Posts

What does deljobhst really do?

Often our Lawson print queues get cluttered and out of hand.  Lawson’s deljobhst command is a really great tool for cleaning up your batch jobs.  It can clear the clutter from your user’s print managers, as well as free up some space on your server.  Run this command in LID.

For each of these commands, you must provide a “ToDate” in MMDDYY format.  So, if you give it an end date of 033119, for instance, you would delete all the selected job history up to March 31, 2019.

You also have the option of providing a user’s account so that you just perform the delete for a specific user.  There is also a from date option that allows you to manage job history for a specific date range.

We recommend setting up some of these commands on a schedule to keep your Lawson server happy & healthy.

Here is a summary of the command:

The -w option will delete all waiting jobs, so jobs in recovery and jobs with Invalid Parameters.  After you run this, there will not be any jobs listed in the waiting queue for the specified user (or all users) up to the specified run date.

The -c option deletes all completed jobs.  This is a great way to clean up user’s job schedule print manager lists.  This action removes the data from the QUEUEDJOB table.  It does not remove print files.

The -r option removes all the print files associated with batch jobs, that were created up to the specified to date.  This will help keep your server from getting too cluttered.  Make sure you back up your print directory, especially if you have a retention policy at your organization.  If you run the command so that it deletes ALL print files (so delete everything up to today), it will delete your entire print directory.  Don’t panic!  It’ll be created the next time a user runs a batch job.

Designer Series – JSON Converter Node

The JSON Converter node can be used to build a JSON object from CSV or XML, or to convert a JSON object to XML or CSV.

Under the input tab on the Properties, the input could be output from some other node, a variable, or a text string.

The output from the converter node can be used to saved to a file, in a data iterator, or in other reader nodes in your flow.

Troubleshooting IPA Schedules

Sometimes you may find that your scheduled flows have not run, seemingly with no explanation.  When this happens, there is a good possibility that there was an error in the scheduler that needs to be resolved.  To check the scheduler, log into Rich Client or your IPA Web Administrator as the user who owns the schedule.  Search for “My Scheduled Actions”.

Find the schedule of the flow that didn’t run, and verify if there is an error.  Double-click on the failed instance at the bottom of the screen to get more detail on the error.

Once you have resolved the issue that caused the error, right-click on the instance and select “Requeue”.  Note that this will cause your schedule to run immediately.

After the schedule has run successfully, there will not be any more items in the “Action Instances” tab.

IPA Node Error – There is not one Actor for this identity

I was doing some work in Landmark and ran across an issue where my LPA node wouldn’t start in the grid.  I looked at the logs and saw the error “There is not one Actor for this identity: <IDENTITY>”.  Issues like this often present themselves when trying to log into Rich Client also.  In this case, it came back with a “logon failure” message.  When you come across issues like this, and you can’t get into Rich Client, the next step is to check the database.  For an error referring to actors and identities, the first table to look at would be IDENTITYACTOR in the Landmark GEN database.  In this case, I discovered that the record for the IDENTITY mentioned in the error had a DELETEFLAG that was populated with the UNIQUEID (meaning that it had been deleted).  I updated the record and set the DELETEFLAG = 0, rebooted my server, and the LPA node started right up.

IP Designer Series – JSON Builder Node

The JSON Builder node can be used to build a JSON object, which you can use later in your flow for reading or sending out to a server using a web call.

Under the input tab on the Properties, the input could be output from some other node, a variable, or a text string.

The output of a JSON builder can be used to send a JSON web call, or it can be read similarly to the JSON parser output.

IP Designer Series – JSON Parser Node

The JSON Parser node can be used to parse JSON data, either from a local file or from a response from a Web API.  The steps are very similar to getting XML data from a web API.

Under the input tab on the Properties, the input could be output from some other node, such as a file access node or Web Run result.

For the output, if you provide a sample file with a JSON response, that is an easy way to get the syntax for the variables coming across in the JSON response.  You can click “Set Variable” to see the syntax, and you can select “Export Variables” to get a file with the syntax for all variables in the sample file.

Use this output syntax to set variable values to use later in your flow.

Security Violation – Using Environment Utilities in IPA

Many times, you will have a need to run environment utilities (such as importdb) using a system command node, or a batch job such as IMDBB.  If you are getting security violations when you attempt to use these tools, you will need to elevate the Lawson Security privileges of the user running IPA.  The reason for this is that the system user running the IPA service is who actually is running those system commands.  Windows took away the ability to do a “run as”, so there is no way to bypass that user.

If you don’t know which user is running IPA, you can find out by executing a “whoami” command in a system command node on your IPA server.

