News for Ex Customers of Domino, Notes, Connections….

Here’s something I found out from HCL recently that I don’t think is widely known and is really good news for anyone who has let their licenses lapse. Previously if you chose not to renew IBM would require a penalty payment (usually equal to 2.5x what would have been your annual subscription) to re-establish your licenses. That meant once lapsed it became prohibitively expensive to start up again.

HCL does not want penalty payments. If you have let your licenses lapse you can re-activate them by paying the last subscription price you paid plus any % annual increases since then. Basically paying just the current annual renewal price even if you didn’t renew 3 year’s ago.

With the investment in the products HCL have already demonstrated and committed to (one major release a year for example) there are lots of good reasons to re-establish your maintenance. If you previously let your licensing lapse but still have Notes, Domino, Connections or Sametime , renewing your subscription gets you access to the latest versions and support so you can benefit from all the TCO and development enhancements already in v10 as well as what’s coming in v11 this year such as

  • the Nomad client for tablet and smartphone enabling you to access your existing Notes applications with no code changes,
  • the app dev pack enabling Node servers to access your Domino data and for web applications to be written using Angular , React or other frameworks accessing Domino data
  • S3 cloud storage for file attachments that can be shared across multiple servers delivering an even bigger saving in storage than DAOS does currently
  • A browser based lightweight Notes client that will support all your existing Notes apps with no additional development
  • Continual development of the web based Verse client for mail, calendar and sametime
  • A browser based low and pro code development environment
  • Sametime on mobile entitlement

Hopefully you’ve been hearing all the announcements coming out of HCL since early July In addition to many TCO features already in v10, we have heard what’s coming up for developers in v11 and the work already underway for v12. If you want to know more go here to find detailed presentations from the recent factory tour where HCL showed their current and future plans.

To get a renewal quote you can contact a Business Partner, or reach out to HCL directly

customersuccess@hcl.com

Or the sales directors for each region

EMEA Paul Mason (paul.mason@hcl.com)

North America Peter Phillips (peter.phillips@hcl.com)

APAC Sushovan Chatterjee (SushovanC@hcl.com)

Problems With MongoDB During Sametime Install

In my previous blogs I discussed installing Sametime 10. My installs all ran perfectly except for one point – when I tried to install MongoDB as a service it installed but then wouldn’t start with the service error “1053”, reported as “service did not respond to the start or control request in a timely fashion”.

I thought I had fixed the problem by using another method to install Mongo. From my previous blog:

This is what the documentation said to use (sc is found in c:\windows\system32 if your path can’t find it)
sc.exe create MongoDB binPath=”\”C:\Program Files\MongoDB\Server\3.6\bin\mongod.exe\” –service — config=\”C:\Program Files\MongoDb\Server\3.6\mongod.cfg”” DisplayName= “MongoDB” start= “auto”

I ended up removing that service since it wouldn’t start (sc delete MongoDB) and adding it using a different syntax from the Mongo bin directory itself

mongod –directoryperdb -dbpath C:\data\mongodb\ –logpath C:\data\mongodb\log\mongo.log –logappend –service –install

Turns out I should have stuck with the documentation and using “sc” but the 1053 error was caused by two problems – the first was a misprint in the documentation as you can see above, there are two “” after mongod.cfg instead of one so that line should read (with added escape character)

sc.exe create MongoDB binPath=”\”C:\Program Files\MongoDB\Server\3.6\bin\mongod.exe\” –service — config=\”C:\Program Files\MongoDb\Server\3.6\mongod.cfg\”” DisplayName= “MongoDB” start= “auto”

the second problem was in the mongod.cfg file so when Mongo tried to start and read it, it failed.

I had copied the contents of the Mongod.cfg from the documentation into a text file so I didn’t consider that would be an issue but the pasted content removed the spaces and tabs at the beginning of each line in the documentation and that meant my mongod.cfg file wouldn’t work. This is what it should look like, spaces and tabs included.

Once that was complete everything worked perfectly. allowing the service to start in the way Sametime wanted and allowed me to run the command “rs.initiate()” from the Mongo console.

Thank you to Tony Payne @ HCL for working with me on this last week.

Installing Sametime 10 – The Proxy Server

The Sametime Proxy Server is needed if you have a Community server you want people to login to using either a web or mobile client, this includes having Sametime awareness for other products such as Verse or Connections. Since I had already installed a Community Server without using a System Console I now wanted to add a Sametime Proxy Server with as minimal additional software as possible.

