file size of 100 MB”
// dynamic error message

Moment of max. file size notification = Before the file is uploaded

Forums

The default attachment maximum size is 10 MB. ( Adjustable )
Limitations for extensions are configurable on a global level.

Edit to be done in the forum-config.xml file.

The syntax is the same as for the oa-config.xml for Activities. This configuration options
aren’t mentioned in the IC wiki.

Wiks

The default page maximum size is 1 MB.  ( Adjustable )
The default attachment maximum size is 75 MB.   ( Adjustable )
The default Wiki max size ( pages + all page versions + attachments ) is 512MB. ( Adjustable )

The default personal Wikis library limit is 512 MB.   ( Adjustable )
WikisPolicyService.editDefault(long maximumSize)

The default Community Wikis library limit is 512 MB. ( Adjustable )
WikisPolicyService.editCommunityDefault(long maximumSize)

See -> http://www-10.lotus.com/ldd/lcwiki.nsf/dx/Setting_maximum_sizes_on_media_pages_and_attachments_ic301

Limitations for extensions are configurable on a global level.

See -> http://www-10.lotus.com/ldd/lcwiki.nsf/dx/Restricting_attachment_file_types_in_Wikis_ic301

Policies can be created to adjust the limit for a personal Wikis library or a Community Wikis library.

After eight months of silence on my Blog it is time to pick up with the Blogging spirit and share some
stories about IBM Connections and …. share some of my experiences about moving to Canada eh!!

Skipping some history but I can tell I’m currently living in Kitchener, Ontario and working as a
IBM Connections Administrator for Research in Motion.

How more Canadian can it get? Working for one of the biggest Canadian founded technology companies.

As IBM is dropping the Lotus brand for some of their major
products, Lotus Sametime is now called IBM Sametime and the
same goes for Connections, I also decided to tag along with this switch.

Wherefore IBM is doing this change and what the idea is behind it?
Got no real answer, maybe because the Lotus brand still brings up the
relation with the old Lotus 123 product for the majority of the people.

Nonetheless my Blog about Lotus IBM Connections will now be available
at the following URL’s

http://www.ibmconnections.info
http://www.ibmconnections.nl
http://www.ibmconnections.org

Whereby the org version is the leading one. But the URL isn’t the only thing
that got a refresh. In October of this year I will be heading to Toronto, Canada.
I was looking for a new adventure and decided somewhere in the end
of 2010 that I wanted to take this step.

At this moment I don’t have any job offers over there, so any leads
to a job in the IT sector of Toronto for a Linux/WebSphere/Connections admin
are welcome. My LinkedIn profile.

As I hosted this website on my own server at home I already took
the measures to move it to a VPS server from Stratos somewhere in the cloud
above Berlin Germany as a preparation for my long visit to Canada.

The new server now is running the latest openSuSe OS, 11,4,  and the Blog
pages are served by IBM HTTP Server 7 with fixpack 17.

The old “home brewed” server.

And probably now somewhere in one of these racks hosted as a virtual server.

While working on setting up my new Strato VPS server I got stuck getting
XRDP to work correctly.

XRDP is a remote desktop server which you can install on Unix like servers.

In my opinion the biggest benefit of this program is, in comparison to something
like VNC, is that you are able to remotely connect to a graphical environment on
your Linux server with any Microsoft based client without the need to install
extra software.

By default Stratos gives you a very basic installation of the Linux OS, that is
if openSuSe is your choice.

There was no package availabe in Yast for XRDP so I took the source from
xrdp.sf.net and compiled it myself.  Before running make check with
Yast if the openssl and pam development libs are installed.

After a successful installation and starting xrd_control.sh I was able to
connect with rdesktop to my Linux server on port 3389. RDesktop – RDP client for Linux

Authentication went fine but after that it got stuck and the login
process halted.

In the sesman.log file I didn’t found any hint pointing to the cause.

Googling I came to some handy debug options for xrdp and sesman.
./xrdp -nodaemon

./sesman -n

With the give parameters both programs will not be brought to be background
and all output is written to the console.

Looking at the debug information of sesman I saw that some X11
libs were missing. Installed the missing part with Yast and I was able to login per rdp.

Old skool X11 session with FVVM2 as the Window manager.
No bloated KDE or GNOME on my Linux server.
You can configure the Window manager to start in the startwm.sh bash script
in the XRDP installation folder, by default that is /usr/local/xrdp/.

