Correctly configuring CQ Externalizer service for using Social Media Plugins

Problem Description :

If you are running into the issue as described in this article, http://blogs.adobe.com/connectsupport/cannot-tweet-using-social-plugin-from-event-info-page/ , and you have the Adobe Connect server hosted on your own premises, you may review the below setup to ensure the CQ Externalizer service is setup properly :

Environment : On-Premise Adobe Connect with CQ server

Steps :

1) On your CQ author server, goto {ServerName}:{Port}/system/console/configMgr/com.day.cq.commons.impl.ExternalizerImpl

2) Check if author and publisher domains are correct. Snapshot of how the setup is on my server :

Picture1

3) Repeat the same steps on the CQ publish server

Additional Information  :

This is a known issue and currently under investigation by our Engineering. Please track this page for latest updates.

Cannot Tweet using Social Plugin from Event Info Page

Problem Description:  

When an event host or an event manager clicks on the “Tweet” button in an event information page the link generated for the tweet has character more than 140 and hence the host cannot tweet.

Below snapshot describes what we see when we try to tweet.

Hit on the tweet button marked yellow in the  snapshot below.

pic1

When we click on tweet below is what we see:

pic2

pic3

Reason Behind this behavior :

This is a known issue with us and Engineering is currently investigating the root cause as per the current status.

Environment : Adobe Connect Hosted with Events

Workaround:

Below is the possible workaround that users can utilize while the bug is under investigation with us :

A) Go to the event template you are using, Click on tweet.

A pop window will appear with a auto generated link, delete the link that is generated.

 

pic4

 

B) Copy the event info url link from the event information page and place it in the twitter pop-up window.

pic5

Note :

If you are running into this problem on your own on-premise Connect-CQ setup, please visit this article to find out the steps that can be applied on your server to fix this : http://blogs.adobe.com/connectsupport/correctly-configuring-cq-externalizer-service-for-using-social-media-plugin/

 

Connect on-premise – SSL – Convert .pfx to .pem format

Connect can be configured with Stunnel to support HTTPS and RTMPS. Stunnel requires you to provide a private key and a public cert file in .pem format.

You probably run Stunnel as a service (you should) so you also need to save the private key without a passphrase.

If you have a .pfx file with your private key and public certificate, you need to extract the key and cert from the .pfx file and save them to individual .pem files.

Here’s how to do just that:

  1. Install OpenSSL from here: https://www.openssl.org/related/binaries.html
  2.  Open a command line window and change to the directory where you installed OpenSSL, i.e. c:\OpenSLL-Win64\bin\.
  3. Run the following command to extract the private key and save it to a new file:
    openssl pkcs12 -in yourpfxfile.pfx -nocerts -out privatekey.pem -nodes
  4. Now run the following command to also extract the public cert and save it to a new file:
    openssl pkcs12 -in yourpfxfile.pfx -nokeys -out publiccert.pem
  5. Now you can use the files in your Stunnel config.

You can find more on configuring SSL and a sample config for Stunnel here:

https://helpx.adobe.com/adobe-connect/kb/secure-connect-cq.html

https://blogs.adobe.com/connectsupport/ssl-configuration-checklist-for-connect-with-aem-based-events

 

 

Seminar Extensions after Connect 9.3

Beginning with Connect 9.1.1, Connect Seminar extensions in session beyond the initially scheduled time were 30 minutes and then another 30 minutes and then an additional 10 minutes provided there was not a conflict with another scheduled Seminar. Beginning with Connect 9.3, this has changed; the new in-session Seminar extension options are now unlimited as long as there is not a conflicting scheduled Seminar under the same Seminar license. If there is another scheduled Seminar that is in conflict, then you will only get a 10 minute warning before your Seminar ends, but if there is not a conflicting Seminar then this interactive pop up will allow the Seminar host to extend the Seminar:

force-extend-seminar

CSO EMEA1 – DATE (21 May 2015)

We’re currently investigating an issue on EMEA1 cluster that is impacting customer meetings.

Few issue reports we have :

  • Connectivity lost during meeting / users drop out of rooms
  • Rooms do not launch
  • Also: MeetingOne telephony profiles associated with rooms are found disabled.

We are investigating aggressively and will follow up shortly.

 

** Update **  –  The cluster is stable now. We’re not seeing any further connectivity issues.

Note : Telephony profiles Issues is still being investigated as a separate incident. More updates to follow shortly.

** New Update **  – All issues including  MeetingOne Telephony profiles have been resolved now !

 

On-premise Connect Installation Hangs Connecting to the Database

Symptoms: Installing with clean images on servers, the Connect Installation with the appropriate local Administrator permissions seemed to be successful but upon clicking “Done” its hangs indefinitely. Restarting the services does not help and the Connect Configuration Console on the local Connect server will not come up. Rebooting the VM will not bring Connect up. In the error.log, it reads:

“Start up error: java.lang.Exception: invalid backup folder: \\connectsharedstorage\connect.” START_UP    START_UP_ERROR….

Note: replace connectsharedstorage\connect with your UNC path to shared storage.

Solution: This error indicates that shared storage is expected by the database but is not configured on the Connect server. This may inadvertently be overlooked during an upgrade instance when a new server (perhaps with a new OS) replaces an older server. The fresh Connect installation, upon pointing to an existing upgraded database that has possibly been updated by script or maybe by the older server image, is expecting shared storage to be in place, but it is not yet configured on the new Connect server. To get past this, edit the Shared Storage entry in the PPS_Config table of the Connect Database to “NULL” and restart the services.

CSO NA11 – DATE (14 May 2015)

The application VIP NA11 is currently down. It may not affect ongoing meetings, but currently the web app VIP is being redirected to the status page. We are investigating aggressively and will follow up shortly.

