It seems that the comment plugin of WordPress Jetpack is broken. At least no comments were possible on this site since yesterday (timeout in browser after submitting the comment). Although I not yet have an idea how to fix it, I have restored the comment function by disabling the plugin until I find some time to look at it..
Uninstall of Sametime Gateway Not Possible
Note to myself:
If you ever try to uninstall IBM Lotus Sametime Gateway and the uninstaller always tells you that there are still running processes / servers and therefore no uninstall is possible even if you have made sure that all services, processes etc. are stopped:
Have a look in your Websphere profile log directories (<WAS_install\profiles\<profile name>\logs) and delete all *.pid files which still might exist there. Afterwards the uninstall should be possible without problems 😉
WordPress: Paste Pictures From Clipboard
I really missed the feature of just pasting an image (e.g. made with a screenshot tool) into the WordPress editor. I know found a small tool which almost does that. It is called PicturePaste. And it just adds one additional small step between the normal copy / paste operation.
I am using the Home Host version of the tool which allows me to configure my own FTP server to upload the images (so they are just automatically saved into my WordPress media folder).
So from now on I will more often use screenshots in my blog entries, which I did avoid in the past because of the additional effort of first saving them to disk, uploading them to the media gallery and then pasting the link into the editor.
Great tool!
Sametime 8.5.2: Suppress Meeting Reports
A customer wanted to suppress the meeting room report function of a Sametime Meeting Room (because of a request of the Working Council). Although there is no direct setting for it, there is a possibility to do this. You need to distinguish between the Meeting Rich Client and the Web Browser.
Meeting Rich Client
You will need to use a Sametime 8.5.2 IFR1 client version newer than March 2012 (I have tested it with the Notes Embedded CLient Version 20121204-0645). Since this release two managed settings have been added with which you can control the behaviour of the Meeting Report function:
com.ibm.rtc.meetings.summaries/hideMeetingReport
If set to true, hides the Create Meeting Report Action. No user is able to create meeting reports in rich client.
Default is false.
com.ibm.rtc.meetings.summaries/onlyDisplayCurrentSessionForParticipants
If set to true, participants can only see the meeting report for the current session. Room owner and manager can see the history of meeting reports in addition.
If set to false (default), all users (participants, room owners, managers) can see all meeting reports.
So as an example for the first preference you can add the following section to your Sametime managed settings file:
[codesyntax lang=”xml” container=”pre” title=”Sample”]
|
1 2 3 |
<settingGroup name="com.ibm.rtc.meetings.summaries"> <setting name="hideMeetingReport" value="true" isLocked="true" overwriteUnlocked="true"/> </settingGroup> |
[/codesyntax]
Web Browser
If you open a meeting room in a web browser instead of the rich client you also have a link within the Room Tools to create a Meeting Report. To disable the functionality of a Meeting Report you could change the meeting room application (room.jsp) itself but in this case you will need to do that again every time you apply a fix pack or a new version.
So the better solution would be to redirect the original link to the Meeting Report to another web site which explains the user that this function has been disabled.
You can define such a redirection in the Websphere Proxy for the Meeting Server. Here are the steps to do this:
IBM Connections 4: How to hide link to “Metrics” in Communities
If you do not have yet installed a Cognos server or if you do not want to allow all users to access to Metrics within Communities you might want to hide the “Metrics” link which is visible to every user by default.
To do this open the Websphere Integrated Solution Console and click to
Applications -> Websphere Enterprise Applications -> Communities -> Security role to user/group mapping
Select the role “community-metrics-run” which is set to “All Authenticated in Application’s Realm” by default and set it to “None” (or whatever user or group you like).
Synchronize all nodes and restart the Community application.
Now the link should no longer be visible to every user.
Update iKeyman to support CMS
During an installation of IBM Tivoli Directory Server (TDS) I needed to use the iKeyman tool which was delivered with TDS. Unfortunately this version of the tool does not include the capability to support CMS keystores. In order to correct this you need to do the following steps:
- Edit the file /opt/IBM/ldap/V6.3/java/jre/lib/security/java.security
- Find the list of security providers in the file (lines starting with “security.provider.x=”)
- Add a new line “security.provider.x=com.ibm.security.cmskeystore.CMSProvider “
- (if the last line is security.provider.9=……. you need to specifiy “security.provider.10=…. etc.)
- Save the file and restart iKeyman
You now should be able to see “CMS” as the keystore type.
