Posts

How to Resolve Workunits Sitting in Ready Status

Problem: Workunits for Infor Process Automation are sitting in Ready Status and not processing.

Solution:
1.  Via LmrkGrid (Grid Management), determine how many workunits may simultaneously process in your system. (see attached “DeterminingSimultaneous.docx”)

  1. Determine how many workunits are currently in a processing state.

NOTE:  Please refer to attachment “DeterminingSimultaneous.docx” for instructions on determining simultaneous processes.  In case you will need to engage support, you should screenshot this information to provide when you open the support incident.

 

– Command to count records in Ready Status:  dbcount <DATAAREA> -f Status=\”1\” PfiWorkunit

– Command to count records in Processing Status:  dbcount <DATAAREA> -f Status=\”2\” PfiWorkunit

– Command to count records in Completed Status:  dbcount <DATAAREA> -f Status=\”4\” PfiWorkunit

 

It is a good idea to monitor and take counts of these records periodically. Are the number of workunits in Ready status growing? Are the number of workunits in Completed status growing? Is the number of workunits in Processing status equal to the maximum number workunits that can simultaneously process?

NOTE: If the number of workunits in Ready Status is growing and the number of workunits in completed status is not, then either:

  1. You have workunits that processing for a very long time holding up the system; use the Grid Management UI to determine which workunits are processing so long and determine if those are stuck in a loop; or if they are just processing normally large jobs. Consider cancelling the long running workunits, and scheduling them to run in off business hours.
  2. If you are on Landmark 10.1.0.x, there was a bug in this version of Landmark that periodically caused Async to stop picking up new workunits. This issue was resolved by a re-write of Asnyc and LPA nodes in 10.1.1.x Landmark versions. If you are on Landmark 10.1.0.x you should restart the Async Node, and the IPA node.

NOTE: The workunits that were already queued to an LPA node will not automatically start back up;  the workunit polling frequency (default 30 minutes) will need to trigger before they are requeued to a new LPA node.

Troubleshooting: Rich Client workunit log too large to extract

Depending on the process run, Rich Client workunit logs can grow extremely large. So large in fact that you may not be able to extract the full log from the Landmark Rich Client.

If a workunit log grows too large you may not be able to extract the full log from the Landmark Rich Client,  in this case you can use the following command to extract the log from a Landmark Command Prompt.

What Is the Landmark Command Prompt?
The Landmark administrator will perform many tasks from a command prompt. When you are instructed to use a Landmark command prompt, you should be sure you are in the Landmark Environment that you want to use, and that all environment variables are set correctly.

Setting Environment Variables
Before you startBefore you perform this procedure, be sure that the /etc/lawson/environment/environmentName/config.sh file contains the appropriate settings for environment variables.

 

Use this procedure to export the appropriate environment variables for your Landmark Environment before issuing commands from a Landmark command prompt.

To set the Landmark Environment variables

At a command prompt, type

. cv landmark-env-name

Where landmark-env-name is the name of the Landmark Environment.

Resolution:

dbexport -C -f “PfiWorkunit=####” -o . -n <dataarea> PfiWorkunit

Example:

dbexport -C -f “PfiWorkunit=7000” -o . -n prod PfiWorkunit

Adding a custom field to a form using Configuration Console

Find the name of the Form and the Business Class that you want to add the field to (Ctrl-Shift-Click on any field on the form)

Log into Rich Client and go to Start > Configure > Application (make sure that you have been granted access to Configuration Console)

Find your Business Class, and click “User Fields” under the class

Click the “blank paper” icon to add a new user field

Give your user field a meaningful name (no numbers or special characters allowed, and the field name must begin with an upper-case letter)

Next, go to configured forms and find the form name that you noted earlier

If this form has never been customized, you may need to click the blank paper icon to add it to the Configured Forms list

Once the form has been added as a configured form, click on the form name, then click “Configure”

Navigate to the location where you want to add the user field

Click the blank paper and select “User Field”

Configure the user field for the form

Click “Save” and verify that the user field is now on your screen

Rich Client Dev vs Prod Appearance

When using Infor Cloud, the landmark rich client looks the same in dev as it does in prod. How can I easily recognize the difference between them?

Mistakes can happen when you are frequently changing between a development and production environment. It is easier to tell the difference between the environments when the productlines are installed with different names (dev and prod for example). If your environments use the same names, you can change the appearance in the rich client to help make it more obvious which environment you are using. From the Rich Client, click Start – Settings. Then select a different Theme color for the dev productline (green for example) and add DEV to the Display Name field. The other productlines on the dev system can also be selected and changed to green. Each of the productlines on the prod system can be changed to another color while also changing the Display Name to include PROD.

How Can I Personalize a Form?

