Profiles population, helpful search filter (MS AD).

Uncategorized Leave a comment

I’m currently installing Connections 5 for a customer. It’s a great place as the onsite guys really know their stuff. Anyway, their LDAP is in a bit of a state. Typical example of an organisation that has grown, gone through many Active Directory upgrades and no hard and fast rules for user management.

For Connections to be useful, you need relevant and current users in the Profiles database.

With populating the profiles DB, you’ve got 2 types of people. You’ve got the Wizards, and the Command lines. I’m a Wizard guy, just because it has come along way since I first used it (2.5) and hey, it automates half of my job. I still like to know and understand what the Wizards are doing, but if they automate it, awesome.

So I’m doing this install, and I run the Wizard with the default search scope.

The default search filter I used was below. I wanted to see how many records…

(&(sAMAccountName=*)(objectClass=user)

As you do, I iterate the log file..

LFRN0027I: After operation, success records is 634, duplicate records 0, failure records is 366.

That’s interesting…these guys only have 400 users?

Opened the PEOPLEDB, and there were heaps..I means heaps… of deactivated users. Doesn’t look like a user account had been deleted. Ever.

So, reset everything, dropped the DB and recreated it.

I had to work out how to populate without syncing accounts that were disabled. I also wanted mail to be populated.

Here is the search string that did it..

(&(sAMAccountName=*)(objectClass=user)(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

The parameter (!(userAccountControl:1.2.840.113556.1.4.803:=2) is a feature with MS AD, and is called a bitwise filter. Essentially, we’ve selected the users with the  useraccountcontrol flag enabled. This link explains it better than I ever could.

After operation, success records is 406, duplicate records 0, failure records is 24, and last successful entry is

This worked, users synced dropped to the correct numbers. Happy days.

 

 

 

 

 

wsadmin ProfileAdmin error “NameError: bAskForNodeComm”

Connections, , , Leave a comment

I stumbled across this issue when trying to update a users information in Connections after a UID change.

I’d successfully updated the PROF_UID and PROF_UID_LOWER with the new information, and TDI had synched across the new user data.

To then get the other Connections Applications to update their user information for this user, I ran the ProfilesService.publishUserData(“new.email@domain.com”)

I received a very descriptive error.ErrorProfiles

So I noticed that the unlike the other Connections admin commands, the ProfilesAdmin.py script had not asked me for “What node did you want to connect to?”

I tried various things, but was not able to get the ProfilesAdmin script to select a node.

I found this error  which seemed to match what I was getting, so I tried the suggested fix.

See below, it worked. This technique also will work with other ProfileAdmin commands.

NoErrorProfiles

Connections 5 CR1 CR2 IBM upgrade guides

Uncategorized, Leave a comment

Found these guides hidden in the depths of the release notes for IBM Connections 5 CR2.

Noted that the CR2 guide also has call-outs if you are doing a 5.0 > CR2 update.

Looks like the 5.0 -> 5 CR2 requires some extra SQL scripts against your connections database and some additional Content Manager requirements.

CR1 guide here

CR2 guide here

Thanks to IBM for some good material.

Error when reparenting a sub-community.

Connections, WebSphere, , Leave a comment

Reparenting a sub-community is a feature added in Connections 4.5 CR3.

This feature allows you to move a sub-community to a Parent level, but also allows you to move the sub community to a different parent. (Think of the sub community as the child).

To move a sub-community, you use wsadmin, and the CommunitiesService.moveSubcommunityToCommunity(“CommunityUNID”) command.

Here is the IBM Link to the this utility.

I ran into an issue when trying to move the Community.

Firing up wsadmin as our usual Admin user,  I got the below error.

wsadminerror

 The System.Out

000009a TangoServiceI W com.ibm.tango.internal.service.TangoServiceImpl getMemberProfileWithUpdates CLFRM0110W: Undetermined memberProfile, in which its name: waslocaladmin, email: null, member uuid: 2f333cc26-b4d5-437d-b970-c9c1b3c076aa, and logins: [waslocaladmin], closely matches to directory service object of an user, whose name: waslocaladmin, email: null, and logins: [waslocaladmin].

Then

000009a TangoServiceI E com.ibm.tango.internal.service.TangoServiceImpl updateCommunity CLFRM0039E: internal error
com.ibm.tango.exception.MemberDuplicateLoginIdException: [waslocaladmin]
at com.ibm.tango.internal.service.TangoServiceImpl.getMemberProfileWithUpdates(TangoServiceImpl.java:3187)

 This was interesting, as the user waslocaladmin user was the Admin user for Connections, but wasn’t listed as an Admin userroles in the Application.

Additionally, waslocaladmin user was in the file based repository.

