IBM Support

Installing the Poodle Hotfix "Full" Version Can Reset Your Configured Sametime Community Server(s) Settings to Default Settings

Technote (troubleshooting)


Problem

Technote 1687845- Security Bulletin: Vulnerability in SSLv3 affects Sametime (CVE-2014-3566), has two hotfixes for the Sametime 9.0 Community server:

  1. New Install only, not for upgrade
  2. Upgrades to existing servers




The "New Install Fix" is cumulative and contains all previous fixes from Fix Central. This fix can be applied to an existing server and will upgrade it to the latest cumulative fix. There is a known problem with the hotfix reverting settings to the default configuration settings. This can cause a problem if you are in a production environment.

If you choose to use the "Upgrade fix link" to remediate POODLE vulnerability on your already installed server, please note that it is not cumulative and you will still want the recommended fixes that are also on fix central.

Symptom

Sametime.ini, stconfig.nsf and a few other files had their settings changed back to the default of a brand new install.


Cause

An issue with the installer causes settings to be reverted to the product's "default" settings.

Resolving the problem

Part 1: Preventative Actions to take in order to apply the fix without losing your settings.

To install the "new install" hotfix and take advantage of the cumulative fixes, you will need to restore your original settings from a backup. To do this, perform the following steps:

1) Make a backup of the following directories:

\domino directory and it's subdirectories (your server's executable directory)

\data directory and it's subdirectories

2) Run the hotfix install as you normally would.

3) Restore these files from backup before you start your Sametime server again:
sametime.ini
stconfig.nsf
vpuserinfo.nsf
STRunTimeDebugTool.jar
StCommLaunch.dep
StAdminSrv.exe

If stsecurity.ini has been modified as part of your configuration it will also need to be restored from the backup as well.

If you have done the above steps, then you are done. If you did not have a backup before you did the install, you will need to continue below with Part 2 - Remediating the installation issues caused by this installer.

Part 2: Remediating the loss of the configuration settings
If you have already performed the upgrade and noticed that some of your settings have now reverted back to the default settings, but you did not have a backup available, then you want to follow these steps:

1) Make sure Sametime is shut down.
2) Check sametime.ini for the following settings that may have been changed:
vp_security_level= (may have been reverted to 7000 from your custom setting).
DIR_SEARCH_LEVEL_LIMIT=1 may have been added. This setting will limit nested group searches to 1 level deep causing unexpected group behaviors.

3) Check stconfig.nsf for the following settings that may have been changed:
LDAPServer document - may have been reverted to the defaults. Check for your custom filters, hostnames, ports, etc.

4) Check the replica ID of vpuserinfo.nsf
By default the installation changes the vpuserinfo.nsf to be a derivative of the names.nsf's replica.id file. Your replica ID needs to be consistent across any cluster members in order to properly replicate. Additionally if your environment contains multiple clusters, you want to ensure that each cluster has a separate replica ID for its VPUserInfo.nsf. You should not be replicating vpuserinfo.nsf outside the cluster.

5) STRunTimeDebugTool.jar is corrupt and needs to be replaced from a server that is not running this fix level. Contact IBM technical support if one is not available to you.

6) StSecurity.ini file will need to be manually reconfigured if you have modified this file.

7) StCommLaunch.dep is overwritten with the default so any changes you made in there such as turning on ststatistics are lost. This will need to be reconfigured manually.

8) Once your settings have been re-configured, start the server and confirm everything works as expected.

Document information

More support for: IBM Sametime
Administration

Software version: 9.0, 9.0.0.1

Operating system(s): AIX, IBM i, Linux, Solaris, Windows

Reference #: 1701183

Modified date: 14 April 2015


Translate this page: