ShowTable of Contents
Cookbook Contents
How to use this troubleshooting guide
This troubleshooting guide has three main sections: symptoms, problems, and solutions. When encountering an issue with the OpenSocial Component, one should cross reference the list of symptoms with the particular issue being seen. Each symptom will reference one or more problems that are indicated by the symptom. Each problem will reference one or more solutions that may fix the problem. Each solution will outline an action that can be taken.
This guide will rely heavily upon information gathered by
collecting support data. Many symptoms will be defined in terms of particular errors seen in the logs.
One may also find
Notes / Domino Policy Troubleshooting Flow Chart very useful when debugging the policies that are used as part of the OpenSocial Component deployment cookbook.
IMPORTANT: This guide is a work in progress. It will grow continue to grow well after the first version is published.
IMPORTANT: This guide is limited. It is not feasible to document all problems and solutions on this page; rather, only common problems and solutions will be documented. This guide should not take the place of problem reporting systems.
What are symptoms?
Symptoms, in the context of this guide, are things that end users encounter when using OpenSocial Component features or that administrators encounter when configuring the OpenSocial Component. A symptom may be something these users see in the UI or in the logs. A symptom can also be something these users
do not see in the UI or in the logs when something was expected. If a symptom is related to a specific entry in the trace logs, the symptom title will simply be the code for that error, e.g., CLPEE2012E.
A symptom will reference one or more problems.
What are problems?
Problems, in the context of this guide, are the root causes of symptoms. For instance, a symptom that manifests itself as an error in a log file may be caused by a problem with a configuration setting. A problem may have one or more symptoms that reference it. All of the symptoms should be taken into account when diagnosing if a given problem is the root cause of the symptom users are seeing. A problem will reference solutions that can be used to solve the problem.
A problem will reference one or more symptoms.
A problem will reference one or more solutions.
What are solutions?
Solutions, in the context of this guide, consist of an action or set of actions that can be taken to help remedy a problem. Solutions will often refer to the parent cookbook and its articles.
Symptoms
Administrator Symptoms
The Credential Store database is not configured or not available
Possible problems
The Widget Catalog has not been configured for the Credential Store
Supporting details
Agent error: NotesException: Database has not been opened yet
Possible problems
The Widget Catalog has not been configured for the Credential Store
Supporting details
From the Domino console logs or log.nsf:
Agent error: NotesException: Database has not been opened yet
Agent error: at lotus.domino.local.Database.NgetView(Native Method)
Agent error: at lotus.domino.local.Database.getView(Unknown Source)
Agent error: at JavaAgent.pushProxyToCredStore(Unknown Source)
Agent error: at JavaAgent.processProxy(Unknown Source)
Agent error: at JavaAgent.NotesMain(Unknown Source)
Agent error: at lotus.domino.AgentBase.runNotes(Unknown Source)
Agent error: at lotus.domino.NotesThread.run(Unknown Source)
Agent error: NotesException: Database has not been opened yet
Agent error: at lotus.domino.local.Database.NgetView(Native Method)
Agent error: at lotus.domino.local.Database.getView(Unknown Source)
Agent error: at JavaAgent.cleanOAuthConsumerDoc(Unknown Source)
Agent error: at JavaAgent.processOAuth(Unknown Source)
Agent error: at JavaAgent.NotesMain(Unknown Source)
Agent error: at lotus.domino.AgentBase.runNotes(Unknown Source)
Agent error: at lotus.domino.NotesThread.run(Unknown Source)
Agent error: NotesException: Database has not been opened yet
Agent error: at lotus.domino.local.Database.NgetView(Native Method)
Agent error: at lotus.domino.local.Database.getView(Unknown Source)
Agent error: at JavaAgent.pushCapsToCredStore(Unknown Source)
Agent error: at JavaAgent.processCaps(Unknown Source)
Agent error: at JavaAgent.NotesMain(Unknown Source)
Agent error: at lotus.domino.AgentBase.runNotes(Unknown Source)
Agent error: at lotus.domino.NotesThread.run(Unknown Source)
Agent error: NotesException: Database has not been opened yet
Agent error: at lotus.domino.local.Database.NgetProfileDocument(Native Method)
Agent error: at lotus.domino.local.Database.getProfileDocument(Unknown Source)
Agent error: at JavaAgent.processGlobalMetaData(Unknown Source)
Agent error: at JavaAgent.NotesMain(Unknown Source)
Agent error: at lotus.domino.AgentBase.runNotes(Unknown Source)
Agent error: at lotus.domino.NotesThread.run(Unknown Source)
Notes Client Symptoms
When rendering an Embedded Experience e-mail or an OpenSocial Widget in Notes, I see the "Something Went Wrong" page
This is the most common symptom in the Notes client. This is a "catch all" error page that can occur for any number of errors. There is no single problem that causes this symptom. Generally, checking the client trace logs will reveal other symptoms that can be used to identify the problem.
Check the other symptoms in this troubleshooting document after identifying other symptoms in the logs.
Note: You may need to enable extra logging to see some of the symptoms. Refer to
collecting support data for more information.
In Notes and iNotes version 9.0.1, we enabled better error handling in which certain error conditions details will be displayed on the "Something Went Wrong" page. There will be a twistie which, upon clicking, will display the detailed error.
When opening the XPage rendering of the Widget Catalog in Notes, I see the "Sorry, there is a problem" page
This is a common symptom when there is an issue with the XPage rendering of the Widget Catalog in Notes. Clicking the "Show full error message" link on this error page will provide more information to aid in troubleshooting the issue.
Possible problems
The Widget Catalog design has been corrupted
Supporting details
Note: The full error message may differ
When authorizing the IBM Connections gadgets, I see the "We are unable to process your request" page
This is a common symptom when there is an issue with OAuth and the IBM Connections server. In addition to the client-side logs, logging from the IBM Connections server may be useful in debugging.