Workaround..

Switching to our support login, which has Administration access to the Communities application, I was able to run the reparenting command successfully.

This was done by running the wsadmin command as the support user.

Fix..

Further Troubleshooting revealed that this issue is more than likely the waslocaladmin id not being synced with the Community member database table.

This environment was upgraded, so in theory this could be correct. The migration method was a side-by-side install, so the waslocaladmin user would be different.

Synchronise a single member’s directory ID in the Communities member database table

  1. Open a command prompt and navigate to C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin
  2. Run wsadmin -lang jython -user waslocaladmin -password password -port 8879

From the wsadmin prompt run:
wsadmin>execfile(“communitiesAdmin.py”) (enter)
wsadmin>CommunitiesMemberService.syncMemberExtIdByLogin(“waslocaladmin”) 

Errors have stopped, so fingers crossed!

Connections theme reverts to 4.5 after applying C5 CR1

Connections, Leave a comment

Just a quick post. I ran into this issue, and it’s not the first time I’ve seen it.

After applying the CR1 update to Connections 5, the theme reverted to version 4.5.

I made sure that all nodes were synced, restarted environment and the same issue was experienced.

The Fix

I removed the temporary caching directory for the WebSphere Server running Connections.

This forces WAS to update it’s cache on next restart.

  1. Shut down the Application server running Connections.
  2. Go to the <install_root>/profiles/<servername> directory
  3. Rename the /temp directory to /old_temp (as below.)
  4. Rename the /wstemp directory to /old_wstemp (as below)
  5. Restart Application Server.
temptheme

Once testing is completed, you can remove the old temp directories.

Installation Manager fails own install – Exit code 1 on CentOS

Uncategorized Leave a comment

CentOS is pretty awesome. I do most of my work these thankfully on a Linux distro. We usually just run command line, and use tools like XMing and Putty to do the GUI only bits of the install.

In this particular install, we were using the Servers GNOME desktop. When running installation manager, we were getting a JVM crash when hitting “Next” on the install for Installation manager 1.8.

exitcode1

After much searching, ensuring everything was up to date I stumbles across this technote.

Once this fix was in place, I was able to continue the install.

Moving Databases from DB2 9.7 to 10.1 on Windows 2012 R2 for C3-C5 upgrade.

Connections, DB2, , , Leave a comment

Those people familiar with Connections will be aware of the different methods to upgrade.   The one that we use most often, due to the fact that we have the best chance of success, is the Side-by-Side migration. With this migration you essentially setup a new environment at the version you are upgrading to , then transition your data. This also allows for the old version to be available to the customer, so that historical data is still available.

We mainly use DB2 for the backend, and most of time it’s hosted on a Linux machine. But some times we come across Windows.

This is one of those cases….

I ran into an issue with migration of DB2 servers between versions of DB2, hosts and Operating Systems.
Moving from DB2 9.7 on Windows 2003 – DB2 10.1 on Windows 2012 Server R2.

Firstly, here is an overview of the process used.

On source host – this requires an outage of your Connections host.
Login as DB2ADMIN to the local machine.
Databases are backed up offline using the DB2 Control Center.
Backups are to Files.
On Target DB2 server
Logged as Domain user
Copy from the Source host to the Target host the DB Backups.
Switch to DB2Admin
Restore Databases. Nice thing with this is that the databases were automagically upgraded to 10.1.

The issue

When the databases were restored to the DB2 10.1 server, DB2Admin on the Target machine did not get the correct permissions and authorities to the databases. Even though DB2Admin was explicitly listed in the Database, this did not help.
The problem propagated itself further in the DB2 Upgrade wizards in Connections. When the DBUpgrade wizard ran, it could not verify which Connections version the databases were. This leads me onto the next thing..how do the Connections wizards identify what Connections version the database is?
Each database has a specific table that holds what version of Connections the database is. Being IBM, having these be the same table would be way too easy. The Table for HOMEPAGE is HOMEPAGE.SCHEMA.

When viewing the data in HOMEPAGE.SCHEMA, as DB2Admin, nothing was returned, We could see no data.
DB2Admin had no rights to the database, which makes no sense.. DB2Admin should be god.

The fix

Was to perform the following on the Target DB2 Server before the restore.

Set the DB2_RESTORE_GRANT_ADMIN_AUTHORITIES registry variable BEFORE preforming the restore into a new database.
Example:

db2stop
db2set DB2_RESTORE_GRANT_ADMIN_AUTHORITIES=ON
db2start

Just to automate the restore process, I created a batch script.

