Java Enterprise System 1 Install Service







Jerry Hsieh

Products Expertise Center



Jerry Hsieh






Document History





Draft D0.1


Jerry Hsieh

Created Document.

Draft D0.2



Draft D0.3



Release 1

Draft D0.4



GA Update

Draft D0.5



Troubleshooting Update

Draft D0.6
  Troubleshooting Update
Draft D0.7
  Add MAP and PAB SSO



Copyright 2001 Sun Microsystems, Inc., 901 San Antonio Road; Palo Alto, CA. 94303-4900 USA. All rights reserved.

The documentation is provided 'as is' and all express or implied conditions, representations and warranties, including implied warranty of merchantability, fitness for a particular purpose or non-infringement, are disclaimed, except to the extent that such disclaimers are held to be illegally invalid.


Table of Contents

1 Overview

2 Pre-Requisites

3 Schedule

4 Daily Tasks

5 Step-by-Step Installation & Configuration

5.1 Directory Server

5.1.1 Directory/Admin Server Uninstall

5.2 Application Server

5.3 Web Server

5.4 Identity Server

5.5 Portal Server

5.6 SRA

5.7 Instant Messaging

5.7.1 Configuring the Instant Messaging Server

5.8 Messaging and Calendar

5.8.1 Configuring the Messaging Server

5.8.2 Configure the Calendar Server

5.9 Deploy Identity Service Samples

5.10 Java ES Server start/stop Commands Summary

5.11 Silent Install

6 Other Deployment Scenarios

7 Troubleshooting

8 References



1 Overview

This document represents a sample Java Enterprise System(JES or Java ES) install service. It includes step-by-step installation and configuration procedures for the following Java Enterprise System Release 1 component products:

  • Directory Server (DS)
  • Application Server (AS)
  • Web Server (WS)
  • Identity and Portal Server (IS / PS)
  • Messaging Server (MS)
  • Calendar Server (CS)
  • Instant Messaging (IM)
  • Security Remote Access (SRA)

It is not intended to cover the integration/customization details of all of the component products Java ES offers. However, it does show how easily the following products inter-operate together without additional coding requirements

  • Single Sign On between Portal, Messaging, and Calendar (SSO)
  • Portal Authentication Proxy
  • Messaging/Calendar User Provision
  • Add on Identity Service samples

There are links to additional documents which should be in the zipped bundle you downloaded. These documents include:

  • SOW
  • Customer Questionnaire
  • Day1 Preso
  • Day5 Checklist
  • Summary Preso


2 Pre-Requisites

Before any JES install service engagement, a PS Consultant and Engagement Manager must:

i) Collect the completed customer questionnaire with requirements

ii) Modify the Install Service SOW to identify the set of JES components targeted based upon the above questionnaire.

The final download JES 13d (RTM) bits are available here


You can also ftp from ftp://nana.eng/pub2/orion/s9_orion_13d/distros

3 Schedule

The suggested overall schedule is shown below. The details are in the next section.


Day One

Day Two

Day Three

Day Four

Day Five


Intro &

Kick off meeting

Application & Identity Server

Web or J2EE agent for IS


Calendar SSO

Validate deliverables

Demo prep


JES installation options & Directory server

Portal Server



Instant Messaging

Debug/ document steps, test cases

Present final doc

Q& A



Familiarity with the three install options, uninstall and validation of directory/admin server

Completed Identity,App Svr, Portal install/config Demonstrate the basic features

Completed functionality for targeted component products

Complete all technical work related to the install service


Note: AM = 9am – noon, PM = 1:30pm to 5:30pm

4 Daily Tasks

Day One

AM: Introduction

- Meeting with client on schedule and expectations

- kick off meeting which will cover a short JES presentation, business problems, technical requirements, deliverables, expectations, runtime environment, etc.

PM: JES installation options and directory server

- Solaris server OS, jdk, domain name, patch, partition checking (recommend a fresh Solaris 9 u3 or 4 installation)

- CD or download JES bits and decompression

- run installer in GUI mode and save to a state file for silent installation

- install directory and admin server, startup and examine console for verification

- uninstall directory server via GUI

- re-install directory via command line

      -uninstall directory and re-install via silent installation using state file from the firstt installation


Check point

Familiarity with the three install options, uninstall and validation of directory/admin server


Day Two

AM: Application + Identity server

- install application (include MQ) server and startup

- login to application admin console and deploy sample applications

- verify those applications

- install Identity server using application server web container

- login to application server admin to re-deploy Identity server

- login Identity console to examine authentication, role/user, services

PM: Portal server

- install Portal server in application server web container

- re-deploy portal sample channels

- create org, role, user, and customize desktop

- test jsp, xml, and sample porlets

- customize desktop GUI

- install Portal server gateway (netlet optional)

- test rewriter, basic authentication, ssl,

Check point

Completed Identity and Portal installation/configuration. Demonstrate the basic functions and features.


Day Three

AM: Web or J2EE agent against Identity (optional)

- Validate Identity, Portal, web/application agent SSO (in case of unresolved issues)

- any debugging efforts in case of trouble shooting problems

If everything goes smoothly, the consultant can start PM task now.

PM: Mail/Calendar/Instant Messaging

- install and configure communication servers

- test mail box, calendar

- IM can access via sample portal channels

Check point

Completed functionality for all targeted component products


Day Four

AM: Mail/Calendar SSO

- setup and test SSO

- mail user provisioning to Identity server

- Portal Authentication Proxy

- Add on Identity sample service


Debug and/or document the installation/configuration steps, test cases

Check point

Completion of all technical work for the install service


Day Five


Fill out the checklist to validate deliverables, demo preparation

Summary presentation


Present final document, Q&A session

Note: The above is a recommended list. The consultant may choose to modify as appropriate.


5 Step-by-Step Installation & Configuration

The installation process will add one component at a time to configure, startup, test and show how it works before adding the next component product. The sequence will be:

  1. Directory
  2. Application or Web
  3. Identity
  4. Portal
  5. Instant Messaging
  6. Messaging
  7. Calendar


Here are some additional pre-requisites, which may come from the questionnaire and/or kick off meeting from the customer's technical staff.

  • one or two Ultra Sparc servers with 1-2 CPU, 1-2G RAM (prefer 2G RAM), 10G+ free disk space
  • fresh Solaris 9 U3 or 4 installation (not mandate, but check required patches from Release Note)
  • prodreg checking OS installation of Direcotry and/or Application server (make sure to remove by pkgrm before running JES installer)
  • obtain JES bits (either zip or cpio format from above url)
  • full qualified host name under /etc/hosts file
  • ensure domainname is valid, check /etc/defaultdomain file
  • /etc/nsswitch.conf hosts parameter as "files dns nis"
  • /etc/init.d/sendmail stop for messaging server machine

    Also rename sendmail script for boot time auto startup to be disable.


Here is a picture of the overall deployment architecture

For this document, the following machines are used:






Details are listed below.

Physical Server root and port assignment

Directory Server /var/opt/mps/serverroot 389
Admin Server /var/opt/mps/serverroot 390
Application Server /opt/SUNWappserv 80,4848
Identity Server /opt/SUNWam  
Portal Server /opt/SUNWps  
Instant Messaging /opt/SUNWiim 49999,49909

Messaging Server /opt/SUNWmsgr 110,25,143,80
Calendar Server /opt/SUNWicsvr 81
Admin Server



Portal Gateway /opt/SUNWps 433



Note: above paths are default. You can specify any non-default directory. However, a correct sub-sequenced path needs to follow base product root. For example: Instant Messaging base /usr/JES/im, the IM Document help should specify /usr/JES/im/SUNWiim/html/help and IM Document dir as /usr/JES/im/SUNWiim/html


The screen shots below are based on Java Enterprise System 1 build 11. GA release may consolidate or reduce some of install menu.

