PROBLEM:

 

I continue to receive the following error message  when attempting to log into LID:

That indicates a license issue.

so I ran licsta -r  and found the license file is corrupt because it reverted to client 9999.

 

> licsta -r

 

Active License Status For Client 9999

 

License Code/  Active  Licensed  Highest

Application    Users    Users      Use    Expiration Date

———–    ——  ——–  ——-  —————

default                  2         7    Thu Aug 31 13:25:17 2023

PR           2                       Not Licensed

LP           1                       Not Licensed

HR           1                       Not Licensed

un              4       10       13    Sun Sep 17 10:39:42 2023

 

Run licsta -f and verified the file is corrupt.

> licsta -f

File [E:\lawson\law\system\license] not copied to E:\lawson\law\system\tmplicense] – Error [33]

Unable to Read License File Header – File May Be Corrupted

 

You will need to request a new software license key and re-install the license file.

 

Sometime you may have a need to update your LDAP bind connection, such as when the domain controller you are bound to is decommissioned.

To update the LDAP bind connection,

First figure out which service is using ldap bind.  To do that, go to http(s)://<server>:<port>/ssoconfig/SSOCfgInfoServlet.  Make a note of the service name displayed on the page.

Next, log into ssoconfig and export that service:

Now, open the file you just exported.  Update the OVERRIDE attribute to “true”.  Update the “PROVIDER” element to the new server and port.

Next, upload your updated file into ssoconfig.  The syntax is ssoconfig -l <password> <full file path>

For example:

Ssoconfig data is stored in the security cache, so you will need to recycle your system for this change to take effect.

NOTE: If you need to change the credentials for the domain controller, this will be an extra process.  You will need to update the service associated with your LDAP bind.  This is most likely your SSOP_BIND service.  You can look under privileged identities in Lawson Security, check for a “DEFAULT” key associated with your ldap bind user.  That is your LDAP bind service.

To update the credentials for this service, log into ssoconfig and select Manage privileged access to services > Change existing identity.  Enter the service that you noted above.  Enter the correct user DN.  Enter the password.

Recycle Lawson.

 

If you have a PR160 job that goes into recovery because your ACH path is not correct:

You can modify the exact PR160 job that is in recovering by dumping the job with jobdump command in Lawson Interface Desktop (LID).

Example of command: jobdump -d -o Job -v UserName joesmoe jobdump.dmp

What to change: jobdump -d -o Job -v UserName <your_jobs_username> <enter_the_jobname>.dmp

Edit the dumped job file and change the ACH path ONLY and recover the job to see if it is resolved.

Load the job in report mode (to check for errors): jobload -o Job jobdump.dmp

Load the job in commit mode if it looks good: jobload -c -o Job jobdump.dmp

Problem:           

If your controller is failing and you need to move the LSF LDAP to another controller

Resolution:

Edit the ldapbind information in the SSOP service and reload it.

  1. Create a dump of the SSOP service:
  • ssoconfig -c
  • Option 5 Manage Lawson services
  • Option 6 Export service and identity info
  • Option 2 for not all services
  • Enter SSOP in upper case
  • Enter NONE in upper case
  • Give a filename (it will write out the file to the directory you are in when you run the ssoconfig -c command.) Example: ssop_prod.xml
  • Exit the ssoconfig menu.
  1. Make a copy of the .xml file that you just created. This is your backup of the SSOP service in its original state.
  2. Then edit the first .xml file and change the following lines:

<BATCH_LOAD FORMAT=”” OVERRIDE=”false”>

to

<BATCH_LOAD FORMAT=”” OVERRIDE=”true”>

 

and this line to the new machine name and port:

<PROVIDER>ldap://dc1.lawson.com:3268</PROVIDER>

to

<PROVIDER>ldap://dc2.lawson.com:3268</PROVIDER>

  1. Save the file.
  2. Do one of the following to load the modified SSOP service file:

ssoconfig -l ssoconfig_password filename.xml

Exit.

  1. A stop and start of the Lawson environment and WebSphere application server is required in order for this to take affect.

 

To suppress Receiving Delivery and Putaway (PO134) delivery tickets when MSCM Delivery Documents are all that is needed is to disable the Back-Office PO Receiving (PO30) Receiving Delivery and Putaway (PO134) delivery ticket by removing the printer from PO Receiving (PO30) or create a dummy printer to stop the back-office delivery ticket from printing.

Removing the printer from PO Receiving (PO30) only works if the user does not have a default printer assigned to them. After being removed, the default printer will simply populate back in the field upon clicking change.

Additionally, an enhancement to PO Company Setup (PO01) was added which provides a flag called “Delivery and Putaway Ticket Print” which allows disabling the delivery ticket printing at the company level.

