I already put together a list of IBM certifications and trainings I would currently recommend to an administrator new to IBM Connections for older versions of IBM Connections.. As this served me well and I was able to reuse it in several customer situations, I updated that list for Connections 6.0.

Being an Connections 6.0 Administrator requires a broad set of skills. You should/need to know or have the skills in:

(IBM) trainings that will help you with these skills (based on the Connections 6.0 product set):
Course code
Duration (Days)
Linux Basics and Installation The objective of the course is to teach students enough about Linux to successfully install, configure, and run Linux on the student's personal workstation and be productive with it.
Linux System Administration I – Implementation The purpose of this course is to teach experienced Linux users the techniques, methods, and policies used in Linux system administration.

If you are enrolling in a Self Paced Virtual Classroom or Web Based Training course, before you enroll, please review the Self-Paced Virtual Classes and Web-Based Training Classes on our Terms and Conditions page, as well as the system requirements, to ensure that your system meets the minimum requirements for this course. http://www.ibm.com/training/terms

Learning Journeys or Training Paths that reference this course:

  Linux System Administrators


The intended audience for this course is experienced Linux users who want to become administrators of one or more Linux servers.
DB2 11.1 Administration Workshop for Linux This is an intermediate level course for students that will perform Database Administration tasks, who plan, implement, and maintain DB2 10.5 for Linux, UNIX, and Windows databases.

This course teaches database administrators to perform basic database administrative tasks using DB2 11.1 for Linux, UNIX, and Windows. These tasks include creating database objects like tables, indexes and views, and loading data into the database with DB2 utilities like LOAD and INGEST. Various diagnostic methods will be presented, including using db2pd command options, and monitoring with SQL statements that reference DB2 monitor functions. Students will learn how to implement automatic archival for database logs and how to recover a database to a specific point in time using the archived logs. The course covers using EXPLAIN tools to review the access plans for SQL statements, adding indexes to improve SQL performance. We will cover the locking performed by DB2 and the effect the application isolation level has on locking and lock wait conditions. Students will learn how to implement database security, including adding a security administrator, SECADM user, and implement database roles to simplify security management. We will also describe implementing DB2 native encryption for a database.
DB2 SQL Workshop his course provides an introduction to the SQL language.

This course is appropriate for customers working in all DB2 environments, that is, z/OS, VM/VSE, iSeries, Linux, UNIX, and Windows. It is also appropriate for customers working in an Informix environment.
Directory Integrator Courses IBM Directory Integrator (IDI) is a generic data integration tool suitable for a wide range of scenarios that usually require custom coding and significantly more resources than traditional integration tools. https://www.securitylearningacademy.com/local/navigator/index.php?level=iadi01
IBM Security Directory Integrator Administration and Deployment This course focuses on the basic concepts of the IBM Security Directory Integrator application. Students learn about the components of IBM Security Directory Integrator and how the application integrates with different systems. Students also learn how to build IBM Security Directory Integrator solutions.

This course is designed for solution developers, deployers, and system administrators who are responsible for the deployment and administration of IBM Security Directory Integrator solutions.
WebSphere Application Server V8.5.5 Administration This course teaches you the skills that are needed to install and administer IBM WebSphere Application Server V8.5.5. This release offers users enhanced support for standards, emerging technology, and a choice of development frameworks.

In this course, you learn how to install, configure, and maintain IBM WebSphere Application Server V8.5.5 base, Network Deployment (ND), and the Liberty profile. You learn how to deploy enterprise Java applications in a single computer or clustered configuration. In addition, you learn how to work with features of WebSphere Application Server V8.5.5, such as IBM Installation Manager, WebSphere Customization Toolbox, security enhancements, Intelligent Management, and centralized installation.

Throughout the course, hands-on exercises and demonstrations reinforce lecture content and give you practical experience with WebSphere Application Server V8.5.5. You complete tasks such as installing and assembling applications, applying problem determination techniques, configuring a clustered environment, and working with fine-grained administrative security.
WebSphere Application Server V8.5.5 Problem Determination This course teaches you how to manage WebSphere Application Server problems more skillfully within your organization by using problem determination tools and techniques. The instructor and students explore common scenarios that you might face in your daily activities. You also learn methodologies and techniques for problem determination, including how to use online IBM support tools to resolve problems. In addition, you learn how to communicate more effectively with IBM support teams so they can identify a problem and find its solution.

The course covers problems that are associated with Java virtual machine (JVM) tuning and memory management, database connectivity, connection pool configuration, security configuration, server start and stop failures, application deployment, web requests, and default messaging.

