Backup
and Restore
Export captures the following information:
-
PSM, DS configurations
- MySql database
- Avahi's services
files
- iPrint Mobile Server Configuration
- eDir
To
view a comprehensive list of what is backed
up:
/etc/opt/novell/iprintmobile/conf/backupList
Manual
backup (export):
Syntax:
cd
/opt/novell/iprintmobile/bin;chmod 775 backup.sh;./backup.sh -f
/tmp/iprintconfig.zip -p <eDir admin password>
Example:
cd
/opt/novell/iprintmobile/bin;chmod 775 backup.sh;./backup.sh -f
/tmp/iprintconfig.zip -p novell123
---------- iprintconfig.zip
(this file will save to a location based on your browser to your
desktop)
AirPrint
open-in/share = iPrint App
Print Menu Functionality =
AirPrint
mDNS protocol on IP 224.0.0.251 port 5353
- Only
this IP and Port need to be forwarded
rcavahi stop/start
/etc/avahi/avahi-daemon.conf
/etc/avahi/hosts
/etc/avahi/services/* printers enable for AirPrint will show in
this directory.
Mobile
Server
Authentication with initial iPrint App setup and SSL
printing goes through the REST interface to validate the password on
the external, production directory.
/var/opt/novell/iprintmobile/iprintmobiledb.xml
-- email,
printers, printing options, driver, jobs, and renderer information
Spool
area:
/var/opt/novell/iprintmobile/jobs
----- Example Job
Name: 1.0.Test.txt
/etc/opt/novell/iprintmobile/conf/iprintmobile.conf
-
conversion_wait_time=60
--- Possible very large jobs require more
than 60 seconds.
- fallback_to_local_converter=false
-- If
concerned the WinRenderer may become unavailable and want OfficeLibre
as a fallback option, change this to true.
-
renderer_time_out=30000
-- If we don't get a response from
WinRenderer in this time frame, we will mark the WinRenderer as
unavailable and will not submit jobs to it. When the WinRenderer is
available again, it will notify the MobileServer and we will use it
again.
rcnovell-iprint-mobile
restart
-- A restart of the mobileserver will cause the changes to
take effect.
List
of file formats handled by the
server.
/etc/opt/novell/iprintmobile/conf/mime.types
To
view only commands of relevance:
grep -v '^#'
/etc/opt/novell/iprintmobile/conf/mime.types
/var/opt/novell/log/iprintmobile/iprintmobile0.log
-- INFO level logging will give you most information. This will
turn that on:
rcnovell-iprint-mobile stop;sed -i
's/=WARNING/=INFO/g'
/var/opt/novell/iprint-tomcat/webapps/iprint/WEB-INF/classes/logging.properties;sed
-i 's/=WARNING/=INFO/g'
/etc/opt/novell/iprintmobile/conf_local/config_logging.properties;rcnovell-iprint-mobile
start
In the /psmstatus job list interface:
locally
rendered jobs will show the .ps
remote rendered jobs will NOT
show the .ps
Submit jobs from the server:
iprntman job
<printername> --submit -mime "application/pdf" -u
cn=admin,o=iPrintAppliance -P novell /root/Test.pdf
Jobs
while being rendered are put in a 'Job Held' state on the print
manager (seen in /psmstatus job list)
iPrint
Management Client debug:
c:\Program
Files\Novell\iPrint\iPrintManage.log4net
From:
<level
value="WARN" />
To:
<level value="DEBUG"
/>
Also helpful
are:
/var/opt/novell/log/iprintmobile/iprint_mobile0.log
/var/log/apache2/error_log
/var/opt/novell/log/iprintauth/iprint-auth.log
iPrint
Rendering Service
Local
Security Policy -> Security Settings -> Local Policies ->
User Rights Assignments -> Log on as a service (add your user
here, administrator does not have this by default.
C:\NDPS\Renderer\conf\iPrintRenderer
You can remark a line (#) if you don't have PowerPoint, or other
app, installed.
iprntrendcmd -r x.x.x.x <WinRenKey>
--
To register the renderer to the Appliance.
