webNetwork 5.3

Pre Install

This is a list of things to keep in mind before during and after installing 5.3 for webNetwork 5.

Please take time to read the information below and if you have any questions contact Stoneware Support prior to starting the upgrade.

• As good practice, be sure that you have a good backup of your stoneware system.
  If you did not shut down webnetwork and make a full backup of the STONEWARE directory, please do not perform the upgrade!
  

• Please make sure you are logged in as Administrator / Root (or equivelent) so that you have proper access to the files and that when webNetwork starts it can open the proper tcp ports.
  

• Two applications can not use the same port on the same ip address. For new installs, please be sure that you do not have another active web server that is already utilizing port 80 / 443. If so, then you will need to make sure that you change these ports in webNetwork. Other ports used by web network can be found at : http://www.stone-ware.com/swql.jsp?kb=ABC-952-XYZ
  

• Be sure that any firewalls on the system allow port 80 / 443 or whatever ports you configured webNetwork to use. If you are going to have multiple servers then there may be other ports that need to be opened. See http://www.stone-ware.com/swql.jsp?kb=ABC-952-XYZ for a list of common ports.
  

• In the past, the Linux and Solaris installs were a .tar download. We have decided to use gzip now to shorten the download times. You can use any of the gui tools to un gzip the file or command like tools such as gunzip filename.bin.gz. Once extracted, you may have to set the permissions to Executable. Depending on your linux/unix gui you can do this by right clicking on the file, go to Permissions and check the executable box. Do do this from a shell prompt, type chmod 777 wn5200.bin

• Something new in 5.3 is that the MS RDP connections are dynamically assigned based on the size of the browser window. If you upgrade to 5.3 and do not switch to a new updated profile, then you will need to set a height x width on the RDP link, otherwise it will open in 800x600 even though you may have the rdp webapp set for full screen. It is recommended that you install 5.3 on a test box and upgrade your profile and test things.

• If you use apacheDS lower than apacheDS 1.5.1 then your information needs to be migrated to apacheDS 1.5.1. Apache does not provide this as a formal install. If you require the users in your pre 1.5.1 apacheDS please do not perform the upgrade until you contact stoneware for help with migrating your apacheDs information.

• If you are upgrading and you have not updated your webnetwork profile in a while, you will want to install 5.2 on a test box and try out the new profiles prior to doing your upgrade. Your old profile will still function, but many new features may not work and some windows may not open as you expect.
  

• If you have any SSO forms that have ? and & in the trigger, then you will need to edit those and add a \ (escape character) before those. For example : To do SSO to Sugar, you normally trigger on /crm/index.php?action=Login&module=Users , now it will be /crm/index.php\?action=Login\&module=Users
  

• Prior to the upgrade, check your /stoneware/bin/webnetwork.lax file and make a note of your memory parameters. http://www.stone-ware.com/swql.jsp?kb=ABC-1235-XYZ

• Prior to the upgrade, make a note of reports that are scheduled and their parameters. Reports will have to be re scheduled after the upgrade. From now on report schedules will not be lost after upgrades.

• If you are using microsoft active directory for your directory services there are a few dns entries and webnetwork settings you should check prior to the ugprade.
  
  • Go to a dos cmd prompt.
    Take note of the search scope entered in the directory services section of 8090 console. Convert the search scope back to a dns name (Do not actually change it in the 8090 console) Example dc=comapany,dc=com turns into company.com.
    Now in the dos cmd prompt type ping company.com does it resolve to the ip number you have entered for the "DNS Name / IP Address" box ?
    If not, add a host entry to the webNetwork Server to make it resolve properly. Without this, talking to Active Directory can be very slow.
  • On the physical domain controller box that you are using for the "DNS Name / IP Address", go to a cmd prompt and type: SET COMPUTERNAME
    This will list the real computer name for this server. Now on the webNetwork server type ping -a xxx.xxx.xxx.xxx where xxx equals the ip number entered in the "DNS Name / IP Address" box.
    Make sure that it resolves to the name you got from the SET COMPUTERNAME command with your domain name attached to the end. If this does not, edit the host file on the webNetwork Server and add it to the host file.
  • If you do not use nested groups in your envionment, check the Disable Nested Group Support in the Directory Services Configuration.

