Managing Sender Policy Framework (SPF) Records
SPF allows the owner of an Internet domain to specify which computers are authorized to send mail with sender addresses in that domain, using Domain Name System (DNS) records. Receivers verifying the SPF information in TXT records may reject messages from unauthorized sources before receiving the body of the message. Thus, the principles of operation are similar to those of DNS-based blackhole lists (DNSBL), except that SPF uses the authority delegation scheme of the Domain Name System
SPF works for any mail system so deploying it is a must as some recipients are now requiring entries or they block your email. Read more in the article right here or leave your questions below.
I even have some links in the article to let you validate your new or existing SPF records.
-
for this posting
On Monday, July 13th, 2015 by Chris Miller
What is the POODLE vulnerability - back to basics
As long as both the server and the client (web browser) support SSL 3.0, the attacker can force a downgrade in the protocol, so even if your browser tries to use TLS, it ends up being forced to use SSL instead. The only answer is for either side or both sides to remove support for SSL, removing the possibility of being downgraded.
So if an attacker can force your browser down to the older SSL 3.0 then they could cause some problems. While vendors are hurriedly trying to patch their software, pretty much everyone was still supporting SSL 3.0 on their servers and of course your browsers do too. The only true solution is for both the web servers and the browsers to remove support for SSL 3.0 and force everything to TLS (transport layer security).
You can temporarily disable SSL 3.0 (and prior) in your own browsers for the time being. Just be warned that if a site you frequentdoe not for some reason support TLS then you cannot get a secure connection once you do this. Firefox will be making an update in late November under version 34 that removes SSL 3.0. For now you can manually add a SSL Version Control extension to assist.
Google Chrome can be adjusted by simply changing your shortcut to force TLS as the minimal SSL connectivity. They will have a Chrome update soon that will address it for the end users.
Lastly Internet Explorer (IE) has a manual way fix you can do today. I could not find a date yet on when they will update to fix the problem but in your Advanced tab and the Security section you can simply click to disable older SSL and make sure TLS is enabled for connections.
-
for this posting
On Thursday, October 23rd, 2014 by Chris Miller
Skype 6.21.104 is consuming way too much memory
So I uninstalled Skype 6.21.104 to go back to an older version. My choice was the last Skype 5 version I could find of 5.10.0.116 and ran into a new issue
Since yesterday, all versions of Skype below Skype 6.13 for Windows and Skype 6.14 for OS X are blocked and do not allow you to sign in.
There are all sorts of hacks and workarounds to get old versions to go but that was not what I needed. I wanted to go back at least a few point releases to lower the memory usage again. So this got troublesome. Skype has the newest version plus the very slick looking beta. By the way the beta used even more memory as shown here
So I dug around for sites with the older version listed. I was lucky to find the whole list on Soft32. I went back to 6.14.132.104 and got the following memory results
So for now I will stay on an older version of Skype, even though the new beta was much nicer looking.
-
for this posting
On Thursday, October 16th, 2014 by Chris Miller
IBM Redbooks launches a mobile app
The mobile app is available for both iOS and Android devices. Continue Reading here" IBM Redbooks launches a mobile app" »
-
for this posting
On Tuesday, May 13th, 2014 by Chris Miller
VMWare Fusion 4 review
You can also watch the VMWare Fusion 4 video in full HD on YouTube.
I had the opportunity to get a copy of VMWare Fusion 4 to review and I am more than pleased. I have been an avid user of version 3 on my Macbook for some time, and enjoyed the ease of working with multiple operating systems for demos and testing.
VMWare Fusion Version 4 stepped up it's game with tons of enhancements, speedier graphics and better stability. Take a look at the video for more.
Note: the links above are Amazon Affiliate links. I do hope you buy from there :-)
Also, make sure you keep up with all the product reviews from Spiked Studio on YouTube.
-
for this posting
On Tuesday, December 6th, 2011 by Chris Miller
May 2011 Sys Admin Tips is out on LotusUserGroup.org
In this May 2011 edition I talk about Lotus' attempt at the Exceptional Web Experience and the following:
* From the Editor: Chris' -0.0123 SOC
* From the IdoNotes Mailbox: Removing Encryption On a Local Database
* IBM Social Business Toolkit and Wiki
* Quick Tip: Free Sametime Plug-ins
* From the IdoNotes Mailbox: Plug-ins and Updatesite
Make sure you also:
* Register for IamLUG 2011! The doors are open for attendees, speakers and sponsors. The event will be FREE for all attendees and is being help Aug 1-2, 2011.
* Register for TackItOn again right after IamLUG. This full day (paid) event brings Matt White for XPages 201 and Paul Mooney for Lotus Traveler
* Sign up for both the Consultant In Your Pocket and IdoNotes newsletters in the upper right corner of the blog. Get early notices before the public, webcast information and commentary not found on the blog. Did I mention the two free whitepapers on DCC and Search in Lotus Notes just for signing up?
-
for this posting
On Thursday, May 26th, 2011 by Chris Miller
GoogleGroups is becoming a spammer’s paradise
Recently I have been watching not only my own mail account but the logs of caught spam across a ton of customers. By domain. You would not think that GoogleGroups would be getting marked, as people subscribe to them for the most part. What I am finding is that spammers are now creating GoogleGroups and adding huge lists to them.
Enterprises for the most part will trust Google as an authorized sender. So unless the email contains words or other variables to set off triggers, they are getting through. User's are then blocking the reply-to address or all of GoogleGroups, depending on how they were trained or what type of spam filter they are using.
Even the DomainKey and DKIM are matching for hostname lookups since it is Google sending the email. The funny thing is you may not even use the address being sent to as a Google account, so removing yourself is even harder.
Most of the senders are technology based companies, so reporting them inside of Google is troublesome to do as well, so you find yourself just marking it as spam and moving along.
-
for this posting
On Wednesday, March 16th, 2011 by Chris Miller
All the world’s flights in a day (video)
A great way to spend a minute and seventeen seconds seeing just how connected the world is.
-
for this posting
On Sunday, January 9th, 2011 by Chris Miller
Thoughts on "10 ways SharePoint 2010 will impact your Lotus Notes migration"
I received a link from a customer to this ComputerWorld article with the title 10 ways SharePoint 2010 will impact your Lotus Notes migration. The first thing the article does is make a very bold statement:
Over the past five years, many organizations have abandoned their legacy Lotus Notes/Domino environments
What constitutes legacy? An application that drives their entire business? An application that is a workflow built over many years to save huge amounts of costs for the enterprise?
So why didn't the companies move these applications?
Their concerns range from the cost of rebuilding applications on SharePoint to uncertainty about whether SharePoint has the capabilities needed
I beleive they catch the main reason right away. The article goes on to to start the list of how it is easier, or should be. Even though they list limitations right away.
1. Scalability: It’s not unusual for Notes databases in large enterprises to contain tens of thousands of documents. Organizations attempting to move this content to SharePoint 2007 ran into some severe size limitations on SharePoint lists and libraries. With SharePoint 2010, however, the recommended maximums for many criteria have more than doubled
So right away they admit even with Sharepoint 2010 there is still limitations in large databases. They even note this about keyword fields into the managed metadata store. The scaling and ease of migration is not there.
Office integration, their point #3, is a non-issue. I think John Head has been preaching this for years in his integration sessions. This already exists inside the Notes and Domino world
4. Offline Capabilities: Although many of us count on continuous internet connectivity and bandwidth, many legacy Notes applications depend on the ability to “go offline.” Notes is famous for its ability to replicate to your laptop whatever data you need to continue working while unplugged.
They admit Notes is famous for offline capability so Sharepoint tries to cover this with Workspaces. They taught that it is based on Groove (no defunct in the grand sense) and the same developers that built it for Notes. Maybe some, but the movement and capabilities have far outgrown what ehy know and can do.
Sharepoint Online makes it presence known in post #5. Domino has has hosted offerings for a long time from such partners as Connectria, and now LotusLive. Nothing new here exept competition they had to offer. Move along.
The rest of the points were design capabilities which Notes has been ruling for years in the RAD world. Point 9 even tries to promote workflow. Are they serious? Workflow comparisons? Lotus Notes stomps all over workflow.
So it all made sense at the end being written by a Sharepoint migration partner/specialist. that also runs a blog on the topic.
-
for this posting
On Tuesday, December 28th, 2010 by Chris Miller
What’s New in Domino 8.5.2 Administration - FREE webcast
- Managed mail replicas
- Forced client ODS upgrades
- Domino diagnostic probe
- Administrative accounts for plug-in deployment
- Detecting corrupt databases
- Directory assistance changes
- Miscellaneous changes included!
Head over to the free webcast registration page for the event and get your team signed up! Remember, it is free and only last just over an hour
-
for this posting
On Monday, November 8th, 2010 by Chris Miller
How Lotus Greenhouse catalog breaks widget downloads from working
You can also watch the above video in HD on my IdoNotes YouTube channel right here. A wiki article has been created as well.
After submitting my Lotus Blogger Search Widget successfully to the Lotus Greenhouse Catalog last week (original posting), I was happy to see downloads start. Then the comments of failure began. Well after some sleuth work and willing testers, I found the cause and solution which I posted there. I am more than happy to share those comments and thoughts here as well. Remember it is not a plug-in, a widget.
In order to successfully download my widget, and future ones successfully, from the Lotus Greenhouse you must do the following crazy steps:
Open your local names.nsf -> Advanced -> Accounts -> greenhouse.lotus.com entry -> edit -> supply missing credentials -> save and close -> restart Notes -> drag widget again successfully
Basically the widget can only be accessed via a username/password even for the xml file. So Greenhouse attempts to create a local account. The local account it creates on the fly can not get your web credentials to the Greenhouse site. So the error is generated.
Apparently Lotus has known about this for at least 8 months since I found a document addressing it from Feb 2010. No fix, no solution and a bad way to get it. I will point users to my blog instead for now.
(Update before this got published) Lotus has acknowledged this is a Notes regression bug under Spr OAGU88XK87 that worked in Notes 8.5 and broke in 8.5.1 and 8.5.2. This will make it in 8.5.2 FP1 and 8.5.3 but it is a client fix. Keep that in mind.
All of this had nothing to do with the widget itself as it only allows you to select text in any Notes document, right click and do a custom search!
-
for this posting
On Monday, November 1st, 2010 by Chris Miller
IBM Blueworks Live goes live Nov 20th
IBM Blueprint is launching into the next evolution of the software with Blueworks Live. A web based solution for collaboration in process improvement. It includes discovery, mapping, documentation and analysis.
Blueprint's ease-of-use, browser-based delivery and wiki-like structure have changed this and allow stakeholders inside and outside your organization as well as across functions, campuses and even oceans to collaboratively participate in process improvement. Blueprint takes the practice of process from the hands of the few and spreads it throughout your organization. In effect, the Blueprint platform becomes the central communication platform for collecting, sharing and improving how work gets done in your organization.
IBM is launching a free (limited) version as well as a paid professional version. The paid version adds a bunch more functionality such as:
The addition of Visio import is cool if the online software is just as powerful. I walked through thr account creation process and it was as easy as filling out 5 lines and then I had a full 30 day trial. After the 30 days I could pay for pro or keep using the free version (I will see how this works in 30 days).
-
for this posting
On Wednesday, October 27th, 2010 by Chris Miller
September 2010 Sys Admins Tips is out on LotusUserGroup.org
In this September 2010 issue I talk about the Domino 8.5.2 release with you and the following:
IN THIS ISSUE #62
* From the Editor: Chris' 0.79500 HTG
* From the IdoNotes Mailbox: Changing the Inbox Style for Lotus Protector
* Multi-threaded Replication and More in Notes 8.5.2
* Quick Tip: The One Catch We Found in Domino 8.5.2
* From the IdoNotes Mailbox: Finding Notes Jobs
Make sure you:
* head over to Consultant In Your Pocket and catch upcoming FREE webcasts and full replays of previous webcasts
* catch up on the entire Google Apps Migration for Lotus Notes (GAMLN) series here on IdoNotes
* share this with all your geek friends across the social networks
-
for this posting
On Wednesday, September 22nd, 2010 by Chris Miller
Lotus Blogger Search Engine widget updated again for Lotus Notes
In order to provide to best results, the custom widget for your Lotus Notes client has been updated with more blogs and removing some that went offline. You simply grab the widget from the public catalog or download from the below linked posts. You can also expand this even further by grabbing the plug-in Julian, of SNAPPS, created joining his search bar and the widget together.
If you don't understand what it offers, here is a quick description:
The custom blogger search is based on the Google CSE and now includes over 350 Lotus related blogs, wikis and technical sites. It only searches these sites for speed and web search efficiency. You can further trim searches down by the categories that are being built such as Sametime and webcasts. This allows you to find information quickly you know you read on some blog at some point. PlanetLotus can handle recent lookups, but going further back in the archives is an issue, mainly if they were around before being added.
If you have any questions, please leave a comment.
Related Postings
Subject | |
SNAPPS and IdoNotes launch free search plug-in for Lotus Notes | |
New widget : Search across all Lotus blogs with a right click |
If you need help in deploying widgets and plug-ins, watch this webcast on Plug-in and Widget Deployment for Lotus Notes from Consultant In Your Pocket which covers this very topic.
-
for this posting
On Monday, September 20th, 2010 by Chris Miller
ThisWeekInLotus recording beinn broadcasted live from NLLUG
Paul Mooney, Mary Beth Raven, Stuart McIntyre, Suzanne Livingston, me and more..
-
for this posting
On Friday, September 10th, 2010 by Chris Miller
Consultant In Your Pocket webcasts now via iTunes
Upcoming webcasts include:
- Lotus Protector for Mail Security - Sep 1 2010
Recent replays available include:
- Sametime: A User's Perspective
- Going Beyond Deploy and Pray - Application Release Cycles
- eDiscovery Primer for Domino Administrators
- Deploying Plug-ins & Widgets for Lotus Notes and Sametime
Recent whitepapers released:
-
for this posting
On Friday, August 27th, 2010 by Chris Miller
Dynamic Client Configuration (DCC) for Lotus Notes and Domino whitepaper released
- History
- Functionality
- Troubleshooting
So how do you get your hands on this right away? Simple.
Subscribe to the IdoNotes newsletter (make sure you select that group as one of your choices) in the upper right corner of this blog. Within 24 hours you get a welcome email with the link to the whitepaper and notices on the upcoming ones as well.From then on stay subscribed to keep up to date with the latest commentary only newsletter readers get to see. Feel free to subscribe to Consultant In Your Pocket, TheSocialNetworker or simply general interest as well.
-
for this posting
On Wednesday, August 25th, 2010 by Chris Miller
Domino 8.5.2 with the second most fixes since Domino 7.0.1
-
for this posting
On Thursday, August 19th, 2010 by Chris Miller
August 2010 Sys Admins Tips is out
IN THIS ISSUE #61
* From the Editor: Chris' 1.0000 LUG
* From the IdoNotes Mailbox: Are Agents Executed At Once?
* LotusLive Hosted Notes
* Quick Tip: Spellchecker in 8.5.1 Doesn't Skip All
* From the IdoNotes Mailbox: Sametime 8.5.1 Released, Now What?
Make sure you:
* head over to Consultant In Your Pocket and catch two upcoming FREE webcasts (one being August 18th!! ) or free full replays of previous webcasts
* catch up on the entire Google Apps Migration for Lotus Notes (GAMLN) series here on IdoNotes
-
for this posting
On Tuesday, August 17th, 2010 by Chris Miller
FREE "Bag O’ Schwag" at upcoming webcasts from Consultant In Your Pocket
Join Kathy Brown as she returns to provide you a fun session "Going Beyond Deploy and Pray" on August 18th 2010, 10am CST, covering the following:
Thanks to Lotus and Domino’s rapid application development platform, many developers find themselves in a deploy-and-pray application release cycle. That can be fine for simple applications in uncomplicated environments, but what happens when the feature requests get more and more complex? Come hear about different techniques for managing Lotus and Domino application deployment and how to get beyond deploy-and-pray!
You can register for Deploy and Pray immediately right here.
Join Tom Duff and Marie Scott (Tommy and Marie as they are known now) on Sametime: A Users Perspective taking place August 25 2010 at 10am CST . With the pending launch of their upcoming book on this very topic, follow along as they take you down the path of what a user sees in your environment and how to better think like them when deploying features and functions.
You can register for Sametime: A User Perspective right here
** Yes, we will be using the webcast attendee names of those that actually attend (not just register) to be fair. You can always watch the replay online after the event, but then you only get to see virtual "Bag O' Schwag".
-
for this posting
On Monday, August 16th, 2010 by Chris Miller
July 2010 Sys Admins Tips is out
IN THIS ISSUE #60
* From the Editor: Chris' 0.152847 ZAR
* From the IdoNotes Mailbox: How Do I Remove Recent Contacts
* Recent Contacts - A New Evil?
* Quick Tip: Domino 8.5.1 FP3 Forgot the Router FIx
* From the IdoNotes Mailbox: Lotus Notes 8.5.1 Client Crashes
Make sure you:
* head over to Consultant In Your Pocket and catch one of the upcoming free webcasts or free full replays
* head over to IamLUG and register for the upcoming North American Lotus User Group meeting in August 2010
* catch up on the entire Google Apps Migration for Lotus Notes (GAMLN) series here on IdoNotes
-
for this posting
On Wednesday, July 21st, 2010 by Chris Miller
TDI for Developers - the webcast tomorrow
Join Marie Scott and Thomas Duff as they introduce you to the fundamentals of Tivoli Directory Integrator and then show you how you can set up your own TDI jobs to take your data synchronization requirements to the next level. In this session, the focus will be on non-directory data integration from a development standpoint, with a future session targeted towards the administrative use of TDI to synchronize directories across operating systems and platforms
They are also planning the TDI for administrator sessions to follow shortly
-
for this posting
On Tuesday, April 27th, 2010 by Chris Miller
Announcing the Lotus Custom Blogger Search Engine
I had this in the works for some time, but the list was not fully up to date. It is now updated with all the Lotus blogs I could find. I built a Google Custom Search Engine to weed out sites that try to use keywords to draw some of the search focus away. This way we can quickly sort through all of the blogger and technical Lotus content with a narrow focus of a half a thousand sites.
You will always find this engine in the search section on the right side of my IdoNotes blog homepage. I went ahead an embedded it in this posting as well for you to start using and sharing. If you or any site is missing, the index is building still. If by Monday you do not show, ping or email me and I can quickly verify with some filtering.
-
for this posting
On Friday, April 23rd, 2010 by Chris Miller
Awesome new Consultant InYour Pocket webinars and site redesign
- Comparing LotusLive, Domino Hosting, Disaster Recovery and More - April 15th. This is great for admins and managers alike to see how to compare and what the differences are.
- Lotus Developer Tips Every Dev Should Know - April 20th. This is with Tom Duff and Kathy Brown, sponsored by the good folks at Ytria
- Tivoli Directory Integrator (TDI) the Best Free Tool You have Never Heard Of - for developers on April 28th with Tom Duff and Marie Scott
The site itself underwent an overhaul in look and feel last night. It also has it's own RSS feed for you to keep up to date with all the new dates.
There is a bunch of upcoming webinars planned covering Lotus Protector, policies, DAOS, ID Vault and more. Too many to list. So get over there, register and share the events as well with other administrators, developers and user groups
-
for this posting
On Tuesday, April 13th, 2010 by Chris Miller
March 2010 Sys Admin Tips is out
In this March 2010 issue I talk about filtering yourself (or not) and the following:
IN THIS ISSUE #56
* From the Editor: Chris' 0.0133167 FKP
* From the IdoNotes Mailbox: Move Sametime Server to Existing Domino Server
* Quick Tip: How Does a Consistent ACL Affect Local Replicas?
* From the IdoNotes Mailbox: What is LotusLive iNotes Versus iNotes?
Don't forget to visit CertFX from the banner above and use the coupon code "IdoNotes" to get up to 25% OFF YOUR EXAMS
-
for this posting
On Tuesday, March 16th, 2010 by Chris Miller
February 2010 Sys Admin Tips is out
In this February 2010 issue I talk about the start of Lotusphere 2010 and the following:
IN THIS ISSUE #55
* From the Editor: Chris' 0.0518 XCD
* From the IdoNotes Mailbox: ICM and iNotes Return
* Directory Independence has Been Pulled From Domino Plans
* Quick Tip: Multiple Attachments In iNotes Showing Incorrectly
* From the IdoNotes Mailbox: Which Domino Blog Template Should I Use?
Don't forget to visit CertFX from the banner above and use the coupon code "IdoNotes" to get up to 25% OFF YOUR EXAMS
-
for this posting
On Thursday, February 25th, 2010 by Chris Miller
January 2010 Sys Admin Tips is out
In this January 2010 issue I talk about the start of Lotusphere 2010 and the following:
IN THIS ISSUE
* From the Editor: Chris' 1.2010 MMD
* From the IdoNotes Mailbox: Business Card Photos in the Domino Directory
* Quick Tip: Disabling Remote Images in Lotus Notes Mail For Security
* From the IdoNotes Mailbox: Large File Uploads in Quickr
Don't forget to visit CertFX from the banner above and use the coupon code "IdoNotes" to get up to 25% OFF YOUR EXAMS
-
for this posting
On Wednesday, January 20th, 2010 by Chris Miller
Top posts in 2009 from the top 20 bloggers on PlanetLotus (from all bloggers)
*** as a side note I did remove the LinkJam entry since it was a link to another place and not an individual or team blog posting
-
for this posting
On Monday, January 4th, 2010 by Chris Miller
December 2009 Sys Admin Tips is out
In this December 2009 issue I talk about my annual goofy & geek Christmas gifts and the following:
* From the Editor: Chris' 1.0000 XMAS
* From the IdoNotes Mailbox: Mail Disclaimers on NRPC mail
* Configuring Sametime and iNotes (Domino Web Access)
* Quick Tip: Are You Running DAOS on i? There Are Immediate Fixes
* From the IdoNotes Mailbox: BES 4.1.7 and Domino 8.5.1
Don't forget to visit CertFX from the banner above and use the coupon code "IdoNotes" to get up to 25% OFF YOUR EXAMS
-
for this posting
On Thursday, December 17th, 2009 by Chris Miller
November 2009 Sys Admin Tips is out
In this November 2009 issue I talk about the following, and pay special attention to the "Win the Fight to go to Lotusphere" section:
* From the Editor: Chris' 0.159650 MOP
* From the IdoNotes Mailbox: Transaction Logging the Notes Client
* Win the Fight To Go To Lotusphere
* Quick Tip: Google On the Hostname Change Game Again
* From the IdoNotes Mailbox: Deploying Signed Widgets and Plug-ins
Don't forget to visit CertFX from the banner above and use the coupon code "IdoNotes" to get up to 25% OFF YOUR EXAMS
-
for this posting
On Wednesday, November 18th, 2009 by Chris Miller
IBM opens SWAN - no not the Lotusphere hotel
Get your software, pre-sales questions answered on SWAN, the IBM Software Answer Network. You can ask sales, strategy and technical questions. When you submit the question, SWAN automatically routes it to one of our 1,200 IBM Software Group experts. Once the question is answered, you are promptly notified by e-mail.
The IBM tool that provides simple search against a wide variety of published technical resources across over 70 data sources is known as Business Partner Q&A (BPQA)
Now, I tried to log in and you do need an IBM id first. You are directed to the BPQA (Business Partner Q&A) first. You must search first befire you can submit any question, which actually make sense. Acronym lookups are available to help in understanding what you are searching for or what they are requiring. Here is a sample screenshot of the Q&A busy busy page.
I hope I didn't forget to mention:
Some eligibility criteria apply. Entitled Business Partners can ask a new question using Software Answer Network, or SWAN. SWAN is available to Advanced and Premier level Business Partners and Value Added Distributors. Member level Business Partners who have purchased the Value Package can also ask a new question using SWAN.
-
for this posting
On Monday, November 16th, 2009 by Chris Miller
October 2009 Sys Admin Tips is out (oops almost forgot)
In this October 2009 issue I talk about the following, and pay special attention to the editor comments section:
* From the Editor: CHRIS' 8.86624 XOF
* From the IdoNotes Mailbox: The ID Vault and Lotus Notes 7.0.2
* To Package or Not Package My Client Deployments
* Quick Tip: Lotus Notes 8.5.1 Calendar Drag
* From the IdoNotes Mailbox: Sametime Gateway Sizing
Don't forget to visit CertFX from the banner above and use the coupon code "IdoNotes" to get up to 25% OFF YOUR EXAMS
-
for this posting
On Tuesday, November 3rd, 2009 by Chris Miller
September 2009 Sys Admin Tips is out
In this September 2009 issue I talk about the following:
* From the Editor: CHRIS' 0.0542000 SRD
* From the IdoNotes Mailbox: Two Out-Of-Office Agents Per Mailfile
* Potential Security Issue with Microsoft Excel File Viewer in Lotus Notes
* Quick Tip: Display Your Current Timezone in the Business Card Feature
* From the IdoNotes Mailbox: Too Many Mobile Device Types
Use the discount code of "IdoNotes" to get up to 25% off your CertFX practice exams for certification
-
for this posting
On Wednesday, September 23rd, 2009 by Chris Miller
Domino 8.5 is doing the disk space savings dance here
- Set up transaction logging
- make the ODS in 8.5 format (50)
- click a few flags
- start firing off the attachments
The benefits of usage and savings were staggering in the on disk sizes. Savings were in the 40-50% range right now. Here is the good news many people are missing. It is not shared mail in any way. it uses new NLO (Notes Large Object) file types and the darn thing works across ANY freaking database that shares the attachment and is enabled for DAOS.
DId I say any database? Yes, discussions, and soon I would think Quickr.
-
for this posting
On Wednesday, August 20th, 2008 by Chris Miller
July 2008 Sys Admin Tips Newsletter is out
IN THIS ISSUE
* From the Editor: Chris' 0.021135 CAD
* From the IdoNotes Mailbox: Sametime Issue for the Blackberry
* Overcoming Issues Using Lotus Sametime with an IP Sprayer
* Quick Tip: Lotus Notes Traveler 8.0.1 Releases HotFixes
* From the IdoNotes Mailbox: Placing a Pilot Domino 8 Server in the Same Domino Domain
Leandro from IBM Brazil also emailed me already and pointed out that the tip for piloting omitted (maybe during editing, who knows) that you should create non replica template copies or set the replication for that server to not include any .ntf files.
-
for this posting
On Thursday, July 31st, 2008 by Chris Miller
Epilio did in 2 days (free) what Lotus hasn’t done for Sametime in 8 years
So the basics are this:
- You could never give users a pre-defined buddylist
- Users had to manually go in and add public groups/private groups and people
- You want someone in particular added to buddylists, like a bot name
The install was simple. I chose to place it on my Sametime server directly for testing. You can install on another machine, but then you need to trust the IP of that machine in stconfig.nsf. I skipped that for testing. Large amounts of processing will take time, of course. But i was quite fast and the results are immediate. Here is the real kicker to the whole thing.
The tool can run while the server is up and the user is logged in. No downtime
Carl and his team at Epilio went as far as to create an actual manual with screenshots that can be found right here. in pdf format. Amazing job and a welcome toolset for my team.
-
for this posting
On Tuesday, July 29th, 2008 by Chris Miller
Warning and request to these awesome Notes 8 sidebar app developers
I need you to create these in one of two ways:
1. as a downloadable feature in a zip file
2. or in a siteupdate database I can import.
One of the below sites I visited today gives specific instructions on how to change the client to allow remote site updates. Unfortunately, policies will revert and disable this for all the users. By providing me with one of the 2 options above, I can guarantee my users will get the plug-in and I can control distribution, security and resigning. I also do not allow them to go to outside update sites from those that I specifically list in my configurations. I really want them to use your apps, but it has to be controlled on this end. If you need help in building a site, let me know. I can easily assist.
Some cool ones:
- SideLog by Jeff Gilfelt - awesome tool for working with the Notes log files
- Formul8 also by Jeff - a developer tool to write formulas
- SecretAgent again by Jeff - see all the agents in a database
- TwitNotes by Mikkel - unfortunately I think it is broke for 8.5
Update: John Head in the comments mentions the widget. Unfortunately that is now a requirement for your site to work, Lotus broke plug-in control and I won't allow foreign widgets that pull sites either and no one else should. Good comment John.
-
for this posting
On Tuesday, July 22nd, 2008 by Chris Miller
Using TweetScan to keep up with unhappy Notes users
** qrush : Lotus Notes may very well be the most over-complicated office tool ever devised by mankind. It's a UI disaster
** aaron_miller : Woo upgrading to Lotus Notes 8 tonight
** careca : lotus notes blows! give me gmail!
** ckwebgrrl : Hating Lotus Notes... I'm starting to sound like a broken record :(
** aaronmcohen : Lotus Notes works again....Oh Joy.....wait.....now I see all the meetings I need to go to.....damn!
** seanjackson : oh, lotus notes, how I hate you so....
** whitneyhess : @mariobourque Ooh you're right. There is something worse than Outlook. Lotus Notes!
** richrecruiter : Retweeting @kellsworth: Lotus should have been left to karate and plants, and stayed away from Notes and emailing.
So what you find is people that have either bad installs or badly managed environments. You could go on for days reading these as they come across but I thought others might find it interesting.
You can also expand this and make more scans for your company name, product or even yourself.
-
for this posting
On Monday, June 9th, 2008 by Chris Miller
Why the current Eclipse Update Sites in Domino sucks
EDITOR NOTE (May 21 1pm): Everyone understand, the Eclipse Update Site template is one of the better things Lotus has created and shipped that outshines other site update tools. I love the template and the guy that write it (hey to TG on amazing work as usual). I am only talking about the process by which the client uses this template.
Instead of using policies in Notes 8 to force clients to see an update site, they chose server configuration documents. Let me break down what is bad about that in a moment. Currently, most every admin will want to make sure the ability for clients to install their own stuff is turned off. Ok, that works. However, you must then place an update site link in the server configuration doc that the user never seems to see. Why the heck didn't you use policies? The server configuration document has the global setting for both Smart Upgrade and then Provisioning, but the Desktop settings policy only has Smart Upgrade as shown here:
So what is expected is that each user will hit the server and see the server configuration document. This in turn will somehow get them the provisioning database or site.xml from there. Well this opens another can of worms. We teach and implement multiple places to reduce the extreme number of server configuration documents and to simplify. But if I want users on different home servers to hit alternate update sites only, then I have to go back and create multiple server configuration documents. Conflicts terribly. The site update database was built with replication in mind. I can create it once, push it out all over and have users hit sites local to their area for performance. With a policy I would be all set.
The real kicker here is that the client never seems to see this new setting and never gets the provision on a consistent basis. I have had one or two magically work, and others never work. All at the same server with the same version of client. Riddle me that Batman, both why it sometimes works and why it isn't in any policy setting to do controlled/distributed provisioning.
-
for this posting
On Wednesday, May 21st, 2008 by Chris Miller
Notes 8.0.1 Standard on Citrix - can you count to 4 users only?
Unfortunately, they want all the bells and whistles, but back to basic mode they have to do.
-
for this posting
On Thursday, May 8th, 2008 by Chris Miller
Visually trending talk of Lotus Notes on Twitter
The downside was that many of the Lotus Notes postings were negative. How about some more positive tweets?
-
for this posting
On Thursday, April 24th, 2008 by Chris Miller
Do your users understand a stoplight signal?
Lotus could not have made seeing quota limits any easier and for training users on new features in 8.0.1 as we deploy
-
for this posting
On Wednesday, April 23rd, 2008 by Chris Miller
Taking S/MIME out to pasture
Then it hit me. Why are we going through so much work here? So we got a common and known Internet certificate for both servers, made sure that the other side could understand it and forced all communication via TLS from SMTP to SMTP. Their whole point was encrypting data between the Internet flow, not necessarily once it was received since multiple people may need access to the data.
We set Domino 8 to force the TLS conversation and stop if it could not make one. We made sure the other server understood to start a TLS conversation when asked and off we went. Secure Internet mail flow between disparate sites at will.
-
for this posting
On Friday, April 18th, 2008 by Chris Miller
Bug in the Sametime Advanced installer - Applianceware version
Chalk one more up on the wall.
-
for this posting
On Thursday, April 3rd, 2008 by Chris Miller
The attendee love/hate of ND8 - Copenhagen
- 95% of the attendees use Sametime
- 100% were at 6.5.x or higher and wanting to go to Domino 8.0.1
- Not having Citrix support already for the Standard client made more than one of them very disappointed
- Widget policies were a selling point
- Lotus Connections, Lotus Protector and mainly Productivity Tools were not anything they cared about. Did I mention Productivity Tools?
- Companies in size from 250 users to 40,000 all really use Domino
- Some admins are lucky when they get to go to Brazil for 9 days to install one Domino server
- Lotus Foundations is a cool product if you don't already have a Domino domain, which they all did of course
- Integration of Sametime is awesome
- Integration of Activities is confusing
- The Sametime Gateway is of interest to them
- Coffee breaks are not often enough, mainly after huge lunches
- Attendees love free tools that we give away
- Expanded policy control for desktops and security will be implemented right away
- People are tired of Smart Upgrade and want full provisioning
I am sure there is a few other I will add in. To summarize, the love Domino 8 and wish there was few more things that had made it into the product at the same time. Social networking over here is not popular, while internal chat is. They always have very specific and unique questions that we love getting answers to for them. So excuse me while I collapse, eat a final dinner here and then head home tomorrow . Check my "Where am I headed" tab to see the cities I have booked up.
-
for this posting
On Wednesday, April 2nd, 2008 by Chris Miller
"Update Status after login" error in 8.0.1 - close to solving
-
for this posting
On Friday, March 28th, 2008 by Chris Miller
Remove your DNS Blacklists? One spam provider says so
I hate to discourage the use of any technique that can stop spam, but I think DNS blacklists should no longer be used by Lotus Domino (IBM Domino) email administrators.
So then jump down to the comments and see what others have to say:
Blacklist can produce false positives but really have positive impact on load. Especially when our SMTP server have limited bandwidth and ratio rejected/accepted messages is high as on our server (we have over 90% rejected connections). Then disabling DNS blacklist does mean that our load on line will be 10 times bigger which is of course unacceptable.
So to our customers that saw this, I write my opinion here. While someone may be blocked accidentally for whatever reason, there is the phone. The load that could come from this on your server is not worth letting a Domino based spam solution solve.
-
for this posting
On Friday, March 28th, 2008 by Chris Miller
NotesPing as a server setup tool?
Determining path to server XXX.XX.XX.94
Available Ports: TCPIP
Checking normal priority connection documents only...
Allowing wild card connection documents...
Enabling name service requests and probes...
Checking for XXX.XX.XX..94 on TCPIP using address 'XXX.XX>XX.94'
Connected to the wrong server SaidServer2/SaidDomain using address XXX.XX.XX.94
Connected to the wrong server SaidServer2/SaidDomain using address XXX.XX.XX.94
Unable to connect to XXX.XX.XX.94 on TCPIP (Connection denied. The server you connected to has a different name from the one requested.)
