HCL Sametime Premium announced – It’s a stunner!

As a part of HCL Digital Week, Luis and Gini presented the HCL Sametime Premium. It is intuitive, easy to use and frankly everything what we want from a modern video conferencing solution and more. The emphasis is put on cost savings, according to HCL you can save, for ten thousand users, over a million us dollars annually! In the following I will write a brief summary of the session, along with a few thoughts of my own.

According to HCL, when deploying video conferencing software, the customers are met with the following problems:

These problems are tackled with the HCL Sametime Premium.

As mentioned, a lot of emphasis is set on cost savings. The amount of money that HCL Sametime Premium can help you save, just blew me away, amazing! Take a look at the following slide.

Cost savings with HCL Sametime Premium

I like it that we still decide where we can deploy the solution, not like at some other software vendors…

HCL Sametime Premium and Sametime v11.5 offers a lot of new functionality, the following slide does not represent the full set of features, just the most important functionality at a glance.

HCL Sametime Premium – Features at glance

Luis also showed us a very cool demo with Sametime Premium, mostly Meetings, in action. You can create new Sametime Meetings in HCL Notes, or in HCL Nomad Web client, no problem.

HCL Nomad Web client

All functions are intuitive and easy to access, like screen sharing.

Screen Sharing

YouTube video sharing, as well as streaming on YouTube is available out of the box! I personally really like this feature.

HCL Sametime Premium integration with YouTube

The transition to mobile devices is easy and seamless.

By the way, you can install the mobile app via QR-Code, you just need to enter your username and password and you are ready to go. This is a welcome addition, I always wanted to spare the user of typing the server name and other needed settings.

HCL Sametime App installation via QR-Code

This is how a meeting can be created via web client.

HCL Sametime Meetings web client

Another cool thing is that the meeting recording is available just seconds after ending the recording of a meeting.

Downloading or sharing a meeting recording

Luis also showed us that you can deploy HCL Sametime Premium, with all features, in a day! Including setting up AWS, or doing some other preparation work on your platform of choice. To help us gain knowledge on how to do this, HCL will publish some new Whitepapers.

HCL Sametime whitepapers

HCL Sametime 11.5 including Meetings is available for download today, including a calculator tool to help you leverage just how much money you can save with HCL Sametime Premium.

Get Started!

All in all Sametime Premium and/or Meetings is a very welcome addition, there are so many customers waiting for Sametime Meetings. I hope that we are going to use HCL Sametime in many of our future projects. In the end always remember:

Be like Carla! 🙂

HCL Sametime – Update site and SAML enabled webserver

If you plan to manage your HCL Sametime clients via Expeditor managed settings framework and automatically updating their preferences via “managed-settings.xml” file, make sure that the file(s) are placed on a web server, in that way, so these files can be accessed without any form of authentication.

A SAML enabled server may look like a good idea, but at least in my tests, I could not get it to work with HCL Sametime Embedded client.

HCL Domino – Default LTPA Token

I came across an HCL Domino environment with HCL Sametime where the Sametime embedded clients were logging in via LTPA but with a different authentication server than the Sametime Community server.

As you can imagine, this was important to keep in mind during a Sametime migration. The Domino server used for authenticating Sametime clients is also hosting multiple websites and using multiple LTPA tokens, so the question was, which LTPA token is actually used for authenticating the Sametime clients.

After some searching I asked a good friend, Herwig W. Schauer, and he knew the answer. The LTPA token used for authenticatication of Sametime embedded clients is the default LTPA token, which is found inside the “($WebSSOConfigs)” hidden view of the Domino directory.

To access this view, hold “CTRL” and “Shift” keys while opening the “names.nsf” database. I hope this saves someone some time. 🙂

Creating an LTPA Token – Without WAS Network Deployment Server

Recently I was installing an HCL Sametime 11 environment from scratch. I always tend to implement a single LTPA Token across the Domino, Sametime and/or Connections environment. It is also a very good idea to use only the LTPA Token version 2, as it is more secure, but this also means that the LTPA Token has to be created by a WebSphere server.

Usually this is not a problem, because most of my customers have HCL Connections or an older version of Sametime already deployed, which means that they are also using WebSphere Application Server Network Deployment.

But this customer only had Domino, and a new installation of the WAS Network Deployment Server, solely to create a new LTPA Token and scrap it afterwards would take me too much time.

My friend Herwig W. Schauer gave me tip that the same could be done with WebSphere Liberty server, which is a lot faster.

Just download the latest version of WebSphere Application Liberty Server, which is free, from the IBM Website, I used the ZIP Install Package for Windows OS.

Just extract the downloaded package to the directory of your choice and open the “server.xml” file, which can be found under “<was_liberty_package>\wlp\usr\servers\defaultServer”, in text editor. At the line number 17, inside the “<ltpa>” tag, edit the “keyFileName” and “keysPassword” parameter, as shown in the screenshot below:

Afterwards, just start the WAS Liberty by executing the “server.bat” script.

<was_liberty_package>\wlp\bin>server.bat start

Just as in the screenshot below:

As soon as you get the server fired up, a new LTPA token will be generated in “<was_liberty_package>\wlp\usr\servers\defaultServer” directory, with the name and password you specified in the “server.xml” file.

That’s it, you can take the newly generated LTPA token and import it to Domino.