 D:
 db2 RESTORE DATABASE BLOGS USER db2admin USING password FROM "D:\DB2TFR2" TAKEN AT 20141022174241 TO "D:" INTO BLOGS WITH 2 BUFFERS BUFFER 1024 PARALLELISM 1
 db2 RESTORE DATABASE DOGEAR USER db2admin USING password FROM "D:\DB2TFR2" TAKEN AT 20141022174313 TO "D:" INTO DOGEAR WITH 2 BUFFERS BUFFER 1024 PARALLELISM 1
 db2 RESTORE DATABASE FILES USER db2admin USING 1password FROM "D:\DB2TFR2" TAKEN AT 20141022174401 TO "D:" INTO FILES WITH 2 BUFFERS BUFFER 1024 PARALLELISM 1
 db2 RESTORE DATABASE FORUM USER db2admin USING password FROM "D:\DB2TFR2" TAKEN AT 20141022180225 TO "D:" INTO FORUM WITH 2 BUFFERS BUFFER 1024 PARALLELISM 1
 REM db2 RESTORE DATABASE HOMEPAGE USER db2admin USING password FROM "D:\DB2TFR2" TAKEN AT 20141022180322 TO "D:" INTO HOMEPAGE WITH 2 BUFFERS BUFFER 1024 PARALLELISM 1
 db2 RESTORE DATABASE OPNACT USER db2admin USING password FROM "D:\DB2TFR2" TAKEN AT 20141022180348 TO "D:" INTO OPNACT WITH 2 BUFFERS BUFFER 1024 PARALLELISM 1
 db2 RESTORE DATABASE PEOPLEDB USER db2admin USING password FROM "D:\DB2TFR2" TAKEN AT 20141022180432 TO "D:" INTO PEOPLEDB WITH 2 BUFFERS BUFFER 1024 PARALLELISM 1
 db2 RESTORE DATABASE SNCOMM USER db2admin USING password FROM "D:\DB2TFR2" TAKEN AT 20141022180459 TO "D:" INTO SNCOMM WITH 2 BUFFERS BUFFER 1024 PARALLELISM 1
 db2 RESTORE DATABASE WIKIS USER db2admin USING password FROM "D:\DB2TFR2" TAKEN AT 20141022180525 TO "D:" INTO WIKIS WITH 2 BUFFERS BUFFER 1024 PARALLELISM 1

I performed the above, restored the Databases. This time the DB’s took considerable time to restore….more stuff happening! I was now able to successfully access the Databases, and run the wizards.
Happy days,

DB2 10.1 and Windows 2012 – A warning.

Connections, DB2 Leave a comment

So I’m installing a new environment for a customer, doing what you usually do.

I go to this page to get the parts that required for my installation.

I download, then start installing.

So first up is my DB2 server. I kick off the install……

db2fail

I tried everything…nothing worked. I rechecked the environment.

Windows 2012 R2…there was my issue.

The install that comes with Connections for DB2 ESE  10.1 neat.

Support for R2 Windows 2012 was introduced in FP4. Download here

Hope this saves someone some time stuffing around!

 

SQL Locking on SNCOMM DB with MS SQL Server

Connections, SQL Server, , Leave a comment

Recently I was asked by a customer to investigate the poor performance of their Connections 4.5 CR3 environment. They had noticed that the servers were slowing, and eventually Connections ground to a halt.

Checking the System.out logs on the InfraCluster servers revealed that issues were being experienced with process hangs and process queuing.We then traced this back to the Databases, as it appeared like anything that relied on Communities were slowly failing. We found our problem.

The SNCOMM database had a lock from a long running task. Analysing the lock showed that this was the select statement it was running:

@P0 nvarchar(4000))   SELECT       TC.COMMUNITY_UUID as COMMUNITY_UUID,   TC.NAME as NAME,   TC.CREATED as CREATED,   TC.CREATED_BY as CREATED_BY,   TC.LASTMOD as LASTMOD,   TC.LASTMOD_BY as LASTMOD_BY,   TC.LOWER_NAME as LOWER_NAME,   TC.PLAIN_DESCR as PLAIN_DESCR,        '' as IMAGE,        '' as DESCRIPTION,   '' as DESCRIPTIONEX,       TC.MEMBER_COUNT as MEMBER_COUNT,      TC.PEOPLE_COUNT as PEOPLE_COUNT,       TC.GROUP_COUNT as GROUP_COUNT,   TC.COMMUNITY_THEME as COMMUNITY_THEME,       '' as CREATEDBY_DIRECTORY_UUID,   '' as CREATEDBY_DISPLAY,   '' as CREATEDBY_EMAIL,    '' as LASTMODBY_DIRECTORY_UUID,   '' as LASTMODBY_DISPLAY,   '' as LASTMODBY_EMAIL,     TC.COMMUNITY_TYPE as COMMUNITY_TYPE,    TC.HANDLE as HANDLE,     TC.PARENT_UUID as PARENT_UUID,   TC.ORG_ID AS ORG_ID,   TC.INTERNAL_ONLY AS INTERNAL_ONLY,   TC.OWNER AS OWNER,   TC.MEMBER_UPDATED as MEMBER_UPDATED,   TC.REF_UPDATED as REF_UPDATED,   TC.IMAGE_UPDATED as IMAGE_UPDATED,       TC.PRE_MODERATION as PRE_MODERATION,       TC.POST_MODERATION as POST_MODERATION   FROM   SNCOMM.COMMUNITY TC       WHERE      TC.COMMUNITY_UUID=@P0