-- Registers which apps
(MS Office and Adobe) are configured.
c:\ndps\conf\renderer
(can change log size, rotation patterns, set log
levels)
c:\ndps\db\rendererDB (registration information)
c:\ndps\jobs
c:\ndps\log
Certificate validation
Check appliance (apache) certificate date validity
- check
through browser or through command:
- openssl x509 -in
/etc/ssl/servercerts/servercrt.crt -text -noout
To
configure normal ipsmd logging:
sed
-i 's/server_log_level=warning/server_log_level=info/g'
/etc/opt/novell/iprint/conf/iprintconf.properties
Manually
Remove Inactive Renderer iPrint 1.x
rcnovell-iprint-mobile
stop
iprintmobile_config_renderer -l
iprintmobile_config_renderer -r <rendererID>
rcnovell-iprint-mobile start
Manually Remove
Inactive Renderer iPrint 2
mysql
-uroot -proot iprint;
select renderer_id from renderers;
See
what ID number shows under the column. For example, 1 is a likely
ID
Syntax:
delete from renderers where
renderer_id={renderer_id};
Example:
delete from renderers where
renderer_id="1";
Manually
remove Inactive Renderer iPrint 3.x:
Stop
the mobile server
rcnovell-iprint-mobile stop
su - tomcat -c
"/usr/sbin/orientdb-console"
----------- Yes, quotes
are needed
connect
plocal:/var/opt/novell/iprintmobile/databases/iprint admin admin
list classes
---------- Verify that Renderer is listed
delete
from Renderer
list classes
---------- Verify that Renderer is
not listed
quit
rcnovell-iprint-mobile start
View
printers within Orientdb:
rcnovell-iprint-mobile
stop
su - tomcat -c "/usr/sbin/orientdb-console"
connect
plocal:/var/opt/novell/iprintmobile/databases/iprint admin
admin
SELECT name FROM printer
To enable Walkup
printing using SQL commands:
SELECT
walkupEnabled FROM printer
update Printer set walkupEnabled=true
where name='<printerName>'
quit
rcnovell-iprint-mobile
start
Make a backup of the OrientDB database
cp
-r /var/opt/novell/orientdb/databases/iprint/
/var/opt/novell/orientdb/databases/iprint-orig/
Launch the
orientdb command line interface:
orientdb-console
Connect to
the database
connect remote:localhost/iprint root
Provide the
password: root
Do not share this password with the
customer.
Verify that one or more iPrint printers is enabled for
AirPrint:
select name, mDnsPublished from Printer where
mDnsPublished="true";
This command will list all of the
printers enabled for AirPrint.
Remove the AirPrint flag on all
iPrint printers:
update Printer set mDnsPublished="false"
where mDnsPublished="true";
update Printer set
ippPrinter=null where ippPrinter is not null;
Verify that no
printers show the AirPrint flag (same select command as
above):
select name, mDnsPublished from Printer where
mDnsPublished="true";
select name, mDnsPublised,
ippPrinter from Printer;
Remove more attributes
update
Printer set ippPrinter=null where ippPrinter is not null;
delete
from MdnsServiceRecord;
delete from ippPrinter;
Exit OrientDB
exit
Restart the iPrint Mobile service
rcnovell-iprint-mobile restart
Email Printing
Logging
We log the email job
processing details in the mobile server log
(/var/opt/novell/log/iprintmobile/iprintmobile0.log) but its done at
the INFO level while default level is WARNING.
We also
maintain a csv based log of all email jobs (some meta data) in
/var/opt/novell/iprintmobile/audit.csv.
To
cause AirPrint through SLES DNS to work, remember:
1. Add two
A Records:
kwbradford8 151.155.214.140
nts127 151.155.134.127
2. Allow-query
Basic Options:
allow-query {
137.65.229.0/24; }
Gather Data for Rendering problems:
a)
Turn on local rendering debug
Copy/paste the following command to
a terminal session (putty or otherwise):
rcnovell-iprint-mobile
stop;sed -i 's/=WARNING/=INFO/g'
/var/opt/novell/iprint-tomcat/webapps/iprint/WEB-INF/classes/logging.properties;sed
-i 's/=WARNING/=INFO/g'
/etc/opt/novell/iprintmobile/conf_local/config_logging.properties;rcnovell-iprint-mobile
start
b) Turn on Remote Renderer debug
Open
c:\ndps\renderer\conf\renderer.log4net
change
<level
value="WARN"/>
to
<level value="ALL"/>
Restart
the Windows rendering service
Open a cmd window,
type:
iprntrendcmd -q (means quit)
iprntrendcmd -l (means
load)
c) Verify the renderer status shows
active:
https://<IPorDNSofAppliance>:9443/iprintconfig/renderers
d)
Send the print job to duplicate the problem.
e) Zip up log
files
All log files within the Appliance
zip
/tmp/iprintmobilelogs.zip
/vastorage/iprint/var/opt/novell/log/iprintmobile/*
All log
files within the Renderer
c:\ndps\renderer\log
f.) Send
the log files and an iPrint Info output file.
note: the zip
command in step e places the zip file in the /tmp directory.
Jetty:
Management Console
rcnovell-jetty start | stop | restart |
status
/var/opt/novell/jetty/logs/jetty.stderrout.out
/etc/default/jetty
Turn on debugging by removing comment of
last line
/opt/novell/jetty8/webapps/root.war
/tmp/jetty-0.0.0.0-9090-root.war
.war = Web Appliance
Archive
Jetty runs as root
Look
at OrientDB:
https://kwbradford3.lab.novell.com/iprint/api/printers
- Get all printers
https://kwbradford3.lab.novell.com/iprint/config
- mobile and global
config
https://kwbradford3.lab.novell.com/iprint/config/renderer -
renderer
settings
https://kwbradford3.lab.novell.com/iprint/config/walkup -
walkup settings
https://kwbradford3.lab.novell.com/iprint/psminfo
- for iPrint for OES, psm
data
https://kwbradford3.lab.novell.com/iprint/api/drivers - list
of drivers
https://kwbradford3.lab.novell.com/iprint/renderers -
This API, you have set the User-Agent to be MC. I used the Chrome UA
Spoofer to create an entry called Management Console and set the
value to be MC.
Windows
Printer Transfer Utility
Mobile Server Log:
/var/opt/novell/log/iprintmobile/iprint_mobile0.log
PTU:
Installation
Location: C:\Program Files (x86)\Micro Focus\Print Transfer
Utility
Logs Location:
C:\NDPS\Users\Administrator\PrintTransferUtil.exe
Logging
settings: C:\Program Files (x86)\Micro Focus\Print Transfer
Utility\PrintTransferUtil.log4net
----- ALL, INFO, DEBUG,
ERROR
----- Default is INFO mode
PTU Reports:
C:\NDPS\PrintTransferUtil_Reports
Enable PDF Direct
printing (available only in Appliance):
Add
"direct_pdf_print=true" to
/etc/opt/novell/iprintmobile/conf/iprintmobile.conf
rcnovell-iprint-mobile
restart
Change request
timeout:
/etc/opt/novell/iprint/iprintconf.properties
curl-timeout=5
How
to set stick bit:
chmod 5750
/opt/novell/iprint/bin/iprintgw;chmod -t
/opt/novell/iprint/bin/iprintgw
mysql - LDAP Import
How
many users made it to the mysql database?
a. While logged into a
terminal session (putty or otherwise), type:
mysql -uroot -proot
use sitescape;
select count(*) from SS_Principals;
b.
What number shows in the lower box?
c. quit
What
are the user IDs in the mysql database?
select name from
SS_Principals where deleted = "0";
What
are the names and contexts of users in the mysql database?
select
foreignName from SS_Principals where deleted = "0";
Show
printer names, their URI, and print manager address:
mysql
-uroot -proot iprint;
SELECT
printer_name,uri,printer_manager_address FROM printers;
Number
of groups which have users associated:
select
count(distinct(groupId)) from SS_PrincipalMembership;
Number
of groups:
select count(distinct(id)) from SS_Principals
where deleted = "0" and type = "group";
Mark
users as deleted (note, this will not delete the users and Filr will
NOT recognize them as being deleted):
update SS_Principals set
deleted = "1" where internalId is null;
Count
users marked as being deleted:
select count(*) from
SS_Principals where deleted ="0";
Query
for users with no ldapGuid:
select id, name, lastName,
disabled, foreignName, ldapGuid from SS_Principals where deleted =
'0' and type = 'user' and ldapGuid='';
Return
ALL information on a user:
select * from SS_Principals where
name="name"\G
---- note: "name" =
UniqueID
--------- keep the quotes, simply replace 'name'.
