Posts

Disabling TLSv1 in ADFS

We recently had a requirement to disable TSLv1 in our ADFS instance.  Some portions of Lawson, as well as LBI, still depend on TLSv1 security.  So, the best way to accommodate this requirement, while also making sure the applications stay fully compatible, is to set the QoP (Quality of Protection) protocol to SSL_TLSv2 in WebSphere on all nodes for all products.

To do this, for each WAS instance, log into the console and navigate to SSL certificate and key management > SSL configurations > (cell or node – do them all) > Quality of protection.  Set the protocol to SSL_TLSv2.  Once you have saved these changes for all cells and nodes, restart the server.

IPA: Landmark is still referencing old java location after update

After a Java update in Landmark, there are typical steps to follow to reset the java location.  Firstly, change the JAVA_HOME and LAW_JAVA_HOME environment variables.  Verify that the new path is also stored in the Path environment variable.

 

Next, run the change-jdk.jar command in the grid home/tools folder.

Finally, validate the LAW_JAVA_HOME setting in the config.bat file.

After those steps are completed, reboot the server and make sure the application starts.  If it doesn’t, it’s time to get into the nitty gritty.

Open up the Grid Manager.  Click on Configuration > Grid Configuration.

Select Grid Properties.

Under Node Properties, select Java Executable.

It is most likely pointing to the old location for Java.  Fix that, then reboot and you should be good to go.

LASE Fails to Start After Java Update

There is a known issue after some Java updates where lase won’t start, and attempting to run the bcinstall.jar throws the exception “JCE cannot authenticate the provider BC” in the lase_server logs.  When the LASE fails to start after a Java update, this issue can only be resolved by installing a compatible Lawson CU.

When this happens, you will either need to revert to the previous version of Java, or update LSFCT to the minimally compatible CU (or later).

For Lawson version 10.0.9, the minimum CU is 4.

For Lawson version 10.0.10, the minimum CU is 5.

For Lawson version 10.0.11, the minimum CU is 6.

 

IPA Variable Assignments Lost After Wait Node

There exists a scenario in IPA where variable values are lost after a wait node, if the variable is set using javascript as opposed to the straight assignment feature.  This article will describe the workaround for this scenario.

In this sample, the first assign node uses javascript to set the variable apples.  The 2nd assign node (after the wait node) sets the debug string variable to the value of the apples variable.

This excerpt from the work unit log shows that the variable debug is set to a blank value.  This is because the value of the variable apples is lost after the wait.

To ensure that the variable value is not lost after a wait node, simply set the value of the variable to itself using the traditional variable assignment.  This can be done any time after the javascript setting, and before the wait node.

As you can see, the debug variable is now successfully set to the value of the apples variable.

Listing IPA Scheduled Processes

If you are like me, you find it frustrating that you can only see the scheduled IPA processes that you created.  As an administrator, this can make tracking down process triggers quite difficult.  It is also difficult to determine which process is triggered by which schedule in the front-end Rich Client.  I have created a query that can show all schedules, and which process is triggered by the schedule.  Feel  free to take this and make it useful to you!

 

ORACLE

SELECT NAME, SUBSTR(AAR.ACTIONPARAMETERS, INSTR(AAR.ACTIONPARAMETERS, ‘<field name=”FlowName” id=”FlowName”><![CDATA[‘)+46,

INSTR(AAR.ACTIONPARAMETERS, ‘]]>’, INSTR(AAR.ACTIONPARAMETERS, ‘<field name=”FlowName” id=”FlowName”><![CDATA[‘)) –

            (INSTR(AAR.ACTIONPARAMETERS, ‘<field name=”FlowName” id=”FlowName”><![CDATA[‘)+46)) FLOW,

SCHEDULEWEEKDAY,SCHEDULEHOUR,SCHEDULEMINUTE,TIMETOEXEC

from LMK_LAWSON.ASYNCACTIONREQUEST ASYNCACTIONREQUEST INNER JOIN

LMK_LAWSON.S$AAR AAR ON AAR.ASYNCACTIONREQUEST = ASYNCACTIONREQUEST.ASYNCACTIONREQUEST

WHERE “GROUP” = ‘pfi’

