Frequently Asked Questions

Symtom

Stacktrace in ontigms.0.0.log containing something like "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

Fix

Import Root and intermediate certificates into the Java keystore used for on OnTime for Microsoft solution. The below example is based on OnTime for Microsoft v. 1.1.0.6 but the solution is the same for other releases although the paths below will have to be modified slightly depending on the version deployed.

1. Backup C:\Program Files\IntraVision\OnTimeMS-1.1.0.6\otd-jdk1.8.0_25\jre\lib\security\cacerts
2. Export the root and any intermediate certificates by using copy to file for each using PEM/CER (Base64 encoded) format. This may be done using a web browser. Here we are using *.cer.
3. Copy the *.cer files to C:\Program Files\IntraVision\OnTimeMS-1.1.0.6\otd-jdk1.8.0_25\jre\lib\security\
4. Using password "changeit" (unless manually changed) install the root certificate
   ..\..\..\bin\keytool -import -trustcacerts -alias root -file root.cer -keystore cacerts
   Using password "changeit" (unless manually changed) install the intermediate certificates
   ..\..\..\bin\keytool -import -trustcacerts -alias intermediateXX -file intermediateXX.cer -keystore cacerts

Restart OnTime for Microsoft.

Symptom

When accessing OnTime for Microsoft with domain(SSO) login enabled the server reports "HttpStatus Code 400 Bad Request – RequestUrl/Field to Long" during the domain logon redirect on the OnTime Server the C:\Windows\System32\LogFiles\HTTPERR\httperr1.log shows
2015-12-10 12:51:43 10.41.32.152 62489 10.41.40.35 80 HTTP/1.1 GET /ontime/auth.html?redirect=http://ch-s-0008355:8080/ontimegcms/ 400 - RequestLength -

Fix

1. Using regedit add the following values HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters Key,
   DWORD(Decimal value)
MaxFieldLength 65534
MaxRequestBytes 65534
MaxTokenSize 65535


2. Stop the OnTimeMSAuth NT Service
3. Restart the HTTP service From an elevated command prompt
   >net stop http
   >net start http
4. Start the OnTimeMSAuth NT Service.

The license for OnTime requires the USERDOMAIN name of the Windows server on which the OnTime server runs. This is true for both trial and production environments.

You can find the USERDOMAIN by executing a 'Set' command from a Command prompt. The machine you run the set command on, must be part of the same domain as your future OnTime server. Please make sure that you do not select the USERDNSDOMAIN)".

Please see the example below.

For information on how to install the OnTime Outlook add-in, please refer to the OnTime Installation & Configuration manual available for download here

Central roll-out:

Usually OnTime^® Mobile is delivered to the whole organisation from a central place, this would usually be through Mobile Device Management Solutions, and therefore it shouldn’t be up to the user to do this manually. 

Manual Instalation:

In order to make an OnTime Mobile Web App in iOS, you have to open your mobile client in safari, using the link you would usually use to open the Desktop Client online, but replacing the word desktop with mobile. You can then click on the square icon with an arrow pointing upwards in the middle of the bottom panel. In the lower part of the box that opens, you can then choose “Add to Home Screen”. You can name the Web App e.g. OnTime Mobile, and click add. You will now have easy access to your OnTime Mobile Client from you home screen.