Premaster RSA secret error with 4096-bit encryption in WAS ISC

Had a customer the other day that couldn’t import their SSL certificate into the WebSphere Application Server (WAS) Integrated Solutions Console (ISC) due to a “RSA premaster secret” error being shown when attempting the import. A PMR with IBM Support confirmed my suspicion that export restrictions was in play. Here is the response from IBM Support.

The premaster RSA secret error with 4096-bit encryption is usually due to the unrestricted JCE policy requirement.

Please, try to install the unrestricted policy files as follow:

  • Take existing jar file backup from /usr/WebSphere/AppServer/java/jre/lib/security
  • Go to the following website: http://www.ibm.com/developerworks/java/jdk/security/index.html.
    • Click Java SE 6
    • Click IBM SDK Policy files. The Unrestricted JCE Policy files for the SDK website is displayed.
    • Click Sign in and provide your IBM ID and password or register with IBM to download the files.
    • Select Unrestricted JCE Policy files for SDK for all newer versions (version 1.4.2 and higher) and click Continue.
    • View the license agreement and then click I Agree.
    • Click Download Now.
    • Install the files. Extract the file: unrestricted.zip into a directory of your choice. Copy the .jar files from the extraction directory to following
      directoriy: /usr/WebSphere/AppServer/java/jre/lib/security
    • Restart the server.

R.I.P. Tim

I’m deeply saddened by the news that Tim Tripcony has passed. There are very few people that I as a programmer / coder look up to, who inspire and impress me and who I admire. Tim was one of those and now I’ll never get to admit it to his face.

R.I.P. Tim.

Installing TDI v. 7.1 on Windows Server 2012

Trying to install IBM Tivoli Directory Integrator (TDI) v. 7.1 for IBM Connections on Windows Server 2012 I got the following error:

ZeroGu2: Windows DLL failed to load
	at ZeroGa2.b(DashoA10*..)
	at ZeroGa2.b(DashoA10*..)
	at com.zerog.ia.installer.LifeCycleManager.b(DashoA10*..)
	at com.zerog.ia.installer.LifeCycleManager.a(DashoA10*..)
	at com.zerog.ia.installer.Main.main(DashoA10*..)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at com.zerog.lax.LAX.launch(DashoA10*..)
	at com.zerog.lax.LAX.main(DashoA10*..)

Solution was to right click the installer and set compatibility mode to Windows 7.

Fixing an IBM Connections Social Mail CPU spike problem

The other day we did a test upgrade of our internal IBM Connections 4.5 environment from CR3 to CR4 before doing the real upgrade. After the upgrade the CPU of the WebSphere Application Server node (we are in a single node architecture) would spike to a 100%. After some digging and perusing of log files we narrowed the problem down to IBM Social Mail and that component being loaded. Actually even more specifically to the Discovery Servlet which is used to discover the mail service for a particular user. The issue appeared to be a hung thread as indicated by the below stacktrace. See highlight in bold.