ORDER BY NAME

SQL SERVER

SELECT NAME, RIGHT(LEFT(AAR.ACTIONPARAMETERS, CHARINDEX(‘]]>’, AAR.ACTIONPARAMETERS, CHARINDEX(‘<field name=”FlowName” id=”FlowName”><![CDATA[‘, AAR.ACTIONPARAMETERS)+46)-1),

CHARINDEX(‘]]>’, AAR.ACTIONPARAMETERS, CHARINDEX(‘<field name=”FlowName” id=”FlowName”><![CDATA[‘, AAR.ACTIONPARAMETERS)+46) –

(CHARINDEX(‘<field name=”FlowName” id=”FlowName”><![CDATA[‘, AAR.ACTIONPARAMETERS)+49)),

SCHEDULEWEEKDAY,SCHEDULEHOUR,SCHEDULEMINUTE,TIMETOEXEC

from LMKPRODGEN.ASYNCACTIONREQUEST ASYNCACTIONREQUEST INNER JOIN

LMKPRODGEN.S$AAR AAR ON AAR.ASYNCACTIONREQUEST = ASYNCACTIONREQUEST.ASYNCACTIONREQUEST

WHERE “GROUP” = ‘pfi’

ORDER BY NAME

 

Nogalis would love to assist with all your IPA needs!  We have some great resources on hand who can provide managed services of your system, training, and project work.  Check out our managed services program today!

Creating custom IPA triggers using 4GL

With Infor Process Automation, there are several ways to trigger a Process.  This article will discuss how to trigger a custom process using 4GL.

First, create your Process.  Test it and upload it to the Process Server.

Next, in IPA Rich Client (or the LPA Admin tool), you must create a Service Definition (Process Server Administrator > Administration > Scheduling > By Service Definition) and attach a Process to it.  There, you will configure any variables that should be passed to the process.

Now, let’s create the trigger in the 4GL program.  This will be either a custom program your organization has created, or an existing Lawson form.

The first step is to initialize the WF SERVICE.

INITIALIZE WFAPI-INPUT

INITIALIZE WFAPI-OUTPUT

 

MOVE <serviceNameString> TO WFAPI-I-SERVICE

 

PERFORM 1000-WF-SERVICE

***Verify that the return code != 0 (anything other than 0 indicates error)

IF (WFAPI-O-RETURN-CODE NOT = ZEROS)

GO TO 600-END

Next, create the Work Unit

MOVE WFAPI-O-SERVICE TO WFAPI-I-SERVICE

MOVE <workTitleString> to WFAPI-I-WORK-TITLE

INITIALIZE WFAPI-OUTPUT

PERFORM 1000-WF-CREATE-SETUP

 

Now, populate your variables.  You can have an unlimited number of variables per Service Definition, but you must populate them in groups of 10 (i.e. perform the 1000-WF-ADD-VAR-SETUP for each group of 10)

INITIALIZE WFAPI-INPUT

 

MOVE WFAPI-O-WORKUNIT TO WFAPI-I-WORKUNIT

MOVE “company” TO WFAPI-I-VARIABLE-NAME (1)

MOVE HR11F1-EMP-COMPANY TO WFAPI-I-VARIABLE-VAL  (1)

MOVE “I” TO WFAPI-I-VARIABLE-TYPE (1)

 

MOVE “employee” TO WFAPI-I-VARIABLE-NAME (2)

MOVE HR11F1-EMP-EMPLOYEE TO WFAPI-I-VARIABLE-VAL  (2)

MOVE “I” TO WFAPI-I-VARIABLE-TYPE (2)

 

INITIALIZE WFAPI-OUTPUT

PERFORM 1000-WF-ADD-VAR-SETUP

 

Finally, release the Work Unit

INITIALIZE WFAPI-INPUT

MOVE WFAPI-O-WORKUNIT TO WFAPI-I-WORKUNIT

INITIALIZE WFAPI-OUTPUT

PERFORM 1000-WF-RELEASE-SETUP

 

Nogalis would love to assist with all your IPA needs!  We have some great resources on hand who can provide managed services of your system, training, and project work.  Check out our managed services program today!

