IBM Verse on Premises, enabling encrypted and signed mail. You may need to do something if you have your ID in the mailfile

For Verse on Premises in order to write and read  signed and/or encrypted mail is enough to set up an ID Vault on the Domino server and add the user’s ID to that.

I found that if you previously used iNotes for mail and have added your ID to the mailfile, then you will get an error while reading or creating a signed/encrypted mail; the error will say that your ID is not in the vault, even if actually the ID is there.

In order to fix that, you need to access your mail with iNotes, go in Preferences – > Security and click on the button Sync with Vault

Once done that, everything works


Speaking at SNoUG and Engage

My next speaking engagements are in Switzerland and Belgium.
On March 22 I will speak at SNoUG, the Swiss IBM User Group, in Zurich. I will have a session on “IBM Verse on Premise”.

On May 8-9 I will speak at Engage, the most famous and attended User Group in Europe, it is practically a Connect Europe if you look at the quantity and quality of the speakers. I will have a session with the amazing Sharon Bellamy James on “Troubleshooting IBM Connections”

Hope to see you there!


Domino Feature pack 8 breaks Verse on Premises

I installed Domino Feature Pack 8 and the new templates and Verse on Premises stopped working.  The installation of the FP replaces a lot of files in Domino and it had reset the \data\osgi\shared\eclipse\plugins directory removing the files I had copied there for the VoP installation. I copied again the files there. Also there is a new template mail9.ntf and this does not have the views needed for VoP, so I had to copy again the 5 views from the VoPdesign.nsf database in the mail9.ntf template, then run the design task to update all the mail files.


IBM Verse on Premises 1.0.0.1 Interim Fix 1 shipped

Yesterday IBM released the Interim Fix 1 for IBM VoP 1.0.0.1

The list of fixes is the following

Fix introduced in release SPR Description Additional Information
Verse On-Premises 1.0.0.1 Interim Fix 1 261564 Issues when searching for messages from someone whose address format is their name in quotation marks followed by their email address enclosed in brackets.
261382 Inbox doesn’t work with specific messages
261684 Verse impact – Meetings created in iNotes using OS time zone are off by two hours

You can download the IF1 from Fix Central at this address
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FLotus%2FIBM+Verse+On-Premises&fixids=Verse_1001IF1&function=fixId&parent=Collaboration%20Solutions

To install it you need to remove the files added in the c:\Domino\osgi\shared\eclipse\plugin directory by VoP 1.0.0.1 i.e.

then unpack the new IBM_Verse_On_Premises.zip in the same directory


IBM Connections CCM upgrade to CR2 and special characters in passwords

I was updating a Connections install to CR2 with CCM; when it came to update the FNCE server I ran the command
C:\IBM\Connections\FileNet.update\scripts>update-ce.bat -was.dm.path=c:\IBM\WebSphere\AppServer\profiles\Dmgr01 -was.admin.user=localadmin -was.admin.password=password -conn.home.location=c:\IBM\Connections -ce.fp.installer.location=C:\Downloads\ic55cr2\filenet\5.2.1.4-P8CPE-WIN-FP004.EXE
The update-ce command runs wsadmin to connect to the DM as a first thing.

I got an error, the Deployment Manager is inaccessible.

If I tried to run wsadmin manually I could connect to the Deployment Manager, so I was puzzled.
I decided to ask the community for help and I picked the excellent Ben William‘s brain.After chatting for a while it came out that the user I was using to run wsadmin had a password with a special character in it, a ! Ben suspected it could be the cause so I created another user in WAS, with a password without special characters, gave it admin roles and run again the update-ce command.
Everything worked this time 🙂

So my advice is: choose your admin passwords carefully, otherwise sometimes you can run into problems. I usually mix letters and numbers, caps and no caps, but I try to avoid special characters.


A kind request to conference organizers

In those last two years I spoke at several conferences, from IBM Connect to various user group meetings. I have a request for the conference organizers; if you give to the attendees a sheet for the sessions evaluations, please share the results of the evaluations with us speakers. This does not always happen. It would be beneficial for me as a speaker to know how good or bad I performed. If something is wrong I can work towards correcting it, is not just a matter of ego, though everyone likes a good rating.


IBM Verse on Premises 1.0.0.1 integration with Connections Files. How to make it work – Updated

 

I installed Verse on Premises 1.0.0.1 in my environment but when I tried to add a link to a file in Connections when composing an email I got an error “Sorry we cannot retrieve your files at the moment”.