Possible problems
The redirect_uri parameter does not match the callback url registered with IBM Connections
Supporting details
When rendering an Embedded Experience e-mail in Notes, I see the HTML version of the e-mail instead
Possible problems
The Notes embedded browser has been disabled for MIME emails
On Windows, rendering an Embedded Experience e-mail in Notes takes a long time
Possible problems
Internet Explorer Local Area Network settings are causing performance issues
When rendering an Embedded Experience or OpenSocial widget in Notes, I see a blank page
Possible problems
This gadget is not allowed to render as it is not trusted.
Possible problems
The OpenSocial Widget is not approved by a trusted administrator
Supporting details
From the Notes trace logs:
Severity | Source Class.Method | Message |
| FINEST | com.ibm.rcp.opensocial.container.CommonContainerViewerHelper
navigateGadget | This gadget is not allowed to render as it is not trusted. |
Showing the error page because our on render event was not called in 60000 ms
Possible problems
The Notes client timed out trying to connect to the Domino Server with Shindig's locked or unlocked domains
Supporting details
Error displayed in the user interface: renderGadget.window.setTimeout.Failure_OnRenderTimeOut
From the Notes trace logs:
Severity | Source Class.Method | Message |
| FINEST | com.ibm.rcp.opensocial.container.CommonContainer$13
handle | Showing the error page because our on render event was not called in 60000 ms |
The browser timed out trying to connect to the remote container page
Possible problems
The Notes client timed out trying to connect to the Domino Server with Shindig's container page
Supporting details
From the Notes trace logs:
Severity | Source Class.Method | Message |
| WARNING | com.ibm.rcp.opensocial.container.CommonContainer
runInUIThread | The browser timed out trying to connect to the remote container page. |
CWPNW0012E: Login failed
Possible problems
Supporting details
From the Notes trace logs:
Severity | Source Class.Method | Message |
| SEVERE | com.ibm.rcp.net.http.internal.URLConnectionFactory
getURLConnection | CWPNW0012E: Login failed.
javax.security.auth.login.LoginException: Server Unavailable.
at com.ibm.rcp.security.auth.service.AbstractLoginService.login(Unknown Source)
at com.ibm.rcp.accounts.internal.AccountsLoginContextServiceImpl.login(Unknown Source)
at com.ibm.rcp.net.http.internal.URLConnectionFactory.getURLConnection(Unknown Source)
at com.ibm.rcp.net.http.internal.URLConnectionFactory.getURLConnection(Unknown Source)
at com.ibm.rcp.net.http.internal.protocol.HttpURLConnection.(Unknown Source)
at com.ibm.rcp.net.http.internal.protocol.HttpHandler.createURLConnection(Unknown Source)
at com.ibm.rcp.net.http.internal.protocol.BaseHandler.openConnection(Unknown Source)
at com.ibm.rcp.net.http.internal.protocol.BaseHandler.openConnection(Unknown Source)
at org.eclipse.osgi.framework.internal.protocol.URLStreamHandlerProxy.openConnection(Unknown Source)
at java.net.URL.openConnection(Unknown Source)
at java.net.URL.openStream(Unknown Source)
at com.ibm.fiesta.notes.security.ContainerSecurityTokenProvider$2.run(Unknown Source)
at org.eclipse.core.internal.jobs.Worker.run(Unknown Source)
|
CLPEE2012E: An error occurred obtaining a security token to access the server. java.net.UnknownHostException
Possible problems
The Notes client system's DNS cannot resolve the Domino Server with Shindig's hostname
Supporting details
From the Notes trace logs:
Severity | Source Class.Method | Message |
| SEVERE | com.ibm.fiesta.notes.security.ContainerSecurityTokenProvider
createRemoteSecurityToken | CLPEE2012E: An error occurred obtaining a security token to access the server.
java.net.UnknownHostException: <Hostname for the Domino Server with Shindig>
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.SocksSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at sun.net.NetworkClient.doConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at com.ibm.rcp.net.http.internal.protocol.HttpURLConnection.reAuthenticate(Unknown Source)
at com.ibm.rcp.net.http.internal.protocol.HttpURLConnection.getInputStream(Unknown Source)
at java.net.URL.openStream(Unknown Source)
at com.ibm.fiesta.notes.security.ContainerSecurityTokenProvider$2.run(Unknown Source)
at org.eclipse.core.internal.jobs.Worker.run(Unknown Source)
|
CLPEE2012E: An error occurred obtaining a security token to access the server. java.io.IOException
Possible problems
The Notes client was not able to SSO with the Domino Sever with Shindig
Supporting details
From the Notes trace logs:
Severity | Source Class.Method | Message |
| SEVERE | com.ibm.fiesta.notes.security.ContainerSecurityTokenProvider
createRemoteSecurityToken | CLPEE2012E: An error occurred obtaining a security token to access the server.
java.io.IOException: Server returned HTTP response code: 401 for URL: http://<Hostname for the Domino Server with Shindig>/fiesta/container/stgen?<Several query parameters>
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$6.run(Unknown Source)
at java.security.AccessController.doPrivileged(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getChainedException(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at com.ibm.rcp.net.http.internal.protocol.HttpURLConnection.getInputStream(Unknown Source)
at java.net.URL.openStream(Unknown Source)
at com.ibm.fiesta.notes.security.ContainerSecurityTokenProvider$2.run(Unknown Source)
at org.eclipse.core.internal.jobs.Worker.run(Unknown Source)
|
CLPEE6017W: Error preloading the gadget at {URL to the OpenSocial Gadget XML}
Possible problems
The OpenSocial Component's proxy is rejecting the request to the Gadget XML URL because it is not whitelisted
Supporting details
From the Notes trace logs:
Severity | Source Class.Method | Message |
| FINER | com.ibm.fiesta.commons.internal.ProxiedHttpFetcher
fetch | RETURN 403 |
| WARNING | com.ibm.rcp.opensocial.container.CommonContainer$9
handle | Failed to preload gadget <URL to the OpenSocial Gadget XML>. |
| WARNING | com.ibm.rcp.opensocial.container.CommonContainer$9
handle | It took ### ms to preload the URL(s) <URL to the OpenSocial Gadget XML>. |
| WARNING | com.ibm.rcp.opensocial.container.CommonContainer
preloadGadget | CLPEE6017W: Error preloading the gadget at <URL to the OpenSocial Gadget XML> {"message":"Unable to retrieve spec for <URL to the OpenSocial Gadget XML>. HTTP error 403","code":403} |
Exception in IdUtil
Possible problems
The Notes client was unable to generate an OpenSocial ID for the current user
Supporting details
From the Notes trace logs:
Severity | Source Class.Method | Message |
| SEVERE | com.ibm.rcp.opensocial.container.CommonContainer
createSecurityToken | Exception in IdUtil.
