Installation troubleshooting

These suggested actions or fixes address issues that might occur during installation.

Table 1. Installation troubleshooting
Installation issue Suggested action or fix
You install SPE with Sterling B2B Integrator and Sterling File Gateway. You can launch SPE from the Sterling B2B Integrator dashboard, but you can perform no further actions.

This message is displayed: fg_sysadmin has not been granted access to Envelope Versions!

Issue: The fg_sysadmin account needs to be added to do administration functions in SPE.

Solution:
  1. Go to the Sterling B2B Integrator dashboard.

    This issue cannot be addressed in Sterling File Gateway

  2. Using the admin password, go to Accounts > User Accounts and select fg_sysadmin.
  3. Select Edit, and click Next until you see fg_sysadmin: Groups.
  4. Filter on SPE in order to see all SPE groups.
  5. Assign all SPE groups to the fg_sysadmin account.
  6. Click Save, then Finish.
Single sign on to SPE does not work from Sterling B2B Integrator over TLS 1.2 in NIST STRICT mode

Issue: You attempt to access SPE from the Sterling B2B Integrator Launch SPE Trading Partner UI button. You are taken to the SPE login screen instead of to the enveloping tasks page. When you attempt to log in (which is not required when accessing SPE through Sterling B2B Integrator, an error results.

This occurs when SPE is integrated with Sterling B2B Integrator over TLS 1.2 in NIST STRICT mode. Single sign on does not work.

Solution:
  1. Set the following values in the security.properties.in file in Sterling B2B Integrator:
    • Set NIST mode = transition
    • Set the TLS protocol range to a value from TLS 1 .0 to TLS 1.2.
    • (Optional) Enable FIPS mode
  2. In the SPE server.xml file, set the SSL protocol value:
    sslProtocol="TLSv1.2";
  3. In the SPE server.xml file, set the additional values needed to set up SSL.
    Example:
    <featureManager>
       <feature>ssl-1.0</feature>
     </featureManager>  
    <!--  keystore path is relative to <member_root>/usr/servers/<member>/resources/security -->
       <keyStore id="defaultKeyStore" location="C:\IBM\key.jks" password="password" />
       <!-- Sets TLS 1.0 as the SSL Protocol -->
       <ssl id="defaultSSLConfig" keyStoreRef="defaultKeyStore" sslProtocol="TLS" />
       <!-- Enables https port -->
       <httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="-1"  httpsPort="19443" /> 

For more information on configuring SSL and TLS1.2, see the Liberty documentation at https://developer.ibm.com/wasdev/docs/configuring-ssl-liberty/.