Posts

Lawson appears to be down or not working properly, what do I do?

Here are 5 things you can check for when seeing what is wrong with Lawson:

  1. Contact the different departments within the organization to confirm this is a wide spread issue. Coordinated with them to report back issues they are seeing.
  2. If users can’t access Lawson portal, check to see if websphere is running.
    1. If you have access to the LSF server, go into services and check if the IBM Websphere ServerApp service is running. Stopping and starting the ServerApp is typically safe as well if you’re trying to prevent users from logging in.
    2. If websphere is running, check for IOS log errors found in %LAWDIR%\system
  3. If you’re able to access Lawson portal but users report intermittent issue, check the LADB and LATM log.
    1. On the LSF server, go to %LAWDIR%\system directory and open the ladb.log and latm.log and search for “Database error (94)” or “Connection Failure” errors. Make sure the time stamps lineup.
  4. Check the Lawson job scheduler or reach out to your database team to check for any scripts running on the server.
    1. Its rarer but an update job or sql script could cause intermittent connection issues within Lawson if its hogging all the database or LSF server resources.
    2. Its also important to verify there is nothing important running if you’re thinking of rebooting the either servers.
  5. After doing the above checks and coordinating with the organization, if Lawson is still exhibiting issues and you’re seeing errors, it’s always best to reboot both the Lawson database server along with the LSF server.
    1. A simple way to do this would be to open up a command prompt or powershell in administration mode and type: shutdown -r -t 0

Troubleshooting External Web Server Issues

Configuring Lawson on an external web server is pretty straightforward…until you have issues.  The most common symptom I have run across is a 404 error when you open the web page, which typically indicates that external web server can’t find sso/sso.js.  (A quick Fiddler session will confirm that for you).  That is the first time the external web server is reaching out to the Lawson application server, so that error message indicates that you have a communication failure between the two web servers.  There can be many reasons for that communication failure, from bad plug-in files to bad certificates.  Here are just a few things to review:

  1. Make sure your modules are mapped

Navigate to WebSphere > Applications > Application Types > Websphere enterprise applications.  Select the IOS application and click “Manage Modules”.  Make sure all modules are mapped to all servers (web and application).  Do this for IOS and LawsonSecurity.  You can also check RQC and BPM for good measure.

  1. Check Virtual Hosts

Navigate to WebSphere > Applications > Application Types > Websphere enterprise applications.  Select IOS.  Under “Web Module Properties” on the right, click “Virtual Hosts”.  Make note of which virtual host IOS is using.  Then, under Environment > Virtual Hosts, click the host being used by IOS.  Make sure that your External Web Server port is in the host alias list.  NOTE: if your external web server is using the same port as your internal web server, it is best to give explicit aliases for that port.  Add an alias with the fully qualified domain for each server, and the port being used.

  1. Check your plugin-cfg.xml

Make sure the plugin-cfg.xml on your external web server looks right.  On your external web server, you should find the plugin-cfg file at <IBM Plugins Directory>/config/<Web Server Name>

It should have some basic properties.  First of all, it should contain all the virtual hosts that you just checked in step 2.  Secondly, it should contain some Uri’s specific to Lawson (not just the default WebSphere application).  Here is an example of a “bad” plugin-cfg file compared to a “good” one.

BAD – does not have all my virtual hosts

BAD – does not have any lawson-specific Uri’s

GOOD – all my virtual hosts are represented, including the host aliases I set up for duplicate ports

GOOD – there are my lawson-specific Uri’s, including that sso directory that was giving me trouble at the very beginning

The best way to resolve issues with your plug-in file is to regenerate it from your Application Server WebSphere console.  Go to WebSphere > Server Types > Web Servers.  Select your external web server and click “Generate Plug-in”.  You can’t propagate it, because it is on an external server, and it belongs to an unmanaged node.  So, make note of where the config files was saved (at the top in the Messages section).  Navigate to that location on your server and grab the file.  Copy the plugin-config.xml file and the plugin-key.kdb from that location to the plugins location noted above on your external web server.  Restart your World Wide Web Publishing service on the external web server, and test your external URL.

  1. Check the WebSphere certs

If you are having certificate issues in WebSphere, you might be seeing the 404 error in a Fiddler session, but you might also be seeing a 500 error.  Your first stop is the http_plugin.log on the external web server.  If there are certificate errors, they will be noted here.  Look for “GSK” errors.  This could mean your WebSphere certificate has expired, or there isn’t a trust between the application certificate and the external web certificate.

In WebSphere, navigate to Security > SSL certificate and key management > Key stores and certificates > CellDefaultKeyStore > Personal Certificates.  Make note of the serial number on that certificate.  Then go to the CMSKeyStore for your external web server.  Again, make note of the serial number.  If they are not matching, you’ll need to replace your external key store cert with the internal one.

To do that, first import the CellDefaultKeyStore into the web server CMSKeyStore.  In the CMSKeyStore > Personal Certificates for your external web server, click the “import” button.

In the dropdown, select the CellDefaultKeyStore, and click “Get key store aliases”.  This should populate the “certificate alias to import” down below.  Select the correct certificate to import (most likely “default”).

Give the certificate a new alias.  Click “Apply” and save changes.

Now, you need to replace the old certificate with the new one.  Under certificates, select the “old” cert and click “replace”.  Select your new cert in the “replace with” box.  You can choose to delete the old cert at this time, but it’s actually safer to delete it manually after you smoke test.  Restart the application server, or better yet, reboot!

How to Mass Copy Lawson Portal Favorites from one user to another

In Lawson portal, you may have a user with several dozen favorited Lawson forms and a new user coming in will inevitably have a hard time maneuvering the software.  To simplify this process, you can simply copy one users’ favorites to another if you have direct access to the Lawson LSF server folder directory.

 

First login to your LSF server.

 

Go to %LAWDIR%\persistdata\lawson\portal\data\users

 

Locate and open the username of the person you want to copy the favorite URLs from. The format will be in xml Example: username.xml

 

Now Locate the username.xml you want to copy to.

Simply copy and paste from one username.xml to the other username.xml as shown below:

Save the XML file, login to Lawson Portal as an Admin user and clear IOS cache. Notify the user to clear their browser cache as well and to relog into Lawson Portal.  They should now see all the copied Favorites!

Configuring Lawson for LDAP Signing

As you might have heard, Microsoft is hardening their security with LDAP channeling and LDAP signing in an update coming sometime in the 2nd half of 2020. Any applications that rely on LDAP connections to Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) need to be converted to LDAPS. LDAPS is a secure connection protocol used between applications like Lawson and the Network Directory or Domain Controller. In this webinar, we will provide you step-by-step instructions for preparing your Lawson and Landmark environments to work with LDAP Signing.

 

 

View the supplementary article Configuring Lawson and Landmark for LDAP Signing for a step by step guide.

PO25.2 Change Vendor Agreement pricing

Some people have found that you can change the price line per line on a PO25 Vendor Agreement.  There is a question if this can be done on a whole agreement. The answer is yes. Use PO25.2.

 

This will allow you to specify a date that the increase (M for Markup) will go into effect. So if you have an agreement that increases 3% each year, this is how you would set it up:

 

Catch Weight Items

Catch weight items are items where there is more than one dimension or unit of measure that is associated with the item.

 

Nogalis Webinar: Configuring Lawson for LDAP Signing (April 16th, 9 AM PST)

As you might have heard, Microsoft is hardening their security with LDAP channeling and LDAP signing in an update coming sometime in the 2nd half of 2020. Any applications that rely on LDAP connections to Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) need to be converted to LDAPS. LDAPS is a secure connection protocol used between applications like Lawson and the Network Directory or Domain Controller. In this webinar, we will provide you step-by-step instructions for preparing your Lawson and Landmark environments to work with LDAP Signing.

We use anymeeting for our webinars. The application sometimes asks you to install a plugin. In order to be ready on time. Please give yourself an additional 10 minutes before the webinar begins.

When: Thursday April 20, 2020

9:00 AM to 10:00 AM PST

This webinar is free to attend. Register Now

Adding a custom batch command to Lawson Environment Security

  1. If you need to run a batch command in Lawson, first we need to open up Lawson interface desktop (LID).
  2. Type the tokendef
  3. For this example we’ll select Environment Form IDs and then select SECURITY category.
  4. Place your cursor at the top of the Environment Form ID list and press F8 to insert a command
  5. Type in the command you want here, ours is customcomm
  6. In Lawson Security Administrator (LSA), go to ENV profile, open a security class you want to assign customcomm command to. Under Environment Security, you should see your new batch command, select and grant all access.
  7. And we’re done!

Upcoming Events April 2020

Working from home? Check out April’s virtual meetings in the Lawson User Community!

 

Infor Mid-Atlantic User Group Spring Virtual Meeting

Hosted by: Infor Mid-Atlantic User Group
When: Friday April 3rd, 2020 from 9:00 to 3:00 (US/Eastern)

CHANGING PLANS – COME JOIN OUR VIRTUAL MEETING!

In light of all that is currently going on with COVID-19 we are moving to host a Virtual Meeting, delivering the same content we would have provided at the live meeting. We are going to provide a link to a Webinar that will be live that you will be able to join from the saftey of your homes or offices. We hope that you will be able to join us and take advantage of the topics we have lined up.

Date: April 3rd, 2020

9:00am – 9:05am Opening Remarks – Deedre Day, MUG President

9:05am – 10:15am: Infor Update/General Session #1 – Andrew Wolling, Infor

Preparing for your Infor CloudSuite Migration – Mike LaCosse, Infor

This presentation is for Lawson v9 and v10 customers who are wondering what they can do to prepare for the upcoming migration to CloudSuite Financials, Supply Management, and Global Human Resources. Topics include a migration roadmap, preparing existing data, data management in the CloudSuite, and tips/tricks to prepare your team to optimize benefit from Infor CloudSuite. This session will also cover CSF data cleanup, GHR data cleanup, how much data to migrate, how to migrate in phases, as well as training recommendations, partner enablement, and payroll roadmap.

10:30am – 11:30am: General Session #2

Infor Reporting and Analytics Options – Rich Bendickson, Dashboard Gear

Rich Bendickson of Dashboard Gear will go over a variety of reporting and analytics options you can use with your Infor applications. Topics will include connecting to cloud and on-premise data as well as best practices when embarking on a reporting/analytics project. Some examples will be shown in a variety of tools such as Birst, Excel, SSRS, etc. and will cover HR, Finance and Supply Chain examples.

11:45am – 12:45pm: General Session #3

AWS GovCloud and Compliance

An overview of AWS and Cloud Computing, with a focus on compliance and what differentiates AWS GovCloud.

1:00pm – 2:00pm General Session #4

Security Considerations for your Infor Lawson CloudSuite – Vinod Mathur, Appiggenics

Vinod Mathur from Appigenics will discuss key security considerations for your Infor CloudSuite solution. This session will discuss the multiple domains of security applicable to CloudSuites and your responsibilities as a customer in ensuring the secure operations of your new cloud environment. We’ll talk about compliance and governance of your solution.

2:00pm Closing Remarks – Deedre Day, MUG President

View/Register Here

What do I need to know about LDAPS?

Microsoft is hardening their security with LDAP channeling and LDAP signing in an update coming soon. Any applications that rely on LDAP connections to Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) need to be converted to LDAPS. LDAPS is a secure connection protocol used between applications like Lawson and the Network Directory or Domain Controller. Below are the potential impacted Lawson applications mentioned by Infor in a recent KB Article.

Impacted Lawson applications:

  • Lawson System Foundation (LSF) environments using AD LDS instances for Authentication Data Store (RM Configuration).
  • Lawson System Foundation (LSF) environments using an LDAP Bind to Windows Active Directory for authentication.
  • Landmark Environments using an LDAP Bind to Windows Active Directory for authentication.
  • Infor Federated Services (IFS) synchronization connections to Active Directory.

Infor has recommended that on-premise clients configure the impacted applications and have provided KB Articles on how to perform these tasks.

Some important things to note:

  • This change does affect you, even if you have implemented AD FS
    • If you are using Microsoft Add-ins for LSF and Lawson Process Administrator for Landmark, you will have a Thick Client installed that used LDAP Bind.
  • If your networking team takes the Microsoft LDAPS update and enforces LDAPS connections before these changes have been configured, your Lawson applications will fail in the following ways:
    • The LASE process on LSF will fail to start.
    • Login to services that rely on LDAP bind will be unable to login (Landmark Rich Client, MSCM Handheld Devices, IPA Flows to LSF).
    • IFS will be unable to sync users from Active Directory.
  • This change will NOT impact DSP applications
    • DSP application include Infor Business Intelligence (IBI or LBI), Lawson Smart Office (LSO), Mobile Supply Chain Management (MSCM), etc.
    • These applications use Infor Lawson for authentication. They are not bound to LDAP, nor do they have their own instance of AD LDS.
  • You can update your configuration at any time
    • The changes recommended by Infor can be completed before LDAPS connections are enforced, and there will be no negative impact to your system.