5 Patching Tips in Lawson v10

These 5 tips could make applying patches that much less stressful and are also good practice in general.


Tip 1: Check existing patch logs to see if a patch has already been applied previously and current versioning. This is good to check after a patch has been applied as well.

These logs can be found and generated here in LID:

perl %GENDIR%\bin\patches_installed_report <productline>

perl %GENDIR%\bin\source_versions_report <productline>


Tip 2: Restart the LSF server (or services) to ensure no processes are being held up and when it boots up, turn off Websphere LSF Appserver service before applying a patch to ensure users cannot log on, especially if patch needs to be applied during or close to work hours.


Tip 3: Run dbdef command to make sure there is a connection to the database before patching


Tip 4: When activating or staging multiple patches, run this command to speed up the post compile process:

qcontrol -jlocal,4  – This will set the servers cores to 4 when processing form compiles. Set it back to 2 when done. You can also check the status of the compiled jobs with command: qstatus | head -5


Tip 5: If a Plus dictionary is created after patching, its typically good practice to compile the entire product line with the command: cobcmp (be aware this can take up to 20-30 minutes to complete, tip 4 helps with this). This ensures that all programs are functioning correctly before passed to testers.


Bonus Tip: Verify security is on before sent to the testers!  Hope these were helpful.

How to resolve the problem: LSF submitted processes aren’t triggering on IPA Server

Example: Submitted requisitions aren’t triggering on IPA server via reqapproval process and are not showing in Rich Client.


  1. Go to LSF application server, start LID and type: pfserv ping all

    Make sure Event Manager is running.
  2. When Event Manager is NOT running:
    Let’s restart it but make sure we can see the java process with –classpath in their command line close.

Now in LID on LSF server, run these stop commands IN THIS ORDER:

Verify the java.exe –classpath processes closed, else manually end them.


Now start them up IN THIS ORDER:

Now run a pfserv ping all to see if Event Manager is running.


Go to Rich Client and check Live Workunits to verify that hung processes are being picked up:


And you’re done!  Monitor and make sure users aren’t having any issues.


How to set ESS access from an external domain and for custom forms

Step 1: Login to Infor Security Services (ISS)

Step 2: Goto SSO >> Manage Domains and click edit button as shown:

We are simply verifying the names of the displayed XML files:

Step 3: On the LSF server, go to the %LAWDIR%\security\domainauth\EXTERNAL directory to edit that XML


Step 4: Add an entry to an existing tree or create a new one:



That’s all that’s to it.

Configure LBI for ADFS

When you configure LSF for ADFS, you will need to make some changes to your LBI configuration so that users will be able to access LBI with the userPrincipalName (

The first thing you need to do is ensure that you have a user in Lawson security where RMID = SSOP = UPN (userPrincipalName).  The RM User that is used to search LSF for LBI users must have an account where RMID and SSOP match.  It is recommended that you have a new AD user created for this purpose (such as lbirmadmin).

Add the new user to Lawson, ensuring that their ID and SSOP values both use UPN.  (  Also make sure the new user is in the appropriate LBI groups for LBI access.

The next change will take place in the sysconfig.xml file located in <LBI install directory>/FrameworkServices/conf.  The ssoRMUserid should be the UPN of your LBI user mentioned above.  After you make these changes, restart the application server, clear the IOS cache in Lawson, and try logging into LBI.

Installing DSP for Authentication Against LSF

You may find the need to install or update DSP for your SSO applications, such as LBI or MSCM.  DSP allows these external web application to authenticate against Lawson for Single Sign-On.

Information you will need:

  • The password for ssoconfig
  • The passkey used to install your current DSP version (if applicable)
  • FQDN’s for your LSF server and the server that hosts the application for which you are installing DSP
  • Credentials for an admin account (usually lawson)


First, download the latest DSP jar file from InforXtreme.

It is best practice to back up your ldap instance before you begin the install.

On the server of the SSO application, open a command prompt as administrator.  Navigate to the directory where you saved the DSP install file.

Type command java -jar <DSP file>.jar.  This will open the install wizard.

