Old IBM Apple APNS Push Certificate of Traveler 9.0.1.15 used for Verse expired on 12.08.17

 11 August 2017 12:35:52

If you are still running IBM Traveler version 9.0.1.15, have in mind that the Apple IBM Push Notification Certificates for IBM Verse and ToDo for iOS will expire tomorrow (12th Aug. 2017).

You will may see error messages like this on the console after 12th Aug. 2017:

06.02.2017 11:59:08   Traveler: SEVERE  *system Couldn't send message after 3 retries, Message(Id=692311; Token=8C720F7F9B96D30C184445840EF0D0D925BC8C269618C7523E0B98EE9B61A03E; Payload={"aps":{"badge":14,"content-available":1,"alert":"E-Mail von test.de","sound":"v)"},"LGUID":"2068982","FLAGS":"1001","account":"1"}) Exception Thrown: javax.net.ssl.SSLException: Received fatal alert: internal_error

To solve it you will have two options:

1. Option: Move on to Traveler 9.0.1.18  (Recommended)


2. Option: Stay on 9.0.1.15 (for what ever reason) and only change the P12 certificate files.

You can replace your existing certs and use this three files, which I copied from my Traveler 9.0.1.18 server. The certs are valid until 8th March 2018.

PushAPNSAppleVerseProduction_validto_20180308.zip

Extract the zip-file and copy the three P12-files to your Traveler server: notes_data/traveler/cfg  and restart your Traveler server

You can check, if the Push Notifications are working and how long the certs are valid by executing this command:

tell traveler push cmstatus

It should look like this:

> tell traveler push cmstatus

...
[14B0:002E-0D08] 11.08.2017 12:31:25   Traveler: No connection for MaaS360 Production to gateway.push.apple.com on port 2195 because it is disabled via NTS_PUSH_ENABLE_APNS_MAAS360_PRODUCTION
[14B0:002E-0D08] 11.08.2017 12:31:25   Traveler: No connection for Third Party Development to gateway.push.apple.com on port 2195 because it is disabled via NTS_PUSH_ENABLE_APNS_THIRD_PARTY_DEVELOPMENT
[14B0:002E-0D08] 11.08.2017 12:31:25   Traveler: No connection for Third Party Production to gateway.push.apple.com on port 2195 because it is disabled via NTS_PUSH_ENABLE_APNS_THIRD_PARTY_PRODUCTION
[14B0:002E-0D08] 11.08.2017 12:31:25   Traveler: -- Certificate Validity Dates (Fri Aug 11 12:31:24 CEST 2017) --
[14B0:002E-0D08] 11.08.2017 12:31:25   Traveler: D:\Progs\domino\data\traveler\cfg\PushAPNSAppleToDoProduction.p12 is valid from Mon Feb 06 20:34:55 CET 2017 to Thu Mar 08 20:34:55 CET 2018.
[14B0:002E-0D08] 11.08.2017 12:31:25   Traveler: D:\Progs\domino\data\traveler\cfg\PushAPNSAppleVerseCitrixProduction.p12 is valid from Mon Feb 06 20:38:01 CET 2017 to Thu Mar 08 20:38:01 CET 2018.
[14B0:002E-0D08] 11.08.2017 12:31:26   Traveler: D:\Progs\domino\data\traveler\cfg\PushAPNSAppleVerseIBMProduction.p12 is valid from Mon Feb 06 20:41:08 CET 2017 to Thu Mar 08 20:41:08 CET 2018.
[14B0:002E-0D08] 11.08.2017 12:31:26   Traveler: -- APNS-DelQ --
...

• Kommentare [2]

Tesla Model 3 - es wird die Autobranche für immer verändern

 31 Juli 2017 13:23:20

Sehr lesenswerter erster Tesla Model 3 Testbericht:

... Ich habe es nur sehr kurz fahren dürfen, aber ich bin so gut wie jedes andere reine Elektrofahrzeug auf dem Automobilmarkt gefahren und kann mit Sicherheit sagen, dass das Model 3 keine Konkurrenz hat.