Before running installer, note the additional items listed below.

Insert the following lines into /etc/system to increase file descriptor limitation

set rlim_fd_max=65536

set rlim_fd_cur=65536

Soft boot the server:

shutdown -g0 -i6 –y

Useful commands:

prtdiag or prtconf to check system information

prodreg check out product registration


5.1 Directory Server

1. Log on to the server as a user with root privileges.

2. Start the installation program "installer" from the

Java ES distribution at JES bits/Solaris_sparc

Run JES bits/Solaris_sparc/installer –saveState statefile (to save for silent installation state file)

3. Click "Next" on the welcome screen to continue.

4. Accept license agreement and click Yes,

5. English is the default choice, So click "next" to continue.

6. Pull Install All Component Menu and choose following servers from the available options.

-> Sun ONE Directory Server 5.2

-> Sun ONE Administration server 5.2

7. Select and click O.K, when it prompts to upgrade/install shared components

such as JDK etc.


8. Choose the installation directory "/var/opt/mps/serverroot" Click "Next" to continue

9. Click "Next" to continue after the successful completion of system check.


10. Select "Custom configuration" from the "Configuration Type Panel" screen

and click next to continue.


11. Provide the password for the admin user in "Common Server Settings"

window and go to next screen by clicking next button.

12. "Directory Server: Administration(1of5)" Click Next to continue.


13. In the "Directory Server: Server Settings(2 of 5) window, Click Next.


14. Click next on "Directory Server: Configuration Directory Server(3 of 5) window.

16. Click next on "Directory Server: Configuration Directory Server(4 of 5) window

17. Click next on "Directory Server: Configuration Directory Server(5 of 5) window

18. Click next on "Administration Server: Server Settings (1 of 2)

19. Click next on "Administration Server: Server Settings (2 of 2)

20. Click next on "Ready to Install" window, to start the installation


21. Click on "Close" on "Installation completion" screen to exit the installer program.

Please patient to wait for shell prompt.


Note: stop and start the directory server


# /usr/sbin/directoryserve stop

# /usr/sbin/directoryserver start

Stop and start the admin server

# /usr/sbin/mpsadmserver stop

# /usr/sbin/mpsadmserver start

Start Admin console

# /var/opt/mps/serverroot/startconsole

Here are snapshots for directory console login and display


5.1.1 Directory/Admin Server Uninstall

Uninstall JES directory and admin servers

  1. # /usr/sbin/mpsadmserver unconfigure

Enter Administrator ID and Password and Click Next

Click Next to continue

Examine uninstallation detail and Click Close

  • # /usr/sbin/directoryserver unconfigure

    Enter Administrator ID and Password and Click Next

    Click Next to continue

Examine uninstallation detail and Click Close to exit

Continue to remove the rest of packages

  • # /var/sadm/prod/entsys/uninstall

Click Next to continue

Click Next to continue

Click Continue to continue

Enter Admin ID and Admin User’s Password and Click Next

Enter Admin ID and Admin User’s Password and Click Next

Click Next to continue

Progress bar

Complete uninstallation process

Note: the progress bar shows different locale supported by Java ES 1.

Click View Summary and display result

Click View Uninstall.Log and display result

Clink Close button to exit Uninstallation.log window and Click Close again to exit uninstall script.

Additional uninstall steps running via command line

# cd /var/sadm/install

# rm .pkg.lock

# rm productregistry


Note: Please also remove install target directories. See source on P.249


To verify the JES removing completion

# prodreg

To examine any more Sun ONE or Java ES as following snapshots

Expanding Unclassified Software bullet

Now, the server is clean for future JES installation

Command line installation

# JES_bits/Solaris_sparc/installer –nodisplay (Note: apply the same parameters as GUI installation)

Silent install

# JES bits/Solaris_sparc/installer -noconsole -nodisplay -state statefile

No Previously Installed Sun Java(TM) Enterprise System Products are detected on this system


In reset. Key value is now /var/opt/mps/serverroot



5.2 Application Server

cd JES bits/Solaris_sparc

./installer then pass welcome, license, language page, etc as showed before

Selecting Application Server will automatically pick Sun ONE Message Queue 3.0.1 SP2

Then Click Next

Enter destination directory locations and Click Next

Passing system requirements test and Click Next

Select default Custom configuration and Click Next

Enter Administrator Password and confirmation, Click Next

Click Next to accept default settings

Click Next to start install

Click Next to registration

Enter Registration information

Start Application Server and Administration Server as follows:

# cd /var/opt/SUNWappserver7/domains/domain1/server1/bin


CORE1116: Sun ONE Application Server 7.0.0_01

INFO: CORE3016: daemon is running as super-user

INFO: CORE5076: Using [Java HotSpot(TM) Server VM, Version 1.4.1_05] from [Sun Microsystems Inc.]

INFO: JMS5023: JMS service successfully started. Instance Name = domain1_server1, Home = [/usr/bin].

INFO: JTS5014: Recoverable JTS instance, serverId = [100]

INFO: RAR5060: Install JDBC Datasources ...

INFO: JMS5015: Install JMS resources ...

INFO: HTTP3072: HTTP listener http-listener-1 [http://icebox32:80] ready to accept requests

startup: server started successfully

# cd /var/opt/SUNWappserver7/domains/domain1/admin-server/bin

# ./startserv

CORE1116: Sun ONE Application Server 7.0.0_01

INFO: CORE3016: daemon is running as super-user

INFO: CORE5076: Using [Java HotSpot(TM) Server VM, Version 1.4.1_05] from [Sun Microsystems Inc.]

INFO: ADM0002:System MBean initialized:[ias:type=controller]

INFO: ADM0002:System MBean initialized:[ias:type=configurator]

INFO: ADM0001:MBeanServer initialized successfully

INFO: ADM0005:Timestamp files for configuration created for:[admin-server]

INFO: ADM0005:Timestamp files for configuration created for:[server1]

INFO: ADM0102: Starting a thread for tracking manual changes

INFO: IOP5053: Received a locate request on a disabled connection. Locate requests are permitted.

INFO: JTS5014: Recoverable JTS instance, serverId = [100]

INFO: RAR5060: Install JDBC Datasources ...

INFO: JMS5015: Install JMS resources ...

INFO: WEB0100: Loading web module [adminapp:adminapp.war] in virtual server [admin-server] at [/web1]

INFO: WEB0100: Loading web module [admingui:adminGUI.war] in virtual server [admin-server] at [/admin]

INFO: HTTP3072: HTTP listener http-listener-1 [http://icebox32:4848] ready to accept requests

startup: server started successfully

To access Application Administrator console:

From the web browser type to get login prompt

Deploy some web applications for server validation

rooteq@icebox32 195: /opt/SUNWappserver7/bin/asadmin

Use "exit" to exit and "help" for online help

asadmin>deploy --user admin --password password --host localhost --port 4848 /opt/SUNWappserver7/samples/webapps/bookstore/bookstore1/bookstore1.ear

Deployed the application : bookstore1

asadmin>deploy --user admin --password password --host localhost --port 4848 /opt/SUNWappserver7/samples/webapps/jstl/webapps-jstl.war

Deployed the WAR module : webapps-jstl

asadmin>deploy --user admin --password password --host localhost --port 4848 /opt/SUNWappserver7/samples/ejb/stateless/simple/stateless-simple.ear

Deployed the application : stateless-simple

asadmin>deploy --user admin --password password --host localhost --port 4848 /opt/SUNWappserver7/samples/ejb/stateless/converter/stateless-converter.ear

