HCL Connections – Docs (Proxy) not Working After Installing IFPH63778 IBM WebSphere Application Server Fix  

By Milan Matejic | 2/7/25, 2:23 AM | Infrastructure - Connections | Added by Roberto Boccadoro

If you're like me and want to keep your IBM WebSphere Application Servers up to date with the latest patches, you might want to skip the installation of IFPH63778 for 8.5.5.26 version of WebSphere, or at least exercise caution before doing so. After installing IFPH63778 on my WebSphere servers hosting HCL Connections Docs applications, Docs Proxy application was unable to communicate with the required application servers, effectively breaking my HCL Connections Docs deployment.

HCL Connections – Component Pack Update – MongoDB Security Settings Update Issue  

By Milan Matejic | 2/6/25, 3:19 AM | Infrastructure - Connections | Added by Roberto Boccadoro

During the HCL Connections Component Pack 8.0 CR8 update, some security settings are modified for the MongoDB replica set used by the HCL Connections Component Pack. This is managed by the check-and-update-mongo5-security Kubernetes (K8s) job, which creates the check-and-update-mongo5-security-* pod to change the security settings of the replica set. Once the job completes successfully, the K8s pod and the corresponding job are marked with the status complete(d) However, in one of the HCL Connections environments I am working on, the job didn’t complete successfully. During my initial analysis, I found the following error in the log of the check-and-update-mongo5-security pod....

HCL Domino Leap – Fixing Embedded Forms Issues After Updating to 1.1.5   

By Milan Matejic | 11/26/24, 5:02 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

If you are embedding HCL Domino Leap Applications or Forms into portals and sites not hosted on the same Domino Server as Domino Leap, you might encounter issues due to the Content-Security-Policy (CSP) HTTP Response Header. Starting with HCL Domino Leap 1.1.5, a Strict CSP policy has been introduced.

Issues Starting MongoDB Version 5 and Above  

By Milan Matejic | 6/14/24, 10:29 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

If you are using a Hypervisor on a Windows OS, you might encounter some issues with deploying MongoDB version 5 and above, as MongoDB 5.0+ requires a CPU with AVX support. CPUs with AVX Support have been around for a long time and this shouldn’t be a problem. However, on my PC, I am running Windows 11 OS with VirtualBox as a Hypervisor, and I am also using WSL for Ubuntu on the same machine, which requires some features of Hyper-V to be activated. As it turns out, Hyper-V has some unusual (at least for me) effects on the VMs running on VirtualBox.

HCL Notes Crash While Importing PKCS12 Database to the HCL Domino Certificate Manager   

By Milan Matejic | 4/9/24, 10:44 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

While I was working with HCL Domino Certificate Manager (CertMgr), which btw is awesome, I encountered an issue, that caused the HCL Notes to crash. Namely, the import of a seemingly valid PFX file (PKCS12 database, downloaded directly from the customer's TLS provider's site) caused the HCL Notes to crash, after which the certificates and the private key contained in the file, were not imported. I could reproduce the issue with the same PFX file in multiple environments running HCL Domino 12.0.2 FPx, HCL Notes 12.0.2 as well as HCL Notes 14.0.

Domino Authentication via SAML – All Flavours   

By Milan Matejic | 10/13/23, 1:55 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

For the Engage 2022 event, I prepared a "Domino Authentication via SAML - All Flavours" session, to present it with my colleague Herwig W. Schauer. Alas, the session never got accepted and I never had time to convert it to a whitepaper. As I invested quite a bit of time for preparing the slides, I thought that I should upload it here before it inevitably travels into oblivion. Maybe it will come handy for some of you.

HCL Connections Mail Plug-in Deployment – Missing Information in the Documentation   

By Milan Matejic | 5/23/23, 12:18 AM | Infrastructure - Connections | Added by Roberto Boccadoro

If you are planning to deploy the HCL Connections Mail Plug-in, take note of the KB0092821 knowledge base article. This is a mandatory step that must be done in HCL Connections 8 CR1 and newer environments. If the steps described in KB0092821 article are not followed, you will get the following error message in the browser console: Error: Unable to load https://<mailserver_hostname&gt; status: 403

HCL Notes – Swiftfile Not Working as Expected   

By Milan Matejic | 3/29/23, 3:53 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

When using the "preview pane" in HCL Notes, and clicking on a folder, suggested by SwiftFile, the "move to folder" dialogue would sometimes come up. This was happening to my client, in about 1 of 20 cases

HCL Connections 8 – PDF Export Issues After Installing CNX in a Clustered WAS Environment   

By Milan Matejic | 3/24/23, 5:12 AM | Infrastructure - Connections | Added by Roberto Boccadoro

Recently I encountered an issue with PDF Export, right after the installation of HCL Connections applications in a multi-node, clustered, IBM WebSphere Application Server environment. This problem only occurs in a multi-node WAS environment. In the HCL Connections GUI, in the “PDF Export Access” settings of the”Edit Community” menu (Community –> Community Actions –> Edit Community –> PDF Export Access), the following error was displayed: Error 500: org.springframework.web.util.NestedServletException: Handler dispatch failed; nested exception is java.lang.NoClassDefFoundError: com/ibm/ess/ic/ic360/security/tai/Ic360ImpersonateUserTAI

HCL SafeLinx – Encrypted Communication Between the SafeLinx Client and the SafeLinx Server   

By Milan Matejic | 7/14/22, 1:34 AM | Infrastructure - SafeLinx | Added by Roberto Boccadoro

One of the first things you should do, is to configure the communication between the HCL SafeLinx Administration client and the HCL SafeLinx Access Manager, so that it takes place in an encrypted and secure manner. For this, only a few simple steps are needed.