Doch es ist mehr als das. Obwohl es ein kleiner Viertürer ist und der Markt sich allmählich von dieser Art Fahrzeug entfernt, um sich auf Crossover-Fahrzeuge und SUVs zu konzentrieren, wird niemand in diesem Auto sitzen und es nicht besitzen wollen. Das Model 3 erweckt sofort Begierde, und die Lust auf das Auto bleibt. Das verändert wirklich alles.

Alles, was Tesla jetzt noch machen muss, ist eine halbe Million dieser Autos zu bauen.

via: http://www.businessinsider.de/ich-bin-das-tesla-model-3-gefahren-es-wird-die-autobranche-revolutionieren-2017-7

Wer mich persönlich kennt, dem werde ich vermutlich inzwischen schon mit meiner Begeisterung für Tesla auf die Nerven gehen.
Ich war so verrückt, das ich mein Tesla Model 3 am 31.03.2016 um 10:00 Uhr deutscher Zeit schon vor dem Live-Event ungesehen vorbestellt habe.

Elon Musk beginnt nun 16 Monate später zu liefern und ich werde vermutlich bis in die Mitte 2018 auf mein Model 3 warten. Ich weiß nun, was ich bekommen werde und freue mich darauf.



Im Gegensatz zu den deutschen Automobilherstellern hat Tesla eine Vision und setzt diese auch wirklich um. Anstatt auf den Staat zu warten und auf Förderungen zu hoffen, macht Tesla es selbst. Das beste Beispiel ist hier das Tesla eigene Supercharger-Netzwerk, das es schon heute ermöglicht mit seinem Model S oder X auch lange Strecken quer durch Deutschland zu fahren.  

Für mich ist das Tesla Model 3 das iPhone der Automobilindustrie!

Vor 10,5 Jahren wurde ich mit meiner Begeisterung für das erste iPhone von meinen Kollegen sehr belächelt. Die damaligen Marktführer (Nokia, Blackberry, ...) führen inzwischen ein Nischendasein und haben Apple komplett unterschätzt.
Für mich ist die aktuelle Situation und Stimmungslage im Automobilsektor sehr ähnlich wie vor 10 Jahren im Handy-/ Smartphone Umfeld.

Die Zeit ist Reif für Innovationen und die alten Platzhirsche halten zulange fest an Althergebrachtem und finden nicht den Weg aus der Sackgasse.

Ich drücke Tesla die Daumen, das das Hochfahren der Produktion wie geplant funktioniert und die Qualität darunter nicht leidet.
In einem Jahr werde ich hoffentlich in meinem Model 3 sitzen und wir werden sehen, was bis dahin passiert ist. Es wird auf jeden Fall ein spannendes Jahr.

Hash-Tag: #EnttäuschterUndVera***terVolkswagenKunde

• Kommentare [2]

Traveler 9.0.1.18 needs Editor access under Maximum Internet Access ACL settings

 13 Juli 2017 15:10:19

A customer called me today, that he has trouble with a few of his Traveler users.
After updating IBM Traveler to v9.0.1.18 users are no longer able to sync and the deletion of these Traveler devices (using the traveler delete command) is not working any more.

When trying to delete the Traveler user using:

tell traveler delete * Detlev Poettgen

He gets this errors on the console:

Traveler: SEVERE  Detlev Poettgen[*] NotesException Notes error: You are not authorized to perform that operation
                          id=4000 occurred trying to access device profiles Exception Thrown: Notes Exception(4000) : Notes error: orized to perform that operation
Traveler: SEVERE  Detlev Poettgen[*] NotesException Notes error: You are not authorized to perform that operation
                         id=4000 occurred trying to access device security profiles Exception Thrown: Notes Exception(4000) : Note not authorized to perform that operation

IBM enabled the Run-as-User function with Traveler 9.0.1.18 and the way Traveler will access the users mail database:

Starting with IBM Traveler 9.0.1.18, the new run as user feature will now be enabled by default. When running as the user, the Traveler server will access the user's mail file as the user ID instead of the server ID.

