IBM Support

Install / Rollback for IBM Connections 6.0 CR2 with the <loginRedirectWhitelist> LCC.xml setting

Preventive Service Planning


Abstract

The <loginRedirectWhitelist> setting in the LCC.XML added by the Security Bulletin: IBM Connections Security Refresh (CVE-2017-1748) could cause IC 6.0 CR2 install to fail. Also IBM Connections 6.0 CR2 also adds the configuration setting to the LotusConnectionConfiguration.xml which will cause Rollback to fail.

In both cases the setting will need to be removed so Install & Rollback can successfully complete.

Content

The  instructions in this technote are the steps required for rollback from Connections 6.0 CR2 to 6.0 CR1. If your deployment base installation was an earlier release then the instructions in the following technote must also be completed:

  • Technote 2010545 for instructions to perform a Rollback for IC 6.0 CR1 with Metrics

 

Follow the steps below to remove the setting from the LotusConnectionsConfiguration.xml file

  1. Shutdown the Connections server and leave the Node running
  2. Edit the LotusConnectionConfig.xml and remove the following lines. This file can be found in the following location - IBM\WebSphere\AppServer\profiles\Dmgr01\config\cells\<cellName>\LotusConnections-config
  3. The lines to be removed are as follows:
    <loginRedirectWhitelist enabled="false">
    <domain>admin_replace.com</domain>
    </loginRedirectWhitelist>
  4. Save changes
  5. Launch the IBM Installation Manager and proceed with either the IC 6.0 CR2 installation or Rollback


Notes:

The <LoginRediectWhiteList> tag is also added by the instruction in Security Bulletin: IBM Connections Security Refresh (CVE-2017-1748). This iFix will need to be re-install if the server will remain at the CR1 level after the Rollback.

Document information

More support for: IBM Connections

Component: Not Applicable

Software version: 6.0

Operating system(s): AIX, Linux, Windows

Reference #: 2017100

Modified date: 01 November 2018