[4/30/14 13:39:51:534 CEST] 00000040 ThreadMonitor W WSVR0605W: Thread "WebContainer : 5" (0000014b) has been
active for 770854 milliseconds and may be hung. There is/are 1 thread(s) in total in the server that may be hung.
at org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader.getBundle(DefaultClassLoader.java:273)
at org.apache.aries.jndi.Utils.getBundleContext(Utils.java:111)
at org.apache.aries.jndi.Utils.doGetBundleContext(Utils.java:99)
at org.apache.aries.jndi.Utils.access$100(Utils.java:43)
at org.apache.aries.jndi.Utils$1.run(Utils.java:68)
at org.apache.aries.jndi.Utils$1.run(Utils.java:66)
at java.security.AccessController.doPrivileged(AccessController.java:229)
at org.apache.aries.jndi.Utils.getBundleContext(Utils.java:66)
at org.apache.aries.jndi.OSGiInitialContextFactoryBuilder.getInitialContext(OSGiInitialContextFactoryBuilder.java:44)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:232)
at javax.naming.InitialContext.initializeDefaultInitCtx(InitialContext.java:318)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:348)
at javax.naming.InitialContext.internalInit(InitialContext.java:286)
at javax.naming.InitialContext.(InitialContext.java:211)
at javax.naming.directory.InitialDirContext.(InitialDirContext.java:91)
at com.ibm.social.pim.discovery.ldap.domino.DominoLDAPConnector.connect(DominoLDAPConnector.java:68)
at com.ibm.social.pim.discovery.services.domino.LDAPPersonData.findPerson(LDAPPersonData.java:43)
at com.ibm.social.pim.discovery.services.domino.LDAPPersonData.findPerson(LDAPPersonData.java:69)
at com.ibm.social.pim.discovery.services.domino.DominoMailServiceLDAPConnector.connect(DominoMailServiceLDAPConnector.java:69)
at com.ibm.social.pim.discovery.services.domino.DominoMailServiceLDAPConnector.connect(DominoMailServiceLDAPConnector.java:61)
at com.ibm.social.pim.discovery.DiscoveryServiceManager.findUserByEmail(DiscoveryServiceManager.java:163)
at com.ibm.social.pim.discovery.servlet.DiscoveryServlet.doDiscovery(DiscoveryServlet.java:229)
at com.ibm.social.pim.discovery.servlet.DiscoveryServlet.processRequest(DiscoveryServlet.java:198)
at com.ibm.social.pim.discovery.servlet.DiscoveryServlet.doGet(DiscoveryServlet.java:139)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:575)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)

We dug around a little without success so I reached out to a friend at IBM and the answer came back. This is an issue that has been seen before and is solved by fixpack 8 of IBM WebSphere Application Server so we upgraded to 8.0.0.8 and sure enough we are back up and running. Apparently fixpack 8 is now supported and actually reading through the detailed system requirements lists that (“IBM Connections 4.5 CR4 and above recommends WAS 8.0.0.8. WAS 8.0.0.6 with required fixes is still supported (see the detailed report for CR3) .”)

Thanks to friends at IBM.

It’s been a while!

Wow! Blogging hasn’t really been my thing for a while. Actually I realize that I’ve flow a bit below the radar for the last couple of months. November saw the birth of our second child (a son, Matheo) and we’re still adjusting a bit to the life as a two-kids family though it’s getting easier. I sure enjoyed going to Summer Time this year as it means that he wakes up at 6am instead of 5am. Besides that 2013 ended in work, work and preparations for Connect 2014.

IBM Connect 2014 is still kind of haze to me. I had way too much going on without really remembering doing anything. If we talked at IBM Connect 2014 I cannot remember and if I promised anything may I suggest you get back to me on it? Seriously I tried to do too much. If I go next year it will need to be less stressful. To much with two sessions, Champions stuff, a booth and loads of customers to talk to. After IBM Connect 2014 I took two weeks of vacation with the family which didn’t really make me feel relaxed. Not a good sign. Due to this I really did dial it down and February, March and April have been “off line” months and I’ve tried to concentrate on family.

I’ve also dug in and concentrated on near term work at IntraVision. I’ve done a bit of consulting and we’ve just put the final touched on OnTime Group Calendar v. 3.8.5 today and will be shipping it next week. It’s been nice getting back into Eclipse and SWT coding bringing the new features in OnTime to “my” user interfaces in Notes meaning the full screen UI and the sidebar component. It’s been days of GC, string extents and FontMetrics. It’s been great. I’ve also made the switch from SVN to Git for the 30 repos for these UI’s and it’s been great. Before making the move it was hard for me to comprehend Git and why it was “the next big thing” but after making the move I cannot imaging going back. I just love Git.

All the work on OnTime is leading up to loads of events in May in Denmark, Germany, Norway, Czech Republic (actually June, Social Connections VI) and – I’m happy to say – Japan for XCITE. I’m very excited that I’m heading back to Japan in two weeks for the XCITE event there and to meet customers and partners out there. It’s going to be so great.I’m looking to the trip, the food, being back in Japan and meeting up with friends there.