Kubernetes – Host Entries   

By Milan Matejic | 3/18/22, 3:22 AM | Infrastructure - Connections | Added by Roberto Boccadoro

As Kubernetes pods do not make use of the Kubernetes nodes/hosts "host" file (/etc/hosts), which can be a challenge or a blessing, do not despair if you find yourself in an environment in which some DNS entries are missing. There is an easy workaround to "get you going".

HCL Connections – Orient Me “Loop”  

By Milan Matejic | 3/17/22, 12:55 PM | Infrastructure - Connections | Added by Roberto Boccadoro

After deploying Orient Me, every try to open the new Orient Me homepage would result in a "loop", the user was being redirected from the Orient Me (/social) page to the Homepage application (/homepage) and back again to the Orient Me page. The root cause for the problem was not a bug or an error in the HCL Connections code, but rather the configuration of the HCL Connections Blue Stack and other components in the IT landscape of this environment.

HCL Connections CP – Enabling Elasticsearch Metrics  

By Milan Matejic | 3/16/22, 3:50 AM | Infrastructure - Connections | Added by Roberto Boccadoro

Recently, when enabling Elasticsearch metrics, I ran into an issue with the "config_blue_metrics.py" script. Which was failing every time I tried to run it . After looking into the WebSphere Metrics Application logs, “AppsCluster” if your HCL Connections Blue Stack environment is installed as a “Medium deployment”, I’ve noticed the following error: [10/3/22 17:26:54:477 IST] 0000016c LotusConnecti E Unable to access the required data javax.servlet.ServletException: java.io.FileNotFoundException: SRVE0190E: File not found: /configsetter ....

HCL Sametime – RunFaster=1  

By Milan Matejic | 3/3/22, 2:50 AM | Infrastructure - Sametime | Added by Roberto Boccadoro

verybody likes when software performs well and feels "snappy", guided by that mantra I've found that with the help of one "sametime.ini" parameter for LDAP tuning, you can improve the "login" performance of the clients and the time it takes to load Sametime Business Cards considerably.

HCL Sametime – Setting the Community ID  

By Milan Matejic | 12/7/21, 2:40 AM | Infrastructure - Sametime | Added by Roberto Boccadoro

If you are planning to deploy HCL Sametime Community service in a cluster or HA architecture, setting a Community ID is a must. Ideally, this should be an FQDN used for accessing the Community servers, something which is easy to remember, and your users can relate to. So, think ahead and use a name that can be used to access the service externally and internally

HCL Traveler – Cleaning up the “lotustraveler.nsf” database  

By Milan Matejic | 9/17/21, 1:25 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

If you are seeing some old and invalid objects in the "lotustraveler.nsf", on the HCL Traveler server, try running "tell traveler cleanup show" command. It will show you which entries are obsolete and could be deleted. Provided that you are OK with the result, run the "cleanup" command without the "show" option, this command will delete the entries previously shown.

HCL SafeLinx – Performance for Nomad  

By Milan Matejic | 9/16/21, 1:29 AM | Infrastructure - SafeLinx | Added by Roberto Boccadoro

If you are planing to deploy HCL Nomad and you are unsure about the hardware needed for the HCL SafeLinx server, make sure to read the recently published knowledge base article "HCL SafeLinx Performance for Nomad". It offers important performance insights for HCL SafeLinx and HCL Nomad, and shows just how cost-effective HCL SafeLinx is.

HCL Sametime Meetings – Meeting Chat Issue  

By Milan Matejic | 5/17/21, 5:20 AM | Infrastructure - Sametime | Added by Roberto Boccadoro

Recently I ran into the issue with HCL Sametime, the Chat was not working inside the Sametime Meetings. In this environment, the Sametime Meetings components are deployed on a single Docker host server. After a little bit of Troubleshooting and Log Analysis, I found the following error in the Sametime Proxy catalina logs: WARNING [https-jsse-nio-443-exec-8] com.ibm.rtc.stproxy.servlet.STProxyServlet.forward CLFRX0050E: User null – /stwebapi/chat/nway – <meeting_server_ip_address> is not authenticated.

