A few days ago I came across a rather weird issue with HCL Safelinx and HCL Domino. After setting up HCL Safelinx, it was not possible to access the Websites hosted by an HCL Domino Server. The user would just get an HTTP Error, “503 – Service Unavailable”.
I checked the network, no issues there, Safelinx could access the Domino Server via port 443 without any issues. SSL Certificates from both Domino and Safelinx were trusted, no issues could be seen there via Internet Browsers (Firefox, Chrome, …) and a quick check with “openssl” didn’t show any problems. The SSL Cipher configuration was also Ok, on both Safelinx and Domino.
After turning on all possible trace and debug settings on Safelinx, the following errors could be observed:
75613:936171264 (Sep 18 2020/10:06:12.4153)[WARN] SSLPort::raw_connect: open returns rc=414 (Unknown error — 414) 75613:936171264 (Sep 18 2020/10:06:12.4154)[ERROR] SSLPort: failed to open secure connection (rc = 414)–> <Domino_Server_IP>:443 75613:936171264 (Sep 18 2020/10:06:12.4154)[LOG] SSLPort::connect: (return), rc=-1 75613:936171264 (Sep 18 2020/10:06:12.4154)[WARN] HTTP-AS: failed to connect to server ‘<Safelinx_Server_IP>:56796 –> <Domino_Server_Hostname>:443’ (Unknown error — 0) 75613:936171264 (Sep 18 2020/10:06:12.4155)[DEBUG] setup connection, elapsed time: 23ms 75613:936171264 (Sep 18 2020/10:06:12.4155)[WARN] http-service1: failed to setup back end connection, elapsed time: 23ms [<Username>] 75613:936171264 (Sep 18 2020/10:06:12.4156)[HTTPAS]httpServerResponse: HTML pkt size: 2787 HTTP/1.1 503 Service Unavailable Server: HCL Verse via SafeLinx Connection: close Content-Type: text/html; charset=utf-8
I have set some Domino HTTP Debug parameters, but I had to wait for the window where I could restart the Domino/HTTP Task. So I have decided to try setting “Accept untrusted certificates from internal servers” on HCL Safelinx.
And guess what, after restarting Safelinx, the users could access Domino Web applications without any issues.
If you follow the official documentation and do not set the values of “http.nonProxyHosts” in the double quotation marks the Tiny Editor WAS Application will start, but some features of Tiny Editor will not work (like Spellchecking). The correct will configuration looks like the following:
I am not sure if this error affects the any functionality of the System, but to solve it I simply added the “UCM_LOCAL_IP” parameter to the sametime.ini file, inside the “[Connectivity]” section. The Value of the “UCM_LOCAL_IP” parameter should be set to the local IP Address of the Sametime Community Server.
As of today, with the current version of HCL Sametime Proxy Server, there is no supported Sametime configuration which will enable you to send APNs or GCM push notifications via Web Proxy server. This feature will be implemented in future releases.
Keep that in mind when planing your Sametime Deployment.
HCL Traveler and HCL Connections support this functionality, as documented in official documentation:
On a customer site I had to make sure that users are able to authenticate via HCL Sametime Embedded Clients, inside of HCL Notes 9.0.1 Basic Client, using Domino SSO (LTPA).
After installing the HCL Sametime 11 Community Server, and applying the standard configuration, the login via Domino SSO for Sametime embedded clients inside of HCL Notes standard or eclipse clients worked without any issues. But we had to make some configuration changes in the “sametime.ini” file to make the same work for ST Embedded clients inside the HCL Notes basic clients.
If you have lost the “wasadmin” account password or any other local WebSphere account, there is a rather simple way to recover it.
Just connect to the server where WebSphere Deployment Manager is running, via RDP or SSH, depending on the OS of the server, and open the “security.xml” file located under “<WebSphere_Installation_Directory>/AppServer/profiles/<Deployment_Manager_Profile>/config/cells/<Cell_Name>” for example “/opt/IBM/WebSphere/AppServer/profiles/ic-dmgr01/config/cells/ic-cell01”.
After that just search for the account name, for which you would like get the password, in the same line you should find the attribute “password”:
I am proud and honored that I was allowed to present this year at Engage in Arnhem. To be frank, I still can’t believe it. 🙂 I held a 25-Minute Session about implementing certificate based authentication for HCL Notes Traveler authentication. If anyone is interested, the Slides is embedded below:
I also took a video of my presentation, I wanted to make sure I didn’t miss any errors I have made, so that I can improve my overall presentation skills. Apart from the viewing angle, the video has not turned out to bad. 🙂
You can integrate HCL iNotes and/or HCL Verse on-Premises, with Sametime 11 via ST Proxy server, the same way the integration was done with Sametime Version 9.0.1.
But before you can integrate the products mentioned above, you have to configure Single-Sign-On between Sametime WeClient and iNotes/VoP.
With Sametime version 9.0.1, you would export the LTPA Token from Websphere Application Server and import it in the Domino “Web SSO Configuration” document of the iNotes/VoP server and Sametime Community Server. Thus making sure that all components involved are using the same LTPA Token.
But in the Sametime Version 11, we do not have any WebSphere components. So, you just have to make sure that the Sametime Community and iNotes/VoP servers are using the same LTPA Token. Either export the LTPA Token from the old Sametime environment or any other existing WebSphere server and import it in the relevant Domino “Web SSO Configuration” documents. After restarting all components involved, the SSO should be working and you can proceed with integrating Sametime with iNotes and/or Verse on-Premises.