How to get a Lawson Profile ID in LID without access to Lawson Security Administrator

For whatever reason that you need a Lawson profile ID, below is a quick way to access it in LID.

  1. Login into LID and go to a temp directory you’re okay with dumping a file to.
  2. Run this command lsdump -f roledump.txt ROLE SuperAdminRole
  3. Go to the directory you dumped the file in and open roledump.txt in a text editor
  4. Search for ProfileID until you find the one you’re looking for

Chances are, SuperAdminRole is created with an admin class assigned to it. You can also view this file using LASHOW command without having to dump the file.

Good luck!

IP Designer Series – Resource Update Node

The Resource Update node is used to add/edit/delete resources in Lawson Security (Resource Manager).  This node is extremely useful for automating onboarding and offboarding.

In the properties of the node, click “Build” to build your resource update action.

Select your action and the type of object you are updating (People or Thing).  The selection criteria and the updated values can be IPA variables.

After you click “OK” on the build, you will be able to see what is being updated in the properties window.

LBI Ancestors Error

If your LBI instance is installed with Crystal Report Application Server 2011, you may see a recurring error in your LBI WebSphere logs, referencing “JSONOBject[“ancestors”] is not a JSONArray”.

This is a known defect in CRAS 2011, and will be resolved with an update to CRAS 2011 SP4.  You can safely ignore this error, or you can configure the logger to ignore it.  To configure the logger to ignore the error, add the following to the LBI_HOME\Reporting Services….\erswar-x.x.war\WEB-INF\classes\log4j.xml:

<!– Workaround to supress JSONObject [“ancestors”] is not a JSONArray. error–>

<logger name=””>

<level value=”FATAL”/>



Then, restart WebSphere and verify that the errors are no longer being logged.


Document Express error 52 – Bad file name or number

You may be running Document Express with Lawson and Citrix Storefront and encountering this error. Before you jump to conclusions that this issue is related to Lawson or Citrix security, check these steps below.


The user is likely experiencing this error when trying to import invoices into Document express.

  1. Make sure that all application related access is set in MHC.
  2. Verify the user has Active Directory access to the import routine folder on the server where the invoices are loaded in from Lawson.
  3. Lastly, verify the user has access to the import routine directly from Windows folder explorer. This path can be found in the import routine itself in document express.
  4. Copy the import routine path, paste it into Windows folder explorer to verify access.

Conclusion: When the user imports the invoice in doc express, it downloads the file locally and opens it. Verify both channels are open for the user.

Certificate Error When Loading Rich Client

If you launch Rich Client and get a certificate error (particularly after a new Landmark install or update), here are the steps to update your IRC certificate.

Here is a sample error message that you might receive before you are even presented with a login screen:

You can resolve this issue either in the LPA web administration tool, or you can log into your IPA server as the lawson user, open a Landmark command window, and type the command “canvas64 gen”.  These tasks are performed in the GEN data area.

In the search box, type “IRC” and select “IRC Trusted Certificates”

Go to Actions > Create

Add the certificate by file.  Browse to a previously exported certificate (Base 64 cer format) and click the save button.  The certificate details will be displayed if the certificate is valid.

Database File Space Issues That Manifest in IPA Errors

We recently noticed some strange behavior in IPA. All of our work units were stuck in “Ready” status, and the few Work Units that actually had errors indicated a java heap space issue. Some of the work units weren’t showing that a log was being created. We were also getting a generic error when uploading IPA processes.

It did seem like there was some kind of space or memory error. A reboot of the server didn’t address the issue. We were investigating and just happened to look at the command line window that opens up with IP Designer. That was the only place where saw a useful error message. It indicated that the database file had run out of space.

The resolution was to increase the “Maxsize” property on the IPA database file. In SQL Server, this is in the Database properties, Files tab.

Tips for Preparing for Infor Patch Bundles

For Infor Cloud customers, Infor periodically releases patch bundles that keep their cloud applications up to date. There are typically dozens (or hundreds) of patches applied during these bundles, to all the Infor applications hosted in the cloud. This can be an overwhelming prospect for users and IT staff who are tasked with testing and validation during these patches.

Here are some quick tips for preparing your organization for a patch bundle:


  • Release notes: Infor always provides release notes on the patch bundle that they are implementing. These bundles are cumulative, so the notes on Lawson for instance, will describe ALL of the CTPs that are available for your version of Lawson. So, to make it more manageable, compare your last bundle’s release notes to the current one, and determine which patches are actually going to be applied. Then, save off the html files for those patches and review them.
  • Security: Occasionally the bundles will impact Lawson Security, and even more frequently they will implement new forms/fields/tables/columns that need to be secured. Run some security reports before the bundle so that they can be compared to the same reports after. Also, search your html release notes for any tokens that will be added, and determine if your organization needs to secure them.
  • Reports: Run reports or queries for data validation, but also search the release notes for database changes, and make sure that you are ready to update any reports that are impacted by those changes.


