Below is a cheat sheet for batch status numbers & their descriptions:

There are several use cases for querying the QUEUEDJOB table in GEN in order to get batch job details, such as status and run times.  The status is stored as a numeric value, not the actual status that is seen in the GUI. It can also be useful to be able to map it to the description.  Here are the batch job status numbers with their descriptions:

# 0 – Running
# 30 – Waiting
# 31 – Waiting Step
# 32 – Waiting On Time
# 33 – Waiting Recovery
# 34 – Needs Recovery
# 35 – Invalid Parameters
# 36 – Queue Inactive
# 37 – On Hold
# 60 – Recurring Skipped
# 61 – Recovery Deleted
# 62 – Cancelled
# 63 – Normal Completion

 

Jobs is in needs recovery with error

tsStoreDBRec error is Record was modified or deleted since your retrieval (131). Additional information is 100. Additional Text is: ModifySqlRec

There are 3 bad invoices in APINVOICE and APPAYMENT with no distribution records in APDISTRIB.

The 3 bad records are as follows

 

Resolution:

In SQL Manger, query the APINVOICE and APPAYMENT files for any invoices with bad name format as below:

Verify these records do not have any distributions records in APDISTRIB. If not, Delete these bad invoices.

APPAYMENT

APINVOICE

Run commit to commit the changes

Go into lawson and recover the job

Keywords:

 

 

PROBLEM:

 

I continue to receive the following error message  when attempting to log into LID:

That indicates a license issue.

so I ran licsta -r  and found the license file is corrupt because it reverted to client 9999.

 

> licsta -r

 

Active License Status For Client 9999

 

License Code/  Active  Licensed  Highest

Application    Users    Users      Use    Expiration Date

———–    ——  ——–  ——-  —————

default                  2         7    Thu Aug 31 13:25:17 2023

PR           2                       Not Licensed

LP           1                       Not Licensed

HR           1                       Not Licensed

un              4       10       13    Sun Sep 17 10:39:42 2023

 

Run licsta -f and verified the file is corrupt.

> licsta -f

File [E:\lawson\law\system\license] not copied to E:\lawson\law\system\tmplicense] – Error [33]

Unable to Read License File Header – File May Be Corrupted

 

You will need to request a new software license key and re-install the license file.

 

Sometime you may have a need to update your LDAP bind connection, such as when the domain controller you are bound to is decommissioned.

To update the LDAP bind connection,

First figure out which service is using ldap bind.  To do that, go to http(s)://<server>:<port>/ssoconfig/SSOCfgInfoServlet.  Make a note of the service name displayed on the page.

Next, log into ssoconfig and export that service:

Now, open the file you just exported.  Update the OVERRIDE attribute to “true”.  Update the “PROVIDER” element to the new server and port.

Next, upload your updated file into ssoconfig.  The syntax is ssoconfig -l <password> <full file path>

For example:

Ssoconfig data is stored in the security cache, so you will need to recycle your system for this change to take effect.

NOTE: If you need to change the credentials for the domain controller, this will be an extra process.  You will need to update the service associated with your LDAP bind.  This is most likely your SSOP_BIND service.  You can look under privileged identities in Lawson Security, check for a “DEFAULT” key associated with your ldap bind user.  That is your LDAP bind service.

To update the credentials for this service, log into ssoconfig and select Manage privileged access to services > Change existing identity.  Enter the service that you noted above.  Enter the correct user DN.  Enter the password.

Recycle Lawson.

 

If you have a PR160 job that goes into recovery because your ACH path is not correct:

You can modify the exact PR160 job that is in recovering by dumping the job with jobdump command in Lawson Interface Desktop (LID).

Example of command: jobdump -d -o Job -v UserName joesmoe jobdump.dmp

What to change: jobdump -d -o Job -v UserName <your_jobs_username> <enter_the_jobname>.dmp

Edit the dumped job file and change the ACH path ONLY and recover the job to see if it is resolved.

Load the job in report mode (to check for errors): jobload -o Job jobdump.dmp

Load the job in commit mode if it looks good: jobload -c -o Job jobdump.dmp

Problem:           

If your controller is failing and you need to move the LSF LDAP to another controller

Resolution:

Edit the ldapbind information in the SSOP service and reload it.

