Apple push notification certificates expire on 4th of July 2024  

By Christoph Stoettner | 6/24/24 8:23 AM | Infrastructure - Connections | Added by Roberto Boccadoro

Push notifications certificates in HCL Connections 8 CR5 and CR6 need an update before 4th of July Last week I checked some HCL Connections 8 CRx downloads in Flexnet and recognized these packages available since 2024-06-13: APNS (Apple Push Notification Service) certificates renewal for 2025. Sounds normal, these updates need to be installed each year. First, I checked for the knowledge base document mentioned in the file name . It’s not published until now. So I downloaded the package and extracted the content. The included certificates are valid from 2024-04-25 to 2025-05-25, so they start and end in the middle of the year.

Be careful with search-admin role in HCL Connections   

By Christoph Stoettner | 5/3/24 5:37 AM | Infrastructure - Connections | Added by Roberto Boccadoro

I showed, in several slides and sessions, how you can use the search-admin role in the search application of HCL Connections for troubleshooting and reviewing some key configurations. In several environments, my user or other administrative users have this role, just to access the link to /search/serverStatus for example. Be aware, when you assign the search-admin role in the search application to a user, the advanced search will not return any result.

Troubleshooting Top Updates in HCL Connections  

By Christoph Stoettner | 12/5/23 2:25 AM | Infrastructure - Connections | Added by Roberto Boccadoro

Orient Me shows Top Updates on the startpage of Connections, but sometimes this view is empty, how is this generated? Last week, I had three systems with issues displaying the Top Updates in the Orient Me. So I tried to find out which applications and containers are involved in generating the content for this view. First, we need to know that Top Updates are part of the Component Pack, and the content of Latest Updates is the Activity stream data, which is read from the homepage database. If the Top Updates tab is not visible after deploying the Component Pack, check LotusConnections-config.xml; the serviceReference for orientme needs to be enabled. There is only one serviceReference allowed for an application in this file, so check for duplicate definitions when the tab is still missing.

Hide widget from Highlights  

By Christoph Stoettner | 11/30/23 2:53 AM | Infrastructure - Connections | Added by Roberto Boccadoro

With HCL Connections 6.5 and later, we got the add-on HCL Connections Engagement Center (aka CEC, HCEC, ICEC or XCC) included in a normal HCL Connections deployment. The HCL Connections license contains the supplement that HCEC can be used within Communities and is the base for the Highlights application. All other options are hidden and could be enabled in LotusConnections-config.xml (set <genericProperty name="icec.light">false</genericProperty>), but then you need to order the HCL Connections Engagement Center license.

Migrate MongoDB in HCL Connections Component Pack 8  

By Christoph Stoettner | 9/22/23 3:31 AM | Infrastructure - Connections | Added by Roberto Boccadoro

The official documentation, “Migrating data from MongoDB 3 to 5”, wants to dump the MongoDB databases in 3.6 and then restore this data into the newly deployed MongoDB 5. One issue with this process is that we can’t run the two MongoDB versions in parallel on Kubernetes because the provided helm charts and container for MongoDB 3.6 stop running after Kubernetes 1.21. On the other side, the helm chart providing MongoDB 5 can’t be installed on those old Kubernetes versions. So the process to update is: Migration process Dump databases in MongoDB 3.6 (version delivered with Connections 7) Update Kubernetes to 1.25 or 1.27 Restore MongoDB databases to version 5.0 So, you have to plan the process in advance because it is difficult to get the data when you forget something. width=device-width,initial-scale=1,user-scalable=no Migrate MongoDB in HCL Connections Component Pack 8 · stoeps 49.642538;8.638950 DE Heppenheim, Germany 49.642538, 8.638950 Heppenheim The official documentation, “Migrating data from MongoDB 3 to 5”, wants to dump the MongoDB databases in 3.6 and then restore this data in

Build mongodb5 image for Component Pack with Buildah  

By Christoph Stoettner | 5/17/23 7:14 AM | Infrastructure - Connections | Added by Wannes Rams

Build Mongodb5 Image For Component Pack With Buildah

Update Elasticsearch certificates in Componentpack · stoeps  

By Christoph Stoettner | 9/5/22 2:04 AM | Infrastructure - Connections | Added by Roberto Boccadoro

Elasticsearch in HCL Connections Componentpack is secured with Searchguard and needs certificates to work properly. These certificates are generated by bootstrap during the initial container deployment with helm. These certificates are valid for 10 years (chain_ca.pem) or 2 years (elasticsearch*.pem) and stored in the Kubernetes secrets elasticsearch-secret, elasticsearch-7-secret. So when your HCL Connections deployment is running for 2 years, the certficates stop working. The documentation on bootstrap is a little bit misleading and my suggested update does not make it into a technote or documentation update since nearly one year.

