10 Years Later: The Hell and Glory of Installing FileNet Daeja Viewer
Back in 2015 I had to pull off one of those invisible masterpieces that leave a mark in your career: building IBM FileNet P8 + Content Navigator + Daeja Viewer from scratch, on top of Windows Server, WebSphere, DB2, and Active Directory.
It wasn’t plug-and-play. I went through 100+ virtual machines, breaking and rebuilding, until LDAP, JAAS, CE, ICN, and DB2 finally came together. While some colleagues said “this is too difficult,” I was neck deep in LDAPS, certificates, Kerberos SPNs, WebSphere JVM tuning, and those endless logs that only make sense at 3 a.m. After many sleepless nights, the system finally went live in Sydney, Darling Harbour.
The Number One Enemy: Daeja ViewOne
This viewer was both hated and necessary. Without it, PDFs and TIFFs would not render at all. Typical WebSphere log error looked like this:
.png)
[5/18/15 11:01:32:341 BDT] 000000cd LocalTranCoor E
WLTC0017E: Resources rolled back due to setRollbackOnly()
FNRAC1008E: Unable to get data from server
[FNRPE0911843060E] Error executing the CA RPC call configEventExportStoreProperties
Root cause: java.lang.NullPointerException
Translation: the viewer was trying to fetch Content Engine configuration and died with a NullPointerException.
If you didn’t know how to read between the lines, you could be stuck for days.
The Classic jiServerException Bug
Sometimes, when opening a TIFF in ICN, you’d hit this random error:
ji.net.jiServerException: Server did not respond with OK
Error: IO error: null
Open the same document a second time — and suddenly it worked. Root cause? HttpOnly cookies in WebSphere. IBM documented this years later, but back then it was all about trial and error.
Fix (WebSphere 8+):
- Go to Servers > Server Types > WebSphere Application Servers > Session Management.
- Uncheck Set session cookies to HTTPOnly.
- Go to Global Security > Web and SIP Security > Single Sign-On (SSO).
- Uncheck Set security cookies to HTTPOnly.
- Restart the node.
And finally, Daeja would behave.
LDAP / Active Directory: The Real Challenge
Authentication was a nightmare if you didn’t master LDAP + Kerberos. These snippets saved my life back then:
SPN for the service account:
setspn -S HTTP/filenet-appsrv DOMAIN\svc-fn-was
setspn -S HTTP/filenet-appsrv.domain.local DOMAIN\svc-fn-was
Optimized LDAP filters:
(&(objectClass=user)
(!(userAccountControl:1.2.840.113556.1.4.803:=2))
(|(memberOf=CN=FN_Users,OU=Groups,DC=domain,DC=local)
(memberOf=CN=ICN_Users,OU=Groups,DC=domain,DC=local)))
Testing LDAPS from PowerShell:
Test-NetConnection -ComputerName dc01.domain.local -Port 636
Lessons of a Mexican Engineer in Sydney 🇲🇽🌏
Looking back, I see that work as an invisible masterpiece. Nobody documented the fine-tuned configs I made, but that environment likely kept running 10 years later.
What I learned:
- FileNet was never for “manual installers” — it was for engineers who understood the guts of the system.
- Many of the fixes we discover at 3 a.m. never make it into IBM’s official manuals, yet they keep mission-critical systems alive.
- And yes: Mexicans can leave a mark anywhere — even in Darling Harbour.
#FileNet #IBMFileNet #ContentNavigator #DaejaViewer #WebSphere #DB2 #ECM #EnterpriseContentManagement #LDAP #ActiveDirectory #Kerberos #JavaEE #WAS #IBMCloudPak #SystemIntegration
Sydney will always remain more than just a project site for me. While others enjoyed Darling Harbour’s sunsets and the lights of the Opera House, I was deep in WebSphere logs, LDAP filters, and NullPointerExceptions. Yet, in between sleepless nights and 100+ virtual machines rebuilt from scratch, I felt the same energy of the city itself — resilient, alive, and relentless.
Ten years later, I look back and realize that my work was not only lines of code or system configs, but a piece of me left in that harbor, quietly running inside servers that still power critical processes. Sydney gave me sleepless nights, but also the memory that Mexican engineers can leave a mark anywhere in the world.
Español
Sídney siempre será mucho más que un simple lugar de proyecto para mí. Mientras otros disfrutaban de los atardeceres en Darling Harbour y las luces de la Ópera, yo estaba sumergido en logs de WebSphere, filtros LDAP y NullPointerExceptions. Sin embargo, entre desveladas y más de 100 máquinas virtuales reconstruidas desde cero, sentí la misma energía de la ciudad: resiliente, viva y persistente.
Diez años después, miro hacia atrás y me doy cuenta de que mi trabajo no fueron solo líneas de código o configuraciones de sistema, sino una parte de mí que quedó en ese puerto, corriendo en silencio dentro de servidores que aún sostienen procesos críticos. Sídney me dio noches sin dormir, pero también el recuerdo de que los ingenieros mexicanos podemos dejar huella en cualquier lugar del mundo.