Deployed the application : stateless-converter

asadmin>deploy --user admin --password password --host localhost --port 4848 /opt/SUNWappserver7/samples/webapps/caching/webapps-caching.war

Deployed the WAR module : webapps-caching


Show web stateless-simple

Show webapps-caching sample


Show webapps-jstl sample


5.3 Web Server

Start the installer again, pass welcome, license, language, etc as showed before

Select Web Server and Click Next

Enter installation directory and Click Next

Enter Administrator Password and Confirmation, Click Next

Accept all default settings, and Click Next

Accept default setting s and Click Next

Click Next to start Web server installation

Click Next for product registration

Click Close to exit installer

To enable web and administration server as followings:

cd /opt/SUNWwbsvr/

rooteq@icebox32 40: ./start

Sun ONE Web Server 6.1 B09/11/2003 19:00

info: CORE3016: daemon is running as super-user

info: CORE5076: Using [Java HotSpot(TM) Server VM, Version 1.4.1_05] from [Sun Microsystems Inc.]

info: WEB0100: Loading web module in virtual server [] at [/search]

info: HTTP3072: [LS ls1] ready to accept requests

startup: server started successfully

cd /opt/SUNWwbsvr/https-admserv


Sun ONE Web Server 6.1 B09/11/2003 19:00

info: CORE3016: daemon is running as super-user

info: CORE5076: Using [Java HotSpot(TM) Server VM, Version 1.4.1_05] from [Sun Microsystems Inc.]

info: WEB0100: Loading web module in virtual server [vs-admin] at [/admin-app]

info: HTTP3072: [LS ls1] ready to accept requests

startup: server started successfully


5.4 Identity Server

./installer (skipping Welcome, License, Language, Product Selection menu)

Click Continue and Next

Click Next

Click Next







Enter password and Click Next

Click Next

Note: save password encryption key for Gateway installation use.


Make necessary input and change, then Click Next


Enter password and Click Next

Ensure correct Directory Root and Click Next

Click Next

Click OK>>NEXT

After installing Identity Server, go back to Application server console as follow:











Need to deploy Identity instance into Application server, Just Apply Change

Click Restart button

Enter and login amadmin/password,
user will see the Identity console as above


5.5 Portal Server

./installer (skipping the Welcome, License, Language Menu and click Portal as below)

Select installation directory (default /opt)

Enter password and Click Next



Click Next

Enter password and Click Next


After complete Portal installation, restart application server to deploy Portal applications.

Relogin to Application server console via

Click Apply Changes button

Click Restart button


Start to test Portal via

Click Sign me up link

Click register

Click Agree

User Login as testuser

Go to /opt/SUNWps/web-src to customize desktop, deploy sample channels,
replace images, other tasks

If you install MAP (Mobile Access Pack 6.2) outside of Java ES R1, you need to update desktop display profile as following:

Modify the desktop service (see page 60 of portal admin guide)
   - login amadmin, (as same as step: 4.0)
   - Select the new created sub-orgnization
   - Select the service in View menu
   - Select Portal Destop
   - change the value of default channel name  from
       "DummyChannel" to "JSPTabContainer" (for pc browser) or
       "WirelessDesktopDispatcher" (for MAP)
   - check the value of "defualt Edit Channel Name"  should be
       "JSPEditContainer" (for MAP)
   - change the value of Portal Desktop Type from
       "default" to "sampleportal" (for standard portal) or

Note: if you want to install 3rd party Fatwire content management package, ensure it installs before MAP package.


5.6 SRA

*Note the Secure Remote Access Core package should install into the Portal
server not in the SRA server

Then start gateway by applying /etc/init.d/gateway start

Login amconsole and verify Service Configuration>>Gateway service to default org.
In addition, configure gateway cookie forward url for mail/calendar servers showed as following diagram.

Enter url to test GW/Portal

To enter test/password login to Portal


Mobile Access Package (Optional)
Using MAP install script to install and apply patch

# cd patches
# patchadd 116441-01
# /opt/SUNWps/bin/deploy redeploy
# /etc/rc3.d/S86amserver start (restart web server)
# cd portal-map-dir
# ./setup

Verify MAP Access

- Log on to the Identity Server administration console as amadmin.
The default URL is http://server:port/amconsole.
- Click the Service Configuration tab.
- Under the Service name heading in the left pane, verify the following services are present
Mobile Application Configuration service, address book, mail and calendar
- Under the Service name heading in the left pane>>Identify Server
click the arrow for Client Detection to display Client Detection information in the right pane.
- Click the Edit link following the Client Types label to launch the Client Manager.
- Verify that tabs for HDML, JHTML, VoiceXML, WML, XHTML, cHTML, and iHTML
- Close the Client Manager.
- Click the Identity Management tab.
- From the View menu in the location pane, select Services.
- Verify that the Mobile Application Configuration heading is present and that the address book, mail and calendar applications are listed.
- Log on to your portal site using a mobile device and verify display


5.7 Instant Messaging

Instant Messaging can be hosted by either web or application server. The key will be
pointing to the correct docroot to launch IM client. See troubleshooting section for more information.


(Skipping the Welcome, License, Language, Product Selection pages)

Follow through default to install Instant Messaging Server.

Please apply Instant Messaging patch described in Comm Patch section.



5.7.1 Configuring the Instant Messaging Server



Note:  Make the code base http://host-full-name/im

Click Next


Click Next

Click Next

Added by Jeff

cd /opt/SUNWwbsvr/docs
ln -s /opt/SUNWiim/html im

Next go into amconsole and edit the imchannel. You need to add the following attributes:
codebase: http:full-hostname/im
mux: full-hostname
muxport: 49909
port: 49999
server: full-hostname


Instant Messaging Server configuration is now complete.

Login on the Portal via, you will see the
Instant Message channel below. You might need to update IM channel properties pointing to correct ports
and IM server.

Click Instant Messenger link to start client

Now, test user can start a chat with other login user.


5.8 Messaging and Calendar

./installer (skipping the Welcome, License, Language, Product Selection menus)

Click Next

Enter password and Click Next

Click Next

To ensure Suffix inline with Identity server, Click Next

Enter couple of default selections to get below window

Click Next to get "Ready to Install", then Click Next to get "Product Registration"and wait for final installation completion.

Please apply Messaging Server patches described in Comm Patch section. 116585-03 and 116586-03 commcli patch should add into Identity server, not MS.

5.8.1 Configuring the Messaging Server

Changed by Jeff - merged documentation and existing install guide together

    To Configure Messaging Server After Installation

The Messaging Server component product cannot be configured by the Java Enterprise System installer.

  1. If this step was not done during Calendar Server configuration, configure Sun ONE Directory Server 5.x for Messaging Server on Directory Server by running the Directory Server Setup script, /opt/SUNWmsgsr/lib/
    1. Verify that Directory Server is running. Refer to "To Start Directory Server" for instructions.
    2. Prepare the Directory Server by running server-root/cal/sbin/
    Configure directory for the Messaging server

    Complete terminal log when executing

    /usr/bin/perl /opt/SUNWmsgsr/lib/

    Welcome to the Directory Server preparation tool for Sun ONE Messaging Server.

    (Version 6.0 Revision 0.004)

    This tool prepares your directory server for Sun ONE Messaging Server install.

    The logfile is /var/tmp/dssetup_20031030115149.log.

    Do you want to continue [y]: y

    Please enter the full path to the directory where the Sun ONE

    Directory Server was installed.