Java cannot access network if IPV6 present
Recently I had the problem that some Java based applications (e.g. Apache Directory Studio and JXplorer) were not able to connect to other servers on my Windows 7 machine. After some investigation I realized that the reason for that was the fact that Java tries to connect via IPv6 if IPv6 is supported by the OS. Unfortunately, even if no connect is possible Java seems to not retry via IPv4 in this case.
So you either need to disable IPv6 on your machine or you need to add the parameter “java.net.preferIPv4Stack=true” to the settings.
For Apache Directory Studio you add that parameter to the file <program dir>\configuration\config.ini. For JXplorer you add the parameter “-Djava.net.preferIPv4Stack=true” (make sure you include the “-D”!) to the command line in the “jxplorer.bat” file.
IBM Connections 4: Connect TDI to Secure LDAP server via SSL
If you want Tivoli Directory Integrator (TDI ) to connect to a secure LDAP server (LDAPS) via SSL you need to import the SSL root certificate of the LDAP server into your TDI configuration. This article describes the basics how to do that.
For the TDI configuration included in IBM Connections the steps are as described below:
- First, get the root certificate of your LDAP server. This can most easily be done with OpenSSL:
openssl s_client -connect <hostname of ldap server>:636 | sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ > <filename for certificate>.cer
If you do not have “sed” available you can just manually extract all lines from “—BEGIN CERTIFICATE—” to “—END CERTIFICATE—” with a text editor and save this section.
- Now you need to import this certificate into the TDI JKS keystore.
You can either do that via the IBM IKEYMAN utility or, faster, via the command line (start the command from the “…\TDISOL\serverapi” directory):
<TDI program directory>/jvm/jre/bin/keytool -import -trustcacerts -alias <alias name for certificate> -file <filename of the certificate>.cer -keystore testadmin.jks -storepass administrator
E.g.:
/opt/IBM/TDI/V7.1/jvm/jre/bin/keytool -import -trustcacerts -alias LDAP-Certificate -file ldaproot.cer -keystore testadmin.jks -storepass administrato
You need to confirm with “yes” that you trust this certificate.
- If you still get SSL errors in the IBMDI.LOG (like “Keystore was tampered with, or password was incorrect”) open the file “<TDI program directory>/etc/global.properties” with a text editor.
Find the sections “## server authentication” and “## client authentication” and replace the line “#{protect}-javax.net.ssl.trustStorePassword={encr}……..” with the line “{protect}-javax.net.ssl.trustStorePassword=administrator” in both sections.
Now your TDI should be able to successfully connect to your secure LDAP server.
Update:
Please make sure that you use the “testadmin.jks” in the “serverapi” directory of your TDI solutions directory (e.g. “TDISOL/serverapi”)!
IBM Connections 4: SSL Termination on Load Balancer
If you configure IBM Connections 4 behind a load balancer which does SSL termination you are unable to login. This is because Connections does force SSL for the login page. So even if you access Connections via HTTP during login, the WAS server redirects you to HTTPS access. The load balancer changes that to HTTP again and so you are in an endless loop.
The solution is described in this technote (which is originally for Websphere Portal Server). However it solves the issue also for IBM Connections.
- First, you need to tell your load balancer to insert an additional HTTP header variable (the name does not matter).
- Then open the Websphere Administrative Console.
- For each Connections application server you go to “Servers –> Application Servers –> <AppServer Name> -> Web Container –> Custom Properties” and add a new property called “HttpsIndicatorHeader”. In the value field you enter the nam eof the HTTP header field which the load balancer inserts.
- After restarting you arpplication servers, the login should be possible again
Windows Update Problem (“#elementModuleHeaderText#”)
Suddenly my Windows 7 machine the Windows Update could no longer be used. As soon as you click either on Windows Update or the Windows Update settings there was an almost empty screen with just an empty button. If you clicked on it you got error messages like “#elementModuleHeaderText#” etc.
After trying many things I found on Google I finally ran the the following Microsoft Auto Fix: “Automatically diagnose and fix common problems with Windows Update“”.
This fixed the issue immediatly. Afterwards I was at least able to view all the settings again. I just was unable to change the some of the settings and I got the message “Einige Einstellungen werden vom Systemadministrator verwaltet“ (in English something like “Some settings are controlled by the system administrator”).
To fix this issue I just deleted the following registry key:
HKLM\Software\Policies\Microsoft\Windows\Windows Update
and restarted the Windows Update service.