Removing the lock resolved the issue, everything in the environment “trued” and all was well with the world again.

The customer then did some investigation into what changes were made in the environment. Turns out through some pretty awesome sleuth work that a new user had been brought on that day. This user was added to a Community that had >10 sub-communities. This was the clue..

In Connections 4.5 (unsure which version) a new feature to update the membership of sub-communities when a user was added to the parent community was introduced. Running this code for under 10 sub-communities, no problem. More than 10; LOCK.

PMR was logged and the resulting investigation showed that this was a reproducible error. Bad news is that it also exists in version 5, but this will be resolved in an upcoming fixpack.

 

Increasing the library file size of a Community.

Connections, , , , Leave a comment

Just had to update the file size of a Community. Sounds easy right??

I swear IBM make this stuff as complex as possible…..

To increase the size limit of a Community, you need it’s UID usually found as the last part in the url.

https://blaf.com./communities/service/html/communityview?communityUuid=2672ad0a-9646-4c2f-8094-3b552322d79e

 But what happens if you aren’t a member of the Community and can’t access it? What happens if all you have is the name?

You need to do this:

Start wsadmin

Launch Communities administration:

>execfile("communitiesAdmin.py")

Then you need to get all communities, and find the name. This is done by:
wsadmin> all=CommunitiesService.fetchAllComm()
wsadmin> CommunitiesListService.filterListByName(all, "community name") 


You will get output like the following:


[{lastModBy=[John User, A6F3CFCB-E9F5-3CEE-CA25-6F1000815F04], created=6/2/13 4:38:17 PM EST, tags=[], type=private, name=APACBlah, uuid=2672ad0a-9646-4c2f-8094-3b552322d79e, memberSize=36, lastMod=10/22/13 2:25:31 PM EST, description= This is a subcommunity for APAC staff who have completed their initial launch training for . , createdBy=[John User, A6F3CFCB-E9F5-3CEE-CA25-6F1000815F04]}]


 You now have the UUID.. but now you need to find the corresponding Library ID. This is done in the Files Admin tool.


Launch files admin,


wsadmin>execfile("filesAdmin.py")
Files Administration initialized.


We then need to find the ID of the corresponding Library. This is found by issuing the following command,


wsadmin>FilesLibraryService.getByExternalContainerId("2672ad0a-9646-4c2f-8094-3b552322d79e")


APAC staff who have completed their initial launch training for the project., createDate=Sun Jun 02 16:38:18 EST 2013, policyId=00000000-0000-0000-0000-000000000001,


externalContainerId=2672ad0a-9646-4c2f-8094-3b552322d79e, themeName=default, label=We251c6a45e07_482a_b5c7_a13bbb0654ca, title=APACBlah,


ownerUserId=00000000-0000-0000-0000-000000000000, type=community, id=9e1b8069-a132-4ea6-a32c-948634a520cc, externalInstanceId=We251c6a45e07_482a_b5c7_a13bbb0654ca, lastUpdate=Mon Oct 21 17:08:37 EST 2013}




We then need to create the new Policy


Create a new policy, i.e we need to create a policy for 1 Gb of files in the community.


Use the following command. Anything over 2 GB needs an L at the end. format of (name, size)


wsadmin>FilesPolicyService.add("1 GB", 1073741824) 


A policy will be created, and an id given. Take note of this ID.


A policy was added with the new id 82e5ae13-efa7-4cc7-bb37-1b8d68b521cc




Now you need to apply the new policy to the Community. Format of command is (ID,Policy)


 wsadmin>FilesLibraryService.assignPolicy("9e1b8069-a132-4ea6-a32c-948634a520cc","82e5ae13-efa7-4cc7-bb37-1b8d68b521cc")
The policy with the id 82e5ae13-efa7-4cc7-bb37-1b8d68b521cc is now assigned to the library with the id 9e1b8069-a132-4ea6-a32c-948634a520cc .


 Simple hey????


A tick box on the Community administration page would kill you?