NotesException: Item or Match not found
at lotus.domino.local.DirectoryNavigator.NgetFirstItemValue(Native Method)
at lotus.domino.local.DirectoryNavigator.getFirstItemValue(Unknown Source)
at com.ibm.fiesta.commons.DefaultEmailAddressProvider.getPrimaryEmailAddress(Unknown Source)
at com.ibm.fiesta.notes.security.NotesEmailAddressProvider.getPrimaryEmailAddress(Unknown Source)
at com.ibm.fiesta.commons.DefaultEmailAddressProvider.getPrimaryEmailAddress(Unknown Source)
at com.ibm.fiesta.commons.IdUtil.getShindigId(Unknown Source)
at com.ibm.rcp.opensocial.container.CommonContainer$21.runInNotesThread(Unknown Source)
at com.ibm.notes.java.api.util.NotesSessionJob.runIt(Unknown Source)
at com.ibm.notes.java.api.util.NotesSessionJob.run(Unknown Source)
at org.eclipse.core.internal.jobs.Worker.run(Unknown Source) |
iNotes Client Symptoms
When opening the XPage rendering of the Widget Catalog in iNotes, I see the "Sorry, there is a problem" page
This is a common symptom when there is an issue with the XPage rendering of the Widget Catalog in iNotes. Clicking the "Show full error message" link on this error page will provide more information to aid in troubleshooting the issue.
Possible problems
The Widget Catalog design has been corrupted
Supporting details
Note: The full error message may differ
When rendering an Embedded Experience e-mail in iNotes, I see the HTML version of the e-mail instead
Possible problems
Neither the gadget nor url Embedded Experience are trusted to render
Possible problems
The Embedded Experience is not trusted to render in the iNotes client
Supporting details
From the iNotes client logs:
Logged at the "Info" level: "Neither the gadget nor url Embedded Experience are trusted to render."
Status was not 2xx
Possible problems
The iNotes proxy is rejecting a request
Note: This symptom can also occur if the Domino Server with Shindig's web application failed to start. Please check the Domino Server with Shindig's logs and cross reference them with the Domino Server with Shindig Symptoms in this troubleshooting document.
OpenSocial Container failed to load:
Possible problems
The iNotes proxy is rejecting a request
Note: This symptom can also occur if the Domino Server with Shindig's web application failed to start. Please check the Domino Server with Shindig's logs and cross reference them with the Domino Server with Shindig Symptoms in this troubleshooting document.
When rendering an Embedded Experience or OpenSocial widget in iNotes, I see a "page not found" error from the browser
Possible problems
Supporting details
Note: Different browsers will surface this type of error differently. This screenshot is from Firefox.
Error executing widget profile action "GetAll": Bad content type: -1
Possible problems
The current user does not have an authenticated session established with Domino
Supporting details
From the iNotes client logs:
Logged at the "Error" level: "Error executing widget profile action "GetAll": Bad content type: -1"
Error trying to render gadget: Unable to retrieve spec for {URL to the OpenSocial Gadget XML}. HTTP 502
Possible problems
The SSL certificate used by the server hosting the OpenSocial Gadget XML is invalid or not trusted
Supporting details
From the iNotes client logs:
Logged at the "Error" level: "Error trying to render gadget: Unable to retrieve spec for <URL to the OpenSocial Gadget XML>. HTTP error 502"
iNotes Server Symptoms
Server chose SSLv3, but that protocol version is not enabled or not supported by the client.
Possible problems
The iNotes server cannot proxy to the Domino Server with Shindig over HTTPS
Supporting details
From the iNotes Server's trace logs:
Severity | Source Class.Method | Message |
| SEVERE | com.ibm.commons.log.AbstractLogMgr
log | Server chose SSLv3, but that protocol version is not enabled or not supported by the client.
javax.net.ssl.SSLHandshakeException: Server chose SSLv3, but that protocol version is not enabled or not supported by the client.