The Sametime Proxy server uses a DB2 database for iOS push notifications. If you don’t create that database the server will work in every other way but you won’t have working push notifications to iOS devices. You can create the database on any DB2 10.x or 11.x server but if you don’t have DB2 your Sametime license includes entitlement to a limited for Sametime only use license of DB2 10.5 (at least that’s what is in the download).

To start we need to install Installation Manager. Installation Manager is a package management software that will be used to install WebSphere and the Sametime Proxy Server on top of it. The Sametime download comes with version 1.6.2 but you are going to want to upgrade that to at least 1.8.6 before installing anything. Once Installation Manager is installed we need to install WebSphere 8.5.5 fixpack 14. Don’t worry about the fixpack download for now, if you have internet access during the install that can be done automatically so you will want to start by extracting each of the three WebSphere installers to a directory on your file system. It doesn’t matter which one. I extracted mine to C:\Software\WAS855. This is just the install directory so you don’t need to keep it once the install is complete.

Now we need to add a repository under Installation Manager so it can find the installer for WebSphere. The installer file is always repository.config so I added a respository (File – Preferences) and pointed to c:\software\was855\repository.config

Once the repository is added I can choose “Install” from the main Installation Manager menu and I will be presented with the option to install WebSphere 8.5.5. As you can see it has automatically checked Version 8.5.5.0 and I have checked “Show all versions” so I can install Fixpack 14 directly during this one install step.

The installer finds 15 fixpacks and automatically selects the newest. Instead I uncheck that and choose 8.5.5.14 which is what we want for this install
We accept all the recommended fixes that are part of 8.5.5.14
The installer warns us that there is a missing required fix so we uncheck “show recommended only” and search for the missing fix “ph01621” and select that to install along with WebSphere 8.5.5.14
Choose the shared resource directory that Installation Manager will use. This can’t be changed later without uninstalling everything so make sure4 you have room
The WebSphere install directory wil lbe where the profiles and program files will be created. All WebSphere servers will be installed under this path
This is the confirmation of what we want to install
Once the WebSphere install is complete go ahead and close Installation Manager without creating a profile (choose “None”). The Sametime Proxy Server will create its own profile as a standalone node so you don’t need to manually create one here.

Now the WebSphere install is complete we can proceed to installing the Sametime Proxy Server. In my design it’s a standalone server so has no deployment manager or System Console. The instructions to do this require us to perform a silent install which means using a response file specifying the configuration that is accessed from outside the Installation Manager GUI.

The extracted installer for the Sametime Proxy Server contains a response file we can edit for our own install. My response file was in

C:\Software\SametimeProxyServer\responseFiles and was called ip.rsp.

I took a copy of that file and made my own changes – see the bottom of this blog for my ip.rsp file but one very important consideration is that in the sample ip.rsp the default password of “wasadmin” is set. If you run the install without changing that you will end up with a login of wasadmin and a password of wasadmin.

The lines in the rsp file that set this are

<data key=’user.com.ibm.lotus.sametime.proxyserver.was.adminid’ value=’wasadmin‘/>

<data key=’user.com.ibm.lotus.sametime.proxyserver.was.password’ value=’zN39fpCc9SqIryGJM7+02A==‘/>

zN39fpCc9SqIryGJM7+02A== is the encoded value of “wasadmin”, you must enter the encoded value of the password you want to set in the response file. To generate the encoded value before adding it to the response file you use the “generateEncodedPassword” utility which can be found in your Sametime Proxy Server extracted install e.g.

c:\Software\SametimeProxyServer\GenerateEncodedPassword\

From the IBM Installaton Manager install directory (C:\IBM\Installation Manager for me) I ran

C:\Software\SametimeProxyServer\GeneratedEncodedPassword\GenerateEncodedPassword.bat gabpass >pw.txt – which generates the encoded value for “gabpass” and writes it to the pw.txt text file as “rNFGfQ/sPi082+AaXFMNxA==. I write the value to a text file so I can have it recorded whilst I complete the next step.

I can then modify the value of <data key=’user.com.ibm.lotus.sametime.proxyserver.was.password’ value=’rNFGfQ/sPi082+AaXFMNxA==’/>

Important note; do not try and use special characters in your WebSphere passwords especially @ and !.