Checking low and normal priority connection documents...
No default passthru server defined
So NotesPing showed us that the server they gave us as an IP address and name, was not the right one for one of the two variables for the setup. Correcting either the IP address for the SaidServer or the server name for the IP address solved the issue.
-
for this posting
On Monday, March 24th, 2008 by Chris Miller
Understanding the new AOL IM filtering rates
- The rate limit numbers are not linear
- The rate limit numbers are built dynamically with an algorithm, meaning each company will be different
- If you run a bot that does heavy traffic, like an automated helpdesk or query bot, through your Sametime Gateway into the Clearinghouse, you may contact AOL to have it provisioned
So as you see there is no hard numbers per customer, per connected Sametime Gateway. It is a dynamically changing rate based upon your normal usage. Now I know they do not have 40 guys that are there doing simple math charts. Which means that if you suddenly spike the amount of traffic you are sending through the gateway into the AOL Clearinghouse, you might get limited down until they figure out what is going on. Meaning you might end up calling them. So if you are implementing a new bot, I would get in touch with them and get it provisioned first
Make sense? If not let me know.
-
for this posting
On Friday, March 21st, 2008 by Chris Miller
March Sys Admin newsletter is out.
IN THIS ISSUE
* From the Editor: Chris' .4630821 VGS
* From the IDoNotes Mailbox: Bringing Together Multiple Sametime Services
* Part 2 of 3: Domino Monitoring and Reporting
* Quick Tip: Can Both Lotus Sametime and QuickPlace/Quickr Be Installed on the Same Server?
* From the IDoNotes Mailbox: Websphere Books For the Sametime Gateway and Sametime Advanced
-
for this posting
On Thursday, March 20th, 2008 by Chris Miller
GoogleTalk expands to AOL with Open AIM
They are not federating the two services, rather Google grabbed onto Open AIM and said why not log in from our interface into both. So Google Talk becomes a consolidated IM client.
-
for this posting
On Monday, March 17th, 2008 by Chris Miller
Domino 7.x and higher HTTP server bug we found today
All the Domino servers restarted successfully as a core, but any server that had HTTP in the servertasks= line would not fire up the task after the hard shutdown. We had to manually go in and start it to clear the alert. This was on all the servers 7.x and higher (sorry no older ones to test on)
hmmmmm
-
for this posting
On Wednesday, March 12th, 2008 by Chris Miller
February started a 3 part Sys Admin newsletter series on monitoring
What are you waiting for?
-
for this posting
On Friday, March 7th, 2008 by Chris Miller
review of new chat product Digsby
-
for this posting
On Wednesday, February 27th, 2008 by Chris Miller
LinkedIn goes mobile - wap and iPhone (does anyone use it?)
-
for this posting
On Monday, February 25th, 2008 by Chris Miller
Interesting pop-up during 8.0.1 install
Interesting since it was a workstation... with an upgrade happening ..from Notes 8.0
-
for this posting
On Monday, February 25th, 2008 by Chris Miller
Upgrading to Lotus Notes and Domino 8.0.1 document
IBM Lotus Notes and Domino 8.0.1 (including Lotus Domino Web Access and Lotus Notes Traveler) are now available to address issues and provide new features. The following document contains important resources to assist you with your upgrade to Lotus Notes and Domino 8.0.1.
-
for this posting
On Tuesday, February 19th, 2008 by Chris Miller
A Lotus Support Mega Feed widget and Google Gadget for you..
Note that you select which technote you want and click the twisty to have it slide open to see more of the entry
|
-
for this posting
On Tuesday, February 5th, 2008 by Chris Miller
Well the kids already have Sametime, who not this..
Seems to me the old idea of be home by dark is gone.
-
for this posting
On Monday, January 7th, 2008 by Chris Miller
Sametime 8 client hotfix issued - I saw this one coming
Without implementing this fix, administrators will not be able to successfully maintain Sametime Connect clients and keep them up-to-date with the latest maintenance releases.
If the Sametime 8.0 Connect client has not yet been deployed, administrators can simply replace the provisioning manifest (also known as the install manifest) with the updated one included in the download package referred to above. This issue impacts both the stand-alone client installation package as well as the Network Client Install (NCI) package.
-
for this posting
On Saturday, December 29th, 2007 by Chris Miller
Symbaloo desktop review (updated via Alan)
Since there are screenshots on the other pages (including webware) I will leave those out but tell you what I think. The iconic type desktop works well overall. While some of the icons actually utilize the main center window to show the results of what you click, others open new tabs or browser windows (found in settings). You actually get the most function by making your own pages and adding content that you want. There is more than a handful of built in widgets and feeds, from there you can also add your own site or feed. There was 2 Gmail links. One took you to the actual Gmail login page in a new tab, the other was a functioning widget. I would suggest they blow the new tab one away and stick with the widget to keep you in their page. I also found I could not drag the icons between pages, which is something we are used to in Notes for sure.
What I didn't like is how most of their icons they provide of them simply took you to the site. You cannot enter your credentials and have it log in and bring you some form of miniapp window. Symbaloo is a visualization of your bookmarks. But there is no way to take my existing bookmarks and make them a visual page!! That bites. I also could not find a way to import an OPML stream to have it populate pages with existing feeds I watch. RSS streams in the blocks would make this site somewhat useful, but I still prefer Particls, Spokeo and now Streamy. I found places to manually enter single bookmarks and manually enter a single RSS feed, both labeled beta at this time.
You can create links for audio streams and use widgets for Last.FM. But the widget area has a lot of room to grow before it is very useful.
-
for this posting
On Friday, December 28th, 2007 by Chris Miller
Microsofts first thoughts into social networking
If you take the second line that says Microsoft 2007 Office System, you could go with either Lotus or Microsoft on this one. So without reading what Stuart had to say on the topic, I have my own thoughts. Both of the companies are fighting for what the consumer (public) space already has in abundance. The question are:
- how to relate it to business usage
- secure the data
- get people to utilize it
- allow outside data to be referenced and pulled in
- give the users the Ohh's and Ahh's they find on the consumer side
- provide presence both for internal and external awareness
- open the system to pull in external feeds in a structured and loose manner (ie: Attensa and user defined feeds)
The approach on the underlying purple, blue and green colored areas above fit into both vendors. The question is who can make their product grow up the quickest and maybe pay attention to suggestions (cough cough)
-
for this posting
On Wednesday, December 26th, 2007 by Chris Miller
IBM shows off Metaverse
IBM's Metaverse virtual reality software ... Though still a bit rough around the edges-it won't be mistaken for Second Life-some 2,200 IBM staffers are testing ways to collaborate with colleagues in the Metaverse, according to Mike Ackerbauer, innovation manager for collaboration development at IBM.
Ackerbauer said IBM staffers leverage IBM's internal virtual conferencing application through Web services to have online meetings in 3D. This approach is a boon for IBM employes, who are spread out all over the world.
The meeting room Ackerbauer showed eWeek was sparsely furnished, but serviceable, with a screen on the wall to simulate the typical conference room.
What interested me was the statement in the article that they are looking for VOIP solutions inside of it, including hooking it to Lotus Sametime. Forget making profiles in Lotus Connections, get ready to make avatars.
-
for this posting
On Friday, December 21st, 2007 by Chris Miller
Update on ’Click to Map’ and ’Convert to Call’ Blackberry posting
The demo that was shown at Lotusphere used the Ascendant to bridge all the Sametime users into a conference call.
Then another update showed from someone else putting it all together
Today, you are "linking" a Sametime user to an entry in your address book so that you get the added menu items of "Email, Call, SMS, MMS." RIM will add the Click to Map feature
Looks like a winner when it arrives!
-
for this posting
On Wednesday, December 19th, 2007 by Chris Miller
’Click to Map’ feature with Sametime and Blackberry - where did it go?
RIM Showcases Unified Communications Breakthrough for Blackberry Users At Lotusphere
RIM is showcasing a new feature called "Click to Map" that will allow users to generate maps on a Blackberry handset within the context of a Lotus Sametime session. The "Click to Map" feature will launch Blackberry Maps from within the Sametime client software and generate a map that illustrates a colleague's location based on presence information retrieved from Lotus Sametime.
This is a cool feature I would love to see in place. I know the "Convert to Call" is kind of there, but that seems to not be in place either. Maybe I missed something in implementation or does this need the Sametime 8 Advanced Server that is not due out till next year some time? Also, does the map render from the location they type into the client? I am not sure how that would work either looking at the preferences in the Sametime Connect client for the Blackberry as shown in this screen capture:
I can't seem to find a menu item for mapping the user in the Business Card or main screen. Anyone?
-
for this posting
On Tuesday, December 18th, 2007 by Chris Miller
Sametime 8 server install - no DA for you!
error returned from CreateSTDatabases
Error encountered in the local server while setting up LDAP directory support da.nsf
File does not exist
DDNALocalDominoSetup returning with error code = 0103
SetupLocalSvr returning with error code = 3701
SetupSvrMergeWithDomino returning with error code = 3701
function: TermNotesRT
I quickly started the Domino server, created the Directory Assistance and then restart the Sametime setup. Weirdly it now saw the install as the ability to:
- Install a new instance of Sametime ?!?!?
- Upgrade an instance of Sametime ?!?!?
I took upgrade as fix the install that is there please. And away it went. Now let's see how it did.
-
for this posting
On Friday, December 14th, 2007 by Chris Miller
The Sametime 8 upgrade is not an upgrade in reality - lesson learned from yesterday
Here is what happens. Sametime 8 does not see the previous install path (as shown yesterday) since it is not upgrading your Sametime 7.5.x client. It is installing Sametime 8 and then uninstalling 7.5.x from your system. It reads your settings and places them into a lookaside database to move them across during provisioning of the new 8.0 client. What this means to you is that you then cannot install into the same directory you had 7.5.x at first. If you install 8.0 into that folder and then it goes to uninstall 7.5.x it really removes all the new files also. Quite the conundrum isn't it? I know I want mine in the same path all the time. With this scenario, I cannot hit the site and have it upgrade what I have in place. So if you have company standards on how the client is installed, you may be looking at uninstalling the old version from everywhere, then running the install for 8 afterwards into that same directory.
Lotus also changed the folder structure and naming of the Sametime Connect files. This adds a new level of change for the plug-ins. We will cover more on plug-ins on the next posting.
-
for this posting
On Wednesday, December 12th, 2007 by Chris Miller
One of the first problems with the Sametime 8.0 client upgrade arises
-
for this posting
On Tuesday, December 11th, 2007 by Chris Miller
Issue with the Sametime 8 network-install if you misconfigure the original network package on the server
I then went back and placed the correct URL in the download properties file and tried again. I noticed that the install seemed to download incredibly quick. Halfway through, it then stopped and just sat there for a long time. I killed the install and tried again. Same thing. It then hit me. The original download was still in my cache for the browser so it was still reading the bad data. Here is a screenshot:
So I went in and removed that bottom file from the cache to see what the result would be. As expected a much longer download started again. You need to know the original part is 29MB and then more is pulled from the server. The client code itself is still 135MB when it is on the machine. So I am off to delete the file and redo the install.
-
for this posting
On Sunday, December 2nd, 2007 by Chris Miller
IBM releases the system requirements for Lotus Connections 1.0.2
Content Hardware requirements
The following hardware is required for the systems that host IBM® Lotus® Connections services.
At least two Intel® 64 or IA-32 based server machines
Two CPUs per server, 2.6 GHz CPU speed or higher
Minimum 4 GB of memory per machine
Plus a special note for using Lotus Domino as the directory source:
Lightweight Directory Access Protocol (LDAP) server
IBM Lotus Domino 7.0.2 and later.
Note: Before you can use this LDAP server, you must apply fix PK52839 to WebSphere Application Server.
-
for this posting
On Thursday, November 15th, 2007 by Chris Miller
A hidden Gmail gem to pass along to use in Notes RSS streams.
Gmail has a hidden feature: Atom feeds for Labels! The technique is simple:
1. Setup a filter to catch all email from a specific mailing list.
2. Apply a label to all of that mail (e.g. 'list').
3. Access the Atom feed via this URL: https://mail.google.com/mail/feed/atom/list/ (changing 'list' to be the name of the label.
So if you take this and then flip it to Domino, you could create a rule to tag or sort your mail-in databases and then push this out to the feed readers with the RSS capabilities of Domino. This would solve an alert issue for numerous people that share part in a mail-in database. Everyone could read the stream based on what category they handle from a single course that is tagged/foldered/categorized properly like you can do already with my blog. Go to the archives tab above and look at the different pre-categorized feeds you can get form one single database.
Same idea, just move it to other data stores in your Domino architecture.
-
for this posting
On Monday, November 12th, 2007 by Chris Miller
How much memory does the Sametime Gateway consume?
There you go, just over 600MB of RAM dedicated to the gateway including some DB2 processes
-
for this posting
On Tuesday, November 6th, 2007 by Chris Miller
Follow-up for issues with Premier audio adapter
Location of keystore for Premier - Tell him to look in the notes.ini for the location of the java SSL keystore. That is the location of the file it is using. We actually had to remove the file and then create a new one with ikeyman and import the Equifax cert since it is not a default certificate
-
for this posting
On Monday, November 5th, 2007 by Chris Miller
A warning if you run the Premier Audio adapter for Sametime
Alas, never mind that portion we found the culprit of why it stopped working. Premier updated their SSL certificate on October 4th of this year. The local keyfile had the expired previous certificate. So it just never connected. No warning, no alert, no log. No connection.
We could get no debug variables to place in for the adapter so after a clean install and replace some files I copy in below, all was well once again after a week of running in circles. Good job to Chris O at my office for sticking this through and beating out of them that they changed their SSL after we told them that was an issue a ton of times before we got confirmation.
The AA install program installs a stkeys.jks file that I cant 'open' using Ikeyman, (haven't tried certsrv). So after a re-install i delete the stkeys.jks file that the audio adaptor creates, and then create a new one using Ikeyman. But the Equifax cert ( the SSL cert premiere uses ) isn't included by default so I had to download it and add it to the stkeys.jks.
-
for this posting
On Tuesday, October 30th, 2007 by Chris Miller
the LATimes reports that Comcasts admits to ’software glitch" blocking Lotus Notes
Comcast officials say the Lotus Notes problems were caused by a software glitch, adding that the company does not block customers from using file-sharing applications. It does, however, manage its network so that a few subscribers using bandwidth-hogging programs don't slow everyone else's Web surfing.
-
for this posting
On Wednesday, October 24th, 2007 by Chris Miller
As we prepare to his DST again, I sat in the open mic call this morning. A simple request to Lotus..
- Listen to Episode 28 with Scott of Lotus that not only got downloaded an amazing number of times, but had tons of info.
- Listen to Episode 27 with Andy and Rob of Technotics as we talk all about DST impact
But I noticed one thing from listening to the callers this morning. A lot of people have been doing upgrades, changes and deploying applications since the last DST time change. Yet everyone has the same question. What version has what fix and if I upgrade is it done?
So Lotus, we need a simple scenario listing in a whitepaper or technote that shows the outcome of where they are now and what steps are needed. Such as:
- you already patched for spring and have not changed the server code
- you patched for spring and have now upgraded to X.xx version
- you just installed version 7.0.2, is there any patches I need or is it included?
- you were in a version 6.5.x and patched in spring, we then upgraded to 6.5.6. Do I have to repatch?
- Other countries are now going into time changes, so if I have international servers/users I now need to patch those? (like Australia and Brazil)
-
for this posting
On Thursday, October 18th, 2007 by Chris Miller
live blogging the Sametime 7.5.1 Open Mic call this morning
- Provisioning
- Performance
- Policies
- Stlinks
- Telephony integration
- Peer to peer audio and video
Ok, here we go... Bill McAnn was the call moderator. hey took some questions from the forum first to prime the call
- Lock a client to connect to a specific Sametime server geographically? Yes, point to a home Sametime server.
- I have installed Sametime 7.5.1 client and did the Outlok disablement hook after following the workaround. But when upgrading to FP1 it came back. This will possibly be fixed in a later version, but not 7.5.1 Technote #1259391 addresses the issue
off to the live calls
- I know the voice and name of this caller! But I wont call him out. He wants to build a silent install package to dump out with SMS. There is some issues with this. There is a new client with the proper fixes, including CF1. It comes with the installer and since it is a full client you have to open a PMR to get the updated installer package.
- Provisioning the preferences in the Sametime client. One is the site update. One is the plug-in customization.ini, but that only gets read once. Does the site update have to be a feature jar file? The feature jar file approach is delivering a new or updated piece to the plugin_customization.ini filer. This file is read each time the client is started. The ini provides the default settings preferences. End user overrides in the client preferences will still overtake what is set in the ini file. You cannot swap it out at install time. An update site must be a jar file
- Policies regarding chat recording, with the value set to save or not save. If you uncheck this does it force down to users not saving chats. Lotus says unchecking this does not set auto-save in the client. Checking this forces the user to save chats. There is actually two policies. One allows them to save at all and the other allows auto-saving.
- When was the silent install that includes the msi, when was it released? Sep 21st or so was the release date. Also, they want to fill in the community name and pre-configure TLS? Craig jumped in to say he belive it is possible now.
- They have multiple servers, a web portal with stlinks, web conference server and chat servers. People get logged off when the move around servers, why? Jennifer at Lotus says Portal was giving a new IP address coming in so it was being seen as another user. She gave the example to ignore when you come in twice that goes in the config section. The user must also be homed to a Sametime server or cluster.
- The CF1 version of 7.5.1 takes care of a lot of issues but one they had. When you install and launch the client the Terminal Services application continues to run? Harry, dev manager at IBM, asked to clarify operating system and client. It was OSX 10.4.10 with Sametime 7.5.1 CF1. When you launch the Sametime client it also launches Terminal Services. They do not quit and continue to stay launched. The client works fine, but you must manually quit the Terminal Services. The Sametime 8.0 beta weas brought up to try it there.
- The next caller wishes to turn off the resert button in the client. Craig said there is no policy or previous request to turn this feature off. The caller saysd for compliance reasons they muyst lock the user from being able to change communities. Craig says 7.5.1 said you can change the host without resetting the user, which could be an issue. He referred to the policy to force the default community. Unless you have multiple communities, then this policy would apply. The caller has Facetime in the middle to capture for compliancy. Lotus suggests hiding the Sametime MUX so no user can directly connect to it.
- The user policy, user preference, and then plugin_customization.ini is the order of load for the Sametime Connect client.
- I missed one call for a person coming in, sorry
- The next caller asked about the StReflector being set up. If you are doing many audio or video chats then moving it to another box will assist in performance. Voice chats work fine internally but not over VPN nor outside, including NAT. The reflector will let each clients see the others IP address. Point to point will always be first, then the reflector. With exxternal users with symmetric NAT you put the reflector outside the organiuzation. A normal or non-NAT firewall, the clients will still try to do point to point. The reflector must be able to go through the firewall.
- Prudential wants to deploy a basic client and send out the features, yet they cant lock them down. They want a list of what cnd cannot be locked down. The only settings available for lockdown are those in the policies on the server
- Can you secure audio and video to a particular group? Yes, use policies
-
for this posting
On Tuesday, October 16th, 2007 by Chris Miller
A blog sitemap for composite applications in Notes 8
Here is the page...
This web log is a joint effort by the key technical architects and user experience professionals to open a direct line of communication with developers about the capabilities of user facing composite applications.
I also had the link up on how to move a Sametime plug-in to Notes 8 client. Here was that link.
-
for this posting
On Friday, October 12th, 2007 by Chris Miller
The debate on message recall while we are here at the Notes and Domino 8 Upgrade Seminar - Philly
The issue is that if you wish to have it on in the server configuration document, policies must then be used to turn it off. Instead of enabling it further for certain users, which one would expect. When I relayed info from the podcast that Susan and I did weeks ago about how the Domino 7 server will send the recall requests to the Internet by default and you can even recall mail sent in the past before the upgrade, eyes went wide. The final straw was that no indication is left in the recipient mailfile that a message was even there.
This discussion and slide review covered about 30-40 minutes of the session itself. Without giving away all the parts, just because it is a new feature doesn't mean it should be on was the general consensus. Some said they would have it enabled after some time, but having it on when you install/upgrade was the wrong choice.
-
for this posting
On Thursday, October 11th, 2007 by Chris Miller
An interesting update on the Sametime Gateway architecture
Well unknown to me, if you do not run in a central clustered environment and have users spread across servers that may be geographical or just in the same place , but not clustered, the gateway needs and wants a port 1516 connection to each and every server, which it then holds in a local file. This does not worry me as much as it appears some company security groups.
The Gateway is just what the name applies, a gateway. Just how you deploy external SMTP servers and then only allow them in through the firewall, via trusted IP's usually, this acts the same. So have no fear, the Gateway is doing it's job by not storing data and only offering a direct connection to the public providers and then 'proxying' the traffic to Sametime. Your user directory is not affected as well as you can control which providers come into the Gateway and then how just the Gateway communicates to Sametime.
So do not freak out, it is all in how you present it to the team in most places. Those that still don't get it, probably never will.
-
for this posting
On Monday, October 8th, 2007 by Chris Miller
My Diary - 4 days as a Blackberry only user, no PC access
I shut down all electronic devices as required and prepare to get some rest on the flight. Which does not go as planned, but not as bad as getting no sleep at all. Once off the plane it is time to turn the Blackberry back on to check if the car service is there and if any other plans had changed. All is well and on schedule. I arrive at the customer site and get straight to work. They don't have an extra network line ready for me in the conference room and I accept that I cannot get on the wireless. No problem, the corporate housing awaits that evening (or 8am my normal home time) So I would not have missed much of anything and I got email all day. well the housing has one TV in a common area and one PC line in there also. No lines in the rooms, no wireless. I can live with that. Until I discover that the PC line there only accesses their Intranet and you need a username and password for the proxy. I send a quick email with the Blackberry to the team I worked with. Some answers from their Nokia phones. We can check tomorrow. I say hey, I have email and a bunch of DVD's haven't watched anyway! Time to relax for a night.
The next day I load JiveTalk to consolidate all my IM services onto my Blackberry instead of individual clients. More on that later. I like it though. I also have the office set me on tether modem on the Blackberry but overseas it gives me some weird error. Maybe because you dial that weird #777, who knows. I work on that later. Word comes from the security team that they are very unfriendly and do not have or will issue a temporary proxy account so I can use the network there or at the housing. So I am full fledged Blackberry and accept my fate.
- Lotus Notes email access - well duh, BES server
- Sametime - Yes, Sametime Mobile 8
- Chat - JiveTalk for AOL, Yahoo, ICQ, Google and MSN
- Google email - yes I have the downloaded Blackberry mail app from them
- Other emails already configured to go to the Blackberry device through BIS
- News and such - many choices. Bloglines for Blackberry and Pocket Express
- Facebook - Blackberry access in browser at http://m.facebook.com
- Jaiku - Blackberry access via JaikuBerry
- Blackberry Messenger - for all the time chat to the wife on her 8830 and also friends with Blackberry that have connected
- Tethered Modem - heck no, Verizon Access manager needed which takes a PC to get. Their website is not Blackberry friendly at all and really needs a WAP interface. All the darn scripts drove me nuts using the Blackberry browser
So where do I sit now? Thumbs really do hurt some, the battery goes faster when you constantly use it, I expect no less. Could I make it my lifeline, sure. Do I need some of the Domino apps, sure. That is how we do business. having them offline is great, but not being able to sync does no one any good. The Blackberry stepped up when it needed to and covered all the basics. It does have me on the hunt for even more and better applications for it too.
-
for this posting
On Wednesday, October 3rd, 2007 by Chris Miller
Live blogging - Enterprise Social Software webinar by Radicati
- Janine Popick, CEO of Vertical Response
- John Landau, CEO of Customer Experience at Huddle.net (UK company)
- Mike Walsh, CEO of Leverage Software
Matt Anderson of Radicati was the speaker. After 5 slides it went to Q&A with the panelists.
- Vendors that they listed included Lotus and a slew of others I did not know offered such solutions.
- The suites are what Lotus Connections offers with some added parts like Business Intelligence
- They then have specialists that work on each part of the software itself
- The market drivers were just what you know now. Make some teams and share some info then find people around them
- The market barriers are what you expect but easily overcome. Compliance (US issues), deploying new technologies
Q&A section
- What does your offering provide to set it apart from other offerings
Mike Walsh - They are trying to making it easier for the business person to make and find relationships. Taking some of the Web 2.0 items , with security and making it easier for the business worker to share information in a collaborative environment within and outside the company.
2. What was the initial pain point that caused them to look for a social networking solution for their enterprise?
Janine Popick - They have 30K small business customers with only a small number (50) of employees. So they are the customer experience side. They let the customer
3. How has business social software changed how employees share information between themselves and with customers?
Janine Popick - They have an award winning blog. Employees post more content to give them exposure. They use Leverage as their social software choice it was said. They also started a Facebook group with about 200 members giving product feedback. There is a wiki in place to post documents and share information.
4. What are some of the key factors when vendors go up against Microsoft Sharepoint in this space?
Mike Walsh - Everything is based on the needs of the users. It varies across prospects. He said Sharepoint, which is a great product, and Lotus Connections, which he was not familiar with, helps them find the right people for a specific person to assist with a project or prospect. he said Sharepoint seems to be for internal collaboration behind the firewall. he does not look as them as a competitor, but as augmentation.
Jon Landau - They are often compared to Sharepoint. The perception he finds is that is a free tool but the TCO is incredibly high for a business. It does well for internal collaboration. But the idea is to bring external clients together with the inside groups and becomes costly with Sharepoint. Kingfield is a customer of theirs, and they were looking at Sharepoint until he brought Huddle to them.
5. What were some of the critical features that your business looked for in a social software package?
Janine Popick - They found that their customers that used their service needed different feedback. So small groups of customer types are forming. They are also able to push focused product release information. Finding users "like me" on a people map and then reaching out is helping the company since they already compile a large amount of data from each customer. Live chats are helping get feedback on what features of their product are most important.
Questions from the audience....
1. What are the real benefits, like ROI. These seem like a solution looking for a problem.
Janine Popick - One of the things they did when deploying was hire someone to manage the deployment. Without someone to drive and manage this can fail. This person also participates in the social network by watching and even generating conversations. On a hard ROI front they know they are saving time on email and feedback processing. Vocal people in the communities help promote what is needed without them sending out constant user surveys.
John Landau - Huddle offers the ability to share documents and work together internally and with external partners gives a tangible ROI. If that was done by email instead, You end with multiple people looking at different versions and chasing information. Huddle has the centralized upload, sharing and work area to set approvals and tasks, etc.
Mike Walsh - They were out as a social network platform before Facebook caught on and now everyone is clamoring for this type of application. They work with 300 companies with different goals and needs. ROI might be decreasing support, increasing upsell, increasing customer loyalty, getting products to market faster by getting feedback. Microsoft, HP, Oracle, Salesforce, Time Warner, NY Times are all sample customers. Some need projects done faster and others are using it to find hidden talent in the company.
2. Were are a small software startup with 400 partners/resellers, can you describe the benefits of utilizing the software?
Mike Walsh - They do work with smaller companies to share best practices. Relationship building through the social network is a huge benefit.
John Landau - You are able to bring all these partners and resellers into one social network so you can all chat, talk working group and share information with branding and customization.
3. How does voice and real-time collaboration overlap with services such as the social networking vendors? Will you follow?
John Landau - Huddle is in a position in the next few weeks to offer integrate single sign-on ability. Web conferencing tools are also being built into the product offering.
Mike Walsh - Open architecture through widgets allows you to add features and functions even without their help. They are partnering with companies like Webex and SalesForce, or even pulling in a Skype or Webex widget. Also a GoToMeeting widget as they used in this conference.
4. Is there a listing comparing what these vendors offer in their social network offerings? (my question)
They will have a listing in the Radicati report
5. How do you deal with issues around compliance. (yada yada yada) ?
Janine Popick - She does have compliance issue it seems. They use a wiki for a lot of collaboration but will be tightening up how the information is controlled.
John Walsh - needed the question repeated. The data can be exported so it depends on the requirements of the organization. One feature they do not have is document check-in and checkout. Their solution has revisioning and tagging. How it is completed and found is up to the client, such as Wells Fargo.
John Landau - The document management system saves every version of the document as it is worked on. Their solution is geared towards compliance. You can see date and time stamps for all edits, updates, changes and new items.
6. What is the cost for trials of these softwares?
They will send that out later or go to the websites and get some free trials. Huddle and Leverage offer free trials.
Sara Radicati wrapped it up with not much fanfare but look for their report, of course
-
for this posting
On Thursday, September 27th, 2007 by Chris Miller
TechDirt article - Will History Repeat Itself With Google Playing The Part Of Lotus?
He then equates Google to the latter-day Lotus, painting a scenario where Google smugly laughs off a bloated but feature-rich (imaginary) NewSDK from a bratty startup, only to then get disrupted by this SDK when browser capabilities improve. Of course, part of the analogy breaks down because Microsoft was hardly a bratty startup when it succeeded where Lotus failed.
This article goes after the older Lotus office entry with SmartSuite I believe and not the current Symphony part Deux. I have not said much about Symphony, there is plenty out there. I used the Productivity Tools during Collaboration University as well as OpenOffice. I found issues in both. I use Microsoft Office most of the time because that is where the masses were right? But will Symphony part Deux take over a huge slice of the MS Office world? Not in a large percentage. Can it assist in the SMB space that uses Lotus already? Maybe not if they move to 8 and use the built in Productivity Tools. So the press is behind the announcements, IBM is pushing the newswires with the announcements, people are downloading to check it out. So how fast will Lotus update the software to match and exceed what is out there now is what remains to be seen.
-
for this posting
On Wednesday, September 26th, 2007 by Chris Miller
MeBeam (not the old Sametime DataBeam) offers free 8-way video conferencing
So we were being silly to play around with the features. Headsets on backwards and others. When you use the chat room it takes a snapshot of just how you are when you click send. So the pictures are resized too small for you to see, but Carl and missing pants is bad all around.
Good
Free video conferencing is good no matter how you slice it if it works well. This one seemed to do just fine. Now, we didn't get 8 people in the room, but that is next on the list. You had the choice between hands free audio and push-to-talk type. Both seemed to function fine.
Creating a room for the conference did not even require registration at this time. Simply name a room and click invite and it copied the link to the clipboard. It then uses the Flash connection for your video and audio. No problem, worked right away for both of us. No fuss, no mess, no firewall issues, no downloads. The chat was, well chat.
Bad
It seemed there was a way to record but I couldn't find the button. Chat worked fine, but needs a bit more ability. Attaching or sending a file would be nice so everyone could talk. It still is not a 1.0 release so I imagine more is coming. I am curious about the bandwidth as this grows, but let's see how it plays out.
So overall, did I say it was free with no firewall issue in the tests? No tunneling and numerous ports for AV like I got asked yesterday for Sametime
-
for this posting
On Friday, September 21st, 2007 by Chris Miller
Sametime 7.5.1 slide upload limit
You can work around this issue by either creating a presentation of fewer than 100 slides or by not selecting the Master Slide option in PowerPoint.
-
for this posting
On Thursday, September 20th, 2007 by Chris Miller
Interesting Notes 8 ACL issue we encountered
I couldn't remember, and didn't bother checking, what hierarchical name he used in his id so I simply entered Sean Burgess as unspecified into the ACL. He could not get in the database. I changed it to type person and added his O certifier and he got in fine. Wondering what gives here as this might have other implications for us in multi-tenant cross-certified environments.
-
for this posting
On Friday, September 14th, 2007 by Chris Miller
Guest Blogger - GSX talks about Domino Domain Monitoring (DDM) and GSX Monitor
Iread with much interest all comments about DDM, in response to my (previously published) article. I can only say that I fully agree with all these comments and I hope that this post will make things even clearer.
DDM is for sure an improvement and IBM kept improving the monitoring of Domino since version 4. Some DDM features are very useful and a few of them cannot be provided by any other product, including ours.
My article is actually not only regarding the benefits of DDM, Admins can judge by themselves about its value. What I can hardly understand is the marketing made by IBM around DDM. Was there so little to say about new features in Notes 7 that IBM chose to present DDM as a revolutionery product ? I do not question the value of DDM but all Admins having worked with Notes since R4 know that DDM is mainly a revamp of existing features.
I'm also surprised by IBM's plans of releasing a major release yearly. In my opinion, a major release must provide significant enhancements and new features. Fixing such deadlines leads to a very strange situation where 4 different versions of Notes are maintained, including the version 6.5 which nobody knows whether it can be considered as a major version or not.
The ones having discussed with me know that I'm a strong advocate of Notes for many years. However, I agree with Philip's comment about IBM competing with it's partners and I'll add that I'm puzzled by the lack of long term strategy in this company. I'd prefer that IBM spends its energy fighting with its competitors, not its partners. OK, I'll stop now before IBM people get mad at me once again.
Back to DDM, I don't like the design of this product:
1) It bypasses some standard Notes concepts, which is unacceptable to me:
- automated replication
- relies on Notes when it's supposed to monitor it
2) almost all information is not real time (unacceptable for a monitoring product)
3) it's mainly server based with all related drawbacks:
- resources taken from servers and possible crashes
- problems with heterogeneous environments (versions of monitoring code and servers)
4) real useful features are in my opinion reserved to skilled users
Comparing to Monitor:
1) Monitor doesn't have any of the drawbacks listed above
2) Monitor provides major additional features and supports other platforms (clusters, Sametime, BlackBerry, etc ... and soon Exchange)
In conclusion, I agree with someone's comment that DDM can be useful as a entry level monitoring tool but falls short for monitoring large (or critical) environments. As far as being a revolution in the Notes world ... let's be serious a minute, it's not. The real revolution happened about 20 years ago when the concepts of replication, UNID, certificates and views were put together to create Notes.
BTW - nice to see that quite a few people also use our products :-)
Kind regards
Philippe
Philippe Schlier
CITS - EMEAI
E-mail : pschlier@gsx.net
__________________________
GSX Groupware Solutions
Web site : http://www.gsx.net
-
for this posting
On Tuesday, September 4th, 2007 by Philippe Schlier
Part 2 - the Sametime Gateway Open Mic call last night
- Asia Pacific area looking for a proof of concept install for their business and need NAT and public CA documentation. Caller said they got the wrong certificate purchased, that it didn't support TLS. Lotus is working hard in 8 to simplify install and config. As for NAT, they list the restrictions for NAT due to SIP. Certain NAT providers are becoming SIP aware due to VOIP and other real-time collaboration. As I posted about the morning call, I will shoot out some diagrams for everyone since this seems to be a main focus.