Change spellchecking to hunspell in TinyMCE  

By Christoph Stoettner | 7/13/22 1:54 AM | Infrastructure - Connections | Added by Roberto Boccadoro

The last years I had issues with application servers using large amount of CPU and even hanging application servers running the Tiny Spellchecking service. It ended with disabled spellchecking in the Tiny editors config.js. Now after updating to the actual editor version TinyMCE 5.10.2 we decided to reenable the spellchecker and the first days it looked like, that the issue was really fixed. Sadly after about a week the first application server started to use 800% CPU just for the server hosting the spelling service.

Fix some annoyances with Customizer · stoeps  

By Christoph Stoettner | 7/6/22 5:06 AM | Infrastructure - Connections | Added by Matteo Bisi

I created a git repository with some smaller CSS files to fix some annoyances within HCL Connections. I started with this to prevent Orient Me to load fonts from external URLs or Elasticsearch Metrics to break the UI on larger screens. These issues are solved after the last updates I got from support, but Blogs and Tailored Experience Wizard can be improved with some simple rules.

Restart Orient Me pods after Internal Server Error  

By Christoph Stoettner | 7/4/22 4:59 AM | Infrastructure - Connections | Added by Roberto Boccadoro

After rebooting the Kubernetes server for HCL Connections Componentpack, I sometimes see that Orient Me is not working and just shows: {"error":{"statusCode":500,"message":"Internal Server Error"}} I think one of the liveness checks could be improved, but for now the following commands restart just the necessary amount of pods to get Orient Me back running.

Elasticsearch7 Update  

By Christoph Stoettner | 6/8/22 3:56 AM | Infrastructure - Connections | Added by Roberto Boccadoro

CVE-2021-44228 was a very serious problem end of 2021, and we are still finding new occurrences, or security teams scan servers and find vulnerable log4j files. Don’t get me wrong most of these occurrences are not vulnerable any more, because the JVM is hardened like in the Elasticsearch 7 containers, or they use of the JVM parameter -Dlog4j2.formatMsgNoLookups=true.

My thoughts about Engage 2022  

By Christoph Stoettner | 5/31/22 12:19 AM | Business - Events / People | Added by Roberto Boccadoro

The last days I attended Engage 2022 in the Bruges Meeting & Convention Centre (BMCC) . The first in person event for HCL Software for two years. Engage 2020 was the last event before the big lockdowns. Meeting so many friends again after so long time felt really awesome, and I enjoyed these days very much. We had good conversations and some Belgium beer to celebrate the reunion.

Disable Highlights App in Connections 7  

By Christoph Stoettner | 3/23/22 4:08 AM | Infrastructure - Connections | Added by Roberto Boccadoro

Today I got the question of how to disable the highlights app in Connections 7. When you follow the documentation for Connections 6.0CR6 you get an error message (and the document is not available in Connections 7). I commented out the widget definition in widgets-config.xml like described in the documentation for the former release. Sychronize the nodes Restart the application server hosting WidgetContainer and Communities Application Now create a new community and you will get one of the following errors

Add offset to community overview anchor links  

By Christoph Stoettner | 3/22/22 2:58 AM | Infrastructure - Connections | Added by Roberto Boccadoro

Our users are often building Highlights and Overview pages within HCL Connections Communities, where they link from one description widget to RTE or from one RTE widget to another. We found that these anchor links often disappear behind the top navigation bar and the users wonder what happened.