After a chat with my excellent friend and IBM Champion Christoph Stoettner, he found the problem and the solution.
The official documentation about integrating VoP with Connections says to add a few lines at the end of the httpd.conf file:

 

  • Make a backup copy of httpd.conf.
  • Remove any comment symbols (#) from the following lines:
    LoadModule headers_module modules/mod_headers.so
    LoadModule rewrite_module modules/mod_rewrite.so
  • Find the following two lines:
    LoadModule was_ap22_module /opt/IBM/WebSphere/Plugins/bin/64bits/mod_was_ap22_http.so
    WebSpherePluginConfig /opt/IBM/WebSphere/Plugins/config/webserver1/plugin-cfg.xml

    Copy the following lines and paste them directly after the two lines:

    RewriteEngine on
    
    # Minor change to adjust for Cloud vs On-Premises API variation of parameter name
    RewriteCond %{REQUEST_METHOD} PUT
    RewriteCond %{QUERY_STRING} ^(.*)uid=(.*)
    RewriteRule ^/profiles/photo.do /profiles/photo.do?%1userid=%2 [L]
    
    # Added necessary CORS headers when Origin header present
    Header unset Access-Control-Allow-Origin
    SetEnvIf Origin "^https://(vop_server_hostname\.)?(domain_name)$" origin_is=$0
    Header always set Access-Control-Allow-Origin %{origin_is}e env=origin_is
    Header always set Access-Control-Allow-Credentials "true" env=origin_is
    Header always set Access-Control-Allow-Headers "X-Requested-With, Content-Type, slug" env=origin_is
    Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT" env=origin_is
    
    Header always set Access-Control-Max-Age "1000" env=origin_is
    Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT" env=origin_is
    # Header always set Access-Control-Allow-Headers "X-Requested-With, Content-Type, Origin, Authorization, Accept, Client-Security-Token, Accept-Encoding, slug" env=origin_is
    Header always set Access-Control-Allow-Headers "X-Requested-With, Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma, slug, X-Update-Nonce" env=origin_is
    Header always set Access-Control-Expose-Headers "Content-Disposition, Content-Encoding, Content-Length, Date, Transfer-Encoding, Vary, ETag, Set-Cookie, Location, Connection, X-UA-Compatible, X-LConn-Auth, X-LConn-UserId" env=origin_is
    
    # Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request.
    RewriteCond %{REQUEST_METHOD} OPTIONS
    RewriteRule .* - [R=200,L]
    
    # Remove the Origin header if it exists for other requests (POST, GET, DELETE, PUT). Causes problems with Connections returning 403 response.
    RequestHeader unset Origin env=origin_is

     You have to change this line

    SetEnvIf Origin "^https://(vop_server_hostname\.)?(domain_name)$" origin_is=$0

    putting your server name and domain name.
    Examples
    vop_server_hostname = mail01
    domain_name = company.com

    `SetEnvIf Origin “^https://(mail01\.)?(company\.com)$” origin_is=$0`

This is not enough.
Since in the httpd.conf I use a virtual host, as is common in Connections, you need to add those lines also in the virtual host definition, so I copied them after the line

SSLProtocolDisable SSLv2 SSLv3

in the virtual host definition.

Restarted the http server and now the integration works.

UPDATE

The excellent Tim Clark, a good friend of mine and an IBM Champion, made a couple of interesting and useful suggestions in his comment to this post. I will put them here because not everyone read the comments

  1. It is possible to make the https optional with the following RegEx, http(s)?
    So it all looks like this in the end.
    `SetEnvIf Origin “^http(s)?://(mail01\.)?(company.com)$” origin_is=$0`
  2. you can put all the lines to copy and paste in a separate file so that you don’t have to have it listed twice in your httpd.conf file and then use an include to insret it (**twice**) where you need it.`Include “X:\IBM\HTTPServer\conf\vop.conf”`

 


Want a discount for attending IBM Connect ?

Stealing the post from my good friend Sharon Bellamy James. I couldn’t say this better.

Being an IBM Champion is great and it does come with some benefits.

Today all IBM Champions are happy to announce that we can offer YOU a discount of $100 for IBM’s upcoming ICS event – IBM Connect in San Francisco

So what do you need to do – just reach out to an IBM Champion tell us why you want to go to Connect and what your expectations are and as if by magic we will give you the discount code.

Now is a great time to register,  so ping a champ and get the code 🙂


IBM Champion for 2017

I had the great honor of being selected as IBM Champion for 2017, is my second year in a row.
Is great to be part of this group, and I would like to thank Amanda Bauman and Libby Ingrassia from IBM who look after us and do a great job for the Champions community.

There are 7 Champions from Italy, up from 5 of 2016. You can find the complete list here
https://www.ibm.com/developerworks/community/blogs/762e655e-e86c-4624-9662-ee81c6874de1/entry/Introducing_the_2017_IBM_Champions?lang=en