Issue: I possess Design Studio forms from the previous version of Lawson System Foundation (LSF) and Infor Lawson for Ming.le. How can I ensure their compatibility with my current LSF and Infor Lawson for Ming.le environment?

Solution: A Migrate Tool has been provided, starting from specific LSF versions and patches onwards:

– LSF 10.0.4, JT-651295, PORTAL.DIR/utility/upgradeCustomContent.htm version 10.0.4.0.747 minimum

– LSF 10.0.5, JT-651295, PORTAL.DIR/utility/upgradeCustomContent.htm version 10.0.5.0.746 minimum

– LSF 10.0.6, JT-651295, PORTAL.DIR/utility/upgradeCustomContent.htm version 10.0.6.0.745 minimum

– Included in the base release for LSF 10.0.7 and newer versions

Steps to follow in LSF 10.0.4, 10.0.5, and 10.0.6 with the specified patches, as well as in the delivered release of LSF 10.0.7 and above:

To review the existing Design Studio forms:

1. Log in to Infor Lawson for Ming.le with a Portal Administrator account.
2. Navigate to Custom Content Tools.
3. Select Migrate Custom Content.
4. Choose Analyze | Custom Forms.

To update the existing Design Studio forms:

1. Log in to Infor Lawson for Ming.le with a Portal Administrator account.
2. Navigate to Custom Content Tools.
3. Select Migrate Custom Content.
4. Choose Migrate | Custom Forms.

Please note:

This process won’t alter the “XMLGenBy=”xscrgen 10.0.7.0.1240 2016-03-09 08:32:37″” listed in the XML of the Design Studio form. Instead, it will append this tag to the first line: dateupgrade=”1443633109897″. To ascertain the date of the upgrade, visit https://currentmillis.com/ and input the associated value.

To review the current Design Studio forms with custom JavaScript:

1. Log in to Infor Lawson for Ming.le with a Portal Administrator account.
2. Navigate to Custom Content Tools.
3. Select Migrate Custom Content.
4. Choose Analyze | Custom Script.

Please note:

There isn’t a migration process for Custom Script. This requires manual handling based on the information from the Analyze step.

Jobs is in needs recovery with error

tsStoreDBRec error is Record was modified or deleted since your retrieval (131). Additional information is 100. Additional Text is: ModifySqlRec

There are 3 bad invoices in APINVOICE and APPAYMENT with no distribution records in APDISTRIB.

The 3 bad records are as follows

Resolution:

In SQL Manger, query the APINVOICE and APPAYMENT files for any invoices with bad name format as below:

Verify these records do not have any distributions records in APDISTRIB. If not, Delete these bad invoices.

APPAYMENT

APINVOICE

Run commit to commit the changes

Go into lawson and recover the job

Keywords:

Sometime you may have a need to update your LDAP bind connection, such as when the domain controller you are bound to is decommissioned.

To update the LDAP bind connection,

First figure out which service is using ldap bind.  To do that, go to http(s)://<server>:<port>/ssoconfig/SSOCfgInfoServlet.  Make a note of the service name displayed on the page.

Next, log into ssoconfig and export that service:

Now, open the file you just exported.  Update the OVERRIDE attribute to “true”.  Update the “PROVIDER” element to the new server and port.

Next, upload your updated file into ssoconfig.  The syntax is ssoconfig -l <password> <full file path>

For example:

Ssoconfig data is stored in the security cache, so you will need to recycle your system for this change to take effect.

NOTE: If you need to change the credentials for the domain controller, this will be an extra process.  You will need to update the service associated with your LDAP bind.  This is most likely your SSOP_BIND service.  You can look under privileged identities in Lawson Security, check for a “DEFAULT” key associated with your ldap bind user.  That is your LDAP bind service.

To update the credentials for this service, log into ssoconfig and select Manage privileged access to services > Change existing identity.  Enter the service that you noted above.  Enter the correct user DN.  Enter the password.

Recycle Lawson.

Problem:           

If your controller is failing and you need to move the LSF LDAP to another controller

Resolution:

Edit the ldapbind information in the SSOP service and reload it.

