IBM Connections: Disable IBM Connections Content Manager (CCM)

A customer wanted to temporarily disable the already installed IBM Connections Content Manager (CCM) component. Here are the steps to do that:

  • On Deployment Manager, start WSADMIN client:cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin
    ./wsadmin.sh -lang jython -user _websphere_admin user_ -password _password of wasadmin user_
  • Run the following commands on theWSADMIN console to checkout the LCC configuration file:execfile(“connectionsConfig.py”)
    LCConfigService.checkOutConfig(“/tmp”, AdminControl.getCell())
  • Disable the IBM Content Manager application by running the following commands on theWSADMIN console:LCConfigService.updateConfig(“ecm_files.enabled”, “false”)
    LCConfigService.updateConfig(“ecm_files.ssl.enabled”, “false”)
  • Check in the LCC configuration file again, synchronize all nodes and leave theWSADMIN prompt:LCConfigService.checkInConfig()
    synchAllNodes()
    exit
  • Restart all Connections clusters
  • If you want to enable the applications later again, use the same commands but change the value “false” to “true”.

After I did that, I sawe the following error messages in the SystemOut.log of the server where CCM was installed:

[codesyntax lang=”text”]

[/codesyntax]

The reason for that was, that there were still some unprocessed notification events in the queue which could no longer processed as the application has been disabled. To remove these events I ran the following commands:

  • On Deployment Manager, startWSADMIN client:cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin
    ./wsadmin.sh -lang jython -user _websphere_admin user_ -password _password of wasadmin user_
  • Run the following commands on theWSADMIN console:execfile(“communitiesAdmin.py”)
    CommunitiesQEventService.clearQueuedEventsByRemoteAppDefId(“Library”)
  • The command returns the number of cleared events.

Now the error message should no longer be displayed.

Installing TDI 7.1.1 on Windows Server 2012

If you try to install IBM Tivoli Directory Integrator (TDI) V7.1.1 on Windows 2012 Server you might see the following error message:

[codesyntax lang=”text”]

ZeroGu2: Windows DLL failed to load
at ZeroGa2.b(DashoA10*..)
at ZeroGa2.b(DashoA10*..)
at com.zerog.ia.installer.LifeCycleManager.b(DashoA10*..)
at com.zerog.ia.installer.LifeCycleManager.a(DashoA10*..)
at com.zerog.ia.installer.Main.main(DashoA10*..)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.zerog.lax.LAX.launch(DashoA10*..)
at com.zerog.lax.LAX.main(DashoA10*..)

[/codesyntax]

To solve that problem, change the compatibility mode  in the properties of the installer exe file to “Windows 7” and try again.

Thanks to Mikkel  😉

IBM Connections 5.0 CR2: Upgrade of Filenet Content Engine Server fails

The upgrade of the Filenet Content Engine Server component for IBM Connections CR2 on Windows machines failed for two customers now. The command ‘update-ce.bat -was.dm.path “D:\IBM\WebSphere\AppServer\profiles\Dmgr01” -was.admin.user wasadmin -was.admin.password password -ce.fp.installer.location “D:\INSTALL\CCMFIXCR2\5.2.1-P8CPE-WIN.EXE”‘ failed always with the message “Error: Please read the log for detail of the problem, it is D:\IBM\Connections\ccm\ccm\ccm\scripts\fn-ce-update.log”.

If you look into the mentioned log you see that the deployment of the FileNetEngine application was successful. There is no hint why the procedure failed in the end.

I just ignored the error and went on with the next steps. I did not notice any problems and you will re-deploy a newer version manually as the last step anyway … On Linux I never noticed that problem, so it seems to be something Windows specific.

By the way: A detailed instruction for upgrading COnnections 5.0 to CR2 can be found here. If you install on Windows make sure that you use a blank as separator instead of “=” (equal sign) for the Filenet upgrade procedures (e.g. use “-was.admin.user wasadmin” instead of “-was.admin.user=wasadmin”)

 

IBM Connections Cognos: Problem with SSL Certificates

If you want to configure Cognos for IBM Connections to use SSL you need to import the HTTP server certificate and all of the certificates in the certificate chain as described in this chapter. However, after I did that Cognos was not working. The import as successful and there was no error message.

If you have a similar problem, just open the certificate store (“(_transformer_install_dir_)/signkeypair”) with the iKeyman utility (as type of keyfile use “PKCS12”).

You should find all certificates (the server certificate of your web server and all signer certificates in the chain up to the root) in that keystore. If one or more of them are missing (which was the case for me even after the “successful” import) just add it with the iKeyman utility.

After restarting the servers everything should then work correctly.

 

FileNet Content Navigator: “CIWEB2039 – The AccePlugin plug-in contains errors”

After upgrading IBM Connections 5.0 to  5.0 CR2 and upgrading the FileNet Content Navigator you see the error “CIWEB2039 – The AccePlugin plug-in contains errors” if you try to load the ACCE (Filenet Admin Console). To resolve that, add the following line to the HTTPD.CONF of your web server(s) and restart the web server(s):

 

You might also need to clear your browser cache. Afterwards the ACCE should load successfully again.