- Caller is implementing Sametime 7.5.1 and having client issues, even with CF1, of getting layout and pre-population to clients. Preference controls like auto-status changes, for example. Lotus suggested utilizing the plugin_customization.ini file to change and set some of the settings. They have no policy control with the 6.5.1 server and Sametime Connect 7.5.1 CF1. The issue is that they must then match the new policies when going live with the server on 7.5.1 or 8 to make sure they do not change everything back. This is a big part of rolling out the advanced client and wanting particular features enabled or set a certain way before the server policies are deployed.
- Another caller emphasizes the issues with SSL config from Premium Server as first caller. Thawte server worked fine. Yes, I am seeing in installs that you need to import root certificates in many instances to get it to work.
- Australia - IBMUS and Australia connectivity problems. Customer is using dual network cards trying to route public and private address. asking if the OS will do the routing. Part 2 - Wants to talk his SIP to their SIP. Asked about port 443, which is not right. He needs port 5061 for encrypted, not 5060 which is unencrypted. No 443 need. 1516 and 1533 open for internal connectivity on 7.5.1. Then 1516 for 7.5.1 CF1. Also asked about LDAP server connectivity over 636. DB2 server, is it encrypted by default and does Express C handle it? Not by default, and maybe not in Express version, have to verify that. IBM SIP gateway connectivity actually needs port 5060 for the first connection then 5061 to finish. LDAP SSL relies only on the LDAP server having a public certificate. What data is stored in the DB2 database, a security concern question. Lotus answers that in the DB2 database you can find the gateway configuration data, user id and group id in UNID form. Last question, checkpoint firewall in front to cover NAT issue? Lotus has customers with it. Multiple NIC cards not an issue as long as its config'd correctly. I say why not use NAT and routing with a single NAT instead of trying the dual-NIC approach.
- What kind of arrangement does IBM have with the chat vendors in terms of IP address changes? same question as this am, same answer. Then MSN connectivity question. no official statement yet from Lotus. I see the IP address changes a hard part for firewall teams that are trying to set the port to only allow certain addresses to talk to the gateway. That is a tough move when you are relying on a 3rd party (IBM) to tell you when they are changing their IP addresses. How about just moving to a DNS range for the provider and then everyone is happy.
- SIP phone as PBX install. Asking for connectivity options as general PBX integration. Good question but no comment was provided to direct them to the vendors writing plug-ins and softphones.
- Customer wants an easy way to find out what other corps are using the gateway? Lotus does not keep or publish that. Creating a Sametime Gateway group in Facebook or a posting in the Sametime forum was a recommendation. There is a Facebook group for the Sametime Gateway already with a good couple handfuls of members
-
for this posting
On Friday, August 31st, 2007 by Chris Miller
Thoughts on the Open Mic call for the Sametime Gateway 7.5.1 this morning
There were at least 15 calls taken, and I managed to capture and write down the main point of each one. The majority revolved around a couple key areas, and that is where the concern is. Participants were asking for network diagrams, port settings and allowable IP addresses and better clustering support. While some of the questions did receive direct answers, in my opinion some did not. Now someone there will say it was not official support inquiries, no official statements, yada, yada. But when you have large enterprises trying to deploy a clustered solution in large deployments with too many network security teams in the mix, well you get confusion.
First thing to the companies. Too many companies are trying to reverse proxy, put servers in front of server even in the DMZ, build SIP clusters with load balancers/IP sprayers. I agree with one thing for sure, everyone needs the cluster support to deploy this is an enterprise solution. As for all this worry over this server in the DMZ, why the stress? No data sits on the gateway server, it connects over SSL to your internal LDAP (further restricted by port and hosts is needed), it uses the encrypted VP protocol to the Sametime clusters in the back. DB/2 can sit behind the firewall restricted by host/port access also. So you basically have a shell running a program that acts as the gatekeeper. Or gateway as it is named. Get the security team to understand this. There is no data to be protected, if the gateway gets bombed or hijacked, then they get an empty shell that you cut off.
Second thing is to Lotus. Come prepared. Half answering chat logging questions, diagram requests, proxy support and numerous clustering questions won't fly for long if this is truly an enterprise solution. Yes you did answer some areas of what is coming, things that are verified in support and even how to map multiple O's through LDAP queries to Domino. But the lack of testing of clustering and the network outline support is frustrating to most of the callers if my current pings I am getting are right.
-
for this posting
On Thursday, August 30th, 2007 by Chris Miller
I loaded the Notes 8 full client and got the following..
All was better after a restart however and it now works fine
-
for this posting
On Monday, August 20th, 2007 by Chris Miller
Part 3 of Sametime 7.5.1 CF1 schtuff
I would have sent you here on Notes Net, but apparently the published info for CF1 is not complete. See line 21 for some humor.
So what happens is that you can set an update site in the default policy, but it then overrides all the new group or explicit policies. You can not set alternate update sites for different users. They are grayed out with the provided default site.
Move on to leaving the update site blank and then the sub ones are forced to be blank. Same scenario as above in reverse. So in essence you have to provide only 1 update site at this time for your user population. That doesn't help if you want users to get alternate updates or plug-ins at this time.
I bet it is on the list for the future though..
-
for this posting
On Wednesday, August 8th, 2007 by Chris Miller
Part 2 of this mornings posting on Sametime 7.5.1 CF1
So the updates do fire down the changes, and they do leave the other files locally, just one of those things to deal with.
-
for this posting
On Monday, August 6th, 2007 by Chris Miller
Houston, we have a bug..err fix..err thingy for Sametime 7.5.1 CF1
URL for UIM provisioning:
This never seemed to work. Updates were not coming down as I talked about on Friday. We then placed the site update in the default policy. Unfortunately we also had to do a reboot. So I am not sure if the reboot or using the policy instead of stconfig did the trick. We are testing that again one step at a time to let you know.
-
for this posting
On Monday, August 6th, 2007 by Chris Miller
Interesting.. the site update isn’t updating anyone yet for CF1 and they did some goofy naming in the updates
So looking at the local files in the plug-in directory you already have for Sametime Connect 7.5.1 compared to the new site update, none of them seem to match from the first 10 iI checked. Either they had
com.ibm.collaboration.realtime.feature.version
listed instead of the new ones that did
com.ibm.collaboration.realtime.751.CF1.feature
or they were entire new features that did not exit before. So the new ones should come right down. But how about the ones that do the same thing but compete? Shouldn't they simple update the date at the end of the feature line. Instead of
com.ibm.collaboration.realtime.sprite_7.5.1.20070416
They go and toss some oddity name of
com.ibm.collaboration.realtime.sprite.feature._7.5.1.20070723-1402
How does that update the existing one or how does it know which to use unless called from somewhere else? How can we clean up these older ones with the updates?
-
for this posting
On Friday, August 3rd, 2007 by Chris Miller
Overview of the Sametime 7.5.1 CF1 upgrade (updated already)
The Readme for the CF1 update can be found right here.
Server
So I compressed the installer and let it fire off for the server. It says the total update size is 79.9MB and goes on quite willingly.
Client
So you have choices to either run the installer in it's entirety on the local machine or push out updates via the update site.
CAUTION(S): Not all updates are applied when using the update site method. Read the release notes carefully to know if your issue is covered band by which method. Also, you may not want the automatic update if you have not aplied at least CF1 to 7.5. There is an admin update that must be done as shown below in the image.
There is quite a few packages as shown in this image:
Also, the Single Sign-on with the operating system is now available, as well as additional dictionaries. Those are added plug-ins that need to be deployed. Each comes with it's own site.xml that you can merge centrally or push into siteupdate.nsf from a Domino 8 server. Then you get the user policies in place.
Let me run the update and full installer and let you know those results next
-
for this posting
On Thursday, August 2nd, 2007 by Chris Miller
A Sametime cross site scripting vulnerability posted
Problem In very specific scenarios, there is a possibility that a Sametime® server could be exploited by a Cross Site Scripting vulnerability. Solution In a specific instance, it was found that a precisely crafted Sametime meeting could potentially contain text that would expose a Cross Site Script vulnerability.This can be addressed in Sametime 7.5.1 by applying an available hotfix. All future releases will contain this fix within the shipping version. Additionally, the same issue was not seen using the EMS server.
-
for this posting
On Wednesday, August 1st, 2007 by Chris Miller
The Particls package gets an update (with embedded video)
-
for this posting
On Thursday, July 26th, 2007 by Chris Miller
There is a typo in the July Sys Admin Tips Newsletter
That should read to point to the nlnotes.exe and not the ini
-
for this posting
On Wednesday, July 25th, 2007 by Chris Miller
Sametime 7.5.1 CF1 hitting the streets and a note in the fine print
Keep that in mind when deploying the update. Some of the features will not be updated properly without downloading and installing the full package just as you would for a fresh install.
-
for this posting
On Thursday, July 19th, 2007 by Chris Miller
Newsletter follow-up - a tool/agent to report on user mailfile sizes and quotas
Chris,
This is in regards to the entry in the May issue of the Sys Admin Tips
newsletter from someone who wanted a tool/agent to report on user mailfile
sizes and quotas. I had previously written an agent to generate just such a
report. It sends a simple text email with the report details. I've attached
an export of the agent as an .lss file which can be imported into any
database. The only other setup that needs to be done is to set a few
variables in the Initialize event (name of the server to run against, name
of the person(s) to send the email to).
Hopefully you can pass this along to the person who posted the entry.
-Ernie
Here is the download -->
-
for this posting
On Monday, July 16th, 2007 by Chris Miller
Domino 8 and key rollover, don’t do it just yet
CA key rollover not recommended in large organizations In Domino 8, administrators can assign a new set of public and private keys to a Domino certificate authority (CA), which are used to certify the keys of OUs, users and servers in that organization. The process of assigning new keys is known as key roll over, and is documented in the Domino Administration Help topic "Certificate authority key rollover."
The CA key rollover feature has not been tested in Domino customer deployments, so its use is currently not recommended in these environments. Organizations that want to become familiar with the feature are encouraged to use the feature to roll over the keys of a test CA, and then test users in their environment.
We are testing this on a test domain and found some oddities in who got updates and who did not, plus the variance in Lotus Notes client versions plays into it.
-
for this posting
On Friday, July 6th, 2007 by Chris Miller
Quickr installation authentication issue hacks and resolutions
After some friendly cajoling to Rob Novak, I dug deep and found that the notes.ini variable for the Quickr admin name did not match the name in the LotusQuickr\LotuysQuickr\Admin.nsf database. The very place you had to authenticate. I even ran the qptool to change the admin password incase I mistyped it originally, no go. Modifying the notes.ini variable to match the database ACL, creating a group to match the database ACL for the QuickPlaceSuperUser group and then adding the administrator group to that as a subgroup worked great. I was able to log in as myself, change the directory, security and Sametime settings and it seems Quickr is flying high on our internal server.
Oh yes, do not forget to also do the technote changes for fixes for Quickr already.
-
for this posting
On Thursday, July 5th, 2007 by Chris Miller
Trillian Astra - a new feature not seen in Sametime 7.5.x yet
Notice you get to replay quick bursts of audio and video chat. Quite the cool tool when you miss something.
-
for this posting
On Tuesday, July 3rd, 2007 by Chris Miller
I am liking the new user choice for taking databases offline
The best part is that if the database already has a local replica then the menu option is grayed out. Cool! Seems to be a very simple way for users to create local replicas of databases.. errrr.. applications
-
for this posting
On Monday, June 18th, 2007 by Chris Miller
Sametime and LDAP issue/solution
This broke the ability to add names to policies or browse from the 7.5.1 Connect client. If I allow the maximum returned entries to unlimited, it allows you to add names to policies and browse from the Connect client.
In my humble opinion, I should be able to set a limit, still add names to policies and only have a certain amount returned when someone tries to browse the entire LDAP directory. This would force the user to use a finer search string and release load on the LDAP server when there are over 20,000 users involved.
Make sense? Bug or no bug?
-
for this posting
On Sunday, June 17th, 2007 by Chris Miller
Interesting Quickr find inside qpconfig.xml
http://quickrcluster.company.com/quickrcluster.company.com/placename
Now if we removed the qpconfig reference to the DNS cluster hostname and set it to a totally different host such as quickr.ibm.com it worked perfectly.
The solution? Remove the DNS cluster name from the server document hostname entry back to the actual DNS entry for the server and then reference the DNS cluster name in qpconfig.xml and it all worked great. Apparently placing the same name in both causes a duplication but having alternate names get replaced.
-
for this posting
On Friday, June 15th, 2007 by Chris Miller
The guys at Paticls found the bug in the package I had for you to download
So grab it right here or go back and read the previous blog posting. I will post more tech tips around tweaking it shortly.
-
for this posting
On Thursday, June 14th, 2007 by Chris Miller
New Sametime 7.5.1 feature? The server answers your chats when testing? (screenshot)
-
for this posting
On Wednesday, June 13th, 2007 by Chris Miller
Extra files for Admin2007 Domino LDAP session
Warning: I would zoom in many times. The image is large in width and height to see all the font and information clearly.
-
for this posting
On Wednesday, June 6th, 2007 by Chris Miller
Extra files for Admin2007 Sametime Gateway session
-
for this posting
On Wednesday, June 6th, 2007 by Chris Miller
If you are having issues getting the new Plazes installler, here is the link
[Plazer]Version=2.1.2706
http://www.plazes.com/files/Plazer2Setup.exe
-
for this posting
On Friday, June 1st, 2007 by Chris Miller
Attensa responds to my posting on their new RSS reader for Sametime
It does prompt you to become your default RSS reader, so beware on those screens. It also puts a desktop alerts icon in the system tray, I am waiting to see what that part does with a follow-up posting. Here is the screenshot from the first part of the install after selecting ONLY Sametime components. It did drop a nice amount of files into other areas however, not just a plug-in as one would normally expect.
-
for this posting
On Friday, June 1st, 2007 by Chris Miller
Notes 8 beta 3 integration with Sametime 7.5.1 oddity
However, there is no click or double-click on this icon. Only right-click that has status changes and the ability to log off. If this will not offer the normal client functionality, then I say remove it. More confusing that I cannot double-click and have it open my contact window or pop it open in the client.
-
for this posting
On Friday, May 25th, 2007 by Chris Miller
Sametime 7.5.1 video and audio user prompt issues
- I send a video chat request to another user, they get an audio prompt
- I find out the local laptop firewall might be interfering and disable it temporarily
- I get video to work (which runs across the UDP ports)
- Recipient drops randomly and can't see text chat windows
- I end video chat and text chat I was typing appears
Later, I check the memory utilization. If I do not start a video or audio meeting, I can get the memory down to 5MB or so after the initial launch through the old bug they still have in how you minimize the client.
However, if I run a video chat, no matter how I minimize the client I still eat over 40MB of RAM. I will grab some screenshots shortly. This is amazingly high compared to any other chat program I run, even Flock
-
for this posting
On Wednesday, May 23rd, 2007 by Chris Miller
As I mentioned Fri, new Connectria hosted bloggers to announce
- Stuart McIntyre will be moving over the QuickrBlog, LotusConnectionsBlog and CollaborationMatters
- Richard Thomsen started up the midwestik.com blog (I need to get him not to forward and to point it to the server I see). He talks about kayaks and Domino. Interesting combo.
- BucktheBug.net is also live from Michael. While I can't read a thing in it, Babelfish might be a good idea here
- Carl TYler moved over iminstant.com a while ago
-
for this posting
On Tuesday, May 22nd, 2007 by Chris Miller
Sametime Gateway install/upgrade issues update and solution
I totally reinstalled 7.5 FP1, then patched Websphere to 6.1.0.7 and the gateway to 7.5.1. All seems to be well at this point. But note, when I say removed and reinstalled, I did not create any community connections until the code was upgraded. Apparently if there is any community defined, the error commences. Without them, or a new install, you are good to go.
So I am back on AOL, Google Talk and Yahoo through the gateway.
-
for this posting
On Monday, May 14th, 2007 by Chris Miller
Sametime Gateway 7.5.1 new installs have different directory paths then previous.. should have seen this coming
DB2 also takes a new table name as STGW. While the upgrades will work just fine, it is interesting to see such changes as this. I imagine this has much to do with the renaming of the product from the original Real-time Collaboration Gateway to Sametime Gateway last year.
However, the profile name does remain the same at RTCGW_Profile and the server as RTCGWServer. Weird some areas made the shift but not others..
-
for this posting
On Wednesday, May 9th, 2007 by Chris Miller
Sametime Gateway frustrations on the 7.5.1 upgrade
I then mentioned that I went through the 7.5.1 upgrade and it did the exact same thing. Now I have been getting some help from Lotus, but I don't get how having communities defined would break the install. I also thought it might just be me until I finished a customer call this morning who had a pilot of the gateway running. They attempted to upgrade and got the same exact same portlet destruction.
Pardon my frustration..
-
for this posting
On Tuesday, May 8th, 2007 by Chris Miller
Lotus Connections invites started hitting mailboxes today for Greenhouse for more select customers and partners
This site allowed self nomination some time ago and apparently has had people in it for a while. Growing slowly, just like a greenhouse would grow plants.
First impressions are that this could be a very cool way for partners customers to start communicating from all over the globe. The site is a bit bogged down, I imagine over the demand of everyone logging in.
Do not panic if you cannot edit or update your profile yet. Read the fine print. It can take up to 24 hours to get your profile built into the system. While you can log in, you just can't update it yet.
The intro screen is cool with hints of Quickr to come. I would love to see Sametime tossed in there for presence. This does add a minor change to my Activities plug-in in the Notes client. I had it pointed to the wrong IBM server it seems. Not Greenhouse.
As I just around Greenhouse some, you will see there is a heavy European presence that has been in there for weeks creating communities, Activities and profiles. So don't be surprised to see almost 900 bookmarks already in play.
-
for this posting
On Tuesday, May 1st, 2007 by Chris Miller
Pre Partnerworld 2007 dinner talk about Lotus Connections
Will it be the start of a BP "MySpace" or "FaceBook" with no long term inherent value? Or will it grow into a full networking, people locator, community of interest, project (activity) sharing and link sharing that you would dream. Can it handle the influx of visitors it will generate soon? Where the heck is the integrated Sametime?
Sit back with me and watch. Martha Mealy posted about the attempt to find relevant statistics for collection. I strongly agree with that question she put out to everyone. What are valuable stats? Number of hits? no. Number of communities? no. Usage patterns of features? yes. Blog entries? no. Profiles? no. Searches against profiles? yes.
the list grows....
-
for this posting
On Monday, April 30th, 2007 by Chris Miller
Sametime Connect 7.5.1 upgrade concern passed on to me
On the 7.5.1 Connect client installation, it asks if you want to remove any existing Sametime 3.x or 7.0x. Generally you would say yes as I did. It then identified that I had Sametime 7.0x and asked if I really wanted to remove it. That was OK because I knew what was going on. But the problem is that I didn't have Sametime 7.0x, I had 7.5
P.S. after I installed, I launched it and the About splash screen didn't go away. But that was fixed once I rebooted. :-)
-
for this posting
On Friday, April 27th, 2007 by Chris Miller
An intermittent Sametime Connect 7.5.1 bug starting to appear
It seems that under certain circumstances the Sametime Connect 7.5.1 client keeps looking for the Microsoft Outlook profile. Even with Lotus Notes clients on the desktop and Outlook not configured. A check of IE shows that the mail program preferences is also set to Lotus Notes, so no conflict there.
There is the new Office integration component that is offered, however the client still prompts for Outlook profile upon launch after configuring it to use Notes.
-
for this posting
On Thursday, April 26th, 2007 by Chris Miller
A Sametime 7.5.1 question I got in email last night
Hey Chris, saw all your postings today on 7.5.1. I downloaded the new client but don't see anything but the full exe file. Do I need to expand that to get the Eclipse update or will that be coming soon? Great postings, thanks!
Well that is a great question. One I have asked. You would expect with all the hype around Eclipse and provisioning clients you could simply toss some code for a site update. While this would be many files and larger than a normal small push, it would all be done in the background and then they get restarted and viola. However, Lotus said they were not ready for it at this release, or something in those words. You get the drift.
So what that means is you must have each client download and install the full new code, just like a fresh install would be. It will upgrade seamlessly, it is just a packaging step you need to do.
-
for this posting
On Thursday, April 26th, 2007 by Chris Miller
Sametime Gateway 7.5.1 upgrade issue - broken in under 3 minutes this time
-
for this posting
On Wednesday, April 25th, 2007 by Chris Miller
Installing a plug-in without restarting Sametime Connect 7.5.1 client
Either that is a cool white plug-in or something is amiss
-
for this posting
On Wednesday, April 25th, 2007 by Chris Miller
Things you will see, shouldn’t see and hope get fixed in the Sametime 7.5.1 client
- The memory utilization is crazy. Upon launch with no plug-ins loaded yet, it was 67MB of RAM. Compared to other chat programs, that is an easy 3-4 times larger for some of the exact same functionality (like Yahoo messenger 8.x)
- If you happened to load the previous Eclipse updates for the Sametime Gateway on your Sametime 7.5 CF1 server, then you get the following prompt that new code was added. However, this isn't newer as they changed the numbering scheme (see image below)
- You are not prompted to change your geographic location for the new install and fill out you location information
- You users will appreciate the icon changing from Sametime Connect 7.5 to Sametime Connect (no version number listed).
- Privacy settings for different communities is still a single point and not set up to support the feature of logging into multiple communities
- It seems some people are getting two instances of the client when they install and click to Launch the client right away instead of closing the installer and then launching.
-
for this posting
On Wednesday, April 25th, 2007 by Chris Miller
Domino 7.0.2 FP1 doesn’t fix the nHTTP crashes? Lotus says so.
Problem |
Java virtual machine (JVM) changes made to Domino 7.0.2 are causing nHTTP crashes.
Content |
If you are running a Lotus® Sametime® server release 7.0 or 7.5 on Domino® release 7.0.2 you may experience nHTTP crashes. These crashes do not occur in versions of Domino prior to 7.0.2.
|
-
for this posting
On Tuesday, April 17th, 2007 by Chris Miller
Update on the Blackberry and Domino 8 posting I made
QUOTE FROM THE PDF
BlackBerry servers may crash unexpectedly when the server Name and Address Book (NAB) is upgraded to the new Notes/Domino 8 design or when users switch to the mail8 template. On your server console, you may see an error similar to the following:
Process E:\domino\nBES.EXE (4172/0x104C) has terminated abnormally
In addition, NSD may or may not activate. In either case, the BES task is not functioning, and BlackBerry users will be unable to receive mail.
Workaround Administrators should upgrade to the latest BES release that has Domino 8 support.
It's page 18 and 19.
Read the pdf right here
-
for this posting
On Monday, April 9th, 2007 by Chris Miller
Microsoft Transporter hit the streets
Brief Description
Microsoft Transporter Suite for Lotus Domino is used for interoperability and migration from Lotus Domino to Active Directory, Exchange Server 2007 and Windows SharePoint Services 3.0.
Anyone tested the gold release yet? You need the following installed also:
- MMC 3.0
- Windows Powershell 1.0
- Microsoft Exhange Server MAPI Client and Collaboration Data Objects 1.2.1
I will load them on the test machine and see what we get.
The Release Notes
The actual product page
-
for this posting
On Saturday, April 7th, 2007 by Chris Miller
Blackberry and Domino 8 beta issues
However! RIM states no support of Domino 8 in any fashion at this time so run at your own risk
-
for this posting
On Friday, April 6th, 2007 by Chris Miller
Location awareness in your IM client
Mobile IM
AOL has released a location plug-in for its AIM messaging client. The plug-in, developed by Skyhook Wireless, allows AIM users to see where people on their buddy lists are physically located. Skyhook tracks locations by using the wireless pulses emitted by all Wi-Fi transmitters, including Wi-Fi-enabled computers. The AIM plug-in allows users to add a new "Near Me" group to their buddy lists. This group will show usernames of those AIM members who share their locations and are within a set distance. The plug-in, which is a free download, also enables users to see a buddy's location on a map as well. Currently this is available only for PC users - however Skyhook has said it expects to see the location capabilities eventually integrated with AIM clients on mobile phones.
Interesting twist as the race continues for IM domination...
-
for this posting
On Friday, March 23rd, 2007 by Chris Miller
Having just said I liked the icons, now it seems we have a DST bug in the Notes 8 beta
Hmmm, something is amiss here
-
for this posting
On Thursday, March 22nd, 2007 by Chris Miller
I like the new Notes 8 calendar entry icons for some reason
The users gets it, the users understand it and for gosh sakes they don't have to call me about icons
-
for this posting
On Thursday, March 22nd, 2007 by Chris Miller
Another reason not to just randomly turn the /3GB switch on your 32-bit Windows machine
For example, with Win32, the default memory available to each Domino partition is 2 GB. There is a switch to increase memory to 3 GB, but that solution has a performance impact of ~10% CPU utilization. With Windows 2003 x64 Edition and Domino 7.0.1, this switch will not be needed and 3 GB will be supported by default.
So the issue is that with large data stores (this is over 2TB we are talking right now), the /3GB switch causes crashes. While the internal IBM info is not published at this time, I hope it will show. The funny thing is that this exact issue affects Exchange shops too as shown in this posting. I found a warning on Ed's blog, under comment #8.
This led us to find out about the transaction logging issue with 7.0.1 so we are headed for 7.0.2 with no /3GB switch. Let's see if we can get that new technote.
-
for this posting
On Tuesday, March 20th, 2007 by Chris Miller
Domino 8 Beta 2 install..
Well in the ReadMe file there is a section about uninstallation of the versions that cured my issue it seems. Some loose files left over in the C drive, a folder in the old installed program directory and 2 registry deletions and I was on my way. It launched fine, worked well (except the local NAB still) but crashed on the way closing. I will reboot now that install is done and see how we fare.i
-
for this posting
On Monday, March 19th, 2007 by Chris Miller
Server crashes in Notes 7.0.2 FP1 don’t make proper NSD’s without fix from Lotus
-
for this posting
On Wednesday, March 14th, 2007 by Chris Miller
Sametime 7.5 plug-in for Plazes, why yes it is free
So go and get it from Ebf.de or use the very simple site update they provide if you have trouble reading German. You can use the site.xml for your client at the following:
http://ebfdus1.ebf.de/sameplace/site.xml
-
for this posting
On Wednesday, March 14th, 2007 by Chris Miller
DST bug again on changing calendar entries, or maybe not
What this means is that while the agent completes, it might have skipped certain documents in the user's calendar. Of course, this is totally random. We found most mailfiles were good, but then some would have appointments that did and did not convert. Running the new agent again against these mailfiles seemed to solve the issue. WAS far as we can tell because there is not enough time to go through the properties of each entry and find the timezone values.
So good luck once again..
-
for this posting
On Wednesday, March 7th, 2007 by Chris Miller
Anyone care to explain how McAfee SpamKiller doesn’t work with Lotus Notes emails? I think this is fishy
Now normally I would laugh and enjoy the humor. However., there is a link on the McAfee site that takes you to a simple statement form them that they do not support Lotus Notes in it's native mail format, use POP3 and then it links to an Oct 1998 article on LDD about setting up local POP/SMTP accounts.
So I browsed their site and came across the product page which states it supports Lotus Notes and the other product. SO I am guessing this article writer is pulling old data out to stir the pot since the link was for the R4 version of the product also.
-
for this posting
On Wednesday, March 7th, 2007 by Chris Miller
Lotus steps up and offers ’Open Mic" conference calls and demos for DST changes
IBM is holding daily "Open Mic DST Calls". These calls are intended to
provide a forum for our customers to bring their questions, concerns etc..
around DST to us! Our goal is to provide them with the information they
need and to answer the questions that they have in order to ready their
systems and WPLC products for the DST changeover.
IBM has planned calls for Tuesday - Friday (March 6th - 9th) and March
12th from 12:00pm - 1:00pm Eastern.
Tuesday 3/6 -
Conference Access:
Toll free: 1-888-732-6202
Toll: 1-719-457-1017
Participant Passcode: 893498
Wednesday 3/7
Conference Access:
Toll free: 800 214 0745
Toll: +1 719 457 0700
Tie: 650-3309
Participant Passcode: 158121
Thursday 3/8
Conference Access:
Toll free: 1-888-373-5705
Toll: 1-719-457-3840
Tie: 650-3310
Participant Passcode: 547292
Friday 3/9
Conference Access:
Toll free: 1-866-237-3252
Toll: 1-719-457-1018
Tie: 650-2636
Participant Passcode: 163964
Also, the demo videos can be found here:
New Videos show sample scenario of applying DST change to Notes and Domino
New video instructions (screen capture with audio narration) have been provided. These videos demonstrate how a Notes calendar is impacted by the DST change and show one scenario of applying the necessary updates to allow for the new Daylight Saving Time definitions. The download link to the videos is embedded within the "C&S Agents" technote below.
Title: Agents for updating Calendaring and Scheduling entries and Resource Reservation entries for Daylight Saving Time (DST) 2007
URL: http://www.ibm.com/support/docview.wss?rs=463&uid=swg21254639#Demo%20Videos
In addition, a video has been created to demonstrate how to use the Java Time Zone Update (JTZU) tool for updating DST information in your Java Runtime Environment(s). The JTZU video can be accessed via the following updated technote:
Title: Using the IBM Time Zone Update Utility for Java (JTZU) with Lotus software products
URL: http://www.ibm.com/support/docview.wss?rs=463&uid=swg21249964
-
for this posting
On Tuesday, March 6th, 2007 by Chris Miller
DST Resources agent warning - a new bug found
You then go in an edit and resave the document (or run an agent to refresh them all) and you get the following.
Ignore the Adminp statement if you edit and resave. It is the saving action that does it apparently.
-
for this posting
On Friday, March 2nd, 2007 by Chris Miller
Reactions to slides and information from WPLC tech call on Lotus Connections this morning
The blog technology is based on open source for this, using the Roller technology. This is an easy way to get users started but also the floodgates on information. One of the speakers even stated this was not a highlight of what Connections has to offer.
Currently only ITDS and Active Directory 2003 are supported. They are 'actively" looking at properly utilizing the Domino directory for the LDAP services. This is something that was addressed during Q&A at the end. Domino support is crucial to many enterprises that have based and aggregated themselves around a Domino directory choice.
There will be a pilot and production install options. The pilot builds the required tables on DB2 for you and the WAS part is a very basic install with security needs. Much like the Sametime Gateway base install. All the services are installed for testing ability in the pilot mode. Production will offer standalone or clustered services with the ability to include or not include parts of Lotus Connections. Data preservation should be preserved if you move from pilot to production. This is a great way for customers to get their feet wet
A slide was pushed on ITDI (IBM Tivoli Directory Integrator) abilities to allow enhanced profile support across data sources. ITDI will be offered as a bundled part of Connections. A good move on the part of IBM to allow a greater building of profiles from numerous data sources. Such as a Domino directory for usernames with HR info on profiles. Using some data mapping in XML you could build a nice table and hierarchy for profiles, including skillsets.
If you read my LUG Sys Admin newsletter I had some initial candid talk about Lotus Connections inside. I would suggest popping over there for some beginning thoughts.
-
for this posting
On Wednesday, February 28th, 2007 by Chris Miller
DST steps from the sweep we did
But as a quick note, look for another new agent (4.0.2.7) to come out and fix some of the looping script errors we received on numerous servers while running the server based agent against the mailfiles. We saw this on more than a few customers across versions of templates as well as Domino versions. It drove us nuts, and wasted a lot of time to have to go into the text files and remove the offending user mailfile to get the agent to run on. Until it encountered another one and looped again. Now some ran without incident. Others stopped more than 20 times on larger sites.
I also talk about the order we did things and across the product lines.
-
for this posting
On Tuesday, February 27th, 2007 by Chris Miller
Blogging our DST patch morning live
5:30am - So first up for me was the Sametime servers. Others were prepping the DWA, calendar and RnR stuff. I have some of those to do in a bit, but I started with our internal servers first. Running the JTZU patch took far too long to search the Sametime systems. You really cannot run this tool in interactive mode since then you need to specify what gets updated and you have no clue. It even prompts you that letting it search could take hours. It really only took a few minutes when all was said and done to find what needed updating. It did take a while to run however.
6:16am - This was incredibly frustrating when the IBM support site was up and down all morning also. Yes we have knowledgebase locally, but it is faster to web grab some of the files. Also, it also would be nice not to get just random error messages on documents not existing when you know they do.
7:00am - First batch of RnR changes completed and one test mailfile set done. One weird error on one customer and the rest went smooth so far.
8:00am - Script errors when the calendar agent runs on a bad mailfile in the text list. We find endless script loops running. Removing the last mailfile attempted (and all previous completed ones) from the text list and restarting the agent fixes it. Some clients have no issues at all, others have a handful that cause grief. It has you going back to each server and making sure it it not looping.
8:30am - The path for managed and hosted server is an issue, so we created numerous agents with different drive letters that we can fire off. Now AS/400 and some random servers ever have different data paths from the norm. Standardization I say, standardization.
8:50am - Encounter first Domino Directory in foreign language. Script in agents only works on English views. It says it can't find the Server\Mail Users view. Which is there, however it is Servidor\Usuarios do Correio. First glance doesn't show where the agent grabs that view name to change it.
So I will give another (after much sleep) overview tomorrow on steps, commands and other things we figured out and streamlined as we went along to make your life easier.
-
for this posting
On Sunday, February 25th, 2007 by Chris Miller
Have spare resources, run the DST agents in tandem
1. To run as multiple instances (i.e., four instances), copy/paste the agent multiple times in the same database, and change the name to "AdminAgent1", "AdminAgent2" etc.
2. Ensure you have the server setup to run the desired number of concurrent agents in the Server document in the Domino Directory. The "Max concurrent agents" setting is found on the Server Tasks -> Agent Manager tab. Note: There are separate settings for "Daytime Parameters" and "Nighttime Parameters," make sure that you set each as desired.
3. Repeat steps 1-5 from the section above on configuring the agent to run in the background:
- in step 1, ensure that multiple TXT files are used to evenly divide the list of files to process
- in step 2 ensure the individual agents are edited to point to the individual TXT files
- in step 6, simply issue "Tell AMGR Run" for each of the individual copies of the agent:
i.e. for 4 agents it would be the following
Tell AMGR Run "mail\AgentDb.nsf" 'AdminAgent1'
Tell AMGR Run "mail\AgentDb.nsf" 'AdminAgent2'
Tell AMGR Run "mail\AgentDb.nsf" 'AdminAgent3'
Tell AMGR Run "mail\AgentDb.nsf" 'AdminAgent4'
So notice the key area about having enough Amgr threads defined to run all the instances you wish.
-
for this posting
On Friday, February 23rd, 2007 by Chris Miller
DST preparations - step 1, read technotes and run in circles. No, ok really here we go...
(4) is in relation to putting the OS patch on the clients. For one thing, Lotus suggests that the Notes client is closed when the patch is applied. How many of your users leave the client open all night long?
The computer should be restarted after the patch is applied and before restarting Notes. If the computer is not restarted after installing the patch, Notes will return the old time zone information for time zones other than the current time zone.
A lot is riding on this client restart or even patching. I am also not sure how you are forcing your users with machines at home or laptops to do it. If you start scheduling meetings across the clients that do and do not have the OS patch, then you will get variances in what they see and how correct they are.
Now to toss in some confusion, (5) should be done as soon as possible in relation to the OS updates. This is finely designed and choreographed dance folks. The amount of errors that DWA users will get relies heavily on this. See technote #1241063 for the alternative issues. From simple error pop-ups to meetings getting scheduled in Greenwich Mean Time, I think we have a problem here. There is no way to get all those DWA user machines.
(6) moves on to the RnR database and the users mailfiles. Now, if the users have local replicas also, they should be grabbing the change agent through replication before you run it on the server too. See technote #1254639. The RnR Manager must be shut down when the agent runs, and you even get a prompt while running this from the database Action menu. Note, you will be signing these agents with some id file that needs at least editor access to the RnR database.
I will have more info for you to follow this one as we finalize and formulate the plan to update servers globally, hopefully it helps.
-
for this posting
On Wednesday, February 21st, 2007 by Chris Miller
Interesting music site I found and how it is provided
It was called Musicovery and I happened to stumble across it. You can select year ranges/tempo/mood/genre and all of that in a sliding connected image that let's you choose paths. There is like 18 genre's and then sub moods then a sliding bar for year coverage.
-
for this posting
On Saturday, February 3rd, 2007 by Chris Miller
Announcement: A search site for Lotus related blogs only through Google Custom Search
I find it hard to see all the blogger sites at one time looking for content when we all do not tag the same way. So I have 83 sites already listed (from my own links) and will take more and even volunteers for the Custom Search Engine on Google. Alan L started one quite a few months ago but I think this has broader appeal. Since we all do not use Technorati the same way, but wish to see who said what on a topic, this will search only the blog sites and not hear the noise from everywhere else
-
for this posting
On Friday, February 2nd, 2007 by Chris Miller
Sametime Gateway - now you see them, now you wish you used the @aol in the name
- The Clearinghouse works well for adding @aol.com and @company.com names and does not fare well with @aim.com names
- If you add someone to your buddylist with an alias it does not add the little fancy orange running dude next to their name and instead adds the globe. This , of course, gives no indication that they are even an AOL person you added. I need to try this with Google Talk and Yahoo in a few
- If you add someone with an alias to your buddylist from @aol.com, you can never again see their online name from the UI. You can go local into the buddylist file, but not from the client.
-
for this posting
On Wednesday, January 31st, 2007 by Chris Miller
How to destroy your Sametime Gateway server in 21 seconds
Much to my humor after it was installed, it destroyed the management screen changing the gateway section to portlet entries that would not launch as shown below.
So I went back in and uninstalled following the simple task of switching the word install for remove. Another 21 seconds later and I am back in business, without Yahoo integration, but back in business.
initCleanupWorkDir:
[delete] Deleting dir
initRemoveAdminPortlet:
remove-servicepack:
BUILD SUCCESSFUL
Total time: 21 seconds
-
for this posting
On Monday, January 29th, 2007 by Chris Miller
Playing with a customers new Barracuda
It was an interesting touch if we could move those deign elements into the Domino 7 template and provide a hook into the Barracuda natively from the user's mailfile. Anyone have experience with this integrated template in production yet?
-
for this posting
On Thursday, January 4th, 2007 by Chris Miller
Omnifind plug-in for Sametime 7.5 from IBM
From there I started manipulating the browser to use (a button to browse the local OS would be nice instead of having to figure out and type it in manually) and what search host. I couldn't figure out how to use my Sametime custom search engine yet, but it worked well otherwise and you can change the name and play with some of the basic code to make a nice internal Intranet and specifically targeted search. You could then deploy this to the right people for some good quick reference help.
Take a peek if you haven't.
-
for this posting
On Wednesday, January 3rd, 2007 by Chris Miller
Sametime Gateway nuance of the day (yes again)
However (isn't there always one of these with me), they showed with the custom icon for the community and not with the little AOL running man. So I removed the username entirely from my buddylist, and then manually added a new contact from the buddylist window. I choose external contact and add the AOL name and the AOL running man shows up just fine.
Bizarre and makes sense in a weird way, it is broke.
-
for this posting
On Friday, December 29th, 2006 by Chris Miller
Sametime Gateway nuance of the day
I never looked until today, which I should have. While running the Sametime Mobile client for Blackberry, you can see all your AOL and gTalk contacts just great. However, when they see you through the gateway, they do not get the mobile icon like other Sametime users see. This might be a limitation of the gateway itself, but users will notice, trust me.
So what you get is the standard online and status ability, just not client type indications.
-
for this posting
On Thursday, December 28th, 2006 by Chris Miller
Sametime Gateway - adding a person as an alias "bug" to me
So chalk this one to a 'feature request' I guess.
-
for this posting
On Tuesday, December 26th, 2006 by Chris Miller
New loosely undocumented error when migrating
Here is the issue. After loading 7.0.2 in the new VMWare, we shut down the old 6.5.3 server and began the simple mailfile and few database copies. We brought the server up under the old name and started seeing countless lines of the different tasks with the same error message
"cache entry not found"
No maintenance or convert task would fix it. Convert, Fixup, compact, index all failed with the same error. Yes, all of them.
Now I searched Knowledgebase and online to limited success. The Sched task, RnRMgr and HTTP were all reporting this same error. Well with numerous tweaks to the Google search, I finally found some insight. The customer had moved to a single copy template (SCT) for the DWA 6 infrastructure. When the databases were moved over, the SCT templates in use were not. I simply moved those over and the server came right up with the error removed. Convert then ran successfully to move them to DWA7 and then compact to reclaim much of the unused diskspace.
Issue solved and into the books for another oddity of undocumented weirdness.
-
for this posting
On Monday, December 18th, 2006 by Chris Miller
Sametime Mobile on Blackberry error I am encountering
-
for this posting
On Thursday, December 14th, 2006 by Chris Miller
Sametime Gateway status here
I am getting lot of IM's and a few emails over setting this up and I hope to have a nice document shortly to answer those burning questions for all of you
-
for this posting
On Thursday, December 7th, 2006 by Chris Miller
Admin2006 Vienna - BOF Experts Panel live blogging
- how to deep fry a turkey
- change users SMTP domain name across 17 acquired companies
- whitelisting servers
- Sametime error codes for users dropping connectivity
- set update flag in local address book
- multi language notes clients?
- strip attachments from NDR's?
- port failover in a clustered server - teaming NIC cards as solution at hardware level
- migration of domains by moving everyone into the new domain and then recertifying
- server_transinfo_range proper setting?
- Nomad questions on the uninstall/U3 and performance speed issues on USB
-
for this posting
On Thursday, November 30th, 2006 by Chris Miller
SNTT: Working with that hard to setup remote server
As we fired up a new customer server remotely over in China, it had terrible bandwidth and connection issues. It could telnet to the Notes port on the US based Domino server, see the server in DNS and IP, but when Notes popped up it had the worst time trying to connect and would time out too fast. |
So there is a couple ways to handle this. As commented before, there is no documentation of what format or data should be included for the setup selection of choosing local media. We have played around with it to some success, but it should be much cleaner. So we copied down the names.nsf, admin4.nsf and the notes.ini from a freshly installed and working server. A quick change of the id file and paths and the server came right up. You could note the CleanSetup=1 in the notes.ini but I wanted everything built, not just to tell it that the setup.nsf database was placed and removed.
You used to be able to create profiles, pre-configured in the setup.nsf database and place that on numerous servers. it doesn't like that in the newer code streams.
-
for this posting
On Thursday, November 23rd, 2006 by Chris Miller
Sametime (RTC) Gateway info again..
This is exactly what should have been done for the CF1 patch that came out, but now you have it. I would either read more on how to configure or build the site.xml, including all formatting or I see there is a session on it at Lotusphere in using your Domino server to push and become a site update server for your Eclipse updates.
-
for this posting
On Monday, November 20th, 2006 by Chris Miller
So let’s talk RTC Gateway
- Installation
- Security
- Management
Continue Reading here" So let's talk RTC Gateway" »
-
for this posting
On Friday, November 17th, 2006 by Chris Miller
Sametime 7.5 Admin servlet bug found (we think)
-
for this posting
On Wednesday, November 15th, 2006 by Chris Miller
Sametime 7.5 Mobile oddity we are seeing (gif to prove it)
So that is a weird thing to me when I see and can chat with them.
-
for this posting
On Thursday, November 9th, 2006 by Chris Miller
Sametime 7.5 Mobile on Windows Mobile 5 device issues
SOLUTION: We removed it from there and installed to the local device and it came right on.
PROBLEM: Each time he closed a chat or Sametime with the 'x' in the upper right corner it kept dropping him back to the page where you had to specify the hostname and port.
SOLUTION: I found that I only created a profile for the Blackberry users and not the Nokia/Windows users. I created that profile and it fixed that issue.
-
for this posting
On Wednesday, November 8th, 2006 by Chris Miller
When Lotus business partners step up to the plate
Some of you are saying, hey that is what they do for a business. But I am looking at it as they jumped onto a screen sharing meeting to make sure everything was fine (which it not been modified in months so we knew this was abnormal) and implemented some new features and things that are coming soon in a future release at the spur of the moment to keep their and our customer happy and functioning.
That is when you like telling people that you have multiple customers using their product with good success. Bravo to the team at Granite Software today.
-
for this posting
On Friday, November 3rd, 2006 by Chris Miller
More Sametime 7.5 Mobile on Blackberry
- I received a comment yesterday asking about the 7100 and SureType. Well an answer was presented in the Sametime Forum that says SureType is possible with a quick manual user intervention. You need to go into Preferences on the mobile device for Display and select Full Screen Input. But then enter doesn't just send the text, you have to click the wheel. I didn't like that much. Luckily mine is the 8703 so I don't have that issue.
- Setting text size bigger than small made it easier to read but took up a lot of real estate which meant scrolling. So the default small font worked for me. Emoticons looked the same.
- Chat history on the mobile device is great. When you jump into a chat it pulls the previous bit of history. That is very cool
- The icon for the 7200 series is just a big blue square. However, on the 8703 it shows as the familiar Sametime icon, even if it was a bit larger than the other desktop icons.
- Port 80 access for tunneling seems to work as Gerco reported, we went for the default 8082 to test.
- The ability to flip between multiple open chats and the buddylist is nice.
- N-Way chats are very cool and interesting.
- Get ready for the standard blue and black text
- Get used to the
option in the click menu. I thought would back me out until I realized it did close Sametime instead of the window I thought I was in. is at the bottom of the scroll list instead of towards the top - I didn't test Quick Find yet, will do when more are online with the new client
- Alert Me should be fun to play with. I wonder if it carries over into the client too, or just the mobile device.
-
for this posting
On Wednesday, November 1st, 2006 by Chris Miller
Quick Tips for going live with Sametime 7.5 mobile on Blackberry
Now then, the rest is where I sat silly for a moment but then it all made sense. You must manually add Fallback MIME types to the httpd.cnf file in order for it to see the .jad file that is needed for the RIM installs. I was hitting the server with the browser before I realized this was a step to perform. A quick restart of HTTP and you are off.
They also suggest you create an easy to remember web redirect for users. I will do that later after testing. The code then did an OTA install fast and I launched the client direct from there to the server. It uses port 8082 so make sure firewalls are ready for that. I tried hitting another Sametime 7.5 server without CF1 on it and the connection failed every time no matter what port or connection type I selected. So the fixpack install is required for this to work right.
One other thing, you should go into the new Configuration-Sametime Mobile and set a couple default fields to make it easier for your user once they load the client. Sort of like creating a pre-populated sametime.ini for the device.
So the device list for now looks like this:
- Microsoft Windows Mobile 5 and 2003 SE
- Nokia Eseries
- RIM Blackberry 7100/8700 Series
-
for this posting
On Tuesday, October 31st, 2006 by Chris Miller
Sametime 7.5 CF1 out, so to follow onto Carl’s postings..
From there the clients are not set to properly retrieve incremental releases from a central site. Forgiving all of the config areas on our part, the package that came from Lotus also uses forces an alternate directory for installation (Carl makes a good point in the comments on why they may have made this change) and was not wrapped with the proper feature and manifest files to move into the site.xml for automatic distribution. However, this screws with plug-ins it seems. We have found no documentation around this in the readme yet.
I thought that was one of the points, but I am not sure when we can expect this to be available. I would love to grab a fix from Lotus, update the site.xml section appropriately and let it fly so everyone gets the prompt that the updates are installed and do you wish to restart the Sametime Connect client now, or in 5 minutes as the documentation around it showed as an example.
-
for this posting
On Monday, October 30th, 2006 by Chris Miller
Real-Time Collaboration and Mobility Seminar - Chicago Day 1 final
I have more to say on this topic but I am thinking of a series or podcast. Any takers on comments/interview of your thoughts in a podcast?
Dinner the first night was Wildfire, a pretty good local chain. Apparently they are expanding to other cities like Atlanta shortly. Besides the snowshowers that hit tonight, dinner was split among people trying to go to different places. We ended up at Momotaro, a Japanese restaurant for some sushi.
-
for this posting
On Monday, October 23rd, 2006 by Chris Miller
Moving from SIP Gateway to the new Real-Time Collaboration Gateway (RTC)
The Real-Time Collaboration Gateway is an extensible platform built on WebSphere® Application Server, and allows various real-time collaboration communities such as IBM Lotus Sametime and public instant messaging (IM) services to share presence and exchange text-based instant messages with each other. The Real-Time Collaboration Gateway receives messages from one or more communities, checks their legitimacy, translates them if necessary, and forwards them to their destination.
So you will need another piece of hardware to replace the current Sametime SIP gateway, or just reuse the one you have with an outage. Keep in mind the outage could be a couple days as you provision with AOL to get connected directly. DNS and domain management will be a key to you deploying the RTC Gateway successfully.
-
for this posting
On Thursday, October 12th, 2006 by Chris Miller
Steve Castledine talks about stats for the blog template in 7.0.2
All the blogs I host on DominoBlog I have pushed toward this configuration when they first went live or we found out this trick from Steve. I would say almost 3 years ago.
I see they did blue-wash the template and trim it down (I still use a whole database from the DominoBlog 3.0.2 template for my stats database). From there you can create your own reports or just use the views that were provided. Apparently there is a document refresh that needs to take place when converting over, which for me will take quite some time. I am thinking about just archiving out the old one and using the new stat database. Makes more sense in a way.
-
for this posting
On Friday, October 6th, 2006 by Chris Miller
Creating the Admin pack for Nomad
Remote Server Setup
Java Console
Server.Load
Notes Peek
Notes Ping
Designer
Now I cannot go and give away all the little secrets, but you get a great headstart here.
Do not try and install Nomad straight from the downloadable code, you must unpack it first. I am hearing rumblings of those trying to install with the flags right from the exe file, which does nothing but install onto your local machine. I quite image that Susan Bulloch will have many more comments on that thought.
-
for this posting
On Wednesday, October 4th, 2006 by Chris Miller
The IBM Support Toolbar
It might have come out a while ago, but I just ran across it. You can even look down into specific brands, like Lotus to search only those site areas. That is the key thing.
-
for this posting
On Tuesday, October 3rd, 2006 by Chris Miller
Collaboration University Day 2 and Announcements on Wiliki and Quickplace 8.0
Hawaiian for "Engineer" made to be a set of blog and wiki templates in Quickplace. You can deploy it now on current versions and it is open source based on Ajax and Web 2.0 capabilities. It can be packaged as a PlaceType for all or used individually. The RSS and Atom feeds will be awesome.
Quickplace 7.0 and beyond through 8.0
There will be a fixpack for QP 7 that will contain some new features before we move into 8.0
Quickplace 8.0 will have numerous enhancements launched around the time of Domino 8.0
- Simple (if not almost automated) upgrade from version 7 to 8
- The features above from Wiliki are listed as native in 8.0 of Quickplace
- Better integration into Lotus and Microsoft
- editing of QP content directly within Microsoft
- Access QP from directly within Notes and Hannover
- ODF support with integration from the IBM Productivity Tools
- A Place Superuser access role
- Better administrative reporting and dashboard control
- Access content from within Sametime 7.5 chat , meeting or buddylist. WOW
- Transfer files from within QP right through Sametime
- A Quickplace shelf (plug-in) for ST with even more capabilities in the screenshots
- Subscriptions to key data like calendar, folders, what's new
- My Places would move into folders in the inbox of your mailfile
- Drag a mail thread right into Quickplace
- Future mails in this thread get automatically pushed
- A Quickplace Dashboard (we have to meet the Web 2.0 acronyms)
- UI right click actions sensitive to users rights in the QP and context of usage
Quickplace Next has even more changes in mind towards the second half of 2007
- Backup and restore Team Spaces
- Offline access with the rich client - Hannover
- Desktop integration - Office and Windows Explorer
- Solid document management capabilities
- New blog and Feed Reader ability
So how does that sum up announcements at Day 2?
-
for this posting
On Thursday, September 14th, 2006 by Chris Miller
Browser Cache Control in full effect
-
for this posting
On Monday, September 11th, 2006 by Chris Miller
Sametime 7.5 tip.. don’t have IE loaded? You better
The Sametime Connect 7.5 client does not support configurations where the only browser installed on the machine is Firefox. This may be, for example, a Windows machine where Internet Explorer has been uninstalled, or a Linux machine where only Firefox is installed.
Otherwise certain features do not work, like chat
-
for this posting
On Friday, September 8th, 2006 by Chris Miller
How will you use RSS in 7.0.2 for your users? I think I am starting to get it
With so much information overflow, I see the path Mike Rhodin has talked about. While I do not agree with dogears and some of the mash-up talk just yet, the consolidation and compilation of all the data I want can now be sent from and into Notes databases easier than ever.
How much time do we spend trying to keep clients gathering feeds all to ourselves? How does that benefit our business partners, customers and even friends? It doesn't when only you see Bloglines, your Feed Demon or Atom application.
Right now we all fight over what is important to us by subscribing to RSS feeds individually and hoping the content continues to give us what our minds find interesting. But, I have to get links from others to find new content I never subscribed to. In a portal or enterprise scenario I can reach everyone with what is important to the company and then let them see what is important to each other by rankings and how often topics are reviewed.
Who has the first workflow driven, tracking and mashed together RSS database built?
-
for this posting
On Thursday, August 31st, 2006 by Chris Miller
Interesting quote in a company’s claim of migrating Notes to Exchange
"We seeing larger customers moving to Exchange," says Ron Robbins, product manager for Exchange migration solutions at Quest. "we are seeing 20,000 to 50,000 user accounts moving over..."
Quest, which says it has migrated more than a million Notes mailboxes to date, ...
Where the heck are all these users?
There is a podcast you must listen to, for at least the first minute, that they put on the right side. The podcast's first question that asks why people are moving. Ron, quoted above, actually states that there is confusion around whether Notes will be around and the move to Workplace Messaging replacing Notes. Of course, the interviewer and Ron are both Quest employees. The statement that there is more mobile options on Exchange and greater reliability had us laughing in the office. Oh please go listen and laugh along. Then taunt them with me.
Continue Reading here" Interesting quote in a company's claim of migrating Notes to Exchange" »
-
for this posting
On Wednesday, August 30th, 2006 by Chris Miller
Are you @Live with Sametime 7.5 yet?
'Meet me @ 5'
'I will be @ the office'
But, I found that when I went home last night with the new Sametime 7.5 Connect client, I said @Home in my Location when prompted. Unfortunately it blanked out the Location field from showing. If I simply removed the @ symbol,, it all came back. Bizarre and from reading it was deferred to a later fix.
On the positive side, the location setting is great and makes finding how to contact and where people are a great thing. It works well so far for our sales team that upgraded right away and some of our people at customer sites. Good stuff there.
-
for this posting
On Thursday, August 24th, 2006 by Chris Miller
My Friday’s posting on Sametime 7.5 got some email and responses
Sean Harris points me to Chris Pepin's posting with the pdf from Lotusphere on the scalability of the IBM Sametime environment. Taking a screenshot from there, how many of you could get your enterprise to offer a server farm like this (of course scale to your size of employees) ?
Picture multiple MUX servers with Community Sametime servers sitting behind that. A world of possibilities yes. But my posting was not about the server side as much as the client.
My comments revolved around how fast it jumped out of of beta even after a beta call just days before, not the scalability of the product. That is to be determined at a later date as usual. I personally think (since this is a personal blog) that I was anticipating another beta drop or longer cycle to clear some of the items to get built in or fixed for the product.
The server core stays the same in 7.5 with a few added things and UI for web meetings. Most of the work is in the awesome Connect client. However, there is still management things to be done with this amount of capabilities.
-
for this posting
On Tuesday, August 22nd, 2006 by Chris Miller
SNTT: SMTP and SSL on port 465 (and the Lotus boo boo it seems)
So here is the issue. You wish to do SSL for SMTP. Looking at Domino you see that it is disabled by default for both inbound and outbound SSL over port 465. However, we could not get anything to connect from outside out network to a server that was offering SSL for SMTP after being enabled. We had both Anonymous and Name & Password set to 'Yes" also. |
After searching the firewall logs we found that connections were never getting to the firewall in the first place. So we went farther back to the edge routers. What we found was that the port 465 packets were getting dropped for some reason. After some digging by our network team we found this lovely bit of information. Basically Domino still uses port 465 for SSL over SMTP. This port was assigned and picked up by Cisco URD (URL Rendezvous Directory for SSM) after the V3 SSL standard was drafted 10 years ago. The port never made it out of Reserved (pending) with IANA according to what I could find on the Internet.
So the recommended approach is to start communications with a START TLS encryption instead of move your SMTP SSL port somewhere else. While it might work over port 465, there is no guarantee is Cisco routers are somewhere in the middle of the communication.
- References:
http://www.iana.org/assignments/port-numbers
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835 /products_configuration_guide_chapter09186a00800ca795.html
http://www.chebucto.ns.ca/~rakerman/port-table.html
-
for this posting
On Thursday, August 17th, 2006 by Chris Miller
This Domino Administrator tool came in handy today
Server-Analysis-Analyze-Find Server
-
for this posting
On Tuesday, August 15th, 2006 by Chris Miller
Sametime 7.5 Connect and memory usage
Keep in mind these numbers are represented by the latest beta code and might still have debug left, yada yada. You know the drill..
Well here is what I have found for the standard user on Windows XP:
- When first launched and opened it was eating ~32MB
- When minimized to status bar with the minimize button and not the 'X' it drops to a nice low ~2-3MB
- When reopened to the screen it was ~12mb
- When a text chat comes in it jumps to ~42MB and then settles back into ~35-37MB
- When closed with the 'X' to the status bar it stays at ~34MB
- When a chat is open but the buddylist is sent to the status bar with the minimize it ran about ~10-13B
- When a chat is being typed in with the buddylist minimized it ran about ~17MB
- A voice chat kept the system at ~38MB plus another sametime.exe at ~2MB
- Chat History ate up about the same memory as when you have the client opened
- Instant Meetings didn't change the client memory just added the browser usage as expected
So take that how you wish, but that is what the basics are for now
-
for this posting
On Monday, August 14th, 2006 by Chris Miller
I must apologize and amend my earlier today Sametime 7.5 posting. I found it in the new beta stream!
Apparently somewhere along the way they fixed the issue from what I posted right below. In the recent beta you can go into preferences for the community and change icons. That always worked. Then under Contact List Window you select (which the UI changed from earlier) to show the community icon for each person with some percentage of transparency and viola!!
Now we have to see if that is true for the RTC stuff. I know there is some hidden AOL icons in some jar files, so I bet it will exist somehow. Crossing fingers... (this is looking like Trillian in the main buddylist window now) Prey for tabbed chats.
-
for this posting
On Thursday, August 10th, 2006 by Chris Miller
Customizing Sametime 7.5 so far and a small rant
So I went into simpler items such as adding community icons to my client and trying to replace the darned greyman group. If you have not seen it yet, when a users does not have a picture available, it shows a nice grey head of a person as a placeholder. I was able to track down that .png image in the .jar files and replaced it with a company logo. Turned out quite nice actually
The specs:
- Image_Placeholder better known as Greyman Group is 37x37 pixels
- Community icons are 16x16 and only affect the community icon at the top of the buddylist window, not anyone associated with it.
Here are some new icons I added for the communities for more color selection. Orange, "Yellow is the new black" and green.
Go away, nothing to see here, it has been fixed, see newer posting above this one.....
< rant >The community icon should apply to each person you add in my eyes. That really bites as it would be nice (like other clients, *cough* Trillian) to tell which community a person came from. Then you can cross match groups by task, team or whatever and see where they are linked to.< / rant >
-
for this posting
On Thursday, August 10th, 2006 by Chris Miller
Sametime 7.5 and migrating privacy data utility required
There was a technote references under #1242317 for "Migrating privacy data after upgrading to Sametime 7.5." Unfortunately this is being held.
I found the UpgradeBLUtil.jar on the server but I am not sure what flags or whatever to run so I am holding off testing it for now. Let me see if I can get some info.
-
for this posting
On Wednesday, August 9th, 2006 by Chris Miller
Sametime 7.5 and the RTC Gateway
I would love to see this ship sooner or even start playing around with it. I have companies asking about this ability since it will allow a more controlled chat environment with the rest of the world. Now the gateway will use SIP to hit the outside products (Yahoo, G-talk and AIM) which the native protocol will take care of Sametime to Sametime connectivity. I can see a bunch of connectors (including one for Sametime to Sametime communities) you can install or turn on and off to control which outside chat vendors your people speak to. Or maybe this will move into policy control also.
-
for this posting
On Monday, August 7th, 2006 by Chris Miller
A sturdy U3 USB drive, Titanium anyone run over by a Honda?
-
for this posting
On Monday, August 7th, 2006 by Chris Miller
Playing with an interesting install twist with Sametime 7.5
So pointing the chat transcript folder to the USB drive doesn't always work either as the drive letter might change each time you plug the device in. A native directory path to the Sametime folder would be nice however. Or just turn it off for that instance of the Connect client is my next thought.
Sorry for the rambling thoughts on getting certain features working, but I am really trying to make sure this works on the USB now.
-
for this posting
On Thursday, August 3rd, 2006 by Chris Miller
Promised update on Notes on Linux installs
You need just over a GB of temp space to get it installed, no matter what it tells you. If you do not have enough, we got to see it actually install just the Workplace components and note the Notes part. That made for an interesting desktop.
No documentation the Linux guys found showed how to go back and install just the Notes part, so the uninstalled and started over.
However, I must say that they are extremely happy at this point and gave it good reviews so far. All this on Red Hat 4 I believe.
-
for this posting
On Friday, July 28th, 2006 by Chris Miller
Workplace Services Express 2.6 base install overview
Download:
- You need 4 files (or the cd's). You can get the part numbers on-line but it is almost 3GB worth to download
- Put them all in a single directory and unpack them there. It will create all the necessary folders and structure if you keep using the same exact path for each unpack. This in turn makes another 3GB of unpacked files on the server too
Install:
- There is a file called launchpad.exe that brings up some Java and a GUI. Unfortunately that damn thing would never come up, ate CPU like a Survivor winner and hung with an ugly grey box
- I opened the install guide and went with the command line install instead
- The old 2.5 version seemed to honestly take between 30-45 minutes
- This one was the following:
- Started GUI at 9:22am
- Switched to command line at 9:26am
- Started install at 9:27am
- Install completed at 11:40am
So that means it took 2 hours as compared to the previous 30-45 minutes.
With that being said, it still worked fine and installed flawlessly past that point. The page loads are always horrendously slow the first time. This was no exception and the install guide even tells you to do so.
-
for this posting
On Thursday, July 27th, 2006 by Chris Miller
WebMessenger loaded on Blackberry for Skype
That is what the Skype looks like on the Blackberry. Not bad. Uses SkypeOut to make the calls and runs as a plug-in for the desktop Skype for the free version. A good compromise in some ways. Sucks in others. The documentation was a bit misleading on how to get it configured, plus it gave 2 icons on the Blackberry with no reason what the difference was. |
Also, the Skype id was to be used locally on the Blackberry (one would think) but in turn, you have some weird id name you enter into the WebMessenger plug-in that links the two together. Keep that in mind if you download this freeware portion. Just a step that you have to mix the guide and online help in figuring out.
Next up is the Sametime integration. I already had Skype for the U3 working successfully, this is a nice addition so far.
-
for this posting
On Tuesday, July 25th, 2006 by Chris Miller
Sametime, Skype, Blackberry and WebMessenger
Next, Naylor says, WebMessenger will be expanding beyond Skype. "We have SIP compatibility as well, and so we're going to be rolling out similar capabilities for various SIP-enabled networks and telephony systems," he says. "On the enterprise side, we're close partners with IBM - in fact, they deploy our mobile client internally as the extension to Lotus Sametime on the desktop."
But this is the part I really enjoyed. Grabbing connectivity to other SIP providers for integrated click-to-call and conferencing.
The release of Lotus Sametime 7.5 this fall, Naylor says, will add a full set of voice capabilities. "They'll have click-to-call and Web conferencing, all tied into various telephony systems from Avaya, Siemens, Nortel, and so forth - and all of those are SIP-compliant systems as well, so we can provide that same capability out to the mobile device for them," he says.
I grabbed the Sametime integration for WebMessenger and will play with that and the Skype part on the Blackberry. Here comes the review.
-
for this posting
On Tuesday, July 25th, 2006 by Chris Miller
E-passports based on RFID: What do you think? (for the travelers)
However, having all my personal information available for scanning from some short distance could leave you open for more than just identity theft. How about identifying people by country as they walked by? The idea of having the technology is to speed immigration and cut down on human entry errors. I do not believe that it will prevent any type of false documentation. Just take it to the next level of sophistication. Now will this chip only contain a serial number that relates back to some database that stores all the information? That would be a bit better. But I canot find what is included on the tag at this point documented anywhere.
Now for the kicker. Let's say the first run of these have a glaring security hole. US Passports are good for ten years for adults from date of issue. How do you recall and remake the ones with open RFID? Operating System makers have enough issues with it and they have more automated ways of deployment. Now we have to count on ourselves to send it back in?
So what do you think?
-
for this posting
On Friday, July 21st, 2006 by Chris Miller
A new DDM file to explore
If you cannot monitor and generate some type of alert or notification for some type of event, you haven't looked hard enough. Ok, there is one, no disk space monitoring on AIX.
So today I discover and play with DDMdiravail.dat file. This shows a list of polled servers, port number and rep ID for directories you are checking for availability. It looks something like this:
1
|(0)
ACME|cn=server1/o=Christest|1352|dircat.nsf| |(1234567D:002E1F0D)|1
ACME|cn=server1/o=Christest|1352|names.nsf| 123456:0046A2EA|(123456D:005C7DC2)|1
So you get the domain, server/organization, port, filename, rep ID and then if enabled or not. So witha bit of manipulation, you can understand what is being checked on what port and enablement of the directory for DDM scanning.
-
for this posting
On Thursday, July 20th, 2006 by Chris Miller
AIM Pro enters the market, and damn, that was impressive.. review and small screenshots
As soon as it fired up it prompted for my DAMO hook I had installed. Which then is able to grab my calendar.
I jumped into a chat with Carl Tyler (who was on Trillian at the time) and we did the normal testing to see what works and what doesn't when not using the same client. I switched to "Share my Screen" and since he was not running AIM Pro, it offered him a URL that was all Webex technology behind the scenes. And it was lightening fast. Highlighting, text, annotations. The whole idea of screen sharing.
Tabbed browsing worked very well and even notified you in the left pane of how many unread lines I had per chat on other tabs. We couldn't do audio and video as this was a test machine, so I will load this and try again. File sharing offered an inbound and outbound window to show multiple transfers. Firewalls were no issue in testing so far.
Quick contacts was a cool feature. Add by email address or name in a drag and drop or selection box. Since I had the DAMO loaded, it grabbed our Domino Directory also. Encryption was built in to all the chat sessions.
What I didn't like was there was no install path selection available, it chose it's own. Plus, there were some things in the EULA that got announced it was installing I was not sure about. I am investigating those. It also used some hefty memory but I was trying everything. Still smaller than the recent Sametime 7.5 betas unfortunately.
Go and take a look. Once all the federations are complete, you could have a powerful free client to choose from for chat and meeting services.
-
for this posting
On Wednesday, July 19th, 2006 by Chris Miller
Completed ’training’ for Advanced Admin for Blackberry for Domino and Exchange
The diagrams of the internal flow were very nice to have and reference though. Those were a huge help. The instructor knew his stuff and only put off a couple questions he needed answers for. Most were specific to things we were trying to do but fall outside the normal scope.
Now, I have had talks with the product managers at RIM at conferences and follow-ups. They are still missing the boat on a couple things with true scalability and deployment in a large hosting environment. Recently, RIM announced a hosting package but it was not well defined and the instructor had no knowledge. From all of my readings it still lacks some true scalability features we require. True clustering and failover are not there and policies need some more granularity and inheritance control.
But send us your hosting needs for Blackberry, that area is growing quite rapidly
-
for this posting
On Wednesday, July 19th, 2006 by Chris Miller
Convergence on IM and email - following Ed’s posting linking to Scott that didn’t allow comments
Ok, Scott brings up an interesting point about IM becoming email without some of the functionality of archiving and foldering wrapped around it. I say this all depends on how you look at it. With the ability to save chat logs by date or who the conversation was with, that is a form. Add in some indexing ability and you have searching right away. Whether or not a central server is in the mix is no matter (as Scott points out that is more a store and forward mechanism). But without that store and forward, things like Yahoo would be less functional to get messages from when you were offline.
Now, it would be great is Yahoo would see that and convert that to an email that has some intelligence wrapped around it to know you prefer to be notified in some manner. That leads to mobile IM capabilities across numerous devices. Blackberry can log into all the messenger services, including Sametime. Windows Mobile devices can log into everything. So there is no real time you have to be offline if you desire. I almost forgot. Go here to see a nice layout of what different packages can do acorss platforms. You have to scroll the whole page but a nice layout that someone spent time doing.
Scott goes on to mention email will soon die off with IM being the form. I tend to think the convergence of the two will be seamless, with the capabilities of both being integrated. Spam is already present in IM and will only grow as devices hook into it.
IM is replacing email for the younger groups because of the ease of usage and communication, the sense of relationship it brings and the integration into many facets of their daily lives. IM is now used as a selling point of cell phone abilities and chat takes the place of what kids did with the phone years ago. Then there was the ability to have 3-way calls on phones. Now there is n-way chats. It grows.
So go back to Ed's thread to read the tossing of ideas there in asynchronous mode
-
for this posting
On Monday, July 17th, 2006 by Chris Miller
Beware of one thing with the BlackBerry 4.1 Express for Domino (the 10 free licenses)
Now the option was to remove the users, take the server down and then use the 20 enterprise keys. However, that would have meant redoing the users which was not an option. Luckily, the customer saw the humor in this and also knew that buying the upgrade gave them 30 licenses for a lower cost (since there was some free in there) and the ability to then add license keys as necessary.
Just a forewarning.
-
for this posting
On Friday, July 14th, 2006 by Chris Miller
NOMAD and such things like security, manageability
Yes you can make Designer, Admin and a bunch of other things work. Lotus will not support these, but I am using Java Console, Server.Load and slew of others successfully for some time.
But, security on Nomad fits the same security you would offer for any portable device, including a laptop.
- Password security for the USB. Not the top of the line security measure, but a welcome alternative. Laptops have them, everyone seems to overlook that part
- Biometric security. This happens to be stronger than most laptops. The data sits in an encrypted data partition until you provide a finger scan
- Make sure you have Domino policies in effect that force encryption of all local replicas. How much data do you really plan on storing on these smaller drives? Let's be realistic here. Some people think they will be carrying a ton of data. The idea of Nomad is portable access to important info and then the ability to connect at any machine. With multi-GB mailfiles, not including the base install and simple things like address books, bookmarks and directories, it is a bit. You can assist by stripping out unnecessary templates
- U3 support will not be coming from Lotus direct. Look for that from 'other' sources though. If you are unfamiliar with U3 on USB, look it up right here
- As was mentioned, don't worry about VPN connectivity. You can load VPN files just fine on a USB and make it work. This gives you more than portability.
- Lost USB keys. If you can get the password quality higher, remove unnecessary templates and data and encrypt everything, like you should, then you can lower your exposure
I saw a comment on Ed's or Declan's blog about manageability.
- Smartupgrades will be an issue. I do not see it feasible to have users send in USB keys and go without. Some work needs to be performed here.
- User id management will remain the same. It is a Notes client for gosh sakes! If you can rename, recertify or lock out users in Notes, then no worry here
- Loading time for the initial install can take a little longer than you desire. But that is a cost you pay for that one time part of the work.
- **** Ed had a comment on his blog about turning this ability off. Well no you cannot turn it off, it is a Notes client with the same code. I see no identifier that shows it is Nomad versus the full Notes 7.0.2 client
- Ben Rose wants to see it work at airport kiosks that still have USB ports enabled. It should as my basic testing as a non-admin user launched fine as long as USB support was there. I did not attempt on a fully restricted and locked down UI, but that is next
-
for this posting
On Thursday, July 13th, 2006 by Chris Miller
So yesterday’s post on Exchange scripting prompted a response..
Don't get me wrong, the coding is good and I appreciate the time he is spending offering free code for the Exchange admins. Heck, we have hosted customers on Exchange. My only point was that it should be native to the product.
Like opening the Domino Directory, seeing all the nice servers and connecting to the files tab in the Notes Admin client to get disk usage. Heck, even select just the mail folder and see that count. Yes you could automate that more, or *GASP* use stats to gather it automatically for you like I mention using the same thing in my last posting.
-
for this posting
On Wednesday, July 12th, 2006 by Chris Miller
How easy is it to monitor and be alerted of freespace on a Domino server? let’s compare to Exchange with no tools purchased
In Exchange I saw someone doing this..:
I came into a situation where there are several Exchange servers without any monitoring. While software is procured, I created the following script to do some basic monitoring of Exchange services and disk space (to make sure circular logging doesn't kill the server). I have the script running as a scheduled task every 15 minutes. The script will create a log file every time it runs. If one of the thresholds is reached, an email is sent
Note the comment about having to buy software and then go look at the script. Hooray for text logs?
-
for this posting
On Tuesday, July 11th, 2006 by Chris Miller
Announcement: Collaboration University
Block your calendars of now to attend in either the United States (Kansas City means cheap domestic flights) or London. Both dates are in September.
Here are some of the highlights of the conference:
- Deep-dive into Sametime 7.5 and preview Quickplace 8.0
- Programming code examples
- More challenging as the conference progresses. Meaning apply what you just learned and grow your knowledge, not jump in too far at first
- All the sessions are from Business Partners that specialize in these products or the IBM persons responsible for bringing them to you
Now here are the bonuses:
- Dinner with the speakers for some of the first that select that option. (See the site for details)
- Phone follow-up consultation with the expert of your choice from the conference (See the site for details)
Check out the site to gather all the information, including early-bird discounts.
-
for this posting
On Monday, July 10th, 2006 by Chris Miller
School spends thousands searching Lotus Notes for past emails (someone explain this to me)
Despite expectations that it would take only days to retrieve student reassignment e-mail, Wake school officials needed 15 weeks and spent almost $17,000 in response to a public records request from The News & Observer.
But it was apparent by Feb. 14 that the district's information technology staff did not have the ability to easily search past e-mail.
Wake's e-mail system -- called Lotus Notes -- was installed last year, said Vass Johnson, director of network systems. Officials felt the system could handle a large public records request, but this was its first big test.
Staff members soon found they had to do much of the time-consuming work themselves, such as writing computer scripts that reconstructed databases and searched for specific e-mail.
Someone needs to tell them that they could have had journaling turned on, multi-database searching or whatever instead of all this wasted time and script writing. Life can be much simpler.
-
for this posting
On Thursday, July 6th, 2006 by Chris Miller
Here is something new in 7.0.2 I read about..
Mail, Calendar, and Scheduling improvements
Performance improvements made to the Mail, Calendar, and Scheduling functions include:
- The "typeahead" feature now looks into the server address book first, instead of the user's personal address book
-
for this posting
On Thursday, July 6th, 2006 by Chris Miller
You couldn’t ask for better timing, more on Exchange 12 (2007)
Users will face new clustering limitations and will have to eliminate all Exchange 5.5 servers from their environments. In addition, they will not be able to do any in-place upgrades between Exchange 2000/2003 and Exchange 2007.
.....major changes include a new role-based architecture that could require users to roll out as many as five types of Exchange servers.... The current versions gives two deployment options...
So let me get this right? Your clustering gets worse and I can't even have old versions around? Oh yeah, and don't plan on overlaying that code, let's get that new hardware. If you are large scale, plan on revisiting clustering and adding a bunch of servers to handle the roles. While they could run on fewer machines, that is not likely for a lot of users.
Bless Domino folks.
Then to add insult to the injury (as they say):
And Exchange no longer will have its own site topology but will run on top of Active Directory topology
While this is good and bad. Good because you streamline your topology management. Bad because you have to rip and migrate the topology and then rely ONLY on your AD topology. What if that tree has funny limbs that can't talk right. Cut it off and grow a new one :-)
-
for this posting
On Wednesday, June 21st, 2006 by Chris Miller
I recevied this question about Microsoft Exchange 12 (2007 or whatever number you wish to call it)
Q. Why isn't Microsoft also delivering a 32-bit version of Exchange Server 2007?
A. Exchange Server 2007 is designed to be a stable, reliable enterprise messaging platform that delivers the fundamentals of e-mail and calendaring while providing innovative new capabilities. These new capabilities make the messaging system more cost effective and scalable for your organization and at the same time more productive for users accessing the system. Simply put, given the new capabilities of Exchange Server 2007, Microsoft could not guarantee a high-quality 32-bit version.
Q. Will I need Microsoft Windows Server 2003 x64 to run Exchange Server 2007?
A Yes, to deploy Exchange Server 2007, you will need an x64 edition of Windows Server 2003 or Windows Server 2003 R2. Volume-licensing customers are free to exchange their 32-bit version of Windows for the 64-bit version at any time, using their media kits.
So let us not forget that Exchange is 64-bit, but the operating system itself, and the hardware to support it is not 64-bit people. Count em, add em up, spend that cash and welcome to "stable, fundamental and reliable enterprise messaging".
Wait, does that mean they are saying their past products are not even fundamental or reliable?
-
for this posting
On Monday, June 19th, 2006 by Chris Miller
Yes, I still love my U3 USB thumb drive, so what about Notes on it via Nomad in 7.0.2? My current thoughts on the press around it
So what this means from reading, is that Notes will be installable onto any USB drive with enough space. How much will that take? Looking at a current Notes client only, you can expect to rim down templates and some other items for sure. But you will still eat up a couple hundred MB or more minimum. Security of the data is in place, so you can replicate. I am curious about the speed and performance. I am guessing a selective replication for mailfiles would be the way to go, say the last XX days of mail, so you still get folder structure.
If all this works as planned, this will become a great selling point for mobile users. Now, what about kiosks? Those won't be available in most airports, but who would trust their USB on a kiosk nowadays? I imagine with some U3 embedded anti-virus (which is available) it would be more of a warm fuzzy feeling. There is even keystroke logging detection programs.
Can you carry your entire desktop with you? I am getting there. Firefox, Trillian, Skype, soon to be Notes, a PDF reader, OpenOffice and even Zinio for digital magazines. With a couple GB USB drive and U3, visiting the parents and not tugging along the laptop will be a breeze
-
for this posting
On Friday, June 16th, 2006 by Chris Miller
Downloading Quickplace controls directly from the server
(chart removed for a second, it was giving me blog sizing issues, you can find it in the technote)
The long run is to have some back end script for locked-down users actually extract the pieces of the cab file and place the DLL on their system. Not a pleasant experience but just what we had to deal with. Hence the reason for this posting. The users could not accept the controls themselves so an alternate way to push them out had to e designed. Lotus addressed just that with technote #1214819.
-
for this posting
On Thursday, June 15th, 2006 by Chris Miller
Technical Issues and Resolutions from the St Louis Notes User Group
Another question from an attendee wished to restrict certain users from receiving SMTP mail (SEC needs and requirements) and still have them receive SMTP mail from internal applications. There was too many users to add by name to SMTP restricted fields (where groups don't work). Instead, it was suggested to selectively remove them from replication to the edge SMTP servers (or put flag for LDAP from spam filter) and then point the internal applications to inside servers directly. A simple solution for the problem.
Sametime on Blackberry came up at the end. They just wanted hints and tips which no one had any up front. So can some readers assist?
-
for this posting
On Tuesday, June 13th, 2006 by Chris Miller
To update the reason we had the issue on that file Wednesday’s posting
We are cleaning up the local access protection issue and letting it run again.
-
for this posting
On Friday, June 2nd, 2006 by Chris Miller
Space used by database larger than 100% ?? But of course it can show that way
I think the image speaks for itself. Let's run some maintenance and see what happens.
-
for this posting
On Wednesday, May 31st, 2006 by Chris Miller
Does changing platforms erode your business for a while? (a live busniness case)
The rollout consists mainly of five Microsoft products-the Office 2003 desktop suite, Outlook E-mail client, Communicator instant-messaging software, Live Meeting conferencing service, and SharePoint document-sharing portal-plus Windows Server 2003 and other server software. The deal represents the largest license to date of Microsoft's real-time collaboration suite (Communicator 2005, Live Meeting 2005, and upgraded Live Communications Server 2005), introduced in March
I cannot see where the migration attempt for all these applications as well as the 20 terabytes of email. Where the heck are they migrating that kind of data into Exchange? How many servers is that going to be living in redundancy while the migration continues? In the article the CIO notes that you cannot live in hybrid mode forever due to costs. But no mention of the migration costs for 92,000+ PC's. I guess there is no Linux clients anywhere :-)
So my question becomes, where does productivity, training, costs and manpower sit to run both at once, perform the migration and then support both systems?
The article mentions "pressing 8 years" for running Lotus Notes which leads me to believe customizations or slow upgrades. How can a well embedded 8 year old system be harder to upgrade and maintain than an entire multi-product rollout banking on a version that was not even out yet? I want to see some numbers here...
-
for this posting
On Thursday, May 25th, 2006 by Chris Miller
My how Execution Security Alerts have changed over the versions.. (with pics)
Notes 5 was pretty basic with what you could do with an Execution Security Alert....
Run once, trust them or run away.
Then Notes 6 stepped in and Lotus stepped up the game for running unknown code as seen here..
Actually, the options were exactly the same. Hotkeys got changed and some verbiage, but more information was given on what the code was attempting to do. Note that the help function was removed from the main pop-up.
Now we go on to Notes 7
A single session trust ability added on to the option to trust them forever. Hotkeys are not underlined anymore but work just fine. Guess that was just an oversight in the UI.
-
for this posting
On Friday, May 19th, 2006 by Chris Miller
Found the cause of the crash/hang the other night..
So issue resolved on that end for good, the 7.0.1 code is smoking along great and the world of the blog-o-sphere is at peace once again.
-
for this posting
On Thursday, May 18th, 2006 by Chris Miller
Before we move into Sametime 7.5, how big is your contact list?
Problem |
If you attempt to add a high number of names to your Sametime Connect client contact list, only some of the names are added. Is there a limit to the size of the buddy list?
Content |
This limitation applies to both the Sametime Connect client for desktop (C++ client) and Sametime Connect client for browsers (Java connect) |
-
for this posting
On Monday, May 15th, 2006 by Chris Miller
Update on bug in Remote Server Setup
-
for this posting
On Friday, April 28th, 2006 by Chris Miller
Error: Did not accept the new certificates because they were issued after the current certificates
-
for this posting
On Wednesday, April 26th, 2006 by Chris Miller
IBM Support Assistant (ISA) 3.0 testing
I could not get any login in the world to work for creating Electronic Service Tickets, but I leave that to my mistake in not knowing if my IBM id is registered to do so.
The only thing I liked so far was the Collector task that ran, including the ability to create remote collectors. I went through the Updater to load any product tools for remote collection and found that Notes/Domino 6 and 7 were both there. Unfortunately Sametime was labeled at V3 only. Not sure if that carries forward. A restart of the Assistant was required after installing the tools, no biggie. But then I could not get any tools to load from them after install. Just the homepages and some tech info for each product.
The local system collection jumped a jar file somewhere on the operating system. I wish I could specify or open it from the collection screen. Unfortunately it just gives the path to where it is, which you have to remember. If you change screens and come back it resets the screen I found.
I might play around some more, but I am guessing that NSD, Automatic Diagnostic Collection and Fault Analyzer will get all this and more in the Lotus world.
-
for this posting
On Tuesday, April 25th, 2006 by Chris Miller
SNTT: Diagnostic Collection for clients, a beginning
Well of course it does not work without a policy. It is stored under the policy name in the local address book ($Policies) view and in a field of the desktop settings called DCLoc. If you have no policy, even manually running the nsenddiag executable would have no routing information assigned to it. So no policy, no way to change an ini variable to send the diagnostics anyway that I can find at this point. |
So I generated a quick policy, ran ndyncfg to update the local client config and then ran nsenddiag to get the crash information over to the Fault Analyzer database on the server to see what was wrong.
-
for this posting
On Friday, April 21st, 2006 by Chris Miller
First Domino 7.0.1 crash on my desktop ....
Not sure why, not sure how, not sure of anything but the instance of this lovely graphic at this point.
-
for this posting
On Friday, April 21st, 2006 by Chris Miller
’Live Clipboard’ - a Ray Ozzie special
Live Clipboard uses a simple metaphor, the Windows Clipboard, to let users copy and paste live information - for example, another user's calendar - from one site to another without losing the link to its data source. The clipboard uses Real Simple Syndication (RSS) and the Simple Sharing Extensions (SSE) to handle data feeds.
I love the idea of moving and copying web data objects without losing where it came from. But does this allow content to be shown as someone else's with no proper credit? Can you simply use these to glue things together? They state they have enough interest that a draft specification has been tossed together too. So this moves beyond taking web text like I do for the posting here and referencing it, it moves into meshing that data with my own and making it part of my entry. While maintaining the link and integrity of the original posting.
Myself not being a developer, I read this with a different twist. Some read it as a way to move data easier and bring systems together, I see it as a way for someone to grab your stuff, mark it up some and make it their own while still pointing to you and your resources serving it up. I might have to reword that. Here is Ray's comments from his own blog entry:
Where's the user model that would enable a user to copy and paste structured information from one website to another?
Where's the user model that would enable a user to copy and paste structured information from a website to an application running on a PC or another kind of device, or vice-versa?
And finally, where's the user model that would enable a user to 'wire the web', by enabling publish-and-subscribe scenarios web-to-web, or web-to-PC?
On Ray's blog he states there is good threads and feedback, but you still can't comment back on his directly, bummer.
-
for this posting
On Wednesday, April 19th, 2006 by Chris Miller
The April 2006 Sys Admin Newsletter from LotusUserGroup.org is out
-
for this posting
On Tuesday, April 18th, 2006 by Chris Miller
IBM announced the Domino 7 Certification elective exams
According to the company, electives for the IBM Certified Advanced Application Developer track will be:
- LotusScript exam
- JavaScript exam
- Web Services exam
- Managing Domino Web Servers exam
- Sametime 7.5
-
for this posting
On Tuesday, April 18th, 2006 by Chris Miller
Remote Server Setup issue I uncovered
I was setting up a 6.5.4 server and turned on the listener for the remote setup. I then went to my local 7.0.1 client and started the remote setup client. Part of the way through I noticed that while customizing the server tasks, there was some 7.x info in there. Specifically the RnRMgr came to notice in the list. I left it checked for grins figuring it would have no bearing.
I was wrong. It actually did add it to the notes.ini servertasks= line and attempted to start the task when the server first launched. No big deal, it simply said it could not find the task and went on it's way. But I am thinking this is not a good thing overall. I will search some docs and see if I can find it. But no luck so far.
-
for this posting
On Friday, April 14th, 2006 by Chris Miller
Your mother warned you follow the rules, unless she makes 101 of them. Wait that is Domino
- Customer embraces Lotus technology
- Customer expands SMTP services with Domino
- Customer believes in workflow
- Customer enables server based rules
- Customer enables a lot of server based rules
- Customer finds all rules not working
- I find a whole lot of rules in the server configuration
- I find more than 100
- I have light bulb in head
- I add notes.ini parameter to server MailMaxFilters= xx
- I warn customer of performance issues with that setting
- I bill customer :-)
- We are all happy
-
for this posting
On Wednesday, April 5th, 2006 by Chris Miller
As Rob Novak pointed out, IE ActiveX issues with new patch. Microsoft answers.."You have 60 days to be assimilated"
And my favorite part
The big push now is for developers to recode Web sites and Web applications to cater for the browser update.
If not, users won't be able to directly interact with Microsoft ActiveX controls loaded by the APPLET, EMBED or OBJECT elements without first activating the user interface with an extra mouse click.
Can you say click-click for using that Quickplace,
DWA and some other stuff as Rob so eloquently points out right
here.
-
for this posting
On Wednesday, March 29th, 2006 by Chris Miller
From CIO Blogs..Who Own the Internet?
The colors represent who each router is registered to. Red is Verizon; blue AT&T; yellow Qwest; green is major backbone players like Level 3 and Sprint Nextel; black is the entire cable industry put together; and gray is everyone else, from small telecommunications companies to large international players who only have a small presence in the U.S
You can directly to the pdf image to drill down right here.
-
for this posting
On Monday, March 27th, 2006 by Chris Miller
SmartUpgrade issue in 7.0.1, internally and at a customer now
-
for this posting
On Friday, March 24th, 2006 by Chris Miller
People actually read this? A PodZinger follow-up
Hey there, Chris.
Just wanted to let you know that Taking Notes is now available through PodZinger. We wanted to make sure this was made available, as you noted you couldn't on your post. We're constantly scouring the Web to find the even expanding world of video and audio podcasts.
http://podzinger.com/results.jsp?q=%22Taking+Notes%22&col=allpods
Cheers,
Nathaniel
So if you like Taking Notes but want a certain point, there you go. Searchable. Thanks for PodZinger for such a quick reponse.
-
for this posting
On Thursday, March 23rd, 2006 by Chris Miller
Podzinger, cool way to search podcasts by keywords
Then I realized they are just starting out. It uses a speech recognition software to "read" the podcast and then make searchable text on the site. Quite amazing and hits on Lotus Notes yielded quite a few accurate results of people talking about Notes in their shop or elsewhere.
So if you podcast or think you might, get listed. A great way to find content.
-
for this posting
On Wednesday, March 22nd, 2006 by Chris Miller
The March 2006 Sys Admin Newsletter from LotusUserGroup.org is out
-
for this posting
On Tuesday, March 21st, 2006 by Chris Miller
Manual purge of the Message Tracking (MTC) ? Sure why not
Set a Program document to purge the MTSTORE more frequently. Currently, the default is every 30 days. You can increase this by running a Program document to issue the following command:
tell mtc purge value
...where value is the maximum number of days. Set this to 7 (you may want to start with 14 if 7 seems too aggressive), and then run this command via a Program document once a week during off hours.
-
for this posting
On Wednesday, March 15th, 2006 by Chris Miller
A rebuttal from Microsoft and my readings/comments on public IM connectivity in Sametime 7.5....
We can now move on to IBM/Lotus's statement that this feature or function will be free. From the LCS website here, there is more costs involved:
Public IM Connectivity licenses are available on a per-user, per-month subscription and are additional to the Live Communications Server Client Access License (CAL). Public IM Connectivity has two licensing components associated with its use, a Services Subscription License (SSL) and a User Subscription License (USL).
Public IM Connectivity service licenses are available for Microsoft Volume License customers only and are not available for retail open customers following other Microsoft subscription licensing programs.
You then jump to this site to fill out forms to get public connectivity. Unfortunately the Public IM Connectivity Partner site has nothing there yet either and states so. This is how you merge your ID into the public systems.
Let's see how fast organizations move into federated connectivity with a free system versus licensing, I am curious.
-
for this posting
On Friday, March 10th, 2006 by Chris Miller
More on CCH1 code people want for the Sametime fix
"CCH1 is not yet available. We have been told that it should be out sometime next week. It was pushed back because xxxxx xxx xxxx xxxxxxxx xxxxx xxxxx with the Notes Client and the development team wanted to include them in the CCH rather than having a CCH2 come out soon after CCH1."
It also followed with this (keep in mind these are never hard dates and should not be taken as such)
A server side hotfix is available for all platforms for effected customers via standard support channels; so if you have a support contract - and you are actually affected by this bug - call support and get it
- A client side fix will be included in Notes 7.0.1 Cumulative Client Hotfix (CCH) 1 due out by end of March 2006 (possibly sooner), available for effected customers via standard support channels - so once again if you have Notes clients affected by this bug, and if you have a support contract, call support and get it
- This fix will be included in Domino 7.0.1 Fix Pack (FP) 1 due out in 2Q06; I have heard that this is probably around late April, but don't hold me to it
- This client and server fix will also be in the next Maintenance Release, 7.0.2 due out 3Q06
-
for this posting
On Wednesday, March 8th, 2006 by Chris Miller
Very, very bad mail routing loops. A classic example (with screenshots)
It all starts at 2:59pm yesterday as seen in the following image
By the time the clock reaches 5:47am this morning the same mail message has now grown to an incredible 25MB in size
So how many times did it loop before the disk started being eaten up? Here is that screenshot too
So what does that mean? Loops suck.
-
for this posting
On Tuesday, March 7th, 2006 by Chris Miller
I am always on the lookout for new and cool chat tools or services, this was interesting.
So what is the big selling point they have? It runs via Macromedia Flash to all platforms and most browsers can access it. One install, all web based, right out of the box. Commendable. There are profiles, multiple rooms and bundled with Flash the ability to put graphics, banners and change the UI/skins. It does integrate with the major chat services also.
Does it integrate with Domino? it could always be embedded on the web side. Does it look at your Domino LDAP server for directory information? Couldn't find it on the site anywhere. They did have a lack of detailed specs, but provided all the OS and browser info necessary.
-
for this posting
On Monday, March 6th, 2006 by Chris Miller
Windows, SMTP, DNS and non-routing SMTP outbound error resolved - plus how
So after the upgrading mail slowly started building and not always going out to the Internet. Internal mail was fine. I couldn't think for a few moments why the upgrade would have changed anything in the mail routing. Then it hit me. The upgrade also included a hardware swap for better performance and the growth of the User Group itself. I then had one of those famous epiphanies. Windows, since the 2000 days has a technote that comes into play a lot here at the Data Center. We usually find the time to use it after a machine goes from DHCP to a fixed IP and Domino has been loaded when it was in DHCP mode. (Why that takes place is not the focus here and can be covered later). So what happens is that the NameServer parameter in the registry does not get set with the DNS servers when you switch. So the server cannot find DNS to send the mail , on a regular basis. How Domino uses it is beyond me since some mail goes.
So I went in today and adjusted the registry under
\\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
TCPIP\Parameters
A quick restart of Domino, for grins even though the router task would have sufficed, and viola, mail went flying out.
You could also add DNSServer=Ip address to the notes.ini, but who would want to manually manage the servers like that?
-
for this posting
On Friday, March 3rd, 2006 by Chris Miller
Lotus made their stance known on Sender Policy Framework in January through a technote #1227751
Problem |
What is Sender Policy Framework (SPF)? Does
Lotus Domino support SPF?
Content |
Supporting Information:
Domino 7.x, 6.5.x, and 6.0.x do not support SPF. An enhancement request was submitted to Quality Engineering as SPR# RCE5XZQTT; however, there are no plans to address it in the Domino 7.x or 6.x code stream.
Formerly known as "Sender Permitted
From," SPF, an open source code, is an extension of SMTP. Because
standard functionality of SPF has not yet been published by the Internet
Engineering Task Force (IETF), SPF occupies an experimental stage. A
number of competing methods share the goal of preventing SPAM via these
sending server-identification records.
-
for this posting
On Tuesday, February 28th, 2006 by Chris Miller
Messaging News: The Urgent Need to Implement Authenticated Email
What's New in Email Authentication?
Over the past 18 months, authenticated mail has evolved significantly from concept to implementation, with two complementary approaches: the Sender ID Framework (SIDF) and DomainKeys Identified Mail (DKIM). SIDF is an Internet Protocol (IP)-based solution that was developed from the merger of the Sender Policy Framework (SPF) and Microsoft Caller ID for Email. DKIM is the merger of Yahoo! DomainKeys and Cisco's Identified Internet Mail (IIM) specifications.
There is more rant to read on this below ... a search on Google for SIDF turned up some fun.
Continue Reading here" Messaging News: The Urgent Need to Implement Authenticated Email" »
-
for this posting
On Monday, February 27th, 2006 by Chris Miller
Cadenza with Windows CE and Palm issues and solution
It had a default password on the screen (at least there were tiny asterisks in place of the password) but we could not tell if it was really there or something they put in. We tried manipulating the config doc for that person in the control database to no avail. So at Lotusphere we found out that the code version had a tiny bug that would not let you configure the password on the device. At all. They took his Treo for a couple hours, cleaned up some backend log and config things that get hidden and left behind (we were told) and viola, a new version gets installed on it and we can change the password on the device again. The funny part was that calling support we were told someone there ran the same device but we could never, ever get that person on the phone to see what the deal was.
So we run the Windows CE and Palm integration in Enterprise mode on the server letting multiple device types sync. Keep in mind that it uses two different services to do that. The Thin Client Connector is for the Palm devices and the Commontime main service is for CE. Both listen on different ports by default also. Port 603 for CE and 608 for Palm. Huge thing to know for wireless synching and firewalls. But awesome for me anywhere I can get an 802.11b connection for my PDA. Or anywhere the Treo can get a signal now.
-
for this posting
On Monday, February 27th, 2006 by Chris Miller
Remote server setup and partitons, nice job Lotus!
See image if you are reading this... this is using Remote Server Setup over 8585 and a server installed with partitions needing a data move first.
-
for this posting
On Friday, February 24th, 2006 by Chris Miller
DAMO and passthru server ability ? Why yes you can
Simply open the names.nsf with a Notes client for the DAMO user and modify the necessary connection records to make the proper passthru connection records. Usually modifying the existing attempted connection to use a passthru and then making a new one to the passthru server. I found a good way is to just email it over to an admin to open, modify it, and then drop it back on the machine for testing reasons.
If you still cannot get something to work, there is a notes.ini parameter, of course, that you can set on the client and server to log more info on passthru of
passthru_loglevel=5
More that fun..now if we can only get policies to work against DAMO users.
-
for this posting
On Thursday, February 23rd, 2006 by Chris Miller
Today’s 7.0.1 client installation update (issue)
The installation found the path and previous install as multi-user perfectly. That was a good sign. It forced the multi-user option and gave the same pieces that were currently installed on the machine. The code went on flawlessly.
The problem started when I launched the client. It forced the setup to be run again choosing the user name, home server, TCP setting for the hostname and everything else. Even though I did not have cleanup set on those workstations. (Yes this is my network at home that I totally redid this weekend but that is another posting). So I went through and recreated the setup for each account in roaming to make the kids life easier. They never knew the difference, but then again what user knows what the admins do on the back end do they? LOL
-
for this posting
On Tuesday, February 21st, 2006 by Chris Miller
First time (I personally) have seen this on Amgr shutdown and restart
tell amgr quit
Quit is pending on the Message Queue
02/17/2006 02:20:02 PM AMgr: Some Executives are still active, shutdown continue ...
02/17/2006 02:20:03 PM Agent Manager shutdown complete
02/17/2006 02:20:16 PM Admin Process: Searching Administration Requests database
lo amgr
02/17/2006 02:20:46 PM AMgr: Error adjusting number of Executive, Executive '1' is still stopping
02/17/2006 02:20:46 PM AMgr: Only able to start '2' Executive(s); Agent Manager will continue running
02/17/2006 02:20:46 PM Agent Manager started
02/17/2006 02:20:57 PM AMgr: Executive '3' started
02/17/2006 02:20:57 PM AMgr: Executive '2' started
-
for this posting
On Friday, February 17th, 2006 by Chris Miller
Sametime server starting to hang using the integrated client? Patches and more patches
Problem |
Notes Instant Messaging encounters a looping
condition causing the Sametime server to become unresponsive or to hang.
Content |
Under very specific circumstances
the Sametime server can receive incoming requests at an extremely high
rate from the Notes client. These incoming requests must be resolved
in order for instant messaging users to communicate and share presence
information. As a result of receiving these requests at an extremely
high rate, the Sametime server can become unresponsive as it consumes system
resources during the processing of these incoming messages.
The Sametime servers' state of unresponsiveness
may manifest itself as out-of-memory errors or by disconnecting from the
Sametime Mux (which is used to route instant messages).
Symptoms of this problem can include:
To fix this problem, the Notes client must be upgraded to 6.5.5 CCH1, 7.0 CCH1 or 7.0.1. If upgrading to these versions is not an option, the administrator can request a hotfix for 6.5.3 and 6.5.4. |
-
for this posting
On Tuesday, February 14th, 2006 by Chris Miller
It seems 7.0.1 has more issues popping all over..
Link1 via Chris W
Link2 via Bruce E
Link3 via Vince S
Now I have not done all the servers yet, pending what the heck happens with some of these issues.
-
for this posting
On Friday, February 10th, 2006 by Chris Miller
HND104 slides an tools are here for download in compressed format
-
for this posting
On Tuesday, February 7th, 2006 by Chris Miller
I wondered when this DWA isue would get technoted.. we saw it on a hosted customer
Problem |
When creating a group in the IBM Lotus Domino
Directory, you can set the group as "ACL only" so that this group
is only used in the Access Control List (ACL) of databases. When
addressing a message in IBM Lotus Domino Web Access (DWA), however, "ACL
only" groups can be selected as the recipient of the message. If
you address a message from the Notes Client, "ACL only" groups
are not available for selection as recipient.
Content |
This issue was reported to Quality
Engineering as SPR# MNAA5B8DAC. There are currently no plans to fix
the problem.
As a workaround, the ACL group document can be hidden to allow only the Lotus Administrators to see the document. This will prevent end users from being able to select the group when addressing a message. If the document is hidden, be sure to include the server in the list of allowable readers so that the group can be accessed for authentication purposes. |
-
for this posting
On Friday, February 3rd, 2006 by Chris Miller
6.5.5 issues and warning (re-editied moments later)
-
for this posting
On Friday, January 20th, 2006 by Chris Miller
Article on cell phone radiation levels
-
for this posting
On Monday, January 9th, 2006 by Chris Miller
DominoPower headline article today on DDM
I will put my thoughts together for tomorrows posting. But that means everyone has homework. Get to it.
-
for this posting
On Monday, January 9th, 2006 by Chris Miller
If there is no disclaimer then it is claimed?
Problem |
In Lotus Domino, message disclaimers no
longer work when the RFC 822 phrase is enabled and added at the server
level. In one particular case, a Domino 7.0 server configured for "Use
CN as phrase" failed to create a disclaimer.
Content |
This issue was reported to Quality
Engineering as SPR# LMES6HATES. If you are experiencing this issue, contact
IBM Lotus Support to investigate whether a test fix is available for your
configuration.
You can also work around this issue by enabling disclaimers at the client level. In one particular case, when the option, "Do not use phrase," was used instead of "Use CN as phrase," the disclaimer was created. |
-
for this posting
On Friday, December 23rd, 2005 by Chris Miller
I hear JINGLE bells while I SIP tea and dabble in MEEBO (anyone get that?)
Jingle is the new extensions for XMPP from the Jabber Software Foundation (press release from them). Basically it is an alternative to SIP, without the additional hardware. If you have built some infrastructure on XMPP, then it will use that exact infrastructure for negotiations and setup. What a cost savings for enterprises instead of having to create and manage SIP servers. This might be something for IBM to investigate and get them back into linking to public IM networks. I would not be surprised to hear they already have this being tested somewhere.
Now here is the real kicker. Google Talk is already using something quite similar Jingle so they are pooling their resources. Trillian has, of course, stated it will support Jingle in upcoming releases. Who are they to be left out?
Ok, so Meebo. Picture three friends that come up with a great idea and actually do it. It is an ajax-based web interface that lets you log in to the major chat providers from any machine with a web browser. They grab and encrypt your passwords after you type. I wish SSL would pop up but the idea of this is quite fascinating. No client locally to install, it supports most everything but audio/video at this time. So if you are the grandparents or kiosk, one interface lets you log into the chat providers. Mini windows are maintained in the big one, so that can get cluttered if you have a lot going on. From reading, they haven't added Skype yet but have interest in it. The big 4 are there and ready to go. My first experience was excellent and I could see the promise. Their end goal is to sell the rights to use code I imagine as the service is free and donations are accepted for all their hard work. Emoticons and stuff need work but who cares at this point. I was more interested in the technology and basic functions. But then again everyone whined and Sametime is tossing them in now aren't they?
-
for this posting
On Wednesday, December 21st, 2005 by Chris Miller
A great Websphere Portal clustering document just done
The document is just over 40 pages long, so quite the good read in time and material. I will say one thing. A Domino cluster is more like a few paragraphs compared to the complexity of performing this operation. While I have installed Portal, I have never done this step so I plan on testing this a couple times for practice.
-
for this posting
On Thursday, December 15th, 2005 by Chris Miller
Domino 7, iSeries and HTTP. Shake well and Panic
PANIC: Object handle is invalid
Fatal Error signal=0x00000005 JOB=HTTP/QNOTES/054112 PID/TID=124/0x0000002d
They apparently were pleased and impressed that we had it working. We use Notes to Notes routing for all of our customers to drop NSDs to a mail-in database for collection and tracking purposes. After Lotus received it they stated it is an exact match for some other customers and they are working on coding a patch right now.
Bless ADC and Fault Analyzer tasks in Domino 7
-
for this posting
On Monday, December 12th, 2005 by Chris Miller
I was following Tom Duff’s post (and comments) on a Ray Ozzie post for other reasons
Notes had just about the simplest possible replication mechanism imaginable. After all, we built it at Iris in 1985 for use on a 6Mhz 286-based IBM PC/AT with incredibly slow-seeking 20MB drives. We were struggling with LIM EMS trying to make effective use of more than 1MB of memory. Everything about the design was about implementation simplicity and efficiency.
Besides understanding what Tom was saying about not being able to actively comment back since he is saying he has discussions (which I personally take to mean with MS people as I grabbed maybe 6 or 7 links and saw no responses from Ray), I did find the idea intriguing.
One trackback posting made a quite simple and decent comparison of the previous Pull technologies of RSS with the proposed Pull Pull of SSE. But the initial spec has nothing noted about security or master sources yet. But, my thought here is that it will grow into that with Ray having input and his above statement about Notes. With the moves into XML throughout Microsoft products, enabling SSE ability is the first move into having replication in their technologies over another standard. Instead of the proprietary Domino replication abilities. The security and authorization has a long way to go yet, have no fear.
If we take this like school, Ray is trying to develop a new learning program on new standards and Lotus has had an established college for 20 years that has grown around some very basic roots of security, portability and simplified scalability.
The point of this posting is not how Lotus does the replication, but the far reaching capabilities it has after years of growth and enhancements. Then Ray floats an idea to base some Microsoft work on emerging specs and the slower flocks will follow far too soon. Take that last part and let it marinade some.
-
for this posting
On Tuesday, November 29th, 2005 by Chris Miller
A review of a password recovery program that came to my desk today for IM packages and a question to my readers
I was hesitant at first on Advanced
IM Password Recovery by Elcomsoft
(they apparently do a ton of software, but Notes was not one of them),
but did some research and reading on the web about it. It clearly
does what it says, and quite easily. The freeware version is limited,
it will do the task but not always give
you the password depending on
the complexity. They are very up front in the readme about the few
things they can or cannot do, which was nice to read. GoogleTalk
was recently added into the mix as another IM provider.
The point of all this you ask? Sametime was not listed if you peek at the images. But imagine that it was, which in turn gives a person your Internet password. In turn, this might sync to your Notes password. So the question begins, how many of you maintain numerous alternate password across systems, and from web to id file? we could run numerous directions with this one, form retention times, to forced password changes to password quality and complexity requirements through policies and registration. Give me the feedback, I tihnk it could be a good thread this week in numerous directions, theme blogging time! | |
-
for this posting
On Monday, November 28th, 2005 by Chris Miller
AOL Triton
First we have the wonderful license which included this tidbit
(ii) FEATURE USAGE INFORMATION. The Software may also provide AOL with anonymous information about use of AOL features and buttons on the Software. AOL uses this information in the aggregate to determine which Software features and buttons are most popular and useful to its users.
(iii) SOFTWARE ID. The Software may contain a specific identification number for the purpose of tracking the number of unique instances of the Software in use.
Now, the damned browser software proceeded to install even though I am positive I deselected it on the first screen. Of course, it always uses the integrated browser for launching what you click and even sucks over your bookmarks automatically from IE. Now the tabbed browsing is a nice touch that is coming out soon enough in IE.
I also noticed that they integrated streaming music to compete with Yahoo. Nice touch, along with the drag and drop file transfers. It seems there is not a limit but I recall back in the day there was no limit and we used ti all the time to move huge files around. I wonder when that changed.
I didn't even go far enough to play with the emoticons or chat windows. Once I saw the initial look, I made sure it was not set to launch when Windows starts (as most things do it seems now by default) and closed it up. One more application to sit in the unused program directory.
-
for this posting
On Monday, November 28th, 2005 by Chris Miller
Changing the default key strength before the first server installs
Domino first server setup creates IDs with a default public key width of 1024 bits. If a different key width is required, run SETUP.EXE to install the Domino files but before starting the server, open the server's NOTES.INI file, and then set SETUP_FIRST_SERVER_PUBLIC_KEY_WIDTH to the desired key width. For example, for Domino R5-compatible keys, install the files for the Domino server by running SETUP.EXE, but before starting the server, open the NOTES.INI file and then set SETUP_FIRST_SERVER_PUBLIC_KEY_WIDTH=630. The public key width can be set to either 630 or 1024 when using the NOTES.INI variable.
-
for this posting
On Sunday, November 20th, 2005 by Chris Miller
Miss the old password hieroglyphics in R5? They are there in Domino 7 still
The old hieroglyphics are alive and well. They could make this little used piece of code work even better with more options, but it is respectable for what it does in the first place.
-
for this posting
On Monday, November 14th, 2005 by Chris Miller
Second time this week I was asked a question around naming conventions..
Domino server names are unique names that identify servers in a given Domino domain. Domino server names can consist of one or more words (a maximum of 79 characters) and can consist of any characters except: parentheses, at (@), slash and backslash (/ and \), equal (=), and plus (+). Using spaces or periods is not recommended. If you use spaces, you must enter that server name in quotes ("") when entering a command at the server console. As the Domino server name is also used within the given protocols name to address resolve process the use of underscores and periods can create lookup failures within different protocols. As such they are strongly not recommended.
So no more spaces in server names please. FQDN naming is nice for making everything work smooth, but sometimes quite long as a server name. Common sense seems to rule. Make the server names unique, not match the OS and keep them reasonable.
-
for this posting
On Friday, November 11th, 2005 by Chris Miller
Microsoft talks about new features of Exchange 12 and my thoughts on them
** Exchange 12 will automatically encrypt messages by default, and communications between Exchange 12 environments will automatically share keys
** Exchange 12 will feature full text indexing and searching capabilities
** The new version will include transport rules that are modifiable via a rules editor and will include a separate set of rules for managing retention and deletion policies
I am sure plenty of people have long drawn out theories on all of this. From the initial reading, transporting the keys between different Exchange systems isn't well laid out yet. But where is anything but server side for the encryption? Since the users do not have local keys, there is not the individual encryption we are used to in Domino. So the real value in this is protecting traffic across the network? Hmmm. Then we have the automatic sharing of keys. I once again presume these are all in the same AD and have a master key structure much like an O in Domino.
Full text indexing and searching. I am curious what filters they will have outside of Office type attachments for the searching.
Lastly they tossed in retention and deletion. Is this a simple growth or does it include archiving solutions. I was not clear on the new policies yet and there is a new interface for 12 that might explain the ability.
-
for this posting
On Monday, November 7th, 2005 by Chris Miller
I had to comment on Ed’s posting today (Outlook and Domino via POP/IMAP)
Let's go back in time. POP3 had numerous issues with the unread marks and locking the mailfile. In the old days, R5 and back, if the mailfile got locked by the POP3 task you had to restart the entire Domino server. Yes I said entire. Documented, read the technotes if you can find the old ones that showed:
POP3 Server: Unable to open mail file for xxx/yyy: unable to obtain exclusive access to maildrop
Large attachments caused the issue, a corrupt message could cause the issue, a bad full moon could cause the issue. Besides POP3 being an older protocol without true load balancing. Domino looks to the client to retain the unread table for the host it is hitting since agents or even API programs could change the Unread ID Table (see technote #1100308).
I consulted with a couple places that were looking to rollout wide scale (20,000 users or more) POP3 implementations. My statement then and now stands at no for Domino and POP. Forget the other issues around having mail locally, backups, leave on server, and a slew of others. Heck, there is not even any scheduling ability. part of the whole reason of using Domino
IMAP had issues a long time for memory leaks and usage. When it started you would see less that 100 full blown IMAP users on a box. That got better over time but you still will not run as many Notes or DWA users. Once again we are back to full failover ability. IMAP does a fine job of reading the folders and letting you work online, but the back end processing through Domino 6 left some to be desired. Scalability still has reported issues in Domino 6, technotes and all. No room for discussion.
Editor note: I have not tested this in Domino 7 yet so everything might be peachy keen now. But not many are to the point to upgrade and I don't have the client load of POP/IMAP to test. Or a desire to configure a load tester for that.
So to close on Ed's posting, why not move to DAMO if you want the Outlook client. Move to DWA, move to Notes. But let's get off the older standard of POP. The servers were made to be a simple storage facility for mail until the client could access it and grab it from the server. Then someone got smart and asked why don't we leave it there so I can get it in more than one place. Great idea, sounds like this needs to move to a server type application. I understand this was before web mail and some client technologies took off. I am not disputing that. But why not sell the abilities of scheduling (not POP as I mentioned), clustering (not POP), alternate client access to the same data (not POP as the unread tables are different) and richness of doclinks and other cool things.
-
for this posting
On Friday, November 4th, 2005 by Chris Miller
Replication Topology 205 - Tiered (Binary Tree)
Welcome to the graduate level course material (as Tom Duff said it should be) !!!!
HOMEWORK: From now on you are required to draw out the topology for your environment at each level. Even if you are doing it for future planning or hypothetical looks. This is a learning experience folks.
Here is what I said about Tiered (Binary Tree) topology:
Taking the hub and spoke idea a bit different, a central servers updates two or a few servers. Those servers update two or more each and so on down the pyramid. This works well if you have some good network connections to a few servers and then those have some decent speed to downstream servers without the top having that speed access. Otherwise you could go back to hub and spoke. The downside is that in a large tiered environment, it can take some time for a change to go up and down the tree if they do not share a parent server all the way to the top. I have seen some tiers that cross somewhere in the middle to alleviate that and leave the top server for administration and NAB master
The Good:
A well thought out tree keep the data flowing; makes it locally available and with multiple tiers it can move between localities even if the connection is down to the main servers. This is a great solution for multi-continent deployments or in countries that have Internet connectivity issues to the outside world. Imagine a tier in America, Europe and Australia. All the top level servers from each country then tier up to one other server in China. If the link to China goes down, each country will still have the updates from all sites within itself. Later, the rest of the world will catch up.
This idea also gets around timezone difficulties. Data is most important to other sites in your timezone (in most instances, yes there are some corporate apps that rely on HQ but that is a side class). So moving it between multiple cities to the top tier in that country keeps people happy. You could some more tier levels into the mix, but for homework, draw one out for your company, no matter how big.
The Bad:
I said it best in the outline from the very start. You can spend an enormous amount of time if you build the pyramid too large. Imagine how it was done in ancient times. One large stone was carried from the bottom to the top, very slowly. You knew it was coming, you could see it in the distance down the great pyramid, but it took forever to get to the top so you could build on it. Then the call has to go all the way back down the other side to let them know it was there. Companies try to get around this by speeding up the cycle time in between each hop. However, your schedule could become faster than the replication time of the data and you start to miss things until it can catch up. I recently saw this with a DMZ at one corner of the pyramid. During the day it was trying to keep up the fast 7 minute cycle that was set. However, they noticed some data not showing for 2 plus hours. Looking in the logs we saw that it was never finishing at the time the most data was being updated all over. Then when the day slowed down or at night, it could easily catch up. This also had to do with bandwidth being utilized, but it all adds to the issue.
We had strike #3 already, I guess this is the start of out #2 in the graduate level class.
-
for this posting
On Wednesday, November 2nd, 2005 by Chris Miller
Automatic Diagnostic Collection..and Domino 7
Now the catch was that I wanted to use the wildcard document to configure everything, but I do not want the Fault Analyzer task running on all the servers. So I did have to create a new config doc just for that server, which isn't what I wanted but works.
Size restrictions of the Faults are not a problem across any of the customers, so we are going with Notes to Notes traffic. No size issues to speak of through router restrictions either. I will put a snapshot of the config (maybe Visio) shortly
-
for this posting
On Friday, October 28th, 2005 by Chris Miller
I get asked how to do the presence awareness icons on my blog
After registering there is an Advanced Developers area for an XML interface with more metadata. I was thinking about this and it would be cool to have the online status next to people in my blog listing too. Hmmmm.
But be aware of this last part if you restrict who sees you to your Buddy List
Why can't visitors to my Web site see my online availability?
If you have chosen to utilize the Allow List feature in AIM, other users will not be able to see you online unless they're on that list. Check your privacy settings to make sure you aren't blocking anyone unintentionally.
If you are online but invisible, other users will see you as offline
-
for this posting
On Thursday, October 20th, 2005 by Chris Miller
In NYC for a few days doing an audit
The scary part always comes out though. The admin that left had a copy of the default system id that not only signs a lot of the agents, but has Full Access to all files and even encrypts the mail journals. With no audit trail of that id usage, it is impossible to tell if someone outside of the current team has used that id recently. They also do not run password checking/digest so it leaves a nice gaping hole.
-
for this posting
On Tuesday, October 11th, 2005 by Chris Miller
Remote Server Setup and ports and more ports
A question came today about Remote Server Setup when connecting over a VPN where the standard port for setup of 8585 is being blocked. TO get it unblocked took more than some time, three turns and clicks of heels. So I went digging.
In the local Remote Server Setup client you can select the host and port (see screenshot), but the server mode is not well documented. I actually restricted my search from Google to the Notes.Net site and found a Z/OS document that shows the simple command to do so.
nserver -listen newport
How simple is that? Quite! Except we could not find it documented anywhere until this search. If you know where it is other than that let me know. Maybe it will sneak out in a technote.
-
for this posting
On Tuesday, October 4th, 2005 by Chris Miller
If anyone has ideas (or even cares), my harddrives switched letters
I am busy looking for Partition Magic in the office somewhere
-
for this posting
On Friday, September 30th, 2005 by Chris Miller
Thoughts on the webcast
Ed Brill
- Great job as usual. He is at the point now where Ed probably murmurs competitive things in his sleep. He got a question on Outlook and how does the GUI compare or how was it enhanced Domino 7. We all know Hannover addresses this issue even more. Basically people, Lotus is saying it does what you need since the 6.x days, but looks a little different. Heck, I don't like some of the UI in Outlook, so why is it so much better? Let's call it training!
- Another asked about Domino Access for Microsoft Outlook and enhancements. DAMO in 7 is using the same template as 6.5.4 uses for now. Great idea to get that out the door in time with 7. I imagine when the point releases start coming out, some more fixes for DAMO will be there. I also imagine that some new bugs might be found when using the back-end of 7
Rob Ingram, lead Domino Product Manager
Benchmarked improvements was a highlight hit often with Rob. He did well also. Here are two screenshots:
Ok, maybe I am off but they did not hit 30 something percent improvement even according to their own charts??? I will let that one go with the thought that the improvements in performance are definitely there.
Then he made me sit up in my seat. Finally a new benchmark that addresses what the old ones missed, real world activity!!!!
Mark Jourdain, product manager , Application Development, Domino Designer
Mark did very well also. Even though he had to cram the last slides in at the end due to time.
Mark got a question on a rumor that LEI would be included with the server for free. Come on now, they charge like $50K per processor retail for that product. Per sale. DECS has been around got some a little better over the years, but I am guessing that you will never see that full type of LEI featureset in the core product for some time.
-
for this posting
On Wednesday, September 28th, 2005 by Chris Miller
From a customer today wanting to use existing users (R5) on Domino 7 servers
Compatibility with
previous versions
Will there be support for Forms5.nsf on a Domino 7 server?
- The iNotes5.ntf template will not be included
with Domino 7, so you cannot create Forms5 users from the 7.x Domino
Administrator client; however, the Forms5.nsf has been updated to work
with Domino 7 and is included with Domino 7.
- Domino 7 is backwards compatible for existing iNotes5 users; however, you cannot create new iNotes5 users using the 7.x Domino Administrator client. IBM Lotus does support upgrading existing users; we do not support creating new iNotes5 users on Domino 7.
-
for this posting
On Monday, September 26th, 2005 by Chris Miller
Error: Did not accept the new certificates because they were not issued after the current certificates
This error will get spit back by AdminP when the server date is set too far behind. Someone in their brilliance was able to set the server clock to 2004
-
for this posting
On Friday, September 23rd, 2005 by Chris Miller
I attended an IBM CommonStore session today, thoughts on it
Ok, so the first part of the demo was Outlook and Exchange. He was using VMWare to show the servers and clients running all together. I paid attention but that is not what you are here for. We took a quick 5 minute break while he loaded the Domino VMWare to show us that.
- Template modifications are necessary to add the necessary action buttons and menu items. Not a big deal overall but he stated they stay about 6 months behind major Domino releases so nothing for 7 yet
- You have the ability to grab just attachments or the whole body to archive off. You can also specify certain parameters based on date/time/size of message/size of attachments/etc/etc to grab for archiving.
- You have the choice to leave the small stub in your mailfile and then retrieve from there. Or remove the stub and use the CommonStore interface to get it back. This runs from a web browser over SSL (we were told and saw it looking for SSL requests in the background on a console)
- New icons are used to designate that the message was moved to archive. I took issue with the icon choice since in Domino 7, that same icon appears in the lower right of your client (between the access icon and IM component) to let you know that messages are signed or encrypted.
- Signatures on all emails get broken since the document is opened, things deleted, lines added and then it is saved. So you get the old error that document might have been modified or corrupted since last signed
I could go on for some time just explaining, but if you have an archive policy setting that works with some journaling of all or based on subject/sender then you have a lot of what this does. Yes there are some features and benefits that revolve around compliancy.
Now another thing should be noted is that they push the idea of Single Copy Object Store heavily in numerous slides and conversation points. We all know the old versions of SCOS in Domino were not the best, but they touted it like Domino cannot do ti either. Interestingly enough it was pointed out that with archiving, journaling and SCOS in Domino you have all of what they have in databases that are still searchable. In reality, unless you have some strict recoding/archiving needs (SEC, HIPPA, S/O) then all you are doing is pushing the mail onto yet another machine that needs backup, maintenance and management. The product will hit mailboxes on most platforms, but only runs itself on Windows and AIX. So all of you that invested in iSeries to get away from Windows, break out the old hardware and add tons of disk space.
-
for this posting
On Thursday, September 22nd, 2005 by Chris Miller
Sametime cluster catch-up : the final day
That might be a little strong. It is more like the new kid at school being put in a locker and no key. You have the option to choose LTPA only, or LTPA and tokens. We had deselected the option to allow the tokens and even removed the stauths.nsf database as it was not needed for the secrets. The database stautht.nsf should never be replicated as it contains server specific info.
I am about to leave you sitting here wondering if there will be a part 2 to the saga. I am sure there will be.
-
for this posting
On Monday, August 29th, 2005 by Chris Miller
Continuing the Sametime clustering catch up - Day 2
But down to business. I know part of the customer team reads this daily (however we know that the IBM'ers here do not and have no idea what they are missing right?) and are expecting a lot. But I won't let too many secrets out. In my eyes the basics of the cluster are a success. There were modifications to be made to a class file that searched and modified the appearance of the Sametime home server when using LDAP. But they also had some other customizations that we have to build back in.
Replacing the Home Sametime Server (HSS) is a main key of Community Clusters. Proper DNS plays a major role in this since we are parsing the server name with the LDAP queries. Integrating this new cluster with an existing Sametime chat server (during the migration time) and then the internal and external meeting configuration is all still to come.
We did somehow manage to make a Sametime admin client that only did Meeting Services. How we got it, we don't know nor did we spend the time to work it out. But it was blue (from the new Sametime FP1 for 6.5.1 changes. Yes, this means that IBM put a blue IBM banner at the top for branding above the normal yellow. The only strange part was that the product title was called IBM Lotus Web Conferencing. I wonder what happened to the Instant Messaging part of that title bar? And now it goes back to Sametime.
I am definitely full from the Keang Keow Wan (Thai green curry with chicken, medium spicy) and a dessert that was recommended. Fried bananas with mango and green tea ice cream.
-
for this posting
On Tuesday, August 23rd, 2005 by Chris Miller
A day in the travels (and Sametime catch up from May)
The customer stuck with the F5 solution. Testing went well over the past few moths and the actual server hardware arrived and got loaded with the operating system of Windows 2000. The current plan is creating an exact duplicate of the single, existing Sametime server and moving that into the cluster architecture. Which in turn, mirrors the test cluster we built in all the configurations. Let me bring one point to the front that you should know and is verified in technotes. Make sure you have a loopback record in stconfig.nsf and the world may be at peace. Not really, but with some proper planning, good budget, etc etc.
Ok, that is a bit strong as there is a myriad of patches and the recent FP1 to be applied to 6.5.1 of Sametime to start. Interestingly enough, moving the database across that had transaction logging enabled threw a bit of a wrench in the works for a few minutes. Some compact -t to remove that flag assisted. We ended up with a corrupt NAB on one server for some unknown reason, but replacing that made the universe at harmony once again.
So how are we moving from the single server to the load balancer and having two new servers as a Community Cluster? Sounds like you will have to wait until after the sauteed mushrooms, pesto basil pasta and tiramisu at my current location.
-
for this posting
On Monday, August 22nd, 2005 by Chris Miller
Replication Topology 103 - End to End
From the beginning, I gave a scenario of how it looks
Basically data starts on one end, passes through multiple servers through replication and then comes right back. Timing becomes and issue to make sure that data can make it all the way down and back before the next baton is passed. Think of it as runners that pass the baton, and if one runner takes off too early, who knows where the baton is.
So I hopefully already broke you away from the idea of a meshed environment in class 101 due to the sheer number of connection records that are possible and messy management.
End to end offers it's own set of benefits and pitfalls, of course. If you can imagine your science class from way back in elementary school.....where they gave you a stack of batteries and a bunch of light bulbs. You were then told to light them all up. The first thought is batteries, then wire to next bulb, then wire to next bulb and so on until they were all connected. Well if one went out in that serial connection idea, then everyone behind them went out. So the teacher taught you about parallel connectivity to get around it. Which end to end does not do in the true form. Any variation moves it towards circular or even tiered architecture (with a bizarre slope).
The benefit is that data passes along in a cycle, reducing replication conflicts. Save conflicts are entirely different as people across the string could be editing the exact document on every server. Timing, as I mentioned, also becomes and issue since it could run any amount of time to get the data back and forth. If a server or network is down, the others will replicate as scheduled, yet that missing link in the middle brings the idea of timeliness to a screeching halt on each end.
The end result is a long line of servers, spread in the same room or geographically, that have a start and end point. Sure, you can argue that every topology has a start and end point. But with the proper hub cluster setup, only an individual spoke failure would affect any users. In end to end design, there are too many holes along the way.
-
for this posting
On Tuesday, August 16th, 2005 by Chris Miller
Lotus Technote #1212699 for DCC
Problem |
The Dynamic Client Configuration
(DCC) process is vital to several features of Lotus Notes and Lotus Domino
6. This document will help Notes/Domino administrators find the information
needed to better understand and troubleshoot this process.
|
Content |
What is Dynamic Client Configuration (DCC)? DCC is a Notes client process that synchronizes certain information between Notes clients and Domino servers. The DCC executable, ndyncfg.exe, is located in the Notes client program directory. What does DCC do for me and my users? It does a lot! To begin with, DCC populates the Client Information section on the Administration tab of Person documents. DCC is also required for the proper operation of certain AdminP processes such as "Move Mailfile" as well as new Notes/Domino 6.x features including Policies and Roaming Users. So, if you encounter issues with any of these processes/features, remember to troubleshoot the DCC. What triggers DCC to run? Dynamic Client Configuration runs when the user authenticates with their home server, and either their Person document has been modified, or their assigned Desktop Policy has been modified since the last authentication. DCC is designed as a push mechanism only from the server to the client. The DCC updates settings on the user's workstation based on the current settings in the user's Person document and any Desktop Policies that are in place. For example, if changes are made to a user's Person document, DCC will detect the changes when the user connects to the server, and then push the appropriate changes down to the client. How can you confirm that DCC is actually running? By default, the DCC is installed with every client and runs daily at the first user authentication with the server. When DCC executes it adds the following lines to an entry in the Miscellaneous Events view of the local LOG.NSF: How would you know that DCC is not working? An easy way is to look in the Domino Directory (NAMES.NSF). There should be Client Information on the Administration tab of each Person document. If that information is missing, or the information is there but not up to date, you may have some DCC failures. Also, if your policies, especially your desktop policies seem to skip certain people, that could possibly indicate a DCC failure. This also applies to roaming users and mailfile moves via AdminP. For additional information, refer to the technote titled "Known Policy Issues with Dynamic Client Configuration" (#1137728). If you have intermittent failures, you may need to troubleshoot DCC.
2. Select Actions -> Advanced -> Set Update Flag 3. When the prompt "Allow administrators to keep this location's settings up to date with those settings on your mail server" appears, click "Yes". 4. Save and Close.
2. Select Actions -> Remove Address Book Preferences. What do Address Book Preferences have to do with DCC? Good question. When you select the option to "Remove Address Book Preferences", you are actually removing the directory profile document (directoryprofile), which contains something called $DynInfoCache. With this document deleted, the cache will be completely rebuilt when the user re-authenticates with their home server . Note that, the user will need to re-set certain items if they have customized the preferences of their personal address book (e.g., the group sort order, the format of contacts, and the address format). Are there any known issues related to DCC? There can be, but as of Notes 6.5.4, most known issues have been fixed. However, since you may be running earlier versions of Notes 6.x, here are some issues you may encounter:
|
-
for this posting
On Sunday, August 7th, 2005 by Chris Miller
All my postings on DCC seemed to have hit home
-
for this posting
On Sunday, August 7th, 2005 by Chris Miller
Replication Topology 102 - Peer to Peer (Meshed) exposed
Sorry for the delay, but other posts were taking precedence. So let's get right to it.
One of the dilemmas when building out the infrastructure is how to start the replication topology after you break away from just one server. Let us not debate why someone does not have a cluster, just live with the fact that plenty of sites out there still have a single server. When there is two servers, it should be obvious. One calls the other and it is done. Add a third to the mix and decision making seems to evaporate faster than spilled drinks in Las Vegas right now. For some reason, some admins find it necessary to create a replication connection from one to every other server over and over (Please note the spaghetti reference from class 101). Instead of planning a hub architecture right from that point, the confusion begins.
The good part of this topology is that there is no dependence on a hub server in case of failure. If you have 3 servers with all these connections, and one fails, 66% are then still in sync waiting for the third to come back on-line. Awesome idea. You do not eliminate everyone having current data with a failure.
Yet, most admins want the data to replicate every few minutes all day long. Amazingly at the same exact start and end times with the same interval in each connection document. This leads into two things:
- Large possibility of replication/save conflicts as data access and updates take place. If this application needs that much replication, you can bet it is getting updated regularly and by numerous people.
- This is like the 1¢ slots, you play those, soon the 5¢, then 25¢, then 1$. Soon you are betting large on the roulette table that you make document 1 get to server C cleanly and in some timely fashion.
SO what does all this get us. Peer to peer almost works for two servers, yet calling each other back to back doesn't really make sense. So start thinking about which should be the hub and plan accordingly.
-
for this posting
On Monday, August 1st, 2005 by Chris Miller
I got Plazes working on the blog
-
for this posting
On Wednesday, July 27th, 2005 by Chris Miller
My Advisor2005 presentation files
AdvisorVegas2005.zip
Comments Disabled
Two Domino 7 Beta 4 issues I encountered
... it was expected to be fixed in Beta4 but unfortunately it didn't get into this build. It has been categorised as a 7.0 ship stopper so it should be fixed prior to GA.
The second issue was after upgrading the client form beta 3 to beta 4. I was getting an error on the Welcome Page. The client would still open, you just had to get past the error. It then gave a gray area on the Welcome Page but rendered the rest of the information correctly.
Formula Must Evaluate to Text
I heard back directly from some of the wonderful folks at Lotus stating that they thought this had been fixed. So they gave a fix that involved either replacing bookmark.nsf with the new one they put in the forum, or following a set of instructions they provided. Here it is for anyone that needs it. Thanks to Debbie for getting it to me so quick.
Open bookmark.nsf in designer
Go to the Views
Click on the view called (Downloads) and click Design - Preview In Notes
You will most likely see two $branding documents there.
If you do, go to the "multiple $branding documents" section below.
If instead you see two documents with the exact title of $branding4AA10721D4DE2AFF85256D4F003B84B4 go to "multiple $branding+UNID documents" section below.
multiple $branding documents
Look at the far-right column for the UNID's of the $branding documents.
Select the $branding document that does NOT have a UNID that starts with "3493F249..."
Press DEL (ignore error message)
Press F9 key so that the $branding document is permanently deleted from the database
Close the view
Close Notes and reopen.
The "Formula must evaluate to text" error should not appear.
multiple $branding+UNID documents
If you see two documents with the title of "$branding4AA10721D4DE2AFF85256D4F003B84B4"
Look at the far-right column for the UNID's of these documents
Select the document that does NOT have a UNID of "3887F989A309670F85256F97004F"
Press DEL (ignore error message)
Press F9 key so that the $branding document is permanently deleted from the database
Close the view
Close Notes and reopen.
The "Formula must evaluate to text" error should not appear.
-
for this posting
On Wednesday, July 20th, 2005 by Chris Miller
Since I have a lot of cell phone junkies that read my blog, a study on radiation per phone
Cell Phone Radiation Chart
-
for this posting
On Monday, July 18th, 2005 by Chris Miller
Replication Topology 101 - the basics
There are a few options of topology design when you have multiple servers in a Domino domain. You can classify the architecture in a few different ways:
- Hub & Spoke - A typical design where a central server pushes and controls changes to all the servers around it. You update one central source and everyone gets happy eventually. But, if there are too many spokes, you can have times where the hub cannot reach all the servers during a cycle. So you moved to the next couple ways. The other downside relies on one central server for all updates. If the hub dies, so does the topology.
- Multiple Hub & Spoke - Here there is more than one hub, possibly even in a cluster, that handles the updates to their own sets of spokes. This allows redundancy for the centralized architecture and lets the servers make the rounds updating the spokes. This works well in a good LAN speed environment. The downside, not too many if the central hubs are in a cluster. That way data can pass across spokes fairly quickly on opposite sides. If there is no cluster, see above.
- Tiered (Binary Tree) - Taking the hub and spoke idea a bit different, a central servers updates two or a few servers. Those servers update two or more each and so on down the pyramid. This works well if you have some good network connections to a few servers and then those have some decent speed to downstream servers without the top having that speed access. Otherwise you could go back to hub and spoke. The downside is that in a large tiered environment, it can take some time for a change to go up and down the tree if they do not share a parent server all the way to the top. I have seen some tiers that cross somewhere in the middle to alleviate that and leave the top server for administration and NAB master.
- Ring - Simple enough, servers call each other in a circle updating, adding and deleting as it goes. The downside relies on a large ring where it can take some time to get all the way around. Also, if one server in the ring goes down, so goes the cycle.
- End-to-End - Basically data starts on one end, passes through multiple servers through replication and then comes right back. Timing becomes and issue to make sure that data can make it all the way down and back before the next baton is passed. Think of it as runners that pass the baton, and if one runner takes off too early, who knows where the baton is.
- Meshed (or Peer-to-Peer) - This is basically random servers that call other random servers. It is all made with some reason when laid out, but you are never quite sure how or when data is getting to somewhere else. It just shows up.
- Spaghetti - This is the last result and the most frustrating. Admins just create connection records form one to all the others, over and over again. For each server in the domain. Replication conflicts occur, the servers have no idea who owns the database, and design changes fly everywhere. I usually encounter this when doing audits of domains where they keep patching and adding band-aids instead of fixing the real issue. No topology design.
So there we are. We can now mentally picture multiple types of topology right? But the path of decisions is yet to come.
-
for this posting
On Thursday, July 14th, 2005 by Chris Miller
Who makes the policies around there?
I actually present some of my thoughts in my sessions around IM and mail management and policies. Most enterprises have some form of Internet (browser) usage policy in place that the employee signs when getting hired. Most of those seem to be done in combination of HR, for harassment issues, IT for technical and virus type issues and finally someone concerned about legal reasons to restrict content.
The availability of email policies if very light. Most only consist of notifying the employee that the email system is the company property and not to use email to transmit personal email (yeah right) and confidential emails.
IM policies seem to mainly be nonexistent everytime I ask the question. Surprisingly they only know they are told to standardize and block consumer products But nothing else. The problem fits your article well. No one wants to step up to the plate and restrict what is becoming a mission critical application. No one group wants to take the blame, or downfall or making a policy for IM usage that does not fit every department. Plus, there seems to be plenty of people that needs exceptions to the rules. ie: Sales for outside contacts (who can find the SIP/SIMPLE standard that actually works across two different products all the way?)
OK, that was starting to turn soapbox, let me stop. Do you have all the necessary policies in place?
-
for this posting
On Wednesday, July 6th, 2005 by Chris Miller
A secondary lesson in SIP
SIP uses the Uniform Resource Identifier (URI) as an assignable tag for the reason of subscription and notification. In this case the URI would be Bob's email address. You can think of your phone as a URI since it identifies only your house or cell phone.
Once cool thing about SIP is that any user can register numerous devices to be assigned and then (with technology) each device can be tried at once or in order. The phone company does this now when you call a main phone number which then rings your cell and then a pager if necessary.
-
for this posting
On Thursday, June 30th, 2005 by Chris Miller
Did you suffer through the Blackberry service outages?
The Canadian company said a second North American outage on Wednesday was the result of an unrelated "hardware failure." A RIM statement said a "back-up system functioned with lower capacity than expected and the lower capacity then caused latency in message delivery for some customers."
RIM declined to elaborate on the number of customers affected or the nature of the software and hardware involved in the two incidents. The company also seemed to dispute the magnitude and length of last week's disruption.
Cellular carriers Cingular Wireless and T-Mobile said on June 17 that service for all of their BlackBerry users--at least 1 million people, but probably many more--was down nationwide nearly four hours.
Has Blackberry implementations become a required commodity at your enterprise like the phone and IM are? Is their major upheaval with this kind of outage or do people get along fine without the Blackberry for short amounts of time?
-
for this posting
On Tuesday, June 28th, 2005 by Chris Miller
Microsoft says "Write down your passwords" ?
Companies should not ban employees from writing down their passwords because such bans force people to use the same weak term on many systems, according to a Microsoft security guru.
Speaking on the opening day of a conference hosted by Australia's national Computer Emergency Response Team, or AusCERT, Microsoft's Jesper Johansson said that the security industry has been giving out the wrong advice to users by telling them not to write down their passwords. Johansson is senior program manager for security policy at Microsoft.
Now where did I put that piece of paper I wrote the certifier all my password(s) on?