at com.ibm.jsse2.lb.serverHello(lb.java:368)
at com.ibm.jsse2.lb.a(lb.java:570)
at com.ibm.jsse2.kb.s(kb.java:167)
at com.ibm.jsse2.kb.a(kb.java:484)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:686)
at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:704)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:802)
at com.ibm.jsse2.k.write(k.java:15)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:827)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter
.flushRequestOutputStream(MultiThreadedHttpConnectionManager.java:1525)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1975)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:397)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
at com.ibm.domino.servlets.proxy.BasicProxy.executeMethod(BasicProxy.java:643)
at com.ibm.domino.servlets.proxy.BasicProxy.doGet(BasicProxy.java:130)
at com.ibm.domino.servlets.proxy.BasicProxy.service(BasicProxy.java:365)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
at org.eclipse.equinox.http.registry.internal.ServletManager$ServletWrapper.service(ServletManager.java:180)
at org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(ServletRegistration.java:90)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:111)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:67)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
at com.ibm.domino.xsp.adapter.osgi.OSGIModule.invokeServlet(OSGIModule.java:165)
at com.ibm.domino.xsp.adapter.osgi.OSGIModule.access$0(OSGIModule.java:151)
at com.ibm.domino.xsp.adapter.osgi.OSGIModule$1.invokeServlet(OSGIModule.java:132)
at com.ibm.domino.xsp.adapter.osgi.AbstractOSGIModule.invokeServletWithNotesContext(AbstractOSGIModule.java:179)
at com.ibm.domino.xsp.adapter.osgi.OSGIModule.doService(OSGIModule.java:126)
at com.ibm.domino.xsp.adapter.osgi.OSGIService.doService(OSGIService.java:415)
at com.ibm.designer.runtime.domino.adapter.LCDEnvironment.doService(LCDEnvironment.java:350)
at com.ibm.designer.runtime.domino.adapter.LCDEnvironment.service(LCDEnvironment.java:306)
at com.ibm.domino.xsp.bridge.http.engine.XspCmdManager.service(XspCmdManager.java:272)
|
Domino Server with Shindig Symptoms
CLPEE1008E: An error occurred obtaining the credential store name.
Possible problems
Supporting details
From the Domino Server with Shindig's trace logs:
Severity | Source Class.Method | Message |
| SEVERE | com.ibm.fiesta.inotes.internal.ConfigDBUtils
getConfigDBName | CLPEE1008E: An error occurred obtaining the credential store name.
com.ibm.designer.domino.napi.NotesAPIException: Error while retrieving the credstore name for application tag=<App Tag>, serviceTag=<Service Tag>
This server is not configured for a cluster.
at com.ibm.designer.domino.napi.NotesSecurity.NGetCredStoreName(Native Method)
at com.ibm.designer.domino.napi.NotesSecurity.getCredStoreName(NotesSecurity.java:30)
at com.ibm.fiesta.inotes.internal.ConfigDBUtils.getConfigDBName(ConfigDBUtils.java:53)
at com.ibm.fiesta.inotes.internal.ConfigDBUtils.getKey(ConfigDBUtils.java:79)
at com.ibm.fiesta.inotes.internal.config.DominoKeyCallable.call(DominoKeyCallable.java:34)
at com.ibm.fiesta.inotes.internal.config.DominoKeyCallable.call(DominoKeyCallable.java:1)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:314)
at java.util.concurrent.FutureTask.run(FutureTask.java:149)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:897)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:919)
at java.lang.Thread.run(Thread.java:738)
|
CLPEE1010E: The key is either null or empty
Possible problems
The security token encryption key was not created in the Credential Store
Supporting details
From the Domino Server with Shindig's trace logs:
Severity | Source Class.Method | Message |
| SEVERE | com.ibm.fiesta.inotes.internal.ConfigDBUtils
getKey | CLPEE1010E: The key is either null or empty |
SRVE0283E: Exception caught while initializing context: {0}
This symptom is common among many problems that occur when the OpenSocial Component's web application starts on the Domino Server with Shindig. The exception and accompanying stack trace will contain more information that should be referenced against other symptoms in this troubleshooting document.
Supporting details
From the Domino Server with Shindig's trace logs:
Severity | Source Class.Method | Message |
| SEVERE | com.ibm.ws.webcontainer.webapp.WebApp
notifyServletContextCreated | SRVE0283E: Exception caught while initializing context: {0}
com.google.inject.CreationException: Guice creation errors:
<A large exception with a lengthy stack trace> |
CLPEE1017W: SecurityTokenServlet - responding with error: (401) CLPEE1018W: Anonymous access is not allowed
Possible problems
The Notes client was not able to SSO with the Domino Sever with Shindig
Supporting details
From the Domino Server with Shindig's trace logs:
Severity | Source Class.Method | Message |
| WARNING | com.ibm.fiesta.inotes.internal.servlet.SecurityTokenServlet
doGet | CLPEE1017W: SecurityTokenServlet - responding with error: (401) CLPEE1018W: Anonymous access is not allowed |
There was an issue setting the configuration parameter maxBytesLocalHeap in ShindigCM to
Possible problems
The "Total cache in memory" setting has been set incorrectly
Supporting details
From the Domino Server with Shindig's trace logs:
Severity | Source Class.Method | Message |
| CONFIG | com.ibm.fiesta.inotes.internal.cache.INotesEhCacheCacheProvider
getConfiguration | There was an issue setting the configuration parameter maxBytesLocalHeap in ShindigCM to
<A large exception with a lengthy stack trace> |
There was an issue setting the configuration parameter maxBytesLocalDisk in ShindigCM to
Possible problems
The "Total cache on disk" setting has been set incorrectly
Supporting details
From the Domino Server with Shindig's trace logs:
Severity | Source Class.Method | Message |
| CONFIG | com.ibm.fiesta.inotes.internal.cache.INotesEhCacheCacheProvider
getConfiguration | There was an issue setting the configuration parameter maxBytesLocalDisk in ShindigCM to
<A large exception with a lengthy stack trace> |
BMWPX0006E: The URL {URL to the OpenSocial Gadget XML} cannot be accessed through the proxy
Possible problems
The OpenSocial Component's proxy is rejecting the request to the Gadget XML URL because it is not whitelisted
Supporting details
From the Domino Server with Shindig's trace logs:
Severity | Source Class.Method | Message |
| FINER | com.ibm.mashups.proxy.connection.HttpURLConnectionFilter
setError(sc, msg) | ENTRY 403 BMWPX0006E: The URL cannot be accessed through the proxy. |
| FINER | com.ibm.mm.proxy.connection.base.EndpointConnection
encodeDataString(iString) | ENTRY BMWPX0006E: The URL cannot be accessed through the proxy. |
| FINER | com.ibm.mm.proxy.connection.base.EndpointConnection
encodeDataString(iString) | RETURN BMWPX0006E: The URL cannot be accessed through the proxy. |
| FINER | com.ibm.fiesta.commons.internal.ProxiedHttpFetcher
fetch | RETURN 403 |
CLFWW2017E: null. Anonymous.
Possible problems
The current user does not have an authenticated session established with Domino
Supporting details
From the Domino Server with Shindig's trace logs:
Severity | Source Class.Method | Message |
| SEVERE | com.ibm.domino.servlets.widgets.INotesMailFileUtil
getMailFile | CLFWW2017E: null. Anonymous.
NotesException: User Anonymous cannot open database <path to mailfile>
at lotus.domino.local.Session.NgetDatabase(Native Method)
at lotus.domino.local.Session.getDatabase(Unknown Source)
at com.ibm.domino.servlets.widgets.INotesMailFileUtil.getMailFile(INotesMailFileUtil.java:81)
at com.ibm.domino.common.widgets.WidgetUtils.getUserDBUtil(WidgetUtils.java:319)
at com.ibm.domino.servlets.widgets.WidgetServlet.doPost(WidgetServlet.java:135)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:713)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
at org.eclipse.equinox.http.registry.internal.ServletManager$ServletWrapper.service(ServletManager.java:180)
at org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(ServletRegistration.java:90)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:111)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:67)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
at com.ibm.domino.xsp.adapter.osgi.OSGIModule.invokeServlet(OSGIModule.java:165)
at com.ibm.domino.xsp.adapter.osgi.OSGIModule.access$0(OSGIModule.java:151)
at com.ibm.domino.xsp.adapter.osgi.OSGIModule$1.invokeServlet(OSGIModule.java:132)
at com.ibm.domino.xsp.adapter.osgi.AbstractOSGIModule.invokeServletWithNotesContext(AbstractOSGIModule.java:179)
at com.ibm.domino.xsp.adapter.osgi.OSGIModule.doService(OSGIModule.java:126)
at com.ibm.domino.xsp.adapter.osgi.OSGIService.doService(OSGIService.java:415)
at com.ibm.designer.runtime.domino.adapter.LCDEnvironment.doService(LCDEnvironment.java:350)
at com.ibm.designer.runtime.domino.adapter.LCDEnvironment.service(LCDEnvironment.java:306)
at com.ibm.domino.xsp.bridge.http.engine.XspCmdManager.service(XspCmdManager.java:272)
|
An HTTP 502 error occurred when fetching service methods
Possible problems
The Domino Server with Shindig cannot communicate to itself over HTTPS
Supporting details
From the Domino Server with Shindig's trace logs:
Severity | Source Class.Method | Message |
| FINER | com.ibm.fiesta.commons.internal.ProxiedHttpFetcher
fetch | RETURN 502 |
| SEVERE | org.apache.shindig.gadgets.render.DefaultServiceFetcher
retrieveServices | An HTTP 502 error occurred when fetching service methods from the https://<Locked or unlocked domain for the Domino Server with Shindig>/fiesta/rpc endpoint. |
BMWPX0017E: The Secure Socket Layer (SSL) certificate of the target host is not trusted.
Possible problems
The SSL certificate used by the server hosting the OpenSocial Gadget XML is invalid or not trusted
Supporting details
From the Domino Server with Shindig's trace logs:
Severity | Source Class.Method | Message |
| FINER | com.ibm.mashups.proxy.connection.HttpURLConnectionFilter
setError(sc, msg) | ENTRY 502 BMWPX0017E: The Secure Socket Layer (SSL) certificate of the target host is not trusted. |
| FINER | com.ibm.fiesta.commons.internal.ProxiedHttpFetcher
fetch | RETURN 502 |
Number of Available connections for host XXX exceeded
Possible problems
The gadget host has exceeded the number of connections allocated
Supporting details
From the Domino Server with Shindig's trace logs:
Severity | Source Class.Method | Message |
| FINER | com.ibm.mashups.proxy.connection.HttpURLConnectionFilter
setError(sc, msg) | ENTRY 503 The number of available connections for the requested remote host exceeded. Please try again later! |
| WARNING | com.ibm.mm.proxy.connection.filter.endpoint.URLConnectionEndpointFilter
connect | Number of available connections for host XXX exceeded! |
org.apache.shindig.gadgets.preload.PreloadException
Possible problems
Connections EE Gadget Fails to render when HTTP is disabled on the Domino server with Shindig
Supporting details
From the Domino Server with Shindig's trace logs:
org.apache.shindig.gadgets.preload.PreloadException: org.apache.commons.json.JSONException: Expecting '{' on line 1, column 0 instead, obtained token: 'Token: EOF'
at org.apache.shindig.gadgets.preload.ConcurrentPreloads$FailedPreload.toJson(ConcurrentPreloads.java:101)
at org.apache.shindig.gadgets.preload.PipelineExecutor.execute(PipelineExecutor.java:131)
at org.apache.shindig.gadgets.rewrite.PipelineDataGadgetRewriter.rewrite(PipelineDataGadgetRewriter.java:72)
at org.apache.shindig.gadgets.render.HtmlRenderer.render(HtmlRenderer.java:88)
at org.apache.shindig.gadgets.render.Renderer.render(Renderer.java:101)
at org.apache.shindig.gadgets.servlet.GadgetRenderingServlet.render(GadgetRenderingServlet.java:107)
at org.apache.shindig.gadgets.servlet.GadgetRenderingServlet.doGet(GadgetRenderingServlet.java:85)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:693)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1661)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1595)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:131)
at com.ibm.fiesta.inotes.internal.servlet.OpenSocialComponentEnablementFilter.doFilter(OpenSocialComponentEnablementFilter.java:44)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:188)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:116)
at org.apache.shindig.auth.AuthenticationServletFilter.callChain(AuthenticationServletFilter.java:186)
at org.apache.shindig.auth.AuthenticationServletFilter.doFilter(AuthenticationServletFilter.java:97)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:188)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:116)
at org.apache.shindig.common.servlet.HostFilter.doFilter(HostFilter.java:38)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:188)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:116)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:77)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:895)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:932)
at com.ibm.pvc.internal.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:85)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:500)
at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:91)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:864)
at com.ibm.pvc.internal.webcontainer.WebContainerBridge.handleRequest(WebContainerBridge.java:25)
at com.ibm.domino.osgi.core.webContainer.WebApplicationsTracker.doService(WebApplicationsTracker.java:141)
at sun.reflect.GeneratedMethodAccessor157.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at com.ibm.domino.xsp.adapter.osgi.webContainer.OSGIWebContainerModule.invokeWebAppContainerService(OSGIWebContainerModule.java:207)
at com.ibm.domino.xsp.adapter.osgi.webContainer.OSGIWebContainerModule.doService(OSGIWebContainerModule.java:178)
at com.ibm.domino.xsp.adapter.osgi.OSGIService.doService(OSGIService.java:417)
at com.ibm.designer.runtime.domino.adapter.LCDEnvironment.doService(LCDEnvironment.java:350)
at com.ibm.designer.runtime.domino.adapter.LCDEnvironment.service(LCDEnvironment.java:306)
at com.ibm.domino.xsp.bridge.http.engine.XspCmdManager.service(XspCmdManager.java:272)
Caused by: org.apache.commons.json.JSONException: Expecting '{' on line 1, column 0 instead, obtained token: 'Token: EOF'
at org.apache.commons.json.internal.Parser.parseObject(Parser.java:183)
at org.apache.commons.json.internal.Parser.parse(Parser.java:120)
at org.apache.commons.json.internal.Parser.parse(Parser.java:85)
at org.apache.commons.json.JSONObject.
