FilrInfo Gathering Script:
Paste the following string of commands into a
terminal session (such as putty):
wget -P /tmp ftp://ftp.novell.com/outgoing/FilrInfo-3.5.sh;sh
/tmp/FilrInfo-3.5.sh
After those commands run, one of the following messages will be presented to
the terminal:
The information has been written to:
/tmp/FilrInfo-<FileName>.txt
and has also been uploaded to: ftp://ftp.novell.com/incoming
or
The information has been written to:
/tmp/FilrInfo-<FileName>.txt
NOTE: An attempt was made to also upload the file to the
Novell FTP Incoming directory, but was not successful.
If the first message is displayed, let me know. If
the second message is displayed, email me the file.
URL to get quota information and other settings:
https://kwbradford5.lab.novell.com:8443/rest/zone_config
Filr Repositories for 4.3.1
Alias Name: Filr-4.3-Updates
URL: https://nu.novell.com/repo/$RCE/Filr-4.3-Updates/sle-12-x86_64?credentials=NCCcredentials
Alias Name: Filr-4.3-OS
URL:
https://nu.novell.com/repo/$RCE/Filr-4.3-OS/sle-12-x86_64?credentials=NCCcredentials
CLI to get the same as above:
wget --user=admin --password=novell --no-check-certificate -O
/tmp/Zone_Config_Data.txt https://kwbradford5.lab.novell.com:8443/rest/zone_config
Troubleshooting files not syncing to desktop client:
----- Set the famtd log level to debug:
--------------/opt/novell/filr/bin/famtconfig -s loglevel=4
------ Log in with the Filr Desktop client and attempt to browse to the various
folders.
------ Send me a copy of the /var/opt/novell/filr/log/famtd.log
------ Open a CMD prompt in the "Run as
Administrator" mode.
------------- Type the following command and send me the output:
-------------------- fltmc
------------- Type the following command and send me the output:
-------------------- driverquery /v |findstr FilrDriver
-------------- Type this command:
-------------------- cd %windir%\Microsoft.NET\Framework
------------------------- cd into the v4.0* directory
---------------Type this command and send me the output
------------------------- .\MSBuild.exe -version
LDAP User Import troubleshooting:
To see the progress (or lack of progress) of a User LDAP Import:
Turn on debugging
sed -i -e
's/#log4j.category.org.kablink.teaming.module.ldap=DEBUG/log4j.category.org.kablink.teaming.module.ldap=DEBUG/g'
/opt/novell/filr/apache-tomcat/conf/log4j.properties;rcfilr stop;rcfilr start
Start the ldap sync
Tips to track for specific words:
grep -i Recording /var/opt/novell/tomcat-filr/logs/appserver.log | wc -l
-----> 'Recording' is a good word to track for processed user IDs
grep <word> /var/opt/novell/tomcat-filr/logs/appserver.log
Turn off debugging:
sed -i -e
's/log4j.category.org.kablink.teaming.module.ldap=DEBUG/#log4j.category.org.kablink.teaming.module.ldap=DEBUG/g'
/opt/novell/filr/apache-tomcat/conf/log4j.properties;rcfilr stop;rcfilr start
How to watch the progress of a Re-Index of
Everything
Look for similar message within the
/var/opt/novell/tomcat-filr/logs/appserver.log
2022-10-03T13:05:27,654 INFO
[https-openssl-nio-8443-exec-10-(5-1663897774084)]
[org.kablink.teaming.module.folder.impl.DefaultFolderCoreProcessor] - Indexed
646000 binders so far. The ID of the last processed binder is 2423277 -
Progress (global estimate): (currentCount=1388252, totalCount=1582492)
or
cat /var/opt/novell/tomcat-filr/logs/appserver.log | grep currentCount=
Obtain detailed Rights Info on Net Folders
Replace both the <FILRADDRESS> and <BINDERID>. The BINDERID can
be found from the FilrInfo "NetFolders Info Part 1" section. Be sure
to log in as admin.
