Häufig gestellte Fragen

Antworten auf die am häufigsten gestellten Fragen zum OnTime® Gruppenkalender

Haben Sie Fragen zum OnTime® Gruppenkalender? Vielleicht finden Sie ja die Antwort bereits unten. Falls Sie nicht fündig werden, wenden Sie sich bitte mit Ihren Fragen an uns, wir helfen Ihnen gerne weiter.

Nicht gefunden, was Sie wissen wollten?

Falls sie nicht fündig geworden sind, können Sie mit untenstehendem Button die Doku aufrufen. Ansonsten sind wir gerne für Ihre Fragen da.

Doku
Supportanfrage

Administration

Enabling Digest Password on Tomcat

By default the OnTime for Microsoft bootstrap, administator, password is saved in clear text. If you wish you may enable digest passwords so passwords are not stored in clear text. To enable this feature follow the below steps on your OnTime for Microsoft server:

This requires OnTime for Microsoft version 2.5.0 or newer.

  1. Open a Command Prompt
  2. Navigate to the tomcat binary directory of the OnTime for Microsoft installation
    e.g. "C:\Program Files\IntraVision\OnTimeMS-2.6.0\apache-tomcat-8.5.8-otd\bin"
  3. Set the JRE_HOME variable by running the following commands using the Java Server runtime directory name:
    SET JRE_HOME=C:\Program Files\IntraVision\OnTimeMS-2.6.0\jdk1.8.0_121-otd\jre
  4. Execute the digest.bat file specifying the administrator password of your choosing on the command line like so:
    digest.bat -a sha-256 "" e.g. digest.bat -a sha-256 "MyFunkyPassword"
    The command returns the plaintext password and the digest password separated by a colon as shown below. Note the value returned and copy the returned value after the colon. MyFunkyPassword:0e722296bb198829bbc031abe5e011fd047a1c15200364ef5ea94cfd58b26901
  5. Navigate to the conf-directory
  6. cd ..\conf
  7. Edit the tomcat-users.xml file - notepad tomcat-users.xml
  8. Replace the value of the password attribute for the admin-user with the digest password you copied above. Save and close the file.
  9. Edit the server.xml file - notepad server.xml
  10. Locate the Realm-tag referencing "UserDatabase" and change it
    from:
    <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
    resourceName="UserDatabase"/>
    to:
    
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase">
    <CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="sha-256"/>
    </Realm>
  • Save and close the file.
  • Restart the Apache Tomcat service.

You should now be able to login using the chosen password without the password being stored as plaintext.

Unable to connect to Load Balancer/Exchange Server using self-signed certificate

Symtom

Stacktrace in ontigms.0.0.log containing something like "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

Fix

Import Root and intermediate certificates into the Java keystore used for on OnTime for Microsoft solution. The below example is based on OnTime for Microsoft v. 1.1.0.6 but the solution is the same for other releases although the paths below will have to be modified slightly depending on the version deployed.

  1. Backup C:\Program Files\IntraVision\OnTimeMS-1.1.0.6\otd-jdk1.8.0_25\jre\lib\security\cacerts
  2. Export the root and any intermediate certificates by using copy to file for each using PEM/CER (Base64 encoded) format. This may be done using a web browser. Here we are using *.cer.
  3. Copy the *.cer files to C:\Program Files\IntraVision\OnTimeMS-1.1.0.6\otd-jdk1.8.0_25\jre\lib\security\
  4. Using password "changeit" (unless manually changed) install the root certificate
    ..\..\..\bin\keytool -import -trustcacerts -alias root -file root.cer -keystore cacerts
    Using password "changeit" (unless manually changed) install the intermediate certificates
    ..\..\..\bin\keytool -import -trustcacerts -alias intermediateXX -file intermediateXX.cer -keystore cacerts

Restart OnTime for Microsoft.

Domain (SSO) login fails with 400 Bad Request RequestUri/Field To Long

Symptom

When accessing OnTime for Microsoft with domain(SSO) login enabled the server reports "HttpStatus Code 400 Bad Request – RequestUrl/Field to Long" during the domain logon redirect on the OnTime Server the C:\Windows\System32\LogFiles\HTTPERR\httperr1.log shows
2015-12-10 12:51:43 10.41.32.152 62489 10.41.40.35 80 HTTP/1.1 GET /ontime/auth.html?redirect=http://ch-s-0008355:8080/ontimegcms/ 400 - RequestLength -

Fix

  1. Using regedit add the following values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters Key,
    DWORD(Decimal value)
    MaxFieldLength 65534
    MaxRequestBytes 65534
    MaxTokenSize 65535

  2. Stop the OnTimeMSAuth NT Service
  3. Restart the HTTP service From an elevated command prompt
    >net stop http
    >net start http
  4. Start the OnTimeMSAuth NT Service.
How to determine the USERDOMAIN for a license key

The license for OnTime requires the USERDOMAIN name of the Windows server on which the OnTime server runs. This is true for both trial and production environments.