(JSONObject.java:128)
at org.apache.shindig.gadgets.preload.PipelinedDataPreloader.parseSocialResponse(PipelinedDataPreloader.java:213)
at org.apache.shindig.gadgets.preload.PipelinedDataPreloader$SocialPreloadTask.call(PipelinedDataPreloader.java:186)
at org.apache.shindig.gadgets.preload.PipelinedDataPreloader$SocialPreloadTask.call(PipelinedDataPreloader.java:139)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:314)
at java.util.concurrent.FutureTask.run(FutureTask.java:149)
at org.apache.shindig.gadgets.preload.ConcurrentPreloaderService.preload(ConcurrentPreloaderService.java:62)
at org.apache.shindig.gadgets.preload.PipelineExecutor.execute(PipelineExecutor.java:128)
... 38 more
Problems
The Widget Catalog has not been configured for the Credential Store
Symptoms of this problem
Possible solutions
Configure the Widget Catalog for the Credential Store
The Widget Catalog design has been corrupted
Symptoms of this problem
Possible solutions
- Clean and re-build the Widget Catalog in Domino Designer
- Replace the design of the Widget Catalog
The Notes embedded browser has been disabled for MIME emails
Symptoms of this problem
When rendering an Embedded Experience e-mail in Notes, I see the HTML version of the e-mail instead
Possible solutions
Enable the Notes embedded browser for MIME mail
The OpenSocial Widget is not approved by a trusted administrator
Symptoms of this problem
This gadget is not allowed to render as it is not trusted.
Possible solutions
The Notes client timed out trying to connect to the Domino Server with Shindig's container page
Symptoms of this problem
The browser timed out trying to connect to the remote container page
Possible solutions
Verify the Gadget Server URL references a valid hostname
The Notes client timed out trying to connect to the Domino Server with Shindig's locked or unlocked domains
Symptoms of this problem
Showing the error page because our on render event was not called in 60000 ms
Possible solutions
The Notes client system's DNS cannot resolve the Domino Server with Shindig's hostname
Symptoms of this problem
Possible solutions
The Notes client was not able to SSO with the Domino Sever with Shindig
Symptoms of this problem
Possible solutions
The OpenSocial Component's proxy is rejecting the request to the Gadget XML URL because it is not whitelisted
Symptoms of this problem
Possible solutions
The Notes client was unable to generate an OpenSocial ID for the current user
Symptoms of this problem
Exception in IdUtil
Possible solutions
Add an internet address in the person document for the current user
The redirect_uri parameter does not match the callback url registered with IBM Connections
Symptoms of this problem
When authorizing the IBM Connections gadgets, I see the "We are unable to process your request" page
Possible solutions
Verify the OpenSocial component OAuth configuration matches the application registered on IBM Connections
The Embedded Experience is not trusted to render in the iNotes client
Symptoms of this problem
Possible solutions
Embedded Experiences in iNotes has not been enabled
Symptoms of this problem
When rendering an Embedded Experience e-mail in iNotes, I see the HTML version of the e-mail instead
Possible solutions
OpenSocial in iNotes has not been enabled
Symptoms of this problem
When rendering an Embedded Experience e-mail in iNotes, I see the HTML version of the e-mail instead
Possible solutions
Widgets in iNotes has not been enabled
Symptoms of this problem
When rendering an Embedded Experience e-mail in iNotes, I see the HTML version of the e-mail instead
Possible solutions
Set the iNotes_WA_Widgets=1 notes.ini setting for the iNotes server
The iNotes proxy is rejecting a request
Symptoms of this problem
Possible solutions
Configure a whitelist in the Proxies configuration the security settings policy
The Credential Store has been improperly clustered
Symptoms of this problem
CLPEE1008E: An error occurred obtaining the credential store name.
Possible solutions
Ensure the Credential Store was created properly in a clustered environment
The Credential Store has been improperly replicated to a server or cluster on which it was not created
Symptoms of this problem
CLPEE1008E: An error occurred obtaining the credential store name.
Possible solutions
Ensure the Credential Store was properly moved to/from a cluster
The Credential Store has been improperly removed from a cluster in which it was created
Symptoms of this problem
CLPEE1008E: An error occurred obtaining the credential store name.