Due to me flying below the radar I’ve also reevaluated this blog and what I do on the “social” side. I want to get back into Twitter and I’ll try and use this blog for a weekly catch up post. We’ll see how it goes. If nothing else this post may be a beginning although I’ve learned not to promise anything.

Boy it felt great posting again.

Writing command line scripts with node.js

Found this little tip this morning to make it easier to use command line scripts written in node.js. Instead of having your node.js file(s) and invoking it using “node myfile.js” on the Mac you can simply do the following:

  1. At the top of the file as the first line add: #!/bin/usr/env node
  2. Make the file executable using chmod +x myfile.js
  3. Invoke away

Now the file is usable by simply using myfile.js.

Year in review 2012 (not a typo)

Boy 2013 was a busy year. In fact it’s been so busy and I have been so bad at blogging that I never got around to finish my year end review for 2012. In a draft blog post I had the following:

“2012 was a busy year – maybe the busiest year I’ve had in a long time. Besides numerous customer projects here in Denmark I’ve also been involved in a number of international projects and traveled more than ever before. I went to the US twice, Japan twice, Australia once, and to too many European countries to mention. I spoke at and participated in more conferences than usually (Social AppDev workshop, Dublin / Social Connections IV, Amsterdam / BLUG, Belgium / LoLA, US / DNUG, Germany / AusLUG, Australia / UKLUG, Ireland / ITPro Expo, Japan / Lotusphere, US). Wow! 2012 sure was busy. At Lotusphere 2012 I was happy to present a session and sit among the other IBM Champions at the OGS. I was super pleased to see the OnTime logo on the BIG, BIG, BIG screen. I participated in the Social App Throwdown session which proved to be more work than anticipated but well worth it. What a great experience and a great session it was.

2012 was also the year where we (OnTime) decided that it was time to go into the Japanese market. We traveled to Tokyo in March without any expectations or any solid plans but ended up with a stellar partner in Axcel Corp. who’s now our partner in Japan. Check out ontimesuite.jp to learn more about OnTime in Japan. In October we went back to support our partner at the ITPro Expo at the Tokyo Big Sight venue. In Tokyo we joined our partner at the booth at the annual ITPro Expo. It would prove to be a lesson to many IBM Lotus Notes/Domino markets out there as it clearly shows why Japan is a thriving and vibrant Notes/Domino market. They do so much stuff right marketingwise and leaves so many markets in the dust. Including Denmark. Really. It was very interesting to see.

Japan is a very interesting market and it will be very interesting to follow in the coming months how it evolves.”

My IBM Connect 2014 sessions

It’s been a very busy fall and christmas for me so I haven’t bragged about being chosen to speak at IBM Connect 2014 on my blog besides creating a new static page for the event that will – eventually – sum up what I’m up to at the event. I am fortunate enough be have been selected to speak in two sessions – one with my good buddy Mat Newman (aka Yellow Man) and one solo. Below are the session IDs (probably subject to change), the session titles and the abstracts.

BP301 An Introduction to Working with the Activity Stream

The future of business is social and the activity stream is the way events and messages are communicated in the social business. In this session, you’ll learn all there is to know about the activity stream including exactly what it is, just how many streams there are, how to adopt the concepts to business applications and how to submit to the stream from other applications than IBM Connections. You’ll also learn important concepts such as submitting events to other people and as other people. This session is for you if you want to start working the activity stream but are unsure just how to get started regardless if your favorite development environment is JavaScript, XPages, Java or even the plain vanilla HTTP based REST API.

BP309 Next Generation Project Management: Collaborating Inside and Outside the Box

Working within teams challenges individuals to connect, coordinate and collaborate to achieve a successful outcome. Often, this involves managing vast amounts of information and tracking progress which traditional forms of communication struggle with. The Solution? IBM Connections! We’ll demonstrate how IBM Connections revolutionizes the way teams work by: connecting with appropriate expertise, communicating more effectively, coordinating effort effortlessly and collaborating productively from both inside and outside the box.

Better get cracking at preparing for the event which is just shy of 25 days away…