Installation tips

Let's begin with some tips for installing the Sametime System Console (SCC):

• First, keep installation paths short. IBM WebSphere® Integrated Solutions Console (ISC) has an 80-character limit for profile path names.

• When installing multiple products on the same machine, you must be aware that only cell profile types can co-exist. (Do select a Network deployment if you intend to install multiple Sametime servers on the Sametime Microsoft® Windows® machines. For UNIX® platforms this is possible on different filesystems).

• Do not use the SSC database for attaching to the Meetings Server deployment plan. The SSC and the Meetings Server databases must be separate.

• Make sure that the LDAP server and DB2 server are available during the product installation and that the appropriate ports are open. To confirm these servers are reachable, you can telnet to them through their respective ports: Telnet db2server.hosname.com 50000 (may be 50001) and telnet ldapserver.hostname.com 389 (636 for SSL).

Ensure servers are started correctly

The most common problem seen with the SSC is that the servers are not started properly. The SSC should have three components running: the Deployment Manager, the Node Agent, and STConsoleServer. If they are not running, then start them using these Linux commands:

• startManager.bat(sh)
• startNode.bat(sh)
• startServer.bat(sh) STConsoleServer

On Windows the following example commands should be run:

• C:\Program\Files\IBM\WebSphere\AppServer\profiles\STSCDMgrProfile\bin\startManager.bat
• C:\Program Files\IBM\WebSphere\AppServer\profiles\STSCAppProfile\bin\startNode.bat
• C:\Program Files\IBM\WebSphere\AppServer\profiles\STSCAppProfile\bin\startServer.bat STConsoleServer

To verify that each server is running, use the serverStatus.bat(sh) command. For example, to confirm that the Deployment Manager is running, use:

C:\Program Files\IBM\WebSphere\AppServer\profiles\STSCDMgrProfile\bin\serverStatus.bat -all -username -password

To verify that the node agent and STConsoleServer are running, use:

C:\Program Files\IBM\WebSphere\AppServer\profiles\STSCAppServer\bin\serverStatus -all -username -password

Troubleshooting by area

Log-in and LDAP

In the event you are unable to log into the SSC or the ISC, assuming you have access to the machine, you can turn off the security to log in and check your LDAP.

To disable administrative security:

1. At the command prompt, type the following command:

C:\Program\Files\IBM\WebSphere\AppServer\profiles\STSCDMgrProfile\bin\wsadmin.bat -conntype NONE

    When the wsadmin command prompt re-displays, type the following commands:

wsadmin>securityoff

2. Type the following command in the STConsole profile:

C:\Program Files\IBM\WebSphere\AppServer\profiles\STSCAppProfile\bin\wsadmin.bat -conntype NONE  

    When the wsadmin command prompt re-displays, type the following commands:

wsadmin>securityoff

3. Restart the application server

C:\Program Files\IBM\WebSphere\AppServer\profiles\STSCAppProfile\bin\wsadmin.bat

wsadmin>securityon wasadmin your_password 

Allowing ping
When the connection to LDAP is set up through the SSC wizard, an active ping is sent to the LDAP server. If the ping is blocked, LDAP settings won't be validated, and setup will not complete; you will notice the rejection in the firewall log. Ping must temporarily be allowed.

Reviewing your LDAP settings
When reviewing your LDAP settings, make sure the WebSphere Administrator (wasadmin) does NOT exist in your LDAP directory. It is sometimes necessary to use authenticated access for LDAP. Even though validation passes, when installing WebSphere it may not be able to retrieve all attribute values.

Specifying a Base DN
When configuring Lotus Sametime 8.5 to use an IBM Lotus Domino® LDAP server, you must specify a Base DN. Currently, the SSC allows for a blank DN to be used, which in turn allows the WebSphere Federated Repository Realm to be created as "c=us".

However, this setup might cause issues when resolving Sametime Policies for your authenticated users, which will prevent users from being able to create and attend meetings. For more information review the Lotus Software Support Technote, “Authenticated users cannot create or attend meetings when Sametime uses Domino LDAP.”

Sametime policies

If you have created a policy but doubt that it has been assigned to a user or group:

• Use the tool in SSC to check which policy is applied to a user. If policies are not in effect for Community Server users, check that it is configured to use SSC in the sametime.ini:

POLICY_DB_BB_IMPL=com.ibm.sametime.policy.databasebb.xml.DbXmlBlackBox

• If the settings change was recent, Community server will refresh after 1 hour, or you can restart the Community server, and it will refresh its cache upon startup.