1. Create a dump of the SSOP service:

• ssoconfig -c
• Option 5 Manage Lawson services
• Option 6 Export service and identity info
• Option 2 for not all services
• Enter SSOP in upper case
• Enter NONE in upper case
• Give a filename (it will write out the file to the directory you are in when you run the ssoconfig -c command.) Example: ssop_prod.xml
• Exit the ssoconfig menu.

2. Make a copy of the .xml file that you just created. This is your backup of the SSOP service in its original state.
3. Then edit the first .xml file and change the following lines:

<BATCH_LOAD FORMAT=”” OVERRIDE=”false”>

to

<BATCH_LOAD FORMAT=”” OVERRIDE=”true”>

and this line to the new machine name and port:

<PROVIDER>ldap://dc1.lawson.com:3268</PROVIDER>

to

<PROVIDER>ldap://dc2.lawson.com:3268</PROVIDER>

4. Save the file.
5. Do one of the following to load the modified SSOP service file:

ssoconfig -l ssoconfig_password filename.xml

Exit.

6. A stop and start of the Lawson environment and WebSphere application server is required in order for this to take affect.

Installing LDAP certificate in AD LDS instance

1. Identify the AD LDS service instance in Services
   • LSF
2. Launch MMC (Microsoft Management Console)
3. Choose File > Add/Remove Snap-In
4. Add the certificates Snap-In
5. Choose “Service” account and click “Next”
6. Choose “Local Computer” and click “Next”
7. Choose the Service Account for your AD LDS service and click “Finish”
   

   

8. Right-click on the service that was added and select “All Tasks > Import”
9. Click next and browse to the .pfx certificate file. Click “Next”
10. Enter the private key password
11. Place the certificate in the <AD LDS service>\Personal store
12. Click Next then Finish

Export the certificate for Java OS & Java WebSphere

13. Right click the certificate > All Tasks > Export and click Next
14. Do not export the private key
15. Choose Base-64 encoded X.509 (.cer) and click Next
16. Choose a location to save the file for later use
17. Click finish

Grant Permissions to Certificate Container

1. Run command “certutil -store MY’
2. Find the container with your AD LDS certificate using the thumbprint to identify it
3. Give NETWORK SERVICE read & execute permissions on the key container file AND the key container directory (C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys)
4. Stop the AD LDS environment service
5. Restart the AD LDS service

Smoke Test

6. Open the ldp.exe tool
7. Type the server FQDN > SSL port and check the SSL box
8. Click “OK”
9. Successful connection to LDAPS
   

Update the LDAP Certificate in WebSphere

Cell Trust Store

1. Access the WAS Admin Console and navigate to: Security > SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates
2. Click the Retrieve from port button.
3. Host: <your AD LDS host>
4. Port: 636
5. Alias: give it a meaningful name
6. Click Retrieve signer information.
7. Click OK & save changes.

Node Trust Store

1. Access the WAS Admin Console and navigate to: Security > SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore (for the LSF server) > Signer certificates
2. Click the Retrieve from port button.
3. Host: <your AD LDS host>
4. Port: 636
5. Alias: give it a meaningful name
6. Click Retrieve signer information.
7. Click OK & save changes.

Perform these same steps in the Landmark websphere instance.

Update LDAP Certificate in OS Java

Do this in both Lawson and Landmark

1. Open a command line and set environment variables
2. Run command “where java” to determine where LAW_JAVA_HOME is located
3. Back up <LAW_JAVA_HOME>/jre/lib/security/cacerts
4. Copy the cert that you exported from the LSF service from the Lawson server to the Landmark server
   • This is the cert you will be importing into cacerts
5. Run the ikeyman utility at WAS_HOME/bin
6. Open the LAW_JAVA_HOME/jre/lib/cacerts file and select the Key database type of JKS
   
7. Type password “changeit” (default)
   
8. Select “Signer Certificates”
9. Delete the existing certificate, then re-add it
   
10. Click “add” and navigate to the ldap certificate exported earlier
11. Give it a meaningful name
    

Update LDAP Certificate in WebSphere Java

1. WebSphere Java directory is WAS_HOME/Java
2. Back up files WAS_HOME/java/jre\security/cacerts
3. Peform the same steps as OS Java using iKeyman for both Java instances