    Directory server root [/var/mps/serverroot] : /var/opt/mps/serverroot


    Please select a directory server instance from the following list:

    [1] slapd-icebox32


    Which instance do you want [1]:

    Please enter the directory manager DN [cn=Directory Manager]:


    Will this directory server be used for users/groups [Yes]:

    Please enter the Users/Groups base suffix [o=usergroup] : dc=iplanet,dc=com

    There are 3 possible schema types:

    1 - schema 1 for systems with iMS 5.x data

    1.5 - schema 2 compatibility for systems with iMS 5.x data

    that has been converted with imsdirmig

    2 - schema 2 native for systems using Identity Server

    Please enter the Schema Type (1, 1.5, 2) [2]: 2

    Do you want to update the schema files [yes]:

    Do you want to configure new indexes [yes]:

    Here is a summary of the settings that you chose:

    Server Root : /var/opt/mps/serverroot

    Server Instance : slapd-icebox32

    Users/Groups Directory : Yes

    Update Schema : yes

    Schema Type : 2

    DC Root : dc=iplanet,dc=com

    User/Group Root : dc=iplanet,dc=com

    Add New Indexes : yes

    Directory Manager DN : cn=Directory Manager

    Now ready to generate a shell script and ldif file to modify the Directory.

    No changes to the Directory Server will be made this time.

    Do you want to continue [y]:

    Generating files...

    Checking to see if Suffixes need to be added

    Generating ldif for Adding suffix o=pab

    Checking to see that uid uniqueness plugins are turned off

    Adding indexes

    Adding Indexes for User/group Tree

    Generating ldif for Creating index inetUserStatus for backend userRoot


    Ready to execute the script now.

    Do you want to continue [y]:

    Running /var/tmp/



      Run the script once if Messaging Server, Calendar Server, and the User Management Utility are connected to the same directory server.

      If each product is using a different LDAP directory server, run the script on each LDAP directory.

  2. Verify that the second column in the /etc/hosts file contains the fully-qualified domain name (FQDN) rather than a simple host name. For example:
  3.   loghost

  4. Perform this step only if your installation includes Identity Server 6.1 and LDAP Schema 2 and if this step was not done during Calendar Server configuration: Configure for Messaging Server provisioning by running the User Management Utility, /opt/SUNWcomm/sbin/config-iscli. Instructions are contained in the Sun ONE Messaging and Collaboration User Management Utility Installation and Reference Guide,

Run Comm product user management utility for Messaging Server

cd /opt/SUNWcomm/sbin

./config-iscli (It shows the below GUI window)

Click Next


Enter Identity Server host and port, Click Next

Click Next

Click Next

Click Next

Click Next

Enter mail admin name and password, Click Next

Click next

Click Next

Give mail organization name and Click Next

Click Next

Click Configure Now


The result shows as following diagram

Now deploy commcli-server.war file under /opt/SUNWcomm/lib/jars
Use "exit" to exit and "help" for online help
asadmin>deploy --user admin --password password --host localhost --port 4848 commcli-server.war
Deployed the application : commcli-server

Also add the following directory into classpath of server.xml /opt/SUNWappserver7/domains/domain1/server1/applications/j2ee-modules/commcli-server_1/WEB-INF/classes

The application server console looks like the diagram below after restarting .


/usr/sbin/mpsadmserver configure (start below GUI window)

Click Next

Click Next

Click Next


  • Configure Messaging Server by running the Messaging Server configuration program, /msg_svr_base/sbin/configure.
  • For information on configuring Messaging Server, refer to the Sun ONE Messaging Server Installation Guide for Solaris Operating Systems,

    Configure Messaging Server


    Click Next

    Enter and Click Next

    Click Next

    Click Next

    Enter postmaster email address and Click Next

    Enter password and Click Next

    Click Next

    Click Next

    Click Next

    Click Configure Now to complete

  • If applicable, configure for use with the Sun Cluster software. Refer to "Sun Cluster Configuration Tasks".
  • To verify configuration, proceed to "Starting and Stopping Messaging Server"
  • ------------------------------

    Pump Messaging domain logically up one level to reflect into directory:

    vi /var/opt/SUNWmsgsr/config/option.dat
    --Added by Jeff ---
    the default location for option.dat in jes2 is /var/sunONE/SUNWmsgsr/config

    Insert the line:


    Create a test mail user:

    In directory server icebox32, import testmail.ldif under /var/opt/mps/serverroot/slapd-icebox32/config/schema containing the following:


    objectClass: top

    objectClass: person

    objectClass: organizationalPerson

    objectClass: inetOrgPerson

    objectClass: inetUser

    objectClass: ipUser

    objectClass: nsManagedPerson

    objectClass: userPresenceProfile

    objectClass: inetMailUser

    objectClass: inetLocalMailRecipient




    mailUserStatus: active

    givenName: Test

    userPassword: password

    cn: test mail

    uid: testmail

    sn: Mail

    title: tester

    mailDeliveryOption: mailbox

    preferredLanguage: en

    inetUserStatus: active

    ldapmodify -a -D "cn=Directory Manager" -w password -f testmail.ldif

    Jeff: I didn't do this:   # cp /var/opt/mps/serverroot/comm_dssetup/dssetup/schema/* /var/opt/mps/serverrott/slapd-ldap-hostname/config/schema/.

    copy start-up script to /etc/init.d

    --modified by Jeff ---
    file has changed in jes 2

    cp /opt/SUNWmsgsr/lib/Sun_MsgSvr /etc/init.d/.
    cd /etc/rc2.d

    ln -s ../init.d/Sun_MsgSvr S92Sun_msgSvr

    --- Jeff: Didn't do this:
    Enable personal Filters GUI in WebMail GUI # setenv IWS_SERVER_HOME /opt/SUNWwbsvr
    #/opt/SUNWwbsvr/bin/https/httpadmin/bin/wdeploy deploy -u /MailFilter \ -i https-WebSvrHostname.FQDN -v https-WebSvrHostname.FQDN \

    Jeff: Didn't do this:
    Double check the port number of local.webmail.sieve.port to web server port (80)
    # /opt/SUNWmsgsr/sbin/configutil -o local.webmail.sieve.port -v 80 MMP setup of Messaging server (skip, if no MMP optional)

    modify the imta.cnf and add some key word in the line
    # vi /opt/SUNWmsgsr/config/imta.cnf
    tcp_local ....... daemon smart-host-name

    ----Added by Jeff ----- This section failed with an error. I went into directory console and change the http port
        Turn on proxy on multiplex for IMAP, POP, HTTP, and SMTP
       # configutil -o local.service.http.proxy -v 1
       # configutil -o local.service.smtp.proxy -v 1
    With MMP, the pop/imap port is complict against MMP
    You must change the default port number as below example:
    # ./configutil -o service.pop.port -v 8110
    # ./configutil -o service.pop.sslport -v 8992
    # ./configutil -o service.imap.port -v 8143
    # ./configutil -o service.imap.sslport -v 8993
    # ./configutil -o service.http.port -v 8080
    # ./configutil -o service.http.sslport -v 8443

    Refresh the MTA configuration or Restart Messaging Server:

    /opt/SUNWmsg/sbin/imsimta refresh




    Perform an LDAP Search to find our test user:

    ldapsearch -b "ou=people,,dc=red,dc=iplanet,dc=com"

    -D "cn=Directory Manager" -w password -s sub uid=testmail

    Open a web browser and go to: with testmail/password

    Create a test mail and send to testmail user

    Update Portal Org tree:

    ON icebox32 Configure Portal top org pointing to the branch as default. Thus co-relate Messaging/Portal directory as one tree.