Now we are ready to run the silent install from the eclipse directory where Installation Manager is installed e.g c:\IBM\Installation Manager\eclipse using the command

IBMIMc –launcher.ini silent-install.ini -input response_file -log log_path_and_filename -acceptLicense

See output of my install running below

With the install completed successfully we can sign onto the node via https://hostname:9043/ibm/console using the credentials we set in our rsp install file and see the Sametime Proxy Server in place. The community server that the Sametime Proxy connects to was specified in my response file when I did the install.

In my environment I wanted to have the Sametime Proxy Server on port 443 securely and to install my own SSL certificate. To modify the ports for the Samtime Proxy Server click on the server name and choose “ports” under “Communication” then edit the value for “wc_defaulthost_secure”.

Once this step is complete you should be able to connect to Sametime through a mobile client or through the web using the new web client on https://hostname:port/chat

Once the server is installed any changes to the configuration such as which Community server or cluster it should connect to should be changed by directly editing the stproxyconfig.xml file.

I could do that but then I hit a problem in that anyone accessing Sametime via the Proxy Server could send but not receive messages or see any they sent. My next blog “Issues With MongoDB During Sametime Install” explains what happened and how HCL helped me identify and fix it.

For the official install instructions from HCL please see this PDF

My ip.rsp file is shown below as an example. You will need to modify it for your own install.



<?xml version="1.0" encoding="UTF-8"?>


<!--The "acceptLicense" attribute has been deprecated. Use "-acceptLicense" command line option to accept license agreements.-->

<agent-input temporary='true' clean='true'  acceptLicense='false'>


<server>

<!-- When the repository location is specified as a relative path, the path is interpreted relative to the location of this response file -->

<repository location='../STProxy'/>

</server>

<!--

This installLocation attribute is directory in which you would like to install the Sametime Servers

e.g. on Windows this might be C:/Program Files/IBM/WebSphere

This directory must be empty before you begin the install unless this is an upgrade.

By convention all of the installed files will be installed into sub-directories of this path,

but this is not necessary (see further directory choices below).

Unless you specify to place other content in sub-directories the only files placed in this

directory will be some message files related to the install/uninstall utilities

The id attribute should not be altered or the installer won't work.

In the profile name the ® character is represented by ® 

This representation is safer if the file is edited with a tool which does not support Unicode properly

-->

<profile installLocation='C:/IBM/SametimeServer' id='IBM® Sametime® Server Platform'>

<!-- 

The files which are installed in the directory specified by the value of the

user.installlocation relate to WAS installer code.

If the specified directory exists prior to running the installer it must be empty.

Therefore, if you are installing upon an existing copy of WebSphere,

you will probably need to change it from the default value.

-->

<data key='user.installlocation' value='C:/IBM/SametimeServer'/>
<!-- This attribute specifies where WebSphere Application Server is already installed. -->

<data key='user.was.installlocation'value='C:/IBM/WebSphere/AppServer'/>

<!--

This location is the path we will install the offering to i.e. the files used for creating

Sametime WAS server profiles.

-->

<data key='user.com.ibm.lotus.sametime.proxyserver.offering.installlocation' value='C:/IBM/WebSphere/STPServerCell'/>

<!--

*** CHANGEME ***

The following two XML elements specify the host and port of the Sametime community server that

you wish to connect to with this Proxy server. You will need to alter it. The host name needs to be the FQDN of the CS
The default port to use is 1516, because this is the default port for Virtual Places 

server to server communication (1533 is the default for client to server communication_

-->

<data key='user.com.ibm.lotus.sametime.proxyserver.sthostname' value=‘stsite.turtlepartnership.com’/>

<data key='user.com.ibm.lotus.sametime.proxyserver.stport' value='1516'/>

<!--

This attribute defines the type of WAS profile(s) you wish to create.

This attribute is case-sensitive and Valid options are:  

'Cell' - (default) create a cell consisting of a Deployment manager and a managed node

'PN' - create a stand-alone primary node  federated to an existing SSC Deployment manager

'SN' - create a secondary node federated to an existing Deployment manager

-->

<data key='user.com.ibm.lotus.sametime.proxyserver.installtype' value='PN'/>
<!-- 

If you specified that you wish to install a WAS secondary node profile,

you must edit these attributes to match the host name and soap port of the Deployment manager you wish to have your WAS profile managed by
If this secondary node is a standalone node, then edit these attributes to match the secondary node's hostname and soap port values.