Next you need to find this user in Lawson Security so you can elevate his privileges.  Open up Lawson Security and go to Manage Identities.  Search for the service account that you discovered in your “whoami” command.

Make not of the RMID and use that to search for the user under User Management.  Set that user’s “CheckLS” to “YES” and give him the roles required to allow access to the necessary environment utilities.

Cloud V11 Couldn’t Trigger Delivered IPA Service

The other day, we configured the delivered IPA service PurchaseOrderApproval, which is supposed to be triggered by releasing a PO.  We set up the purchasing companies to require approval, and we made sure the buyers used the company defaults.  And still when we would release a PO, the status went to “Released. Not Issued.” instead of “Needs Approval”, and no work units were created.

After verifying all of the settings on the Service Definition and IPA process, we finally realized that the tester did not have any Context Properties attached to her Actor record.  Context Properties are found under the Security menu when you log into CloudSuite Financials under the Administration Console role.  To assign contexts to an actor, choose “Actor Context”.  Search for your actor, and add the necessary context values to the actor.  The value will be your company’s Finance Enterprise Group, a value provided to you by Infor.

Other Authentication Options for Infor Lawson Applications

On March 1, 2019, Infor will no longer support LS/STS authentication configuration for Lawson applications.  The Infor recommended configuration will be to use Active Directory Federation Services (ADFS) for Single Sign-On (SSO) authentication. To learn more about ADFS, check out our other articles on the topic:

 

What are our other options?

If your organization chooses not to move to ADFS at this time, you have two other temporary options.

  1. Use Kerberos for authentication

Kerberos is another authentication type provided by Windows, and also works with your Active   Directory.  This authentication type is supported in Infor Lawson 10.

 

  1. Stay in an unsupported authentication configuration

As of March 1, 2019, Infor will no longer be releasing Lawson patches that take LS/STS authentication method into account.  This doesn’t mean your current versions of Lawson applications will stop working if you fail to move to ADFS at this time.  It just means that you won’t be able to upgrade past a specific ESP for each product (10.0.9 for Lawson).  When Infor sunsets the product versions that allow LS/STS, you will then be on an unsupported product version.  It is looking like this will happen sometime early 2021.

 

Have more questions? Contact us and setup a free, no obligation call with our installer to answer all your questions.

Five Things You Need to Know About Implementing ADFS For Your Infor Lawson Applications

On March 1, 2019, Infor will no longer support LS/STS authentication configuration for Lawson applications.  The Infor recommended configuration will be to use Active Directory Federation Services (ADFS) for Single Sign-On (SSO) authentication. To learn more about ADFS, check out our other articles on the topic:

Five Things to Know About Implementing ADFS

Here are some pro tips to help you prepare for your ADFS implementation.

  1. Version compatibility is important

Before you begin your ADFS implementation, it is important that you verify component compatibility.  Check the Lawson compatibility matrix for which version of ADFS is compatible with your versions of Lawson and Ming.le.  You must also verify that the version of ADFS you are installing is compatible with your version of Active Directory.  Additionally, you will need a minimum Windows Server version of 2012R2 on the server that is hosting ADFS and your domain controllers.

 

  1. You might need a new server(s)

The ADFS installation for Infor Lawson applications also requires Infor Federation Services (IFS) to be installed on the same server.  If you are not prepared to host IFS on a shared ADFS server, you will need to stand up a new Windows server dedicated to ADFS/IFS for Infor applications.

 

  1. There will be small changes in user maintenance

ADFS is an authentication method, and user maintenance will change slightly.  For instance, you will be able to disable users right in ADFS rather than having to do it in Lawson Security.  Also, there will be a new identity to maintain in Lawson Security.  When you implement ADFS, you will need to import all your users into IFS.  However, implementing ADFS will not change the user authorization tools.  You will still use Lawson Security Administrator (LSA) or Infor Security Services (ISS) to maintain users and roles, and those roles will work the same.

 

  1. SSL is required for Infor Lawson applications

All of your Lawson web applications must use HTTPS to be able to implement ADFS.  If your web applications are not currently using HTTPS, it is recommended that you make this change prior to implementing ADFS.  You will need to choose a certificate authority (CA) and install certificates at each endpoint.

 

  1. You need a SQL Server to host IFS databases

IFS will create new SQL Server databases, so you will need to have a SQL Server to host those.  You can use a shared database server for this, such as your server that hosts Ming.le data or the server that hosts your Lawson data.

 

Have more questions? Contact us and setup a free, no obligation call with our installer to answer all your questions.