Videostreaming in HCL Connections  

By Christoph Stoettner | 3/7/22 10:50 AM | Infrastructure - Connections | Added by Roberto Boccadoro

In late 2021 I had an HCL Connections environment starting swapping, because the AppCluster used more than 30 GB of memory. The system has two nodes is installed with the medium-sized deployment option About 7500 users with a high adoption rate, because Connections is also used as intranet

KB: PushNotification broken after upgrading to CFix.65CR1.2201  

By Christoph Stoettner | 2/28/22 2:26 AM | Infrastructure - Connections | Added by Roberto Boccadoro

Yesterday I updated a Connections environment to the latest CFix. In other environments I found that PushNotification Cluster was not started after the update, like described in the knowledge base document PushNotification broken after upgrading to CFix.65CR1.2201 . In this update the application and cluster were running, but not working at all. Browser console.log showed the error: Error connecting to push auth sync service /servic/info: RequestError: Unable to load https://cnx-fqdn/push/service/info status: 500

Change the Connections editor on the fly  

By Christoph Stoettner | 2/23/22 12:29 AM | Infrastructure - Connections | Added by Roberto Boccadoro

When I test topics with the different Connections editors (CKEditor, Textbox.io and TinyMCE), I always used multiple users in my test environment, installed the editor selector ear and then gave each of the test users a different editor. That’s easy with the different j2ee roles, but I always had to use multiple browsers or sandboxes to see them next to each other. During a support call with Tiny and HCL I learned, that you can switch the editor with a URL parameter. So no need to change the configuration or use the tinyeditorselector.ear.

Patch Orient Me Container  

By Christoph Stoettner | 1/17/22 3:08 AM | Infrastructure - Connections | Added by Roberto Boccadoro

I wrote about font loading from external CDN in the post Hiding The Create Community Button 2nd last year and hoped this is finally fixed for all Connections applications. A good summary on the reasons to not allow external font loading is Blocking Web Fonts for Speed and Privacy So I checked with a Connections 7 deployment with the latest CFix (CFix.70.2112) deployed, if this is still an issue with Connections. In former Connections' versions we found external fonts loaded in Orient Me (/social), Communities Catalog (/communities) and the Admin panel (/cnxadmin/).

Log4j how to find out if an application has it included  

By Christoph Stoettner | 12/13/21 2:13 AM | Infrastructure - Connections | Added by Roberto Boccadoro

Some ways to search for installed or used log4j libraries in your containers and file systems Yesterday several security advisories arrived in my Inbox and people were worried about a 0-day vulnerability in Apache Log4j . I read a lot during the last 24 hours and searched for log4j versions within HCL Connections. I wanted to write about some of these commands already since weeks, so I use the awareness to show you some fast options to scan all packages in container images, file system and registries. For me one of the hardest points was to find out, if the software is using log4j and which version.

Connections Docs, TLSv1.2 and XML Format  

By Christoph Stoettner | 12/13/21 2:07 AM | Infrastructure - Connections | Added by Roberto Boccadoro

Troubleshooting an error which was based on automatic linting of an editor I installed HCL Connections Docs 2.0.1 on top of an already installed HCL Connections 6.5CR1 with Docs Viewer. Usually a simple task, the installation was smooth, after the mandatory restart the Edit button in the files' application appeared and all looked good, but when the users clicked on edit a white page was loaded.

Enabling and disabling WebSphere traces on steroids  

By Christoph Stoettner | 12/10/21 1:36 AM | Infrastructure - Connections | Added by Roberto Boccadoro

During troubleshooting of WebSphere Application Server it is necessary to enable traces and see more detailed log messages. Enabling these traces is very annoying, because you need to follow long click paths within the Integrated Solution Console (ISC).

Connections Desktop Plugins Password Save Policy  

By Christoph Stoettner | 12/7/21 2:38 AM | Infrastructure - Connections | Added by Roberto Boccadoro

During the latest automated deployment of the HCL Connections Desktop Plug-ins for Microsoft™ Windows™ , I had issues activating the Password Save Policy. We wanted to disable the option that users can save passwords. The documentation tells us, that the registry key HKLM\SOFTWARE\Wow6432Node\IBM\Social Connectors\Settings\Password Save Policy needs to be set to 1 to achieve this. Sadly this does not work, and I remembered, that I investigated this error already some years ago.