-->

<data key='user.com.ibm.lotus.sametime.proxyserver.dmhost' value='DMHost'/>

<data key="user.com.ibm.lotus.sametime.proxyserver.Dmgr.WASDMSoapPort" value="8603"/>

<data key="user.com.ibm.lotus.sametime.proxyserver.Dmgr.WASHost" value="DMHost"/>
<!--

Uncomment this attribute if you wish the WAS profile to use a hostname other than the default for this machine

if you do specify a hostname it should be the fully qualified domain name (e.g. "servername.domain.com" not "servername")
<data key='user.com.ibm.lotus.sametime.proxyserver.hostname' value='HOSTNAME'/>

-->

<!--

The WAS profiles created by the installer will be protected by File based security 

for the System Console. The following two XML elements specify the username & password

that can be used to login to the WAS System Console.It is not allowed to omit these elements.

For security reasons you do not store the password in plain text. Instead you can use

the generateEncodedPassword utility contained in the kit to generated an encoded form of the password

For example 'zN39fpCc9SqIryGJM7+02A==' is equivalent to a password of 'wasadmin'
It is not possible to choose LDAP security during install, but this can be

configured after install 

-->

<data key='user.com.ibm.lotus.sametime.proxyserver.was.adminid' value='wasadmin'/>

<data key='user.com.ibm.lotus.sametime.proxyserver.was.password' value='zN39fpCc9SqIryGJM7+02A=='/>

<!--

The default is to name the WAS cell <HOSTSHORTNAME>ProxyCell 

and to name the WAS node <HOSTSHORTNAME>ProxyNode

but you can over-ride the defaults by un-commenting the following parameters
<data key='user.com.ibm.lotus.sametime.proxyserver.cellname' value='HOSTNAMEProxyCell'/>

<data key='user.com.ibm.lotus.sametime.proxyserver.nodename' value='HOSTNAMEProxyNode'/>

-->
<!--

These are the names that will be assigned to the WAS profiles created by this installer

It is safe to simply use the default values or to change them to anything you want so long as the profile names are unique

 -->

<data key='user.com.ibm.lotus.sametime.proxyserver.was.serverprofile' value='STPAppProfile'/>

<data key='user.com.ibm.lotus.sametime.proxyserver.was.dmprofile' value='STPDMgrProfile'/>

<data key='user.com.ibm.lotus.sametime.proxyserver.was.snserverprofile' value='STPSNAppProfile'/>

<data key='user.com.ibm.lotus.sametime.proxyserver.was.appserver' value='STProxyServer'/>

<!--Port the Deployment Manager will run on. This should not be changed from the default of 8600 -->

<data key='user.com.ibm.lotus.sametime.proxyserver.was.dmport' value='8600'/>

<!--Port the Deployment Manager will use for SOAP connections (the default is 8603) -->

<data key='user.com.ibm.lotus.sametime.proxyserver.was.dm.soapport' value='8603'/>

<!--

This attribute specifies whether or not you wish to install from a SSC deployment plan

It is case-sensitive and the only valid values are TRUE and FALSE
If you change this to TRUE, you will also need to specify values for

user.com.ibm.lotus.sametime.proxyserver.SSChostname, user.com.ibm.lotus.sametime.proxyserver.SSCportnumber, 

user.com.ibm.lotus.sametime.proxyserver.SSCusername, user.com.ibm.lotus.sametime.proxyserver.SSCpassword and 

user.com.ibm.lotus.sametime.proxyserver.SSC_SSLEnabled

see the other sample response file for sample values for these parameters

-->

<data key='user.com.ibm.lotus.sametime.proxyserver.SSCEnabled' value='FALSE'/>
<!-- 

This attribute specified is we are doing an upgrade or a fresh install

It is case-sensitive and valid values are 'INSTALL' or 'UPDATE'.

