Tips for Preparing for Infor Patch Bundles

For Infor Cloud customers, Infor periodically releases patch bundles that keep their cloud applications up to date. There are typically dozens (or hundreds) of patches applied during these bundles, to all the Infor applications hosted in the cloud. This can be an overwhelming prospect for users and IT staff who are tasked with testing and validation during these patches.

Here are some quick tips for preparing your organization for a patch bundle:

Preparation

  • Release notes: Infor always provides release notes on the patch bundle that they are implementing. These bundles are cumulative, so the notes on Lawson for instance, will describe ALL of the CTPs that are available for your version of Lawson. So, to make it more manageable, compare your last bundle’s release notes to the current one, and determine which patches are actually going to be applied. Then, save off the html files for those patches and review them.
  • Security: Occasionally the bundles will impact Lawson Security, and even more frequently they will implement new forms/fields/tables/columns that need to be secured. Run some security reports before the bundle so that they can be compared to the same reports after. Also, search your html release notes for any tokens that will be added, and determine if your organization needs to secure them.
  • Reports: Run reports or queries for data validation, but also search the release notes for database changes, and make sure that you are ready to update any reports that are impacted by those changes.

MSCM

  • Certificate: If you own MSCM, it is almost always going to be updated as part of the patch bundle. There is often an issue with the certificate after this update. Either the certificate is no longer valid, or it wasn’t generated during the patch. After the update, make sure you go directly to the CAB file location and that you see a valid certificate there (it’ll be named like your server). If you don’t see the file, or if you get security errors when trying to connect, open a ticket with Infor letting them know you think your cert is not valid.
  • CAB files: It is best practices to delete all your CAB files from the handhelds and reinstall them after these major updates.

IPA

  • Interface validation: There is a high probability that one or more of your IPA processes will be impacted by the patch bundle. It is important to test every single interface end-to-end.
  • IP Designer: The IP Designer version MUST match the Landmark/IPA version exactly. So, after a patch bundle, you WILL have to download a fresh version of IPD.

Testing

  • What to test: You are most likely going to need to test everything. Daily, weekly, monthly, and annual processes should be included in your testing.
  • How to test: Provide users with test scripts for each function, and have a central location for users to log the results. We like to use Jira as our central repository for testing.

Validation

  • You can use LID to validate data counts. You should also compare pre-update reports to post-update reports in all applications, including security.

Infor Support Ending for Internet Explorer

As of October 31, 2020, Infor is no longer going to support Internet Explorer as a browser for accessing Lawson applications. According to Microsoft, the end of life for IE will coincide with the end of life for Windows 10, so this is not a notice for the end of life for IE. This just means that any future Infor patches will not be developed to function with Internet Explorer.

 

Lawson has been stable in Chrome since the later releases of version 9. It is also supported on Microsoft Edge Chromium and Firefox. There are some things you will want to consider before moving to a different browser:

Impacted Applications

  • Infor Lawson System Foundation (LSF) 10.0.X.0 release
  • Infor Landmark Technology Runtime 10.1.1.X and 11 releases
  • Lawson for Infor Ming.le 10.0.X.0 and 10.1.X releases
  • Infor Lawson for Ming.le Content Lawson applications 10.0.X release
  • Infor Lawson Requisition Center 10.0.X.0 release
  • Infor Lawson Smart Reconciliation 10.0.X.0 release
  • Infor Lawson Procurement Card Self-Service 10.0.X.0 release
  • Infor Employee and Manager Self-Service 10.0.X.0 release
  • Infor Lawson Contextual Applications 10.0.X.0 release
  • Infor Lawson Mobile Supply Chain Management (MSCM) 11.X release
  • Infor Lawson Point of Use (POU) 11.X release
  • Infor Lawson Business Intelligence (LBI) 10.X.0.0 release
  • Infor Business Intelligence for Lawson (IBI) 10.X.0.0 release
  • All Infor Human Capital Management (HCM) products, including Infor Global Human Resources (GHR) and Infor Talent Management 10.1, 10.2 and 11 releases.
  • Infor CloudSuite Financials & Supply Management (CSF) 11 release

Design Studio

  • Design Studio 10 (the application) is going to continue to be supported in Internet Explorer
  • Design Studio forms might need some updates to make them compatible with a different browser. Design Studio relies heavily on JavaScript, and some of the syntax is browser-dependent.  Make sure you test all of your design studio forms before having users switch browsers.