On demand VPN with iOS and OpenVPN

I can connect to my internal network from outside via an OpenVPN tunnel. However I need to manually start the VPN connection on my iPhone or iPad every time before I want to access one of my internal machines. So I looked for a way to automate that and starting the VPN connection with OpenVPN on my iOS devices on demand.

Here I describe the steps which I have done to obtain that:

I assume that you already have a working VPN connection from your iOS device via OpenVPN and have access to the certificate files you created for that.

First you need to create a certificate file in PKCS12 format which contains both your certificate and your private key. I have created that file with the following OpenSSL command:

[codesyntax lang=”text” lines=”no” blockstate=”expanded”]

[/codesyntax]

Now we need to create a mobile configuration profile for iOS. As the “Apple Configuration Tool for Windows” no longer exists and the official tool “Apple Configurator” is only available for Mac I used the “OpenVPN iOS Configuration Profile Utility“. You might need to install RubyGems before if you not have it setup already on your machine (I did all these steps on my Raspberry Pi where I had that installed before).

I used the following command to create my profile:

[codesyntax lang=”text” lines=”no”]

[/codesyntax]

Unfortunately currently the “ovpnmcgen” tool does not support the “DNSDomainMatch” directive which is needed for automatic enabling VPN as soon as you access a host in your internal network.

So you manually need to add the following parameters to the “OnDemandRules” section in your “the_name_of_the_generated_output_file.mobileconfig” file . I have highlighted the lines you need to add:

[codesyntax lang=”xml” lines=”no” highlight_lines=”19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35″]

[/codesyntax]

You need to replace “urs.local” with the domain name of your internal network. Accessing a host with this domain name (e.g. “myhost.urs.local”) will then automatically trigger a VPN connection.

Now you do have a configuration file which you can install as a profile in your iOS device. You need to somehow transfer it to your device. You can either mail it to you (might be unsecure as someone can get access to your file …) or transfer it via iTunes or (as I did) place it on your own Owncloud server and open it with Safari on your iOS device.

To install the profile you need first to enter your iOS password and after that the password for your private key you used while creating the PKCS12 file.

As soon as you have installed the profile you are ready to go.

With the configuration described above a VPN connection will be established automatically as soon as you try to access a hostname in your local network (here: “urs.local”). If you come back home with your device and connect to your own Wifi network the VPN will be disconnected again automatically.

Pebble Smartwatch

Meine Junghans Mega Solar-Funkuhr hatte mir nun 16 Jahre treue Dienste geleistet. Leider habe ich sie wohl neulich am Frankfurter Flughafen verloren. Da sie auch keiner im Fundbüro abgegeben hatte, musste ich mich um Ersatz bemühen.

Eigentlich hatte ich mich ja schon auf die Apple-Watch gefreut. Leider wurde ich etwas enttäuscht, als ich die Spezifikationen und die Preise dann gelesen hatte. Ganz ehrlich, für eine Uhr, die relativ bald wieder veraltet ist und die man mit Mühe und Not vermutlich gerade so über den Tag bringt bevor man sie laden muss, 400 EUR und mehr auszugeben, das wollte ich dann doch nicht tun. Dafür ist mir eine Uhr zuwenig Statussymbol und mehr Funktionsgerät.

Daher viel die Wahl dann auf die Pebble 401BLR Brushed Stainless Steel (Farbe: edelstahl). Die Auswahl war ja nicht besonders groß, da die Smartwatch ja mit meinem iPhone zusammenarbeiten sollte und die meisten anderen Smartwatches nur Android unterstützen.

Datei 28.03.15 12 01 33

Den Ausschlag gaben hauptsächlich die folgenden Gründe:

  • Die Uhrzeit kann immer abgelesen werden, und muss nicht erst mit einer Armbewegung eingeschaltet werden (mit einer Armbewegung kann aber ein Hintegrundlicht zugeschaltet werden, um die Uhr auch im Dunkeln abzulesen).
  • Die Akkulaufzeit beträgt bei normalem Gebrauch 5-7 Tage.
  • Die Uhr ist wasserdicht, man kann sie also auch beim Schwimmen tragen.
  • Der Preis liegt derzeit bei knapp 200 EUR (immer noch viel für ein Spielzeug, welches ganz sicher keine 16 Jahre hält wie meine Uhr zuvor…)

Ich habe mir noch das mattschwarze Metallarmband dazugekauft (sonst nützt es wenig wenn die Uhr wasserfest ist ;-)) und ein zweites Ladekabel (leider benötigt die Uhr wieder ein spezielles USB-Kabel, was man auch noch mit sich herumschleppen muss).

Die Uhr hat die Möglichkeit beliebige Watchfaces (Ziffernblätter …) anzuzeigen. Auf My Pebble Faces gibt es jede Menge mehr oder weniger schöne Watchfaces zum kostenlosen Download. Da mir hier aber nichts so wirklich zugesagt hat, habe ich mir mit einem Watchface Generator mein eigenes “Ziffernblatt” generiert, was oben auf dem Bild auch zu sehen ist.

