Install / Rollback for IBM Connections 6.0 CR2 with the <loginRedirectWhitelist> LCC.xml setting
Preventive Service Planning
The <loginRedirectWhitelist> setting in the LCC.XML added by the Security Bulletin: IBM Connections Security Refresh (CVE-2017-1748) could cause IC 6.0 CR2 install to fail. Also IBM Connections 6.0 CR2 also adds the configuration setting to the LotusConnectionConfiguration.xml which will cause Rollback to fail.
In both cases the setting will need to be removed so Install & Rollback can successfully complete.
The instructions in this technote are the steps required for rollback from Connections 6.0 CR2 to 6.0 CR1. If your deployment base installation was an earlier release then the instructions in the following technote must also be completed:
- Technote 2010545 for instructions to perform a Rollback for IC 6.0 CR1 with Metrics
Follow the steps below to remove the setting from the LotusConnectionsConfiguration.xml file
- Shutdown the Connections server and leave the Node running
- Edit the LotusConnectionConfig.xml and remove the following lines. This file can be found in the following location - IBM\WebSphere\AppServer\profiles\Dmgr01\config\cells\<cellName>\LotusConnections-config
- The lines to be removed are as follows:
- Save changes
- Launch the IBM Installation Manager and proceed with either the IC 6.0 CR2 installation or Rollback
The <LoginRediectWhiteList> tag is also added by the instruction in Security Bulletin: IBM Connections Security Refresh (CVE-2017-1748). This iFix will need to be re-install if the server will remain at the CR1 level after the Rollback.