-->

<data key='user.com.ibm.lotus.sametime.proxyserver.job' value='INSTALL'/>
<!-- version of Sametime to install, 10.0.0.0 -->  

<data key='user.com.ibm.lotus.sametime.proxyserver.offVersion' value='10.0.0.0'/>
<!--

This attribute specifies if the Proxy server will co-exist with a SCC server

Set this value to TRUE if SSC is installed on same machine as Proxy Server 

  It is case-sensitive and the only valid values are TRUE and FALSE

-->  

<data key='user.com.ibm.lotus.sametime.proxyserver.ssc.coexist' value='FALSE'/>
<!-- 

On non-windows platforms this attribute should point to a temporary directory that

can be used for storage of files used by the installer. I needs to be on a disk with

greater than 1GB of free space

-->

<data key='user.nonWin.temp' value='C:/IBM/WebSphere/STtemp'/>
<!--

This is the Language code for the language version you wish to install

e.g. de for German, zh for Simplified Chinese

-->

<data key='cic.selector.nl' value='en'/>
<!--

    These parameters specifies database credentials and hostname. Get the encoded DB password using the generateEncodedPassword utility

available in the download package. The default port for DB2 is 50000.

-->

<data key='user.com.ibm.lotus.sametime.proxyserver.dbport' value='50000'/>    

<data key='user.com.ibm.lotus.sametime.proxyserver.dbhostname' value='@@DBHOST@@'/>

<data key='user.com.ibm.lotus.sametime.proxyserver.dbname' value='@@DBNAME@@'/>

<data key='user.com.ibm.lotus.sametime.proxyserver.dbuser' value='@@DBUSER@@'/>

<data key='user.com.ibm.lotus.sametime.proxyserver.dbpass' value='@@ENCODEDDBPASSWORD@@'/>

</profile>
<install modify='false'>

<!--

The features parameter of the offering element identifies what features are to be installed.

If installing with SSC, it should be set to 'CEMain,nossc,ssc'

If installing without SSC, it should be set to 'CEMain,nossc'

The id parameter should not be altered of the installer won't work

In the profile name the ® character is represented by ® 

This representation is safer if the file is edited with a tool which does not support Unicode properly

-->

<offering profile='IBM® Sametime® Server Platform' features='CEMain,nossc' id='com.ibm.lotus.sametime.proxyserver'/>

</install>
<!--

This next parameter specifies the location of the temporary cache where

Installation Manager stores files during install e.g. C:/Program Files/IBM/IMShared

-->

<preference value='C:/IBM/IMShared' name='com.ibm.cic.common.core.preferences.eclipseCache'/>

<!--

This parameter specifies whether or not the installer should search for possible updates on the web at ibm.com

Since Sametime does not maintain a fix repository on the web this should always be set to false because if there is no

connection to the Internet and it is set to true users may get error messages when it looks for the repository

(and the repository will not contain fixes anyway)

-->

<preference value='false' name='offering.service.repositories.areUsed'/>

</agent-input>

Installing Sametime 10 Limited Use

A slight delay on this blog, which I promised to write last week, but I have a good excuse. My original plan was to do an in-place upgrade as Sametime 10 is still 32bit-only enabling it to be upgraded on top of your existing Community Server so long as the underlying Domino install is at least 9.0.1 FP10 32bit. However the system requirements support Windows 2012 and Windows 2016 servers, but not Windows 2008 which was what the server I planned to upgrade was installed on. Yeah, it’s been a while since we had a major Sametime upgrade 🙂

Change of plan. I decided to start over first by building a standalone Community server and then adding the Proxy Server all without a System Console.

The documentation for this install is a PDF file that is linked to on this page https://www-01.ibm.com/support/docview.wss?uid=ibm10887399. My write-up below is based on my own install using that documentation.

Installing Domino

I built a new Windows 2016 Standard server and installed a new Domino 32 bit 9.0.1 FP10 server on it. IBM Fix Central still has FP10 accessible on it so you can still get it from there.

  • Windows 2016 is a supported server operating system for Domino 9.0.1, so I went with that as it will also support future upgrades.
  • We know that the next major Sametime version is meant to be 64bit-only, so we’re not going to be able to upgrade over 32 bit Domino without uninstalling and re-installing but at least I won’t have to rebuild the entire machine. However, for a customer I’d probably do a side-by-side upgrade so I could have a fallback to the existing Community Server.
  • I like to install Sametime in its own domain as Sametime uses LDAP for authentication and even if that LDAP is a Domino Directory you can’t point to the Directory running the Sametime server.
  • Having the Sametime Community server in its own domain means I can upgrade Domino and upgrade Sametime without touching anything else such as my mail or application domain.

