Saturday, September 30, 2023

Launch a page in JazzSM DASH without login page

The following is from an IBM Communities post on this topic by Detlef Kleinfelder . The link is also included, but those see to go dead on IBM's site, which is why I'm including the text:

you can launch a page directly with URL provinding the page id and an user-based token.

The user-based token has the encoded username and password that is used to authenticate and launch a page.


The URL convention is https://<FQDN>:16311/ibm/action/launch/<PageID>/<xlaunchCred>


FQDN = Fully Qualified Domain Name or IP address
PageID = The Page ID of the DASH page
xlaunchCred = The user-based token generated by xlaunchapi.jar

The following STEPS will walk you through to obtain the required parameters:


  1. Get the Page ID of the DASH page. For example, to get the Page ID of DASH About Page, open the About page and click on the "Page" icon at the top right corner and click "About". The Page ID is under "General"

  1. Generate the  user-based token using xlaunchapi.jar, ensure all text in the command are all in one line as shown:
    ./java -cp /<JazzSM_HOME>/profile/installedApps/JazzSMNode01Cell/isc.ear/xlaunchapi.jar\$Encode <username> <password>

  • Replace <username> and <password> with the user you want to Single Sign On.


  • The command will return a string like:

  • L2NvbS5pYm0uaXNjLnhsYXVuY2gudXNlcm5hbWUvc21hZG1pbi9jb20uaWJtLmlzYy54bGF1bmNoLnBhc3N3b3JkL29iamVjdDAw

  1. Following the URL convention, https://<FQDN>:16311/ibm/action/launch/<PageID>/<xlaunchCred>, launch the DASH About Page. The page will launch without manually entering login and password.


Thursday, September 14, 2023

Configuring DASH/JazzSM and WebGUI HA using an ObjectServer database

 There is a great support article on this exact topic here:

There are just a few caveats that need I need to point out:

1. Use the webha.sql file from the above link to create the ObjectServer database. There are two similar files on your DASH/JazzSM server after the install, but both are incorrect.

2. The instructions in the link for configuring WebSphere are all manual, through the WebSphere Admin Console. To make things more easily repeatable, I created a file with all of the Jython WebSphere administrative commands required. Here are the contents of that file:

Friday, August 25, 2023

Modifying the Netcool Remedy 8 gateway for use with Java JDK 8


The Netcool Gateway for Remedy 8 version 1.3 was originally written for Java 6, which used the Rhino JavaScript engine. The Nashorn JavaScript engine in Java 8 (which is automatically installed with an OMNIbus fixpack) is slightly different. Nashorn is so different that the some modifications are required to get the probe to work correctly.

The error you'll see in the gateway log file if you try to run the gateway without these changes is:

Error: [Main Gateway] java.lang.RuntimeException: javax.script.ScriptException: ReferenceError: "importPackage" is not defined in <eval> at line number 1

The issue is basically that Nashorn gives you a new way to create Java objects within JavaScript.

You will need to modify three files to get the Remedy 8 gateway working correctly. Those files are listed here:


In the above two files, you simply need to add this one line at the beginning of each file:


This file requires a bit more customization. Specifically, you replce this line in the update() function definition:

    𝚟𝚊𝚕𝚞𝚎𝚜 = 𝚜𝚘𝚐.𝚗𝚎𝚠𝚛𝚘𝚠();

With these 3 lines:

    //𝚟𝚊𝚕𝚞𝚎𝚜 = 𝚜𝚘𝚐.𝚗𝚎𝚠𝚛𝚘𝚠(); // 𝚓𝚞𝚜𝚝 𝚌𝚘𝚖𝚖𝚎𝚗𝚝𝚒𝚗𝚐 𝚒𝚝 𝚘𝚞𝚝.
𝚟𝚊𝚛 𝚂𝙾𝙶𝚁𝚘𝚠 = 𝙹𝚊𝚟𝚊.𝚝𝚢𝚙𝚎("𝚌𝚘𝚖.𝚒𝚋𝚖.𝚝𝚒𝚟𝚘𝚕𝚒.𝚗𝚎𝚝𝚌𝚘𝚘𝚕.𝚒𝚗𝚝𝚎𝚐𝚛𝚊𝚝𝚒𝚘𝚗𝚜.𝚜𝚘𝚐.𝚂𝙾𝙶𝚁𝚘𝚠");
𝚟𝚊𝚛 𝚟𝚊𝚕𝚞𝚎𝚜 = 𝚗𝚎𝚠 𝚂𝙾𝙶𝚁𝚘𝚠();

Once you make all of the above changes, you need to restart the gateway for the changes to take effect, and it has a better chance of working. I say better chance because you still have to provide all of the correct values for the various properties. But if you're just upgrading your working gateway to OMNIbus 8.1 FixPack 30, then the above changes are what you need.

Friday, August 18, 2023

Updating the bundled Java SDK 8 in WebSphere 8.5.5.x

There are a couple different ways to install Java with WebSphere. The most common way is to simply use the bundled Java SDK. Even with this, sometimes you need to update the Java SDK outside of a Fix Pack. To do that, you need to download an update specifically for the bundled Java SDK. Those can be found here:

You can download the appropriate version, unzip it, add it as a repository to Installation Manager, and then click "Update" to update the WAS bundled JVM.

An example scenario is this:

I have a customer with WAS installed in a secure and regulated environment. They were told they needed to install WAS 8.5.5 FP 23 (FP24 is available, but it has not yet been approved for installation in this environment) and Java WAS comes bundled with Java So we needed to apply the Update via Installation Manager, and then apply the Bundled Java SDK Update via Installation Manager, and all was good.

Thursday, August 17, 2023

Upgrading from IBM Installation Manager 1.8.x to 1.9.x

This is a little tricky because both the documentation and the error message you receive when you try to follow the documentation both lead you in the wrong direction if you currently have IIM installed in "Group mode".

Specifically, the docs tell you to add the new IIM repository.config as a repository to your current IIM 1.8.x installation and to click Update. However, when you do that, it fails and tells you to run the "userinst" command from the new version. This is the correct command to run IF you initially installed IIM in "User mode". But if you originally installed in Group mode, you need to run the "groupinst" command instead.

When you do run "groupinst" (or "userinst" or "install" if you installed it originally in "Admin mode") from the new IIM, you need to make sure to specify the same Data location as you previously used. It will simply use the default value by default, so you need to explicitly state the correct location. ADDITIONALLY, if you specified a custom data location on your original install, you need to copy the InstallationManager.dat file from under that location (run a 'find' to find it) to this location :


This is the default location that IIM looks in for the file. If you don't copy this file over, it will tell you that there's an inconsistency in your install. Here's the error you'll see:

The Installation Manager's registry information is inconsistent with its installation information.

The registry information at "/home/netcool/var/ibm/InstallationManager_Group/etc/.ibm/registry/Installationmanager.dat" indicates that the Installation manager is not installed. however. the information at the "/opt/IBM/InstallationManager/IM/var/ibm/InstallationManager_group" data location indicates that Installation manager 1.8.9 (internal version: 1.8.9000.20180313_1417) is installed at location "/opt/IBM/InstallationManager/IM/InstallationManager_Group/eclipse".

Copy the file over, and you'll no longer get the error.

Also, as a handy piece of information, that file contains the Data Location, specified on the "appDataLocation=" line.

Thursday, July 13, 2023

Securing the Netcool EWS Probe


The Netcool Probe for Microsoft Exchange Web Services (EWS Probe) documentation leads you to create the probe with a very large security issue. Specifically, following the IBM documentation, the probe is allowed to access ANY mailbox just by specifying the name of the mailbox (email address) WITH NO PASSWORD. That is not ideal.


My client and I contacted IBM support and got the following solution really quickly (within just a couple of hours):

The steps are taken from this link

Due to security concerns highlighted by customer, A Doc APAR to add the following steps into probe guide has been raised.

APAR number : IJ41418

Limiting probe access to specific Exchange Online mailboxes.

By default OAuth authentication enables the probe to access all mailboxes in an organization on Exchange Online. Administrators can identify the set of mailboxes to permit access by putting them in a mail-enabled security group. Administrators can then limit probe access to only that set of mailboxes by creating an application access policy for access to that group.

a. Create a new mail-enabled security group using steps in this link or use an existing one and identify the email address for the group.

b. Add the user of mailbox to be accessed by probe into the group.

c. Connect to Exchange Online PowerShell. For details, see Connect to Exchange Online PowerShell.

d. Create an access policy on the registered Azure Active Directory application.

New-ApplicationAccessPolicy -AppId <<Application/ClientID>> -PolicyScopeGroupId <<SecGroupEmail>> -AccessRight RestrictAccess -Description "IBM Netcool EWS Probe Mailbox"

Tuesday, April 18, 2023

Configuring the Prometheus JSON Exporter to Parse a JSON Array


The Prometheus JSON Exporter allows you to parse arbitrary JSON data into Prometheus metrics. You'll even find some examples at the link. The problem is that all of the examples show a single JSON object. What is the syntax supposed to be if you're dealing with JSON that is an array, like this data? This question came up on Reddit.


The solution is to specify the path as:

path: '{[*]}'

That's it. That will return the entire array as a list, which is what's needed to have the JSON Exporter loop through it. 

Here's a link to the github gist with more details about how you can use the above information.