Possible solutions
Ensure the Credential Store was properly moved to/from a cluster
The security token encryption key was not created in the Credential Store
Symptoms of this problem
CLPEE1010E: The key is either null or empty
Possible solutions
Create the security token encryption key in the Credential Store
The "Total cache in memory" setting has been set incorrectly
Symptoms of this problem
There was an issue setting the configuration parameter maxBytesLocalHeap in ShindigCM to
Possible solutions
The "Total cache on disk" setting has been set incorrectly
Symptoms of this problem
There was an issue setting the configuration parameter maxBytesLocalDisk in ShindigCM to
Possible solutions
Locked domains have been enabled, but the locked domain suffix is not a valid in the DNS
Symptoms of this problem
Possible solutions
Locked domains have not been enabled, but the unlocked domain is not a valid in the DNS
Symptoms of this problem
Possible solutions
Verify the unlocked domain is valid
The current user does not have an authenticated session established with Domino
Symptoms of this problem
Possible solutions
Enable Domino session authentication
Internet Explorer Local Area Network settings are causing performance issues
Symptoms of this problem
On Windows, rendering an Embedded Experience e-mail in Notes takes a long time
Possible solutions
Disable Internet Explorer automatic LAN detection settings
The SSL certificate used by the server hosting the OpenSocial Gadget XML is invalid or not trusted
Symptoms of this problem
Possible solutions
- Import the internet certifier and create a cross certificate in the Domino directory
- Add the site certificate to the Domino JVM cacerts keystore
Possible solutions if the OpenSocial Gadget XML is hosted on a Domino Server
- Use IBM HTTP Server or another reverse proxy that supports TLS for inbound HTTPS requests
- Enable SSLv3 for outbound HTTPS requests on Domino
The Domino Server with Shindig cannot communicate to itself over HTTPS
Symptoms of this problem
An HTTP 502 error occurred when fetching service methods
Possible solutions
- Use IBM HTTP Server or another reverse proxy that supports TLS for inbound HTTPS requests
- Enable SSLv3 for outbound HTTPS requests on Domino
The iNotes server cannot proxy to the Domino Server with Shindig over HTTPS
Symptoms of this problem
Server chose SSLv3, but that protocol version is not enabled or not supported by the client.
Possible solutions
Use IBM HTTP Server or another reverse proxy that supports TLS for inbound HTTPS requests
Number of available connections for host exceeded
Symptoms of this problem
The Number of available connections for the host has been exceeded.
Possible solutions
Update the Shindig proxy metadata
HTTP disabled on the Domino Server with Shindig
Symptoms of this problem
PreloadException in the Domino Server with Shindig trace logs
Possible solutions
Overwrite gadgets.osDataUri value
Solutions
Configure the Widget Catalog for the Credential Store
See #1 in the Configure the Widget Catalog section of the deployment cookbook
Clean and re-build the Widget Catalog in Domino Designer
- Open the Widget Catalog in Domino Designer
- Click the Project -> Clean... menu
- In the resulting dialog, select the "Clean projects selected below" radio button
- Ensure that the "Start build immediately" checkbox is checked
- Choose to "Build only the selected projects"
- Click "OK"
- Designer will report the progress of the clean and build operations.
Replace the design of the Widget Catalog
Replace the design of the Widget Catalog via the usual means, referring to steps 8-10 on the Creating a widget catalog page to ensure the correct catalog is used. Also refer to Updating Widget Catalog Design
for other implications of updating the Widget Catalog design.
Once the design has been replaced, one needs to do two things:
- Re-enable agents in the catalog. See Enabling agents in the widget catalog for more information.
- Re-set launch options on the catalog. See Setting launch options for the widget catalog for more information
Enable the Notes embedded browser for MIME mail
- Open the Notes client preferences
- Go to Basic Notes Client Configuration
- In the "Additional options" section, ensure that "Disable embedded browser for MIME mail" is unchecked.
Approve widgets in the Widget Catalog as an administrator
Users with the "[Admins]" role in the Widget Catalog must approve Widgets. See Approving a Widget in the Widget Catalog for more information.
Install approved Widgets from the Widget Catalog
Widgets that are approved in the Widget Catalog must be installed in the Notes and iNotes clients from the Widget Catalog in order to be trusted. Browse to the Widget Catalog and drag and drop to install approved Widgets.
In Notes, Widgets can be installed from other places aside from the Widget Catalog, e.g., from an e-mail. These Widgets will not be trusted.
Add the Widget Catalog administrator to the ECL in the Notes client
The Widget Catalog administrator who approves Widgets must be in the ECL in the Notes client and have the "Configure Widget Capabilities" ability. See Notes Security Policy Settings for more information.
Set the Gadget Server URL in the Widgets desktop settings policy
See Widgets Desktop Settings for more information on the "Gadget Server URL" field.
Verify the Gadget Server URL references a valid hostname
Verify that the "Gadget Server URL" set in Widgets Desktop Settings is a valid hostname. The Notes client machine needs to be able to resolve the hostname to an IP address. Debugging DNS issues is outside of the scope of this troubleshooting document, but one may be interested in tools such as nslookup and Dig
Setup a managed account and push it to Notes clients by policy
For more information see the Managed Account page for more information.
Verify the managed SSO account Domino single sign-on server
When creating the managed SSO account, make sure the Domino single sign-on server setting is accurate and that the Notes client is able to resolve the server.
For more information see the Managed Account page for more information.
Verify the proxy rules for the Widget allow access to the Gadget XML file
See Table 1 in Approving a widget created from an OpenSocial gadget to understand the proxy rules and how they need to be configured.
See Editing proxy settings for an approved widget to view and edit existing proxy rules.
See Adding proxy settings to an approved widget to learn how to add new proxy rules if they are missing.
