Resetting TF11 password on windows

, ,

Here is a step by step guide to reset your TF11 password on windows.

 

Step 1:

Login to MSSQL and navigate to TF11/Security/Logins/TF11 and double click to open and reset the password on the General Tab.

 

 

Step 2:

Open windows explorer and right mouse click on This PC and go to Properties

 

You get this screen

Click on Advanced System Settings

Click on Environment Variables

Scroll down and find TF11_Connect and select and click Edit to change the password to the new password.

Click OK all the way out to save the changes.

 

Use ODBC to validate if a TEST is successful

Go to D:\Tomcat8\PRD-11\conf\Catalina\localhost

Edit the eTF11d1#PRD.xml file and change the password to the new password.

 

Then restart the Apache services

 

Inbasket not showing tasks to approve in Lawson

, ,

Problem: A user doesn’t see their tasks to approve in Lawson

Example of Inbasket missing tasks on left column:

 

In Process Server Administrator or Lawson Rich Client, verify the user didn’t have a recent name change and that their task filters are setup correctly in Landmark:

 

Regularly generating reports and maintaining your requisition process level filters is key to avoiding these work flow issues which can delay important equipment, supplies etc. for weeks.

 

To avoid these pitfalls, some organizations hire Lawson consultants that offer managed services to perform such maintenance to prevent these recurring issues. It’s a common alternative instead of solely relying on a single Lawson employee who is expected to have wide set of expertise on all these systems.

Updating the ADFS Token-Signing Certificates

, ,

When the ADFS Token-Signing certificate is updated on the ADFS server, it will have to be imported to Lawson and Infor OS.  The networking team should let the Lawson team know when the certificate is being updated in ADFS.

The networking team will need to export the certificate and provide you with the “.cer” file before these tasks can be completed.

Update the Certificate in Lawson

  1. Log onto the Lawson Server
  2. Start a ssoconfig -c session
  3. Go to “Manage WS Federation Settings” > “Manage Certificates”
  4. Select “Delete IdP certificate”
    1. Enter the IdP service name for your ADFS configuration
  5. Select “Import IdP Certificate”
    1. Enter the IdP service name for your ADFS configuration
    2. Provide the full path where you have the token-signing certificate saved

Reboot the server

 

Update the Certificate in Landmark

  1. Open a LMK command line window
  2. Type in secadm -m
  3. Type the password
  4. Manage WS Federation Settings > Manage WS Federation Certificate
  5. Select “Delete IdP Certificate”
    1. Enter the IdP service name for your ADFS configuration
    2. Property name is IdPSigningCertificate
  6. Exit
  7. Select “Import IdP Certificate”
    1. Enter the IdP service name for your ADFS configuration
    2. Provide the full certificate path
    3. Property name is IdPSigningCertificate

 

Update the Certificate in Infor OS

Log into the Infor OS server as the LAWSON user

Double-click on the desktop icon for InforOSManager

 

Go to Identity providers on the left side

Double-click on the identity provider

 

Select “From URL” to import the new certificate and metadata

Provide the URL: https://<adfsserver>/federationmetadata/2007-06/federationmetadata.xml

Click “Load”

Make sure the certificates load (there may only be one, but there should be at least one)

 Reboot the server

 

WorkUnits Not Running

, ,

Problem Description

WorkUnits are not moving forward after a user takes an approve action in the inbasketRoot

 

Cause

The Lawson user was set to have “Run as” disabled. This prevents WorkUnits from successfully updating their PfiQueueTask records to move forward. This occurred as part of a sync that was executed a week before. The ISS SCWebAppAdmin had the Lawson user flagged as run as “No“, when the sync occurred the Landmark Lawson actor was updated. This did not impact the system until a week later when the Landmark system was restarted after applying windows patches.

 

 Solution

Change the Lawson user to “run as enabled”

and push that new setting and do a rolling restart on LPA/LmrkAll node to restore functionality.

 

 

 

505 – Internal server error when accessing Lawson Inbasket

, ,

This problem can occur after updating Lawson and Landmark from an older version and or when organizations update previous users to a newer naming convention.

 

Problem: A user is trying to access their Inbasket to approve orders but receive the error below:

 

  1. Validate the user is setup correctly in Lawson Security
  2. Validate the user is setup correctly in Landmark via Rich Client or Process Server Admin
  3. The RMID in Lawson Security must match the Landmark Actor ID.
  4. If Step 3 does not resolve the error, look into the IOS.log and see how the users RMID is appearing there and make sure the Actor ID matches the casing there.

This can be a tricky issue to resolve, especially for organizations with a single Lawson professional to debug while they are swarmed in daily tickets and also tasked with maintaining recurring process flows.

Alternatively, organizations will hire a Lawson consultant team that have a wider range of expertise who offer managed services at a fixed monthly rate. This would be more ideal for larger organizations with many daily tickets or workflows to maintain or even smaller ones who don’t need a single dedicated Lawson professional but still need weekly maintenance/support.

 

How to search for user properties in LDAP

, ,

Searching for user properties in LDAP may not be as straightforward to do or you may not have had formal instructions in past to do this task. Below is a step-by-step guide to easily search for user properties in the LDAP application.

 

D:\LSF > ldifde -f cli.ldif -r “samAccountName=Cli”

Connecting to “cust.private”

Logging in as current user using SSPI

Exporting directory to file cli.ldif

Searching for entries…

Writing out entries1 entries exported

 

The command has completed successfully

D:\LSF > ls cli*

cli.ldif

D:\LSF > lashow cli.ldif

 

dn: CN=Li\, Catol,OU=Users,OU=Accounting,OU=Finance,DC=cust,DC=private

changetype: add

objectClass: top

objectClass: person

objectClass: organizationalPerson

objectClass: user

cn: Li, Catol

sn: Li

title: Accountant I

description: Finance – Accounting

physicalDeliveryOfficeName: Halo

telephoneNumber: (713) 644-3333

givenName: Catol

distinguishedName:

CN=Li\, Catol,OU=Users,OU=Accounting,OU=Finance,DC=cust,DC=private

instanceType: 4

whenCreated: 20210218225523.0Z

whenChanged: 20220224165103.0Z

displayName: Li, Catol CatolCat

uSNCreated: 293302835

memberOf: CN=!AP_Invoice_Process,OU=Distribution Lists,DC=cust,DC=private

memberOf:

CN=FortiGateWebFilter_Finance,OU=Web Groups,OU=Information Technology,DC=cust,

DC=private

 

Socket Error in ISA

, ,

If you receive a “socket” error when saving data in Infor Security Administrator, it is probable that your Federated Server Certificate is corrupt or out of sync and needs to be recreated.  Note that this is NOT the WS Federation Certificate.

To recreate the Federated Server Certificate, open a command line window on the LSF server and set the environment variables.  Log into ssoconfig -c.

First, get the Federated Server Certificate name.  “Manage Federation” > “Manage Federated Server Certificates” > “List Federated Server Certificates”.  Make note of the name.

Select “Manage Federation” > “Manage Federated Server Certificates” > “Delete Federated Server Certificate”.  Type in the name that you saved above.

After a successful confirmation, restart the servers and try again.  A new Federated Server Certificate will be generated upon recycle.