This feature resolves several long standing issues with accessing the user's mail file as the server ID, including:

• Honor ACL controls on mail file and corporate lookup for the user.
• Prevent event notices and automated responses from being sent from the server ID.
• Prevent the server ID from being assigned as the owner of the mail profile when there is no owner defined.

Important: For run as user feature to function properly, the Traveler server must be listed as a trusted server in the user's Mail Server document.

So we first checked, if the Traveler server was listed as a Trusted Server in the mail server document.
That was all fine and other users located on the same mail server were able to sync.

So when looking at the ACL of the users mail database, we found really quick the reason:



For the users mail database the Maximum Internet name and password access was set to Reader.
After changing it to Editor, the user was able to sync again and a traveler delete command works again.


Update 17.07.2017:

During the last few days I got asked, how you can check, if all your Traveler users are having set Maximum Internetname and password access to Editor.

As far as I know, there is no out-of-the-box solution available from IBM. The Admin-Client will not show this ACL setting in a view and catalog.nsf will not contain this setting.

So I created a small database QuickFix for Traveler , which will query the mail databases of all Traveler users and shows some consolidated database properties (Size, Quota, Template, ACL, Owner, Soft Deletions, Max. Internet Access, #Documents).
From there you can select the databases with Max. Internet access lower then Editor and it will fix it for you.

If you want to use this database, too - just drop me an Email or leave a comment with your mail address. I will send you the QuickFix for Traveler app.





 

• Kommentare [7]

IBM Verse for iOS 9.4.0 updated pre-configuration settings

 26 Juni 2017 15:30:05

Last week IBM released a new version 9.4.0 of the IBM Verse for iOS App.

IBM Verse for iOS v9.4.0 had been completely rewritten and was the first feature update since a few months.

Under the hood IBM changed the way to pre-configure the app by an EMM/MDM solution. The Verse app now supports the open AppConfig Community standard to push setting like a server URL or an user name to the app.

Verse for iOS supports custom managed configuration, which allows the MDM administrator to preconfigure many Verse for iOS settings. Any setting defined using the MDM takes precedence over a similar setting or policy defined at the Traveler server.
Setting custom app configuration will vary by the MDM soltution you are using. All MDM providers should support the concept of Apple managed configurations using custom keys and value pairs.

Now it is possible to define most of the user setting within the app and to lock some of these settings. I will post an additional bloentry in a few days, when IBM will have published the AppConfig documentation.

To pre-configure Verse you will need to set in minimum these four settings:

Key	Data Type	Value  (Example)	Comment
appConfigOnly	Boolean	true       (1*)	Will enable the AppConfig Settings within the app and will ignore Maas360 & MobileIron SDK
serverType	String	onpremises	Where is your server located? onpremises cloud choice     (asking user)
serverURL	String	https://mobile.comp.com/traveler	Provide the hostname or a fully qualified URL to your company's Traveler server. Only provide this value if using ‘onpremises’ as the server type.
user	String	IggyPop	Login user id. You should be able to use placeholders depending on your MDM solution

Hint: The key names are case sensitive !!!

(1*)  Depending on your MDM solution you can use "true" / "false"  or "1" / "0" as Boolean Values

Using our own MDM solution midpoints mobile.profiler a simple pre-configuration of Verse for iOS looks like this:



Thank you at this place to Bill Wimer (IBM) and the Traveler Dev team for the AppConfig integration.
Well done and I will post a few more new settings when the AppConfig documentation will be public.