From the Landmark Rich Client, forms can be changed under Options – Personalize in the menu.  Fields on a form can be renamed or changed in color or style.  They can be hidden, marked as display only, or as required.  In this example, the field “Last Employment ID Assigned” is highlighted in bold red with a shortened name.   Once Personalize is selected, Form Personalization shows Actions and Fields at the top.  Actions will allow restrictions for a specific condition.  In this case, click on the “Last Employment ID Assigned” and then click Fields in the upper right.  Select the Label tab to change the style, color, and text.  Once the changes are made, the window is closed and the Form Personalization is Saved in the upper right.  The changes are then seen immediately without restarting the client.  To undo the changes, return to Options – Personalize in the menu, and click Reset in the upper right.

How can I turn off security in Landmark?

Enabling or disabling security can be done in Authorization Activation through Security System Management.  This can be accessed from the landmark validation url’s or from within the rich client.  The validation page can typically be found at D:\LMKDEV\gen_ValidationURLs.htm where D:\LMKDEV is the landmark installation folder.  Opening the htm in a web browser will list the link for Security System Management.

http://landmark.domain.com/SecuritySystemManagement/page/SecuritySystemManagement?csk.gen=true

From the Security System Management screen, select Authorization Activation in the upper right of the menu. It will return a list of productlines.  Double clicking a productline (or Actions – Open from the menu) will return the Security Activation screen.  The screen shows Security Status as a parameter with values to allow All Access, No Access, Process Rules.  Select All Access to turn off the security rules and save the change.  Select Process Rules to again enable security restrictions.

 

Copying Landmark Productline

Copying productlines in S3 is a breeze, but Landmark is a different story. There are several possible scenarios and a lot of things to consider. Join us for this one hour webinar and gain access to a free tool that will help the process.

Nogalis Webinar: Copying Landmark Productline (October 26th, 9 AM PST)

Copying productlines in S3 is a breeze, but Landmark is a different story. There are several possible scenarios and a lot of things to consider. Join us for this one hour webinar and gain access to a free tool that will help with the process.

A few things to keep in mind:

  1. Our webinars always fill up and we only have the capacity to host 200 attendees so sign up now!
  2. The time of the webinar is 9:00am PST. So please mind your time zone.
  3. Once you sign up, you can’t share the webinar link as each link allows for one unique session. So if you have colleagues who are interested in attending, please have them signup separately or else their session will kick you out.

We use anymeeting for our webinars. The application sometimes asks you to install a plugin. In order to be ready on time. Please give yourself an additional 10 minutes before the webinar begins.

When: Thursday October 26, 2017

               9:00 AM to 10:00 AM PST

This webinar is free to attend. Register Now

Landmark Authentication Fails

After completing federation and restarting LSF and Landmark, landmark authentication fails.  The security authen log returns the following error:  sun.security.validator.ValidatorException: PKIX path building failed.

This can happen if secured ldap bind is being used.  With the secured ldap bind (using ldaps protocol and port 636), the certificates from the AD server are missing from the java keystore on the landmark server.  This can happen even if you are using SSOP on LSF for authentication.  To resolve the issue, export the certificates from the AD server and import them into the java keystore.  If LSF was bound to AD, the certificates should already be on the LSF box.  They can be copied over from LSF and imported to the keystore on the landmark server using the following example.

 

D:\JDK\bin\keytool.exe  -keystore D:\JDK\jre\lib\security\cacerts -importcert -alias ADca –file D:\cacert.cer

D:\JDK\bin\keytool.exe  -keystore D:\JDK\jre\lib\security\cacerts -importcert -alias ADroot –file D:\root.cer

 

 

Error:

 

Wed May 31 09:49:13.112 MDT 2017 – default-724934462: Error encountered while getting users DN. Please see logs for details[egn1ldmam2ike26udaqvs9rs2g]Could Not Bind With privileged identity. User [lawson]simple bind failed:ldap.domain.com:636

Stack Trace :

javax.naming.CommunicationException: simple bind failed: ldap.domain.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)

at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2788)

at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)

at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)

at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)

at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)

at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)

at javax.naming.InitialContext.init(InitialContext.java:244)

at javax.naming.InitialContext.<init>(InitialContext.java:216)

at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)

at com.lawson.security.authen.LawsonLDAPBindLoginProcedure.getDNForUser(LawsonLDAPBindLoginProcedure.java:446)

at com.lawson.security.authen.LawsonLDAPBindLoginProcedure._authenticate(LawsonLDAPBindLoginProcedure.java:233)

at com.lawson.security.authen.LawsonLDAPBindLoginProcedure.authenticate(LawsonLDAPBindLoginProcedure.java:681)

at com.lawson.security.authen.LawsonLoginSchemeImpl.authenticate(LawsonLoginSchemeImpl.java:1701)

at com.lawson.security.authen.LawsonProgrammaticAuthenticatorImpl.authenticate(LawsonProgrammaticAuthenticatorImpl.java:198)

at com.lawson.security.authen.LawsonProgrammaticAuthenticatorImpl.authenticate(LawsonProgrammaticAuthenticatorImpl.java:100)