My Domino server then is built as an Enterprise server (which doesn’t need to be licensed separately if you’re only using it for Sametime) in its own domain and with minimal services (remove things like Calendar, Scheduler, RNRMgr from starting up) but leave HTTP.

Installing MongoDB

MongoDB is new to the Sametime requirements and also temporary. It is needed for storing of chat history, but HCL have said they will be changing the DB platform from Mongo in v11 to something else and providing tools to move the data to the new database store at that point. You don’t need to be a MongoDB expert for this step.

First we need to download the right version of MongoDB and separately the Compass add-on.

MongoDB Installer

Compass Addon

The supported MongoDB version is 3.6.5 and fixpacks specifically. Once downloaded we run the installer, make sure you uncheck the box to install “Compass” during the MongoDB install or the install will fail.

Choose “Complete” on this screen

Un-Check this box which is checked by default or the install will fail.

Once completed we then run the Compass installer separately

Now we’re almost ready to start and configure MongoDB. When the server starts it will expect to find the data and log directories so these need to be created in advance or the start will fail. The default locations for those are c:\data\db and c:\program files\mongodb\logs\log.txt (I don’t use these in general but created them purely for the first server start).

Run the mongod.exe first from the install directory which by default is

C:\Program Files\MongoDB\Server\3.6\bin

from a command window run “mongod.exe” which will start the server instance and end up listening on port 27017. Do not shut the server window if running in the foreground at this point!

Now we want to issue commands to the server via the Mongo command line tool which we run using “mongo.exe” from the same directory.

Out of interest at this point if you type the following in a command window you should see both the server listening and command window established connections:

netstat -an |find /i “27017”

Checking The Schema

We now need to make sure the schema version for MongoDB is set correctly to support Sametime’s requirements. From the mongo command window type

use admin
db.system.users.remove({})
db.system.version.find()

my request returned “{“_id”: “featureCompatibilityVersion”, “version”: “3.6”}” so I used the command below to set it correctly then restarted the Mongodb server.

db.system.version.insert({ “_id” : “authSchema”, “currentVersion” : 3 })

The documentation now wants us to add MongoDB as a service using the following instructions however I had problems with it as although it installed as a service it then refused to start returning a 1053 error. After a couple of hours trying to fix that which seems to be Windows related I went another way to get a working service.

This is what the documentation said to use (sc is found in c:\windows\system32 if your path can’t find it)
sc.exe create MongoDB binPath=”\”C:\Program Files\MongoDB\Server\3.6\bin\mongod.exe\” –service — config=\”C:\Program Files\MongoDb\Server\3.6\mongod.cfg”” DisplayName= “MongoDB” start= “auto”

I ended up removing that service since it wouldn’t start (sc delete MongoDB) and adding it using a different syntax from the Mongo bin directory itself

mongod –directoryperdb -dbpath C:\data\mongodb\ –logpath C:\data\mongodb\log\mongo.log –logappend –service –install

That installed the service which started with no problems, including writing to the log file in the new directory I configured on the command line (again the directories have to exist first).

So now Mongodb is installed and running, let us move onto configuration.

Configuring MongoDB

Launch the Mongo Compass Community from your Windows start menu and connect to your locally-running server.

I don’t need to change any of these settings – just press “Connect”
Once connected I am shown a list of existing databases. These are all system databases so don’t delete any of them!

Now we need to create a new database for chatlogging and collections within that new database. Click the “Create Database” button and complete the dialog as shown below. Keep the naming and capitalisation identical to what is shown here, Database Name “chatlogging”, Collection Name “SESSIONS” . If you don’t you will need to modify the sametime.ini later.

Once the database is created we can click on it for further configuration

The documentation wants us to create an additional Collection called “EVENTS”, so we click on “Create Collection” and do that.

Having created the new chatlogging db we need to set up a Mongo user account and give that admin access. We do all this from the Mongodb console again which is accessed by running mongo.exe.

The documentation specifies using the user name “sametimeUser” and the password “sametime”. If you use a values you will need to edit the MongoDB settings in Sametime.ini once you complete the Sametime configuration steps.

