Monday, September 16, 2013

plugin-key.kdb missing

Context

I installed Connections, and it works. I configured the web server, generated and propagated the plugin, and at the time of copying the plug in key store file to web server key store directory, the button is greyed out.





The Websphere HTTP plugin



What are advantages of using webserver and plugin?
The plug-in provides work load management and failover capabilities by distributing requests evenly to multiple application servers and routing requests away from a failed application server.
Static content can be served by the Web server without doing a full round trip to the application server.
The Web server provides an additional hardware layer between the Web browser and the application server, thus strengthening the application server’s security.

Demystifying the IBM® Web ServerPlug-in

plugin-cfg.xml file is created by clicking the “Generate Plug-in” button on the web servers page of the WebSphere administrative console.

HTTP for SSL

 This is all good and useful information. But now more specifically, we go deeper into SSL.

This is a good guide :
Configuring SSL for WebSphere and IBM Http Server : part1

Quote from part 1:
This involves setting SSL for two different communications.
1. Between Browser and IBM http server [IHS]
2. Between IBM http server [IHS] and Websphere Application Server
We are working on 2. The distinction is important.

In my plugin-key.xml :

<Property Name="keyring" Value="c:\IBM\HTTPServer\Plugins\config\webserver1\plugin-key.kdb"/>
<Property Name="stashfile" Value="c:\IBM\HTTPServer\Plugins\config\webserver1\plugin-key.sth"/>

So the keystore should be ready and created, but navigating to the folder it is missing.

But I can see that in websphere, the folder for plugin is :

C:\IBM\HTTPServer\Plugin

And in reality should be :
C:\IBM\Websphere\Plugin
This error is due to the fact that HTTPServer is the default installation folder. So be careful of this when you configure the webserver in Connections 4.5

PLGC0063E

After rectifying (delete and recreating the web server with the good parameters), I can't propagate anymore with errors PLGC0063E and PLGC0049E

PLGC0062I: Le fichier de configuration du plug-in est transmis de C:\IBM\WebSphere\AppServer\profiles\Dmgr01\config\cells\SRVCONNECT1Cell01\nodes\SRVCONNECT1Node01\servers\webserver1\plugin-cfg.xml à c:\IBM\Websphere\Plugins\config\webserver1\plugin-cfg.xml sur l'ordinateur du serveur Web.PLGC0048I: La propagation du fichier de configuration du plug-in est terminée pour le serveur Web. SRVCONNECT1Cell01.SRVCONNECT1Node01.webserver1.PLGC0063E: La transmission du fichier de configuration du plug-in entre C:\IBM\WebSphere\AppServer\profiles\Dmgr01\config\cells\SRVCONNECT1Cell01\nodes\SRVCONNECT1Node01\servers\webserver1\plugin-cfg.xml et c:\IBM\Websphere\Plugins\config\webserver1\plugin-cfg.xml sur le serveur Web a échoué.PLGC0049E: La propagation du fichier de configuration du plug-in a échoué pour le serveur Web. SRVCONNECT1Cell01.SRVCONNECT1Node01.webserver1.

A technote seem to correspond : Plug-in propagation fails with PLGC0063E and PLGC0049E when copying to remote Web server
According to this technote : the message can be ignored if the propagation is successful.

Unfortunately both button are still greyed out.

Copying manually plugin-key.kdb

"Manage keys and certificates" link for plugin-key.kdb is broken in the WebSphere Application Server administrative console

I copied the plugin-key.kdb, plugin-key.sth and plugin-key.rdb from C:\IBM\WebSphere\Plugins\config\webserver1 to C:\IBM\WebSphere\AppServer\profiles\Dmgr01\config\cells\SRVCONNECT1Cell01\nodes\SRVCONNECT1Node01\servers\webserver1

Now the 2 buttons are available.
Posted by at No comments:

Friday, September 13, 2013

Missing IBM HTTP Administration Server (Websphere Plugin Configuration Tool)


The IBM HTTP Server is installed but the administration service is missing :



From here I can see that this is related to the configuration in Websphere customization toolbox.

However I can see that in WCT, HTTP Administration Server seems to be enabled :



By redoing the WCT plugin configuration tool, I can find, after enabling putting Administration Server, and where I should I have "run as a service" checkbox :

Non-Administrative user configuration limitation

For those non french reader out there, this basically mean that the user running the configuration is not an administrator, so service cannot be created. Note that this is not mandatory, so that's why I was able to complete configuration without a IBM HTTP Administration service.

My user "icadmin" is in the administrator group and I ran the WCT with administrator rights.

In websphere help I can see that the user launching the configuration should have the rights to "connect as a service"

In Windows "Local Security Strategy" I add "icadmin" to "Act as part of the operating system" and "Log on as a service"


This did not solve.

Similar issues here and here in Connections forums.

I have not been able to solve. I had my rights checked by a Windows admin and he did not find the source of this. This is definitely bizarre.

But following this documentation about Plugin Configuration Tool from Steve Reid and Rob Boretti, I found this command  :
C:\IBM\HTTPServer\bin>httpd.exe -f "C:\IBM\HTTPServer\conf\admin.conf" -k install -n "IBM HTTP Administration for Websphere Application Server V8.0"

The administration service was directly created. It launched ok and I was able to use it from the Websphere Administrative Console.