In a LC environment used by users with different locales set we got feedback
that they couldn’t understand certain mails sent by colleagues.

http://publib.boulder.ibm.com/infocenter/ltscnnct/v2r0/index.jsp?topic=/com.ibm.connections.25.help/t_admin_profiles_set_notification_lang.html

“Unlike the other IBM® Lotus® Connections features, for Profiles, the language
preference for notifications is not dynamically updated when a user logs in.
If user language preferences are not present in their profile, the notification
is sent in the language of the sender’s browser locale.”

After futher investigating we saw that it was about network invitation mails.
As the statement at the top is from LC25 it is still is valid for LC30 as well.
Only for Profiles goes that the locale of the user isn’t saved in the database.

This way Profiles network invitation mails are sent in the locale of the sender.

This can create the following situation; a user which his browser locale set Dutch
invites a Finish colleague, the Finish colleague will see this network invitation
mail in the Dutch language.

To prevent this situation from happening we decided to force the language of Profiles
to be set to English. The language change goes only for the global part of the mail
the default custom message stays in the sender locale. 

We did this as follows.

We applied the following edits so all network invitation mails are sent in the English language.

Edit profiles_functions.js and add the following function.

function func_setpreferredLang(fieldname) {
 result = ‘en_US’
 return result;
}

Edit map_dbrepos_from_source.properties and change the following line.

preferredLanguage={func_setpreferredLang}

Both files can be found in the TDISOL directory.

To apply the changes run the ./sync_all_dns.sh script.
 

A few days ago the guys of Lotus Greenhouse applied fixpack 3.0.1 for Lotus Connections
besides it fixes a thing or two ( what else should a fixpack do ? ) it also introduces
some new features.

One of the fixes that is included in this fixpack is LO59430, the Forms tag widget issue.

https://www-304.ibm.com/support/docview.wss?uid=swg1LO59430

Haven’t heard any exact date yet when the fixpack will be public available but picked up
some rumors that they were aiming for the end of April. No official information is released
by IBM yet about what the exact things that are fixed and what all the new features are.

Found this Blog item from a Swedish IBM Business partner ( Infoware Solutions ) with
some more details about the things you get when you install Lotus Connections
fixpack 3.0.1.

http://iws01.infoware.se/web/lotusphere2011Extern.nsf/dx/2011-01-31184735IWSNVA.htm?opendocument&comments

Besides some details about the LC301 fixpack it also lists some features that are expected
to be available in LC40, you will love that code name, Lotus Connections NextNext.

But further with the new features that are known and with which you can play on GreenHouse.

One of the coolest new features I think is that you can add a Media Gallery widget to a Community.
Within in this Media Gallery you can upload images which will be displayed as thumbnails.

Besides images you can also upload video files which you then can play on the fly with the
built-in flash player. Unfortunate it’s limited to a few formats ( *.mp4 , *.flv and *.mov ) if
you try to upload a movie in the *.avi format it will give you an error that the format
isn’t supported.

The check is only based on the extension of the file not the mime type. If you rename
a *.avi file to *.mp4 and you try to play it it gives you a codec error. That not
all formats are supported probably has something to do with license costs for the codecs.

The storing of the media files you upload works the way you expect it to work. You upload
media files inside the Media Gallery widget and they will then also be available as a
downloadable file inside the Files part.

Another new feature that is introduced is the Idea Blog, not to funky, it is a new type of Blog
entry you can create with a vote button inside the Blog entry.

As a technical guy I’m very interested how to cope with the impact that video files can have
on the system, uploading big video files and multiple streamings against a WebSphere server.

A lot of technical challenges to discuss but first wait until IBM releases the fixpack.

This post as a follow up to “The Activities side-bar in Lotus Notes and SPNEGO”

In this post I describe the test setup used to look into SPNEGO and Eclipse Composite Applications
and how you can enable finer debugging.

The test set-up.

The Domino Policy as configured on our Windows Lotus Domino 8.5.2 server.

The Connections preferences tab after the Policy has been pushed to our client ( LN Windows 8.5.1 client Vanilla )

( Not really sure what the rules are before a Policy is pushed to a client but I got from my colleague and Lotus
Domino adept Arjan Vermeulen that running the ndyncfg.exe will do this, also re-opening your mail file from the
mail server where the policy is active should force pushing the policy. )

As can be seen on the screenshot the User name is filled in automatically ( MEN is my Windows AD username ).

All the required extra Accounts are created automatically as well.

The details of the Connections accounts have been set correct.

With the SPNEGO config the Connections search functionality works OK also adding RSS feeds into the internal
Feeds reader of LN works OK.

When I then click the link “Retry using existing options” I see the following messages in my LN
Trace. ( Help -> Support -> View Trace )

Unable to respond to any of these challenges: {negotiate=Negotiate}

In the SystemOut.log of the Activities servers we don’t see any errors.

Only the following information that a SPNEGO token is created for my account.

[12/13/10 11:03:58:603 CET] 0000008d SpnegoHandler I com.ibm.ws.security.spnego.SpnegoHandler handleRequest CWSPN0023I:
Username MEn@INTRA.E-OFFICE.COM Token size 1966.

To get some more info I searched how I could enable finer logging traces for Eclipse Composite applications
deployed in the Lotus Notes client.

After a lot of searching I found the following two be helpfull.

In the file \Lotus\Notes\framework\rcp\rcplauncher.properties add the following two options.

config.notes.8=-debug
config.notes.7=-console

This will bring up a terminal window when starting Lotus Notes and show all messages that
at least have the level WARNING. This is the same info as you can find under the View Trace
option in your Lotus Notes client.

To specify Java classes for which you want finer trace logging you can use the following.

In the file \Lotus\Notes\Data\workspace\.config\rcpinstall.properties add the Java classes
for which you want finer logging and to which level. For my investigation I used the following two.

org.apache.commons.httpclient.level=FINEST
com.ibm.rcp.internal.security.auth.module.level=FINEST

This gave me a little bit more info

2010-12-19T15:15:41.109+01:00 FINE Authorization required
org.apache.commons.httpclient.HttpMethodDirector org.apache.commons.httpclient.HttpMethodDirector .isAuthenticationNeeded 2
2010-12-19T15:15:41.109+01:00 FINEST enter HttpMethodBase.processAuthenticationResponse(HttpState, HttpConnection)
org.apache.commons.httpclient.HttpMethodDirector org.apache.commons.httpclient.HttpMethodDirector .processAuthenticationResponse 2
2010-12-19T15:15:41.109+01:00 FINE Supported authentication schemes in the order of preference: [ntlm, digest, basic]
org.apache.commons.httpclient.auth.AuthChallengeProcessor org.apache.commons.httpclient.auth.AuthChallengeProcessor .selectAuthScheme 2
2010-12-19T15:15:41.125+01:00 FINE Challenge for ntlm authentication scheme not available
org.apache.commons.httpclient.auth.AuthChallengeProcessor org.apache.commons.httpclient.auth.AuthChallengeProcessor .selectAuthScheme 2
2010-12-19T15:15:41.125+01:00 FINE Challenge for digest authentication scheme not available
org.apache.commons.httpclient.auth.AuthChallengeProcessor org.apache.commons.httpclient.auth.AuthChallengeProcessor .selectAuthScheme 2
2010-12-19T15:15:41.125+01:00 FINE Challenge for basic authentication scheme not available
org.apache.commons.httpclient.auth.AuthChallengeProcessor org.apache.commons.httpclient.auth.AuthChallengeProcessor .selectAuthScheme 2
2010-12-19T15:15:41.125+01:00 WARNING Unable to respond to any of these challenges: {negotiate=Negotiate}

It seems that the org.apache.commons.httpclient Java object instantiated by the Activities side-bar
isn’t capable of working with the negiotiate authentication scheme and only works with ntlm, digest and basic.

Also picked out WireShark out of my admin toolbox to dive into the HTTP traffic going out from my LN client
when using Lotus Connections functionality.

When working in WireShark I saw that the first request when using the Lotus Connections search functionality
already had a LTPAtoken set, login was not required, the response from the server was directly the HTML
page with the result.

Looking at the first request from the Activities side-bar, I didn’t saw a LTPAtoken set, in the HTTP traffic
following on this I saw that it ended at the login page from Activities.

Concluding, this ain’t going to fly, positive side learned a lot about Lotus Notes debugging and Accounts settings.

All with all leaving me a bit frustrated how is it possible that some Connections parts in the Lotus Notes client
can work with SPNEGO and some just won’t. These kind of plug-ins in your Lotus Notes client are great to
improve the adoption of Lotus Connections, users can access Connections from within their mail client
where they stay most of the time but that advantage soon shrinks if users get all kind of
authentication problems.

If big blue is using the Acticities side-bar themselves they probably have bumped into the same problems
we are currently facing. I guess they also have password change policies active and account lock-out restrictions.
But maybe there is some logical technical explanation why the Acticvities side-bar isn’t capable
of working with SPNEGO?