at com.lawson.rdtech.gridadapter.provider.LmrkSessionProvider.createGridPrincipal(LmrkSessionProvider.java:287)

at com.lawson.rdtech.gridadapter.provider.LmrkSessionProvider.validatePassword(LmrkSessionProvider.java:254)

at com.lawson.rdtech.gridadapter.provider.AbstractSessionProviderBase.logon(AbstractSessionProviderBase.java:134)

at com.lawson.rdtech.gridadapter.provider.LmrkSessionProvider.logon(LmrkSessionProvider.java:159)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at com.lawson.grid.proxy.ProxyServerImpl$ProxyRequestThread.invoke(ProxyServerImpl.java:2715)

at com.lawson.grid.proxy.ProxyServerImpl$ProxyRequestThread.processRequest(ProxyServerImpl.java:2502)

at com.lawson.grid.proxy.ProxyServerImpl$ProxyRequestThread.runThread(ProxyServerImpl.java:2425)

at com.lawson.grid.util.thread.PooledThread.run(PooledThread.java:137)

at java.lang.Thread.run(Thread.java:745)

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)

at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)

at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)

at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)

at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)

at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)

at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)

at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:426)

at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:399)

at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359)

at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)

… 30 more

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)

at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)

at sun.security.validator.Validator.validate(Validator.java:260)

at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)

… 43 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)

at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)

at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)

… 49 more

 

Wed May 31 09:49:13.113 MDT 2017 – default-724934462: Error encountered while getting users DN. Please see logs for details[egn1ldmam2ike26udaqvs9rs2g]Could Not Bind With privileged identity.

Wed May 31 09:49:13.113 MDT 2017 – default-724934462: Failed to get DN for user: lawson

Configuring the Landmark Main Configuration Set

This article will demonstrate how to set up the most commonly-used Infor Lawson configurations in Landmark.

Infor delivers two configuration sets with Landmark: “main” and “system”.  “Main” refers to the LSF environment, and “system” refers to the Landmark environment.  It is best practices to use these configuration sets for the processes that access these systems.

Here are the most commonly used configurations for Lawson:

Infor Lawson

Used for web calls (DME/AGS) to Lawson, as well as Resource queries (Lawson Security)

  • Infor recommends using Connection Type “Web”
  • Retry Count – number of times IPA will retry the connection after a failed attempt
  • Pause Time – Amount of time in milliseconds between each attempt to reconnect when web call fails
  • User – the web user who has access to DME/AGS calls and/or Lawson Security
  • Password – the web user’s password
  • Data Area – the name of the data area being accessed in the LSF environment
  • Web Root – http://servername.company.com
  • Time Out – Number of seconds of attempting to connect after which a timeout occurs
  • Page Size – The number of records returned in a DME query (blank means no limit)

File Access

Used for file reads and manipulation on the LSF server

  • Click “Remote” if LSF resides on a different server from Landmark
  • LSF Web RMI Root – Same as Web Root in the Infor Lawson connection (http://server.company.com)
  • Web user – the user who has directory access on the Lawson server
  • Web password – the above user’s password
  • RMI timeout – Number of milliseconds of attempting to connect after which a timeout occurs
  • GENDIR – GENDIR environment variable value on the LSF server
  • LAWDIR – LAWDIR environment variable value on the LSF server

 

JDBC

Used for SQL Queries and transactions

  • JDBC Driver – the driver name used for JDBC
  • Database URL – build the URL for your db
    • Example: jdbc:sqlserver://servername\instancename:port;databasename=databasename
    • Instance Name is optional
    • Port is optional (default is 1433)

 

Web

Used for the Web Run process node (can be used to update and run batch jobs, etc.)

  • Data Area – the data area to which you are connecting on LSF
  • Web Root – http://servername.company.com
  • User – the user who has access to web run calls
  • Password – the above user’s password
  • Time Out – Number of seconds of attempting to connect after which a timeout occurs
  • Amount of time in milliseconds between each attempt to reconnect when web call fails

 

Sys Cmd

Used to run command line system commands, including Lawson commands such as importdb

  • Check “Remote” is LSF resides on a separate server from Landmark
  • LSF Web/RMI Root – http://server.company.com
  • Web User – the user who has access to the LSF system
  • Web password – Web User’s password
  • RMI timeout – Number of milliseconds of attempting to connect after which a timeout occurs
  • GENDIR – GENDIR on LSF system
  • LAWDIR – LAWDIR on LSF system
  • Run as user – the provide user credentials under which the command should run
    • NOTE: Windows no longer allows cmd to be run as a different user, so command line will always be run under the user running the bpm service. This is most likely the system user, and as a result, that user will have to be added to Lawson security and given access to run Lawson commands (if that is how this node is used)
  • Run as user password – above user’s password (see note above)
  • Command timeout – Number of milliseconds of attempting to connect after which a timeout occurs