    Create an LDIF file named sun-com.ldif containing:

    dn: ou=People,,dc=red,dc=iplanet,dc=com

    changetype: modify

    add: objectclass

    objectclass: iplanet-am-managed-people-container

    Then update LDAP data via following command.

    ldapmodify -D "cn=Directory Manager" -w password -f sun-com.ldif

    Go to

    Log in as amadmin View tab>>Services>>Core

    Enter ou=People,,dc=iplanet,dc=com under People Container For All Users test box

    Scroll to the bottom and click Save

    Register all services to organization


    Select all services and click Register

    A new organization includes all services.
    ---ADD BY JEFF ---

    Create a new Portal user under


    Check out Net Mail, Portal Desktop, SSO Adaptor, Subscriptions

    Enter mandate user information fields and hit Create button

    Test this new creation user name "test" via sample Portal

    From browser

    Provision this test user to hook into Messaging server.

    Create an LDIF file named test.mail.ldif containing:

    dn: uid=test,ou=people,,dc=red,dc=iplanet,dc=com

    changetype: modify

    add: objectclass

    objectclass: inetMailUser


    add: objectclass

    objectclass: inetLocalMailRecipient


    add: objectclass

    objectclass: userPresenceProfile


    #--- Mail missing added by jeff --
    replace: mail


    replace: mailhost



    replace: mailDeliveryOption

    mailDeliveryOption: mailbox


    replace: preferredLanguage

    preferredLanguage: en


    replace: mailUserStatus

    mailUserStatus: active


    ldapmodify -D "cn=Directory Manager" -w password –f test.mail.ldif

    To ensure this test user can access from Messaging server:

    Open a web browser and go to: login

    as test/password and send a test mail to test user.

    The test mail has showed in mail box of "test" user.


    5.8.2 Configure the Calendar Server

    Note: after configuring Calendar Server, Please apply Calendar patch described in Comm Patch section.
    116577-02 or 116578-02 should apply after configuration process.

    cd /opt/SUNWics5/cal/sbin

    ./ will display below GUI Wizard

    Click Next

    Click Next




    Test the calendar server Log in as username: calmaster

    Provision test user to retrieve Calendar server

    Create with the following content

    dn: uid=test,ou=people,,dc=iplanet,dc=com

    changetype: modify

    add: objectclass

    objectclass: icsCalendarUser


    replace: icsCalendar

    icsCalendar: test


    replace: icsSubscribed

    icsSubscribed: test$test user


    replace: icsCalendarOwned

    icsCalendarOwned: test$test user

    ldapmodify -D "cn=Directory Manager" -w password f

    Test user login Calendar Server via


    Enable SSO for Messaging and Calendar from machine

    # cd /opt/SUNWmsgsr/sbin

    # ./configutil -o local.webmail.sso.amnamingurl -v ""

    OK SET

    # ./configutil -o local.webmail.sso.amcookie -v iPlanetDirectoryPro

    OK SET

    #./configutil -o local.webmail.sso.singlesignoff -v 1

    OK SET

    # ./configutil -o service.http.ipsecurity -v no

    OK SET


    Restart Messaging Server



    For Calendar:

    vi /opt/SUNWics5/cal/config/ics.conf

    Uncomment and/or modify the following parameters:






    local.authldapbasedn = "dc=iplanet,dc=com"

    render.xslonclient.enable = "no"

    Restart Calendar Server

    /opt/SUNWics*/ca/bin/ stop

    /opt/SUNWics*/ca/bin/ start

    Test SSO for Messaging and Calendar via Portal:


    Now, enter the URL of the Messaging server you should get into mail box of test user without doing anything.

    Now enter the URL of the Calendar server you should get into calendar of test user automatically.

    Enable Proxy Authentication for Messaging and Calendar through Portal

    On (MS/CS server machine)

    cd /opt/SUNWmsgsr/sbin

    ./configutil -o store.admins

    ./configutil -o service.http.allowadminproxy -v yes

    For Calendar:

    Uncomment /opt/SUNWics5/cal/config/ics.conf and/or modify the following parameters:


    Verify that these attributes are set correctly:


    service.admin.calmaster.cred="<Enter Password>"

    Enable Portal Proxy Authentication from Portal

    Login to amconsole via

    Service Configuration>>SSO Adapter>>Global section:


    Change to following as one long line without any space in text input box. Make sure the information listed underlines are correct in your own case.


    For Calendar

    Service Configuration>>SSO Adapter>>Global section:


    Change to following as one long line without any space in text box. Make sure the information listed underlines are correct in your case.


    PAB (Public Address Book) SSO adapter ***

    Restart the Portal Server:

    /etc/init.d/amserver stopall

    /etc/init.d/amserver startall

    Then login with test user, the messaging and calendar channel will automatically display mail box and calendar content.


    5.9 Deploy Identity Service Samples

    Deploy Messaging and Calendar Provisioning Plugin samples into the Identity Server as follows.

    Find the sample under SUNWamsam/reloc/$PRODUCT_DIR/samples/integration of product bits which includes sampleMailServerService.xml

    SampleCalendarSrverServices.xml and copy all files to /etc/opt/SUNWam/config/xml

    /opt/SUNWam/bin/amadmin --runasdn uid=amadmin,ou=People,dc=iplanet,dc=com --password password --schema sampleMailServerService.xml

    Loading Service Schema XML sampleMailServerService.xml

    Success 0: Successfully completed.

    /opt/SUNWam/bin/amadmin --runasdn uid=amadmin,ou=People,dc=iplanet,dc=com --password password --schema sampleCalendarServerService.xml

    Loading Service Schema XML sampleCalendarServerService.xml

    Success 0: Successfully completed.

    Restart the Portal/Identity Server

    /etc/init.d/amserver stopall

    /etc/init.d/amserver startall

    Register the MS/CS services into organization

    View>>Services>>Register>>Click sampleMessaging, sampleCalendar box>>Register

    View>>Organizations>>>>View>>Services>>Click sampleMessaging, sampleCalendar box>>Register

    Any new user creation will also update sample Messaging menu as follows:

    Any new user creation will also update sample Calendar menu as follows:

    Test user subscribe mail/calendar sample Identity services

    Enter user name and password to login

    Login into Portal with no messaging/calendar channel contents

    Examine test2 user services subscription

    Add sample services from menu

    Show all services for test2 user

    Update sample calendar service configuration

    Enter Calendar Server name and click Save

    Update sample mail services configuration

    Enter mandatory fields and click Save.

    Exiting all browser windows, and login

    The Messaging and Calendar channel will automatically login to server and display its content into channel.


    5.10 Java ES Server start/stop Commands Summary

    The start/stop commands for Java ES products:

    Mail /opt/SUNWmsgsr/sbin/stop-msg or start-msg

    Cal /opt/SUNWics5/cal/bin/ stop or start

    App /var/opt/SUNWappserver7/domains/domain1/server1/bin/stopserv or startserv

    App admin /var/opt/SUNWappserver7/domains/domain1/admin-server/bin/stopserv or startserv

    Ldap /var/opt/mps/serverroot/slapd-ifrc280a/stop-slapd or start-slapd

    Ldap admin /var/opt/mps/serverroot/stop-admin or start-admin

    IM /opt/SUNWiim/sbin/ stop or start

    Web server /opt/SUNWwbsvr/https-host/start or stop

    Web server admin /opt/SUNWwbsvr/https-admserv/start or stop

    Identity/Portal /etc/init.d/amserver stopall or /etc/init.d/amserver startall


    5.11 Silent Install

    Every server using silent installer should get its own id number and plug this into the sample statefile as shown below.