Update 27.06.2017:
IBM released the AppConfig for Verse documentation yesterday evening. Check out: http://www-01.ibm.com/support/docview.wss?uid=swg27049934

• Kommentare [1]

IBM Traveler 9.0.1.18 available bringing one important change

 15 Juni 2017 21:56:11

Today IBM released a new Traveler version called 9.0.1.18 (Build: 9.0.1.18 201706131301_20).



9.0.1.18 brings this new change:  Traveler Server Run as User

Starting with IBM Traveler 9.0.1.18, the run as user feature will now be enabled by default. When running as the user, the Traveler server will access the user's mail file as the user ID instead of the server ID.

This feature resolves several long standing issues with accessing the user's mail file as the server ID, including:

• Honor ACL controls on mail file and corporate lookup for the user.
• Prevent event notices and automated responses from being sent from the server ID.
• Prevent the server ID from being assigned as the owner of the mail profile when there is no owner defined.

Important: For run as user feature to function properly, the Traveler server must be listed as a trusted server in the user's Mail Server document.

To disable run as user, set this notes.ini parameter: NTS_USER_SESSION=false


Fixlist:

APAR #	Abstract
LO90096	Info update continues to be ghosted on mobile device after the event is processed.
LO91797	Empty comments displayed on iOS native Calendar application when event processed in iNotes.
LO91836	Invalid this and future reschedule generated by iOS native Calendar application.
LO91875	Ghosted event not displayed on mobile device.
LO91956	Maill attachment does not sync to mobile device when contains angle brackets < and >.
LO91997	IBM Traveler web administrator may show iOS Verse 9.4 device as not supporting security capabilities.
LO92010	Better handling of special character in mail header fields.
LO92080	Ignore a reply message with out a valid action defined.
LO92085	Hard delete processed notices vs soft delete to prevent from filling up trash folder.
LO92209	Second meeting room may be lost if event updated from mobile device.
LO92210	Unable to turn off iOS Verse application password via Domino policy document setting.
LO92257	Two instances of a previously processed event may show on mobile device if the daylight savings rules change for the time zone.
LO92303	SQL Syntax error adding index TSGUDTSTAMPCREATEIDXSQL9 on DB2.

Note: IBM Traveler 9.0.1.18 does not include a database schema update.

You can download the update as usual on IBM FixCentral.

An IBM Traveler 9.0.1.18 full installation package, which will be available on Passport Advantage on June 21, can be used to upgrade any previous Traveler server or to install a new environment.

• Kommentare [2]

Call for Abstracts DNUG Conference 2017 in Berlin

 3 April 2017 14:01:25

Die nächste DNUG Konferenz findet vom 31.05. bis 01.06.2017 in Berlin statt!  




Wer sich als Referent aktiv einbringen möchte, hat hierzu die Chance einen Abstract einzureichen.
Die einzelnen Tracks werden durch die einzelnen DNUG-Fachgruppen organisiert.

Ich selbst bin gemeinsam mit Jürgen Bischof Mitverantwortlich für die DNUG-Fachgruppe Mobile und würde mich über Abstract zu Mobile-Themen freuen.

Was mir hierbei am Herzen liegt:

Die DNUG ist eine User Group und lebt vom Austausch, der Diskussion und dem Networking untereinander. Daher würde ich mich freuen, wenn nicht nur die üblichen bekannten Sprecher Abstracts einreichen, sondern auch neue Gesichter sich motiviert fühlen, sich einzubringen.
Jeder hat bestimmte Herausforderungen oder Aufgaben bei sich im Unternehmen gemeistert und Lösungen gefunden, die sich im Alltag bewährt haben.
Warum diese nicht teilen und im Rahmen eines DNUG Vortrags vorstellen? Andere stehen in der Regel vor den gleichen Herausforderungen - die DNUG ist die Plattform diese Erfahrungen untereinander auszutauschen.