Highlights as start page hides the Community overview  

By Christoph Stoettner | 11/19/21 1:47 AM | Infrastructure - Connections | Added by Roberto Boccadoro

Connections 7 creates the Community Highlights page automatically and sets it as the start page for new communities. That’s configured in the highway service, which is available for administrative users on https://your_connections_url/connections/config/highway.main.gatekeeper.tiles So far so good, the community menu looks way cleaner, until today I haven’t thought about this.

HCL Connections switch to allowlists  

By Christoph Stoettner | 11/19/21 1:44 AM | Infrastructure - Connections | Added by Roberto Boccadoro

How to add additional allowlist rules to HCL Connections A long time ago, I wrote about the new implementation of allowlists in HCL Connections and that the documentation on customization and adding new rules was an absolute miracle for me. I haven’t implemented allowlists at any customer at the moment, because the first tries in 2018 were horrible. Even formats from the builtin editors got deleted during the save procedure. During test deployments I often start with enabled allowlists, but later I always switch back to blocklists. For a support ticket I had to check some settings today, and so I tried with enabled allowlist and blocklist. This let me remember the old blog post and I wanted to check if custom rules can be added now.

Tweak HCL Connections Newsletter v2  

By Christoph Stoettner | 5/20/21 2:44 AM | Infrastructure - Connections | Added by Roberto Boccadoro

The newsletter in version 2 format has one big disadvantage, we or our users lost the easy links to the topic, user or application. When we look at the same information in Newsletter version 2, we can’t open the profile or the main blog/application, just the post is linked on the "Open" link.

Repair Administration Console of Connections 7 for Chromium-based Browsers  

By Christoph Stoettner | 4/30/21 10:07 AM | Infrastructure - Connections | Added by Roberto Boccadoro

Connections 7 has a new Administration Console to access Communities Template administration and Mobile Administration. The Administration Console can be reached on https://cnx-hostname/cnxadmin/. The / at the end is important, because the ingress rule just forwards /cnxadmin/(.*).

Upload Files via IBM HTTPServer (mod_ibm_upload) to HCL Connections  

By Christoph Stoettner | 4/27/21 2:23 AM | Infrastructure - Connections | Added by Roberto Boccadoro

The last days I analyzed an issue, that file uploads to HCL Connections via IBM HTTPServer stopped working on a fresh installed 6.5CR1. Today I configured a Connections 7 and tried with it. I think that the official documentation is old in some important parts for the upload configuration.

HCL Connections Newsletter v2 and Join Community requests  

By Christoph Stoettner | 3/8/21 3:09 AM | Infrastructure - Connections | Added by Roberto Boccadoro

Since IBM Connections 6.0CR4 we can use a new newsletter format which needs still (now with HCL Connections 7) be activated separately in LotusConnections-config/notification-config.xml. Today some users asked how they can add other users to their private communities (visible in Community catalog) without manually adding them. As we investigated the question I had a look at the old notification format. So there a community owner got following e-mail when a user requested to join:

Update on the Touchpoint workaround  

By Christoph Stoettner | 11/4/20 2:14 AM | Infrastructure - Connections | Added by Roberto Boccadoro

Some weeks ago I wrote about an workaround to prevent TDI from deleting the touchpoint status in HCL Connections. During some research on TDI I found Mapping fields manually in the HCL Connections documentations. This document describes how to add additional fields to the TDI synchronisation. On point 11 I found something new for me. You can add additional fields and then add the content with an Javascript function for example.

Elasticsearch index creation problem  

By Christoph Stoettner | 10/9/20 1:43 AM | Infrastructure - Connections | Added by Roberto Boccadoro

Today I activated Elasticsearch Metrics and Typeahead Search on my demo HCL Connections cluster. To my surprise the indices weren’t created and I got errors on the wsadmin.sh commands. SearchService.createESQuickResultsIndex() I checked the Elasticsearch pods which showed a running state, but the logs showed following messages: [es-master-c9cc5d877-trwsd es-master] [2020-10-08T12:11:13,708][WARN ][o.e.c.r.a.DiskThresholdMonitor] \ [es-master-c9cc5d877-trwsd] high disk watermark [90%] exceeded on [sqwY58MtRa2MoPkHr1o70Q][es-data-2][/data/data/nodes/0] \ free: 2.7gb[5.4%], shards will be relocated away from this node So even with 2.7GB free space it does not generate the needed shards and indices. This is default behavior of Elasticsearch, but can be changed: