AD FS Configuration Errors – gMSA/Insufficient Privileges

If you are configuring AD FS, it is important to remember that you must have at least one domain controller hosted on Windows Server 2012 (at a minimum).  If your infrastructure does not meet these requirements, you will receive the below errors during the AD FS configuration.  Update those domain controllers!


Update ADFS Certificate

When it is time to renew the certificate on your AD FS server, you will need to import the new certificate.  To do this, you will first need to get the thumbprint of your newly installed certificate.  Then, run the Set-AdfsSslCertificate command and provide the thumbprint value you retrieved.

Setting session timeout for ADFS and Lawson

It is recommended that the session timeout for AD FS and Lawson be synchronized. You can modify the session timeout in Lawson for Lawson in ssoconfig option 1. To modify the session timeout for AD FS, set the TokenLifetime for your relying party trust using the command below.

Find database file by prefix

Clicking Ctrl+Shift+O in a field on a screen in Lawson is a useful tool to determine what database file that field is populated by. This can be used in Lawson DME Queries, but it also can be used in SQL queries. The prefix of the field name (such as VEN) maps to the table name where the value comes from. If you don’t know how the prefix maps to a table, you can easily find this information in the GEN database. The table you want to search is FILEDEF on the PREFIX column. So, your query might look something like this:


This will return the record that contains table name and other information about the database file that populates this screen.

Troubleshooting ED501 job in recovery

A common ED501 message is “WARNING: SUBSTITUTION TABLE ENTRY NOT FOUND”.  This substitution table is maintained in screen ED40.1, and if the key values passed to ED501 are missing, you will receive this error.  Simply update your ED40.1 and recover the job.

If this message causes your job to go into recovery, that is because you have not set up notifications for EDI.  If you set up notifications, then this message will cause an email to be sent about the warning, but the job will continue to process the remaining files.  Notifications are configured on ED00.1, as well as the configuration file located in the EDI directory.


Cascading Parameters in Crystal Reports for LBI

When creating an LBI report, there may be a need for a parameter list to be dependent on a previous parameter selection.  The best way to accomplish this in Crystal is to create a cascading parameter. This method works even for multiple-select parameters.

First, create a data source that contains the values you want in your parameters. If your report data source is large, it is best to move that into a sub report, and add a parameter dataset to your main report. In the parameter data set, pull all the records that might be dependent on each other, such as companies and locations.

Create a new parameter called “Locations”. The List of Values should be dynamic. Select a new data source. Set the value and description of the top-most parameter (in this case, Company). Click on the next line in the value box to create a cascading parameter.  In this case, point it at the Location data. Allow select multiple for the parameters where it applies.

Go to Report > Select Expert > Record. Set the Company value equal to the Locations – Company parameter. This way the list of Locations will be dynamically loaded when Company is selected.

When you publish the report to LBI, make sure that you configure the report to use the Crystal Reports parameter page.

How to Update LBI WebSphere Data Source

If you change the database server that hosts your LBI data, you will need to point your LBI instance to the new server.  This is done in WebSphere.  Log into your LBI WebSphere console, and navigate to Resources > JDBC > Data Sources.  Click on each data source that needs to be updated (LawsonFS, LawsonRS, LawsonSN).  Modify the server name, click OK and Save.

If the user credentials are different for this new data source, from the data source screen go to JAAS – J2C authentication data and update the credentials there.

Save the configuration changes and synchronize the nodes (if applicable).  Go back to the Data Sources screen and test each connection.

How to Update Lawson Database

To update the database server that your Lawson instance is pointing to, you will need to modify the MICROSOFT (or ORACLE) files for each environment that you are updating.  These files can be found at %LAWDIR%/DATAAREA/MICROSOFT.  Simply change the server name for the DBSERVER value and bounce your Lawson services.

NOTE: This article assumes that your new database server utilizes the same credentials/authorization as the original database server.




How to Update Landmark Database

To point your Landmark instance to a new database server, you need to update the db.cfg file for each environment.  These files can be found at %RUNDIR%/DATAAREA/db.cfg.  Make sure you update the data source for each data area, including GEN.  Bounce the Landmark services, or reboot your server, and you are done!



Migrate LBI Data to a new Database Server

Whether you are refreshing your test LBI environment or moving all your data to a new database server, you may eventually need to migrate your report data for LBI. This is a relatively simple process, provided the LBI instances using the data are the exact same version and service pack level.

First, back up your LBI databases on the source server and restore to the destination server (LawsonFS, LawsonRS, LawsonSN).

If you are migrating data for one LBI instance, you just need to point your WebSphere data sources to the destination server.

If you are migrating data for a new LBI instance, or for your test environment, you’ll need to update all the services and references to the old LBI instance.  In the LawsonFS database, ENPENTRYATTR table, you’ll need to search the ATTRSTRINGVALUE column for your old server name, and replace it with the new server name.  For example,


SET ATTRSTRINGVALUE = REPLACE(ATTRSTRINGVALUE, ‘source-server’, ‘destination-server’)



After you update those strings, you will need to redo your EFS and ERS install validators to set the correct URL.

  • http(s)://
  • http(s)://
  • http(s)://

Next, log into LBI and go to Tools > Services.  Click on every service definition to look for the source server name, and update with the destination server name.

Make sure your data sources are pointing to the proper ODBC DSNs, and/or add new ODBC connections.  Test and verify all your reports.