Content Feed

 Verse  IBM Verse 17 January 2017

IBM Verse On-Premises - some thoughts after using for two weeks

We installed IBM Verse On-Premises (VOP) the day it was released.  See my previous post about the installation (simple).  This post will cover my impressions after having used it for two weeks as my main access point to my company email.

Basic Usage:

Overall, I'm pretty pleased with the VOP 1.0 release.  Reading and composing emails are easy and straightforward. When new mail arrives, the browser tab adds a red dot to the Verse icon to let me know there's something new. Messages render as expected and give me the option to show images if desired - just like Notes or iNotes do. The options to work with a message are available in the icon bar and are a mix of text button (Reply, Reply All, Forward) or images (Mark Needs Action, Mark read/unread, delete, move to folder, print or schedule a meeting).  There's also an indicator of which folder(s) the message is found in. This is very nice.   The Mark Read/Unread button was a topic of conversation in that it wasn't immediately apparent from the icon what it's for - and was missed entirely by someone else.  The hover text does point it out, but I'm chalking up missing it due to me not paying attention.

Continue Reading "IBM Verse On-Premises - some thoughts after using for two weeks" »

 ibm connections  IBM Connections Docs  IBM Docs 13 January 2017

IBM Docs - Technote on Understanding the Save, Publish and Copy options

This came across my feed this morning and I think it's a useful piece of information to share with users of IBM Docs.  They often ask the difference between the save, auto-save, publish, auto-publish and the copy options when working on documents.  This technote from IBM gives a fairly succinct explanation of what the differences are.

Understanding Save, Auto-save, Publish, Auto-publish, and Copy

 Domino  ibm connections  Lotus Notes Domino  SSL  iNotes 6 January 2017

IBM Connections Files Integration with iNotes

Now that Verse On-Premises 1.0 is out, I was taking a look at the integration with Connections Files.  I've run into an issue with that that I'm still looking at, but as part of the diagnosis, I went back to look at the Connections Files integration with iNotes to try and get some better logging.  During that inspection, I came across a different issue after we've upgraded our Connections instance to 5.5 and narrowed the TLS settings.

The issue in iNotes was that the client was failing wth a SSL handshake error in the iNotes console (nice to have that in iNotes).  Further review in the IHS log on the Connections side indicated a cipher mismatch.

First off, on the Domino side I enabled SSL_DEBUG_ALL=1 to get more information and the interesting thing is that Domino as the client was attempting to connect using the ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher. On Domino this is the top cipher used when TLS 1.2 is enabled.  However, this cipher isn't enabled by default in IHS according to the docs, so I updated the httpd.conf to add the additional ciphers for TLS 1.2 and all TLS versions.

# SSL Cipher settings

After making that change and restarting HTTP, I still saw the handshake errors.  Going back into the httpd.conf, I changed the settings from only supporting TLSv12 to all TLS versions:

SSLProtocolEnable TLS
SSLProtocolDisable SSLv3 SSLv2

Saving and restarting HTTP, this got Connections Files with iNotes working.  

Unfortunately, that didn't get the Connections Files with VOP working, so I'm back to looking at that.  More to come...

 Domino  Verse 30 December 2016

Initial impressions on IBM Verse On-Premises 1.0

NOTE:  This is a "first impression" post after working with VOP for a few hours.  I didn't participate in the betas, so this is a fresh experience.

So, as has been announced on the interwebs today, IBM Verse On-Premises 1.0 (VOP) was made available for download today.  Part number: CNDG8ML  

We had some time today, so Chris Whisonant and I installed it and setup the integration with Connections.  So Chris did the Domino side and I handled the Connections side.  Here are my brief comments on my couple of hours in.

INSTALL:  Went very smoothly on Windows, no issues.  Install the Hotfix that enables Verse, copy some JARs to the OSGI folder, set some notes.ini parameters, update the redirect db design, mail design and that's it. One note is that while the documentation only advises to make sure mail files are indexed, it looks like if you already have an indexed file, you'll want to rebuild the indexes.  We ran into that on my mail file on the server.  The server will initiate a rebuild, but it looks like it may cause some errors in the Inbox until the index is re-done.  At least that was my experience.

Also, there is one URL for all users.  So if you want to make verse the default, you'll want to update your server configuration.