https://<FILRADDRESS>/ssf/a/do?p_name=ss_forum&p_action=1&newTab=ssNewTabPlaceHolder&binderId=<BINDERID>&action=configure_access_control&novl_url=1
Configure Filr to authenticate user locally if LDAP is not available:
echo " " >>
/opt/novell/filr/apache-tomcat/webapps/ssf/WEB-INF/classes/config/ssf-ext.properties;echo
authenticate.ldap.matching.users.using.ldap.only=false >>
/opt/novell/filr/apache-tomcat/webapps/ssf/WEB-INF/classes/config/ssf-ext.properties;rcfilr
restart
Undo the local credential authentication feature:
sed -i
's/authenticate.ldap.matching.users.using.ldap.only=false/#authenticate.ldap.matching.users.using.ldap.only=false/g'
/opt/novell/filr/apache-tomcat/webapps/ssf/WEB-INF/classes/config/ssf-ext.properties;rcfilr
restart
To enable LDAP auth debugging:
/opt/novell/filr/apache-tomcat/conf/log4j.properties file.
#log4j.category.org.springframework.security=DEBUG
#log4j.category.org.springframework.security.util.FilterChainProxy=INFO
#log4j.category.org.springframework.ldap=DEBUG
#log4j.category.org.kablink.teaming.spring.security=DEBUG
#log4j.category.org.kablink.teaming.module.authentication=DEBUG
Shutdown and turn off Ganglia:
systemctl stop novell-gmond;systemctl disable novell-gmond;systemctl stop
novell-gmetad;systemctl disable novell-gmetad
To test to see if the Filr server can send mail via postfix:
mail -s "Test Subject Here" -r kwbradford@gmail.com
kyle.bradford@microfocus.com < /dev/null
This example sends the message to kyle.bradford@microfocus.com and from
kwbradford@gmail.com
Useful files:
/opt/novell/filr/apache-tomcat/webapps/ssf/WEB-INF/classes/config/ssf-ext.properties
/opt/novell/filr/apache-tomcat/webapps/ssf/WEB-INF/classes/config/ssf.properties
If inodes are taking up a lot:
rm -r /vastorage/filr/cachefilestore/kablink/*
Useful commands to find where are large number of files are being stored:
find /var -type f | wc -l
find /var -type f -exec dirname {} \; | sort | uniq -c | awk '$1 > 1000'
Gather listing of largest files in /vastorage and upload them to FTP Server:
du -aSh /vastorage | sort -rh | head -n 15 >
/tmp/CaseNumber_LargestFiles.txt;find /vastorage -printf '%s %p\n' | sort -nr |
head -15 | while read -r size file; do echo "$(numfmt --to=iec-i
--suffix=B --format='%.1f' "$size") $file"; done >>
/tmp/CaseNumber_LargestFiles.txt;curl -T /tmp/CaseNumber_LargestFiles.txt
ftp://ftp.novell.com/incoming/
Undocumented SSF-EXT properties parameters:
index.tree.defer.file.content.indexing=false
# If true, reindexing only indexes meta data for files and their content
indexing (if content
# indexing is enabled) is deferred to a separate background job so that meta
data indexing can
# complete faster. If false, both meta data and content (if content indexing is
enabled) are
# indexed in one pass during reindexing.
# Default is false.
index.tree.helper.threads.size=5
# Number of helper threads that can be used for each administrative reindexing
execution.
