Infor SunSystems 6.4 Installation Guide
Infor SunSystems 6.4 Installation Guide
Infor SunSystems 6.4 Installation Guide
Release 6.4.0
Copyright © 2022 Infor
Important Notices
The material contained in this publication (including any supplementary information) constitutes and
contains confidential and proprietary information of Infor.
By gaining access to the attached, you acknowledge and agree that the material (including any
modification, translation or adaptation of the material) and all copyright, trade secrets and all other
right, title and interest therein, are the sole property of Infor and that you shall not gain right, title or
interest in the material (including any modification, translation or adaptation of the material) by virtue
of your review thereof other than the non-exclusive right to use the material solely in connection with
and the furtherance of your license and use of software made available to your company from Infor
pursuant to a separate agreement, the terms of which separate agreement shall govern your use of
this material and all supplemental related materials ("Purpose").
In addition, by accessing the enclosed material, you acknowledge and agree that you are required to
maintain such material in strict confidence and that your use of such material is limited to the Purpose
described above. Although Infor has taken due care to ensure that the material included in this publication
is accurate and complete, Infor cannot warrant that the information contained in this publication is
complete, does not contain typographical or other errors, or will meet your specific requirements. As
such, Infor does not assume and hereby disclaims all liability, consequential or otherwise, for any loss
or damage to any person or entity which is caused by or relates to errors or omissions in this publication
(including any supplementary information), whether such errors or omissions result from negligence,
accident or any other cause.
Without limitation, U.S. export control laws and other applicable export and import laws govern your
use of this material and you will neither export or re-export, directly or indirectly, this material nor any
related materials or supplemental information in violation of such laws, or use such materials for any
purpose prohibited by such laws.
Trademark Acknowledgements
The word and design marks set forth herein are trademarks and/or registered trademarks of Infor and/or
related affiliates and subsidiaries. All rights reserved. All other company, product, trade or service
names referenced may be registered trademarks or trademarks of their respective owners.
Publication Information
Release: Infor SunSystems 6.4.0
Publication Date: January 7, 2022
Document code: ss_6.4.0_install__en-us
Contents
Contents
Installation checklist........................................................................................................................29
The SunSystems ISO......................................................................................................................30
Installing the database tier..............................................................................................................31
Installing the SunSystems domain and business unit group databases......................................31
Installing the SunSystems security database..............................................................................32
Installing additional business unit groups.....................................................................................32
Recovery mode............................................................................................................................32
Installing the application tier............................................................................................................33
Installing the reporting tier...............................................................................................................33
Installing the web tier.......................................................................................................................34
Running the SunSystems installer in silent mode...........................................................................34
Installing SunSystems Windows clients..........................................................................................35
Running a Windows client install in silent mode..........................................................................35
Defining the deployment plan using DeployManager......................................................................36
Applying a deployment plan using DeployAgent.............................................................................38
Running Switch Security.................................................................................................................38
Validating the deployment...............................................................................................................38
About multiple domain support........................................................................................................39
Authentication in SunSystems.........................................................................................................39
Resetting a service account............................................................................................................39
Resetting an application pool..........................................................................................................40
Configure a single server with an internal and external hostname..................................................40
Chapter 4: Post-installation tasks...................................................................................................42
Post-installation checklist................................................................................................................42
Serializing SunSystems...................................................................................................................44
Migrating users and groups.............................................................................................................44
Adding services to the Trusted Service group.................................................................................45
Adding users to the SunSystems Reporting Service group............................................................45
Synchronizing report models...........................................................................................................46
Migrating reports.............................................................................................................................46
Restricting SecurityWeb server permissions...................................................................................47
Allocating memory for Microsoft SQL Server and SSRS................................................................47
Configuring Microsoft SQL server memory options........................................................................48
Adding load balancing.....................................................................................................................48
Adding a load balancer to the application tier..............................................................................48
Version 6.4A
This guide describes the steps to install SunSystems 6.4, where no previous SunSystems installation
exists, or the previous installation has been removed. It provides details of mandatory pre-installation
checks, the installation process, and post-installation tasks. It also provides supplementary reference
information.
Intended audience
This document is intended for system administrators, SunSystems consultants and channel partner
consultants involved in deploying and maintaining SunSystems. Due to the numerous implementation
options for SunSystems, only experienced installers should perform the installation process.
Related documents
SunSystems documentation consists of user guides, such as the installation and upgrade guides, and
online application help.
User guides are in PDF format and are available from the Infor Support Portal. To access documentation
on the Infor Support Portal, select Search > Browse Documentation. We recommend that you check
this portal periodically for updated documentation.
Release Notes
Details information relevant to this release that is not included elsewhere in the SunSystems
documentation.
What's New
Highlights significant changes or enhancements in the release.
Resolved Issues
Describes issues resolved in the latest release.
Contacting Infor
If you have questions about Infor products, go to Infor Concierge at https://concierge.infor.com/ and
create a support incident.
The latest documentation is available from docs.infor.com or from the Infor Support Portal. To access
documentation on the Infor Support Portal, select Search > Browse Documentation. We recommend
that you check this portal periodically for updated documentation.
If you have comments about Infor documentation, contact documentation@infor.com.
This installation guide describes the installation of SunSystems 6.4 over multiple tiers.
Refer to the Standalone Installation Guide for SunSystems v6.4 if you are running a simple installation
of SunSystems.
Refer to the SunSystems Upgrade Guide if you are upgrading from SunSystems 6.2 or SunSystems
6.3.
Note: If you have an installation of SunSystems 6.4 and are updating it to the latest patch set, refer to
the SunSystems 6.4 Patch Set Installation Note available with the patch set. The Installation Note
contains important instructions which are not included in this Installation Guide.
Note: The SunSystems 6.4 installer is English language only. Language Deployer is used to add or
remove languages from a SunSystems installation.
Accessing SunSystems
After a successful installation, SunSystems v6.4 can be accessed from an icon on the desktop, or from
a URL:
http://<FQDN>/sunsystems
Note: The SunSystems URL is case sensitive.
Architectural overview
A SunSystems implementation comprises software components that can be logically divided into distinct
layers, or tiers, and is consistent with modern software design. Although the practical installation of the
software can vary greatly, the logical tiers that define the software are always present.
This logical split is represented by the deployed components. It facilitates the differentiation between
tiers that are publicly accessible, that is, exposed on the Internet, and private tiers that are only accessed
internally.
Deployment nodes
The logical tiers in a SunSystems deployment consist of discrete node types. These map to a server
instance that can be physical or virtual. The server instance corresponds to the installable components
available from the SunSystems media. The exceptions to this are the Database and Reporting Server
nodes; these correspond to the installable components available from Microsoft SQL Server media.
All software components can be deployed on a single server. More commonly, individual components
are selected to build a customized, multitiered solution that meets deployment requirements, for example,
for specific security or scalability needs.
This section describes each logical tier, its composition, scalability characteristics, and deployment
considerations.
This diagram shows each logical tier with a brief description of its function.
Includes the application services and APIs. These are required to support the web server node
and the rich client components, and may include supporting web applications.
3 Reporting server node
Includes Microsoft SQL Server Reporting Services (SSRS) and SSRS extensions. These extensions
are required for SunSystems reporting. The node can be deployed with the database server or
deployed separately depending on the scale of the solution. SSRS is installed using the Microsoft
SQL Server installation media.
4 Database server node
Microsoft SQL Server is used as the relational database management server for SunSystems. This
node comprises all SunSystems databases and associated logins. Often the reporting server node
and the database server node are the same, for simplicity and to reduce licensing costs.
Caution: Computer names should follow Microsoft naming conventions. In addition, you should not
include the ‘_’ underscore character in computer names as this causes problems for Tomcat and Java
components.
To ensure a successful installation of SunSystems you must complete the prerequisites checklist for
each node.
Prerequisites checklist
The installation prerequisites are defined by node. Refer to the relevant prerequisites checklist when
installing each node.
✔ Task References
Design your implementation Architecture and Planning
Guide for SunSystems on Infor
Support Portal
In Active Directory, create SunSystemsServices and Sun- Creating users and groups in
SystemsClients groups, and create the svc-SunSystems Active Directory on page 17
user and the SunSystemsReporting user
Complete the prerequisite checklist for the database and Prerequisites checklist for the
reporting server tiers database and reporting server
tiers on page 18
Complete the prerequisite checklist for the application and Prerequisites checklist for the
web server tiers application and web server tiers
on page 23
Complete the prerequisite checklist for the Windows client Prerequisites checklist for the
tier Windows client tier on page 27
9 Click OK.
3 Select Installation > New SQL Server stand-alone installation or add features to an existing
installation
4 Select Feature Selection and select Database Engine Services as the installation feature.
5 Click Install.
6 Install the latest Service Pack and cumulative patch for SQL Server.
7 Install SQL Server Management Tools after the installation has completed:
a Run the SQL Server Management installer.
b Select Installation > Install SQL Server Management Tools.
c Select the most recent version.
Note: If a restart of the server is required, you are prompted by the installer.
Password
Specify the password.
• xsl
• doc
• docx
• tif
• tiff
• xml
• csv
• xlsx
• mhtml
• emf
If one of the values is missing then you must add it to the list.
6 Restart the SQL Server Reporting Services.
✔ Task References
Ensure the Windows client complies with the hardware Operating system requirements
requirements on page 19
Ensure the SunSystems Administrator is a member of the
Configuration Administrators group in User Manager.
Install Microsoft .NET and add the Microsoft .NET features. Installing Microsoft .NET on
Both are required on any tier where SunSystems software page 24
is installed. Adding Microsoft .NET features
on page 24
Install Oracle Java JDK Installing or updating Oracle
OpenJDK on page 26
✔ Task References
Download and install the latest version of Adobe Acrobat
Reader from the Adobe website
Ensure you are using a supported web browser Supported web browsers on
page 28
Installation checklist
Complete these tasks in the Installation Checklist:
✔ Task References
Download the SunSystems ISO to a local folder Updating Database Utilities from the Infor
and update Database Utilities. Support Portal on page 62The SunSys-
Run the installer. tems ISO on page 30
✔ Task References
Install the reporting tier Installing the reporting tier on page 33
Install the web tier Installing the web tier on page 34
Define a deployment plan using DeployManager Defining the deployment plan using De-
ployManager on page 36
Apply the deployment plan using DeployAgent Applying a deployment plan using Deploy-
Agent on page 38
Run Switch Security to load balance SunSys- Running Switch Security on page 38
tems Security
Validate the deployment using DeployMonitor Validating the deployment on page 38
Check port usage Port usage on page 129
Apply firewall rules Firewall rules on page 130
Check folder permissions Folder permissions for services on page
130
Ensure the installation complies with multiple About multiple domain support on page
domain support 39
Conform with updates to authentication in Sun- Authentication in SunSystems on page
Systems 39
Resetting a service account on page 39
Resetting an application pool on page 40
To run the installer, right-click SunSystems64.iso then run the setup.hta file.
3 Select the SQL Server instance name, and the name of your domain database (SunSystemsDomain)
that you want to create.
4 Specify the locations of your data file and log file.
5 Enter the details for your business unit group in SunSystems Data Database Details.
6 Specify the locations of your data file and log file.
7 Enter your Windows domain, SunSystemsServices and SunSystemsClients groups in Group
Account Settings.
Recovery mode
In SQL Server Management Studio you should set the recovery mode for your SunSystems databases
according to your back up policy.
The recovery mode for SunSystems databases is set in Microsoft SQL Server Management Studio
and should be specified according to back policy.
3 Select Custom. Clear all features except Microsoft SQL Server Reporting Services Extensions.
4 Specify the SunSystems Application Server and specify the location of the security server.
5 Specify the Reporting service account, for example, SunSystemsReporting.
6 Select the SQL Server Report Server Instance.
7 Create or overwrite any virtual host entries and select the default value.
8 Click Install to complete the installation.
Components
Clear all components then select SunSystems Client.
SunSystems Java
Browse to the local installation of Oracle OpenJDK.
Authentication in SunSystems
Authentication in SunSystems 6.4 has improved from older versions of SunSystems.
GetCredentials
Ensure all services and IIS application pools are run using a trusted user. These services and application
pools must be run as a user who is defined as a member of the SunSystemsServices group:
Application pools
• SecurityConsole
• SunSystemsReportingServices.
Services
• SunSystemsConnectServer
• Microsoft SQL Server Reporting Services (SSRS).
Password hash
SunSystems passwords must be reset after upgrading from an earlier version. This will also affect
migrations from SunSystems 4.
To complete a successful installation of SunSystems, you must complete the post-installation checklist.
Post-installation checklist
✔ Task References
Serialize SunSystems. Run the serialization file on all
application servers. Ensure all business unit groups are
selected.
Migrate users and groups Migrating users and groups on
page 44
Add services to the Trusted Service group Adding services to the Trusted
Service group on page 45
Add users to the SunSystems Reporting Services group Adding users to the SunSys-
tems Reporting Service group
on page 45
Synchronize the business unit data models in Report Synchronizing report models on
Models page 46
Migrate reports Migrating reports on page 46
Switch off compatibility view and restart your web
browser.
Review log files for installation errors. Log files are found
at ProgramData\Infor\SunSystems\Logs
If you cannot browse to this location, then in Windows
Explorer, select Organize > Folder and Search Options
> View and select Show hidden files, folders, and
drives.
Restrict SecurityWeb permissions Restricting SecurityWeb server
permissions on page 47
✔ Task References
Set the recommended memory allocation, where Mi- Allocating memory for Microsoft
crosoft SQL Server and SQL Server Reporting Services SQL Server and SSRS on page
(SSRS) are on the same server 47
Configure Microsoft SQL Server memory options Configuring Microsoft SQL
server memory options on page
48
Add load balancing Adding load balancing on page
48
Adding a load balancer to the
application tier on page 48
Adding a load balancer to the
web tier on page 48
Add Secure Sockets Adding Secure Sockets on page
49
Install SunSystems Windows clients Installing SunSystems Windows
clients on page 35
Open SunSystems in a web browser, for example,
http://<FQDN>/sunsystems
If you have set up SSL in IIS and DeployManager, then
use https://<FQDN>/sunsystems
Note: All URLs are accessible through the SunSystems
URL. For example:
• Security Users SEU
http://<FQDN>/sunsystems-security
• Connect Portal SCP
http://<FQDN>/sunsystems-connectportal
✔ Task References
For public facing web deployment you must secure the
SunSystems web endpoint with a certificate. The public
facing firewall must only be accessible through port 443.
We recommend that the Windows environment for the
web server must be hardened to prevent https access
by any connections using protocols lower that TLS 1.2.
See https://www.cisecurity.org/ for details of
how to security harden your system.
Configure SunSystems Help so it is accessible from Configuring SunSystems help
Navigator on page 51
If applicable, install the latest SunSystems patch sets.
You can download the latest SunSystems 6.4 patch set
from http://support.infor.com.
Investigate integrating SunSystems with the Infor OS
platform. SunSystems integrates with the Infor OS Plat-
form formally known as Infor Ming.le, ION, IFS, EAM.
See Infor OS document, on http://support.infor.com.
Serializing SunSystems
Serialize SunSystems. Run the serialization file on all application servers, ensuring that all business
units groups are selected.
Note: You must include your SunSystems user as a member of the Trusted Service Group.
If pre-configured data (PK1) has been installed, use SunSystems User Migration Wizard to import the
pre-configured users and groups:
1 Open SunSystems.
2 Select SunSystems Tools > Migration > SunSystems User Migration.
3 Select Operator ID if you require a three digit SunSystems login.
Alternatively, create your own Users and Groups. See the User Manager help in the online help.
8 Alternatively, specify the Trusted Service Group in User Manager. Select Settings > SunSystems
> Trusted Service Group.
Migrating reports
A migration report is generated after the report migration has completed. Reports that fail migration
must be opened, corrected and redeployed in Report Designer.
To migrate a report:
1 Log into SunSystems as a user who is a SunSystems Reporting Administrator.
2 Select Report Manager (RMA).
3 Select Tools > Migrate Reports.
4 Click Yes.
<Service>
<MemorySafetyMargin>80</MemorySafetyMargin>
<MemoryThreshold>90</MemoryThreshold>
<WorkingSetMaximum>4000000</WorkingSetMaximum>
<WorkingSetMinimum>2400000</WorkingSetMinimum>
1 Open DeployManager.
2 Include the web load balancer in the deployment plan.
3 Save the configuration.
4 Run DeployAgent consecutively on each web server.
Installing languages
The SunSystems installation sets the base language to 1, which means SunSystems is installed as
English-only. Other languages must be installed using the Language Deployer after the installation has
completed. Ensure the language required is available for deployment.
Note: SunSystems can support up to 99 language versions; the base language and 98 additional
languages.