You can find the USERDOMAIN by executing a 'Set' command from a Command prompt. The machine you run the set command on, must be part of the same domain as your future OnTime server. Please make sure that you do not select the USERDNSDOMAIN)".

Please see the example below.

Screenshot 2020 01 10 at 14.45.47

Outlook Add-in

Wie wird das OnTime - Outlook Add-in istalliert?

For information on how to install the OnTime Outlook add-in, please refer to the OnTime Installation & Configuration manual available for download here

Web Interface

Mobiles Interface

Wie kann ich eine OnTime Web App erstellen?

Zentrales Roll-out:

Normalerweise wird OnTime Mobil® für die gesamte Organisation zentral über Mobile Device Management Solutions ausgerollt, so dass es nicht erforderlich ist, dass die Anwender das manuell machen.

Manual Instalation:

In order to make an OnTime Mobile Web App in iOS, you have to open your mobile client in safari, using the link you would usually use to open the Desktop Client online, but replacing the word desktop with mobile. You can then click on the square icon with an arrow pointing upwards in the middle of the bottom panel. In the lower part of the box that opens, you can then choose “Add to Home Screen”. You can name the Web App e.g. OnTime Mobile, and click add. You will now have easy access to your OnTime Mobile Client from you home screen.

Microsoft Teams UIs

Sicherheit

TLS/SSL auf Tomcat aktivieren

By default the Apache Tomcat application server supplied with OnTime Group Calendar for Microsoft is delivered without TLS/SSL configured and/or enabled. Enabling it is however very easy but requires that you have a valid, signed, certificate and the corresponding private key. Describing how to obtain a private key and a valid, signed, certificate is outside the scope of this FAQ and there are lots of resources available on the web describing the process. Please note that you need both the private key and the certificate in PEM-format (https://en.wikipedia.org/wiki/Privacy-enhanced_Electronic_Mail).

To get the best performance the Apache Tomcat application delivered with OnTime Group Calendar uses the Apache Portable Runtime (APR). This is important as the process to securing a Tomcat server using APR is slightly different from a Tomcat server not using APR.

For the following we assume that the Apache Tomcat server is installed in C:\Program Files\IntraVision\OnTimeMS-1.2.0.4\otd-apache-8.0.14. Following this we'll refer to this location as "".

To configure your Apache Tomcat server for TLS/SSL do the following:

  1. Copy the private key in PEM-format to \conf
  2. Copy the signed certificate in PEM-format to \conf
  3. Edit the server.xml from \conf and scroll down to about line 70. Here you'll see a -tag describing the HTTP transport for the server. Beneath this -tag paste the below snippet:
    <Connector protocol="org.apache.coyote.http11.Http11AprProtocol" port="8443"
    maxThreads="200"
    scheme="https"
    secure="true
    SSLEnabled="true"
    SSLCertificateFile="<path to certificate>"
    SSLCertificateKeyFile="<path to private key>"
    SSLVerifyClient="no"
    SSLProtocol="TLSv1+TLSv1.1+TLSv1.2" />

    Replace with the actual path to your certificate in PEM-format. If the file is called server.crt that path would be "C:\Program Files\IntraVision\OnTimeMS-1.2.0.4\otd-apache-8.0.14\conf\server.crt"

    Replace with the actual path to your private key in PEM format. If the file is called server.key that path would be "C:\Program Files\IntraVision\OnTimeMS-1.2.0.4\otd-apache-8.0.14\server.key".
  4. Save and close the file.

Restart the Apache Tomcat server. Now you should be able to access OnTime Group Calendar for Microsoft using TLS/SSL on port 8443.

More information about the -tag may be found at the Apache Tomcat website at https://tomcat.apache.org/tomcat-8.0-doc/config/http.html

Weitere Hilfen

Anwendertutorials

Zu den Videos

Erfahren Sie mehr über die Interfaces und ihre Funktionen in den Video-Tutorials.

Administrations-Handbücher

Download

In den Handbüchern erfahren Sie mehr über die Installation und Konfiguration.

Supportanfrage

Supportanfrage stellen

Immer noch Fragen offen? Wenden Sie sich an unsere Experten.

Copyright © 2020 OnTime.
All rights reserved.

Produkte

Unternehmen

Kontakt

Kontakt: Venlighedsvej 6 | 2970 Hørsholm, Denmark | CVR: DK 1935 2838 | Telefon: +45 70 23 23 40

Öffnungszeiten (MEZ):  Mo - Di 09:00 bis 16:30 | Fr 09:00 bis 16:00 | Sa - So < geschlossen >