Posted by at No comments:

Monday, September 9, 2013

Connections 4.5 Installation on 2 Windows 2008 Servers Summary


This is a summary for my own use, about installation of Connections 4.5. It's a quick reference documentation, and contains command lines and important points.
This may or may not be understandable from your point of view. I you are beginning at Connections, I suggest that you start with Zero to Hero Guide or Connections Wiki

RAA = Run As Administrator
CLAA = Command Line As Administrator


Server B

  1. For each server, create the administrative user directly on the server (not on the AD domain), add him to Administrators and the group that allow them to use windows at a distance. Log in with this user.
  2. RAA - Install DB2 without a response file. Do not start SSH server automatically. No notifications.
  3. Create LCUSER and add him to DB2USERS group.
  4. CLAA - add licence for DB2, if you have one
  5. CLAA - Configure Unicode
  6. CLAA - Database creation wizard : Run dbwizard.bat then stop and start db2
  7. RAA - Install TDI. Do not specify working directory
  8. CLAA - Install TDI FP7
  9. Modifiy runtime memory of C:\IBM\TDI\V7.1\ibmdisrv.bat
  10. CLAA - Launch population wizard. Just fill the DN of LDAP Bind User. LDAP user search base is empty. "CountryCode" might be set to "null"
  11. Have a cognos administrative account in LDAP
  12. Install DSClient
  13. Install WAS 8 and FP5
  14. Create a typical Application Server profile
  15. Update with ifpm62615 and ifpm71430
  16. Get CognosConfig and copy it on the ServerB. Get db2jcc.jar and db2jcc_license_cu.jar from C:\IBM\SQLLIB\java and put them into C:\Sources\CognosConfig\BI-Customization\JDBC
  17. Modifiy cognos-setup.properties accordingly to your environnement. (Cognos node name : YOURSERVERNode01, installation directories : C:\IBM\CognosBI, C:\IBM\CognosTF and C:\IBM\CognosTF\PowerCubes)
  18. CLAA - Launch cognos-setup.bat
  19. CLAA - Launch cognos-configure.bat
  20. Stop Cognos server and (CLAA) Federate node to ServerA. Then from Dmgr console (serverA) full resynchronize. Start Cognos server.
  21. Validate Cognos Server
Annex : command lines

4. 
db2licm -l
db2licm -a db2ese_o.lic

5.
db2set DB2CODEPAGE=1208
db2start
db2set

8.
c:\IBM\TDI\V7.1\bin\applyUpdates.bat -update TDI-7.1-FP0007.zip
c:\IBM\TDI\V7.1\bin\applyUpdates.bat -queryreg

9.
"%TDI_JAVA_PROGRAM%" -Xms256M -Xmx1024M -Xnojit -classpath "%TDI_HOME_DIR%\IDILoader.jar" %ENV_VARIABLES% com.ibm.di.loader.ServerLauncher %* 

12.
db2 catalog tcpip node db2node remote serverB.domain.com server 50000
db2 catalog database COGNOS as COGNOS at node db2node
db2 catalog database METRICS as METRICS at node db2node

20.
In C:\IBM\WebSphere\AppServer\profiles\AppSrv01\properties\soap.client.props set :
com.ibm.SOAP.requestTimeout=600
C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin> addnode serverA.domain.com 8879 -includeapps -username wasadmin -password passw0rd


21.
Processes : BIBusTKServerMain, BmtMDProviderMain, cgsLauncher
http://serverB.domain.com:9081/cognos/servlet
http://serverB.domain.com:9081/cognos/servlet/dispatch

Server A


  1. RAA - Install Installation Manager (I use 1.6.2, 32bits)
  2. Install WAS 8 and FP 5
  3. Create a typical Cell profile
  4. Update with ifpm62615 and ifpm71430
  5. At this point I usually have to install Visual C++ runtime library and reboot, else I would get an error at next stage
  6. Install IBM HTTP Server 8.0.0.5 for WAS, Websphere Plugin 8.0.0.5 for WAS and Websphere Customization Toolbox 8.0.0.5 (consists of 3 repository, Webphere Supplements, FP5 for Supplements and FP5 for the Toolbox)
  7. Launch web server plugin configuration tool : 
    • add IHS_Location at C:\IBM\Websphere\Plugins
    • Create a webserver plugin configuration, with ihsadmin for user ID
    • Install IBM HTTP Administration as a service
    • unique server web name : connections and not webserver1
    • local installation
    • AppSrv01 profile
  8. Put shortcuts (Dmgr stop/start, Node stop/start, Administrative console) on the desktop
  9. Start Dmgr and setup Federated Repositories ("Distinguished name of a base entry that uniquely identifies" should be set to "root" with a Domino LDAP). Set as current. 
  10. Enable Application Security. Configure SSO. Log out, restart Dmgr, check groups and users.
  11. Get db2jcc4.jar and db2jcc_license_cu.jar from C:\IBM\SQLLIB\java in ServerB and put them in C:\IBM\SQLLIB\java
  12. Install Connections (cluster name : CL, server name : connections_server). Stop everything, start nodes, full resynchronize the nodes. Stop everything, start everything, Connections last.
  13. Connections is working!

10.
Case is important

13.




Posted by at No comments:
Subscribe to: Posts (Atom)