Had a customer the other day that couldn't import their SSL certificate into the WebSphere Application Server (WAS) Integrated Solutions Console (ISC) due to a "RSA premaster secret" error being shown when attempting the import. A PMR with IBM Support confirmed my suspicion that export restrictions was in play. Here is the response from IBM Support.
The premaster RSA secret error with 4096-bit encryption is usually due to the unrestricted JCE policy requirement.
Please, try to install the unrestricted policy files as follow:
- Take existing jar file backup from /usr/WebSphere/AppServer/java/jre/lib/security
- Go to the following website: http://www.ibm.com/developerworks/java/jdk/security/index.html.
- Click Java SE 6
- Click IBM SDK Policy files. The Unrestricted JCE Policy files for the SDK website is displayed.
- Click Sign in and provide your IBM ID and password or register with IBM to download the files.
- Select Unrestricted JCE Policy files for SDK for all newer versions (version 1.4.2 and higher) and click Continue.
- View the license agreement and then click I Agree.
- Click Download Now.
- Install the files. Extract the file: unrestricted.zip into a directory of your choice. Copy the .jar files from the extraction directory to following directoriy: /usr/WebSphere/AppServer/java/jre/lib/security
- Restart the server.
I'm deeply saddened by the news that Tim Tripcony has passed. There are very few people that I as a programmer / coder look up to, who inspire and impress me and who I admire. Tim was one of those and now I'll never get to admit it to his face.R.I.P. Tim.
Trying to install IBM Tivoli Directory Integrator (TDI) v. 7.1 for IBM Connections on Windows Server 2012 I got the following error:
ZeroGu2: Windows DLL failed to load at ZeroGa2.b(DashoA10*..) at ZeroGa2.b(DashoA10*..) at com.zerog.ia.installer.LifeCycleManager.b(DashoA10*..) at com.zerog.ia.installer.LifeCycleManager.a(DashoA10*..) at com.zerog.ia.installer.Main.main(DashoA10*..) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at com.zerog.lax.LAX.launch(DashoA10*..) at com.zerog.lax.LAX.main(DashoA10*..)Solution was to right click the installer and set compatibility mode to Windows 7.
The other day we did a test upgrade of our internal IBM Connections 4.5 environment from CR3 to CR4 before doing the real upgrade. After the upgrade the CPU of the WebSphere Application Server node (we are in a single node architecture) would spike to a 100%. After some digging and perusing of log files we narrowed the problem down to IBM Social Mail and that component being loaded. Actually even more specifically to the Discovery Servlet which is used to discover the mail service for a particular user. The issue appeared to be a hung thread as indicated by the below stacktrace. See highlight in bold.
[4/30/14 13:39:51:534 CEST] 00000040 ThreadMonitor W WSVR0605W: Thread "WebContainer : 5" (0000014b) has been active for 770854 milliseconds and may be hung. There is/are 1 thread(s) in total in the server that may be hung. at org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader.getBundle(DefaultClassLoader.java:273) at org.apache.aries.jndi.Utils.getBundleContext(Utils.java:111) at org.apache.aries.jndi.Utils.doGetBundleContext(Utils.java:99) at org.apache.aries.jndi.Utils.access$100(Utils.java:43) at org.apache.aries.jndi.Utils$1.run(Utils.java:68) at org.apache.aries.jndi.Utils$1.run(Utils.java:66) at java.security.AccessController.doPrivileged(AccessController.java:229) at org.apache.aries.jndi.Utils.getBundleContext(Utils.java:66) at org.apache.aries.jndi.OSGiInitialContextFactoryBuilder.getInitialContext(OSGiInitialContextFactoryBuilder.java:44) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:232) at javax.naming.InitialContext.initializeDefaultInitCtx(InitialContext.java:318) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:348) at javax.naming.InitialContext.internalInit(InitialContext.java:286) at javax.naming.InitialContext.We dug around a little without success so I reached out to a friend at IBM and the answer came back. This is an issue that has been seen before and is solved by fixpack 8 of IBM WebSphere Application Server so we upgraded to 126.96.36.199 and sure enough we are back up and running. Apparently fixpack 8 is now supported and actually reading through the detailed system requirements lists that ("IBM Connections 4.5 CR4 and above recommends WAS 188.8.131.52. WAS 184.108.40.206 with required fixes is still supported (see the detailed report for CR3) .")
