- Update your Community to 8.5.2 (FP4)
- Change directory access from Notes to LDAP (so choose one of your other domino to serve as a LDAP)
- Install Sametime System Console (SSC) 8.5.2 IFR1
- Install Sametime Proxy Server (SPS) 8.5.2 IFR1
- Install 8521-ST-PROXY-IF-WHOS-96PHBX on top of SPS
- Register your Community to the SSC
That's a lot!
I did not document all that, will probably in my next install. But here I am, and trying to make all this coordinate.
Source
Open Ports
In our test environnement, our traveler is in DMZ, but our SPS is not. In order for the communication to flow properly, you might want to open some ports depending on your environnement.
In Connections
In connections, I access the profile of a user and I get a "No Sametime status available". It is searching, that's the good point, that means that the feature is enabled.
http://sametime.showroom.org:9444/stwebclient/index.jsp -> connection refused
http://sametime.showroom.org:9081/stwebclient/index.jsp -> Connects to IBM Sametime
So why is the connections refused ? Well SSL is not configured.
I can see in WireShark that it accesses into 9444 port which is SSL in my configuration, so I changed settinges (using source A) to disable SSL for sametime proxy server access.
Unfortunately now he won't let me synchronize my nodes :
[03/07/13 17:13:04:448 CEST] 00000292 NodeSyncTask A ADMS0003I: La synchronisation de la configuration a abouti.
[03/07/13 17:13:37:057 CEST] 00000046 RoleBasedAuth A SECJ0305I: Echec du contrôle d'autorisation basée sur le rôle pour admin-authz opérations ConfigRepository : refreshRepositoryEpoch. L'utilisateur wasadmin (ID unique : user:defaultwimfilebasedrealm/uid=wasadmin,o=defaultwimfilebasedrealm) n'a pas reçu l'un des rôles requis suivants : deployer, operator, configurator, administrator, auditor, adminsecuritymanager.
I had another user (my LDAP user) configured with administrative role and I was able to synchronize nodes using this accout. Why wasn't I able to do so with my wasadmin account ?
I'm glad because I've hade some trouble with this. Like always with ICS trouble, the solution was actually pretty simple. In this case using correct URL and port. But I learned a lot about how to monitor flux of data.
I can see in WireShark that it accesses into 9444 port which is SSL in my configuration, so I changed settinges (using source A) to disable SSL for sametime proxy server access.
Unfortunately now he won't let me synchronize my nodes :
[03/07/13 17:13:04:448 CEST] 00000292 NodeSyncTask A ADMS0003I: La synchronisation de la configuration a abouti.
[03/07/13 17:13:37:057 CEST] 00000046 RoleBasedAuth A SECJ0305I: Echec du contrôle d'autorisation basée sur le rôle pour admin-authz opérations ConfigRepository : refreshRepositoryEpoch. L'utilisateur wasadmin (ID unique : user:defaultwimfilebasedrealm/uid=wasadmin,o=defaultwimfilebasedrealm) n'a pas reçu l'un des rôles requis suivants : deployer, operator, configurator, administrator, auditor, adminsecuritymanager.
I had another user (my LDAP user) configured with administrative role and I was able to synchronize nodes using this accout. Why wasn't I able to do so with my wasadmin account ?
And after node synchronization, that works ! :) Not even needing a server restart.
I'm glad because I've hade some trouble with this. Like always with ICS trouble, the solution was actually pretty simple. In this case using correct URL and port. But I learned a lot about how to monitor flux of data.
No comments:
Post a Comment