 

** UPDATE ** – Issue has been repaired at 10:58 AM PST.

Offline FLV Archives Fast-forward during Playback

With Flash Player version 17.0.0.169, the Nellymoser audio codec used within Connect offline FLV Meeting archives played automatically in fast forward. This issue is resolved in the latest Flash Player.

The solution is to install Flash Player version 17.0.0.188 (or later depending on when you run into this issue) and all effected Connect FLV meeting archives will play normally.

https://get.adobe.com/flashplayer/

 

 

 

The begin screen-sharing button in Connect is obscured by the task-bar when resolution on a laptop screen is set to 1366×768

The begin screen-sharing button in Connect is obscured by the task-bar when resolution on a laptop screen is set to 1366×768. You will see this happen, if you use a laptop with 1366×768 screen resolution, attempt to share your screen in Connect. The effect is that the start screen sharing button is hidden behind the Windows task bar at the bottom of the screen:

Small Res - High DPI

The expected behavior is for the start screen share button to be accessible.

The workaround options are to either move the task-bar or change the screen resolution in order to expose the button, but since the start screen-sharing button is already highlighted or in focus albeit unseen, if you simply hit the enter key, screen-sharing will begin. Keep in mind that 1366×768 is the default screen resolution for some laptops.

Note: This is only reproducible in high DPI mode and it is not limited to the Connect Screen-sharing dialog. See how the basic operating system “Save As” dialog exhibits similar behavior at the same resolution:

Small Res - High DPI Windows Dialog

Configuring Secure SQL with Connect

It may be prudent to secure the connection between the Adobe Connect application servers and the SQL database.

Begin with the SQL server and then move onto the Connect server(s); if your SQL server is shared then begin with a change request to the DBA who has charge over the shared SQL environment. If your SQL database is already secure, you may skip Part I.

Part I. Securing the MS SQL Database Server:

First open the Certificates snap-in:

1. Open the MMC console, click Start, and then click Run; In the Run dialog box type:  MMC
2. From the  File menu, click Add/Remove Snap-in….
3. Click Add, and then click Certificates. Click Add again.
4. You are prompted to open the snap-in for the current user account, the service account or for the computer account. Select the Computer Account.
5. Select Local Computer, and then click Finish.
6. Click Close in the Add Standalone Snap-in dialog box.
7. Click OK in the Add/Remove Snap-in dialog box. Your installed certificates are located in the Certificates folder in the Personal container.

Use the MMC snap-in to install the certificate on the server:

  1. Click to select the Personal folder in the left-hand pane.
  2. Right-click in the right-hand pane, point to All Tasks, and then click Request New Certificate….
  3. The Certificate Request Wizard dialog box opens. Click Next. Select Certificate type is “computer”.
  4. In the Friendly Name text box you can type a friendly name for the certificate or leave the text box blank, and then complete the wizard. After the wizard finishes, you will see the certificate in the folder with the fully qualified computer domain name.

You are done now with installation of certificate on the SQL server, next you will need to export the certificate so that the same can be imported in the Connect application server.

  1. Open MMC, and then locate your certificate in the Personal folder.
  2. Right-click the certificate name, and then click Open.
  3. Review the Certification Path tab. Note the top most item.
  4. Navigate to the Trusted Root Certification Authorities folder, and then locate the Certificate Authority noted in step 3..
  5. Right-click CA, point to All Tasks, and then click Export.
  6. Select all the defaults, and then save the exported file to a location where the Connect application server can gain access to it.

Configure SSL encryption in the MS SQL instance:

1. On the SQL server start menu open Microsoft SQL Server>Configuration Tools> SQL Server Configuration Manager:

SQLsecure1.fw

2. Expand SQL Server Network Configuration, then right-click Protocols for MSSQLSERVER, and choose Properties. Select the Flags tab and change the Force Encryption setting to Yes.

sqlserverencryptionstep2

3. Under the Certificate tab, choose the certificate created earlier from the drop down list:

SQLsecure4

The database is now ready for secure connection with the Connect application server.

Part II. Configure the Connect application server to support a secure SQL connection:

Importing the certificate onto the Connect application server

  1. Copy the certificate from MS SQL Database server to the Connect application server(s) or to an accessible share.
  2. Navigate the Connect application sever by using the MMC snap-in, and then browse to the Trusted Root Certification Authorities folder.
  3. Right-click the Trusted Root Certification Authorities folder, point to All Tasks, and then click Import.
  4. Browse, and then select the certificate (.cer file) that you copied in step 1. Select the defaults to complete the remaining part of the wizard.

Create a Trust Store

1.  Be sure to have java installed on your Connect application server; at the command prompt, navigate to the bin directory of your JRE, and execute the following command:

keytool -import -file  <certificate file path> -alias firstCA -keystore <any name for trust store>
Note: This step will queue for a password, create and record a password for future reference.

2. In the ConnectProSvc.conf in the appserv\conf directory, add the following entries in the list of JAVA arguments:

wrapper.java.additional.28=-Djavax.net.ssl.trustStore= <path of Trust Store file created in step 1>
wrapper.java.additional.29=-Djavax.net.ssl.trustStorePassword=<password you created in step 1>

Configure the secure connection in Connect:

1. In custom.ini file under the root Connect installation directory, add the following entries:

DB_ENCRYPTION_METHOD=SSL
DB_VALIDATE_SERVER_CERTIFICATE=true

2. Cycle the services or reboot the server:

Adobe Connect Service
Flash Media Service

Note: For secure LDAP or LDAPS with Connect and for additional granularity around the paths and keystore see the following tech-note: Configure Connect Directory Services to use LDAPS