-
for this posting
On Monday, June 6th, 2005 by Chris Miller
A LDAP issue that many can learn from
a Domino environment running for some time under R4 into R5. They aggregated a while ago into the Domino Directory for LDAP (as well they should right?) and all was well. They were point to attributes, pulling information, authenticating.
Then the upgrade to Domino 6. Some authentication and lookups stop functioning. The schema database was recreated properly. Some applications still work great. Yet some lookups are failing now from some other systems. Binding works fine and all use the same account to bind. What oh what could it be?
Problem |
In Domino R5, the LDAP attribute
Shortname was set by default. It mapped to the field "Shortname"
in the Person document. However, in Domino 6.x this attribute does
not exist.
|
Content |
Both Shortname and UID map to
the field "Shortname". In Domino 6.x, the attribute Shortname
was removed as this was redundant.
It is possible, however, to add the attribute with the following steps: 1. In the Domino Directory create a Configuration document set to be used as the default settings for all servers (on the Basics tab). 2. On the LDAP tab, in edit mode, click the "Select Attribute Types" button. 3. In the drop-down box "Object Classes" select dominoPerson. 4. Click "New", type Shortname in the New Field window and click OK. 5. Click OK for the LDAP Attribute Type Selection window. 6. Save the Configuration document and restart your server. Supporting Information: NOTE: The above information applies only to anonymous searches; this does not actually add the attribute back for LDAP. The document titled "LDAP Queries On "Shortname" Fail To Return Results" (#1160538) describes how to put the shortname back in the schema, and so would then work for authenticated searches. Both steps must be performed for authenticated and anonymous searches. |
-
for this posting
On Thursday, June 2nd, 2005 by Chris Miller
Well it is going, think I
Here is the one tip that made it into a new slide yet no the actual cd's that went out to attendees. You can troubleshooting the integrated Notes client connectivity for Sametime by using a notes.ini parameter.
IM_Request_Dump=17
debug_outfile=c:\temp\imdebug.txt
The Notes client must be restarted but it provides some useful information on connectivity and some buddylist issues.
-
for this posting
On Thursday, May 19th, 2005 by Chris Miller
Sametime cluster, what names have to match?
Carl always says it best. If you do not understand that FQDN matters in Sametime, then don't load Sametime. Of course, I am paraphrasing there, but it is so true. A Sametime cluster name does not get referenced except internally inside the server in stconfig.nsf. You will use a virtual DNS entry for the cluster through some sort of load balancer. A Domino cluster is for the clients and servers to find and talk to each other only.
I found that having some form of similar name matching for Domino clusters worked wonders to identify where the Sametime cluster resides. Now is a Domino cluster required? I would say that for vpuserinfo.nsf it is of course required. How else would buddylist changes get pushed across. If you are using LDAP then the directory is of no immediate importance so you are pointing to the same clustered source. Admin4 won't process much since there are no name changes on the servers directly.
There you have it. Then again my mind is like butter as I prepare for this week so I know that sounded (read) like a bit of ramble.
-
for this posting
On Monday, May 16th, 2005 by Chris Miller
Sametime apologized and submitted
Blogger's note to his faithful readers:
So I wrote a bit more below but on third reading edited some. I thought that heck, here is a quite a bit of a guide the past few days to get you rolling, but just hire me to do that darn thing for you instead :-) It might be my hunger thinking that right now, or small amounts of greed. Bwa ha ha ha ha!!! But either way I loved the experience of doing it again at a customer site since we already do this on our hosted side and have the steps down to a nice science. Anyone upset over that? Forgive me in advance if so
Ok, down to business. Carl was right in saying that the client chose the F5 hardware based solution for load balancing. We have it set to load balance some ports and let the servers talk to themselves behind it on others as necessary. Server 2 had a hard time understanding it was to really run Sametime, so it spent a lot of time overnight on the naughty mat as I stated and for punishment got reloaded today.
So chat fails over from the Java and Sametime Connect client. The Notes client does not have that ability in the current releases, but that is on the list for later ones. Instant Meetings are a whole other posting that needs to be done with some sort of Matrix that only the Swedish Chef from the Muppets could understand.
One key thing when setting up Community Clusters, do not forget to work with and choose if you wants Secrets & Tokens or SSO. Don't try and be fancy and do both. Domino has hard enough time, then layer Sametime and it's ability for S&T and you get a deadly mix. Yes it does write to the notes.ini when making this change but playing with that isn't the route to go. You should sneak and see my session on notes.ini deciphering at Admin2005 for that.
One other side tip, we learned another important lesson. Sametime debug parameters rely heavily on ] and not on } now don't they?
-
for this posting
On Wednesday, May 11th, 2005 by Chris Miller
Sametime clustering and the bad bad server put on the ’naughty mat’
Now instant meetings are started on the home server (or the one connected to in a cluster) so if that server dies, then you lose that meeting when you fail over. Now this is where one server became a very very bad server. One of them decided that it would not start a meeting no matter how hard we begged. So a quick rebuild tomorrow and we will test that last piece. I have one remaining question. If I am on the server that stays up as the owner of the instant meeting and the other participant was connected to the server that dies, will they stay in the instant meeting and reconnect for chat? Oh those begging questions to be answered.
Anyone want me to run through the steps of how to cluster two Sametime chat servers?
-
for this posting
On Tuesday, May 10th, 2005 by Chris Miller
Sametime clustering, two left feet and no toes
After some brief time of just getting to know more particulars about their Sametime environment, we got right into it. Look for some tips as we move along the next couple days. For starters, most of you already know how important DNS is to Sametime. It becomes even more important as you deploy some sort of load balancer. Note I said load balancer and not round-robin DNS entries. There is no heartbeat or knowledge of a server being down in that approach and ultimately, the scaling and deployment will fail miserably. So they were well prepared with a hardware load balancer solution in place. But, due to DNS update times, we got most of the cluster built, documents created and servers ready and had to wait till tomorrow for a move of some DNS names.
I will cover the document building in the next post, my Chimichanga is here.
-
for this posting
On Monday, May 9th, 2005 by Chris Miller
SSL session resumption (who knew, I didn’t)
SSL session resumption greatly improves performance when using SSL by recalling information from a previous successful SSL session negotiation to bypass the most computationally intensive parts of the SSL session key negotiation. HTTP is the protocol that benefits the most from SSL session resumption, but other Internet protocols may benefit as well.
By default, the server caches information from the 50 most recently negotiated sessions. This number can be modified by setting the variable SSL_RESUMABLE_SESSIONS in the NOTES.INI file. Increasing that number may improve performance on servers that tend to carry large numbers of concurrent SSL sessions.
SSL session resumption can be disabled by setting SSL_RESUMABLE_SESSIONS=1 on the server.
SSL_RESUMABLE_SESSIONS has no effect on the Notes client. The Notes client will cache the most recent SSL session.
Note You cannot configure SSL sessions to time out and expire.
Let's give it a shot and see if the results
are of benefit, will let you know
-
for this posting
On Wednesday, April 27th, 2005 by Chris Miller
Perimeter Email Security, who has it?
- If a lot of mail is coming in for non-legitimate addresses, then it can be directory harvesting or even a DoS attack
- If mail is going to large groups at one time, and not from an internal or approved course, it would be tagged as spam if from a single source
- Mail flowing between people in the organization can be checked as well
Plus, if the mail is encrypted (Notes), then how would many of these appliances even read the message to begin with? There is no ability to track content then. Then how do the users manage retrieving the mail that has been quarantined by the appliance? What interface is available? Do administrators have to do this manually? How are the signature and content files updated? What is the support for blacklists, whitelists and even SPF or Domain Keys? Just things to think about.
-
for this posting
On Tuesday, April 26th, 2005 by Chris Miller
BlowSearch Secure Messenger (like Trillian with encryption)
- Strong industry leading security. Up to an unmatched 4,096 bit encryption technology.
- Extensive privacy settings and block list abilities.
- Create private conference rooms.
- Integrated web search technology from BlowSearch.
- Customizable sounds and notifications.
- Full message logging capabilities including export of conversations.
- File transfer capabilities between users.
- User profiles, public or private. You control your information.
- Chat rooms galore. All categories with admin capabilities.
- Tabbed interface allows for easy access to launching desktop applications.
- Updated scrolling news and information.
Blowsearch Secured Messenger utilizes theOpenSSL library to provide encryption routines for your Instant Messages. We use a combination of randomly selected schemes and bit lengths, ranging up to 4096 bits, with additional algorithms added in to make your messages even more secure. We start with an RSA foundation and move out from there.
So I am downloading and playing with it some. Anyone want to test?
-
for this posting
On Friday, April 22nd, 2005 by Chris Miller
Follow-up on Sametime, tunneling and two NIC’s
- If you leave the second NIC enabled then it will start trying to grab that NIC as the bind and tunneling and whiteboarding starts to fail
- If you disable the second NIC and run enterprise backups across it (as most companies will), then you screw yourself there
- If you move a NIC out of the NAT into a DMZ or other area, you expose the server
- If you chant loudly "Sametime rules the planet and LCS is a spawn of Satan" nothing happens but you feel better about your decision to use Sametime
Ok, I am kidding about the third, I mean last one. Needless to say I need everything to work together. Backups, two NIC's and Sametime with tunneling. By the way, yes Lotus pushed out a technote under #1088421 Link
-
for this posting
On Friday, April 15th, 2005 by Chris Miller
Question from my 6.5.4 upgrade post
Application support in most companies is already a nightmare, but having a mix of local applications make it far worse.
-
for this posting
On Tuesday, April 12th, 2005 by Chris Miller
Upgraded to 6.5.4
Ed has prompted us on the security patches, which is always an important reason for the upgrade. I will keep you up to date as I finalize the cluster upgrade and all the clients through Smart Upgrade
-
for this posting
On Friday, April 8th, 2005 by Chris Miller
Server mail rules and some of my opinions
- No categorization - meaning there is no description area or ability to group them together from a drop-down list. Maybe that list comes pre-built from Lotus or maybe it is open so you can add your own as you go along.
- No sorting - this follows right behind categories as there is no way to sort the rules in the server or email file. How are you to find any certain rule if you have to scroll and hunt.
- Order in embedded view is only shown as the order the rules are applied to the message. This goes to sorting
- You cannot use special characters - Now I am not implying that every character should be used. But if you ever tried to be creative and use a "\" and perform some rudimentary sorting you were in for a surprise. Everything after the slash is ignored. So yes it looks nice, but the rule is then not applied properly to any mail message. This also removes the possibility of wildcards.
- The amount of rules in mailfiles should be decreased. Finding the appropriate rule in a list of 100 becomes unreasonable. Compounded with the current issue of some rules staying active after deletion makes finding them to help users a long trek.
So yes, there is some good things. The ability to sort mail on the fly is awesome for mail management. The ability to have numerous strings of AND/OR makes adding exceptions to rules easy. (yes mail can get lost in the matrix if you do not understand all your rules)
So there is some quick thoughts! Any of your own
Comments Disabled
My recent experience with Sametime tunneling, firewalls and ports
First we ran into the Sametime server binding to the wrong NIC card. This was causing the MUX to act like a person in the mall that forgot where they parked the car. They knew it was in the garage somewhere, but were busy looking on level 2 instead of level 1. This lead to it thinking the port was stolen. Much like a person would think their car was also. The solution for now was to disable that second NIC card. The sametime.log file then showed that the MUX was binding to the right IP address and NIC card. Then that card is NAT to the Internet .
This is where the firewall comes into play. So what we are looking for as the final result is that the MRC (meeting room client) of Sametime will download to the meeting attendee and try the standard ports to access the Sametime server for the meeting. If those ports are not available through their network, or we are preventing them from getting in via the firewall, then the MRC should try port 80 for a tunneled connection. However this is where you can have awesome success or some failure. So here is where it stands on how to do it.
Install your 6.5.1 server as tunneled, if you did not you can always make the changes manually. Quite simply too. Then open the firewall for ports 80, 8081, 554 and 1533. This will allow tunneling and also attempts at direct connect for screen sharing, whiteboarding, chat and broadcast meetings. This has nothing to do with audio/video tunneling. That is a whole other topic.
Make sense?
-
for this posting
On Thursday, March 17th, 2005 by Chris Miller
The MUX that can’t (Sametime for all of you others)
Unfortunately the only technote that is close, and describes the problem almost exactly, has no fix. The almost exactly part states that you get MUX exception errors in the Windows Event Viewer only when the service terminates normally. So basically, don't worry about it. But I am getting the exact error, on the exact operating system version while the server is running and not shutting down. Still the answer is quite simple:
This issue has been reported to Quality Engineering.
UGH! Updates on the solution as they come in.
-
for this posting
On Wednesday, March 9th, 2005 by Chris Miller
Server cluster and availability indexes
You can adjust the indexes and expansion factor as you wish, but they were not high enough to begin with. So we started that morning with an unstable 6.5.1 server cluster, with availability somewhere in the 40/14 range with the 40 being the internal server. After the upgrade to 6.5.3 we saw the availability jump to 75/30 on normal load. This tells me there was some improvements along the way in stability and scaling. Yes, they do use iNotes very sparingly on the outside server. Most load is the clients accessing mail and applications.
What is the point to all this? Well the expansion factor stayed low on the outside server, around 7-8 but jumped to as high as 60 when it was the only server and we were upgrading the internal one.
My guess is that the outside server was sending traffic randomly between the internal NIC and external NIC to talk to the same server. But wait, you say! Chris, you said one was internal and one was external. Due to their architecture, you can get to the outside server from inside to let them have some sort of cluster. But, since the connection records use DNS, it reads the external IP address and tries to go out through the proxy and Internet to connect to the server. The organization does not run internal DNS and relies on the ISP.
I verified they did not have any ini parameters to adjust the availability and help regulate load. They did not and were allowing Domino to decide the factor on the fly for them at each polling. To make this shorter, we decided to let it sit this weekend and get a better range of availability with a couple days of usage instead of relying on the few hours after the upgrades.
More on Monday or Tuesday on this topic then.
-
for this posting
On Saturday, February 26th, 2005 by Chris Miller
Update on my travels the last two workdays
We were called in last minute to help scale a LearningSpace infrastructure. The website itself will be public, but where we had to go was not. It is amazing the security precautions and what you go through to even move a server from build-up to production. At least three different groups are involved in that activity and once that server leaves the build-up, odds are (if it stays running) you will never see it again except through a remote console.
So let's move into the tech side since I can't say any more detail about the above. It was a simple tiered architecture without much redundancy. The real issue was the number of concurrent users they get now and what is expected by Aug. There was no way that they could handle the load. We ended up taking the 3 server environment to 7 total with some hardware load balancers. All this was architected, installed, configured and ready for production in two days. The site will actually go live on their scheduled outage time of Tue nights though.
The end result was a LearningSpace 5 environment behind a few firewalls, a load balancer, then 4 core servers, 2 content servers and some back-end database servers to provide the redundancy and scaling needed to reach their concurrency goal. I would love to give the nitty-gritty details like usual but just be happy and pleased with that. But no, they are not using LDAP so there is no tech info there.
-
for this posting
On Monday, February 21st, 2005 by Chris Miller
An update on DWA issue two days ago from a reader
Hi Chris,
since R6 it is official that the users names.nsf can live on a server (a.k.a. Roaming profile - We did that for backup since R4). With a little scripting help we do:
a) synchronize the users NAB with the Names in the mailfile automatically (user doesn't even know that they would need to do so)
b) Filter out the names from the public NAB. Here we tried two strategies: either remove them from the users NAB (which p***d some users off) or exclude them from the sync with the mail file.
Hth
:-) stw
So he is saying with the roaming feature enabled in Domino 6, they are pushing names to the mailfile in the background with scripting or filtering out public address names. I fully agree with the second choice for a couple reasons:
- If the user is utilizing Domino Web Access (DWA) then why would they need the public addresses in the personal address book? The server has that directory as an option. Sure, we could go so far as to say DOLS, but why not then give them the public directory in DOLS also? Makes sense to me.
- If you filter the names from the public NAB and then push a mobile directory catalog for users requiring it, you guarantee updated names, addresses and encryption keys for all users. Plus doing this on the server side (could be a strictly roaming server for scaling reasons) would take the user end scripting out of the picture also. A nightly scan could be done. Once again some would say they store possible personal or additional information in the local listing for another employee that you would not want or shown in the public listing. So let's just make the filter match the public listing and even match the public key. All would be satisfied that way.
I guess where we are heading in all this is the option to guarantee that addressing will not fail and there will not be those weird names when addressing from the web in DWA.
-
for this posting
On Thursday, February 17th, 2005 by Chris Miller
Addressing and local NAB in Domino Web Access
Of course we (as administrators) expect this behavior. But the way the name shows really throws users off Here is a screenshot, and yes it was blurred some but you get the idea. I didn't want the names out there for gosh sakes.
As you see, the yellow part says more than one entry was found for the name and the white part shows both the way the user would see it from Domino and then one that almost looks like LDAP. This server has no Directory Assistance or Directory Catalog in place. So through testing and troubleshooting using our own mailfiles, if you had an entry that did not exactly match the server NAB, then this pop-up would show. If they did match, the mail would address as normal and off it went. So no more typing in names in your personal NAB of people from the Domino Directory folks!
-
for this posting
On Tuesday, February 15th, 2005 by Chris Miller
Came across this while teaching the Sametime class
Well we came across an issue where the checkbox to enable Instant Messaging could not be found in the Domino Web Access preferences. I know it should be there, and the users had a Sametime server specified in their person records. I was dumbfounded that it wasn't there for some reason. So I broke out the laptop to do a quick search of the Knowledgebase. The new IBM support for Lotus really bites and sometimes it seems you cannot even find technotes with the darn number in the first place. So here is the exact reason (technote #1190873) that is was not showing, matching down to the version. Who knew they made this little gem of a change? Quite frustrating when a point release makes a change like this for some reason.
Problem |
In Domino Web Access (iNotes
Web Access) 6.5.3 or above, you want to use the Instant Messaging feature.
The Help documentation states to do this you must enable Instant
Messaging via Preferences > Other > Enable Instant Messaging. However,
when you navigate to this area the "Enable Instant Messaging"
option is not there. This option is definitely available in previous
releases of Domino Web Access 6.5x.
|
Content |
This is working as designed
starting in Domino Web Access (DWA) release 6.5.3. An enhancement
request was made in DWA 6.5.1 to hide this "Enable Instant Messaging"
option in the user preferences if the DWA server is not configured for
Instant Messaging.
This request was addressed in DWA 6.5.3.
Excerpt from the Lotus Notes and Domino Release 6.5.3 MR fix list (available at http://www.ibm.com/developerworks/lotus/): Instant Messaging
|
-
for this posting
On Friday, February 11th, 2005 by Chris Miller
Testing the Premier Conferencing Adapter for Sametime 6.5.1
- The download includes an updated template for the Sametime Meeting Center (I always presumed this database name won't change since it is hard to type Lotus Web Conferencing Meeting Center onto a desktop icon). This new template has some changes for the adapter, but of course will wipe out any customizations you might have made to your own template. So, as always, back it up first before the install.
- Next is a catch with the Sametime Meeting Room Client (MRC651). This downloadable piece that gets installed when you participate in meetings (remember the nice grey screen as you wait for a server, that is this downloading). Well if the user does not have permission to install or this gets blocked then the meeting won't work either.
Now if you play with this new feature and don't like it or want to turn it off there are two simple steps you must perform. Yeah simple, right.
1. Open the stconfig.nsf database and edit the MeetingServices document. Set the Audio Bridge Services field value to "false."
2. Run the "regedit" command and change the following registry setting to "0":
HKLM\SOFTWARE\Lotus\Sametime\MeetingServer\ServiceAudioBridgeServer\Enabled
So we are playing with this new piece and will let you know as the test goes on.
-
for this posting
On Monday, February 7th, 2005 by Chris Miller
Mail rules was brought up at Lotusphere more than once, so a quick bit of info
You may observe that a deleted mail rule continues to function, even though it no longer appears in the Rules folder. You may also observe that an enabled mail rule does not run.
So they go on to provide two scenarios where this might occur. If you actually delete the rule, it might still be hidden. They show steps to see the hidden rules that I wanted to pass on.
Look at the Calendar Profile using NotesPeek or LotusScript and you will still see the corresponding $FilterFormula_x field present.
Now there is a ton of resolution scenarios that are listed in the technote (#1088058) but this was the most important thing to pass on right away.
This occurs when a rule was deleted while it was still enabled. This causes the rule entry in the Calendar Profile to not be removed. In order to avoid this issue in the future you should be sure to always disable a mail rule prior to deleting it. Ways to workaround this issue (and remove the rule entry from the Calendar Profile) are listed further below.
So make sure you disable the rule before removing it. Seems to make a world of difference until this get sorted out in a future release.
-
for this posting
On Friday, February 4th, 2005 by Chris Miller
DNS, CNAME and proper due diligence
ACT 1
Place: Data Center with smiling sales rep and customer
Customer has a server for some time and adds a domain for web and mail as they merge with another company. Following easy DNS we make a new DNS zone and create MX and A records for the new domain. Wow, the world of the web and email is great
ACT 2
Place: Data Center and Customer Site (flip back and forth) with smiling people
Customer goes for years with awesome performance and no issues
ACT 3
Place: Customer site and Data Center with people running around and banging on keyboards
Customer fails to renew one of their original domains. This domain was used in the reference for the CNAME and MX records for the merger. Suddenly mail and the website cannot be found and no apparent reason. After much troubleshooting we tracked it backwards and made the appropriate changes to get it back in line.
ACT 4
Place: Cubical with people with missing hair in patches
Closing scene with customer. Phone conference explaining to them that they let one of their original domains expire. This in turn broke the other domains that referred to it through CNAME and MX.
Writer summary: For gosh sakes check your DNS tables and make sure you are current on domain registrations
-
for this posting
On Thursday, February 3rd, 2005 by Chris Miller
Of course I went and played with MSN Spaces for testing
Creating the blog was just as easy as any other site. Log in with your Passport of choice and choose a URL (of course my title was "IdoNotes more than Exchange". Not bad. You can then fly right into the blog itself or choose a color/theme for the blog. No big deal, reminds me greatly of Quickplace to be honest. Little snippets of the corner and color/theme and a checkbox you select before clicking Save.
Inside the blog the first thing I noticed was the 'admin' homepage. It showed recent comments and even trackbacks. I liked that. What did catch my eye was the link on the left to add music lists. Some of you know I am a music fiend. The little hook they put in was it would read your playlists from Windows Media Player.
The do allow HTML as any web blog should do, but it is mentioned that some HTML may be removed for formatting and security. I find this to be along the lines of they won't let you run any funny little scripts. You can make book lists, blog lists or custom lists that get placed along the sides. There are some pre-built categories for sorting the blog entries you make and you can provide your own as you go.
-
for this posting
On Monday, January 17th, 2005 by Chris Miller
I had mentioned this notes.ini change once before for the Sametime server
Problem |
In a Domino Web Access 6.5.2
mail file accessed via the browser, adding a name to the Buddy List from
the Domino Directory does not work unless the hierarchical name is changed
to a common name in exactly the correct case.
For example, if you attempt to add John Doe/ACME, you will not be able to in 6.5.2, although doing the same thing in versions 6.5.1 or 6.5.3 you will be able to add the name. If the name is entered in 6.5.2 as John
Doe, assuming John Doe is the correct case, the name will successfully
be added. However, entering John doe or john Doe or john doe or JOHN
DOE, etc. will not work.
|
Content |
This issue appears to be isolated
just to version 6.5.2.
As a workaround for the 6.5.2 Domino Web Access server, add the following parameter to the 6.5.2 Domino DWA server's Notes.ini file: iNotes_WA_SametimeJavaConnect=1 This setting will use the Sametime Connect for browsers user interface, rather than the Domino Web Access chat user interface. |
-
for this posting
On Tuesday, December 28th, 2004 by Chris Miller
Small bug I was reminded of in 7.0 that is in 6.5.x
I run beta 2 of 7.0 and he runs a 6.5.x version. Now opening the same database from the Notes client works just wonderfully, but not from admin. Go figure. Just a little tip.
-
for this posting
On Monday, December 27th, 2004 by Chris Miller
You know how I love Trillian, some 3.0 release news
Cerulean Studios has added support for Apple's Rendezvous protocol to its popular Trillian instant messaging application.
With Rendezvous support, Trillian now will offer serverless IM capabilities for users on the same LAN.
While all this is only available in the Pro version, they added another feature or two to entice you.
In the new Trillian 3.0, the Rendezvous plug-in allows employees on the same LAN to automatically discover each other for messaging, file transfers and videoconferencing.
Paid users also get access to plug-ins for connection to Jabber and Novell GroupWise Messenger, and video-chat support with enhanced logging capabilities.
Trillian 3.0 also adds several bells and whistles, including an "Instant Lookup" tool that integrates with the Wikipedia online encyclopedia to offer real-time information based on text conversations
With the Sametime plug-in that IBM Alphaworks currently has out, let's just figure out the licensing issues.
-
for this posting
On Tuesday, December 21st, 2004 by Chris Miller
For those playing with the SIP gateway on Sametime
Of course, adding the group straight from their directory would be nice, but what would happen if you both had groups with the same name? So I do get why they did it that way. Mainly in the first implementation.
Problem |
You use the Sametime Session
Initiation Protocol (SIP) Gateway to chat with users in the external Sametime
community and would like to add groups of SIP users to your buddy list
instead of adding them one at a time. Is this possible?
|
Content |
Currently, you can only add
one external SIP user at a time to the Sametime Connect client buddy list.
An enhancement request to add a group of SIP users at one time to the buddy list has been submitted to Quality Engineering. |
-
for this posting
On Monday, December 20th, 2004 by Chris Miller
Mail journaling and duplicate emails
Problem |
You have configured Domino Mail Journaling for your system and have configured the appropriate mail rules. Mail Journaling is working as desired; however, occasionally a message is duplicated in the mail journaling database. Why is this happening? |
Content |
There are two scenarios in which
duplicate journal entries can occur: 1. A message is composed with at least one internal Domino recipient and at least one external SMTP recipient. The message is duplicated as long as there is at least one internal and one external mail recipient. 2. When all recipients are internal Domino users, they have different values for their preference for incoming messages in their Person Document in the Domino Directory (names.nsf). For example, User1 has "Prefers MIME" option selected and User2 has "Prefers Notes Rich Text" option selected. When a message is sent to User1 and User2, the message is duplicated in the mail journaling database. As a workaround, try the following: 1. Verify that the sender's "Format for messages addressed to internet addresses" on the Location document and set this value to the same value as the internal user's preference for incoming mail. For example, both are set to "Prefers Notes Rich Text" or "Prefers MIME". 2. Set the mail format preference in the Person document the same value (either "Prefers Notes Rich Text" or "Prefers MIME" for all internal users. Both scenarios have been reported to Quality Engineering team; however, there are no plans to address these issues in the R6 codestream. |
-
for this posting
On Thursday, December 9th, 2004 by Chris Miller
Forcing DWA users to use the Java Connect for Sametime
iNotes_WA_SametimeJavaConnect=1
-
for this posting
On Thursday, November 18th, 2004 by Chris Miller
Don’t look at that pane, the window is broken
Problem |
When you are working in your
mailfile, Notes crashes. It does not happen every time, but you notice
it happens more often when you have a preview pane open.
Your Notes client crashes in the following situations only when the preview pane is open:
|
Content |
This issue was reported to Quality engineering and is under investigation. You can work around this issue by keeping the preview pane closed. The preview pane can be disabled by clicking the word "Preview" on its title bar or on the down arrow next to it. |
-
for this posting
On Thursday, November 18th, 2004 by Chris Miller
ILWWCM installation completed and my thoughts
After a brief walk, much "shoot the monster' on the PS2, my head was clearer and I could get back to working with the configuration files. I don't much like the effort of having to go into text editor for .properties and .cfg files to place absolute paths. There was even a large environment variable that had to be manually entered into the Windows system. That to me just seems wrong that the install package doesn't account for that yet. Troubleshooting a typographic error there could take some time. Troubleshooting ones in the text editor is much simpler.
So, getting back to the story. You have to place the path where you place ILWWCM files, the node information for Websphere in some places, the host name (for gosh sakes) and definitely the port information over and over. I would think it should come with the host name (pulled from what you type in during install) and append the port. Then there could be specific instructions on how to modify it outside of the standard if you so desire. I did a lot of Find-Replace commands with Wordpad as I went through the instructions.
There are also lines that you comment and uncomment with the # sign, but that is not so unusual and did not concern me as much since this is not a GUI type managed configuration.
But once installed, the management screen was consistent throughout the steps I went through on customization. Some of the menu items were not easy to grasp at first why you only saw certain documents, but flipping around I could find what I wanted.
More later, phone........
-
for this posting
On Monday, November 8th, 2004 by Chris Miller
IBM Lotus Workplace Web Content Manager 2 install
-
for this posting
On Thursday, November 4th, 2004 by Chris Miller
iNotes, DOLS and Windows XP SP2
Problem |
Are IBM Lotus Domino Web
Access (iNotes Web Access) and IBM Lotus Domino Off-Line Services (DOLS)
supported under Windows XP with Service Pack 2?
|
Content |
Currently, neither Domino
Web Access nor Domino Off-Line Services are supported when running on a
Windows XP operating system that has Service Pack 2 installed.
Errors may occur when attempting to run DWA or DOLS on XP SP2. Support for DWA and DOLS under Windows XP SP 2 is currently being researched. |
-
for this posting
On Wednesday, November 3rd, 2004 by Chris Miller
Still running a Sametime 3.01 CF1 server with the new integrated clients?
Problem |
After installing a Sametime
3.0 Critical Fix 1 (CF1) server, users that connect to the server with
a Sametime 6.5.1 client see the error message: "Application version
does not match the server version. Please upgrade."
|
Content |
This is an issue with Sametime
3.0 CF1 and has been reported to Quality Engineering.
There are two ways to fix the problem: 1. Disable Critical Fix 1. In order to disable the Sametime 3.0 CF1 set the VP_SECURITY_LEVEL ini parameter in the sametime.ini to 0, as described in technote #1145812Link. 2. Copy the stsecurity.exe file from a Sametime 6.5.1 server and use it to replace the original 3.1 CF1 version, as follows: a. Stop Domino on the 3.1 server. b. Rename stsecurity.exe to stsecurity.old. c. Copy the stsecurity.exe from the 6.5.1 server to the Program directory on the 3.1 server. d. Start Domino. |
-
for this posting
On Friday, October 29th, 2004 by Chris Miller
Should Debug_Outfile be used on a Domino 6.x server?
Dynamic Console Logging
Starting with Domino 6.0, the Domino
server creates a console.log file by default in the "IBM_TECHNICAL_SUPPORT"
folder, which is located in the server's Data directory. The development
of the console.log file, which can be dynamically enabled and disabled
at the server console, makes the use of the parameter debug_outfile
no longer recommended.
For backwards compatibility, when debug_outfile
is present in the notes.ini it takes precedence. However, using the
debug_outfile parameter is no longer the preferred method for capturing
console output.
Console.log is superior to the use of
"debug_outfile" because it can be dynamically enabled and disabled
at the server console, thus eliminating delays capturing crucial data.
Server reboots are no longer required to begin capturing basic console
logging, which is not the case when using the parameter debug_outfile.
Notes:
- There may be a few customers who wish
to continue to use debug_outfile to rename the log file or to relocate
the log file to a different directory via debug_outfile=
\ . - If you just want to relocate the directory these files are saved into, but are happy with the name of console.log, you can use another new parameter logfile_dir. Here are some examples of these parameters at work
notes.ini parameters | show server output |
debug_outfile=mylog.log
| Diagnostic Directory:
C:\Lotus\Domino7\Data\IBM_TECHNICAL_SUPPORT
Console Log File: C:\Lotus\Domino7\Data\IBM_TECHNICAL_SUPPORT\mylog.log |
debug_outfile=C:\temp\mylog.log | Diagnostic Directory: C:\Lotus\Domino7\Data\IBM_TECHNICAL_SUPPORT
Console Log File: C:\temp\mylog.log |
logfile_dir=C:\temp | Diagnostic Directory: C:\temp
Console Log File: C:\temp\console.log |
logfile_dir=C:\temp
debug_outfile=mytemp.log | Diagnostic Directory: C:\temp
Console Log File: C:\temp\mytemp.log |
- If you place a debug_outfile=xxxxxx statement in your notes.ini and start the server, it will internally start writing to the log file, regardless of the value you might have set for CONSOLE_LOG_ENABLED (discussed below). However, the log writing will still respond to stop consolelog to stop writing to the log.
-
for this posting
On Monday, October 25th, 2004 by Chris Miller
A technote to share from one of my sessions
How it Works
- The Chairperson creates a meeting invitation in the Calendar view of his/her mail file and selects the option, "This is an Online Meeting". The fields for the type of Online meeting, the meeting place and attachments appear.
- The Chairperson clicks the address picker for the place and selects the Online Meeting document from the Domino Directory.
- When the Chairperson clicks the 'Save and Send Invitations' action button, the meeting gets mailed to the Resource Reservations database.
- The router on the Resource Reservations database does a lookup on the meeting notice, and once the router finds the field called 'External Address' on the meeting, the meeting gets copied and then forwarded onto the external address. The external address is the name of the Mail-in Database that is in the Domino Directory, usually named Stcs.nsf.
- In addition, the router mails a copy to the Sametime Meeting Center (Stconf.nsf). The router autoprocesses the reservation and sends an accept notice from the Online Resource to the Chair. The meeting is placed in the database for the external address, Stcs.nsf and the Sametime Meeting Center (Stconf.nsf) on the Sametime Server.
- The meeting is tracked by the Notes Calendar Servlet (Stcal) by its meeting identifier, which is the APPTUNID. When the Chair and invitees click the 'Attend Online Meeting' link in their meeting invitation, the browser opens the URL to the Sametime server with the link to the Stcal servlet, processing the meeting APPTUNID.
There you go, the flow of C&S when inviting
a meeting room.
-
for this posting
On Wednesday, October 20th, 2004 by Chris Miller
DCC is getting me Googled, that many need help on it?
I found a technote that linked to a Notes.Net article that can be found about Centrally Managing the Desktop. It was back from Domino 5 days but addresses many of the questions.
The components you can manage are:
Location documents
Connection documents
Bookmarks
Replicas
Account documents
The Mobile Directory
We'll show you how you can:
Move a mail file
Change an Internet address
Use a user setup profile to make location document modifications and add fields of your own design to the User Setup Profile
Add bookmarks and new replica stubs, including one for the mobile directory
Add new Internet server account information
Use multiple User Setup Profiles for users sharing computers
So take a peek at the article and the related articles, and we can close out DCC unless anyone emails me some questions.
-
for this posting
On Tuesday, October 12th, 2004 by Chris Miller
Still have DCC on the brain?