Language Code
Select a language from one of the installed languages.
6 Click OK.
7 Ensure these columns contain the correct language:
XXX_DRILL_ASSOCIATES(DRILL_DESCR)
XXX_ROLE(DESCR)
XXX_NUM_STREAM_HDR(DESCR)
XXX_NUM_STREAM(DESCR)
XXX_FIN_RPT_COL_HDGS(HEADING_1,HEADING_2,HEADING_3,HEADING_4)
XXX_BDGT_DEFN(DESCR)
XXX_ALLOCN_IND(NAME,S_HEAD)
XXX_TXN_REF_FMT(DESCR)
8 Repeat for each business unit group.
The hardware and software requirements for running SunSystems vary depending on the type of
deployment that you choose, that is, stand-alone, two-tier installation, or three-tier installation.
See the SunSystems Architecture and Planning Guide for an overview of the architecture and planning
considerations for the deployment of the software.
The requirements in this section should be regarded as the minimum for the type of deployment that
you choose. If you are installing other software on the same computer(s) as SunSystems, you may
need to increase the minimum requirements. Careful consideration must be given to your current
requirements and hardware capacity. These are the main factors to consider:
• Transaction and event volume
• The number of primary system users
• The number of secondary users, that is, those who might find the information on the system useful
as a source of information
• The location of the application users
• The volume of the local area network and whether it is related to the application.
If other applications share the network, any performance improvements to other application could affect
the network.
Projections should be made to predict your future requirements. Expansion in any of the previously
listed factors might have a detrimental effect on the performance of the system. For sizing advice,
contact your regional office.
Software requirements
These tables list the recommended operating systems to use:
Standalone
Two-tier
Three-tier
RDBMS support
SunSystems version 6.4 is supported with these relational databases:
• Microsoft SQL Server 2019
• Microsoft SQL Server 2017
• Microsoft SQL Server 2016.
Before upgrading to a new Microsoft SQL Server service pack, contact your regional support
representative to check your support status.
Note: Binary sort order is mandatory.
Clustered databases
If you intend to use database server clustering, check that the shared disk array installation, configuration
and verification steps have been completed before you attempt to install SunSystems.
Check that Windows Cluster Services has been installed and configured on each database server or
nodes.
Note: In the event of a failover, SunSystems automatically reconnects to SQL Server. This means that
SunSystems services do not need to be restarted. Users do not need to log out and log back in but
they must close then re-open any open menu functions.
This chapter details the security requirements for configuring and running SunSystems, and describes
the security issues in terms of database security and SunSystems application security. Recommendations
are given on security settings for all Windows operating systems and database servers; issues such
as file system and registry security are also covered.
Security model
SunSystems can be configured to use two different authentication methods. The simplest requires the
user to enter their credentials upon accessing SunSystems. If Windows authentication is required, with
the correct configuration SunSystems obtains the Windows account credentials and uses these to log
the user on to SunSystems. To define the ID of the user while using the application, mapping is required,
but no further login requests are made.
To submit a SOAP request, the SunSystems security service issues vouchers to authenticated users.
These vouchers are exchanged using industry standard public/private key exchange algorithms using
the highest level of encryption available on the operating systems negotiating transfer. A client-side
library is required to make these requests, and is provided for the Java programming environments
and Microsoft programming environments.
See SunSystems Connect online help and the SunSystems Connect Implementation Guide.
• Access and change the .mdf, .ndf, and .ldf database files, regardless of location
• Log-on as a service right
• Read and write registry keys at and under these locations:
• HKEY_LOCAL_MACHINE\Software\Microsoft\MSSQLServer
• HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSSQLServer
• HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Perflib
For more information about other specific functionality, refer to your SQL Server documentation, in
particular Books Online.
Citrix XenApp
The SunSystems Windows services must not be set up to run under a local system account, because
the system account performs network operations and has privileges that are not applicable for all users.
To secure the file system, use the SUBINACL utility. This is provided by Microsoft to secure the file
system. Next, grant permissions to the SunSystems directories that are specified in the File Permissions
and Ownership subsection.
In addition to using standard Windows security features and practices, access to Citrix servers can be
restricted in several ways:
• SunSystems can be utilized as a published application. This implies that all users on a specific
connection type can be restricted to running published applications. Published Application Manager
allows you to restrict an application to specified users or groups of users (explicit user access only).
• Internet firewalls are supported by Citrix XenApp server to restrict Internet access to the XenApp
server.
• Users are required to enter a user name and password to run an application (explicit user access
only).
• It is recommended by Citrix that your website is disassociated from your production system, or you
restrict external access. Any system accessible through the Internet facilitates unauthorized access
to your production site and is a security risk. Therefore, your web server must be installed on a
separate network loop outside the firewall, unless you plan to use it with a secure intranet.
• SunSystems does not support anonymous user access by Citrix. SunSystems allows only the
domain users to log on to SunSystems who are members of the clients group, for example,
SunSystemsClients.
Deployment suggestions
Consider having a separate partition for user data. In the event of a full partition, storing user data,
system files and print queues in the same partition prevents users from printing and may cause
SunSystems to become unstable. Storing user data in a separate directory generates an 'out-of-space'
error instead.
Registry security
A security policy must be setup and assigned to the SunSystems Group. Audit the system to ensure
that SunSystems users have the minimum access permissions required to run the software.
Traffic Encryption
TLS 1.2 encryption over all HTTP endpoints is supported by SunSystems. The support is provided at
a 'between tiers' level. This means that all traffic crossing between client and web tiers, or web and
app tiers will be encrypted.
Encryption 'within tiers' is not currently supported by SunSystems. Encryption 'within tiers' is defined
as traffic between nodes of the same type and ensures service level resilience within the tier. This type
of traffic uses a mix of HTTPS and HTTP for those services not directly hosted within IIS. A complete
'within tiers' level of encryption incurs a performance penalty from additional proxying and should not
be required if a 'private subnetwork' model is used for each tier, as is the approach generally used.
All network tiers must be installed using a 'private subnetwork' model where nodes are installed alone
in an IP subnetwork. The network switch should prevent any 'sniffing' from external clients. SunSystems
may also be deployed using a VPN tunnel to create a virtual 'private subnetwork' to prevent any traffic
snooping.
The Application server and Security Services for SunSystems utilize TCP endpoints which are not
encrypted. In a web only deployment, these services are not externally exposed and where Desktop
Clients are available, they should access the endpoints through the Desktop Services tier, using a VPN
access. Third party encryption services, or a VPN, can be used with all SunSystems TCP endpoints
to add additional security.
Create
A new SunSystems Domain database
Create a new domain SunSystems on the local machine.
Select SunSystems Database Utilities > Create > A new SunSystems Domain database.
You can use this utility to install the domain database on a different server to the one containing the
SunSystems databases. Both servers must belong to the same domain.
All SunSystems databases must be registered in the domain database. For a new installation, this
requires the domain database to be created before or simultaneously with other SunSystems databases.
This utility uses a subset of the steps for a full installation.
Registering a second business unit group automatically converts the domain to a multiple database
environment.
This option uses a subset of the steps used in a full installation.
Upgrade
Pre-upgrade check
Run on each SunSystems business unit group to identify outstanding transactions.
Select SunSystems Database Utilities > Upgrade > Pre-Upgrade Check.
This check must be run before performing an upgrade. If it returns outstanding transaction entries then
the upgrade is prevented from progressing.
Included in the check are tests for:
Caution: The automated database upgrade process affects standard SunSystems tables only. It
does not affect any non-standard tables created separately to SunSystems.
Caution: The automated database upgrade process affects standard SunSystems tables only. It
does not affect any non-standard tables created separately to SunSystems.
Caution: The automated database upgrade process affects standard SunSystems tables only. It
does not affect any non-standard tables created separately to SunSystems.
Upgrades the domain database and forces all scripts to be applied to the database whether they have
changed or not.
Select SunSystems Database Utilities > Upgrade > A SunSystems Domain database forcing all
scripts to be reapplied.
This utility takes longer to complete than A SunSystems Domain database and must only be used
by an experienced SunSystems installer, or under instruction from Infor Support.
Caution: The automated database upgrade process affects standard SunSystems tables only. It
does not affect any non-standard tables created separately to SunSystems.
Caution: The automated database upgrade process affects standard SunSystems tables only. It
does not affect any non-standard tables created separately to SunSystems.
Upgrades one or more business unit groups and forces all scripts to be applied to the database whether
they have changed or not.