Installing LDAP certificate in AD LDS instance

  1. Identify the AD LDS service instance in Services
    • LSF
  2. Launch MMC (Microsoft Management Console)
  3. Choose File > Add/Remove Snap-In
  4. Add the certificates Snap-In
  5. Choose “Service” account and click “Next”
  6. Choose “Local Computer” and click “Next”
  7. Choose the Service Account for your AD LDS service and click “Finish”

  8. Right-click on the service that was added and select “All Tasks > Import”
  9. Click next and browse to the .pfx certificate file. Click “Next”
  10. Enter the private key password
  11. Place the certificate in the <AD LDS service>\Personal store
  12. Click Next then Finish

 

 

Export the certificate for Java OS & Java WebSphere

  1. Right click the certificate > All Tasks > Export and click Next
  2. Do not export the private key
  3. Choose Base-64 encoded X.509 (.cer) and click Next
  4. Choose a location to save the file for later use
  5. Click finish

Grant Permissions to Certificate Container

  1. Run command “certutil -store MY’
  2. Find the container with your AD LDS certificate using the thumbprint to identify it
  3. Give NETWORK SERVICE read & execute permissions on the key container file AND the key container directory (C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys)
  4. Stop the AD LDS environment service
  5. Restart the AD LDS service

Smoke Test

  1. Open the ldp.exe tool
  2. Type the server FQDN > SSL port and check the SSL box
  3. Click “OK”
  4. Successful connection to LDAPS

Update the LDAP Certificate in WebSphere

Cell Trust Store

  1. Access the WAS Admin Console and navigate to: Security > SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates
  2. Click the Retrieve from port button.
  3. Host: <your AD LDS host>
  4. Port: 636
  5. Alias: give it a meaningful name
  6. Click Retrieve signer information.
  7. Click OK & save changes.

 

Node Trust Store

  1. Access the WAS Admin Console and navigate to: Security > SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore (for the LSF server) > Signer certificates
  2. Click the Retrieve from port button.
  3. Host: <your AD LDS host>
  4. Port: 636
  5. Alias: give it a meaningful name
  6. Click Retrieve signer information.
  7. Click OK & save changes.

 

Perform these same steps in the Landmark websphere instance.

Update LDAP Certificate in OS Java

Do this in both Lawson and Landmark

  1. Open a command line and set environment variables
  2. Run command “where java” to determine where LAW_JAVA_HOME is located
  3. Back up <LAW_JAVA_HOME>/jre/lib/security/cacerts
  4. Copy the cert that you exported from the LSF service from the Lawson server to the Landmark server
    • This is the cert you will be importing into cacerts
  5. Run the ikeyman utility at WAS_HOME/bin
  6. Open the LAW_JAVA_HOME/jre/lib/cacerts file and select the Key database type of JKS
  7. Type password “changeit” (default)
  8. Select “Signer Certificates”
  9. Delete the existing certificate, then re-add it
  10. Click “add” and navigate to the ldap certificate exported earlier
  11. Give it a meaningful name

Update LDAP Certificate in WebSphere Java

  1. WebSphere Java directory is WAS_HOME/Java
  2. Back up files WAS_HOME/java/jre\security/cacerts
  3. Peform the same steps as OS Java using iKeyman for both Java instances

 

Resolution 1:

One reason you could be receiving this error is because there is an additional patch.tar file from a previous or concurrent CTP install.

 

After running the tar command you should only have 3 files for this CTP in the <versionfiledir> that you uncompressed the CTP to.

Examine the extracted files to make sure you received the following three files:

– x.x.x_patch_CTPnumber.readme.html

– Versions

– patch.tar.Z

 

Remove any previous CTP files from this directory, especially any patch.tar files, and run the lawappinstall again.

 

Resolution 2:

If you are encountering this error on a Windows server it is possible that you have spaces in the folder names of the path to the versions dir.  You would receive the failed to uncompress message if this is true.

 

Use a “_” for the space, or use folders that do not contain a space in the name and run the lawappinstall again.

 

Resolution 3:

Make sure the user you are applying the patch with has the proper Windows file permissions to install the patch. This should be the entire LSF application directory.

Problem:           

Patch being installed if failing when running lawappinstall activate. It fails when running ujobload.

10/31/2023 5:44:25 Executing ujobdump.

10/31/2023 5:44:25 ujobdump execution successful.

10/31/2023 5:44:25 Executing ujobload.

10/31/2023 5:44:26 ERROR – ujobload failed.

ujobload via lawappinstall activate *** No jobs found to load When run manually, it fails with Segmentation Fault(coredump:

 

Resolution:     

lawappinstall update will stage tokens potentially needing a ujobdump/ujobload in LAWDIR/productline/backup/ACTIVATEstage/JOBconversion.

If conditions are correct, lawappinstall activate will run ujobdump and ujobload, then clean up the staged area.

  1. ujobdump -d LAWDIR/productline/backup/ACTIVATEstage/JOBconversion productline $LAWDIR/productline/backup/ACTIVATEstage/JOBconversion.dmp -t <list of Tokens>

In the above <list of Tokens> would be a space-separated list of the tokens located in $LAWDIR/productline/backup/ACTIVATEstage/JOBconversion/??src directories.

  1. ujobload -ou productline LAWDIR/productline/backup/ACTIVATEstage/JOBconversion.dmp
  2. remove dump file, LAWDIR/productline/backup/ACTIVATEstage/JOBconversion.dmp
  3. remove stage dir, LAWDIR/productline/backup/ACTIVATEstage/JOBconversion

Run steps a through d manually, then rerun lawappinstall activate.   If the ujobload fails in step b with a Segmentation Fault(coredump) or other error, make sure the user running ujobload has write access to these files and their directories.

LAWDIR/UJobLoadDir/productline/Tokens

LAWDIR/productline/UJobLoadDir/LDLog

Make corrections if necessary, run steps b through d above, and rerun lawappinstall activate.