    ./installer –id /* to get id number */


    Also, be sure to include all component products you wish installation under PSP_SELECTED_COMPONENTS parameter

    Sample statefile


    # Wizard Statefile created: Fri Oct 24 12:03:48 PDT 2003

    # Wizard path: /work2/orion/Solaris_sparc/.install/EntsysInstall9.class


    # Install Wizard Statefile section for Sun Java(tm) Enterprise System


    [STATE_BEGIN Sun Java(tm) Enterprise System 4db93c4dff625b1dc560235d6d22cef224841415]


    PSP_SELECTED_COMPONENTS = DirectoryServ32, AdminServ, OrionUninstaller





    CMN_DS_SERVER_ROOT = /var/mps/serverroot

    CMN_IIM_DOCSHELPDIR = /opt/SUNWiim/html/en/imhelp



    CMN_AS_DOMAINSDIR = /var/opt/SUNWappserver7/domains


    CMN_WS_INSTALLDIR = /opt/SUNWwbsvr

    CMN_IIM_DOCSDIR = /opt/SUNWiim/html



    CMN_AS_CONFIGDIR = /etc/opt/SUNWappserver7

    CMN_AS_INSTALLDIR = /opt/SUNWappserver7

    CMN_MS_INSTALLDIR = /opt/SUNWmsgsr

    CONFIG_TYPE = Custom

    CMN_HOST_NAME = linger1



    CMN_ADMIN_USER = admin

    CMN_ADMIN_PASSWORD = password

    CMN_SYSTEM_USER = root

    CMN_SYSTEM_GROUP = other
















    DS_ADMIN_USER = admin

    DS_ADMIN_PASSWORD = password

    DS_DIR_MGR_USER = cn=Directory Manager

    DS_DIR_MGR_PASSWORD = password


    DS_SERVER_PORT = 389

    DS_SUFFIX = dc=red,dc=iplanet,dc=com


    DS_SYSTEM_USER = root

    DS_SYSTEM_GROUP = other





    CONFIG_DIR_ADM_PASSWD = password



    USER_DIR_PORT = 389

    USER_DIR_ADM_USER = admin

    USER_DIR_ADM_PASSWD = password

    USER_DIR_SUFFIX = dc=red,dc=iplanet,dc=com





    ADMINSERV_ROOT = /var/mps/serverroot









    DPS_PORT =








    AM_ENC_PWD =

    DeploymentServer =


































    IS_WAS40_NODE =











    IS_DS_HOST =


    IS_DS_PORT =





















































































    SRA_IS_ORG_DN = dc=com

    SRA_IS_SERVICE_URI = /amserver

    SRA_IS_PASSWORD_KEY = 12345678901234567890123456789012







    [STATE_DONE Sun Java(tm) Enterprise System 4db93c4dff625b1dc560235d6d22cef224841415]


    6 Other Deployment Scenarios

    When selecting a deployment scenario, the following should be considered:

        • Business Requirements
        • What is the business need?
        • What is the solution scope and stage?
        • What are target business applications?
        • Technical Requirements
        • Which Java Enterprise System product set?
        • What are current technology products and solutions?
        • Quality of Services
        • Availability
        • Flexibility
        • Reliability
        • Scalability
        • Security and Performance

    Listed below are additional deployment scenarios followed by details for each.

    1. Single Server/Developer
    2. Two Server
    3. Three Server/Multiple IS/PS
    4. Four Server/Multiple MS,DS,IS/PS
    5. Reliable Messaging
    6. Multiple IS/PS/SRA + CS/MS/IM
    7. Multiple IS/PS/SRA
    8. Multiple Comm/IS/PS + DS/DPS



    Scenario 1

    Single Server/Developer

    Intended Environment

    Suitable for developers who have access to only one box and need to install/test some of the JES components on a single machine.

    Recommended Hardware

    1-2 CPUs, 1-2G RAM, 20+G Disk

    Recommended Install Order

  • Web or Application Server (MQ,Admin Server)
  • Identity Server (the directory server will be checked by default) Choose Web or App Server
  • Portal: Run in the same container as Identity Server
  • Instant Messaging (optional)
  • Messaging and Calendar Server



    Scenario 2

    Two Server

    Intended Environment

    Suitable for quick and simple deployment which has divided web access in one machine and communication (Mail/Calendar/IM) in the other Directory can put either server or both to have master/slave configuration

    Recommended Hardware

    1-2 CPUs, 1-2G RAM, 20+G Disk

    Recommended Install Order

  • Directory Server can be installed on both machines. Configure one slave hosted by Portal/Identity machine, master hosted by MS, or just one instance on the MS machine
  • Web or Application Server (MQ and Admin Server)
  • Identity Server (use local replicated Directory server or remote directory, if install one instance) Choose Web or App Server
  • Portal – Run in the same container as Identity Server
  • Instant Messaging on the second Server
  • Messaging and Calendar on the second Server



    Scenario 3

    Three Server/Multiple Directory/Identity/Portal

    Intended Environment

    Scenario is suitable for higher availability

    Portal deployment which has two or more Portal/Identity instances to server users better




  • Install both Directory Servers (Admin) and configure MMR
  • Web or Application Server (MQ and Admin Server) in both Servers
  • Identity Server (select local directory server) Choose Web or App Server
  • Portal – Run in the same container as IS
  • Directory Proxy and configured to point to master DS
  • Instant Messaging on the third machine
  • Messaging and Calendar Server on the third machine



    Scenario 4

    Four Server/Multiple MS,PS,DS,IS

    Intended Environment

    Higher availability Messaging Portal/Identity with directory deployment which has two Messaging instances for fail over in case of any machine or mail server failure. Portal has two servers as well. Directory proxy can access both directory servers

    Recommended Hardware

  • SunCluster 3.1 installation via installer
  • Directory Servers on both machines 1 and 2 (Admin Server)
  • Web or Application Server (+ MQ)
  • Directory Proxy and configure to point both DS (option)
  • Identity/Portal server installation via installer
  • Directory Proxy and configure in MS/CS/IM server
  • Sun Cluster installation/configuration
  • MS/CS/IM installation/configuration
  • Cluster configuration and mail agent installation & configuration



    Scenario 5

    Reliable Messaging

    Intended Environment

    Higher availability Messaging deployment which has two Messaging instances for fail over in case of machine or mail server crashes




  • Web and Directory Server
  • Sun Cluster installation/configuration
  • Identity installation on one or both servers (optional)
  • Mail server installation via Java ES installer
  • Install Mail server Transport Agents
  • Configure Mail server and update schema
  • Configure MTA (A-L) Server1 (M-Z) Server 2
  • Cluster mail agent installation/configuration *Any external existing directory which Mail server can access does not need to have a local directory server




    Scenario 6

    Multiple DS,IS,PS,SRA + CS/MS/IM

    Intended Environment

    Higher availability Directory, Identity and Portal SRA deployment which has two of each instances in different server. It will not perform fail over operation, but switch over service via load balance for http and DPS for LDAP




  • Directory Servers on machines 1 and 2
  • Web or Application Server (+ MQ)
  • Configure Directory Proxy to point to both DS
  • Identity/Portal server
  • MS/CS/IM
  • Configure MS/CS/IM server to point to Directory Proxy
  • Portal SRA Gateway




    Scenario 7

    Multiple IS/PS + SRA Gateway

    Intended Environment

    Provides higher availability. Two instances of Directory/ Identity on each machine, and a second Identity/Portal deployment which has two of each on different servers. It will not provide fail over but will load balance. Netlet proxy can server in a separated server for scalability.