INTERFACE:  If you've seen any slidedeck from this year, you'll know what to expect for the most part.  It's an interface that you'll recognize. When you login, you'll be prompted to allow browse notifications in Chrome, Safari and Firefox.

You get links to Mail, Calendar, People and Apps (links to iNotes, Notebook and ToDo).  Interesting note - Calendar takes you to the iNotes calendar, so it has not been "versefied" yet.  

The next "row" is icons for Inbox/Unread, Needs Action, Waiting For and then your Important People.  The Needs Action and Waiting for look to have lots of potential, I'll be playing around with that more.  Our initial test of trying to send an action to another didn't result in the message getting flagged in the recipient's mail. We'll look at this further.

SEARCH:  The "big" thing is the faceted search.  So far - working great.  You can drill down based on important people or perform a search and then you can refine the search based on time or folders. It is really nice - a big reason to check it out.

CALENDAR BAR: At the bottom is the calendar bar that shows your day in "blocks" where you have something scheduled and click on the block and get the details.  I like it, you can scroll through the day or from day to day. We'll see how much "use" I'll get out of it, but I like it so far.

CONNECTIONS INTEGRATION:  Integration was easy and simple to setup. Nothing installed on the Connections side, just some changes to the httpd.conf on the HTTP Server and a notes.ini change on the servers. Integration gives you photos and business card data.  Nicely done. If you have iNotes files integration, it will be available when composing a message as well.

So - in summary, for a 1.0 release it's looking pretty good.  Deeper testing will be done as I use the browser to access my mail primarily.

UPDATE:  Here's the link to the VOP Knowledge Center - it has the details on confguring VOP and integrating with Connections and Box.

Happy New Year everyone!

 connections  ibm connections 22 December 2016

IBM Connections 5.5 - Errors in SystemOut.log cleaning up HOMEPAGE database

Working with a client on IBM Connections 5.5 CR1, they were noticing errors in the SystemOut.log of the InfraCluster around 11pm regularly.  Lately, the errors were filling up 1GB of logs for a minute when it occurred.

The "critical" piece of information was the line below:
Error for batch element #1: A parent row cannot be deleted Page 10 of 67 because the relationship "HOMEPAGE.NR_READ_STATUS.FK_READ_STATUS_STR" restricts the deletion.. SQLCODE=-532, SQLSTATE=23504, DRIVER=4.19.49

We looked through the logs to find which entry it was, but couldn't find anything specific in the logs or the DB2DIAG log. It looked like it was trying to delete newsletter stories, but that's as close as we could get.

A PMR was opened with IBM and after reviewing the logs, we were told it was a known issue and there was a fix planned for CR3, but one is available for CR1 now. I'm guessing that a version for CR2 is available as well.

If that error is popping up in your logs, open a PMR and request the fix LO90678.

As I was searching on the fix, I happened across a link to a IBM technote (login required for this one) regarding this entry. Not much info beyond that this appears to be an issue in 5.5 and later CRs, but has the full stack of the error if you're interested.

 connections  ibm connections 21 November 2016

IBM Connections Mail - destined for end of support

Over the weekend, I noticed a blog entry in my feed reader from the IBM Collaboration Solutions Support blog -  End of Support Plans for the Connections Mail Plug-in - which starts of detailing that the IC Mail plugin for Connections 4.0 and 4.5 entered end of support this month. It also indicated EOS dates for the plugins for 5.0

The interesting/disturbing piece is related to future plans for IC Mail and Connections.  The statement is that there are no plans for a version of the Mail plugin to work with Connections 6.0.  And there is no mention of what a replacement might be.

Most of our clients that use Connections use the Mail plugin as well, so this would be a significant loss of functionality if there is actually nothing to replace the plugin.  Is it going to be part of the main suite now? Will Verse (cloud and on-prem) replace it?  Who knows, but apparently IBM is happy to let speculation play out until it makes a complete announcement.

Once again - we need IBM to fully explain what's going on.  

 ibm connections  connections  spnego  sso 3 November 2016

File Downloads from Connections using SPNEGO

With IBM Connections, there are options to utilize different SSO options. One of the eaiser is using Windows Integrated Authentication, better known as SPNEGO. This uses the AD domain and the user's Windows credentials to issue a ticket that can be used to authenticate users against other resources, such as an IBM Connections site.

In some cases, this doesn't work like it should.  One example is if the user gets an email with a link to download a file stored in Connections, but hasn't yet authenticated with the site.  By default, the Files download isn't configured to support this, it relies on getting the LTPA token after authentication to serve requests.  The user gets a login page (or just the basic auth pop-up) before getting to the download page. For users that are used to never "logging in" to Connections, this can cause some anxiety and unnecessary Service Desk calls.

Here's what you can change in IBM Connections 5.5 to get File downloads to "work" as expected.  You'll need to remove the spaces between the < symbol and the following character for the XML to work. That's just so its readable here.

1 - Backup the web.xml from the \profiles\dmgr01\config\cells\\applications\Files.ear\deployments\Files\files.web.war\WEB-INF folder
2 - Locate the nodes in the web.xml file and add the following:


< security-constraint>
< display-name>Forms< /display-name>
< web-resource-collection>
< web-resource-name>Form< /web-resource-name>
< url-pattern>/form/*< /url-pattern>
< http-method>GET< /http-method>
< http-method>PUT< /http-method>
< http-method>POST< /http-method>
< http-method>DELETE< /http-method>
< /web-resource-collection>
< auth-constraint>
< description>Form< /description>
< role-name>reader< /role-name>
< /auth-constraint>
< /security-constraint>

3 - Perform a full resynch of all nodes
4 - Restart all clusters

Also check the SPNEGO config to make sure the  url /form/anonymous/* isn’t included in the filter criteria. If it’s there, remove it, save the change and resent the nodes. SPNEGO config should be dynamic, so a restart won’t be needed.

We opened a PMR for this and we're waiting to hear if IBM is going to make this change permanent in a future release .

 Connections  WebSphere  IBM Connections 5 July 2016

Startup Beans and adding additional nodes in Connections

Last week, working with a customer that had setup a two-node install of Connections 5.5. Getting ready to go live and we noticed an issue in the SystemOut log of the InfraCluster when the server would start or when the search index task would run.

CLFRW0454E: Unable to get indexing information about the current server, the index will not be built for this server.

We had followed the instructions for adding the new node, and couldn't determine why we were seeing this issue. Opened a PMR and we got back, after the initial MustGather request, some information to try. Basically, the internal technote indicated that the Startup Beans Service wasn't enabled in the newly added App Server.  Going to the app server's Container Settings > Container Services > Startup Beans service page and enabling that option followed by a sync and restart solved the issue.

 Connections 20 June 2016

IBM Connections 5.5 CR1 and Connections Mail - issue with calendar picker

After updating a test server with Connections 5.5 CR1, a customer noticed that the calendar picker in Activities would stay open after selecting a Due Date for an activity. This didn't happen in 5.5 or earlier versions. We opened a PMR with IBM and after some back and forth, according to IBM the issue is related to Connections Mail being enabled on the server.  If you don't have Connections Mail enabled, there's no issue.

A fix is in the works.  I'm hoping that it will be an update available from FIx Central and not just a fix, but we'll see.

UPDATE July 1: My client received a fix and installed it and it has resolved the issue. LO89462 is the APAR number, so open a PMR with that info if you need the fix.

 Connections  WebSphere  SSL 10 June 2016

IBM Cnx 5.5 CR1 and WAS update - something to remember

I was updating a Connections 5.5 environment to CR1 today and part of the process is updating WebSphere to  The installs all went very smoothly untill we went to verify the updates by launching the site.  We saw the always generic "We are unable to process your request" message hitting the homepage.  Off to the SystemOut.log!

Looking at the logs, I saw a series of SSL Handshake errors and then it hit me - the Java policy files to handle the large SSL key size must have been overwritten.  I need to remember that they will be overwritten during an update like this.

Checking the \java\jre\lib\security folder verified that the files had been replaced.  Once we replaced them with the correct version and restarted WebSphere we were able to login successfully.

Now to finish the testing!

UPDATE: Rainer asked where the updated policy files were downloaded from.  I used this IBM link to download them (login required) and chose the first option that included the j9 VM2.6 version.  Use the "java -version" command in the WAS Java folder to confirm that the JVM matches the versions listed there.