To open this utility, select SunSystems Database Utilities > Upgrade > A SunSystems Business
Unit Group forcing all scripts to be reapplied.
This utility takes longer to complete than A SunSystems Business Unit Group and must only be
used by an experienced SunSystems installer, or under instruction from Infor Support.
Custom forms
Upgrade your custom forms after the database upgrade has completed.
Select SunSystems Database Utilities > Upgrade > Custom forms.
Prerequisites:
• SunSystems client is installed on the machine on which you are running the Upgrade Custom
Forms process.
• If you are upgrading from SunSystems 6.1.1, then the pre-upgrade Custom forms are in the business
unit group.
Note: The custom forms upgrade procedure selects the appropriate custom forms for upgrade. This
means it does not upgrade filters and forms for functions removed from the new version.
Note: The manual amendment of forms should be completed by an application consultant, as each
form must be checked out and amended in Form Designer.
Note: It is likely that forms will need to be redesigned in order to utilize the Infor SoHo user interface.
Caution: A form may not be fully upgraded if it contains a field associated with any of these functions:
• BCS Budget Check Setup
• CAA Corporate Allocation Calendar
• CAD Corporate Allocation Setup
• CAR Corporate Allocation Ratios
• CAS Corporate Allocation Sources
• CAT Corporate Allocation Target
• DYB Daybook Setup
• FDU Asset Timing Rules
• FNL Financial Analysis Layouts
• FRH Financial Column Headings
• FSL Financial Statement Layouts
• FSR Statement Line Contents
• FTC Financial Table Columns Record
• FTF Financial Table Format Record
• FTR Financial Table Row Record
• JNP Journal Presets
• LEQ Ledger Sequences
• LES Ledger Setup
• TXD Tax Details
• PYP Payment Profiles.
Domain DB Utilities
These utilities perform functions on the domain database.
The options included are:
• Add a SunSystems business unit group to a SunSystems domain
• Remove a SunSystems business unit group from a SunSystems domain
• Recover business unit links
• Business unit groups parameter maintenance
• Query Database file groups
• Re-link all the SunSystems business unit groups to a SunSystems domain
• Load Difference tables
• Structural Integrity Check - Domain
Caution: Removing a SunSystems database from a SunSystems domain deletes the server files.
If removal from the domain leaves only one registered business unit group, the domain automatically
reverts to a single database environment.
Caution: Removal of the only remaining business unit group in a SunSystems domain renders the
domain incomplete and in an unsupported state.
This utility is required for a custom upgrade. Use it to create a SunSystems database, either from
scripts or by attaching a pre-configured database, and to upload the difference tables for the version
that you are upgrading from. You must specify the log file folder location and the domain database
information. A list of SunSystems databases that are in the domain database is displayed. Select the
required database and the version of the data to be loaded in the difference tables.
You have the option to run further database utilities.
Database DB Utilities
Structural integrity check
This utility checks the structural integrity of all tables in a specified business unit group.
To open this utility, select SunSystems Database UtilitiesSunSystems DB UtilitiesStructural
integrity check.
This check is run on the domain database, and all business unit groups. It check is also run during the
upgrade process.
Note: If the database integrity has been compromised, the Structural Integrity Check will fail. You
must contact Infor Support or Infor Consulting Services in the event this occurs.
Note: All reported issues must be resolved before the upgrade can continue.
You must specify the SQL Server Instance Name and the SunSystems database. Errors or warnings
generated by the check are listed in theR_ERR table and reports any issues found. The results should
not stop an upgrade from running but should be addressed.
Note: The Referential Integrity Check should be run before a running a SunSystems upgrade, so that
any errors can be resolved. The check may take longer to complete for larger databases.
Caution: During an upgrade, you must ensure that all references to filegroups exist on the new
machine, otherwise the upgrade will fail.
Form actions
Import forms into a SunSystems Domain
Imports forms into a SunSystems domain database.
Security DB
Grant permission to Security DB
Grants the Windows Service Groups access to the Security database.
Migrating databases
SunSystems databases can be migrated from one database server to another. Only database
administrators can perform migrations, and the process requires downtime of SunSystems.
Before you can migrate a database, you must complete the prerequisites for migration:
• The version of the source and target Microsoft SQL Servers must be the same,
• The version of Windows, service pack level and operating system language must be the same.
• The user performing the migration must have Windows and database administrator rights.
• All SunSystems users must be logged off, and all SunSystems Windows services must be stopped.
• A SQL Server Login for the SunSystemsServices and SunSystemsClients groups must be created
on the target database server. The Windows group names used must be the same for both servers.
See the SunSystems Upgrade Guide for the correct upgrade procedure for databases. It describes the
steps to migrate a database from a source to a target server.
In Microsoft SQL Server, performance and capacity can be increased by scaling up and scaling out.
Scaleup means increasing the power of the database server. Scaleout is achieved through linked
servers.
Caution:
• Before starting, you must ensure that you have administrator access to the SQL Server machines
and Domain Controller machine to configure, or verify, the linked server environment.
• We do not recommend that you install SunSystems components on the Active Directory Domain
Controller. Additionally, Microsoft advise against installing SQL Server on the Domain Controller.
Note:
• Standalone and 2-tier deployments of SunSystems are not supported in a linked server environment.
• When creating a new Linked Server, the fields RPC and RPC Out must be set to True, in Server
Options. Otherwise, error messages are displayed when setting the Application Role in User
Manager.
• To serialize SunSystems in a linked server environment, open the serialization file using Notepad
and manually enter the details into SunSystems Serialisation (ZZS).
• SunSystems connects directly to the SQL Server default instance on port 1433. If a named SQL
Server instance is being used, or a non-default port, the SQL Server Browser service is used to
make the connection to the server.
Database replication
Database replication is not supported as a means of providing high availability or failover.
Prerequisites
Before specifying a DNS CNAME record, you must:
• SunSystems 6.4 is installed in a multitier environment
• You have domain administrator access
• A database with a named instance of SQL Server, for example, INSTANCE1, has been installed.
You can also use a default SQL Server instance.
b Select SQL Server as the server type. This indicates that the linked server is another instance
of SQL Server.
c Select Be made using the login’s current security context n the Security page.
2 Specify database relinking details:
a Open SunSystems Database Utilities.
b Select Security DB > Grant permission to Security DB. Enter the SunSystemsServices
domain group details.
c Select Domain database > Re-link all the SunSystems Business Unit Groups to a
SunSystems Domain. Specify a Datasource name that includes an Instance name, for
example, DBSERVER\INSTANCE1.
d Select Relink Details. Specify the Instance name, for example, DBSERVER\INSTANCE1, and
the SunSystems Business Unit Group Database name.
e Select Group Account Settings. Specify the details for the SunSystemsServices and
SunSystemsClients Windows Domain groups. Select the languages. On the Progress Monitor
page, click Next to finish.
3 Open Windows Firewall. Ensure the port connection between the SunSystems application server
and the SQL Server database server instance is not blocked.
4 If required, specify the ports for IIS, Application, Security, Web Services and Tomcat.
5 Log into User Manager using the SunSystems Administrator account.
6 Select Settings > SunSystems > Configure.
7 Specify DBSERVER\INSTANCE1.
8 Click Test connection.
9 Click OK to save your changes.
10 Restart the SunSystems Security service.
11 Restart IIS using IIS Manager, or by using the IISReset command-line utility.
12 Use Restart Services to restart all SunSystems services.
Responding to a failover
Note: You must test that failover works in your test environment, before moving to a live environment.
In the event of a failover:
1 Use IIS Manager, or the IISReset command-line utility, to restart IIS on all SunSystems servers.
2 Restart all SunSystems services on all SunSystems application and web tier servers using the
Restart Services tool.