• 5.3 Requires a new license file.
  The install process will ask you for this license file and it will copy it to /stoneware/config and name it license.sw
  Obtain your new 5.3 license file from www.stone-ware.com. Log in with your company id and go to your home directory to download your license file.
  Some customers may have their system set up to use a license file with a name other than license.sw. This means that after the install webNetwork will not be using the new license file.
  You will need to verify via the 8090 management console on each webNetwork server that you are currently using license.sw as your license file.
  Go to the 8090 management console and click on the Loader in the left pane.
  In the middle of the screen your license file name will be shown. If it is something other than license.sw then you will need to fix the license file name before upgrade.
  You can rename the license file in /stoneware/config to license.sw and then from the 8090 management console change the name to license.sw and click save.
  

• Plan your upgrade
  Unless you have clustering and redundant relays, users will not be able to login when you are performing the upgrade.
  Do not perform upgrade if you have recently made other changes to system or infrastructure or while you are having problems with infrastructure.
  Doing so makes it very difficult to diagnose any issues.
  

• Test upgrade on test system prior to upgrade.
  If you have custom software using stoneware API's via methods like SOAP, please be sure to test your applications prior to upgrading production system. webNetwork has updated its Axis client and some functions in application like Visual Studio 2003 .Net 1.1 may not support these updates.
  The upgrade will also modify the /stoneware/webapps/axis/WEB-INF/server-config.wsdd
  You will now have lines like : <handler type="java:com.stoneware.soap.WhiteListHandler"/> on the various services.
  These allow the use of the allowHosts and denyHosts files in the same directory to restrict what IP addresses can utilize these services. Out of the box, the services are locked down. You either need to remove the WhiteListHandler line form the service or modify the allow/denyHosts files.

• webMenus
  If you use webmenus, you will need to go to the Stoneware website and download the latest version.
  You will have to uninstall your old one and then install the new one. After you upgrade webNetwork, you will need to modify the security to allow webmenus to talk to webNetwork.
  Edit the file /stoneware/webapps/axis/WEB-INF/server-config.wsdd
  Find the line : <handler type="java:com.stoneware.soap.WhiteListHandler"/> on the WebMenuService services.
  These allow the use of the allowHosts and denyHosts files in the same directory to restrict what IP addresses can utilize these services. Out of the box, the services are locked down. You either need to remove the WhiteListHandler line form the service or modify the allow/denyHosts files to include the ip numbers of your users.

• Secondary username / password for 8090 Management Console
  If you have console security turned on your 8090 Management Console, it is a good idea to make sure that you have set up a username and password to get into the 8090 Management Console and it works.
  Make sure this account is an account that does NOT exist in your directory services. The purpose of this account is a way to get into the 8090 Management console if webNetwork is unable to talk to the ldap server.
  This account is only able to get into the Managment Console, it can NOT be used to run the upgrade wizard or get into webAdmin.
  

• anti Virus packages
  Many of the anti virus packages have been know to cause issues when run on a high traffic server. Symantec and Mcafee in particular. If they are not configured to ignore the stoneware directory and its temp location, unexpected results can occur. In particular many of the new packages can hook into the TCP stack and analyze the tcp content, this also has caused problems with communication. It is advised that if you are running fine with an anti virus product currently that you be cautious when making any changes or updates to it. If problems occur with webnetwork, try disabling the anti virus product and see if problems still happen and adjust the anti virus product accordingly.

• If you have Stoneware clustering enabled please read this section carefully.
  If you are already on 5.1.0.x then you do not need to do anything special for clustering, you may skip this section.
  If you are upgrading from 5.0.0.x then you will need follow the following steps prior to upgrade.
  Go to node 1's 8090 console, Cluster Services, and choose Leave Cluster.
  Once done, do the same thing for Node 0. This will remove the cluster.
  Go to each server and remove the directory DefaultLoaderDefaultProfile (this directory will be based on your Loader and Profile names)
  Go to each server and edit /stoneware/config/StonewareLoader.xml and remove the section (including lines between) that looks like
       <service name="cluster">
       </service>
  Do the upgrade and then on Node 0, create cluster, wait a few min and then on Node 1, Join the cluster.
  

• Nested Groups
  If you use Microsoft Active Directory and have nested groups you have some options to configure in the Directory Services section in the 8090 Management Console.
  If you do not use nested groups then check the Disable Nested Group Support.
  If you do use nested groups then you should configure the Global Catalog Server with the address of your global catalog for Microsoft AD. If you do not and you have lots of groups with lots of members, you will notice a long delay when logging into the portal.
  

