We recently had a requirement to disable TSLv1 in our ADFS instance.  Some portions of Lawson, as well as LBI, still depend on TLSv1 security.  So, the best way to accommodate this requirement, while also making sure the applications stay fully compatible, is to set the QoP (Quality of Protection) protocol to SSL_TLSv2 in WebSphere on all nodes for all products.

To do this, for each WAS instance, log into the console and navigate to SSL certificate and key management > SSL configurations > (cell or node – do them all) > Quality of protection.  Set the protocol to SSL_TLSv2.  Once you have saved these changes for all cells and nodes, restart the server.

To debug batch programs through command-line entry, use the following steps:

To debug batch programs through command-line entry

  1. If LAWENV is not called as part of your user profile’s sign-on program, you must call the LAWENV program to set the environment variables correctly.
    1. At the IBM i command line, type
      CALL LAWENV
    2. Type the name of an Environment and press Enter.
  1. Compile the program you want to debug. At the Qshell command line, type
    qcompile -D productline systemcode programcode

Note: If you need to include modules in the compile, use qcompile -Dm productline systemcode programcode .

  1. Submit the program to a job queue that is on hold or is not tied to a subsystem (so that the batch job does not execute).
  2. Start a service job for the program.
    1. Get the job information by typing at the IBM i command line,
      WRKJOBQ QueueName
      where QueueName is the job queue to which you submitted the batch program.Select option 5 (Work with) for the job queue and then write down the job, user, and job number information for the appropriate job.Note: You can also use the WRKUSRJOB command to find the job information, but this may yield a much longer list of jobs to view in order to find the one you need.
    2. At the IBM i command line, type:
      STRSRVJOB JobNumber/UserName/JobName
  1. Start debug. At the command line, type STRDBGand prompt it (F4). Make sure the library is the one where you compiled the source and that UPDPROD(*YES) is set. If the information is correct, press Enter.
  2. When source listing appears, press F12to resume.
  3. Start the batch program by changing the job to run in an active queue. On the “Work with Job Queue” screen, enter 2(Change) to change the job queue for the job. After typing in the job queue name, press Enter.The ILE debugger will display the “Start Serviced Job” screen with the following message: “The serviced job has been released from the job queue. Press Enter to start the job or F10 to enter debug commands for that job.”
  4. Press F10and then at the IBM i command line, type:DSPMODSRC
  1. Set break points (F6), then press F12, and then press F3 to return to the “Start Serviced Job” screen.
  2. Press Enterto run the program.
  3. After finished with debugging, end debug and the service job. At the IBM i command line, type:
    ENDDBG
    thenENDSRVJOB

Users are receiving the following error when running a query or upload in Microsoft Office Add-ins:

FATAL ERROR: ITEM_SECURED

File FILERELFLD is secured.

 

Resolution:

This is a security setup/configuration issue.

First, you need to decide where the security rule needs to be added.  The steps below are very specific to doing this change to the ADDINS security class which Infor Lawson delivers out of the box. This ADDINS security class is assigned to the LawsonQueryToolsRole security role.  In general, end users that need to use MOA should have the LawsonQueryToolsRole assigned to them since it’s an out of the box deliverable allowing all necessary access to the items need for use with MOA.  If you are using a different configuration, then in the steps below, instead of ADDINS, you’d add the rule to the appropriate security class.  That security class would need to be assigned to a ROLE that the user already has assigned to them.

  1. Log into Lawson Security Administrator (LSA)
  2. Click on “Profile Management” tab
  3. Click on “Profiles”
  4. Double-click on the “GEN” Profile id
  5. Double-click on the “ADDINS” security class name
  6. Click on the “Add Rule” button
  7. Change the “Securable Types” to “Files”
  8. Expand (Click on +) “CS”
  9. Locate the table that is showing in the error in the list under “CS” (Example: FILERELFLD) and put a check mark in the box next to it
  10. Click on “Apply” and have the user test.

Your error should go away.

After a Java update in Landmark, there are typical steps to follow to reset the java location.  Firstly, change the JAVA_HOME and LAW_JAVA_HOME environment variables.  Verify that the new path is also stored in the Path environment variable.

 

Next, run the change-jdk.jar command in the grid home/tools folder.

Finally, validate the LAW_JAVA_HOME setting in the config.bat file.

After those steps are completed, reboot the server and make sure the application starts.  If it doesn’t, it’s time to get into the nitty gritty.

Open up the Grid Manager.  Click on Configuration > Grid Configuration.

Select Grid Properties.

Under Node Properties, select Java Executable.

It is most likely pointing to the old location for Java.  Fix that, then reboot and you should be good to go.

When we try to update some user records on the Infor Security Services (ISS) webpage, it gives an error stating: “loadResource(): returned identity [User:] already exists”

This error is due to missing extended attributes in LDAP. The extended attributes are what allow ISS to know that the user exists in LMK and are created when a user is added via ISS or the user is included in a sync.

To create the extended attributes for the user, you have two options (we recommend step 1):

  1. Run a list-based sync for the user who you are getting the error on.
  2. Run a full sync via the ISS webpage.

 

See LSSCG_11.0.0.0_UWA.pdf via Infor Concierge for example on list-based sync.

 

This is typically done by a Lawson technical resource. Organizations often hire a Lawson consultant team who offer managed services at a fixed monthly rate. These Lawson teams have a wider range of expertise and knowledge and are ideal for larger organizations but also are great for smaller ones that don’t need a dedicated Lawson employee on-site. Nogalis does offer this as a service so feel free to reach out to us via our contact page.

There is a known issue after some Java updates where lase won’t start, and attempting to run the bcinstall.jar throws the exception “JCE cannot authenticate the provider BC” in the lase_server logs.  When the LASE fails to start after a Java update, this issue can only be resolved by installing a compatible Lawson CU.

When this happens, you will either need to revert to the previous version of Java, or update LSFCT to the minimally compatible CU (or later).

For Lawson version 10.0.9, the minimum CU is 4.

For Lawson version 10.0.10, the minimum CU is 5.

For Lawson version 10.0.11, the minimum CU is 6.

 

To debug online programs through command-line entry, follow these steps:

  1. If LAWENV is not called as part of your user profile’s sign-on program, you must call the LAWENV program to set the environment variables correctly.
      1. At the IBM i command line, type
        CALL LAWENV
      2. Type the name of an Environment and press Enter.
  1. Compile the program you want to debug. At the Qshell command line, typeqcompile -D productline systemcode programcode

Note: If you need to include modules in the compile, use qcompile -Dm productline systemcode programcode .

  1. End any jobs using the previously compiled version of the program. At the IBM i command line, type:CALL TMCONTROL PARM(’-rp’ Productline Program)

Example (IBM i command line):

CALL TMCONTROL PARM(’-rp’ LAWAPP9 PR14)

  1. Access the online form either through Lawson Interface Desktop (LID) or Lawson for Infor Ming.le, and perform a transaction.
  2. Start a service job for the program.
    1. Get the job information by typing at the IBM i command line:WRKACTJOB SBS(Subsystem)

      Find the appropriate LATMProgramName job in the appropriate subsystem, and then select option 5 (Work with). Select option 1 to confirm that it is the correct job. If it is correct, return to the previous screen and note the job number, user name, and job name (which will be LATMProgramName).

      Note: You can also use the WRKSBS command to find the appropriate subsystem and then LATMProgramName job.

    2. At the IBM i command line, type:

      STRSRVJOB JobNumber/UserName/JobName
  1. Start debug. At the IBM i command line, type STRDBGand prompt it (F4). Make sure the library is the one where you compiled the source. If the information is correct, press Enter.
  2. When source listing appears, set break points (F6), then press F12.
  3. Perform another transaction with the online program.
  4. After finished with debugging, end debug and the service job. At the IBM i command line, type

ENDDBG

then

ENDSRVJOB