    1. Directory Servers on both machines 1 & 2
    2. Web or Application Server (MQ) on both servers
    3. Add Identity Server in each of Directory Server machines
    4. Web or Application Server (MQ) on Portal machine
    5. Configure Directory Proxy to point both DS
    6. Identity/Portal server installation
    7. Portal SRA Gateway
    8. Netlet or rewriter proxy optional





    Scenario 8

    Multiple Comm/IS/PS + DS/DPS

    Intended Environment

    Suitable for higher availability of all services especially Directory Servers. It has multiple levels of directory connections by external multiple DPS to ensure more reliable services




  • Directory master/slave pair Servers on both machines (Admin Server)
  • Configure both master/slave directory servers
  • All Directory Proxy Servers install/configure point to DS
  • Sun Cluster installation for servers hosted MS/CS
  • MS/CS machines installation and configuration (optional local Identity)
  • Sun Cluster MS/CS Agents install/configure Identity/Portal pairs in the web containers
  • IM server installation and IM Mux + Resource into Portal machine
  • Message + Cal installation and configure Mail Transfer Agent & Calendar front end
  • Portal SRA gateway installation/configuration

    and for Java ES Portal HA and MMR




    7 Troubleshooting


    Important Note:. Make sure you add Java Enterprise System patches after successful installation
    process completion. Check Comm Patches section at the end of this section for more information.

    Problem: How to recover from Java ES installer failure

    1)Validate the shared component version against Java ES bits

    Compare installed Java packages version against Java ES bits under


    cd /var/sadm/pkg

    pkginfo -l SUNWj3*

    validate result against each pkginfo of Java ES bits packages

    Validate installed components SUNWpr SUNWtls SUNWicu SUNWicux version against
    <bits_base>/Solaris_sparc/Product/shared_components/Solaris_?(8 or 9)/Packages

    Check out perl packages SUNWpl5u SUNWpl5v and Zip compression library SUNWzlib

    Ensure/usr/j2se point to the JDK version you just updated or JDK 1.4.1_06

    If it is high availability installation, please check additional entries of table 2-3 for
    Shared component packages

    Note: If you experience Java ES GUI installer hung (Identity, Portal, or SRA core), please

    check the web server's wdeploy command (invoked from deploy) failing to return. Double check 
    command line option of installer runs debug mode to examine the cause.
    ./installer -nodisplay -debug 2) Debug mode setting to troubleshoot command line option of installer (more debug information)


    1=3 (default 0 mean no message, 3 overwhelming output)

    If any installed package corrupted or non-recover configure scripts failure, uninstall and remove
    packages/directories will be the only choice.

    3) Uninstall

    run /var/sadm/prod/entsys/uninstall or detail on p.249

    If uninstall file doesn't find in above location, please pkgadd SUNWentsys-uninstall package under

    "prodreg" can also remove component product one by one manually.

    Runtime debug general rules:

    - Use the directory console to view the object class, group, user, and attributes to ensure the correct
    value for user provision after you input ldif or add/modify LDAP data.

    - Identity user delete operation doesn't completely remove all attributes of this user. Need
    to delete user by using amadmin command or directory console to ensure the same user name can
    be added for re-creation.

    - If portal desktop encounters a display problem due to a mis-configuration, try the following to reset

    run /opt/SUNWps/lib/scrubds_Base

    then run /opt/SUNWps/lib/isconfig

    run /opt/SUNWps/lib/config_Base

    Also, from amconsole checking "portal desktop service" for org/role/user

    - Set debug=message in Identity, Portal and Gateway configuration file. Check all debug/log files
    when you encounter any problem for debugging

    - Check mail user (test_mail) attributions by applying

    ldapsearch -b "ou=people,,dc=iplanet,dc=com" -D "cn=directory manager" -w
    password -s sub uid=test_mail

    /opt/SUNWmsgsr/sbin/configutil |grep i mail

    - Run IM client requires the download plug in as the run time environment

    - Web and directory servers look into access and errors logs.



    - Apply db2bak to save directory server database into back up directory
    for each of Messaging or Calendar configuration step (in case you need to restore the original database)

    Problem: Remove LDAP authentication option cause amadmin login failure
    amadmin can only authenticate against LDAP. Invoke Directory Administration Server and Directory console first. Login to directory console>>Expand Server Group>>Directory Server>>dc=iplanet,dc=com>>services>>iPlanetAMAuthService>>1.0>>OrganizationConfig>>default>>Add Attribute to sunkeyvalue

    This process will put back LDAP auth back to Identity server which the amadmin has to use for login process.

    Problem: Portal desktop can't display after successful login


    Need to change user desktop property as following and load default display profile

    Problem: Portal 6.2 running Weblogic and WebSphere on Solaris 9

    For an installation of the Sun ONE Portal Server on BEA WebLogic Server ™ or IBM WebSphere®
    Application Server, only the Solaris 8 Operating System is supported.

    Problem: SRA failure to start

    The Secure Remote Access Core package should install to Portal Server, not gateway server.
    Ensure Identity SDK package should install to SRAGateway server machine.

    Also to ensure both Portal and gateway encryption key are the same. The SRAGateway debug log
    file is under /var/opt/SUNWps/debug.

    Note: 1) Edit the gateway config file to bind to IP= (for multi-homed servers ie
    one gateway pointing to more than one Portal servers)
    2) If you have portal setup for EXTERNAL LDAP authentication instead of the local profile server, the gateway will not startup (i.e. not listen on 443)
    UNLESS you have added the internal SRA user "amService-srapGateway" and probably "amAdmin" to the external LDAP too.

    Problem: srapGateway. <instance> log showed “Bad URL – check the url of servlet or Application Login failed” while gateway starts

    1)Verify amconsole Service Configuration>>Gateway>>default (or instance) setup

    if this page can't display, check out sraGatewayConfig.xml and sraGateway.xml under

    /var/opt/SUNWps/tmp/request in Portal machin. It might need to redeploy.

    2)Verify gateway.dsame.agent= point to the correct portalserver in file


    3)When SRA gateway comes up, it needs to fetch its profile from IS server. To fetch profile,
    its needs a valid SSOToken. So SRA to obtain a application session from IS by login, and this
    process has failed. See follwing problem solution.

    Problem: srapGateway. <instance> log showed "Unable to create SSOToken" while gateway starts

    Note: don't need to uninstall and reinstall SRA Gateway, following steps to debug

    1)SRA Gateway Loggin user password should be the same in Portal and SRA side:

    verify gateway.logging.password= (plain text OK) under platform.conf.<instance> same as
    DefaultOrg>>Users>>amService-srapGateway >>Password (from amconsole)

    2)Verify identity-root/SUNWam/lib/ values are same
    in SRAGateway and Portal servers

    3)Verify same value as above location in both sides

    4)Verify same value as above location in both sides

    5)Verify gateway server listening port by "netstat -a" and grep port number (443)

    Note: If portal node still cannot reach the GW node for some reasons, IS 6.1 has one more way
    called polling for session notification. You can try it. - Check the attributes <--default false
    & (default 180 seconds)

    Problem: How SRA rewriter avoid revealing Intranet url path through Gateway

    From amconsole>>Service Configuration>>Gateway (SRA Configuration)>>-gateway-profile-name>>
    Rewriter>>Advanced>>Enable Obfuscation, click on to enable

    Then click Save button to preserve configuration, restart Gateway by

    gateway-install-root/SUNWps/bin/gateway -n gateway-profile-name start

    Note: Book marking of an obfuscated URI may not work, if this seed string

    has been changed or random generated seed or if the Gateway is restarted.

    Problem: Login sub-org without desktop display, it showed following error

    Access to this resource is denied !!

    Contact your administrator

    Login amconsole select sub-org>>Services>>Administration>>Required Services:

    Adding SunPortalDesktopService, SunPortalSubscriptionsService

    SrapGatewayAccessService, (if SRAGateway applies) into list

    Check sub-org>>Services>>Portal Desktop>>Portal Desktop Type and Default Channel Name
    are valid.