Parameter Description
drop_list_flag Distinguishes between 'delete' and 'list'
Specify 1 for 'delete' and 0 for 'list'
intg_retention Days to retain INTG tables
default is 7 days
Parameter Description
drop_list_flag Distinguishes between 'delete' and 'list'
Specify 1 for 'delete' and 0 for 'list'
Parameter Description
db_code Specify a single business unit or blank '' to indicate all
tdesk_retention Transfer Desk work tables
recommendation is 60 days (2 months), minimum retention is 7 days
with a default of 60
cdesk_retention Control Desk tables
recommendation is 7 days, minimum retention is 2 days with a default
of 7
recon_mng_retention Recon manager
recommendation is 7 days, minimum retention is 2 days with a default
of 7
cdesk_iface_reten- Control Desk Interface
tion_int recommendation is 30 days (1 month), minimum retention is 7 days
with a default of 30
other_tabs_retention Number of days additional tables ('%SALQ' '%SALQ_EX',
'%SALQVCNLST', '%SACDLI', '%SMCDSO') are to be retained since
creation, recommended 60 days (2 months), cannot drop tables cre-
ated less than 7 days ago with a default of 60
Parameter Description
bu_code The business unit code
ldg_details number of months to retain the data after the associated transaction
is complete
For example, if you specify 6 then all data in the LDG_DETAIL table
is cleared where the transaction has been complete for longer than
6 months
Parameter Description
iface_tables Number of weeks to retain the data in these tables
For example, 1
• ACNT_PYMT_IFACE
• ASSET_DISPOSAL_IFACE
• ASSET_STATUS_IFACE
• ACNT_PYMT_IFACE
• CALC_DEP_IFACE
• CASH_SUMMARY_IFACE
• DAYBOOK_IFACE
• GEN_ALLOCN_IFACE
• GEN_PYMT_IFACE
• LDG_REVAL_IFACE
• PMD_RDS_IFACE
• PMD_RPTG_IFACE_TBL
• TAX_RPTG_IFACE_FIN
• TAX_RPTG_IFACE_POP
• TAX_RPTG_IFACE_SC
• TAX_RPTG_IFACE_SOP
• TREASURY_DEAL_IFACE
• TRIAL_BAL_IFACE
• TXN_MATCH_IFACE
• VOID_PYMT_IFACE
• ALLOCN_IFACE
• CTRL_DSK_IFACE
• PYMT_REJ_IFACE
del_fin_rpt Number of weeks to retain the data in these tables
For example. 1
• FIN_ANL_RPT
• FIN_STMNT_RPT
• FIN_TBL_RPT
del_bu_temp_tbl clear down the temporary tables used in business unit copy
1=yes
0=no
• BUCPY_XFER_TBL_LIST
• BU_TEMPLATE_PARAMS
Parameter Description
del_bu_wrk_tbl Number of weeks to retain the data in these tables
For example, 1
• ZZZ_AUTHORISTN_SET_BANK
• ZZZ_AUTHORISTN_SET_PAY
• ZZZ_BILLING_LINK_ADJUST
• ZZZ_COSTING_ITEM_COSTS
• ZZZ_COSTING_UD_COSTS
• ZZZ_COSTING_WORK
• ZZZ_COSTING_KEY_INFO
• ZZZ_CURRENTLY_SELECTED
• ZZZ_DOC_FMT_HLD
• ZZZ_ERR
• ZZZ_GEN_INVY_CNT_WRK_1
• ZZZ_LINK_CHECK
• ZZZ_NOTE_DETAIL_TEMP
• ZZZ_NOTE_LDG_TEMP
• ZZZ_NOTE_TEMP
• ZZZ_PSTG_ERR
• ZZZ_PSTG_ERR_MSG
• ZZZ_PSTG_WRK_TBL
• ZZZ_PSTG_WRK_TBL_NOTE
• ZZZ_SAPYDDB
• ZZZ_SAPYPAY
• ZZZ_VCHR_WRK
del_other_tbls Number of weeks to retain the data in these tables
For example, 1
• DAG_TEMP
• DDE_USER_LABEL_WRK
• OFCD_WORK_FILE
• OPR_BU_PERD
• OPR_SESSION
• RECON_MGR_TEMP
• RECON_MGR_TEMP_LAD
• RI_ERR
• RWFNUM_STREAM
• SSLINKAGE
return_err_no Returns a SQL error number (integer) if an error has occurred
return_err_msg Returns the SQL error message (nvarchar(250)) if an error has oc-
curred
Example Housekeeping statement to run for all business units in one business unit group:
If you receive an error after executing the SSP_HOUSEKEEPING procedure, you can record the error
and report in a way that is suitable for your business.
3 Run Kerberos Configuration Manager for SQL Server and resolve any delegation or SPN issues.
4 Locate the database engine service account from an Active Directory domain controller.
5 Open the Advanced view.
6 Select Attribute Editor > servicePrincipalName.
7 Add a new entry, consisting of two SPNs, for the AAG listener.
The new entry is in addition to the existing four entries. For the new entries, use the same format
as the existing entries, but use the FQDN of your listener computer object.
8 Add a new entry that contains the port number.
There should now be six SPNs, if you have two replicas in your availability group.
9 Open Database Utilities.
10 Select Re-link all the SunSystems Business Unit Groups to a SunSystems Domain and relink
to a domain using the listener name.
If these steps are not completed, then the message Could not find server <servername>
in sys.servers is displayed.
2 Open SQL Server Management Studio to connect to the primary SQL Server Replica.
a Select AlwaysOn High Availability > Availability Groups and select the Availability Group.
b Select Availability Group Listeners. Right-click the Listener Name and select Properties.
c Specify the port number.
Note: Do not append the port number to the listener name.
3 Add a new registration for the SQL Server startup account using the non-default port. Open a
Command prompt and run these three commands in the order listed:
a setspn -L <servicename/serviceaccount>
For example, setspn -L sunsystemsdomain/sqladmin where the sqladmin user is a
startup service account of the SQL Server instance on the sunsystemsdomain domain.
b setspn -D <serviceclass/host:portservicename>
For example, setspn -D MSSQLSvc/mylistener.sunsystemsdomain.com:1433 where
mylistener is an AOAG listener.
c setspn -S <serviceclass/host:portservicename>
For example, setspn -S MSSQLSvc/mylistener.sunsystemsdomain.com:56789
where 56789 is a non-default port of mylistener.
4 Open SQL Server Management Studio to recreate the linked server object for the listener name.
a Specify this information:
Server type
Select Other data source
Provider
Select Microsoft OLE DB Provider for SQL Server
Product name
Specify SQLServer
Note: Do not include a space between SQL and Server.
Data source
Specify <listener name>,<port>
b Click the Security tab and select Be made using the login's current security
context.
c Click the Server Options tab. Ensure that both RPC and RPC Out are set to True.
d Create a second linked server for the FQDN of the listener name. You must repeat this step
for all replicas.
Note: You can check that the second linked server setup is correct by running this SQL query:
select * from sys.sysservers
Instance Name
Specify <listener name>,<port>
Database Name
Select the SunSystems domain database.
c Click Next. In the Relink Details window, select the business unit groups from the list.
Note: You must ensure that the Instance name is set to <listener name>,<port> for each
business unit group.
d Click Next. Specify the Windows Domain Groups for SunSystems.
e Click Next to complete the remaining details then click Next to run the function.
7 Set the port number for the connection to the SunSystems security database. Open the \Program
Data\Infor\SunSystems\Security\global.config file on the SunSystems application
server. Edit these lines to add the port element:
<database>SunSystemsSecurity</database>
<server>servername</server>
<port>nnnn</port>
SunSystems Connect provides an Extensible Markup Language (XML) and Simple Object Access
Protocol (SOAP) interface through which developers can access SunSystems data and core functionality.
Note: SSC client applications must be run on the SSC application server. This includes Audit Viewer,
Transaction Monitor and Component Manager.
Software requirements
SunSystems Connect and Automation Desk require:
• Microsoft Windows Server 2016 (Standard or Enterprise)
• Microsoft Windows Server 2019 (Standard or Enterprise)
Third party applications that make SOAP calls to SSC, must be running on a machine with the required
software.
Installing SSC
When you install SunSystems Application Server, the Connect Server is automatically installed.
Note: Settings previously made in Property Editor are now specified in Configuration Manager (CGM).
See the Configuration Manager help in the Online help for details.
SSC layout
SSC is installed into the subdirectory ssc in the SunSystems program directory. The default folder
structure and requirements for Write Permissions are listed in Appendix C.
You can manage Reporting properties using the Reporting module in Configuration Manager. In
SunSystems, select Configuration Manager (CGM) > Reporting.
b Expand the server node, in the tree. This is usually identified as the name of the server.
c Select Application Pools.
d Select the SunSystemsReportingServices Application Pool.
e Select Actions > Advanced Settings.
f Select the Identity property.
g Click the ellipses (…).
h Select Custom account.
i Specify the domain and user name of the new SunSystems reporting user.
j Click OK.
k Close IIS Manager.
4 Update the credentials used by the SunSystems Reporting Services applications:
a Open the Services control panel applet.
b Select the SunSystems Report Manager Service
c Select Action > Properties.
d Select the Log On tab.
e Select This account.
f Specify the domain, user name and password of the new SunSystems Reporting user.
g Click OK.