The command below not only creates the user but also gives that new user admin rights to the chatlogging database.

use admin

db.createUser({user:”sametimeUser”,pwd: “sametime”,roles:[{role:”readWrite”, db:”chatlogging”},{role: “userAdminAnyDatabase”, db: “admin”}]})

Installing Sametime Standalone

With Domino shut down we can now install the Sametime Community Server. We don’t need a System Console in place before doing this.

Configuring Chat Logging

There are three components to configuring chat logging on the Sametime server:

  1. Enable Chat Logging through stconfig.nsf so the server knows to support it.
  2. Configure the policy files to enable chat logging.
  3. Point the Sametime chat logging to the MongoDB.

Open STConfig.nsf on the server and find the communityservices document then edit that and change the Chat Logging parameter to “relax”

Now we need to modify the XML files that control the policies. We can find those in the Domino program directory and can open them with a text editor.

  • In policies.server.xml set the “current-value” of offlinemsgs.community.enabled to “1” instead of “0”
  • In ‘OfflineMessages.xml’ set the ‘current-value’ of offlinemsgs.community.enabled to “1” instead of “0”
  • In ‘policies.users.xml’ file set the ‘current-value’ of im.enableOfflineMessages to “1”. There will be multiple instances of that value, one for the default and one for the anonymous policies that are available on a standard install.

I will be talking more about manually setting and creating policies in a later blog. The documentation provides a reference URL to detailed policy settings but that URL now returns a 404 so I’m checking with HCL for an updated link.

broken link: https://www.ibm.com/support/knowledgecenter/en/SSKTXQ_9.0.1/admin/admin/admin_policy _im_ids.html

In addition, whilst you have policies.users.xml open you can enable the persistent chat feature by setting im.persistentChatEnabled to “1”.

Our last step in this configuration is making sure Sametime knows how to reach MongoDB and your new chatlogging database. If you used the default settings in the documentation and as I’ve documented here and MongoDB is installed locally to the Sametime server then you should not need to change any values, but for reference, and in case you do, the default settings in Sametime.ini are as follows:

[stconvomap]
MONGO_URI=mongodb://127.0.0.1:27017
MONGO_DB=chatlogging
MONGO_COLLECTION=EVENTS 

Chatlogging.ini
CL_MONGO_HOST=127.0.0.1
CL_MONGO_PORT=27017
CL_MONGO_USER=sametimeUser
CL_MONGO_PASSWORD=sametime 
CL_MONGO_AUTH_DBNAME=admin CL_MONGO_DBNAME=chatlogging 

Now give everything a restart and confirm that it all works!

In my next blog I’ll be looking at installing the Sametime Proxy Server again without using the System Console so that I can get access to the new web client and the mobile cilents which are part of the Limited Use entitlement.


Sametime v10 – Technology Changes Galore

Sametime v10 Limited Use shipped last week and later on this week I’ll be posting a step by step guide to my install but for now I wanted to talk about the technology changes that it brings. This release focuses only on the Community server elements, the other components such as Meetings will be part of the v11 version which is due to be released along with Domino v11 towards the end of 2019.

My thanks to Mat Newman who posted this updated roadmap on his blog where he also shares more detail about the licensing

20190601 Sametime Roadmap - Current

“Entitlement” is part of your Notes licensing and enables you to use the chat features of Sametime inside the Notes client, the browser mail cilent , a web client and the standalone mobile client.

The largest changes for the clients in v10 are the support for persistent chat (and chat history) across multiple devices, an improved conversation UI, a new lightweight web client, and the removal of the System Console as a requirement for the Community server install.  Those are all great changes that justify an upgrade to your existing Community servers by themselves.

Starting with the biggest technology change, the System Console (which itself required WebSphere and DB2) is now optional and it is possible to install and manage a Community server entirely on Domino. However if you want to use either the browser client or mobile client you will need to still install the Sametime Proxy server which does still require WebSphere and DB2.

To maintain the persistent chat across devices, a server-side storage solution is required and in this release it is MongoDB.  HCL have committed to replacing that in v11 and having a data migration solution out of Mongo so it’s a temporary solution.

You may have heard that Sametime 10 will be 64 bit only on Domino but in fact this first version still requires Domino 32bit and at least 9.0.1 FP10 version.  Domino 10 is 64bit only so right now Sametime 10 cannot be installed on Domino 10.  That does however make it suitable for an in-place upgrade to your existing servers which will already be on 32bit Domino.  This is still very early in the release and the technical requirements are not yet published but will eventually be here .