What to do if Landmark is crashing with core dumps

Here are a few mitigation procedures to use when Landmark applications are crashing or performing very slowly and throwing core dumps on the server.

 

First, check the environment.properties file.  Validate that file is pointing to the correct version/location of Java.  Sometimes, Java is updated on the server, and the environment.properties file is not changed accordingly.  It’s not a guaranteed issue, but should be validated and resolved if found.

 

Secondly, make sure there is adequate heap space provided to the jvm.  Here are some examples for heavy processing:

 

com.lawson.was.nodeagent.jvm-init-mem=1024

com.lawson.was.nodeagent.jvm-max-mem=3072

com.lawson.was.dmgr.jvm-max-mem=4096

com.lawson.was.dmgr.jvm-init-mem=2048

com.lawson.was.<app Server>.jvm-init-mem=3072

com.lawson.was.<app server>.jvm-max-mem=12228

 

àThese values will be deployed every time a CU is applied, so you don’t have to keep updating them

 

Be sure to recycle the Landmark application server once these changes are made.

 

Note that clustering Landmark WebSphere would not do any good.  Landmark applications behave very differently from Lawson applications, and it would only waste resources to vertically scale.

 

LBI Error in validating session

After a system outage, or maintenance, or reboot of LBI, you may encounter this “Error in validating session” error message when trying to navigate around LBI.  If you receive this message, the first step is to check the WebSphere systemout.log.  If you are seeing messages such as “Failed to obtain DB connection from data source” and “Could not retrieve datasource via JNDI url”, this could simply mean that the IBM services didn’t come up in the proper order.  The solution is to bring all the services down (order doesn’t matter), then bring them back up in the proper order, ensuring that each one is completely up before you move onto the next one.  That proper order is: Cell Manager, Node Manager, then Application Server.

[9/7/22 13:18:35:153 PDT] 0000009b ErrorLogger   E org.quartz.core.ErrorLogger schedulerError An error occured while marking executed job complete. job= ‘LBIAdmin.133’

org.quartz.JobPersistenceException: Failed to obtain DB connection from data source ‘ejs’: java.sql.SQLException: Could not retrieve datasource via JNDI url ‘java:comp/env/jdbc/LawsonRS’ javax.naming.ConfigurationException: A JNDI operation on a “java:” name cannot be completed because the server runtime is not able to associate the operation’s thread with any J2EE application component.  This condition can occur when the JNDI client using the “java:” name is not executed on the thread of a server application request.  Make sure that a J2EE application does not execute JNDI operations on “java:” names within static code blocks or in threads created by that J2EE application.  Such code does not necessarily run on the thread of a server application request and therefore is not supported by JNDI operations on “java:” names. [See nested exception: java.sql.SQLException: Could not retrieve datasource via JNDI url ‘java:comp/env/jdbc/LawsonRS’ javax.naming.ConfigurationException: A JNDI operation on a “java:” name cannot be completed because the server runtime is not able to associate the operation’s thread with any J2EE application component.  This condition can occur when the JNDI client using the “java:” name is not executed on the thread of a server application request.  Make sure that a J2EE application does not execute JNDI operations on “java:” names within static code blocks or in threads created by that J2EE application.  Such code does not necessarily run on the thread of a server application request and therefore is not supported by JNDI operations on “java:” names.]

at org.quartz.impl.jdbcjobstore.JobStoreSupport.getConnection(JobStoreSupport.java:575)

at org.quartz.impl.jdbcjobstore.JobStoreTX.triggeredJobComplete(JobStoreTX.java:1320)

at org.quartz.core.QuartzScheduler.notifyJobStoreJobComplete(QuartzScheduler.java:1490)

at org.quartz.core.JobRunShell.completeTriggerRetryLoop(JobRunShell.java:392)

at org.quartz.core.JobRunShell.run(JobRunShell.java:276)

at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)

* Nested Exception (Underlying Cause) —————

java.sql.SQLException: Could not retrieve datasource via JNDI url ‘java:comp/env/jdbc/LawsonRS’ javax.naming.ConfigurationException: A JNDI operation on a “java:” name cannot be completed because the server runtime is not able to associate the operation’s thread with any J2EE application component.  This condition can occur when the JNDI client using the “java:” name is not executed on the thread of a server application request.  Make sure that a J2EE application does not execute JNDI operations on “java:” names within static code blocks or in threads created by that J2EE application.  Such code does not necessarily run on the thread of a server application request and therefore is not supported by JNDI operations on “java:” names.

at org.quartz.utils.JNDIConnectionProvider.getConnection(JNDIConnectionProvider.java:166)

at org.quartz.utils.DBConnectionManager.getConnection(DBConnectionManager.java:111)

at org.quartz.impl.jdbcjobstore.JobStoreSupport.getConnection(JobStoreSupport.java:553)

at org.quartz.impl.jdbcjobstore.JobStoreTX.triggeredJobComplete(JobStoreTX.java:1320)

at org.quartz.core.QuartzScheduler.notifyJobStoreJobComplete(QuartzScheduler.java:1490)

at org.quartz.core.JobRunShell.completeTriggerRetryLoop(JobRunShell.java:392)

at org.quartz.core.JobRunShell.run(JobRunShell.java:276)

at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)

 

Update Infor OS Certificate

Updating the Infor OS certificate is an important housekeeping task and it is as simple as adding your new certificate to the binding on the InforOS websites.  There are two website where this can be performed. The two websites in question are InforPlatformBackend and InforPlatformUI. Follow these quick steps below to easily update your Infor OS Certificate.

First, you will need to navigate to these two sites in IIS. Once there, next you will need to edit the bindings and select your new certificate. After you select your new certificate simply perform an iisreset, and you are all done!

 

Hope this article was helpful!

Benefits of Infor’s Multi-Tenant Cloud

With Microsoft’s end-of-life for Windows 2012, and Lawson’s end-of-life coming up in 2026, many organizations are considering a move to a cloud solution.  And Infor’s Multi-Tenant cloud is a true contender.  Here are just a few of the benefits of choosing to move into the Infor Cloud.

Flexibility

Once per year, customers have the ability to request a swap in Infor products.  Swappable Infor products include any multi-tenant products that the customer has subscribed to for at least one year.  Talk about flexible!

If you are already in the cloud, and looking for a technology swap, contact your Infor Account Executive today!  Your AE’s contact information can be found in the Contact widget on your Concierge home page.

Transparency

Pricing for storage, additional non-production environments, and programmatic access can always be found on Infor’s web page.  Non-production environments can be used temporarily as-needed (a minimum of 6 months) to save on costs.  Storage can be requested subject to a minimum amount and time.  Programmatic access, or the interaction between Infor products and third-party programs, will use the Infor OS service and is priced separately.  Again, this pricing is always available on the Infor Docs website.

Support

Severity 1 issues are covered by customer support 24x7x365.  Response times are within 30 minutes from Infor’s receipt of the logged request, and they are working to decrease that SLA all the time.  They are currently working toward a goal of increasing support for Severity 2 issues to 24×7.  And they are improving their response templates to make sure customers are receiving the most accurate and detailed information possible on each ticket.

Availability

Infor offers credits if the Multi-Tenant cloud availability dips below a specified threshold.  This credit would be calculated by the month.

Infor refers to these ideals as the customer’s “Bill of Rights”.  And as great as they are, Infor is constantly working toward improving on these “rights”.  Stay tuned!  More good news is coming!