# This setting is relevant only when index.tree.helper.threads.allow is true.
# Default is 5.
JVM configuration (Large Deployment)
---> Filr Server: 66 to 70 percent (Max and Min the same)
---> Search Server: 50 percent (Max and Min the same)
Filr Node Core Dump Locations:
/var/lib/systemd/coredump/
/var/opt/novell/famt/dumps/
/var/opt/novell/tomcat-filr/dumps/
Index Server Core Dump Location:
/var/opt/novell/search/indexserver/dumps/
CMD command to upload a file:
Example:
curl --user rredgrave:novell -s -S -X POST -H "Content-type:
application/pdf" --data-binary @c:\temp\1.pdf https://filrshare.mydemo.biz/rest/folders/111/library_files?file_name=1.pdf
Syntax:
curl --user [user]:[password] -s -S -X POST -H "Content-type:
application/[file ]" --data-binary @[local windows path]
https://[FilrServerName]/rest/folders/[binder]/library_files?file_name=1.pdf
Documentation for Rights Required for Net Folder Proxy Users
https://www.microfocus.com/documentation/filr/filr-4/filr-overvw/net_folder_proxy_users.html
CMD command to share a file:
Example:
curl --user rredgrave:novell -i -X POST
"https://filrshare.mydemo.biz/rest/folder_entries/1280/shares" -H
"Content-Type: application/json" -d
"{\"access\":{\"role\":\"VIEWER\"},\"recipient\":{\"type\":\"external_user\",\"email\":\"aking@acme.com\"}}"
Syntax:
curl --user [user]:[password] -i -X POST
"https://[FilrServerName]/rest/folder_entries/[FileName]/shares" -H
"Content-Type: application/json" -d
"{\"access\":{\"role\":\"VIEWER\"},\"recipient\":{\"type\":\"external_user\",\"email\":\"[emailAddress]\"}}"
The steps to increase the core size limit:
1. rcnovell-famtd stop
2. Applying the configuration (file is /etc/systemd/coredump.conf )
Uncomment the below two lines
ProcessSizeMax=10G ( change from 2G to 10G )
ExternalSizeMax=20G ( change from 2G to 20G )
3. rcnovell-famtd start
Script to auto restart FAMTD or Filr is unresponsive:
#!/bin/bash
PATH=/sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/bin
FAMTDSTATUS=`rcnovell-famtd status | grep unused | sed -e 's/Checking for
service FAMT ..//'`
if [ "unused" == "${FAMTDSTATUS}" ]
then sh /tmp/FilrInfo-2.5.sh
rcnovell-famtd restart
echo "==== $(date
+"%m-%d-%y-%T") ====" >>
/tmp/FAMTD_Filr_Results-SRNumber.txt
echo "FAMTD restarted" >>
/tmp/FAMTD_Filr_Results-SRNumber.txt
curl -T
/tmp/FAMTD_Filr_Results-SRNumber.txt ftp://ftp.novell.com/incoming/
#Send
email notification of the restart
#Syntax:
#mail
-s "FAMTD was restarted" <emailaddress> < /dev/null
#Example:
#mail
-s "FAMTD was restarted" johndoe@xyzcorp.com < /dev/null
elif `rcfilr status | grep -q "failed"`
#The above check is for
the word “failed”. That might not be the correct word to search for in your
situation.
#Do an 'rcfilr status'
command at the time of the problem to determine which key word to grep for.
then sh /tmp/FilrInfo-2.5.sh
rcfilr restart
echo "==== $(date
+"%m-%d-%y-%T") ====" >>
/tmp/FAMTD_Filr_Results-SRNumber.txt
echo "Filr restarted" >>
/tmp/FAMTD_Filr_Results-SRNumber.txt
curl -T
/tmp/FAMTD_Filr_Results-SRNumber.txt ftp://ftp.novell.com/incoming/
#Send
email notification of the restart
#Syntax:
#mail
-s "Filr was restarted" <emailaddress> < /dev/null
#Example:
#mail
-s "Filr was restarted" johndoe@xyzcorp.com < /dev/null
fi
#Rename the FAMTD_Filr_Results-SRNumber.txt to
FAMTD_Filr_Results-SR101721565101 (or whatever number) in case multiple
customers are running the same script.