Firewalls and ports

The Sametime SSC needs access through the following ports for the following servers:

• DB2® port (default 50000 on windows)
• LDAP (default 389 or 636)
• Meetings, Gateway, Media, Proxy
• SOAP port (default 8880)
• AboutThisProfile.txt SOAP connector port value
• Meeting Server needs access to SSC db (default port 50000 on windows)
• Community
• HTTP or HTTPs (default 80 and 443)
• Community needs access to SSC HTTP or HTTPS (default 9080 and 9443)
• Installation Utilities need access to SSC
• SSC HTTP or HTTPs (default 9080 or 9443)

Error messages

Sametime System Console errors start with “AIDSC” followed by a four-digit number, for example, AIDSC1234E. Look for these errors in the log files when you are troubleshooting the SSC.

Log files

All error messages are logged to the SystemOut.log, systemErr.log, and trace.log on the SSC deployment manager (SSC dmgr) and the STConsoleServer and, occasionally, the nodeAgent.

The ISC Portlets - Client-side logs are here:

\WAS_INSTALL_ROOT\profiles\STSCDMgrProfile\logs\dmgr
\profiles\STSCAppProfile\logs\STConsoleServer

The SSC Server – Server-side logs are here:

\WAS_INSTALL_ROOT\profiles\STSCAppProfile\logs\STConsoleServer

Location for the SSC client registration utility:

\Product_Install_Location\console\logs (C:\WebSphere\STServerCell\console\logs)

Disabling security on SSC

To disable security on Sametime System Console 8.5.2, use these steps:

1. Go to the machine on which Sametime System Console is installed and ensure the SSC is up and running.
2. Go to the Program files and then the Appserver directory.
3. Make a backup of the STSCAppProfile directory by typing the following command in a DOS prompt (see figure 1):

backupConfig.bat -username wasadmin -password

Figure 1. Backing up STSCAppProfile directory



4. Now make a backup of STSCDMgrProfile directory, as shown in figure 2.

Figure 2. Backing up STSCDMgrProfile directory



5. Ensure that dmgr is not running before disabling security, go the wsadmin shell of WebSphere, and type “wsadmin -conntype none” from the bin directory of STSCDmgr profile (see figure 3).

6. Execute “securityoff” at the wsadmin shell prompt.

Figure 3. wsadmin -conntype none



7. Execute the same procedure in STSCAppProfile to disable security as shown in figure 4.

Figure 4. Disabling STSCAppProfile security



8. Restart the STSCDmgr, node agent, and STConsoleServer; then go to a browser and type in the following URL:

http://acme.com:8700/ibm/console/

You should be able to log in without any password.

Changing your wasadmin password for the SSC

To do this:

1. First, ensure your SSC is up and running, and then in a browser type in the following URL to connect to the SSC (see figure 5):

http://ace.com:8700/ibm/console

or

https://acem.com:8700/ibm/console

Log in with your wasadmin user ID and password.

Figure 5. ISC Log-in window



2. Scroll down to Users and Group and go to Manage Users. In the “Search for” field, enter *wasadmin and click the Search button (see figure 6). The search results shown in figure 7 should be returned.

Figure 6. Manage Users window



Figure 7. Search results



3. Double-click on the wasadmin link; the User Properties window shown in figure 8 should display.

Figure 8. User Properties window


4. In the Password field, enter a new password, confirm it, and click Apply. Log out and log back in with the new password.

Conclusion

Using the tips in this article, you should be able to troubleshoot known issues for the Sametime 8.5.2 System Console.

Resources

developerWorks IBM Sametime product page:
http://www.ibm.com/developerworks/lotus/products/instantmessaging/

Sametime Support page:
http://www-947.ibm.com/support/entry/portal/Overview/Software/Lotus/Lotus_Sametime

Sametime product documentation:
http://www-10.lotus.com/ldd/stwiki.nsf/xpViewCategories.xsp?lookupName=Product%20Documentation

Sametime product wiki article, “Troubleshooting the Sametime 8.5 Media Server:”
http://www-10.lotus.com/ldd/stwiki.nsf/dx/Troubleshooting_the_Sametime_8.5_Media_Server

About the authors

Naveed Yousuf is a Software Engineer working on various teams at IBM's Dublin Software Lab since 1999. He has worked with the Sametime Verification Test team for the past 4 years, focusing on integration and interoperability across Sametime products.

Conall O'Cofaigh is a Software Engineer working on the Sametime Verification Test team. He's been with IBM since 2008, focusing on integration and interoperability across Sametime products.

Anbuchezhian Balakrishnan is a Software Engineer working on various teams at the Dublin Software Lab since 2007. For the past four years, he's worked on the Sametime Verification Test team, focusing on integration across Sametime products, and is currently working on the Smart Plant project.