Does
the user show as a member of a group within MySQL?
select
name, id, foreignName from SS_Principals where name = '<user>';
select name, id, foreignName from SS_Principals where name =
'<group>';
-------- What id number is returned for the
user?
select * from SS_PrincipalMembership where userid = '<id>';
Export
MySQL database:
mysqldump -uroot -proot sitescape >
ExportedDatabase.sql
How to import database into test
server:
mysql -uroot -proot
drop database sitescape;
create database sitescape;
use sitescape;
source
/tmp/ExportedDatabase.sql;
How to delete a user from
MySQL
Warning: These steps will work, but if the user is
re-imported, it will NEVER be able to authenticate. Instead, use
steps in TID 7018637.
mysql -uroot -proot
use sitescape;
select name from SS_Principals where deleted = "0";
---- This query shows all users
SET FOREIGN_KEY_CHECKS=0;
delete from SS_Principals where name="UserYouWantDeleted";
select name from SS_Principals where deleted = "0";
---- This query shows the user in quotes is gone.
SET
FOREIGN_KEY_CHECKS=1;
exit
---- Manually run the cron command
to see the user get removed from the Appliance copy of eDir.
Shows
all users with a creation date between two dates:
select
name,lastname,creation_Date,ldapGuid from SS_Principals where
creation_Date >= '2014-01-01 00:00:00' and creation_Date <=
'2016-09-12 23:59:59' order by creation_Date;
Delete
users between two dates:
delete
from SS_Principals where creation_Date >= '2014-01-01 00:00:00'
and creation_Date <= '2016-09-12 23:59:59' order by creation_Date;
Delete
All LDAP imported users from the MySQL and Appliance eDirectory:
Copy/Paste the
following string of commands into an iPrint Appliance terminal
session (putty or otherwise):
wget
-P /tmp ftp://ftp.novell.com/outgoing/configureLdap-04DEC2014.jsp;mv
/tmp/configureLdap-04DEC2014.jsp
/opt/novell/filr/apache-tomcat/webapps/ssf/WEB-INF/jsp/administration/configureLdap.jsp;chown
root.root
/opt/novell/filr/apache-tomcat/webapps/ssf/WEB-INF/jsp/administration/configureLdap.jsp;rcfilr
restart
Go to the LDAP import page within the iPrint
Appliance Management Console
--- Choose the "Delete This
Configuration" button near the top of the page.
--- Check
the "Run immediately" box.
--- Click the "Save
Changes" button.
Sync the changes to iPrint Appliance copy
of eDirectory by running the following command:
/usr/bin/python
/opt/novell/iprintmobile/python/migrate/migrateusers.pyc >>
/var/log/ipmigrate.log 2>&1
User import log
files:
/opt/novell/filr/apache-tomcat/logs/catalina.out
(mysql import)
/var/opt/novell/log/iprintmobile/ipmigrate.log
(LDAP Sync)
Troubleshoot
LDAP User Import Authentications, is Filr at fault?
Filr
test:
http://<address>:8081/rest
REST Interface:
https://<address>:9443/release-portal/login
https://<address>/auth
Replace <address> with the
DNS or IP of the iPrint Appliance.