=== above line is the end of the script =======
Alternate Script (which has not been well
tested)
#!/bin/bash
PATH=/sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/bin
FAMTDSTATUS=`rcnovell-famtd status | grep "(exited)" | sed -e
's/Checking for service FAMT ..//'`
if [[ $FAMTDSTATUS =~ "(exited)" ]]; then
rcnovell-famtd restart
echo "==== $(date +"%m-%d-%y-%T") ====" >>
/tmp/FAMTD_Results-CaseNumber.txt
echo "FAMTD restarted" >> /tmp/FAMTD_Results-CaseNumber.txt
curl -T /tmp/FAMTD_Results-CaseNumber.txt ftp://ftp.novell.com/incoming/
fi
#Change the CaseNumber to the actual number of the case. Be sure tha change
that in both places
======== End of Script =============
Name the script FAMTDandFILRcheck-1.0.sh. Save it in the /tmp directory.
Configure crontab to execute that script every minute by using these commands:
echo “*/1 * * * * root sh /tmp/FAMTDandFILRcheck-1.0.sh” >>
/etc/crontab;rccron restart
If you copy/paste the above script into a text file, you should convert the
file from DOS format to UNIX format with this command:
dos2unix /tmp/FAMTDandFILRcheck-1.0.sh
Tomcat
rcfilr stop/start
/var/opt/novell/tomcat-filr/logs/catalina.out
/var/opt/novell/tomcat-filr/logs/appserver.log
/opt/novell/filr/apache-tomcat/conf/log4j.properties
-------- to enable debug level
MySQL
mysql filr -ufilr -pnovell
How many files?
select count(*) from SS_FolderEntries;
How many folders?
select count(*) from SS_Forums;
How many users?
select count(*) from SS_Principals
where type = 'user' and bin(disabled)!=1;
List users and details
select * from SS_Principals where type = 'user' and bin(disabled)!=1 and
bin(deleted)!=1\G
List all details on a user without exact name:
select * from SS_Principals where name like '%joh%'\G
Command to write an SQL query to a file:
psql -U filr -d filr -c "select count(*) from SS_FolderEntries;" >
/tmp/ss_FolderEntriesOutput.txt
Command to reveal the PostgreSQL Database
password:
echo $(java -cp
filr-server-appliance-service-*.jar:/opt/novell/datamodel-service/lib/*
com.novell.admin.filr.datamodel.utils.DecodeStr $(grep -i '^password='
/filrinstall/db/postgresql-liquibase.properties | sed 's/password=//'g))
How big is the current index?
du -sh /vastorage/search/kablink
PostgreSQL Info
psql filr postgres
\q
PostgreSQL query examples:
SELECT name, disabled, samaccountname, deleted FROM SS_Principals WHERE name
LIKE '%joe05%';
From the Search server:
/var/opt/novell/search/indexserver/logs/indexserver.log
/var/opt/novell/search/indexserver/logs/indexserver.stderrout.out
TCPDUMP Examples:
In a SaMBa / CIFS environment:
tcpdump -s 0 -i any -C 128 -W 20 -w /tmp/tracefile \(\(host AA.BB.CC.DD or
host EE.FF.GG.HH or host 127.0.0.1\) and \(port 137 or port 138 or port 139 or
port 445 or port 53 or port 4330\)\) or arp or icmp
In an OES / NCP environment
tcpdump -s 0 -i any -C 128 -W 20 -w /tmp/tracefile \(\(host AA.BB.CC.DD or
host EE.FF.GG.HH or host 127.0.0.1\) and \(port 524 or port 6901 or port 389 or
port 636 or port 53 or port 4330\) or arp or icmp
In an OES NSS for AD environment:
tcpdump -s 0 -i any -C 128 -W 20 -w /tmp/tracefile \(\(host AA.BB.CC.DD or
host EE.FF.GG.HH or host 127.0.0.1\) and \(port 137 or port 138 or port 139 or
port 524 or port 445 or port 53 or port 4330\)\) or arp or icmp
If rights aren't making sense (too many or too
few), compare the following files:
/etc/opt/novell/filr/.trustee_database_kwbradford8.lab.novell.com_DATA.xml
/media/nss/DATA/._NETWARE/.trustee_database.xml
Content Editor
troubleshooting:
|
Logs |
/var/opt/novell/contenteditor/logs/loolwsd.log |
|
Content Editor Service commands |
systemctl restart/start/status/stop ContentEditor |
|
Check if the ports are accessible from outside |
telnet
<ce-appliance-host> 443 |
|
Worst case scenario |
sh
opt/novell/base_config/dockerRestart.sh |
|
Enabling CE additional logging |
To
turn on debugging on the CE server: To
turn off: To
capture Content Editor debug from the Filr side: To
Turn off: This
Filr debug information is written to: |
|
Test Full Connection from Filr to CE |
Within
a Filr terminal session: |
Content Editor Repositories:
ContentEditor-Appliance-1-OS
https://nu.novell.com/repo/$RCE/ContentEditor-Appliance-1-OS/sle-15-x86_64?credentials=NCCcredentials
ContentEditor-Appliance-1-Product
https://nu.novell.com/repo/$RCE/ContentEditor-Appliance-1-Product/sle-15-x86_64?credentials=NCCcredentials
Filr 4.0 Search Server Debugging:
Uncomment these lines within
/opt/novell/filr/apache-tomcat/conf/log4j.properties
→ log4j.category.org.kablink.teaming.lucene.LuceneProvider=TRACE
→ log4j.category.org.kablink.teaming.search=DEBUG
Log file location:
→ Small deployment
→ --- /opt/novell/filr/apache-tomcat/logs/appserver.log
→ Large deployment
→ --- /opt/novell/search/indexserver/logs/indexserver.log
Enable debug for KeyView Filr tomcat process:
Uncomment following lines in
/opt/novell/filr/apache-tomcat/log4j.properties
→
log4j.category.com.novell.teaming.docconverter.impl.HtmlKeyViewConverter=DEBUG
→
log4j.category.com.novell.teaming.docconverter.impl.TextKeyViewConverter=DEBUG
→ log4j.category.com.kablink.teaming.docconverter.Converter=DEBUG
→ log4j.category.com.novell.teaming.keyview=DEBUG
Info gets written to:
/var/opt/novell/tomcat-filr/logs/appserver.log
Enable Filr Desktop Client Debugging
Quit the Filr client
---> Hold shift + Right click on tray icon
Go to the folder "%LocalAppData\Novell\Filr"
---> Delete filr.log, filr_dialog.log and events.log
Open logging.conf
---> change all lines from "level=INFO" to "level=DEBUG"
---> Save and close the file
Start the Filr client and try to login
ZIP filr.log, filr_dialog.log and events.log
Quit Filr and revert the changes to the logging.conf file
Enable debug logging in KeyView agent process:
within the
/opt/novell/filr/apache-tomcat/webapps/ssf/WEB-INF/classes/config/ssf-additional.properties,
change:
keyview.agent.traceto.stderr=false
to
keyview.agent.traceto.stderr=true
Info gets written to:
/var/opt/novell/tomcat-filr/logs/catalina.out
Enable MacOS Filr Client Debug:
Best to enable debugging while duplicating the issue.
Within the /Users/$USER/Library/Application Support/Novell/Filr/logging.conf file,
change the level=INFO to level=DEBUG under the "[logger_aca_excepts]"
and "[handler_defaultHandler]" sections.
Restart the client.
Duplicate the issue.
Send the log files in:
/Users/$USER/Library/Logs/Novell/Filr/
/Users/$USER/Library/Application Support/Novell/Filr/
Desktop client not sync'ing:
1. Stop the Filr client (right-click on the icon in the notification area,
while holding shift, then choose Exit).
2. Stop the "Novell Filr Caching Service" (Filr Service) using the
Windows Task Manager.
3. Create a backup of the "Filr Storage" (by default %LOCALAPPDATA%),
in case there are changes not yet uploaded .