In hands-on lab exercises throughout the course, you gain practical experience with problem determination techniques by using your newly acquired skills within various scenarios. These scenarios include hung threads, OutOfMemory errors, crashes, data source configuration, security-related issues, server start and stop failures, web requests, and Java Message Service (JMS) message flow issues.
What's new in IBM Connections 4.5 As there is no new offering for Connections 6.0:
IBM Connections V4.5, social software for business, provides an exceptional social software solution that is designed to help enable users to access the right people and internal and external content in your professional networks and communities. IBM Connections is designed to help users engage with networks of expertise in the context of critical business processes in order to act with confidence and anticipate and respond to emerging opportunities.

In this workshop you will learn about the new features in IBM Connections 4.5, the capabilities provided by IBM Connections Content Manager and how to leverage the social Business toolkit SDK to socialize existing applications.

This advanced course is designed for Solution architects and social networking administrators.
LDAP Essentials This course consists of a set of videos related to basic LDAP topics. The course is focused on IBM Security Directory Server, but the concepts are applicable to any LDAP v3 compliant directory. You learn about LDAP suffixes, directory information tree, object classes and attributes. The videos demonstrate basic LDAP commands: search, add, modify and delete. The video also explains concept of LDIF flies.
IBM Directory Server Administrator As a Directory Server Administrator, you learn how to install and configure Directory Server Suite, and how to use local management interface (LMI) and command line interface (CLI) to administer the appliance, how to manage directory entries and configure the replication. You also learn how to configure Federated Directory Server (FDS) and how to configure Pass-through authentication (PTA).
IBM Connections 5.0 Administration BM connections installations configuration and troubleshooting. Learning different components of connections and also other product which can interact with the IBM connections for social collaboration.

This intermediate course is for IBM Connections administrators who need to deploy, manage and support IBM Connections 5.0 in an enterprise environment.
Changing IBM Connections behavior with IBM Connections Customizer Using extensions to support new business processes
Docker: A boon for the modern developer The role of Docker as a sort of Swiss Army knife for DevOps is well documented. But Docker-managed application containers are useful for more than deploying servers in the cloud. Docker containers can also aid in development and increase productivity dramatically in many common development scenarios. This tutorial focuses on how Docker can be useful from a developer's perspective. I introduce Docker, explain basic concepts and terminology, and present a series of hands-on development examples. https://www.ibm.com/developerworks/web/library/wa-docker-polyglot-programmers/index.html?ca=drs-
ZooKeeper fundamentals, deployment, and applications Let's start with why you would want to use ZooKeeper. ZooKeeper is a building block for distributed systems. When designing a distributed system, there is typically a need for designing and developing some coordination services https://www.ibm.com/developerworks/analytics/library/bd-zookeeper/index.html?ca=drs-
Get started with MongoDB on IBM Power Systems running Linux IBM® POWER8 processor-based systems were designed for various big data and analytics workloads by providing 4X more threads per core, memory bandwidth, and cache than other platform options. These benefits translate into superior performance gains for NoSQL solutions like MongoDB making it an ideal solution for managing your big data workloads on Power Systems running Linux. This article describes how to get started. https://www.ibm.com/developerworks/linux/library/l-mongodb-getstart-trs/index.html?ca=drs-
Build highly scalable applications with Node.js and Redis I will show how to build a chat application that allows users to send messages in real time to other users, scaling the application across multiple instances to handle the load. https://www.ibm.com/developerworks/cloud/library/cl-bluemix-node-redis-app/index.html?ca=drs-
Next-generation search and analytics with Apache Lucene and Solr 4 I began writing about Solr and Lucene for developerWorks six years ago (see Related topics). Over those years, Lucene and Solr established themselves as rock-solid technologies (Lucene as a foundation for Java™ APIs, and Solr as a search service). For instance, they power search-based applications for Apple iTunes, Netflix, Wikipedia, and a host of others, and they help to enable the IBM Watson question-answering system. https://www.ibm.com/developerworks/java/library/j-solr-lucene/index.html?ca=drs-#artrelatedtopics
Learning Path: Kubernetes If you're new to Kubernetes and container orchestration and want to begin learning about it, this learning path covers everything from basic prerequisites to more advanced skills needed for containerization.
Kubernetes Helm 101 Everything you need to know about Kubernetes Helm
Learning Path: The Road to Elasticsearch Learn all you need to know about Elasticsearch and get started with the new Elastic Stack.