5 Run ConfigureMSRS.exe on the report server to add the domain user:
a Open a command prompt.
b Navigate to \Program Files\Infor\SunSystems\.
c Specify this command: configuremsrs -install -instance [sql instance] -user
[domain]\[user]
6 Check that ConfigureMSRS.exe has completed successfully:
a Open your browser as an administrator.
b Navigate to http://localhost/Reports.
c Select Settings > Site Settings > Security.
Ensure that domain\user has been added.
7 Check that Service Broker is enabled for both the domain and security databases:
a Open Microsoft SQL Server Management Studio.
b Select Databases > SunSystemsDomain > Properties > Options.
c Select Service Broker and complete this information:
Broker Enabled
Select true to enable this setting.
Operational reports must be deployed in a location more suitable to the requirements of the business.
Path environment variables must be amended, and the appropriate folder level permissions set.
Reports may be renamed using the convention used by the example reports, or another appropriate
convention.
The SunSystems Web user interface is customized in Configuration Manager (CGM). For example,
you can change the font, colour, or how the session navigation menu is displayed in Infor Ming.le™.
Note: To use Configuration Manager, your user must be a member of the Configuration Administrators
group.
Some properties in Configuration Manager require the SunSystems services to be restarted before
changes are saved. Services are restarted using the Restart Services tool.
The information included in the Troubleshooting section will help system administrators resolve problems
that are encountered during the installation process, or when attempting to start up SunSystems.
If the problem you are experiencing is not detailed below, you can contact technical support. Before
calling for technical assistance, collate the information described in Contacting Technical Support.
You can search for known issues in the Support Knowledgebase on the Infor Support Portal. Often a
solution can be found here before contacting Infor Support.
Troubleshooting hints
There are several troubleshooting hints that will assist you when analyzing a problem:
• Take copies of error messages. They contain important information and technical support staff will
require details.
• Do not assume too much about the possible cause of the problem, or you might overlook any
evidence.
• Work carefully through the problem, ensure that you can duplicate the problem and assemble all
the evidence, because you might need to pass it on to a member of the technical support staff.
• Confirm if the problem happens in other applications, on other user’s machines, or only on one
machine.
• Check security barriers (firewalls) because these can block communications between client and
server machines.
• Do not overlook the obvious; check plugs, connections and cables.
Missing prerequisites
Where possible the SunSystems installer checks and notifies the user of any missing prerequisites.
However, in the event of an installation problem, check that all the prerequisites have been correctly
installed. Refer to the Prerequisites checklist on page 17.
Use the function Deployment Monitor, which is part of DeployManager, to validate all connections. Red
indicates a firewall block or problem. When viewing results, consider that some connections may not
be accessible due to firewall settings.
DeployAgent and DeployManager generate log files in ProgramData\Infor\SunSystems\Logs\
Deploy.
Use the Restart Services tool to restart the SunSystems Services in the correct order:
1 Security and Configuration Services
2 SunSystems Connect Server
3 All other services.
Connection problems
Possible cause(s)
The firewall settings may be blocking the connection.
The connection to the Microsoft SQL Server may be broken.
Solution
Check the Windows firewall settings.
Check connection to SQL Server. Open SQL Server Configuration Manager and expand SQL Server
Network Configuration. Click Protocols for <instancename>. Right-click the Protocol name, TCP/IP
and click Enabled.
Possible cause(s)
This error can occur in a load balanced environment because the load balancer may direct to a server
which has not yet been fully configured.
Solution
Run DeployAgent on all other servers in the same tier. On the server with the error message, run
RestartServices then run DeployAgent. This problem can occur on the Application tier or the Web tier,
in a load balanced environment.
Possible cause(s)
The Report Manager may not be connected to a Windows domain.
Solution
Check that your machine is connected to a Windows domain.
Possible cause(s)
If Log on as a service right has not been given to the service account, then installation will
pause to display a message stating that the service will not start.
Solution
Specify the service account details in Services, restart the service manually, and specify Log on as
a service right. After clicking OK the SunSystems installation process resumes.
Possible cause(s)
This error could indicate that ASP.NET is not registered.
Solution
Check that ASP.NET is registered. Run a command prompt as administrator. Change directory to
Windows\Microsoft.NET\Framework64\v4.0.30319. Enter the command aspnet_regiis
–lv to check if ASP.NET is already registered. If not already registered, specify aspnet_regiis
–ir to register.
Possible cause(s)
This issue only occurs in a SunSystems environment where you have applied SSL. A connection cannot
be made between the client and the security service unless you make a specific registry change on
the machine on which you are installing SunSystems client.
Note: In addition to client installation, this issue can occur when adding any node to your SunSystems
installation.
Solution
You must enable this registry key on the machine where you are running the SunSystems installer:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
“SchUseStrongCrypto”=dword:00000001
Possible cause(s)
Roll backs are usually caused by a problem communicating with the Security and Configuration services.
The services must be started by the installer in order to complete the configuration of SunSystems.
The roll back may also be caused by a SunSystems application still included in IIS after it has been
uninstalled.
The .msi log is usually found in the %TEMP% folder, or the folder above. This log is not easy to interpret
but contains the reason for the rollback.
Relevant information is also logged in the InstallLog.txt, usually found in ProgramData\Infor
\SunSystems\logs\Install.
You can also open IIS Manager to check that all SunSystems applications have been uninstalled
correctly.
Possible cause(s)
The SunSystems Configuration Service may not be running.
Solution
If this occurs, check that the SunSystems Configuration Service is running. The service is located on
the SunSystems application server.
Possible cause(s)
An incorrect security admin password is used during the re-installation of SunSystems over existing
databases. This causes the installation to fail and locks the security admin user in the security database.
As SunSystems is not installed, you are unable to unlock the admin user in Security Console / User
Manager.
Solution
You must edit the SunSystems security database SCTY_USER table:
NAME=admin set PWD_DATA=NULL
Install SunSystems using a blank password for the admin user.
Possible Cause(s)
After applying a patch set, an error message indicates that the reports failed to load and that they must
be loaded manually.
This issue occurs in a two-tier environment that includes a combined database / SSRS server and a
combined web / application server. The installation order is important. In this scenario, reports cannot
be imported by the installer until after Reporting Extensions are installed, which cannot be before the
application tier is installed. This means that a manual step is required as part of the installation process.
Solution
To load the reports manually:
1 After the patch set installation has completed, open InstallLog.log
2 Find the VisionImport command, and take a copy.
3 Run the VisionImport command from an administrator command prompt, using your administrator
password. For example:
"C:\Program File\Infor\SunSystems\VisionImport.exe" /U:admin /P:"******"
/T:"/" /D:"C:\ProgramData\Infor\SunSystems\Reporting\Example Reports"
/V:1 /O:YES
Note: You must replace "******" with your administrator password that you use to log into
UserManager.
Possible cause(s)
SunSystems or a session is still active.
Solution
Before you attempt to uninstall SunSystems, ensure that all SunSystems sessions have been closed.
Possible Cause(s)
Serialization has not been applied. SunSystems is licensed specifically for several users and language
combinations. Only the components with valid serialization information are operable in the production
environment.
Solution
Run the serialization on all application tier servers for all business unit groups.
Possible cause(s)
The supplied serialization details are configured to allow an explicit number of users to connect to the
system at any one time. This does not prevent the definition of additional users in the system, but does
inhibit the number of concurrent users from exceeding the licensed number.
Solution
If this imposed limit does not enable all required users to connect to the system, contact your
SunSystems supplier to arrange a new license.
Possible cause(s)
Your SunSystems user is not part of the Trusted Service Group.
Solution
If you run a SunSystems serialization and nothing happens, check that the user you are logged in with
is in the Trusted Service Group. Open User Manager and select Settings > SunSystems > Trusted
Service Group. Use Task Manager to end task the process Serialise (32 bit) before you try
to run the serialization again.
Possible cause(s)
The operator group is not set up in User Manager
Solution
Log into User Manager as administrator. Select Group and add Function Permission and Action
Permission settings. If there are required functions not showing on the menu you can recreate the
menu in User Group Menu Designer (UGM).
Possible cause(s)
Standard authentication has not been set up globally in User Manager.
Solution
If SunSystems is to be accessed from client machines when users are not logged on as Windows
Domain users, you must set standard authentication globally in User Manager. Log into User Manager
as an administrator. Select SettingsSecurity Policyand clear Enable Windows Authentication.