HCL Sametime 11 – WebClient stuck on Loading

If you experience the issue with HCL Sametime 11 Proxy, where the WebClient just loads endlesly after a user logs in, and the following error is present in “catalina.out” log file (of the Sametime Proxy component):

CLFRX0049E: Failed to query the user info: <username>, reason 80000005

Check the “UserInfoConfig.xml” file, on the Sametime Community Server, for Syntax Errors. In my case the “Username” variable, inside the “<storageDetails>” tag, needed to be moved in front of the “Password” variable (this formatting is default in Sametime 11 FP1 version). Afterwards the “<storageDetails>” tag should reassemble something like the following:

<StorageDetails BaseDN=”DC=test,DC=com” HostName=”dc.test.com” UserName=”CN=SVC_Test,OU=Service Accounts,OU=test,DC=test,DC=com” Password=”xxxxxxx” Port=”389″ Scope=”2″ SearchFilter=”(&amp;(objectclass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(|(pager=%s)(mail=%s*)(samAccountName=%s*)(sn=%s*)(displayName=%s*)(distinguishedName=%s)(objectguid=%s)))” SslEnabled=”false” SslPort=”636″ /> 

HCL Sametime – Creating a Name Change Task without Sametime System Console

In the HCL Sametime version 11 there is no System Console, which means that the Name Change tasks have to be created directly in the “stnamechange.nsf” database.

This process is not documented. After trying to reinvent the wheel and failing gloriously, I decided to write a blog post about it. 🙂

Just open the “stnamechange.nsf”, with a user which has manager access on the database, click on “Create” and create a new “Name Change” document.

After that just choose the name of the document, “Description” is optional. Under “Location” enter the DN of your Sametime Community Server, “CN=<server_name>/O=<organisation_name>”. “File” is a richtext field, and here you have to upload the CSV file you want to use. You can read the details about creating the CSV file in the official documentation.

In the end the document should look like the following:

After that just run the stnamechange.cmd/.sh as you normally would with HCL Sametime version 10 or earlier.

If you are on Windows OS, open CMD as administrator, navigate to the Domino program directory and start stnamechange.cmd or stnamechange.sh respectively with the following parameters:

stnamechange.cmd <domino_program_directory> <domino_data_directory>

For example:

stnamechange.cmd c:\HCL\Domino c:\HCL\Domino\Data

That should be it. If you run into any problems, you can take a look at the log, every time you run the command, a log file is created in the “Trace” directory of the Sametime server. You can even set verbose logging.

I hope this helps and saves you some time.

Peculiar File Transfer related error in HCL Sametime 11 FP1

After going through the HCL Sametime 11 FP1 Community Server logs, I found the following error:

CLMONGO, ChatResource::readSrvMsgFlags ERROR: empty UCM_LOCAL_IP

Like in the Screenshot bellow:

I am not sure if this error affects the any functionality of the System, but to solve it I simply added the “UCM_LOCAL_IP” parameter to the sametime.ini file, inside the “[Connectivity]” section. The Value of the “UCM_LOCAL_IP” parameter should be set to the local IP Address of the Sametime Community Server.

I hope this helps.

HCL Sametime 11 FP1 – Send Push Notifications via Web Proxy

As of today, with the current version of HCL Sametime Proxy Server, there is no supported Sametime configuration which will enable you to send APNs or GCM push notifications via Web Proxy server. This feature will be implemented in future releases.

Keep that in mind when planing your Sametime Deployment.

HCL Traveler and HCL Connections support this functionality, as documented in official documentation:

HCL Traveler – Push messaging through a proxy

HCL Connections – Mobile configuration properties for HCL Connections 5.5

HCL Connections – Configure access for the Tiny Editors Services through HTTP proxy

HCL Sametime 11 & SSO via Sametime Embedded Client in Notes Basic Client

On a customer site I had to make sure that users are able to authenticate via HCL Sametime Embedded Clients, inside of HCL Notes 9.0.1 Basic Client, using Domino SSO (LTPA).

After installing the HCL Sametime 11 Community Server, and applying the standard configuration, the login via Domino SSO for Sametime embedded clients inside of HCL Notes standard or eclipse clients worked without any issues. But we had to make some configuration changes in the “sametime.ini” file to make the same work for ST Embedded clients inside the HCL Notes basic clients.

We had to change the “VP_SECURITY_LEVEL” parameter value from the default “7000” to “0”. Furthermore, we added the value “1216” to the “VPS_PREFERRED_LOGIN_TYPES” parameter. If the “VPS_ALLOWED_LOGIN_TYPES” parameter is used in your environment, then you will have to add “1216” value to this parameter as well.

After saving the “sametime.ini” file and restarting the Sametime Community server, the Sametime embedded clients, inside the Notes basic clients, should be able to login via Domino SSO Mechanism.

HCL Sametime 11 – SSO between ST WebClient and iNotes/Verse on-Premises

You can integrate HCL iNotes and/or HCL Verse on-Premises, with Sametime 11 via ST Proxy server, the same way the integration was done with Sametime Version 9.0.1.

But before you can integrate the products mentioned above, you have to configure Single-Sign-On between Sametime WeClient and iNotes/VoP.

With Sametime version 9.0.1, you would export the LTPA Token from Websphere Application Server and import it in the Domino “Web SSO Configuration” document of the iNotes/VoP server and Sametime Community Server. Thus making sure that all components involved are using the same LTPA Token.

But in the Sametime Version 11, we do not have any WebSphere components. So, you just have to make sure that the Sametime Community and iNotes/VoP servers are using the same LTPA Token. Either export the LTPA Token from the old Sametime environment or any other existing WebSphere server and import it in the relevant Domino “Web SSO Configuration” documents. After restarting all components involved, the SSO should be working and you can proceed with integrating Sametime with iNotes and/or Verse on-Premises.