  1. Create a dump of the SSOP service:
  • ssoconfig -c
  • Option 5 Manage Lawson services
  • Option 6 Export service and identity info
  • Option 2 for not all services
  • Enter SSOP in upper case
  • Enter NONE in upper case
  • Give a filename (it will write out the file to the directory you are in when you run the ssoconfig -c command.) Example: ssop_prod.xml
  • Exit the ssoconfig menu.
  1. Make a copy of the .xml file that you just created. This is your backup of the SSOP service in its original state.
  2. Then edit the first .xml file and change the following lines:

<BATCH_LOAD FORMAT=”” OVERRIDE=”false”>

to

<BATCH_LOAD FORMAT=”” OVERRIDE=”true”>

 

and this line to the new machine name and port:

<PROVIDER>ldap://dc1.lawson.com:3268</PROVIDER>

to

<PROVIDER>ldap://dc2.lawson.com:3268</PROVIDER>

  1. Save the file.
  2. Do one of the following to load the modified SSOP service file:

ssoconfig -l ssoconfig_password filename.xml

Exit.

  1. A stop and start of the Lawson environment and WebSphere application server is required in order for this to take affect.

 

To suppress Receiving Delivery and Putaway (PO134) delivery tickets when MSCM Delivery Documents are all that is needed is to disable the Back-Office PO Receiving (PO30) Receiving Delivery and Putaway (PO134) delivery ticket by removing the printer from PO Receiving (PO30) or create a dummy printer to stop the back-office delivery ticket from printing.

Removing the printer from PO Receiving (PO30) only works if the user does not have a default printer assigned to them. After being removed, the default printer will simply populate back in the field upon clicking change.

Additionally, an enhancement to PO Company Setup (PO01) was added which provides a flag called “Delivery and Putaway Ticket Print” which allows disabling the delivery ticket printing at the company level.

Installing LDAP certificate in AD LDS instance

  1. Identify the AD LDS service instance in Services
    • LSF
  2. Launch MMC (Microsoft Management Console)
  3. Choose File > Add/Remove Snap-In
  4. Add the certificates Snap-In
  5. Choose “Service” account and click “Next”
  6. Choose “Local Computer” and click “Next”
  7. Choose the Service Account for your AD LDS service and click “Finish”

  8. Right-click on the service that was added and select “All Tasks > Import”
  9. Click next and browse to the .pfx certificate file. Click “Next”
  10. Enter the private key password
  11. Place the certificate in the <AD LDS service>\Personal store
  12. Click Next then Finish

 

 

Export the certificate for Java OS & Java WebSphere

  1. Right click the certificate > All Tasks > Export and click Next
  2. Do not export the private key
  3. Choose Base-64 encoded X.509 (.cer) and click Next
  4. Choose a location to save the file for later use
  5. Click finish

Grant Permissions to Certificate Container

  1. Run command “certutil -store MY’
  2. Find the container with your AD LDS certificate using the thumbprint to identify it
  3. Give NETWORK SERVICE read & execute permissions on the key container file AND the key container directory (C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys)
  4. Stop the AD LDS environment service
  5. Restart the AD LDS service

Smoke Test

  1. Open the ldp.exe tool
  2. Type the server FQDN > SSL port and check the SSL box
  3. Click “OK”
  4. Successful connection to LDAPS

Update the LDAP Certificate in WebSphere

Cell Trust Store

  1. Access the WAS Admin Console and navigate to: Security > SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates
  2. Click the Retrieve from port button.
  3. Host: <your AD LDS host>
  4. Port: 636
  5. Alias: give it a meaningful name
  6. Click Retrieve signer information.
  7. Click OK & save changes.

 

Node Trust Store

  1. Access the WAS Admin Console and navigate to: Security > SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore (for the LSF server) > Signer certificates
  2. Click the Retrieve from port button.
  3. Host: <your AD LDS host>
  4. Port: 636
  5. Alias: give it a meaningful name
  6. Click Retrieve signer information.
  7. Click OK & save changes.

 

Perform these same steps in the Landmark websphere instance.

Update LDAP Certificate in OS Java

Do this in both Lawson and Landmark

  1. Open a command line and set environment variables
  2. Run command “where java” to determine where LAW_JAVA_HOME is located
  3. Back up <LAW_JAVA_HOME>/jre/lib/security/cacerts
  4. Copy the cert that you exported from the LSF service from the Lawson server to the Landmark server
    • This is the cert you will be importing into cacerts
  5. Run the ikeyman utility at WAS_HOME/bin
  6. Open the LAW_JAVA_HOME/jre/lib/cacerts file and select the Key database type of JKS
  7. Type password “changeit” (default)
  8. Select “Signer Certificates”
  9. Delete the existing certificate, then re-add it
  10. Click “add” and navigate to the ldap certificate exported earlier
  11. Give it a meaningful name

Update LDAP Certificate in WebSphere Java

  1. WebSphere Java directory is WAS_HOME/Java
  2. Back up files WAS_HOME/java/jre\security/cacerts
  3. Peform the same steps as OS Java using iKeyman for both Java instances