357 Lotus blogs updated hourly. Who will post next? Home | Downloads | Events | Pods | Blogs | Search | myPL | About 
 
Latest 7 Posts
Solution for Sametime connection issue with iNotes when SSL is used
Thu, Jun 26th 2014 86
The importance of Java and Cognos with IBM Connections
Tue, Mar 25th 2014 217
Audio and video not woriking in a web browser due to LtpaToken “undefined”
Mon, Feb 17th 2014 377
Sametime audio and video failing due to business cards
Tue, Feb 4th 2014 320
IBM Sametime 9 Video Manager ignores host file
Thu, Jan 2nd 2014 503
Sametime 9 and CentOS
Thu, Jan 2nd 2014 343
Sametime and the mystery surrounding Managed Settings
Fri, Sep 27th 2013 268
Top 10
IBM Sametime 9 Video Manager ignores host file
Thu, Jan 2nd 2014 503
IBM Installation Manager cannot find a supported browser
Fri, Aug 10th 2012 393
Audio and video not woriking in a web browser due to LtpaToken “undefined”
Mon, Feb 17th 2014 377
CWPKI0662E error when importing certificate into Sametime Gateway
Fri, Dec 21st 2012 367
SIP SDP problems with Lync and Sametime Gateway
Fri, Aug 16th 2013 364
Sametime 9 and CentOS
Thu, Jan 2nd 2014 343
Android Sametime client not connecting when SSL is enabled
Mon, Jun 24th 2013 333
Sametime audio and video failing due to business cards
Tue, Feb 4th 2014 320
Sametime on iPhone – APNS test application
Fri, Oct 19th 2012 279
Sametime and the mystery surrounding Managed Settings
Fri, Sep 27th 2013 268


Portal to Sametime – SSO & LTPAToken issue
collaborationben    

I had a customer get in touch with me about a problem they were having when trying to start Sametime Classic meetings from IBM WebSphere Portal. They have a link in Portal to a load balancer which then directed HTTP traffic to one of two Sametime Classic Meeting servers.

When logging into Portal and selecting the link a browser would launch and the user would be logged into STCenter.nsf via SSO. When scheduling a meeting the Meeting Room Client (MRC) would load but as soon as the MRC tries to connect to Sametime Community services (chat) an error appears on the user’s screen.

I took this into a development environment and replicated the behaviour. After enabling debugging on the Sametime server I saw the following output in the stusers*.txt

101117_095933.869,INF,Users   ,VpUsrAuthenticate::handleCheckUser: authenticating user with loginName=CN=Ben Williams/O=ACME by a single token
101117_095933.869,FTL,LDAP Aut,authenticating user by tokens
101117_095933.869,INF,LDAP Aut,Starting auth by tokens for [CN=Ben Williams/O=ACME] in org[]
101117_095933.869,FTL,LDAP Aut,checking LDAP format….
101117_095933.884,FTL,LDAP Aut,token verification failed. [4098]
101117_095933.884,INF,LDAP Aut,AuthTokenContext::authenticateBeforeDirSearch verifyTokenAndExtractUserId failed with reason 4098
101117_095933.884,FTL,LDAP Aut,AuthContext::start: authenticateBeforeDirSearch failed with reason 4098
101117_095933.884,INF,Users   ,VpUsrAuthenticate::checkedUser: VpUsrAuthenticate: bad login

I added debug_sso_trace_level=7 and Websess_verbose_Trace=1 to the Notes.ini but again nothing showed apart from when the browser opened STCenter.nsf, so on the Domino side of things SSO is working as expected.

Looking at the Java console output in the web browser when the MRC loaded I noticed “reverse proxy support disabled and detected” appear a few times. I observed this in the customer’s production environment and not in development so I ignored it which turned out to be a red herring.

It got me thinking about a problem I had with Sametime 8.0.2 and an LTPA parsing issue which produced similar errors although not exactly the same. That problem was fixed with a Sametime hot fix and was included in later versions of Sametime so it couldn’t be the same but must be along the same lines.

I exported the LTPAToken from the Portal deployment manager (DM) and imported it back into the Domino web SSO configuration document and restarted but this didn’t resolve the problem.

I then took more time looking at the Portal DM and noticed that Interoperability Mode was enabled which means that LTPAToken and LTPAToken2 are created.

Looking at the web SSO configuration document it was set to LTPAToken only.

After changing it to LTPAToken and LTPAToken2 and restarting things started working and users could now schedule and start meetings.




---------------------
http://collaborationben.com/2010/12/06/portal-to-sametime-sso-ltpatoken2-issue/
Dec 06, 2010
230 hits



Recent Blog Posts
86


Solution for Sametime connection issue with iNotes when SSL is used
Thu, Jun 26th 2014 6:10a   Ben Williams
Yesterday I moved a customers single Sametime 8.0.2 server to a new 8.5.2.1 server. The planning and execution went well apart for pesky iNotes integration with STLinks. The customer isn’t huge so going Sametime 9 with SSC and DB2 really didn’t warrant increased consultancy and support costs and certainly not a Sametime Proxy. Anyway, the problem I had (which wasn’t happening with 8.0.2) was that in IE awareness wouldn’t appear. The buddy list would load and show users ad [read] Keywords: domino ibm inotes lotus notes sametime community db2 firefox integration java server
217


The importance of Java and Cognos with IBM Connections
Tue, Mar 25th 2014 12:10p   Ben Williams
During an install of Connections 4.5 I came across a problem when Configuring the IBMConnectionsMetricsAdmin role on Cognos which required me to disable anonymous access in the Cognos Configuration tool (Local Configuration -> Security -> Authentication -> Cognos to set Allow anonymous access? -> False) and save. On saving I was getting the following error in the client. I had previously applied 10.1.1 FP001 and believed something had happened during the upgrade. Googling came up wi [read] Keywords: connections ibm ldd lotus application centos java password security server vm websphere xml
377


Audio and video not woriking in a web browser due to LtpaToken “undefined”
Mon, Feb 17th 2014 9:10a   Ben Williams
When testing audio and video via a web browser of mobile phone I would see the following error in a browser when trying to use audio and video in a meeting. Using the thick client worked. Looking at the SIP Proxy Registrars SystemOut.log I saw the following exceptions. [2/11/14 18:08:43:660 GMT] 000000a7 LdapPasswordS I LdapPasswordServer  CWSCT0359I: Hashed Credential attributes not found. [2/11/14 18:08:43:661 GMT] 000000a7 SIPDigestServ E SIPDigestService  CWSCT0340E: Error – cannot [read] Keywords: agent ibm sametime application community development mobile password security server
320


Sametime audio and video failing due to business cards
Tue, Feb 4th 2014 5:09a   Ben Williams
We all know that LDAP is the biggest threat to Sametime, don’t we? Are we all aware of how that impacts audio and video through business cards? Well, a customer logged a problem yesterday after audio and video failed on their 8.5.2.1 infrastructure. What made this more difficult to troubleshoot was the fact that last week and we had other problems relating to audio and video which was “taken out” after a network change the weekend prior. With last weeks problem clouding my judg [read] Keywords: collaboration ibm sametime community email java network server xml
503


IBM Sametime 9 Video Manager ignores host file
Thu, Jan 2nd 2014 6:11a   Ben Williams
During the build of an internal Sametime 9 environment I came across problems with video calls via a meeting room, point-to-point was fine. I was getting the error “The call was not completed due to a dialling error. AVKCS2200E: Failure response 403 received in response to invitation to CN=Ben Williams, O=collaborationben. Reason is: Unspecified Dial Failure.” I’ll explain how I have it set up. As this is all run on a bulky VMWare server at home I use hosts files to control DN [read] Keywords: admin calendaring ibm lotus sametime password security server vmware websphere
343


Sametime 9 and CentOS
Thu, Jan 2nd 2014 5:09a   Ben Williams
I like to use CentOS in the lab to install all IBM software to avoid licensing costs and Windows when possible. CentOS has always had it’s challenges and I have blogged a few times about additional libraries required to get software working. I use the basic server install which is pretty minimal but that’s what you should be using, right? With Sametime 9 I have noticed the following gotchas you should be aware of. Do not use 64 bit CentOS for the Community server I have never been ab [read] Keywords: admin domino ibm sametime application centos community java linux redhat server websphere
268


Sametime and the mystery surrounding Managed Settings
Fri, Sep 27th 2013 11:11a   Ben Williams
I have been working with a customer introducing Connections 4.0, Sametime Proxy and moving their current two Community servers away from native Domino to AD LDAP. We are now at the point where as we are looking at migrating the users from their current Community server to their new one. Normally DNS could be used to do this but since the authentication method is changing too then some further steps are required. To do this two approaches are required 1) the Sametime client needs to always pull t [read] Keywords: collaboration connections domino ibm policies sametime community desktop linkedin server xml




364


SIP SDP problems with Lync and Sametime Gateway
Fri, Aug 16th 2013 11:14a   Ben Williams
It’s not the first time I have federated the Gateway with OCS/Lync servers, all previous federations went smoothly, this one didn’t. Prior to federating I updated to 8.5.2.1 HF2 which involves applying FP19 to WAS 7 so that it brings it to the latest and greatest and should combat any problems with Lync. When I got round to federating I found that awareness worked and the Lync users could chat with me but I couldn’t initiate a chat with them. I enabled the following trace and d [read] Keywords: administration agent ibm sametime application linkedin microsoft office properties server websphere
213


Leavers showing as off line through the Sametime Gateway
Thu, Aug 8th 2013 6:18a   Ben Williams
An internal user described a problem where as a leaver was showing as on line to IBM colleagues via their Sametime client, further more chats sent to the leaver was being received by the leaver’s manager. Our Gateway is federated with IBM’s so I can chat with them. I was a bit sceptical at first but after reproducing it I took a peek. The manager had added the leaver’s email address to their person document so that email sent to the leaver was routed to them. Running a query fo [read] Keywords: ibm sametime database email
206


IBM Connections SSO not working with Metrics
Thu, Aug 1st 2013 6:17a   Ben Williams
The one problem I had out the back of the Metrics install which was post-Connections 4.0 was the when users clicked on the Metrics tab they were not signed into Metrics automatically. Users were faced with the following screen. The User ID field was pre-populated with the users userPrincipalName (joe.bloggs@acme.com) which was not accepted. To log in to metrics the @acme.com needed to be removed leaving the users sAMAccountName which did work. I changed the following fields in Cognos BI which w [read] Keywords: connections ibm application server xml




Created and Maintained by Yancy Lent - About - Blog Submission - Suggestions - Change Log - Blog Widget - Advertising - Mobile Edition