Enter a new configuration passkey.  NOTE that if you are updating an installed DSP, you will need to know what passkey was used to install it.


Give your DSP instance a meaningful name


Set the location where you want the install files saved, and set the java location.


Mingle DSP install is a different process not addressed in this article.


Provide the FQDN of your LSF server.  The standard and secure ports can be found in your LSF install log.  Enter the password that you use to run ssoconfig.


Enter account information with administrative privileges in Lawson


Enter the appropriate values for the server that hosts your SSO application


Click Install


Update the JVM custom properties with the new install information (if necessary)


Install or update your security application in WebSphere.  The install file lawsec.ear can be found in <DSP install directory/jar/secondary


Run a smoke test against the new DSP install at http://<application base url>:<port>/sso/SSOConfig

IPA – LSF Server Configuration Recommendations from Infor

Infor Process Automation should be configured correctly to ensure proper functioning of other Lawson System Applications. Here are the official best practice IPA-LSF Server Configuration recommendations directly from Infor. (KB 1946828)

Recommended Configurations

  1. JT-973173

    This JT resolves a memory leak issue in the Event Manager Java Process. Not having this JT means the Event Manager Java Process will slowly grow in size and if left unchecked, can consume all RAM and even crash the LSF Server.

  2. Remove lpsMaxHeap=XXXXX and lpsMinHeap=XXXXX from LAWDIR/system/

    These settings are only required when using JNI.

  3. Set useLPSBridgeSocket=true in LAWDIR/system/

    NOTE: The use of the LPS Bridge Socket connection means LSF batch/online programs will no longer initialize a JVM, it will simply make a socket connection to the Event Manager process to make the request.

  4. Set Windows pagefile on LSF server to 32 GB


Additional Recommendations for Infor Cloud Clients

  • Verify and ensure that
  • NOTE: If this setting is not pointed at the internal domain, a grid session memory leak can occur in Event Manager on the LSF server
  • NOTE: Changes to this file should be made by executing pfserv config lps and they require a restart of LSF Process Flow and LSF Web Application Servers.

Additional Recommendations for LSF on LINUX

  • Ensure LSF JT-875069 is applied to the LSF system
  • Add “useLPSLocalServices=true” to LAWDIR/system/
  • Follow KB 1936921 which has two process definitions files used for synchronizing services from IPA/Landmark to LSF
  • In the GEN data area of the Landmark Rich Client, navigate to ConfigurationParameter BusinessClass and add: Component=ipa, Name=useRMIWebServlet, Value=true
  • Configure LSF to look at IPA Services in the LOGAN database instead of connecting to IPA. This requires LSF JT-875069 which allows you to add “useLPSLocalServices=true” in This also requires the use of a ServiceSyncFlow to move the services from IPA to LSF. To implement this procedure, please follow instructions on KB 1936921.

Setting Up LSF Java User Permissions for IPA

When working with Infor Process Automation (IPA), code or programs can be executed remotely on the Lawson System Foundation Server through these four nodes:

  1. System Command Node
  2. File Access Node
  3. Resource Query Node
  4. Resource Update Node

These nodes work by making a connection (via RMI call) to a java.exe process running on the Lawson System Foundation Server. Therefore, it is vital that the process owner has the proper access to run these commands.

Follow the instructions below to configure your LSF system so these processes will be owned by a user that has the necessary access:

  1. Create two files (pfrmi.cfg and pfem.cfg) in %LAWDIR%/system directory. The next time the process flow is restarted, the java.exe process will refer to these files to specify which user will start the java.
  2. Both files should be identical and have just two lines each:
    line 1: LAWSONUID DOMAIN\accountname
    line 2: 

LAWSONUID DOMAIN should be replaced with your own domain and accountname should be replaced with your own account name. This is the user you are designating to run the java command. This user needs to have the proper access to run those commands. This domain/accountname combo needs to be a valid user defined in the LSF Environment Service Identity.

The second line needs to be a blank line. (Only if LSF system is running on Windows. No blank second line needed for UNIX)

line 1/line 2 are there to show you the line numbers. The actual words “line 1” and “line 2” should not be in the files.

