Hclcnx

Next week from 20-22 April 2026 Engage takes place in Ghent (Belgium).

If you use Apple push notifications with HCL Connections, please be aware that the certificates included in 8.0CR12 and earlier will expire on March 13th, 2026 at 15:32:47 CET.

Sometimes customizations or settings need to be applied directly inside the application EAR files of IBM WebSphere Application Server.

Over the last few days, I received several messages from Connections users reporting that their embedded YouTube videos could no longer load in Connections Blogs and instead displayed Error 153. This prompted me to investigate the issue.

Warning The is just a proof of concept and shouldn’t be used in production! I still have some issues with redirects to the new hostname. In the series of encrypting network traffic within HCL Connections and Component Pack: Encrypt IHS Proxypass Traffic To Component Pack Securing Redis Traffic in HCL Connections with SSH Tunnels the customizer part is missing. In a default configuration (or when you install as documented), the traffic from IHS and NGINX that is forwarded to the customizer (mw-proxy) and Ingress is unencrypted.

Some years ago Connections Files changed the catalog view from paginated view to continuous scrolling. This had two caveats: On large monitors (4k for example) only 10-20 files appear and the trigger to start loading more files to complete the list is not working Feed icon (Feed for these Files) to copy the RSS feed URL is hard to get on large file catalogs (scrolling starts, and you can’t right-click to copy)

I’m still working on encrypting all network traffic between Connections and Component Pack servers. This time I checked the Ingress-Nginx Controller - TLS/HTTPS documentation. The default configuration for connecting IHS with Component Pack uses the plain HTTP port 32080. All traffic like /social or the Tailored Experience wizard is routed from IHS to Kubernetes on port 32080. Our target is to encrypt the traffic on port 32443.

At the moment I’m working with a customer to secure all traffic in HCL Connections. The target is to have only encrypted network traffic between servers. Today I started enabling encryption to Redis. This is a documented process, but the documentation is outdated and incomplete.

Today I read the article KB0118248 and remembered my blog post from 2018. I also checked the attached aha idea where a comment states that you can use iframe for Youtube. Despite what KB0118248 incorrectly states, it is absolutely possible to embed videos in HCL Connections blogs and wikis using the HTML video tag as demonstrated in this post.

The HCL Connections documentation describes the process for configuring Windows desktop single-sign-on in a somewhat complicated way. Here are the necessary steps for setting up with the highest possible encryption.

I received several complaints from users who struggle to identify uploaded images in the File Uploads section of blogs. This happens because pasted images get cryptic filenames like editor_image_ + UUID, making it challenging to identify and delete unused images.

I haven’t touched the Connections scripts for a long time, but I recently made some minor updates to fix compatibility issues with newer versions and added small scripts to speed up configuration. I also got the documentation script running from the menu.

Most of the LDAP connections from IBM WebSphere Application Server are configured with TLS. So you need to have the root certificate in the WebSphere truststore to connect.

For HCL Connections 8 CR9, it is mandatory to update MongoDB to version 7. During my first migrations, I encountered some issues and would like to provide workarounds and additional troubleshooting tips to help others with this process.

Some time back, I stumbled upon a flaw in HCL Connections 7 and 8 that allowed for user enumeration. This flaw could be exploited by anonymous users.

Last week, I had three systems with issues displaying the Top Updates in the Orient Me. So I tried to find out which applications and containers are involved in generating the content for this view.

With HCL Connections 6.5 and later, we got the add-on HCL Connections Engagement Center (aka CEC, HCEC, ICEC or XCC) included in a normal HCL Connections deployment.

I had one Connections’ environment that I wanted to switch from OpenLDAP to Active Directory LDAP. The old OpenLDAP environment used LDAPS to connect, and so I assumed that the change was done quickly. The first step was to make a copy of the tdisol folder I used for OpenLDAP and start changing the configuration files for the new LDAP server.

The official documentation, “Migrating data from MongoDB 3 to 5”, wants to dump the MongoDB databases in 3.6 and then restore this data into the newly deployed MongoDB 5. One issue with this process is that we can’t run the two MongoDB versions in parallel on Kubernetes because the provided helm charts and container for MongoDB 3.6 stop running after Kubernetes 1.21. On the other side, the helm chart providing MongoDB 5 can’t be installed on those old Kubernetes versions. So the process to update is:

After updating HCL Connections to 8CR3 and Tiny Editors to 4.9.2.24 the lines of tables are no longer visible during editing. Here is the edit form with Tiny Editors 4.8.2.0:

During a troubleshooting session in Component Pack, I checked the Kubernetes events.

This year, Engage took place at the Felix Meritis in Amsterdam. The Engage board (Hilde, Theo and Kris) did a great job and made this very special conference a great success.

In the last few years, I have had issues with application servers using a large amount of CPU and even hanging application servers running the Tiny Spellchecking service. It ended with disabled spellchecking in the Tiny Editors’ config.js.

I created a git repository with some smaller CSS files to fix some annoyances within HCL Connections. I started with this to prevent Orient Me to load fonts from external URLs or Elasticsearch Metrics to break the UI on larger screens. These issues are solved after the last updates I got from support, but Blogs and Tailored Experience Wizard can be improved with some simple rules.

The annual conference of DNUG took place in Constance from 22nd to 23rd of June 2022. I attended the HCL Connections Roadmap session given by Rene Schimmer and David Strachan. They showed the updates for version 8 and beyond.

After rebooting the Kubernetes server for HCL Connections Componentpack, I sometimes see that Orient Me is not working and just shows: {"error":{"statusCode":500,"message":"Internal Server Error"}}

Our users are often building Highlights and Overview pages within HCL Connections Communities, where they link from one description widget to RTE or from one RTE widget to another. We found that these anchor links often disappear behind the top navigation bar and the users wonder what happened.

Yesterday I updated a Connections environment to the latest CFix. In other environments I found that PushNotification Cluster was not started after the update, like described in the knowledge base document PushNotification broken after upgrading to CFix.65CR1.2201. In this update the application and cluster were running, but not working at all. Browser console.log showed the error: Error connecting to push auth sync service /servic/info: RequestError: Unable to load https://cnx-fqdn/push/service/info status: 500

When I test topics with the different Connections editors (CKEditor, Textbox.io and TinyMCE), I always used multiple users in my test environment, installed the editor selector ear and then gave each of the test users a different editor. That’s easy with the different j2ee roles, but I always had to use multiple browsers or sandboxes to see them next to each other.

Last week I attended Social Connections 14 in Berlin, the event location had a great view and weather was great.