Wenn jemand also zu Mobile-Themen (IBM Traveler, Enterprise Mobile Device & Application Management, interessante Mobile Inhouse Projekte, Best Practices, ...) einen Vortrag halten oder an einer Diskussionsrunde teilnehmen möchte, kann sich gerne bei mir melden oder einfach Online bis zum 10.04.2017 den Abstract einreichen:

http://dnug.de/dnug44-call-for-abstract/

Wer selbst keinen Vortrag halten will oder kann, aber gerne ein Thema behandelt sehen möchte, kann mir gerne auch einfach einen Themenvorschlag per Mail schicken oder hier einen Kommentar hinterlassen. Ich würde dann schauen, ob wir hierzu einen Referenten in der Community finden.

• Kommentare [0]

IBM Traveler 9.0.1.17 fixing the issue introduced with 9.0.1.16

 21 März 2017 17:37:58

Today IBM released a new Traveler version called 9.0.1.17 (Build: 9.0.1.17 201703170414_200).



It’s a maintenance release that provides APAR fixes - no new features

Fixlist:

APAR #	Abstract
LO90889	Invitee status not correct on mobile device if the invitee response is received in a non-syncing folder.
LO91550	Multiple ghost entries possible if adding invite to event that has outstanding updates pending.
LO91723	User may stop recieving updates to mobile device after mail server restarted and there is no backup mail server.
LO91733	Subject of mail replied to/forwarded from Windows 8 device may display incorrectly.
LO91762	IBM Traveler server may change case of Domino domain to all lower case when sending mail.
LO91770	Subject of new mail sent from Windows 8 device may display incorrectly.
LO91819	User may not be able to sync data to mobile device when the user's mail file name contains special characters.
LO91870	Wipe data option may be greyed out for iOS Verse client.

Note: IBM Traveler 9.0.1.17 does not include a database schema update.

You can download the update as usual on IBM FixCentral.

An IBM Traveler 9.0.1.17 full installation package, which will be available on Passport Advantage on 24th March., can be used to upgrade any previous Traveler server or to install a new environment.

• Kommentare [0]

Reminder: Requirements for running IBM Traveler on Domino 9.0.1 FP8

 8 März 2017 09:27:06

 As already mentioned here you will need IBM Traveler 9.0.1.16 before upgrading to Domino 9.0.1 FP8.

Have in mind that when you move your Traveler HA environment to Traveler 9.0.1.16 and Domino 9.0.1 FP8 the JVM will gets upgraded to Java 8.

Please check the following Technote before upgrading to FP8:

Abstract

The IBM Domino 9.0.1 FP8 release will include an upgrade to Java 8. This article details requirements for IBM Traveler servers to run Java 8.

Overview

The steps outlined below are required to run IBM Traveler on a Domino 9.0.1 FP8 or later server. It is not required to run Domino 9.0.1 FP8 or later to use the latest available IBM Traveler release.

Traveler Requirements

Java 8 support is included in IBM Traveler 9.0.1.16 and later releases. It is required to run this level or later on a Domino server running 9.0.1 FP8 or later.


JDBC Requirements
If running IBM Traveler with either DB2 or MS SQL enterprise database server, then follow these steps to ensure compatibility with Java 8.

• If using DB2 server: In order to support Java 8 you must use DB2 JDBC Driver V10.5 FP7 (4.19.49) or higher, see technote 1983724 for details. The DB2 JDBC Driver can be downloaded directly from Fix Central, see technote 1363866 for download information. Copy the db2jcc4.jar file to the \Traveler\lib directory and restart the Domino server. Be sure to remove any old copies of the DB2 JDBC driver from the system.

• If using MS SQL server: In order to support Java 8 you must use sqljdbc42.jar file from MS JDBC 4.1 or later release. Download the latest Microsoft SQL Server JDBC Driver from this site. For detailed system requirements for the SQL Server JDBC driver see this Microsoft article. Copy the sqljdbc42.jar file to the \Traveler\lib directory and restart the Domino server. Be sure to remove any old copies of the MS SQL JDBC driver from the system.  

https://www-01.ibm.com/support/docview.wss?uid=swg21999188

• Kommentare [0]

DNUG Webcast Fachgruppe Mobile - IBMs Mobile Strategy and Securing Mobile Applications - 14.03.17

 6 März 2017 11:37:22

Ich möchte an dieser Stelle gerne auf den nächsten geplanten DNUG Webcast am 14.03.2017 um 16:00 - 17:00 Uhr aufmerksam machen.



