ShowTable of Contents
Installation Tips and Troubleshooting
- Keep installation paths short. WebSphere has an 80 character limit for profile path names.
- When installing multiple products on same machine, only Cell profile types can co-exist. (Do select a Network deployment if you intent to install multiple Sametime servers on the Sametime Windows machines. For UNIX platforms this is possible on different filesystems).
- Do not use System Console database for attaching into the Meeting Server deployment plan. The Sametime System Console and the Meetings server databases must be separate.
- Make sure that the LDAP server and DB2 server are available during the product installation and the appropriate ports are open. To ensure these servers are reachable, you can telnet to them through their corresponding ports.
- telnet db2server.hosname.com 50000 (may be 50001)
- telnet ldapserver.hostname.com 389 (636 for SSL)
Make sure Servers are started correctly
The most common problem seen with the Sametime System Console is that the servers are not started properly. The Sametime System Console should have 3 components running - the Deployment Manager, the Node Agent, and STConsoleServer.
- startServer.bat(sh) STConsoleServer
On a Windows Platform the following example commands should of been run
- C:\Program Files\IBM\WebSphere\AppServer\profiles\STSCDMgrProfile\bin\startManager.bat
- C:\Program Files\IBM\WebSphere\AppServer\profiles\STSCAppProfile\bin\startNode.bat
- C:\Program Files\IBM\WebSphere\AppServer\profiles\STSCAppProfile\bin\startServer STConsoleServer
To verify if each server is running, use the serverStatus.bat(sh)
For example to check if the Deployment Manager is running:
- C:\Program Files\IBM\WebSphere\AppServer\profiles\STSCDMgrProfile\bin\serverStatus -all -username -password
To verify if the node agent and STConsoleServer are running
- C:\Program Files\IBM\WebSphere\AppServer\profiles\STSCAppServer\bin\serverStatus -all -username -password
Troubleshooting Logging in and LDAP
In the event you are unable to log in the Sametime System Console (SSC) or the Websphere Integrated Solutions Console (ISC), if you have access to the machine. you can turn off the security to login and check your LDAP
To disable administrative security:
1. At the command prompt, type the following command: \WebSphere_home\bin\wsadmin.bat -conntype NONE
2. When the system command prompt redisplays, type the following command: securityoff
3. Type quit and restart the application server
When setting up the connection to LDAP through the Sametime System Console(SSC) wizard, an active ping is sent to the LDAP server. If ping is blocked, LDAP settings won't be validated and setup will not complete. You will notice the rejection in the firewall log. Ping must temporarily be allowed.
Reviewing your LDAP Settings
- When reviewing your LDAP settings, make sure the WebSphere Administrator (wasadmin) does NOT exist in your LDAP directory.
- It is sometimes required to use authenticated access for LDAP. Even though validation passes, when installing WebSphere it may not be able to retrieve all attribute values.
You must have a Base DN
When configuring Lotus Sametime 8.5 to use a Domino LDAP server, you must specify a base DN. Currently, the Sametime System Console allows for a blank DN to be used, which then creates the Websphere Federated Repository Realm to be created as "c=us".
In turn, this setup might cause issues when resolving Sametime Policies for your authenticated users, which will in turn prevent users from being able to create and attend meetings.
For more information review the Lotus Software Knowledge Base Document Authenticated users cannot create or attend meetings when Sametime uses Domino LDAP
A Note on Active Directory:
The saMAccountName attribute for Active Directory should NOT be used. Use the uid attribute instead, it will map accordingly to this attribute. See Lotus Software Knowledge Base Document Configuring Sametime 8.5 servers with Microsoft Active Directory LDAP
Troubleshooting Deployment Plans
Deployment plans still show Install/Registered even after you uninstalled a server
If you have uninstalled a Sametime server and the Sametme System Console deployment plan still shows the server as Installed/Registered there is a script that can be run to update this entry.
1. Run the updateStaleEntry utility:
a. Open a command window and run the following command:
- AIX, Linux, Solaris: ./updateStaleEntry.sh -uninstall
- Windows: updateStaleEntry.bat -uninstall
b. When prompted, provide the product type, host name, install type, and deployment name for the Lotus Sametime server that you are removing from the console's database.
The utility removes the server from the database and generates the ConsoleUtility.log file, storing it in the console/logs directory.
2. Restart the Lotus Sametime System Console.
For more information running the updateStaleEntry utility, see the Sametime 8.5 Information Center
Troubleshooting Sametime Policies
If you have created a policy and do not think it has been assigned to a user or group:
- Use the tool in Sametime System Console to check which policy is applied to a user
- If policies are not in effect for Community Server users, check that it is configured to use SSC in the sametime.ini
- If settings change was recent, community server will refresh after 1 hour, or you can restart the community server and it will refresh its cache upon startup
Firewalls and Ports
The System Console Server needs access through the following ports
for the following servers
- DB2® port (default 50000 on windows)
- LDAP (default 389 or 636)
- Meetings, Gateway, Media, Proxy
- SOAP port (default 8880)
- AboutThisProfile.txt SOAP connector port value
- Meeting Server needs access to SSC db (default port 50000 on windows) Community
- HTTP or HTTPs (default 80 and 443)
- Community needs access to SSC HTTP or HTTPS (default 9080 and 9443)
- Installation Utilities need access to SSC
- SSC HTTP or HTTPs (default 9080 or 9443)
Sametime System Console Error Message
Sametime System Console errors start with 'AIDSC' followed by a 4 digit number. For example, 'AIDSC1234E'. Look for these errors when you are troubleshooting the SSC in your log files.
All error messages get logged to the SystemOut.log on the Sametime System Console deployment manager (SSC dmgr) and STConsoleServer, occasionally the nodeAgent.
Location for SSC server logs
- ISC Portlets - Client side logs
- \WAS_INSTALL_ROOT\profiles\STSCDMgrProfile\logs\dmgr \profiles\STSCAppProfile\logs\STConsoleServer
- SSC Server – Server side logs
- Location for SSC client registration utility
- \Product_Install_Location\console\logs (C:\WebSphere\STServerCell\console\logs)