To
test authentications from imported users (doesn't work with local
users):
python
/opt/novell/iprintmobile/python/auth/authenticator.pyc -u <uid>
-p <password>
Analyze
Database:
Within
YaST Firewall, allow MySQL Server
At a terminal Session,
type:
mysql -uroot -proot
GRANT ALL PRIVILEGES ON *.* TO
'uroot'@'%' IDENTIFIED BY 'proot' WITH GRANT OPTION;
Download
and install MySQL Workbench
https://www.mysql.com/products/workbench/
MySQL
- Walk-up Printing
Log
into database:
mysql -uroot -proot;
use iprint;
To
list all the tables:
show
tables;
Get list of Walkup Printers;
select
* from printers where walkup=1;
Printers
information are available in printers table:
select
* from printers;
select count(*) from printers;
To
get compatible printers list from a specific Walkup printer:
select
p.printer_name from printers p INNER JOIN walkup_compatible_printers
w on p.printer_id=w.compatible_printer_id where w.printer_id in
(select printer_id from printers where printer_name='Walkup
Printer');
To
view the various passwords:
base64
-di /etc/opt/novell/iprintmobile/conf/credstore.conf
To change the admin password (changing via iManager is not supported because that won't change the admin password in Filr).
mkdir
/opt/novell/iprintmobile/python/utils
wget -P
/opt/novell/iprintmobile/python/utils
ftp://ftp.novell.com/outgoing/pyUtils.pyc
wget -P /tmp
ftp://ftp.novell.com/outgoing/iprint_edir_change_passwd.sh
chmod +x /tmp/iprint_edir_change_passwd.sh
/tmp/iprint_edir_change_passwd.sh
Enter
the current eDirectory Admin password when prompted
Enter the
desired new eDirectory Admin password when prompted
---- This new
password entered will be the new password for the admin account in
both eDir and Filr
Again, enter the desired new Admin password
when prompted
Record
of known good ppd to printer combinations:
Xerox
WorkCenter 5335 => GenericPCL4-foomatic-laserjet.ppd
Troubleshooting
3rd party certs:
If
you using 3rd party chaining certificates, run this script:
wget
-P /tmp
ftp://ftp.novell.com/outgoing/iprint-renderer-cert-patch-2.sh;chmod
775
/tmp/iprint-renderer-cert-patch-2.sh;/tmp/iprint-renderer-cert-patch-2.sh
- Ensure the hostname registered in the 3rd party cert
matches the FIRST host name in the /etc/hosts file.
- Ensure the
Windows renderer hostname shares the same domain as the cert domain
name.
To
view the certificate:
cd
/vastorage/conf/certs
openssl x509 -text -noout -in vaserver.crt
| less
To
view the subject:
cd
/vastorage/conf/certs
openssl x509 -text -noout -in vaserver.crt
| grep -i cn=
To
view the subject of the certificate on the Windows renderer:
certutil
-dump c:\NDPS\Renderer\certificates\device.pfx
Updated
iPrint Renderer
ftp://ftp.novell.com/outgoing/bug-890859_iPrintRendererSetup.zip
Licensing
Questions:
License
questions direct to sales rep. If sales rep can't answer, the rep can
go to
https://teaming.innerweb.novell.com/vibe/workspace/uw_forms
or email:
underwriting@novell.com
LDAP
Import Filter Examples:
Import
all users, except disabled users. Valid only for
AD:
(&(!(objectClass=computer)(!userAccountControl:1.2.840.113556.1.4.803:=2))(|(objectClass=Person)(objectClass=orgPerson)(objectClass=inetOrgPerson)))
To
add only users within a group:
Add
this filter to the User BaseDN filter field (no need to import group
object)
Syntax:
(&(!(objectClass=computer))(|(objectClass=Person)(objectClass=orgPerson)(objectClass=inetOrgPerson))(memberOf=<AD
Group Name>))
Example:
(&(!(objectClass=computer))(|(objectClass=Person)(objectClass=orgPerson)(objectClass=inetOrgPerson))(memberOf=cn=iPrintGroup,ou=Users,dc=acctcom,dc=uccu))
Chromebook logging:
1.
Open following URL in chrome:
chrome://extensions/
2. All the
extensions installed on the chrome will be displayed. Right top
corner has an option to enable "Developer Mode". Enable
"Developer Mode".
3.Under iPrint extension there is a
link
"Inspect views: background page". Click on the
background page.
4. Clicking on "background page" will
open a new window (which is Chrome's developer tools window). Click
on the "Console" tab.
5. Console tab will show all the
logs.