Back to top

If you are running, for example, IBM Connections as a "large deployment", you got at least 18 JVMs with their corresponding SystemOut.log files to monitor for errors, issues and the likes. Always stating them explicitly was -- for me -- too cumbersome. So I thought of an easier way. This is what I came up with.

According to the documentation, the WebSphere Application Server (WAS) log files are located in the following directories on each node in your WAS installation:

where path is the WebSphere Application Server installation path. By default, path is the following:

So in an IBM Connections 5.5 environment, there would be these log files:




















So to get them all in one continuous log stream the following one-liner comes in handy:

find /opt/ibm/WebSphere/AppServer/profiles/node01/logs -name SystemOut.log -print0 | xargs --null tail -F

Of course, there are other solutions to this as well. One of them would be multitail, logcheck, Simple Log Watcher or lnav, but you would have to install them, which more often then not, ism't possible in a customer environment.


Back to top

Yes, I am available starting 2019-10-01.
Feel free to contact me any means available (except WhatsApp) or via email at job4martinleyrer.priv.at for my CV or any other information.

You may have heard that IBM sold the products I am currently working with (Notes/Domino, Sametime, Connections) to HCL. As a result of that move, IBM and I recently decided, amicably, to go seperate ways by end of September. This, luckily, coincided with my desire to change and do something new/different.

Which is where you, my dear reader, come into play. Because I am currently at loss what the „next big thing”, the next cool technology or solution to learn, develop and work with, is. I caught the Web in the 1990ties, the .com boom around 2000 and the Social Media/Web 2.0 thingy around 2010s. But right now, I am stumped and my gut feeling is not making a beep.

I already looked at topics like Security, Agile, DevOps, DevSecOps, IoT, Cyber, Blockchain, AI, etc. I pondered the Gartner Hype cycle (just for completeness ;)). I read a ton of input from the RSS feeds I subscribe to. And still nothing sticks out to me with a big, flashing „THIS IS IT” sign plastered over it like I experienced it in my career several times already. I am currently, for the first time in my life, stumped by the question of what I want to work with in the next 3-5 years.

So my question to you is: What IS the „Next Big Thing” in your opinion?

Where should I look for an interesting, well paying, challenge that will keep me galvanized for the next few years?

I would love to get your input!
(or even a job offer)


Back to top

After installing the usual client security updates on my Microsoft Windows Client Virtual Machine I was suddenly no longer able to connect to the customers Windows Servers. First, I had suspected a server security update shutting out my VM (which would have been understandable). But further investigation pointed to a client issue. Especially the specific error message (if you read it *ahem*) helps:

An authentication error has occurred.
The function requested is not supported.
Remote computer:
This could be due to CredSSP encryption oracle remediation.
For more information, see https://go.microsoft.com/fwlink/?linkid=866660

So if you read upon that link, it appears that a Windows Update on my client installed and activated the CredSSP fix for CVE-2018-0886 in "Force Updated Clients" mode which hindered me to connect to the unpached (*ahem*) servers.

In order to "fix" my access problem, I had to modify the behaviour of the client fix via this command line:
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" /f /v AllowEncryptionOracle /t REG_DWORD /d 2

/via Remote desktop connection error after updating Windows 2018/05/08 - CredSSP updates for CVE-2018-0886 - Super User


Back to top

To activate the new Newsletter design in Connections 6.0 to CR4, you’ll first need to update the notification config.

In the properties section of the notification-config.xml you have to add the following line:

<!-- New notification design -->
<property name="globalNotificationTemplateTheme>notifications_v2</property>

Via Martti Garden.


Back to top

Although every communication is (rightfully) moving to TLS, the cleartext tool "telnet" is still quite handy on a Windows based server to check if a port is open and/or basic network connectivity is working. Unfortunately, the telnet client (NOT the server) is no longer part of a Windows default install.

To install the telnet client (NEVER install the server), you could either click through the GUI (Server Manager -> Add roles and features -> ..) or you could use the fast way via the command line:

Enabling the telnet client through command prompt

dism /online /Enable-Feature /FeatureName:TelnetClient

Enabling the telnet client through PowerShell

Install-WindowsFeature -name Telnet-Client

And now a simple
telnet localhost 80
just works :D.