  • Certificate: If you own MSCM, it is almost always going to be updated as part of the patch bundle. There is often an issue with the certificate after this update. Either the certificate is no longer valid, or it wasn’t generated during the patch. After the update, make sure you go directly to the CAB file location and that you see a valid certificate there (it’ll be named like your server). If you don’t see the file, or if you get security errors when trying to connect, open a ticket with Infor letting them know you think your cert is not valid.
  • CAB files: It is best practices to delete all your CAB files from the handhelds and reinstall them after these major updates.


  • Interface validation: There is a high probability that one or more of your IPA processes will be impacted by the patch bundle. It is important to test every single interface end-to-end.
  • IP Designer: The IP Designer version MUST match the Landmark/IPA version exactly. So, after a patch bundle, you WILL have to download a fresh version of IPD.


  • What to test: You are most likely going to need to test everything. Daily, weekly, monthly, and annual processes should be included in your testing.
  • How to test: Provide users with test scripts for each function, and have a central location for users to log the results. We like to use Jira as our central repository for testing.


  • You can use LID to validate data counts. You should also compare pre-update reports to post-update reports in all applications, including security.

Infor Support Ending for Internet Explorer

As of October 31, 2020, Infor is no longer going to support Internet Explorer as a browser for accessing Lawson applications. According to Microsoft, the end of life for IE will coincide with the end of life for Windows 10, so this is not a notice for the end of life for IE. This just means that any future Infor patches will not be developed to function with Internet Explorer.


Lawson has been stable in Chrome since the later releases of version 9. It is also supported on Microsoft Edge Chromium and Firefox. There are some things you will want to consider before moving to a different browser:

Impacted Applications

  • Infor Lawson System Foundation (LSF) 10.0.X.0 release
  • Infor Landmark Technology Runtime 10.1.1.X and 11 releases
  • Lawson for Infor Ming.le 10.0.X.0 and 10.1.X releases
  • Infor Lawson for Ming.le Content Lawson applications 10.0.X release
  • Infor Lawson Requisition Center 10.0.X.0 release
  • Infor Lawson Smart Reconciliation 10.0.X.0 release
  • Infor Lawson Procurement Card Self-Service 10.0.X.0 release
  • Infor Employee and Manager Self-Service 10.0.X.0 release
  • Infor Lawson Contextual Applications 10.0.X.0 release
  • Infor Lawson Mobile Supply Chain Management (MSCM) 11.X release
  • Infor Lawson Point of Use (POU) 11.X release
  • Infor Lawson Business Intelligence (LBI) 10.X.0.0 release
  • Infor Business Intelligence for Lawson (IBI) 10.X.0.0 release
  • All Infor Human Capital Management (HCM) products, including Infor Global Human Resources (GHR) and Infor Talent Management 10.1, 10.2 and 11 releases.
  • Infor CloudSuite Financials & Supply Management (CSF) 11 release

Design Studio

  • Design Studio 10 (the application) is going to continue to be supported in Internet Explorer
  • Design Studio forms might need some updates to make them compatible with a different browser. Design Studio relies heavily on JavaScript, and some of the syntax is browser-dependent.  Make sure you test all of your design studio forms before having users switch browsers.


  • MSCM 10 is not compatible with Chrome. Infor will continue to support Internet Explorer with MSCM 10 installations until the end-of-life for MSCM 10.X.
  • MSCM 11.X (base, POU, and SIM) is compatible with Chrome, and it is recommended that you get to v11 as soon as possible! Contact us if you need help upgrading.


  • Switching browsers should be pretty seamless. Just have your users spend a week performing their daily tasks in your organization’s chosen browser, and log any issues that arise.  If they hit a wall, they can always move to IE until a workaround is provided.
  • Upgrade MSCM! If you own licensing for MSCM, the update should already be available to you.


As always, check the Infor Lawson compatibility matrix to get the latest information in application compatibility.

Securing a website using IIS

If your organization has custom websites that need to be secured quickly and easily, you can use the IIS internal authentication and authorization rules.

First make sure that your host server is set up to utilize Windows Authentication.  In Roles and Features  > Server Roles > Web Server (IIS) > Security, install “Windows Authentication”.

Once Windows Authentication is installed, select your site in IIS and select “Authentication”

Set Windows Authentication to enabled

Go back to your website, and select “Authorization Rules”

From here, you can give access to individual users or Active Directory groups.  The users will be presented with a Microsoft credentials dialog, and they will log in with their Windows credentials.