4. Remove or rename the %LOCALAPPDATA%\Novell\Filr\[user]\FilrMetaData.db
5. Reboot the workstation.
The procedure on a Mac 10.11.6 to rebuild the
Merged View database is different:
- Logout of Filr
- stop the FilrFS (in a Terminal execute: launchctl unload
/Library/LaunchAgents/com.novell.filrfs.plist )
- Rename or delete the
/Users/$USER/Library/Application
Support/Novell/Filr/accounts/1/cache/<filruser>_<filr.dns.name>
folder
(replace the <filruser>_<filr.dns.name> with the correct values)
- start the filrFS (in a Terminal execute: launchctl load
/Library/LaunchAgents/com.novell.filrfs.plist
- login to Filr
After the reboot, the Filr Client may take longer to restart, as it is
rebuilding the synchronization database anew.
How to track deferred update progress (Filr
4.x):
Go to https://<SQL database address>:9443
Click the Database Configuration Tile
--> the blue tile with the picture of the Elephant head
Click PostgreSQL in the upper left
Log in with the 'postgres' user.
Click the filr database (upper left)
Navigate to Schema -> public -> Tables -> ss_indexingjournal (click
the ss_indexingjournal link)
The default query will show as:
-->SELECT * FROM public.ss_indexingjournal;
-->Change that to:
-->SELECT count(*) FROM public.ss_indexingjournal;
-->Click the "Submit Query" button
What does the count number show?
Wait one minute and query again.
What does the count number show after one minute?
That will show approximately how many records are being processed per minute.
Then, you can calculate how many minutes it will take to reach ZERO.
Steps to Configure GeoTrust Certificates:
1. Select
Digital Certificates
2) Change Key Store to Web Application Certificates via the drop down
3) File | New Certificate (Key Pair)
4) For Alias we used digicert
5) Common Name is the host name of the Filr Appliance (In your case
filr.fb247.com)
6) Other fields completed as applicable to your environment
7) Click OK once the fields have been completed
8) Highlight the digicert certificate
9) Click File | Certification Request | Generate CSR
10) Submit CSR data to GeoTrust
11) Download the certificate from GeoTrust (We selected Apache and HTTP which
provided us with the IntermediateCA.crt and the ssl_certificate.crt which is
what Filr requires)
12) Extract the downloaded file to a location of your choice
13) Back in the Filr Admin Console, highlight the digicert certificate
14) Click File | Certification Request | Import CA Reply
15) Browse to and select the ssl_certificate.crt file and click OK
16) Click File | Import | Trusted Certificate
17) Browse to and select the IntermediateCA.crt file and click OK
18) Highlight the digicert certificate
19) Select the option to Set as Active and click Yes
20) Highlight the digicert certificate
21) Select Update Certificate Chain and click Yes
22) Click Close and then select the option to Reboot the Filr appliance
Convert .CER to .PFX (specifically a .CER from DigiCert)
Submit the CSR to the CA
--->Download the x.509 .Cer file from the CA.
Launch MMC from a windows machine
--->Click File -> Add/remove snapin
--->Add the Certificates snapin
--->Highlight Certificates in the left pane
------>right-click the "Personal" folder in the right pane, choose
All Tasks -> Import
------>Select the CER file
------>Right-click the above imported certificate, choose All Tasks ->
Export
------>choose the "Yes, export the private key" radio button
------>Choose the "Personal Information Exchange - PKCS #12 (.PFX)”
radio button
------>Choose the "Include all certificates in the certificate path if
possible" check box.
------>Choose the "Export all extended properties" check box
------>Provide a password
Go to the :9443 interface
--->Choose Digital Certificates -> Web Application Certificates
------>Import -> Key Pair
------>Select the .PFX file
------>Give an Alias Name
------>Provide the password
------>Click OK
------>Highlight the newly imported certificate
------>Click "Set As Active"
Reboot the Appliance
Convert .CER to .PFX if you have a the private
key and cacert
openssl pkcs12 -export
-in certificatename.cer -inkey privateKey.key -out certificatename.pfx
-certfile cacert.cer
Same Convert command as listed above, but from
DigiCert's site:
openssl pkcs12 -export -in /opt/certs/www_bnetinc_com.crt -inkey
/opt/certs/www_bnetinc_com.key -certfile /opt/certs/DigiCertCA.crt -out
/opt/certs/www_bnetinc_com.pfx