MSCM

  • MSCM 10 is not compatible with Chrome. Infor will continue to support Internet Explorer with MSCM 10 installations until the end-of-life for MSCM 10.X.
  • MSCM 11.X (base, POU, and SIM) is compatible with Chrome, and it is recommended that you get to v11 as soon as possible! Contact us if you need help upgrading.

Recommendations

  • Switching browsers should be pretty seamless. Just have your users spend a week performing their daily tasks in your organization’s chosen browser, and log any issues that arise.  If they hit a wall, they can always move to IE until a workaround is provided.
  • Upgrade MSCM! If you own licensing for MSCM, the update should already be available to you.

 

As always, check the Infor Lawson compatibility matrix to get the latest information in application compatibility.

Securing a website using IIS

If your organization has custom websites that need to be secured quickly and easily, you can use the IIS internal authentication and authorization rules.

First make sure that your host server is set up to utilize Windows Authentication.  In Roles and Features  > Server Roles > Web Server (IIS) > Security, install “Windows Authentication”.

Once Windows Authentication is installed, select your site in IIS and select “Authentication”

Set Windows Authentication to enabled

Go back to your website, and select “Authorization Rules”

From here, you can give access to individual users or Active Directory groups.  The users will be presented with a Microsoft credentials dialog, and they will log in with their Windows credentials.

 

 

 

Backing up the AD FS internal databases on Microsoft Server 2012

If AD FS is configured to use the Windows Internal Database (WID) server, there are a couple of ways to maintain the databases created in the install.  They can be maintained using command-line sql or SQL Server Management Studio.  The AD FS configuration databases are called AdfsArtifactStore and AdfsConfiguration.

Not that both of these methods need to be performed on the server where AD FS is configured.

 

Command-line SQL

Log into the AD FS server using the service account under which AD FS was configured.

To prepare the server to run SQLCMD.exe, you will need to install the Native Client, ODBC Driver 11 for SQL Server, and the Command Line Utilities for SQL Server 2012.  These can be downloaded from Microsoft’s website.

Once these utilities are installed, create two “.sql” files using a text editor, one for the artifact database and one for the configuration database.  The following text should be placed in the sql file (update with the appropriate names and file paths).  The database names are AdfsArtifactStore and AdfsConfiguration.

BACKUP DATABASE [database name] TO DISK = “backup-path/backup-file.BAK” WITH NOFORMAT, INIT, NAME = “Artifact – Full Database Backup”, SKIP, NOREWIND, NOUNLOAD,STATS = 10

GO

Next, run the sqlcmd to execute a SQL script (provide the name of the script you created in the step above).

sqlcmd.exe -S \\.\pipe\MICROSOFT##WID\tsql\query -i sql-script-path\sql-script-filename.sql

 

SQL Server Management Studio

The WID server can also be accessed using SQL Server Management Studio (SSMS).  Note that SSMS must be installed on the server where AD FS is configured in order to be able to connect.

Log into the AD FS server using the service account under which AD FS was configured.  Run SSMS as administrator.  Connect to the server \\.\pipe\MICROSOFT##WID\tsql\query, and use Windows Authentication to connect.

The AD FS configuration databases are AdfsArtifactStore and AdfsConfiguration.  As long as you logged into SSMS as administrator, you should have admin rights on these databases to perform backups, run queries, etc.

 

How to verify Lawson user AD identity through Windows powershell

A user in Lawson is unable to login to their account. Username or password is incorrect. Assuming your organization is using single sign-on through Active Directory, you can verify the user’s username via Windows powershell.

  1. Login into Lawson Security Administrator (or SCWeb Admin App). Locate the user and copy the username.
  2. Open powershell and check the user via this command: Get-ADuser -identity <username>
  3. If you receive this error: “Cannot find an object with identity”, the user is not setup in AD under that username.
  4. Check with the organizations IT team to verify the correct AD user (assuming you don’t have direct access).
  5. Once they send you that ID, check via powershell again and it should return this result:

How to fix bookmark add error in Lawson portal

If you’re trying to add new bookmarks in Lawson portal and receiving an add error, there might be an issue with your bookmark xml files.

