8.1 General tasks

    8.1.1 Configure Allowed Referers

    When you run Configuration Manager, the default host, IPv4 address, IPv6 address, loopback address, and localhost address are added to the Allowed Referer list. These addresses are added only for the machine where LCM is executed. For a LiveCycle cluster, manually add all the other cluster nodes to the list:

    1. In Administration Console, click Settings > User Management > Configuration > Configure Allowed Referer URL’s. The Allowed Referer list appears at the bottom of the page.

    2. To add an allowed referer:

      1. Type a host name or IP address in the Allowed Referers box. To add more than one allowed referer at a time, type each host name or IP address on a new line. Provide hostName and IP address of all the cluster nodes/load balancer.

      2. In the HTTP Port and HTTPS Ports boxes, specify which ports to allow for HTTP, HTTPS, or both. If you leave those boxes empty, the default ports (port 80 for HTTP and port 443 for HTTPS) are used. If you enter 0 (zero) in the boxes, all ports on that server are enabled. You can also enter a specific port number to enable only that port.

      3. Click Add.

    3. Click Save.

      If the Allowed Referer List is empty, the CSRF feature stops working and the system becomes insecure.

    4. After changing the Allowed Referer list, restart the LiveCycle cluster.

    8.1.2 Configure CRX Repository Clustering

    Note: The Configure CRX Repository Clustering section described in this article is updated for LiveCycle ES4 Service Pack 1. If you are on the LiveCycle ES4 base release, follow the steps described in Key Distinctions in LiveCycle ES4 from LiveCycle ES4 Service Pack 1.
    Perform the following steps to configure CRX repository clustering:

    1. Go to http://[Host]:[Port]/lc/libs/granite/cluster/content/admin.html. Login as an administrator.

    2. Change the master URL to http://[Master_host]:[port]/lc. Provide hostname and port of the node that should act as a master.

    3. Change the username/password to admin/admin and click Join. It may take some time to complete the configuration. Do not press refresh or back. On completion of configuration, a success message appears.

    4. To connect more slave nodes , repeat steps 1-4 on each slave node. for each slave, provide the master URL mentioned in the step 4.

    Note: Do not perform above steps on the master node.

    On starting a cluster, ensure that the master node is started before all the slave nodes. On stopping the cluster, stop all slaves before stopping the master node. In some specific scenarios, Master node and Slave nodes can switch roles; ensure your master before stopping the cluster.

    The particular start /stop cluster order is enforced for CRX clustering but since it is embedded in LiveCycle, ensure that you follow above procedure while starting and stopping LiveCycle cluster.

    A slave node waits for the specified number of seconds for the master node to be up and running. If the master node is not up in specified seconds, the slave node stops its repository. To join the slave node in the cluster, restart the slave node. The default wait time for a node is 60 seconds. Use the following JVM argument to configure the number of seconds for the slave nodes:

    -Dcom.day.crx.core.cluster.WaitForMasterRetries=<value>

    If you start all the nodes of the cluster at once, the start order dependency fails and slave nodes of a cluster fail to start. To avoid such issues, ensure that the wait time for a node is 300 seconds or more.

    Note: Restart the slave instance to avoid stale sessions.
    Important: All author instances in the cluster should be time synchronized. You can use an NTP (Network Time Protocol) server to ensure time synchronization.

    8.1.2.1 Configure web container

    Some additional configuration is necessary for using the web server with the WebSphere application server. The following properties need to be set to true for the Web container:
    com.ibm.ws.webcontainer.extractHostHeaderPort 
trusthostheaderport
    Set these properties as follows:

    1. In the LiveCycle Administration Console, click Servers > Server Types > WebSphere application servers > [server_name] > Web Container Settings > Web container.

    2. Under Additional Properties, click Custom Properties.

    3. On the Custom Properties page, click New.

    4. On the settings page, enter the name of the custom property that you want to configure in the Name field and the value that you want to set it to in the Value field.

    5. Click Apply or OK.

    6. Click Save on the console task bar to save your configuration changes.

    7. Repeat steps 1-6 for each server in the cluster.

    8. Restart the cluster.

    Note: Ensure that the default_host aliases list has the same port numbers as the Web server running atop the WebSphere cluster.

    8.1.3 Perform a system image backup

    After LiveCycle is installed and deployed into production areas and before the system is live, it is recommended that you perform a system image backup of the servers on which LiveCycle is implemented. Also take backup of CRX repository.

    The LiveCycle database, GDS directory, and application servers must be part of this backup. This is a complete system backup that you can use to restore the contents of your computer if your hard drive or entire computer stops working. See the LiveCycle Backup and Recovery topic in Administration Help .

    8.1.4 Restart the application server

    When you first deploy LiveCycle, the server is in a deployment mode in which most modules are in memory. As a result, the memory consumption is high and the server is not in a typical production state. You must restart the application server to get the server back into a clean state.