    Validate that sub-org>>Users>>Services include "Access List" Service for all users, if access via

    Problem: SRAGateway isn't working, if a Reverse Proxy is in front of SRAGateway

    Login to SRAGateway machine as root user.

    Edit /etc/opt/SUNWps/platform.conf.<instance> file as follwoings

    gateway.virtualhost=FQN-GW-host GW-ip FQN-reverse-proxy-host (ex. Below)

    gateway.enable.customurl=true (default false) (reverse-proxy-host) (reverse-proxy-host)

    Restart SRAgateway /etc/init.d/gateway -n default start

    Problem: LB+SSL with SRA Portal configuration (contact for more

    slot  hostname   IP               note
    1     s1    Directory #1
    2     s2    Directory #2 (MMR between s1 and s2)
    3     s3    Portal/Identity #1
    4     s4    Portal/Identity #2
    5     s5    Gateway #1
    6     s6    Gateway #2
    -     dirvip   Virtual IP for Directory Server (port:389)
    -     sslgw   Virtual IP for Gateway  (ssl port:443, decrypt port:80)
    [System Configuration]
          HTTPS                            HTTP         HTTP     LDAP         LDAP
    client --> LB blade+SSL Blade-->Gateway-->Portal-->LB blade--> Directory
                              (sslgw)                   (s5,s6)      (s3,s4)       (dirvip)        (s1,s2)
    [Gateway Configuration]
    - Gateway Configuration in AM Console-
    Only enable to HTTP mode and port is 80.
    - platform.conf.default -
        .       .
    gateway.protocol=https  <-- need to set host to virtual host
        .      .
    gateway.external.ip=   <-- need to set this to virtual IP
        .      .
    gateway.httpurl=https://sslgw.sub-domain.Sun.COM:443/  <--no http service
    gateway.httpsurl=https://sslgw.sub-domain.Sun.COM:443/ <--virtual host
    gateway.bindipaddress=     <-- for multi-homed servers  
    Note: For External LDAP authentication, adding amService-srapGateway and amAdmin users into
    External LDAP server via Directory Admin console
    Ensure both Portal and Gateway "DirPassword "(encrypted or plain text form) are the same under

    Problem: Run Commcli failure

    The hostname of Identity Server in /etc/hosts has to be FQDN as the second parameter as

    " icebox32 localhost"


    Then follow the prompts, the only thing configure does is to create under the /opt/SUNWcomm/config directory

    Problem: Local mail server can't send or receive email

    Using telnet 0 143 to test IMAP or telnet 0 25 for POP

    ./imsimta test -rewrite verify mail addresses

    ./configutil | grep default to show all mail server default setting

    Problem: /usr/sbin/directoryserver configure -f /tmp/ds.statefile failure

    Ensure following perl packages have already installed into target server before configuring directory

    SUNWpl5m (manual)

    SUNWpl5p (manual)



    - The similar problem also applies to Application Server.

    - User can get above set of perl packages from the Solaris 8 or Solaris 9 media.

    Instant Messaging failure to download or launch

    From web browser, checking http://web or appserver:port/en/im.jnlp to load IM client.

    If it can't load, check web or application server docroot or symbolic link which pointing to IM code base. (For example: /usr/JES/app/domains/domain1/server1/docroot/im -> /usr/JES/im/SUNWiim/html)

    Also check IM channel property as below example showing:

    Instant Messaging through SRA (Original from ACE team

    Procedure for Instant Messaging through Portal Server SRA.

    0) Deploy /opt/SUNWiim/html at docroot of the web server

    1) Login to Sun ONE Identity Server as amadmin

    Select the organization or user to enable Instant Messaging through SRA.

    Navigate to the Netlet Rules. Click Add under Netlet Rules. Fill in the following values for the rule.

    Rule Name: IM

    The rule name is significant and must match a field in the IMChannel configuration.

    Encryption Algorithms: Default

    URL: null

    Download Applet: checked      49909 im-server-name.FQDN 80

    Extend Session: checked

    Port-Host-Port List: 49909 TARGET 49909

    2) Navigate to the Portal Desktop. Select Edit. Select Channel and

    Container Management. Select IMChannel. Inspect the fields to

    ensure it's populated correctly. These are the fields when the

    client is directly accessing the Instant Messaging server. For



    port: 49999


    muxport: 49909


    clientRunMode: jnlp


    netletRule: IM

    3) When the end user accesses the Portal desktop through the gateway, i.e.

    the end user needs to instantiate the netlet rule for IM to use the Instant Messaging server, e.g. as TARGET. The end user will then select the netlet rule, that now appears as a link in the netlet channel. After the netlet initializes and is available, the end user can select the "Instant Messenger" link in the Instant Messaging channel. The channel will detect if a netlet rule named IM is live and will use the netlet values for localhost and port. The "Instant Messenger" client appears as expected. This will allow a user with a mobile laptop to access Instant Messaging from the Intranet or from the Internet without changing the Instant Messaging channel's configurations. The user simply needs to enable the netlet.


    ** Sun Cluster 3.1 can't use silent installer bug 4942498

    ** Ensure SUNWzlib and SUNWzlibx Solaris 8 packages in your OS system installation with patch 112611-02 or greater See http://solaris.eng/benet/Orion1/contents/solaris-patches-for-orion.html for more information

    ** Calendar single sign off doesn't work properly. See bug 4955583 and 4953114

    ** Latest bug information http://webhome.central/itbos/products/software/pjorion/pjorion.html#Latest-Bugs-Status

    Component Products Migration to Java Enterprise System:

    Directory 5.2

    Application 7

    Web Server 6.1

    Identity 6.1

    Portal 6.2

    Messaging 6.0

    Calendar 6.0

    Instant Messaging 6.1 (specify below url as one line)

    Directory Proxy 5.2

    Sun Cluster 3.1

    Remove all Java Enterprise System Component Products script :

    All the products are installed using default location. If the products are not installed to the default location, the scripts need to be modified to reflect the difference.
    Please check for component packages update. source (Be sure to modify the paths for non-default installations)


    # checks for packages

    for pack in `cat $0| grep "\-\-" | cut -c3-23 `


    /usr/sbin/pkgrm -n -a ./admin.txt $pack


    rm -rf /var/opt/*

    rm -rf /etc/opt/*

    rm –rf /opt/SUNWam /opt/SUNWwbsvr /opt/SUNWappserver7 /opt/SUNWps

    rm –rf /opt/SUNWmsgr /opt/SUNWiim /opt/SUNWcomm /opt/SUNWics5

    rm -rf /var/sadm/prod/

    rm -f /var/sadm/install/logs/*

    rm /var/sadm/install/productregistry

    pkgrm -n SUNWentsys-uninstall

    exit 0

    # Package List Data









































































































































































































































































































































































































































    admin.txt source:











    Comm Patch Update:

    The Comm patches are multiple patches. They have released now under


    The patch release minor number might be higher when you retrieve them.

    MS: 116568-04 sparc 116569-04 x86

    116570-02 sparc 116571-02 x86

    116585-04 sparc 116586-04 x86

    CS: 116577-02 sparc 116578-02 x86

    IM: 115732-03 sparc 116645-03 x86

    Portal 116441-01 sparc 116699-01 x86

    Check out http://sunsoftpatch.sfbay/patchstatus for detail.





    8 References





    JES Main internal web page


    JES bits download page

    All JES Documentation

    JES release engineering



    Java ES and component products download

    Beta white paper collection from ACE team

    Support Service Lessons Learned from Orion Beta

    IT OP installation note

    Bug info