HCL Sametime Policies – Troubleshooting  

By Milan Matejic | 4/19/21, 3:08 AM | Infrastructure - Sametime | Added by Roberto Boccadoro

I needed to set a new HCL Sametime policy just for a handful of users, so I have decided to do this via an explicit Sametime policy, assigned to the users via a new user group in LDAP user repository. This process is simple and very well documented, check out the official documentation if you have to do this https://help.hcltechsw.com/sametime/11.5/admin/creating_new_policy.html

HCL Connections Docs – 2.0.1 Update Issue  

By Milan Matejic | 4/7/21, 1:30 AM | Infrastructure - Connections | Added by Andi Kress

Lately I had an issue upgrading from HCL Docs 2.0 CR3 iFix009 to 2.0.1. While upgrading “Docs Editor” application, using upgrade/install scripts, I was blessed with the following error code

HCL Connections 7 – PDF Export Issues  

By Milan Matejic | 4/2/21, 4:40 AM | Infrastructure - Connections | Added by Roberto Boccadoro

After upgrading to HCL Connections 7, the new PDF Export feature didn't work. By clicking on the new "PDF" button inside the Wiki Page and trying to export it as a PDF, I would get an error in the GUI. In my two environments where I have encountered this, I had to do the following steps...

HCL Sametime Meetings 11.5 and LTPA version 2  

By Milan Matejic | 4/1/21, 3:39 AM | Infrastructure - Sametime | Added by Roberto Boccadoro

As the LTPA Token version 2 is more secure than the LTPA Token version 1, it has become a new default for me. Lately I found out that the Sametime Meetings Server does not accept the LTPA Token v2 out of the box, more on that in the following. :-)

HCL Sametime - Access User Directory over LDAPs  

By Milan Matejic | 3/9/21, 2:19 AM | Infrastructure - Sametime | Added by Andi Kress

Configuring HCL Sametime Community Server to access the user directory over LDAPs is straightforward and usually fairly simple. In order to configure the access to Microsoft Active Directory for example, over LDAPs, you have to do the following...

HCL Domino – Directory Assistance – Access to Active Directory via LDAPs – Thoughts about HCL Connections, Domino and Sametime  

By Milan Matejic | 3/4/21, 1:37 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

In order to re-configure the existing HCL Domino Directory Assistance document for accessing the user data over encrypted LDAP connection or LDAPs you have to do the following: Create a Domino keyring file for the source Domino server.

HCL Connections Invite – Issues when using TDS/SDS as User Repository  

By Milan Matejic | 3/3/21, 5:04 AM | Infrastructure - Connections | Added by Roberto Boccadoro

Take care when deploying the HCL Connections Invite application using the TDS (Tivoli Directory Server)/SDS (IBM Security Directory Server) as user repository. The following information from the official documentation is wrong.

HCL SafeLinx – SSL Issues   

By Milan Matejic | 2/11/21, 8:35 AM | Infrastructure - SafeLinx | Added by Roberto Boccadoro

If you are using HCL SafeLinx and you cannot access your websites using “HTTPS” and you see the following error in the HCL SafeLinx “wg.log” log file: PKCS12_parse failed, return 587686001 (error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure Then, most likely, either you are using the wrong password for the “P12” file, database where your SSL certificates reside, or your HCL SafeLinx Server is installed on Linux and the password for the “P12” file contains some special characters that need to be escaped.

HCL Domino & ADFS – SSO Suddenly stops working  

By Milan Matejic | 1/26/21, 2:28 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

If you are using ADFS with Domino as a Single Sign-On solution, and you get a call from a friendly user telling you that Single Sign-On stopped working, check if you are seeing the following error on the HCL Domino server console: SECCheckAndParseSAMLResponse> VerifyAssertionSignature : Document has been modified or corrupted since signed! (signature)

HCL Connections & Kerberos Authentication Protocol Issue  

By Milan Matejic | 1/12/21, 2:46 AM | Infrastructure - Connections | Added by Roberto Boccadoro

After implementing Kerberos Authentication protocol for HCL Connections, as described in the official documentation (HCL Connections and IBM WebSphere documentation) and restarting the whole environment, the “synchronization status” of the Nodes in the IBM WebSphere ISC Console appeared to be “unknown”. All the HCL Connections Applications were running, there were no errors in GUI and the SSO was working without any issues.

HCL Traveler Database Migration – From DB2 to MS SQL – Made Easy  

By Milan Matejic | 1/7/21, 2:55 AM | Infrastructure - Sametime | Added by Roberto Boccadoro

One of my customers wanted to migrate the HCL Traveler Database from IBM DB2 to Microsoft SQL. The customer is using Microsoft SQL for all other applications, which is set up with redundancy and high availability in mind, so this was a sensible choice, opposed to running a single instance of DB2.

HCL SafeLinx 1.1.1 & HTTP Strict-Transport-Security   

By Milan Matejic | 12/11/20, 4:37 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

After a SafeLinx Deployment I wanted to set the HTTP Strict-Transport-Security header, but there was nothing in the documentation about it, and I also could not find any option regarding this in the SafeLinx Administrator client settings. So I opened a Support case. According to the support you can use the command line on the HCL SafeLinx server to set the HTTP Strict-Transport-Security header as well as any other token header.