    Note: You may skip to restart the LiveCycle server, if you have restarted the server after configuring CRX clustering or after updating Allowed Referer list

    8.1.5 Verify the deployment

    You can verify the deployment by logging in to Administration Console. If you log in successfully, then LiveCycle is running on the application server and the default user is created in the database. To verify the CRX repository deployment, access the CRX welcome page.

    You can review the application server log files to ensure that components were deployed correctly or to determine the cause of any deployment issues you may encounter.

    8.1.5.1 Accessing LiveCycle Administration Console

    Administration Console is the web-based portal for accessing a variety of configuration pages where you can set run-time properties that control the way LiveCycle operates. When you log in to Administration Console, you can access User Management, Watched Folder, and Email client configuration, and administrative configuration options for other services. Administration Console also provides access to Applications and Services, which administrators use for managing archives and deploying services to a production environment.

    The default user name and password for logging in is administrator and password. After you log in the first time, access User Management and change the password.

    Before you access Administration Console, LiveCycle must be deployed and running on your application server.

    For information about using Administration Console, see Administration Help.

    1. Type the following URL in a web browser:

      http://[hostname]:[port]/adminui

      For example: http://localhost:9080/adminui

    2. If you have upgraded to LiveCycle, enter the same administrator user name and password as that of your previous LiveCycle installation. In case of a fresh installation, enter the default user name and password.

    3. After you log in, click Services to access the service administration pages or click Settings to access the pages on which you can administer settings for different modules.

    8.1.5.2 Change the default password of LiveCycle Administrator

    LiveCycle creates one or more default users during the installation. The password for these users is in the product documentation and is publicly available. You must change this default password, depending on your security requirements.

    The LiveCycle administrator user password is set to “password” by default. You must change it in Administration Console > Settings > User Management.

    Also, it is recommended to change the default password for CRX Administrator.

    For detailed information, see Change the default administrator password.

    8.1.5.3 Accessing CQ Welcome Page

    CQ welcome page is the web-based portal for accessing various CQ components, administration, deployment and development tools. The default user name and password for logging in is administrator and password (same as LiveCycle Administrator).

    Access the welcome page using the following steps:

    1. Type the following URL in a web browser:

      http://[hostname]:[port]/lc/welcome

    2. Enter the same administrator user name and password as mentioned above.

    3. After you log in, you can access various components, administration, deployment and development UIs.

    8.1.5.4 Accessing OSGi Management Console

    In CQ, components are in form of OSGi bundles which are deployed to Apache Felix OSGi container. OSGi console provides a way to manage OSGi bundles and services configurations. The default user name and password for logging in is admin and admin (same as CRX Administrator).

    Access the OSGi Management console using the following steps:

    1. Type the following URL in a web browser:

      http://[hostname]:[port]/lc/system/console

    2. Enter the same administrator username and password as mentioned above.

    3. After you log in, you can access various components, services, bundles and other configurations.

    8.1.5.5 Change CQ Administrator default password

    CQ embedded within LiveCycle has two administrator users as mentioned below.

    • Super Administrator (administrator): The Super Administrator user can access various CQ/CRX UIs and perform admin operations. The default username and password are same as LiveCycle Administrator, administrator/password. This user doesn't have access to OSGi Management Console. The default password of this user can be changed using LiveCycle Administrator console only as mentioned in section Change default LiveCycle password. The changed password will be applicable for both LiveCycle and CQ.

    • Administrator (admin): This user can access to OSGi console in addition to CQ/CRX UIs and has administrator privileges. The default username and password for the user are admin/admin. To change the default password follow the below mentioned steps:

      1. Type the following URL in a web browser.

        http://[hostname]:[port]/lc/libs/granite/security/content/admin.html

      2. Login using following credential:

        Username: admin

        Password: admin.

      3. Search for user Administrator.

      4. Click on the user in left pane, the user details is displayed in the right pane.

      5. Click on Edit icon in the right pane.

      6. On the edit page in the right pane, provide new password in the New Password field and current password in Your Password field.

      7. Click Save icon in the right pane.

      8. Re-login using the changed password to verify.

    8.1.5.6 View the log files

    Events, such as run-time or startup errors, are recorded to the application server log files. If you have problems deploying to the application server, you can use the log files to help you find the problem. You can open the log files by using any text editor.

    The following log files are located in the [appserver root]/profiles/[profilename]/logs/[server name] directory:

    • SystemErr.log

    • SystemOut.log

    • startServer.log

    Following CRX log files are located at [CRX_home]/

    • error.log

    • audit.log

    • access.log

    • request.log

    • update.log

    Note: Each time LiveCycle starts, the following error appears in the log:
    FacesConfigur E org.apache.myfaces.config.FacesConfigurator configureRenderKits failed to configure class com.adobe.framework.jsf.renderkit.SecureInputRenderer java.lang.ClassCastException

    This error occurs due to a different version of the IBM JSF engine expected by WebSphere. This is a known issue and this error can be safely ignored.

    // Ethnio survey code removed