Last week HCL hosted a webcast where they introduced Sametime v10 and answered questions, I’d recommend looking at the Q&A and watching the webcast here

I have been documenting my own install this weekend – I opted for an in-place upgrade as I assume that’s what the majority of people will be doing on this release, and will be publishing that in the next couple of days.

Java Problems Installing Sametime Community Server

Recently I was asked to install Sametime Community server in a new site.  I’ll be honest, I haven’t done a greenfield site install of Sametime in nearly a year, my work has primarily been upgrading (adding new elements) and maintenance.

As you probably know you can’t just install the Community Server onto Domino,  much of the admin and management features are now controlled solely inside the Sametime System Console running on WebSphere.  When installing WebSphere I installed version 8.5.5 as a base then applied the latest fixpack 12. (now version 13).  The Sametime elements only work with Java SE6 which used to be fine, during the WebSphere install I’d explicitly override its wish to install Java SE8 with a radio button to choose Java SE6, however that option disappeared on fixpack 11 and as of April 2018 Java SE6 is no longer supported even though Sametime still requires it and will continue to do so I suspect well into next year since the next release of a Community server is scheduled for H1 2019 and other elements for H2 2019.

Everything installed fine but then the servers with the applications couldn’t be stopped properly.  I had to uninstall WebSphere and the SSC entirely, then install base 8.5.5 with fixpack 8 (which I had to hand although other early fixpacks may also have worked) that allowed me to choose Java SE6 then install the SSC.  Once it was installed and I tested starting and stopping server elements I went ahead and upgraded the fixpack to 12.  WebSphere will warn you but continue to honour the Java version you originally chose , in this case Java SE 6, and not force an upgrade.

So. Websphere 8.5.5 with FP8 , then FP11.. 12.. 13 whatever you want.  The system requirements still say these are all supported so the loss of the option to choose Java SE 6 during fixpack install is what we are trying to fix.

Sametime Client Update Breaks Single Sign On

I recently built a new Sametime Complete environment for a customer that included an Advanced and Meeting server.  When I had completed the build I tested a new standalone Sametime client in a VM to confirm that I could login to the new Community server and it would log me into the Advanced and Meeting servers.   Having added the necessary lines to plugin_customization.ini to enable  Sametime Advanced* I was able to login to the Community server successfully and be automatically logged into the Meeting and Advanced servers.   However, when I handed over to the customer for testing I was surprised that they couldn’t actually login to the Meeting server at all through the Sametime client. They got a server unreachable error.

So I did further testing

  1. On my client I was configured to use SSL for both the Meeting server and Sametime Advanced. I could login to the Community server and that logged me in securely to Meetings and Advanced.  That same configuration on a test workstation of theirs failed to login to the Meeting server saying server not responding (although it did successfully log in to Advanced)
  2. If I removed the Sametime Advanced servers from the Sametime workstation client it could suddenly log in to the Meeting server
  3. If I changed the Meeting server configuration in the workstation client to use HTTP (80) instead of HTTP (443) I would be logged in to the Meeting and Advanced server
  4. On the test workstation I could always login to the Meeting server securely through a browser and open a tab to the Advanced server and be automatically logged in there even when the Sametime client claimed it couldn’t reach the server.

So why did it fail on every one of their workstations and not for me? It turns out they were using the latest Sametime client I had downloaded from Fix Central (20170402-0344) for them whereas I was using the 2016 build (20160624-0209).  I took a snapshot of my VM and upgraded my Sametime client to the April 2017 one and I immediately was unable to log in to the Meeting server. I rolled the snapshot back to the 2016 client and everything worked again.

One of the major updates in the 2017 client was SAML functionality and it does seem that the single sign on logic has been broken in some way by that 2017 update.  Everything is working with the 2016 client so for the time being (and whilst IBM investigate the PMR) we are rolling that out.  One to watch out for though – newer is not always better and you might want to avoid the latest 20170402-0344 update.

 

*for Sametime Advanced login to work at all in the client you must ensure “remember password” is checked and the following two lines are in the plugin_customization.ini

com.ibm.collaboration.realtime.bcs/useTokens=false
com.ibm.collaboration.realtime/enableAdvanced=true