Adding or Replacing Existing SSL CERTS Lawson (WINDOWS)

This is a PFX cert.

Start – This is being done on a Lawson LSF server.

  1. Drag the folder with the Cert onto the server you want to apply it to.
    1. Once you do that, make sure you check whether or not the server is running IIS. Typically by searching for IIS Manager or checking services.
  2. Double click the cert file that you dragged onto the server.
  3. Select Local machine:
  4. Specify the file you want to import (should default on the cert you just clicked to run) >> Next
  5. Enter the password for the cert and click next.
  6. Open command prompt as admin and type: start certlm.msc
  7. Under Personal >> Certificates, you should see the new cert you imported: The old one is below the one highlighted in red.
  8. Now go to IIS Manager, Sites >> select WebsiteName and then on right pane select bindings as shown below
  9. Select https binding and edit
  10. Select new cert and click ok
  11. Back in command prompt type: iisreset /restart
  12. Test and you’re done

When applying to Landmark server, we need to run the following commands below (Important to stop and start exactly as shown):

For Mingle in ISS Manager, we need to select the Sharepoint secure site and select bindings.

User sqlplus with Lawson (Tips and Tricks)

Most of customers have by now switched over to a Windows / SQL server environment, but we still have several customers who have stayed on Oracle for their Database needs. This mostly stems from having the Oracle skill set in-house as there is really no other advantage to staying on Oracle once you have moved over to Windows.

Often when there are troubles with connecting to the application, it is relevant to test the connection the database from the server itself. Of course there are several ways to do this, but test fastest way is to do so directly from the command prompt in LID as it doesn’t require any additional setup or software. But it is easy to forget how this is done so we decided to write this quick article to document this very simple syntax.
The utility we’re going to use is called sqlplus and it should already installed on your LSF application server. Simply login to the server using LID and on the command prompt type in the following command:
sqlplus <username>/<password>@dbserverName
If you have the correct username and password, and the server is responding, you will get a SQL> prompt on which you can run any query you want. Here’s an example:
However if you type in the incorrect username:
And finally, if you have the incorrect server name or the server is not responding, the prompt will be suspended for several seconds and you will see the following message:
A few small notes about using sqlplus:
  • Be sure to use a semicolon to end your statements. Otherwise the application doesn’t know when to run your query.
  • Make sure the environment variable %ORACLE_HOME% is set correctly. ($ORACLE_HOME on Unix):
  • To exit sqlplus user the “quit” command
  • The SQL buffer contains the last statement you ran, and you can run the previous query again by simply typing “RUN”  and hitting enter.
  • User the LIST command to see a list of your most recently executed SQL commands.
  • “HELP INDEX” shows a list of possible commands
  • To launch a sql script simply put the “@” symbol in front of the file name and execute it. like: @script.sql or even @/path/to/script.sql
  • You can have a multi-line sql statement.
  • The “SHOW USER” command prints the name of the Oracle user you’re logged in as
  • The “SHOW ALL” command prints all the current settings to the screen.

Certificate chaining error

During an LSF outage, we checked the latest logs and saw security_authen.log was updated. It showed a number of errors that a certificate was not trusted. We checked the trusted certificates and saw that the certificate and related certificates were all trusted. So why was the error returned?

Scroll further down the log list to ladb.log. You may see that there is a GEN failed message. Verify that the GEN database really is available by connecting to it directly with a database utility like SQL Studio. Then verify that the gen database connection info is correct in LAWDIR\gen\MICROSOFT. If you are using SERVICENAME to lookup the password, you may want to test commenting out the service name and including the id/password in the file and secure the file. Restart the server and test the portal.



Caused by: The certificate issued by CN=PKIROOT-01-CA is not trusted; internal cause is: Certificate chaining error





… 68 more

Caused by: Certificate chaining error



… 71 more


DBDataAreaFactory_1 Create of kind “GEN” failed.
java.lang.UnsatisfiedLinkError: com/lawson/rdtec
DBDataAreaFactory_1 Create of kind “GEN” com/lawson/rdtech/db/api/DBJni.jniTsDBConnect(I)Ljava/lang/Integer;