Wir haben für den DNUG Webcast zwei IBM'ler aus dem IBM Traveler und Mobile Product Team aus den USA gewinnen können.

IBM's Mobile Strategy and Securing Mobile Applications

No organization can ignore the fact we live in a mobile-drive world.  IBM software helps organizations support the mobile, social way in which today's companies work.  
Come here about IBM's mobile strategy and the latests updates on mobile applications such as IBM Traveler, IBM Watson Workspace, IBM Verse, IBM Connections, and more.  
Also, learn about the strategic direction of mobile security, and how the IBM mobile applications can help address mobile application management and security requirements.

Speakers:
Paul Miller - IBM Mobile Development Director
Bill Wimer - Mobile Senior Technical Staff Member
Detlev Pöttgen - midpoints (Moderator)


Die Anmeldung für den Webcast ist bereits über den folgenden Link möglich.
(Die Inhalte sollten auf der DNUG Webseite noch heute aktualisiert werden.)

http://dnug.de/event/dnug-webcast_2017-03-14/

• Kommentare [0]

Issues with latest Traveler version 9.0.1.16

 28 Februar 2017 09:30:28

IBM released a new Traveler version 9.0.1.16 two weeks ago. This version includes a longer fixlist with important updates. Details can be found here: ibm-traveler-9.0.1.16-available.htm

But as it looks like, that there is an issue, which breaks the push of new mail.
I received comments on my blog post and offline feedback, that the push will break, when the mail server of the user is longer unavailable for whatever reason. A Traveler restart will fix it.

The new version seems to have a bug: At night, the mail server is daily down for backup purposes. After this, the Traveler is no longer able to reconnect. The result is that no more mails are pushed. After the manual restart of the tour again everything was ok.
Is only since the new version 16. Other users report this behavior.

So I would recommend to wait with your update to 9.0.1.16 until this one is fixed.

Customers already updated to 9.0.1.16 and run into this issue should open a PMR.
A downgrade to an older version is not a good option.

UPDATE 14.03.2017:

IBM was able to reproduce the behaviour and is already pushing out a Hot Fix to customers, who opened a PMR.

included Fixes in 201703012047_40_Server_Win.zip:

- LO91550: INVITATION ADDING USER TO MEETING MAY INCORRECTLY GHOST OVER MORE CURRENT CHILD DOCUMENTS
 - LO91723: Users stop receiving mail after mail server is restarted
 - LO91733: Subject of mail replied to/forwarded from Windows 8 device may display incorrectly

They also published an APAR Entry:

https://www-304.ibm.com/support/entdocview.wss?uid=swg1LO91723&myns=swglotus&mynp=OCSSYRPW&mync=E&cm_sp=swglotus-_-OCSSYRPW-_-E

Traveler has a problem when all mail servers for a specific
user's goes down at one time and after the mail servers are
restarted users are able to synch data from the device, but no
new mails come down to the device. This was introduce in
9.0.1.16 fix pack.

The work around is to either do
- Tell Traveler Push Disable UserId and Tell Traveler Push Enable UserId for each effected user or
- Restart IBM Traveler after the mail files have been restarted. Either of these approach will resolve the issue.

I suppose that IBM will update the 9.0.1.16 download package in Fix Central and Passport Advantage with a package that will contain the fix.


UPDATE 21.03.2017:

IBM released Traveler 9.0.1.17 today:
ibm-traveler-9.0.1.17-fixing-the-issues-introduced-with-9.0.1.16.htm

• Kommentare [6]