To resolve this, follow the steps below:

  • Login into Lawson portal as an admin and run Rebuild Custom Form Index
  • Verify lo12.1.addchild.xml, lo12.1.addtop.xml, lo12.1.edit.xml are in the LAWDIR/persistdata/lawson/portal/content/forms directory
  • In portal go to Set Custom Forms Data Area
  • Click Find ‘lo’ to show data forms (switch “current data area” if they don’t show).
  • In the new data area select LOGAN and click Update. Run IOSCacheRefresh.

Done!

How to delete a recurring Journal Entry in Lawson

Though this is a fairly simple task, it typically requires higher access (sometimes temporary access as some organizations only want users deleting journal entries once or twice a month).

  1. Login to Lawson portal and go to GL70.1
  2. Enter the company and journal entry number, hit Inquire.
  3. Click the “New Entry” button
  4. This will take you to GL70.2 and contain the same company/entry number (if not, enter again and hit inquire).
  5. After inquiring again, hit Delete and confirm the journal entry has been deleted.

 

And you’re done!

APMONITOR not found or accessible

You may need to access APMONITOR for a failed job etc. Its usually as simple as searching APMONITOR in Lawson Portal. Often times its not setup in Lawson security and needs to be added.

  1. In Lawson security, go to the class you want to add APMONITOR to.
  2. Add a new rule and go under Online system code AP and search for token QAPM, grant all access.
  3. Clear server cache and log back into Lawson, search APMONITOR and your user should now be able to access it.

NOTE: As of March 2016, patch (CTP104021, JT-751224) has changed the token for APMONITOR to AP94.

How to Improve Operational Efficiency During the COVID-19 Pandemic

Many organizations have experienced various difficulties due to the COVID-19 pandemic.  Whether they are short-staffed due to furloughs or staff in mandatory quarantine, or searching for ways to be more productive while employees are working at home, this may be an opportunity to address some operational inefficiencies within the organization.  Here are some things to consider:

  • Manual processes: All software applications promise automation but few organizations ever achieve the goal.  Infor Process Automation (IPA) offers a workflow-based solution to automate nearly any process in Lawson.  You can use your own business logic to build a process that can do everything from onboarding automation to payroll automation.  This can be a great time and cost saver.
  • Process improvement: In addition to eliminating manual processes, there are also ways to use Lawson more effectively to improve efficiency. Your functional users and support staff cannot be expected to understand every aspect of the software and how to optimize processes within the application.  Hiring a managed services partner that knows and understands the application will be an investment in your future.  Once you can optimize your processes, you will free up time for employees to be more productive.  The initial time and cost will be minimal compared to the eventual benefit.
  • Empowering employees: Many employees have gone from doing 100% of their work in an office setting, to doing 100% of their work at home.  There are many solutions for allowing employees to connect to your network and do their work.  Since Lawson is web-based, it is a prime candidate for providing access externally over the internet.  To maintain a secure application, it would be best to configure Lawson to authenticate using with a secure method such as AD FS, and to implement multi-factor authentication.
  • Managed Services: A good Managed Service firm can help you administer Lawson and other Infor products, and even provide functional assistance, at the fraction of the cost of an FTE.  If you find that your organization is short-staffed during this period, it might be the perfect time to try a Managed Services model.

Lawson Managed Service

For more information about how Nogalis could help your organization save money (including process improvement and managed services), contact us any time.

Lawson APINVOICE database table contains usernames instead of NTIDs

You’re being audited or want to review previous invoices and you notice that usernames were being stored in the APINVOICE database table. Usernames of employees that no longer work for your organization or may have had a name change, thus not matching up their NTIDs found in your listusermap. This makes it near impossible to hold previous and existing employees accountable for older invoices.

To resolve this issue, follow these steps:

  1. Download and apply patch CTP-121954 from Infor Concierge cloud portal.
  2. A new token AP900 is added to Lawson Security. Add this token access to an existing class/role.
  3. Login to Lawson Portal, go to AP900, add a new job for each company your organization has.
  4. Backup the APINVOICE table.
  5. Submit the AP900 Job, this job can take anywhere from minutes to hours to complete.
  6. Verify all usernames have been converted to NTIDs.