• Before running install, check and make sure your core features are working. Check things like key webapps, swift nodes, etc..
  If they do not work now, they will most likely not work after upgrade either.
  After the upgrade, test these same features out to make sure they behave correctly.
  

• Relay Central
  If you use Relay Central to sync files from a master server to your other relays AND you have your master files in a location other than where stoneware is installed, please continue reading.
  Assume your relay central is configured to use d:\relay-central-files\webserv and d:\relay-central-files\webserv-sec
  After this update you will need to copy the files from c:\stoneware\webserv and c:\stoneware\webserv-sec to your d:\relay-central-files directories
  If you do not do this, then the new files from this update will not be synchronized properly to all of your relays.
  Many customers do not change the path of relay central files from the location of the stoneware directory, if this is your case then you don't have to worry about copying these files by hand.
  

• There are several schema updates that need to be applied for Database Connections, Public News items and Mobile profiles. The account you used for Directory Services MUST be able to check/update the schema.
  The AD server that holds the schema MUST allow schema changes via LDAP. By default this is turned off. View the FAQ : How do I prep MS AD for webNetwork for further info.
  The account used on the stoneware :8090 Management Console under the Directory services section MUST be in the schema master group to update the schema.
  Webnetwork must also be pointed to the schema master during one of the starts ups to be able to update the schema.
  To find the schema master, you can run the following command on a windows 2003 domain controller : dsquery server -hasfsmo schema
  If in doubt as to if your account does not have rights to schema or where your schema master server is, HALT and do not attempt upgrade.
  

• The databases for Community, webPages, TeamPages have all changed.
  You will need to run the Community Service Pack 6 & 7 if you are using HSQL.
     If you are not using HSQL for community databases, then you will need to apply the changes by hand. The database descriptions can be found in your stoneware install under stoneware\hsql\dbscripts
     TeamPages and webPages - you can use the DB Service Pack links in teamPages / webPages Admin.
  If you are using a db other than HSQL, do not do the webNetwork update if are not able to also update your community DB and webPages/teamPages (if used). If the databases are not upgraded, those portions of webNetwork will fail to run. The database can be updated prior to upgrading webNetwork. If you are using HSQL database, then you can run the Community Service Pack 6 & 7 after upgrading webnetwork. Starting with Community Service Pack 7, it will update HSQL, MySQL and MSsql. If you do not already have Community Service Pack 6 applied, you will still need to apply those by hand.

• Due to many changes in the login architecture the main login pages are changed during the update. The following files are effected.
  Overwritten - /stoneware/webserv/LoginPolicy.jsp
  Overwritten - /stoneware/webserv/NoLoginPolicy.jsp
  Overwritten - /stoneware/webserv/index.jsp
  Deleted - /stoneware/webserv/index.html
  If you made custom changes to the login pages without using the Profile Editor, you may loose some of your custom changes.
  If you do not have time to re customize your login pages, please use your development system or install a demo copy on your workstation and work on your login pages prior to upgrade.
  

• The create user and error pages are also changed during the update. The following files are replaced with .jsp versions.
  /stoneware/webserv/badlogin.html
  /stoneware/webserv/createuser.html
  /stoneware/webserv/CreateUserFail.html
  /stoneware/webserv/CreateUserSucceed.html
  /stoneware/webserv/DuplicateUser.html
  /stoneware/webserv/Flushed.html
  /stoneware/webserv/locked.html
  /stoneware/webserv/missing.html
  /stoneware/webserv/notauthenicated.html
  /stoneware/webserv/errors/401 403 404 503.html
  

• webPages customizations.
  If you modified header.jspf and welcome.jsp you will want re edit those files and make your changes instead of restoring your backups. The new versions have many updates, so it is better to re add your customizations to the new files.
  

• Home button
  In the past many profiles had a dynamic HOME button/link that showed up. This button showed up if the user had some components on their dashboard. Due to a bug, it did not show up if the user did not actually drag a component to their dashboard. If the admin set the components as Mandatory, the home button would not show up. This has been changed. The Home button now shows up IF the user has a Home Page configured (formally know as Web Template).
  This allows you to easily have a intranet page come up along with a dashboard of components and the user can switch between the two as needed. To load the dashboard a separate link was added to new installs called wn5e2-personal Dashboard. This link has a description of Dashboard and has a url of /components/displayComponents.jsp This link is set to ROOTED so it shows at the top level of the menu.
  If you are upgrading, then you already have a link similar to this. The link is called wn5-Personalize You can simply change the description of this link to Dashboard and set it to ROOTED to add a link for users to refresh their dashboard.