(InitialContext.java:211) at javax.naming.directory.InitialDirContext. (InitialDirContext.java:91) at com.ibm.social.pim.discovery.ldap.domino.DominoLDAPConnector.connect(DominoLDAPConnector.java:68) at com.ibm.social.pim.discovery.services.domino.LDAPPersonData.findPerson(LDAPPersonData.java:43)at com.ibm.social.pim.discovery.services.domino.LDAPPersonData.findPerson(LDAPPersonData.java:69) at com.ibm.social.pim.discovery.services.domino.DominoMailServiceLDAPConnector.connect(DominoMailServiceLDAPConnector.java:69) at com.ibm.social.pim.discovery.services.domino.DominoMailServiceLDAPConnector.connect(DominoMailServiceLDAPConnector.java:61) at com.ibm.social.pim.discovery.DiscoveryServiceManager.findUserByEmail(DiscoveryServiceManager.java:163) at com.ibm.social.pim.discovery.servlet.DiscoveryServlet.doDiscovery(DiscoveryServlet.java:229) at com.ibm.social.pim.discovery.servlet.DiscoveryServlet.processRequest(DiscoveryServlet.java:198) at com.ibm.social.pim.discovery.servlet.DiscoveryServlet.doGet(DiscoveryServlet.java:139) at javax.servlet.http.HttpServlet.service(HttpServlet.java:575) at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
Thanks to friends at IBM.
Wow! Blogging hasn't really been my thing for a while. Actually I realize that I've flow a bit below the radar for the last couple of months. November saw the birth of our second child (a son, Matheo) and we're still adjusting a bit to the life as a two-kids family though it's getting easier. I sure enjoyed going to Summer Time this year as it means that he wakes up at 6am instead of 5am. Besides that 2013 ended in work, work and preparations for Connect 2014.
IBM Connect 2014 is still kind of haze to me. I had way too much going on without really remembering doing anything. If we talked at IBM Connect 2014 I cannot remember and if I promised anything may I suggest you get back to me on it? Seriously I tried to do too much. If I go next year it will need to be less stressful. To much with two sessions, Champions stuff, a booth and loads of customers to talk to. After IBM Connect 2014 I took two weeks of vacation with the family which didn't really make me feel relaxed. Not a good sign. Due to this I really did dial it down and February, March and April have been "off line" months and I've tried to concentrate on family.
I've also dug in and concentrated on near term work at IntraVision. I've done a bit of consulting and we've just put the final touched on OnTime Group Calendar v. 3.8.5 today and will be shipping it next week. It's been nice getting back into Eclipse and SWT coding bringing the new features in OnTime to "my" user interfaces in Notes meaning the full screen UI and the sidebar component. It's been days of GC, string extents and FontMetrics. It's been great. I've also made the switch from SVN to Git for the 30 repos for these UI's and it's been great. Before making the move it was hard for me to comprehend Git and why it was "the next big thing" but after making the move I cannot imaging going back. I just love Git.
All the work on OnTime is leading up to loads of events in May in Denmark, Germany, Norway, Czech Republic (actually June, Social Connections VI) and - I'm happy to say - Japan for XCITE. I'm very excited that I'm heading back to Japan in two weeks for the XCITE event there and to meet customers and partners out there. It's going to be so great.I'm looking to the trip, the food, being back in Japan and meeting up with friends there.
Due to me flying below the radar I've also reevaluated this blog and what I do on the "social" side. I want to get back into Twitter and I'll try and use this blog for a weekly catch up post. We'll see how it goes. If nothing else this post may be a beginning although I've learned not to promise anything.
Boy it felt great posting again.
I've updated my IBM Connections wsadmin commands for newcomers page for IBM Connections 4+ and added a couple of new commands. I've also added information on how to easily work with wsadmin from the command line on *nix. Comments are very welcome.
Found this little tip this morning to make it easier to use command line scripts written in node.js. Instead of having your node.js file(s) and invoking it using "node myfile.js" on the Mac you can simply do the following:
- At the top of the file as the first line add: #!/bin/usr/env node
- Make the file executable using chmod +x myfile.js
- Invoke away