Update the Notes client's local replica of the Widget Catalog
Per the Gadget rendering process and Proxy Rules in Notes documentation, proxy rules for local rendering are read from the local replica of the Widget Catalog. Run the "Update Widgets" action in the My Widgets sidebar in the Notes client or replicate the local Widget Catalog from the "Replication and Sync" page to update the proxy information.
Add an internet address in the person document for the current user
The OpenSocial Component requires internet addresses to be populated for any user wishing to use the OpenSocial component functionality. See Domino Directory Requirements for more information on this requirement and how to populate internet addresses.
Verify the OpenSocial component OAuth configuration matches the application registered on IBM Connections
As part of the OAuth authorization process, the Domino Server with Shindig generates a "redirect URI" which is passed as a query parameter to Connections. It is used to redirect the OAuth authorization flow back to the Domino Server with Shindig. If the redirect URI does not match exactly the callback URL registered with Connections when the OAuth account was registered, the authorization process will fail.
Information on how this redirect URI is generated can be found in the Shindig server(s) host name section. As mentioned in that section, these URLs default to "HTTPS". One can see the redirect URI being used by inspecting the "redirect_uri" query parameter when authorizing with Connections.
To view the callback URL that was registered with Connections, one can refer to the Managing the client application list documentation. The redirect_uri is shown in the application data that can be viewed.
Set the iNotes_WA_EnableEE=1 notes.ini setting for the iNotes server
For more information, see Using notes.ini settings to enable widgets, live text, and OpenSocial features.
Set the iNotes_WA_OpenSocial=1 notes.ini setting for the iNotes server
For more information, see Using notes.ini settings to enable widgets, live text, and OpenSocial features.
Set the iNotes_WA_Widgets=1 notes.ini setting for the iNotes server
For more information, see Using notes.ini settings to enable widgets, live text, and OpenSocial features.
Configure a whitelist in the Proxies configuration the security settings policy
See iNotes Security Policy Settings for detailed instructions on creating a whitelist for the traffic that must flow through the proxy.
Ensure the Credential Store was created properly in a clustered environment
If one wishes to create a Credential Store application on a clustered server, one must follow the instructions for Creating the credential store application in a cluster
Ensure the Credential Store was properly moved to/from a cluster
If one wishes to move a Credential Store application or change, one must follow the instructions for Moving the credential store application. Many scenarios are outlined on that page given the requirements of the move.
Create the security token encryption key in the Credential Store
See Configuring the Credential Store and the articles to which it links for precise steps on creating the security token encryption key in the Credential Store
Set the "Total cache in memory" field to a non-empty value
See Domino Server with Shindig - Basics for information on CONFIG level logging that may be seen if the "Total cache in memory" field is left blank.
Set the "Total cache on disk" field to a non-empty value
See Domino Server with Shindig - Basics for information on CONFIG level logging that may be seen if the "Total cache on disk" field is left blank.
Ensure the "Total cache in memory" field is set to a valid value
The popup help for the "Total cache in memory" field in the "Basics" tab within the "Social Edition" tab of the Configuration Settings document has a description of the valid format for this field.
Ensure the "Total cache on disk" field is set to a valid value
The popup help for the "Total cache on disk" field in the "Basics" tab within the "Social Edition" tab of the Configuration Settings document has a description of the valid format for this field.
Note: In 9.0, there is a known issue that if this field is set to anything less than 20m one will receive an error. The workaround is to leave the field blank or set it to something greater than 20m.
In development, test, or proof of concept environments, disable locked domains
See Server-centric settings - Locked Domains for more information.
Verify the locked domain suffix is valid
Review the information on the locked domain suffix field and verify the hostname there is valid.
Debugging DNS issues is outside of the scope of this troubleshooting document, but one may be interested in tools such as nslookup and Dig
Verify the unlocked domain is valid
Review the information on the unlocked domain field and verify the hostname there is valid.
Debugging DNS issues is outside of the scope of this troubleshooting document, but one may be interested in tools such as nslookup and Dig
Enable Domino session authentication
Domino session authentication needs to be enabled. For more information about the requirements and how to enable session authentication, see Web SSO Configuration.
Disable Internet Explorer automatic LAN detection settings
See Improving Performance of OpenSocial Gadget rendering in Notes on Windows platforms for more information.
Add the Widget Catalog server as a Trusted Server in the Domino Server with Shindig's server document
The Widget Catalog server must be trusted by the Domino Server with Shindig in order for data to flow to the credential store application from the widget catalog application. See Widget Catalog server must be trusted by the Domino Server with Shindig for more information.
Use IBM HTTP Server or another reverse proxy that supports TLS for inbound HTTPS requests
See Option 1 of OpenSocial Component on Domino using TLS or SSL to change the Domino Server with Shindig to accept TLSv1 when accepting inbound HTTPS requests, even from itself.
Enable SSLv3 for outbound HTTPS requests on Domino
See Option 2 of OpenSocial Component on Domino using TLS or SSL to change the Domino Server with Shindig to use SSLv3 when making outbound HTTPS requests, even to itself.
Import the internet certifier and create a cross certificate in the Domino directory
See Importing an Internet certifier into the Domino Directory and Creating an Internet cross-certificate in the Domino Directory from a certifier document for more information.
Add the site certificate to the Domino JVM cacerts keystore
See Add Site Certificates to the Lotus Domino JVM cacerts Keystore for more information.
Ensure ENABLE_EE is present in the Notes client's notes.ini file
ENABLE_EE=1 must be in the notes.ini file on the client in order for Widgets to be trusted. See Notes Desktop Policy - Custom Settings Tab of this cookbook for links to detailed steps.
Update the Shindig proxy metadata
See Configure the default Shindig proxy settings.
gadgets.osDataUri field should be overwritten
To fix this problem add gadgets.osDataUri to the container.js tab of the Social Edition tab of the Configuration document of the Domino server with Shindig and set its value to https:///fiesta/rpc. Then restart the Domino server with Shindig.
Cookbook Contents