• Browser Detection
  Depending on what version you are upgrading from, after the update, you may not get the proper profile after you login. We now detect different browsers and allow you to determine what browsers you want to support.
  Use webadmin to go to your profile. Go to Profile Administration panel. Click on the Modify for Browser Restrictions. Click on Wizard and add in the proper browsers that you want to have use that profile. If the browser is not selected in the list, then the user will get the Default profile.

Performing install

• Run the appropriate install file for your Operating System. Do this on EVERY webnetwork server.
  Do not apply individual files from the install, they should all be installed as a set via the install process. The update must be applied to all server.
  If you are using linux, depending on what version of linux you have, you may have a problem with the gui install. You can get around this by running the console mode install. To launch the install in console mode, run the following command : ./wn5300.bin -i console
  This will run the install without the gui, so you can perform the upgrade using a SSH client. After the install manually update your license file (/usr/stoneware/config/license.sw) as the console install does not copy the new license file for you.
  

• Start your upgrade on core loader servers (the one configured to talk to your ldap server) and work your way out to your relays testing as you go.
  After doing first server, verify that everything came back up, if you have a relay on that same box as loader, use that as a test.
  If you do not have a relay on that loader, then login to :8090 management console and get into webAdmin. If you can view users, links, browse your tree you are talking to the directory and should be good to continue to next webNetwork server.
  
  

• This install will automatically purge your /stoneware/temp directory to make sure that any updated .jsp files get re compiled.
  

• Be sure to run the Upgrade Wizard from the 8090 console against at least 1 relayobject to ensure that you get any new links/objects created.
  You only have to run the wizard ONE time, it does not have to be done on every webnetwork server or for every relayobject.
  

Post install

• After the upgrade, re apply your memory parameters that you made a note of before the upgrade. http://www.stone-ware.com/swql.jsp?kb=ABC-1235-XYZ

• Verify that your relay object has a profile set for the default desktop/mobile profile. Also go to your profile and browser restrictions and use the wizzard to select the proper browsers/operating systems for your profiles. This will update the browser restrictions to the latest values for proper detection.

• If you have ever set the option to disable NTLM authentication on a virtual webapplication, then you will want to go check those webapps and verify the option. The option has been reversed so now you check the option to enable NTLM. Depending on your previous setting, the option may be wrong for your webapplication. If you never touched that option in the past, then NTLM will be disabled by default.

• After the upgrade/install and are using Active Directory, go to the 8090 management console and run the Check DNS Configuration under the Directory Services section.
  This will do a test on your DNS servers. Any errors / warning that show up in there should be fixed. http://www.stone-ware.com/swql.jsp?kb=s1090 explains the output and refrences the MS tool DNSLint which should also be used to diagnose your Active Directory envionment.

• If you performed an upgrade and some components do not show up, edit the component in webadmin, it may not have a TYPE set. These components would be from webNetwork v4. Previously, webNetwork profiles would display the component, but new 5.2 profiles will display an error page. Determine if you are going to continue to use the old profile or if you are going to utilize a new profile. If you need to update an old component, use webadmin, set the appropriate type on the component. A url component will have a url set, a TEXT component will have information in the text/definition panel.
  

• Stoneware debugging options.
  It is a good idea to shut off the debug settings when you are done with them.
  The 8090 management console now has a button to reset them all back to defaults.
  Go to the 8090 management console for each server
  Click on your profile in the left pane
  Click on Logging button at top of screen.
  Click on the Reset to Defaults Button.
  When the page refreshes, click Save.
  

• Common debug settings that can be used to diagnose issues.
  The common startup sequence for webNetwork and the debug settings that will show this information can be found here.
  The common debug settings and sample out that they display can be found here.
  

• Starting webnetwork in a cmd window.
  When webnetwork runs as a service you do not see any output when webNetwork is loading. To debug many issues, you may need to run webNetwork in a cmd/console window.
  To launch webnetwork console window on MS Windows , start a dos cmd prompt, change directory to the stoneware\bin directory and run webnetwork.exe
  You will now see webnetwork starting up and it may help debug any issues that you are having. To start it up in linux, type ./webNetwork
  To shut down webnetwork, go to the 8090 console and click on the loader and choose shutdown. Once you are done you can start webnetwork back up as a service. Windows : net start webnetwork Linux : /etc/init.d/webNetworkctl start
  

Reference