Back to top

 Usually, the filter for syncing LDAP users into IBM Connections using the Tivoli Directory Integrator (TDI) looks something like this:


If you are using Microsofts Active Directory (AD), this also syncs users that are "disabled" in AD, which is usually not what you want.
Fortunately, there is a Microsoft Knowledgebase entry called "How to query Active Directory by using a bitwise filter" that sheds some light on this:
An example is when you want to query Active Directory for user class objects that are disabled. The attribute that holds this information is the userAccountControl attribute. This attribute is composed of a combination of different flags. The flag for setting the object that you want to disable is UF_ACCOUNTDISABLE, which has a value of 0x02 (2 decimal). The bitwise comparison filter that specifies userAccountControl with the UF_ACCOUNTDISABLED bit set would resemble this:

So all we habe to do is to incorporate this attribute into our filter statement (of course negated), to only sync "active" users:


Back to top

In my current project, we had the issue that the logs were flooded with CWWIM4564I warnings like the one below

[10/1/18 18:36:21:401 CEST] 00000443 LdapConnectio I com.ibm.ws.wim.adapter.ldap.LdapConnection getDirContext CWWIM4564I  The user registry is now connected to 'ldaps://activedirectory.example.com:636' LDAP Server. Or, the user registry is able to ping the LDAP server successfully.

and the ISC was very unresponsive when switching to the list of servers or the list of nodes (in an environment with 59 application servers on 13 different nodes).
Even with the workaround found by Dave Hay​, the warnings were flooding the logs (but only for the secondary Active Directory LDAP, the IBM Domino LDAP just worked).

What we did was twofold. As the context pool for the Domino based repository was already enabled, we also activated the context pool for the Active Directory repository, which cut down the number of CWWIM4564I warnings dramatically.

In addition to that, we also followed the steps Martijn de Jong outlined in his blog entry. As the transport memory size was already set to 200 and the IBM_CS_WIRE_FORMAT_VERSION was also already set to 6.1.0, we just had to add the IBM_CS_HAM_PROTOCOL_VERSION custom coregroup property with a value of

With those two changes and a reboot, we experienced a dramatic increase in performance when using the ISC and the logs were a lot easier to read without the CWWIM4564I warnings.


Back to top

If you enable round-trip editing for files according to the IBM Connections documentation (I have no idea, why this is still not on by default), in theory, the following (IMHO very useless) popup should show up only once.

Unfortunately, this is not the case. This rather useless dialog will pop up several times/quite often, even if the user selects "Don't show this message again".

Fortunately, Wickerl and I found a way to disable this useless popup once and for all via an simple IHS rewrite rule in the httpd.conf:

# Enable rewriting engine
RewriteEngine On

# Suppress RoundTripEditing-Dialog

RewriteRule .* - [CO=com.ibm.ic.share.fileviewer.skipRoundTripDialog:true]

This sets the cookie "com.ibm.ic.share.fileviewer.skipRoundTripDialog" via the [CO], or [cookie] flag of mod_rewrite, during each request, thereby disabling the "Edit on Desktop" prompt for good.


Back to top

The IBM Knowledge Center has a nice chapter on "Informing users of a migration or update". You basically redirect everyone to a static maintenance page unless they arrive from a certain IP adress (so you as an administrator can still work):

LoadModule rewrite_module modules/mod_rewrite.so
RewriteEngine on

RewriteCond %{REMOTE_HOST} !^

RewriteCond %{REMOTE_HOST} !^

RewriteCond %{REMOTE_HOST} !^

RewriteRule !^/upgrading.htm$ /upgrading.htm [L,R=500]

ErrorDocument 500 /upgrading.htm

Unfortunately, in a current customer project, that did not work for me, as this
  • blocked the healtcheck from the Load Balancer (LB) in front of Connections as well, which resulted in the requests not getting forwarded to the IHS
  • "%{REMOTE_HOST}" always being the IP of the load balancer

So I had to modify the statement a little bit:
LoadModule rewrite_module modules/mod_rewrite.so
RewriteEngine on

RewriteCond %{REMOTE_HOST} !^

# Allow traffic from the Healthcheck host aka. Load Balancer ...

RewriteCond %{REMOTE_HOST} !^

RewriteCond %{REMOTE_HOST} !^

# Check the "X-Forwarded-For" http header for the original IP of the requester

# and block if not certain IP (add more lines for more IPs)

RewriteCond %{HTTP:X-Forwarded-For} !^

RewriteCond %{HTTP:X-Forwarded-For} !^
RewriteRule !^/upgrading.htm$ /upgrading.htm [L,R=500]

ErrorDocument 500 /upgrading.htm


Back to top

This is the Blog of Martin Leyrer, currently employed as an Senior Lab Services Consultant at HCL Digital Solutions.

The postings on this site are my own and do not represent the positions, strategies or opinions of any former, current or future employer of mine.