Do you have any questions about the OnTime® Group Calendar? See if you find the answer below. If you have a hard time finding what you are looking for, please contact us with your questions, we are ready to help.
By default the OnTime for Microsoft bootstrap, administator, password is saved in clear text. If you wish you may enable digest passwords so passwords are not stored in clear text. To enable this feature follow the below steps on your OnTime for Microsoft server:
This requires OnTime for Microsoft version 2.5.0 or newer.
SET JRE_HOME=C:\Program Files\IntraVision\OnTimeMS-2.6.0\jdk1.8.0_121-otd\jre
digest.bat -a sha-256 "" e.g. digest.bat -a sha-256 "MyFunkyPassword"
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase">
<CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="sha-256"/>
You should now be able to login using the chosen password without the password being stored as plaintext.
Stacktrace in ontigms.0.0.log containing something like "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
Import Root and intermediate certificates into the Java keystore used for on OnTime for Microsoft solution. The below example is based on OnTime for Microsoft v. 220.127.116.11 but the solution is the same for other releases although the paths below will have to be modified slightly depending on the version deployed.
..\..\..\bin\keytool -import -trustcacerts -alias root -file root.cer -keystore cacerts
..\..\..\bin\keytool -import -trustcacerts -alias intermediateXX -file intermediateXX.cer -keystore cacerts
Restart OnTime for Microsoft.
When accessing OnTime for Microsoft with domain(SSO) login enabled the server reports "HttpStatus Code 400 Bad Request – RequestUrl/Field to Long" during the domain logon redirect on the OnTime Server the C:\Windows\System32\LogFiles\HTTPERR\httperr1.log shows
2015-12-10 12:51:43 10.41.32.152 62489 10.41.40.35 80 HTTP/1.1 GET /ontime/auth.html?redirect=http://ch-s-0008355:8080/ontimegcms/ 400 - RequestLength -
The license for OnTime requires the USERDOMAIN name of the Windows server on which the OnTime server runs. This is true for both trial and production environments.
You can find the USERDOMAIN by executing a
'Set' command from a Command prompt. The machine you run the set command on, must be part of the same domain as your future OnTime server. Please make sure that you do not select the USERDNSDOMAIN)".
Please see the example below.
Usually OnTime® Mobile is delivered to the whole organisation from a central place, this would usually be through Mobile Device Management Solutions, and therefore it shouldn’t be up to the user to do this manually.
In order to make an OnTime Mobile Web App in iOS, you have to open your mobile client in safari, using the link you would usually use to open the Desktop Client online, but replacing the word desktop with mobile. You can then click on the square icon with an arrow pointing upwards in the middle of the bottom panel. In the lower part of the box that opens, you can then choose “Add to Home Screen”. You can name the Web App e.g. OnTime Mobile, and click add. You will now have easy access to your OnTime Mobile Client from you home screen.
By default the Apache Tomcat application server supplied with OnTime Group Calendar for Microsoft is delivered without TLS/SSL configured and/or enabled. Enabling it is however very easy but requires that you have a valid, signed, certificate and the corresponding private key. Describing how to obtain a private key and a valid, signed, certificate is outside the scope of this FAQ and there are lots of resources available on the web describing the process. Please note that you need both the private key and the certificate in PEM-format (https://en.wikipedia.org/wiki/Privacy-enhanced_Electronic_Mail).
To get the best performance the Apache Tomcat application delivered with OnTime Group Calendar uses the Apache Portable Runtime (APR). This is important as the process to securing a Tomcat server using APR is slightly different from a Tomcat server not using APR.
For the following we assume that the Apache Tomcat server is installed in C:\Program Files\IntraVision\OnTimeMS-18.104.22.168\otd-apache-8.0.14. Following this we'll refer to this location as "".
To configure your Apache Tomcat server for TLS/SSL do the following:
<Connector protocol="org.apache.coyote.http11.Http11AprProtocol" port="8443"
SSLCertificateFile="<path to certificate>"
SSLCertificateKeyFile="<path to private key>"
Restart the Apache Tomcat server. Now you should be able to access OnTime Group Calendar for Microsoft using TLS/SSL on port 8443.
More information about the -tag may be found at the Apache Tomcat website at https://tomcat.apache.org/tomcat-8.0-doc/config/http.html