Die Hauptfunktionalität, neben der Anzeige der Uhrzeit, ist für mich, alle Benachrichtigungen meines iPhones (also, Anrufe, Kalenderevents, Mail- SMS-, Facebbook-Notifications etc.) direkt auf meiner Uhr angezeigt zu bekommen. Dann kann das iPhone auch leise gestellt irgendwo in der Tasche bleiben und ich bekomme die wichtigsten Infos trotzdem

Über den Pebble Appstore kann man sich weitere Apps herunterladen, wobei man maximal 8 Apps und Watchfaces gleichzeitig auf der Uhr installiert haben kann:

X7ekUaJ

Derzeit habe ich Smartwatch Pro (benötigt eine Begleit-App aus dem iTunes-Store) sowie MultiTimer und Morpheuz installiert. Hier bin ich aber noch am Rumspielen, was für mich nützlich ist und was nicht.

Das Wechseln des Armbands ging mit dem mitgelieferten Schraubenzieher sehr einfach. Nur das Kürzen des Armbands war dann ein ziemliches “Gefuddel” 😉

Nach einer knappen Woche bin ich ganz zufrieden mit meiner Wahl. Der bislang größte Nachteil der Uhr: Der Vibrationsalarm ist mir nicht stark genug. Ich wache definitiv davon nicht auf. Was schade ist, denn als Wecker ist die Uhr daher leider nicht zu gebrauchen (wäre schön gewesen, denn damit könnte man sich wecken lassen, ohne den Partner mit aufzuwecken). Vielleicht muss man sich trainieren, um das Vibrieren am Arm auch im Tiefschlaf zu bemerken, aber ich fürchte mal, dass sich das nicht ändern wird.

Ach ja: Dieses Jahr wird der Nachfolger Pebble Time Steel herauskommen. Wer Zeit hat, für den macht es vermutlich Sinn darauf zu warten. Ich wollte jetzt aber gleich eine Uhr haben 🙂

Update 2015-03-28:

Auch Alarms++ finde ich ganz nützlich (ich werde noch mal testen ob ich davon wach werde ;-)). Ausserdem habe ich mir noch World Time als zusätzliches Watchface installiert. Ganz nützlich wenn man mal mehrere Zeitzonen im Blick haben muss.

Über Pebblebits habe ich mir eine Custom Firmware erstellt, in der u.a. die eingebauten Watchfaces (die ich nicht nutze) sowie die eingebaute Alarm-Funktion (die ich durch Alarm++ ersetzt habe) nicht mehr vorhanden sind.

Netgear ReadyNAS Duo V2: SNMP Configuration

I wanted to access SNMP data on my Netgear ReadyNAS Duo V2. However, although I enabled SNMP in the GUI and set the corerct community string and IP address for the allowed hosts, I was unable to connect. I logged in via SSH and checked the file “/etc/snmp/snmpd.conf”.

There was only one line in that file and for me it looked correct (IP 192.168.0.100 was the IP address of the machine from where I wanted to access the device via SNMP):

After some investigation I learned that you might need to configure SNMP via the command “snmpconf -g basic_setup”. After I did that I ended up with a much bigger “/etc/snmp/snmpd.conf” file. In the end the following line was the important one which fixed the connection:

After a restart of the SNMP service with “service snmp restart” I was able to connect to the device and list all supported SNMP IDs:

Unfortunately I then saw that this device only supports a very small subset of other Netgear NAS devices and I was unable to read parameters like fan status, temperature, disk status etc.

 

Raspberry Pi: Some first steps to do

As I played around with the Raspberry Pi I saw that the VI editor was not working as it should. You were not able to use the cursor keys and the backspace key correctly. The reason is that normally Linux has installed VIM and not the original VI. So I first updated VI with the following command:

[codesyntax lang=”text”]

[/codesyntax]

After that I installed the Midnight Commander as I find it more comfortable than just using the command line:
[codesyntax lang=”text”]

[/codesyntax]

As my Pi will be reachable via the Internet  I do not want to have the standard user “pi” enabled. So I created a new user which also does not have sudo rights (in case someone gets access to my user password he still will need to have the root password in order to get root rights). So I used the following commands:
[codesyntax lang=”text”]

[/codesyntax]

Now login again as user “newuser” and then change to root and disable the user “pi”:

[codesyntax lang=”text”]

[/codesyntax]

Now define an alias for the “ls” command to display files and directories in the long format and wih some color coding. For that edit the files “/home/newuser/.bashrc” and “/root/.bashrc” and add the following lines at the end:
[codesyntax lang=”text”]

[/codesyntax]

By the way: To use the graphical programs of the Pi, you can start the LXDE-Panel with the command “lxpanel”. You will need a local XServer and XWindows redirection for that (I am using the great tool MobaXterm for that).