Possible cause(s)
Your SunSystems user is authenticated using Windows authentication.
Solution
If you are set up in User Manager as a Windows authenticated user, you will automatically be logged
into SunSystems. Contact your SunSystems administrator to change your user to standard
authentication.
Possible cause(s)
The PATH environment variable may be incorrectly ordered. This can occur if you have multiple versions
of SQL Server installed.
Solution
Check that your PATH variable is correct. The latest version of BCP.exe must be listed first.
You can check the contents of the PATH variable by running bcp -v from a command prompt.
Possible cause(s)
SunSystems Reporting requires language-specific fonts to render a report to PDF. From Windows
2016, some fonts are no longer automatically included and are optional Windows features.
Solution
You must install the required font pack on the server where the reports are installed:
1 Find the required language pack from Microsoft Support.
2 Install the language pack on the server where the reports are installed.
3 In Windows, select App and Features > Manage optional features > Add a feature and select
the required font.
For example, if Hindi characters are not displayed correctly, you must install the language pack
for Devanagari Supplemental Fonts. This will be listed under Add a feature.
4 Wait for the notification that the font has installed, then reboot your server.
5 Re-run the report to see the characters displayed correctly.
These tools display and log the SunSystems program behaviour. This facilitates the resolution of system
failures that are not identifiable by the error message. They should be used only under the direction of
a SunSystems administrator or technical support.
• Run the SunSystems database utilities and choose the option to re-link the SunSystems data
database and domain database.
• Check the database structural integrity of domain and business unit groups using the SunSystems
database utilities.
• Run SunSystems function BUA to synchronize and bring business unit groups on-line.
• Use the Restart Services tool on each application tier server.
• Serialize SunSystems on each application tier server.
Glossary terms
Term Definition
application server component A software element that is installed on an appli-
cation server. That is, the application layer.
business unit group A collection of SunSystems business units that
are stored in a single SunSystems data database.
That is, a business unit group is a SunSystems
data database. Business units must be unique;
for example, you cannot have business unit AAA
present in more than one business unit group.
central logs repository A directory on SunSystems application server
and client machine containing log files generated
by SunSystems. Files are created in relevant
folders under the central logs repository. For ex-
ample: ProgramData\Infor\SunSystems\
logs
client component A software element that is installed on the client
machine. For example, Security Client, SunSys-
tems Client, and Reporting Client are elements
that are included in the SunSystems client instal-
lation.
collation The character set, code page, and sort order
used for languages. For example, Latin1_Gener-
al_Bin is the Western European default.
database server component The server hosting the RDBMS
domain database A central repository containing information to
connect to multiple SunSystems databases, of
different code pages, through a single application
server, or application server farm.
firewall A protective channel between a secured network
and an unsecured network, through which all
traffic must pass.
Term Definition
SunSystems security The services, applications, and features control-
ling access to SunSystems programs and data.
SunSystems domain The one-to-many application server and database
installation accessible from a client installation
and managed from a central repository. The
central repository is also known as a domain
database. For example, a SunSystems domain
can describe a three-tier installation which in-
cludes an application server farm and access to
multiple databases.
SunSystems session An open SunSystems window. Up to nine ses-
sions can be open simultaneously.
URL Description
http://<FQDN>sunsystems The SunSystems application
http://<FQDN>/sunsystems-security Opens the function SEU Security Console
http://<FQDN>/sunsystems-connectportal Opens the function SCP Connect Portal
http://support.infor.com Infor Support website
http://docs.infor.com SunSystems documentation website
Use these URLs if you have SSL and IIS set up in DeployManager:
URL Description
https://<FQDN>sunsystems The SunSystems application
https://<FQDN>/sunsystems-security Opens the function SEU Security Console
https://<FQDN>/sunsystems-connectportal Opens the function SCP Connect Portal
These instructions describe moving SunSystems databases to a new database server. For example,
you may wish to move databases from UAT to production, or from production to UAT.
To move databases successfully you must complete this checklist:
✔ Task References
Ensure that the 6.4 target environment is on patch set 5
or later.
If the source environment is a version that is earlier than
6.4, then refer to the SunSystems Upgrade Guide for the
steps to upgrade the source databases to 6.4.
The patch sets must also align with the target installation
so you must apply outstanding patch sets to the source
databases using the corresponding Patch Set DBDeployer
tool.
Ensure that the version of Microsoft SQL Server installed
in the target environment, including service packs, is the
same or higher, than the version installed in the source
environment.
Note: The version of SQL Server in the source environ-
ment must not be higher than the target environment.
Ensure that: Installing Microsoft Reporting
• SQL Server Reporting Services Services on page 21Installing
• SunSystems Reporting Services including Microsoft the reporting tier on page 33
SQL Server Reporting Services Extensions and the
corresponding patch set
are installed in both the source and target environment.
Ensure that all test data is removed from the source envi-
ronment. This is relevant if you are moving databases from
a UAT environment, and you have completed testing.
✔ Task References
Reports are not exported by DeployManager so must be Migrating reports on page 46
migrated separately. To do this, you can either export the
reports, or move the Report Server database:
• Reports can be exported from SunSystems Report
Manager in the source environment and imported into
Report Manager in the target environment. This does
not require moving the Report Server database. See
'Migrating Reports' in Chapter 4: Post-installation tasks.
• If you prefer to move the Report Server database, refer
to the Microsoft documentation on moving Report
Server databases.
You must save the target SunSystems configuration. This Exporting a configuration using
must be completed before you restore databases in the DeployManager on page 119
target installation.
Do this by using DeployManager to run a configuration
export from any application or web node in the target instal-
lation.
In the source installation, ensure all SunSystems users
are logged out from SunSystems.
Clear any outstanding operator activity sessions.
Make a note of the SunSystems administrator user and
password. This information is required when you log into
User Manager or Security Console.
Move the databases from the source installation to the Copying the databases from
target installation. source to target installation on
page 120
In the target installation, stop all SunSystems services and
the Report server. Stop the SunSystems website on all
applicable nodes.
Setup the restored databases in the target installation. Setting up databases in the tar-
get installation on page 120
To export a configuration:
1 Run DeployManager from any application or web node in your installation.
2 Select Function > Environment Migration.
3 In the Export Environment, click Export to save the target configuration.
4 Make a note of the location of the generated Sunsystems-Environment.zip file. The default
location is the Documents folder.
Note:
• Ensure all references to the new database server are updated. You must use the
SunSystemsServices Windows domain group.
• SunSystems Database Utilities is available from SunSystems media but we recommend that
you check the Infor Support Portal for the latest version as important changes were made for
patch set 7.
a In Database Utilities, select SunSystems Database Utilities > Domain DB > Re-link all the
SunSystems Business Unit Groups to a SunSystems Domain.
b Specify the Instance Name as the new database server/instance name.
Scripts should run without any errors.
4 Grant the Windows service groups access to the security database. In Database Utilities, select
Security DB > Grant permission to Security DB.
5 Start the SunSystems Security service.
6 Import the saved configuration of the target installation:
Note: You only need to run the import once. It can be run from any application or web node in the
target installation. Importing the saved configuration ensures that the underlying software and
configuration remain consistent.
a Run DeployManager.
b Select Function > Environment Manager.
c Find the SunSystems-Environment.zip configuration file that you exported previously,
and select it for import.
7 Run DeployAgent on all servers except the database server.
Note: DeployAgent must be run on the application nodes first, and the web nodes second.
8 Use Reporting Services Configuration Manager to import the encryption key into SSRS. Ensure
the Reporting Services are running correctly with the new Report Server databases.
9 Create the SunSystemsReporting account with the RSExecRole and db_owner role for both Report
Server databases.
Note: Complete this step using the Reporting Services Configuration Manager tool or the command
line tool rskeymgmt.exe provided by Microsoft.
10 If the service account running SQL Server Reporting Services is different on the target machine
to the source machine you must run ConfigureMSRS.exe.
Note: ConfigureMSRS.exe is only found on the tier on which SRS Extensions are installed. An
example of the command line required to run ConfigureMSRS.exe is C:\Program
Files\Infor\SunSystems\ConfigureMSRS.exe -install -instance MSSQLSERVER
-user DOMAIN\SunSystemsReporting
The instance of the Reporting Service, and the account under which the Report Server is running,
must both be supplied.
11 Run Restart Services.
12 Log into SunSystems and select Business Unit Admin (BUA) to restore the business unit groups
online.
The installation of SunSystems components on a different server requires updating elements of the
installation configuration.
The Infor Support Policy regarding virtualization software such as Terminal Services, Citrix Xenapp
and so on.
We will fully support SunSystems deployed in test and production environments, where the SunSystems
implementation uses virtualization software and has been correctly sized to provide adequate system
resources.
We will not directly support the virtualization technology used because that is the responsibility of the
relevant vendor.
Reported support issues will be investigated in the normal way. However, we reserve the right to ask
a customer to reproduce the issue outside of a virtual environment, if we believe that the issue may
result from the failure of the abstraction layer, or its configuration, to provide a suitable application
environment.
Log files are generated to assist you with troubleshooting and are stored in subfolders that are named
according to function name.
The subfolders are located under the main SunSystems log folder, which, by default, is found at this
location: \ProgramData\Infor\SunSystems\Logs.
The Infor Support Policy regarding virtualization software such as Terminal Services, Citrix Xenapp
and so on.
For example, Security Console and User Manager will be inaccessible if Windows authentication
credentials are incorrectly mapped, or if the SunSystems administrator leaves the company without
informing another user of the administrator login details.
To avoid such situations, these steps must be completed by a local administrator or the server where
the security service is running:
Note: This feature should only be used when the administrator is unable to access the system to correct
problems in the configuration.
Note: This feature is not available if User Manager is accessed remotely. The user must be on the
specific server and be a local administrator in Windows.
1 Ensure all users have logged out of SunSystems.
2 Stop the SunSystems Security service.
3 Edit the global.config file.
Usually this is located in \ProgramData\Infor\SunSystems\Security\.
4 Change the property entry <serveradminaccess>0</serveradminaccess> to <serverad
minaccess>1</serveradminaccess>.
5 Restart the service.
6 Run Security Console or User Manager as an administrator:
• If you are using Security Console, then right-click your browser icon and select Run as
Administrator. Run the url http://<server>/sunsystems-security
• If you are using User Manager, then right-click the User Manager executable and select Run
as Administrator.
7 Correct the problem that was preventing the administrator from gaining access.
8 Reverse the above process, reverting the configured property in global.config back to 0.
9 Save and close the file.
Users can log into SunSystems.
Port usage
Use this table to check the correct ports are being used:
Note: The application server and security service are not exposed through ARR.
Firewall rules
Ensure that these firewall rules are applied:
• Communication enabled from the application nodes to the application tier load balancer over the
http/s port
• Communication enabled from the application nodes to the application tier load balancer over ports
40001 and 40003
• Communication enabled from the application nodes to the application ports 40000 and 40003
• Direct access from the application nodes to Microsoft SQL Server
• Communication enabled from the web nodes to the application tier load balancer over the http/s
port
• Communication enabled from the web nodes to the web tier load balancer over the http/s port
• Communication enabled from the web nodes to the application tier load balancer over ports 40001
and 40003
• Communication enabled from the reporting nodes to the application tier load balancer over the
http/s port
• Communication enabled from the rich client to the application server tier over ports 80, 40001 and
40003
• Communication enabled from the rich client to the web server tier over port 80
• Communication enabled from the rich clients to the exposed Desktop Service tier on ports 40001
and 40003
• Direct access from the reporting nodes to Microsoft SQL Server, that is, port 1433 must be open
by default
Component ports
This table shows SunSystems components and their associated ports:
Component 6.3 internal ports 6.3 external 6.4 internal ports 6.4 external
ports ports
SunSystems Con- 40004 80 40004 80
nect service
SunSystems Ap- n/a n/a n/a n/a
plication Manager
port range
SunSystems Ap- n/a n/a n/a n/a
plication Manager
listener port
Application Serv- 40001 40001 40001 40001
er service
RMI registry 50001 50001 (we recom- 50001 50001 (we recom-
mend local box mend local box
access only) access only)
Job execution port removed, use port removed, use port removed, use port removed, use
RMI registry RMI registry RMI registry RMI registry
Locator service port removed, use port removed, use port removed, use port removed, use
RMI registry RMI registry RMI registry RMI registry
Transfer execu- port removed, use port removed, use port removed, use port removed, use
tion RMI registry RMI registry RMI registry RMI registry
Transfer Monitor port removed, use port removed, use port removed, use port removed, use
RMI port ranges RMI registry RMI registry RMI registry RMI registry
Configuration ser- 40003 80 40003 80
vice
Secure job execu- port removed, use port removed, use port removed, use port removed, use
tion RMI registry RMI registry RMI registry RMI registry
SunSystems Web 80 80 80 80
security
SunSystems Se- 40002 40002 40003 80
curity
Component 6.3 internal ports 6.3 external 6.4 internal ports 6.4 external
ports ports
Microsoft SQL 80 80 80 80
Server Reporting
Services
SunSystems Re- 80 80 80 80
port services
SunSystems Web 40000 80 40000 80
ASP NET State 42424 42424 42424 42424
server
SunSystems API 40003 80 40003 80
service
Application timeouts
Timeout values for SunSystems URLs are set by the installation and cannot be updated by a user.
• #set( $defaultTimeout = "00:02:00")
• #set( $webSunSystemsTransferdeskDesignerTimeout = "00:10:00")
• #set( $webSunSystemsReportingTimeout = "00:20:00")
• #set( $webApplicationTierTimeout = "01:00:00")
• #set( $webApplicationConnectTierTimeout = "1.00:00:00")
• #set( $webReportingTierTimeout = "01:00:00")
• #set( $appSunSystemsQueryApiTimeout = "01:00:00")
• #set( $appSunSystemsReportingApiTimeout = "01:00:00")
• #set( $appSunSystemsConnectTimeout = "1.00:00:00")
This example uses HAProxy load balancer and shows the deployment created and saved in
DeployManager, and applied consecutively to each node, starting with the application nodes, then the
web nodes.
TDE is an encryption technology within Microsoft SQL Server that offers encryption at file level; TDE
protects data by encrypting the physical files of the database: both the data (.mdf) and log (.ldf)
files.
The encryption and decryption process is completely transparent to the applications accessing the
database. The file pages are encrypted before they are written to disk, and decrypted when read back
into memory. The process uses either Advanced Encryption Standard (AES) or Triple DES encryption
algorithms. Essentially, this is real-time I/O encryption and decryption and does not increase the size
of the database.
The main purpose of implementing TDE is to prevent unauthorized access to the data by restoring the
files to another server / SQL server instance. The backup files of databases that have TDE implemented
are also automatically encrypted. This means that in the event that a database backup is lost or stolen,
restoring the database will not be possible without the appropriate certificate and encryption keys.
In the event of a database restore, the certificate protecting the database encryption keys must be
available. To prevent data loss, therefore, server certificate backups must be maintained in addition to
database backups.
One consequence of implementing TDE is that the TempDB database will be automatically encrypted
as part of maintaining full protection by TDE. This may have a performance impact on any unencrypted
databases sharing the same SQL Server instance.
A disadvantage of implementing TDE is that any benefit gained from backup compression is rendered
negligible because the backup files are only minimally compressed.
Further details about TDE can be found on the Microsoft website: https://docs.microsoft.com/en-us/
sql/relational-databases/security/encryption/transparent-data-encryption-tde
DeployAgent and DeployManager are deployment tools that are responsible for the setup and
configuration of the SunSystems environment and various infrastructure-related security settings. In
particular, these tools are responsible for the Application Request Routing (ARR) solution used by all
SunSystems deployments.
The tasks performed by DeployAgent to configure a SunSystems node, include simple configurations
of IIS, or changes to SunSystems configuration properties. Some tasks are complex and based on
industry standards and are documented in this appendix.
• Reconfiguring WEB applica- Enforces the usage of "Require This option is only set to true
tion authentication SSL" for Forms Authentication. when IIS is responsible for the
• Reconfiguring APP applica- SSL configuration (encryption
tion authentication at NODE level).
See https://technet.mi
crosoft.com/en-us/library/
cc771633(v=ws.10).aspx for
details.
Table 1:
Table 2:
Restarting SunSystems
This task is the same as that provided for the RestartServices.exe. This process stops all
SunSystems services and SunSystems specific IIS components then restarts them in reverse order.
A restart of all services and IIS marks a node as unavailable. After the restart, ARR detects if the system
has returned to service within 30 seconds. The entry points stop returning HTTP 502.4 errors and
instead return the HTTP 200 status.
The next section circulates through the SunSystems databases. These are identified by having the
table SQL_OBJ_REGISTRY present in a database.