You are using the Instant Messaging (IM) feature in the Lotus Notes 6.5x Client. After changing the "Sametime Server" field in your Person document in the Domino Directory, the Notes Client fails to automatically update the "IBM Lotus Instant Messaging Server:" field in your Location document, despite the Dynamic Client Configuration (DCC) feature being configured correctly and working otherwise.
Well that really sucks you say, what is someone supposed to do if DCC didn't get updated to include this when you upgraded to 6.5x you say?
While the DCC picks up other changes from the Person document and makes the appropriate changes in the user's Location document, the "Sametime Server" field from the Person document is currently not being supported by the DCC.
This issue has been reported to Lotus software Quality Engineering and is currently being investigated.
As a workaround, you can configure a Sametime Server in Desktop Settings and an associated Explicit Policy, and assign it to the user in his/her Person document. When the user accesses the Domino Server, the Location document will be updated according to the Desktop Settings/Policy.
So for those of you slacking on rolling
out policies, there you go! A reason to implement at least one piece.
-
for this posting
On Friday, October 8th, 2004 by Chris Miller
Ed has me on the DCC information highway
What is Dynamic Client Configuration?
Dynamic Client Configuration is the Notes Client process that synchronizes local Notes Client settings with the user profile stored on the Domino Server. In Notes 5.x, DCC is used to sync user setup profiles. In Notes 6.x, DCC works with Domino server Policies to sync desktop profiles as well as setup profiles.
OK, so now we defined what it actually is, how about how it runs locally?
Running DCC:
DCC is actually an executable file named Ndyncfg.exe and it exists in the Notes Program directory. It runs automatically only on the first authentication the user has with the server for that day. During the user's first authentication to the server, the server dynamic profile is compared with the client dyninfo object, which is stored in the Personal Address Book preferences. If there are differences between the dynamic profile and the dyninfo object, DCC runs. Otherwise, DCC will not run. Technically, Ndyncfg.exe can be forced to run by typing "ndyncfg" at a DOS command prompt, but this is not the recommended method of running DCC manually. DCC can be forced to run by clicking on Actions > Remove Address Book Preferences. This clears the dyninfo object on the client, and de-synchronizes the client dyninfo object with the server dynamic profile forcing DCC to run on the client's next authentication with its home server.
Now we see how it kicks off and how to force it. I tried it in some testing and yes, exactly as they say it seems. There was a caveat which we can explore tomorrow.
-
for this posting
On Thursday, October 7th, 2004 by Chris Miller
Playing around with Dynamic Client Configuration (DCC)
Dynamic Client Configuration runs when the user authenticates with the server, and serves to update settings on the desktop from the Person document on the server and any Setup Profiles/Policies that are in place.
This of course has nothing to do with replication. I bring this up since it was asked why DCC was not also being updated when replication took place. DCC only occurs when the user actually authenticates, not replicates since they are already possibly authenticated and active.
This all boils down to that is a great synchronization tool, but policies far outweigh what we are attempting to do.
-
for this posting
On Wednesday, October 6th, 2004 by Chris Miller
Why would you want to run multiple indexer tasks?
The Indexer works from a queue that contains various requests for databases to be indexed. The Indexer reads a request from this queue, removes it from the queue, and performs the indexing functions. Therefore a single Indexer task works on a single database that it pulled from the queue. If a second request comes into the queue, the next indexer then removes the request from the queue and starts working on it. If both of these requests are for the same database, then the two tasks will work on the same database. More than likely, however, the two tasks will work on different databases.
Multiple Update tasks can update different view indexes within the same database at the same time. However, the full text index is one index; therefore multiple Update processes cannot update the same full text index.
NOTE: Having multiple indexers does not mean that performance will improve. Both tasks would be in contention for the same database semaphore.
In essence running more than one can be quite helpful, but not for full-text issues.
-
for this posting
On Friday, October 1st, 2004 by Chris Miller
Want to know when Lotus support ends on a product?
-
for this posting
On Wednesday, September 29th, 2004 by Chris Miller
Using Gmail for more than mail, sure you can (for now)
-
for this posting
On Thursday, September 23rd, 2004 by Chris Miller
Well if you won’t do Sender ID we will patent SPF, take that.
America Online Inc.'s announcement Wednesday that it would abandon its attempts to support Microsoft's Sender ID e-mail authentication standard are a serious setback for the Redmond, Wash., software company.
AOL still will provide Sender ID information for outgoing mail so that its users can communicate with e-mail providers using that system, but that will be the limit of support for the standard. AOL, meanwhile, is moving ahead with its plans to implement the industry-standard Sender Policy Framework.
But shortly after, here comes a news announcement on a new Microsoft patent that, arguably by some, mocks the Sender Policy Framework (SPF) used. Basically the supposed patent-free technology now has patents being applied for.
This time, a Microsoft patent made public Thursday appears to be broad enough to cover not only methods of the authentication algorithms for which Microsoft wants licensing but also the SPF (Sender Policy Framework) method being touted as a patent-free alternative, according to legal experts and participants in the e-mail authentication working group.
-
for this posting
On Monday, September 20th, 2004 by Chris Miller
A way to crash Domino 7 admin client
At the customer site, they have proxy servers and also restrict outbound 1352 traffic. So I could not reach many of the destinations I had in preferences. Well when launching the administrator client, it tried to reach the primary servers for the domains first, then the secondary. Since it couldn't reach any of them, it started trying others. What I started getting was numerous pop-ups stating it couldn't reach ServerX then ServerY and etc throughout the domains. It go to the point they were coming up as fast as I could click OK on the pop-up. Eventually the client just crashed and burned. I took it as a one time anomaly at first, and tried again. Apparently I was in a good mood since the same result. The answer? I removed many of the domains that I didn't use often from the preferences to get past it.
-
for this posting
On Thursday, September 16th, 2004 by Chris Miller
More content ideas for the iPod
TiVo for iPod
Remember Adam Curry? He was one of the original MTV V-Jays,
before leaving the cable net for the inter net. The latest
of his feline nine lives is a nifty way to transmogrify RSS
for the iPod. We've got all the details on "ipodder," which
will help you increase your music collection, and maybe even
TiVo-fy your iPod.
RSS Comes to iPod:
http://eletters.wnn.ziffdavis.com/zd1/cts?d=75-300-1-1-273888-12812-1
-
for this posting
On Wednesday, September 15th, 2004 by Chris Miller
Sametime and large whiteboard files
Netscape at least gives you a nice HTTP error code of 500. Microsoft Exploder only throws a Cannot find server or DNS error out for some reason. But to make it short, here is why when you are running on Domino 6:
Sametime 3.1 and later releases run on a Domino 6 server. Domino 6 introduced two new fields that can affect this:
1. In the Server document > Internet Protocols tab > Domino Web Engine tab > POST Data section > Maximum POST data (in kilobytes) field.
2. In the Server document > Internet
Protocols tab > HTTP tab > HTTP Protocol Limits > Maximum size
of request field.
Change the values of these fields accordingly.
Entering 0 in each of these fields allows unlimited size.
I would never recommend setting the value
to zero, that is just asking for trouble in ways that no one has even dreamed
up in error code land.
-
for this posting
On Monday, August 23rd, 2004 by Chris Miller
Feedback from my last posting on DomainKeys
So let's just follow along on more of my thoughts and let the two postings work together. Chris covers header changes and brings up a point I was getting to on the receiving side posting I was going to do actually. Many of you scan, add fields and make all sorts of changes. My thought here is that to make this work the right way would be an investment on the receiver side to place a SMTP box that does nothing but check DomainKeys before sending the message through. This box would not scan, add fields, or do about anything but verify integrity. This whole thing also assumes that the sender does nothing to the message past the point of the sending server that is listed with DomainKeys.
So Chris summed it up right there. If there is changes made to the message after the sending and before the DomainKey can be verified, there is huge flaws in this plan. While whitelisting is something I have been playing with internally, it has a long way to go since you require management of a private DNS whitelist or, you have to trust a public one, just as you do the blacklist sites. I also pondered one thing, and that has to deal with S/MIME and keeping the encryption and digital signatures separate. I would imagine the content is of course S/MIME and the wrapper of the message is DomainKeys, but what about digital signatures. This is all leading me to a complete rewrite for verification that would cover all three. I could see this draft coming somewhere down the road. A single source solution that would eliminate having to keep track of whitelists, blacklists, keys for individuals and encryption. A buffet of sorts.
I can see abuse of public whitelist servers, of people trying to get themselves listed. How would that occur? Well some sort of verification one would presume right? And even if a domain is whitelisted, who is to say that is where it came from, or what if the sending SMTP host differs from the domain, as many of you companies do now.
OK, I had people coming in the office so I rambled through 14 topics in a short time, sorry about that.
-
for this posting
On Friday, August 20th, 2004 by Chris Miller
Some thoughts on Domain Keys for SMTP
Set up: The domain owner (typically the team running the email systems within a company or service provider) generates a public/private key pair to use for signing all outgoing messages (multiple key pairs are allowed). The public key is published in DNS, and the private key is made available to their DomainKey-enabled outbound email servers.
Signing: When each email is sent by an authorized end-user within the domain, the DomainKey-enabled email system automatically uses the stored private key to generate a digital signature of the message. This signature is then pre-pended as a header to the email, and the email is sent on to the target recipient's mail server.
So if we follow this, you as the faithful email administrator, must create the key structure and get it published in DNS for the receiving servers to work with. If you use a service provider for outbound email services, then there could be a longer delay or even non-support at getting this implemented. I do like the idea of multiple keys for numerous domains. Of course there could be management issues if DNS is not handled properly or no good tools are in place. I cannot see handling this with text files and FTP. A good management console would be a bonus. Then your mail server must be able to go out and check the key for verification. How many of you block servers from making outbound calls? And then each call would need to go to the DNS server for the domain. So making a simple list does not work. You will get referred all over the place as you do now for web address lookups for browsing.
Tomorrow lets talk about the receiving side and put all this together.
-
for this posting
On Wednesday, August 18th, 2004 by Chris Miller
How many of you are ready for DUCS?
I love the part of faxes coming to the inbox. You do need to allot for DID or DTMF routing and numbers, which means acquiring more phone numbers for DID, or making people understand DTMF extensions. I use eFax a lot now for those brief faxes, so I see benefit here. Add a few phone lines to the server on a modem board and then allow people to send outbound also. Makes sense to me since every fax machine in the world is still 14.4 baud and no faster. So buying those 56k modems make no sense. Save the money and buy slower fax modems.
The only other big catch is voicemail doesn't work with encrypted mail, so if you encrypt everything this is not the right thing for you to investigate at the current release level. I know I can sound negative, but I always fall back into administration mode and how this will be architected. Go read the full article I linked above and get more information for yourself. The business reasons are definitely there. The drive and need are there to centralize all this and provide multi-platform access. It is driving the big bus up the hill that slows us down.
-
for this posting
On Tuesday, August 17th, 2004 by Chris Miller
I installed the XP SP2 patch and what won’t work?
Even some games seemed to stop functioning. John Head should have issues with Unreal Tournament versions not working, LOL
-
for this posting
On Monday, August 16th, 2004 by Chris Miller
Microsoft announces enforcement of Sender ID
Microsoft announced (today) that starting October 1st, mail received by Hotmail, MSN, and microsoft.com would be subject to Sender ID validation. Un-authenticated messages will not be rejected, but they will be subject to a higher level of scrutinization than messages which are delivered with proper authentication credentials.
Since the current proposal for Sender ID record format will be compatible with most of the syntax of SPF, you can use the SPF Setup Wizard to help create the right DNS records for your domain.
I would investigate the SPF Setup Wizard to see if your domain servers are ready for this. Mainly if you send a lot of mail to Microsoft directly. I am sure they sent you announcements also, but a lot of businesses use MSN still for some reason.
-
for this posting
On Wednesday, August 11th, 2004 by Chris Miller
Wireless management of Domino?
SolutionPlanet expects to release later this year its Admin-on-Air system, which lets Lotus Notes administrators manage and configure their Notes servers over cell phone or 802.11 links.
With wireless Terminal Services on the PocketPC, that lets me start and stop services already. I would love to see the Java Controller over wireless though. The best of both worlds, operating system and Domino all in one interface.
-
for this posting
On Friday, August 6th, 2004 by Chris Miller
Reverse Proxies, enter the Matrix at your own risk
Product
|
Version
|
Proxies
|
Domino |
6.5.1
|
Websphere Edge, Whale eGap,
Neoteris
|
Domino Web Access |
6.5.1
|
Whale eGap, Websphere Edge
(no Gzip), Neoteris, Tivoli SecureWay, iPlanet Web Proxy
|
Workplace Team Collaboration |
1.1
|
None
|
Workplace Messaging |
1.1
|
Websphere Edge, Tivoli Policy
Director, Netegrity
|
Sametime |
3.1 and 6.5.1
|
Websphere Edge, Whale eGap,
Tivoli Webseal |
-
for this posting
On Wednesday, July 21st, 2004 by Chris Miller
The sound of a MIME and silencing him
Well AdminP cannot read MIME, so it must convert all those documents for AdminP to work on them. Apparently this has been going on even in Domino 5 but Lotus hid those conversational messages from the console and log files. So the MIME got a voice. No fear, you can quiet him back down to hand signals only, with of course a notes.ini variable
converter_log_level=10
-
for this posting
On Tuesday, July 20th, 2004 by Chris Miller
Lost a password? Someone did as they searched my blog for answers
So a recent one came in for lost passwords in Domino R5. If you, as an admin, have not invested the time to implement password recovery in your organization, I would do that as soon as practical. We could have a long winded dispute about id storage, default passwords on id files and recovery. We might actually have it depending on responses and feedback here and email.
But if you are doing things the right way (this is in my eyes and darn it, this is my blog right?) then you are using unique passwords now, storing the id files in a secure encrypted database and have implemented password recovery. If you have ventured into Domino 6 you might have even spent the time to migrate to the CA process.
Password recovery on certifiers are an entirely different matter, I realize that. I am strictly speaking of user id files. As for the Google search, you could attempt to use one of the brute force tools on the Internet that can be downloaded, but invest the time to also stop this from occurring in the future. So do we need to discuss where and how to store id files?
-
for this posting
On Thursday, July 8th, 2004 by Chris Miller
Apparently there is a few people with Trillian hacks out there
-
for this posting
On Sunday, June 27th, 2004 by Chris Miller
Who remembers Shimmer?
-
for this posting
On Tuesday, June 22nd, 2004 by Chris Miller
A Google search I had on iNotes6 and iNotes60 templates
I did manage to find a technote (1158614) that dealt with the issue and provided the simple answer. The iNotes60 template that shipped through 6.0.1 still related the design to the forms5.nsf database. Then in 6.0.2 and the 6.5 releases, they added the forms6.nsf database. Instead of re-pointing the iNotes60 template, which we all know would confuse users, they added the new one and then left it to you to change the template that was applied to user mailfiles.
-
for this posting
On Friday, June 18th, 2004 by Chris Miller
Alan Lepofsky got some answers on auto-save
-
for this posting
On Thursday, June 17th, 2004 by Chris Miller
Solution for last posting
- Mail comes from dtri2.rampellsoft.com (dtri2.rampellsoft.com [69.90.152.225])
- img src="://didtheyreadit.com/index.php/worker?code=c18feef2de6a615adcfc6282e8d60d31" width="1" height="1"
I removed the http part above so it wasn't a hotlink but it shows the clear 1x1 gif image they embed.
So through some work with SpamJam we can block it by looking for that image or just blocking mail from that domain entirely. You could of course use Domino for the domain blocking, but not the content piece. Rampellsoft is of course the company that makes Spector, ViewRemote and TypeRecorderX that is local spyware to watch everything someone does on a PC. So this is not a huge product step in their arsenal.
-
for this posting
On Monday, May 31st, 2004 by Chris Miller
RFID this and maybe a kid too (taking a break from Lotus content today)
Amusement park Legoland in Billund, Denmark, has taken the concept of "lost and found" to a new level. If a child gets lost somewhere between Titania's Palace and Safari Park, a parent quickly can home in on the youngster's location using a cell phone and rented ID worn by the child.
At its opening day in March, the park launched this child-tracking system, which relies on radio frequency identification (RFID) and wireless LAN technology. If a child wearing a wireless-enabled wristband gets lost, parents can send a text message to an application called Kidspotter, which sends a return message stating the name and coordinates of the area of the park where the child is located.
I say low-jack those kids all the time. Nothing better than yelling at them to come home for dinner. They say they were three doors up the street, you know they were six blocks away where they shouldn't have been. Ok, kidding aside, the park idea is brilliant for those parents that want the semi-young group to explore on their own some while being able to have an idea where they are.
I would like to see this used in schools more (as the article covers in the other example) for attendance. The kids already have school id cards they wear or carry at most schools. Why not add some RFID for attendance and purchasing school lunches. They use a proximity reader and a PIN number and they have just bought lunch on their account. I like how the school uses it for attendance but I will let you read that.
-
for this posting
On Tuesday, May 25th, 2004 by Chris Miller
so Google goofed on the Gmail accidentally
Several users of the search engine's Gmail Web-based e-mail service noticed Tuesday that their storage limits had quietly been raised to 1 million megabytes, or 1 terabyte. That's four times the typical capacity of a new high-end PC's hard drive.
I wonder what would have happened if you found time to fill more than 1GB when they made the mistake. Would they delete your data or send nasty letters like a good Notes admin would to someone over their quota?
Yahoo has responded to this Gmail move by upping their space to 100MB over the current below 10MB that they offer. Who says friendly competition is dead?
-
for this posting
On Wednesday, May 19th, 2004 by Chris Miller
E-Pro: Internet Messaging Do’s and Don’ts
DO’S
- Enforce anti-relay policies and test your settings. Domino 6 now sets a default in the configuration documents to stop some basic relaying on your server, but if you migrated from a previous version of Domino, your previous settings are maintained.
- To learn how to quickly test your settings, see my previous e-Pro Magazine article on Troubleshooting Internet Messaging in Domino at e-ProMag.com, article ID 1999.
- Authenticate all users for relay privileges. You can choose not to authenticate local domain users, but if someone is forging an address then you’re defeating the purpose of this ability introduced in Domino 6 (you could do this previously but only if you locked the whole SMTP server down) The ability to modify these setting can be found in the Configuration document under the Router/SMTP – Restrictions and Controls – SMTP Inbound Controls – Inbound Relay Enforcement.
- Use blacklists to reduce that spam. Now that Domino 6 natively supports blacklists by adding them into the Server Configuration document’s DNS Blacklists Filter section, take advantage of the numerous free blacklist services that can be found!
- Understand whitelists and their purpose for mail management. Whitelists allow the administrator (or user, on local spam products) to allow certain messages to be allowed through your spam filters based on sender or domain If an address is on both a whitelist and a blacklist, the whitelist will win, causing the message to be delivered. Whitelisting is not available natively in Domino, but there are third-party tools available.
- Investigate purchasing a third-party spam filtering tool when Domino SMTP/Router and blacklists rules are not enough to reduce spam in your environment.
- Create SMTP/Router rules in the Server Configuration document for better enterprise mail management . You can deny, sort, and route mail based on server-side rules of subject, sender, importance, and even recipient count! There are many others, investigate these options! Remember server based rules effect everyone, not similar to mailfile rules users maintain on their own.
- Change the setting in the Server Configuration document to not allow mail for local domain recipients not found in the Domino Directory (Domino 6 only). Enabling this setting reduces the amount of dictionary-attack spam clogging your mail.box on the server by not accepting mail that is destined for unknown names.
- Try to use named groups or wildcard Server Configuration documents to control multiple servers at one time. This gives you consistent control over numerous servers to ease administration and to make sure each server responds the same for troubleshooting. Keep in mind there may be instances when a server will need specific configurations based on user needs, such as a server that needs specific domains or users to be blocked while still aloowing other servers to receive the same mail.
- Increase the number of mail.box databases on your system if you currently have only the default one (1). This allows faster processing of mail and increases performance (up to a certain point). Busy SMTP servers benefit greatly from an additional mail.box. It can consume resources if you allow the server to have too many. Best practices for the number of mail.box databases relies on server usage and mail load. Remember, too many mail.box databases can have adverse effects!
- Enable a maximum message size for mail messages. A mistake many enterprises make is not establishing a balance between business need and convenience. Is it convenient to accept 100MB messages via email? Of course it is! But does your business need large graphic packages or CAD drawings? If not, you need to evaluate a business need for a size limit. A majority of enterprises we deal with are very comfortable in the 15-20MB limit. This also saves disk space and prevents someone from sending a large attachment to multiple users, possibly bringing your system to a halt.
DON’Ts
- Leave the default Configuration document settings that are created for each server. By default a new Configuration document does have an anti-relay setting, as I mention above, but everything else is left to the administrator to configure. There are great performance enhancements that can be found by understanding all the variables I am not able to fit here. I would suggest following the administration guide for a full description of each field and section.
- Simply enable the setting to check for connecting host names in DNS. Not all companies have correctly configured DNS, or their ISP does not allow reverse DNS entries for them. This will have your system denying their mail to you. While this is a very powerful feature at reducing spam, it immediately becomes noticeable that you will reject legitimate email.
- You can also very senders domain in DNS instead of the connecting host. By not checking the host in DNS (to protect false positives for ones that don’t allow reverse DNS), but instead checking the actual sender’s domain name, you can trim down unwanted emails that way also. A legitimate sender should have a DNS entry correct?
- Try to micro-manage who can and cannot receive Internet email. Maintaining that listing is a manual process that most administrators do not have time for. I have only seen a couple companies that had reasons to only allow mail to certain people or addresses.
-
for this posting
On Sunday, May 2nd, 2004 by Chris Miller
Running 2.1.3 of Dominoblog now after upgrading
-
for this posting
On Saturday, April 24th, 2004 by Chris Miller
Make the chicken dance, and well, other things not so nice
No matter what you type, the chicken will attempt to do it for you. Hop on one leg, lay down, stand on one leg, watch TV, etc. Try typing do the hustle. Obscene suggestions are rewarded by the chicken coming close to the camera and making a no-no sign with his, er, fingers.
It just so happens that the developers were ready for you. You can read more here and even see the darn main-in-chicken suit here. Apparently they had 1 million hits in a day before the site even went public through announcements.
-
for this posting
On Thursday, April 15th, 2004 by Chris Miller
There is a IF1 for 6.5.1 coming
Problem |
What are the known Lotus Team Workplace (QuickPlace) 6.5.1 and Lotus Instant Messaging and Web Conferencing (Sametime) 6.5.1 issues addressed by the Domino 6.5.1 Interim Fix Pack 1? |
I would look for this to be out very quickly as people upgrade to the new
versions. I would check this one out to see if you are having these
issues already. Luckily we have not, be now we know to beware.
-
for this posting
On Thursday, March 25th, 2004 by Chris Miller
Item #1 for the day
So off we go! RSS works once again!! Sorry you couldn't get all the missing posts from the 8th to the 21st. It won;t seem to kick those off, maybe resaving them might help.
-
for this posting
On Monday, March 22nd, 2004 by Chris Miller
Quick course in extId and LDAP with Workplace
*******************
Lotus Workplace requires an immutable ID in the LDAP directory to map Lotus Workplace member entries to LDAP person records. When a user first logs in, an id is assigned to the user. This id is used to retrieve user-specific information, such as the contact list, and is also used internally for Team Space and Web Conference Access Control. This id is used by Lotus Workplace as an internal representation of a user.
Now to take some info straight from a technote:
If the LDAP directory that you are using with Lotus Workplace already has an attribute whose value is unique, static, and never reused, you simply map that attribute to the extId attribute in Lotus Workplace. Most directory servers supported by Lotus Workplace products 1.1 have such an attribute, with the exception of Domino and IBM Directory Server 4.1. However, the default Websphere Member Manager settings for Lotus Workplace must be modified manually during installation in order to use this attribute for theLotus Domino, Novell, Sun, and Microsoft Active Directory. If you do not make these changes, some Workplace features will not operate properly, and you may see any or all of the following problems:
- Errors when creating Team spaces or Web conferences
- Inability to add members to a Team space or Web conference with restricted access
- Inability to add contacts to the My Contacts lists
- Loss of access to Lotus Workplace data when a user's name changes
If your directory server does not contain a suitable extId attribute, Lotus Workplace can be configured to generate one. This typically requires you to modify your LDAP schema.
So what you see is that there must be: this field in either your existing LDAP schema; you must generate it on the fly; and you might manually configure Workplace to work with certain types of directories. I see this process possibly getting easier in 2.0 or even sooner, but for now this step must be done.
This also has another feature, that when name changes are performed in things like Workplace Messaging, the system can do it 'lazy' in the background since the extId never changes!!!
-
for this posting
On Friday, March 12th, 2004 by Chris Miller
oops, I see your BCC, please cover that up
********************************************
SPR Number | SPR Status | SPR Fixed Release |
NTER5T2C7B | Resolved/Fixed | Lotus Workplace Messaging 1.1a |
Problem |
In IBM Lotus Workplace Messaging
1.1, you send a message with the To, CC, and BCC fields populated. You
go to the Sent folder and open the message, and then forward it. You
find, however, that the BCC recipient's name is displayed.
|
Content |
This issue was reported to Lotus
software Quality Engineering and has been addressed in Workplace Messaging
1.1a.
Workaround: Manually remove the BCC recipient's name before forwarding the message. |
-
for this posting
On Monday, March 1st, 2004 by Chris Miller
Well I fully tested the FullAdmin notes.ini setting from yesterday
- I tested on a Domino 6.5.1 server on a blank database that I quickly created. I removed myself entirely from the ACL, tried to get in and verified I was denied. I then used the admin client and enabled Full Access Administration (from yesterdays posting) and I was able to manage and get into the database. I then turned off Full Access Administration again and moved to the next step.
- I logged into a remote live console and tried to use a Set Config command and it generated an error right away
> set config SECURE_DISABLE_FULLADMIN=1
This system variable cannot be set via the server console. You must edit NOTES.INI to set this variable.
- So that was cool that you can't enable or disable it that way. Next step was to do it through a web browser and use the Edit the notes.ini feature.
02/20/2004 08:41:17 PM Agent message: 02/20/2004 08:41:17 PM Webadmin: Chris Miller remotely viewed file ':\Lotus\Domino\notes.ini'
02/20/2004 08:41:34 PM Agent message: 02/20/2004 08:41:34 PM Webadmin: Chris Miller remotely edited file ':\Lotus\Domino\notes.ini'
02/20/2004 08:41:34 PM Agent message: 02/20/2004 08:41:34 PM Webadmin: Chris Miller remotely viewed file ':\Lotus\Domino\notes.ini'
- This of course works well, so then I restarted the server. My concern was that you could come back and edit the notes.ini file again through the browser and change it back.
- But no such luck!! When you come back into webadmin.nsf the options to editthe notes.ini from the webadmin.nsf database are gone. The only way to reset it is physical access to the machine to set the variable to '0' or remove that line entirely.
So very cool on the security and access front. I had meant to fully test it even though I have implemented and used it per the documentation. But now I feel great about using it and controlling it. They have some guidelines and suggestions in the technote I referenced yesterday about account naming for use of this function. I don't agree with all of those, but they are there at least.
-
for this posting
On Tuesday, February 24th, 2004 by Chris Miller
Disabling Full Access Administrator Rights
Let's visit technote #7003449
What Rights Do Full Access Administrators Have?
This is the highest level of administrative access to the server. Administrators who have full administrator access to the server have the following rights:
- All the rights granted to "Administrators", plus
- Manager access, with all roles and access privileges enabled, to all databases on the server, regardless of the database ACL settings
- Manager access, with all roles and access privileges enabled, to the Web Administrator database (WEBADMIN.NSF)
- Access to all documents within databases on the server, regardless of reader name field controls
- Unrestricted agent rights
- Overrides "Enforce a consistent ACL across all replicas" setting
- Supersedes directory link ACLs and .ACL files
Note: Full Access Admin does not allow access to read encrypted fields. In the case of mail encryption (and other documents encrypted using public keys), the specified user's private key is required to decrypt. In the case of document encryption using secret keys, the secret key is required to decrypt.
Disabling the feature via the Notes.ini
Customers can disable this feature by
setting SECURE_DISABLE_FULLADMIN=1 in Notes.ini. When this value
is set, the server will ignore any values in the Full Admin Access field
in the server document. This parameter cannot be reset via a remote
or local console or via the server configuration document. It can
only be reset by editing the server's notes.ini file. It is constructed
so that a site that wishes to disable this feature in a way that it cannot
be reenabled without direct access to the server's file system can do so.
So I am unsure if one should create a separate
id file as suggested in that technote or attempt to know when to use the
toggle yourself.
-
for this posting
On Monday, February 23rd, 2004 by Chris Miller
Does the integrated buddy list get away from you in the client interface?
Problem |
When moving the Notes instant messaging contact list off to the side, a user can inadvertently drag the contact list entirely off the screen. If no part of the contact list remains visible, the user has nothing to click on to drag the contact list back into view. How can the user recover the contact list? |
Solution |
The position of the Notes
instant messaging contact list is recorded in the Notes.ini file.
You can recover the contact list by manually changing the coordinates for
the contact list to a set that corresponds to the visible area of the screen.
To recover the contact list, do the following: 1. Close Notes. 2. Open the Notes.ini file in a text editor. 3. Scroll down to the line that begins: BuddyListPos= 4. Replace the coordinates so that they correspond to the visible area of your screen. For example: BuddyListPos=678 186 311 558
|
-
for this posting
On Friday, February 20th, 2004 by Chris Miller
Multi Server Sign-On (MSSO) and a bag of chips
- A simplified installer (Installshield or the like for Windows) on the Sametime cd#2 under toolkits that places the necessary files on the Sametime server and again that gets run for the QuickPlace server. Yes there is only a few files that must be moved around, but the directories don't even exist and it is just too much manual work.
- Adjust the stlinks.js and offline.gif files in the 6.5.1 release so you don't have to move them around manually for awareness to be correct in Domino Web Access.
- Set the choice for awareness for Domino Web Access to use tokens or LTPA as part of one of the installation advanced choices
- Remove the documentation conflicts for Sametime/QuickPlace integration that exist between technotes and steps to get the functionality working against a single LDAP directory. (for example one says never use the Sametime or QuickPlace server as the LDAP source while another says 'using the Sametime server for LDAP'. This confuses things later and leads to the next one.
- Make it easy to move between primary LDAP directories on the Sametime server. Moving from Domino Directory to LDAP was covered and documented, but not LDAP to LDAP as that becomes the required and directory of choice both for these.
Ok, I have one more issue that I will cover tomorrow around the new CA process.
-
for this posting
On Thursday, February 19th, 2004 by Chris Miller
Is it legal for your AIM client to spam your buddies?
The program, which appeared yesterday, spreads by appearing to be a recommendation from an AIM user that encourages contacts to visit a Web page to download a video game....On visiting the site, users are prompted with an Internet Explorer security warning asking them if they wish to install and run the program "News Player Applet."
Now here is the catch, buried in the EULA they add a little something extra.
However, buried in the software's accompanying End User License Agreement (EULA) is a statement that AIM users who download it explicitly give their permission to send marketing messages to their Buddy List contacts. In this way, the program can spread itself by sending links to the Web page -- while seeming to come from a known contact.......
The program's EULA indicates that it was designed by Cambridge, Mass.-based PSD Tools LLC. The Terms read, in part, that "...the Software will interoperate with your current instant messaging client so as to permit the automatic sending of advertising messages originating from your Computer to your contact or 'buddy' list regarding Content offered by PSD Tools or its suppliers."
Does anyone think that this is a bit fishy in the way they are using the hidden program in the EULA to update itself to send advertising to your buddy list, from you!! After reading more information on it, it seems that it can update itself and send even more from your id. You can get the full article on this, and information on how to find and uninstall it.
-
for this posting
On Saturday, February 14th, 2004 by Chris Miller
Sametime and joining a Sametime Community (Dave found this gem for our client)
I. How a Sametime server joins a Sametime community
A Sametime server comes online and checks its Domino Directory (names.nsf) for other Sametime servers. Based on the IP addresses and the last Octet of the IP addresses, the Sametime server decides which server should contact which server. If a server IP's last Octet is less than the server that just came online, then the first server online will initiate the connection to that server. If a server's last Octet is greater than the last octet of the first server online, the first server online waits to be contacted by that server.
Without this algorithm in place, you would either have servers with multiple connections to and from each other or you would have servers that do not connect at all.
Note All Sametime servers must connect directly to all other servers in the community. The connections cannot be daisy-chained. This process is the most efficient way to determine who needs to contact who in this full mesh.
The following formula can be used to determine how many connections are required in your Sametime environment:
(N * N-1)/ 2
Example:
(10 * (10 - 1)) / 2
(10 * 9) / 2
90 / 2
45
This takes care of creating a mesh of all the servers and makes a server a primary. Which then in theory doesn't let all the servers acting like bosses. Everyone knows you don't need a room of bosses and no one to actually to do the work.
-
for this posting
On Thursday, February 12th, 2004 by Chris Miller
Well here is tech info around the reason I am in Buffalo
The Mail Convert tool, used in post-migration processing, has been extended to provide the capability to convert Microsoft Exchange addresses to valid Domino addresses. This ensures that addresses in messages for those users who have migrated mail files from an Exchange server are converted to the correct Notes format.
For the Address conversion process to work correctly, the cache for Name and Address Book (NAB) entries on the Domino Server must be current.
While meeting reminders are not migrated by the tool, everything else seems to be moving right along. There is one step you need to take in dealing with unprocessed meetings and it is listed in the 6.5.1 Release Notes I found.
In Outlook. unprocessed
meetings (i.e., meeting invitations or reschedules that have not been responded
to in Outlook) may appear on the user's calendar, but Notes does not allow
for this behavior. Unprocessed calendar entries migrated from Exchange
to Domino will not be migrated to the user's Notes mailfile, and will not
appear in the Notes Calendar or Meetings view.
-
for this posting
On Wednesday, February 11th, 2004 by Chris Miller
Chris Toohey (Dominoguru) and I tested something last night... (updated 2:30pm)
original:
I happened to be on-line when I got a ping from Chris about SMTP and groups containing only Internet addresses. He was testing on Domino 5 I believe and wondered if I had seen it before. We even set the test on a Domino 6.5 server to the same result....thanks for playing. Now you ask, what the heck was the test that Chris and Chris did at 11pm at night for gosh sakes??
- We created a group in the main Domino Directory containing 3 Internet addresses only. There is no spaces in the group name
- I set the group to both Mail-only and multipurpose
- We sent an email in and Domino would only deliver to the first address listed
- If we reordered the list, the same result
- semi-colons, hard returns for the list, no matter
- If I mail from inside Domino to just the group name, all three get it.
I have proceeded to test this from different outside sources just for grins to no avail. Searches of KB and the public forum don't show anything that I found and a thorough scrubbing of a configuration document turned up no clues. Hmmmmmmmm
-
for this posting
On Wednesday, February 4th, 2004 by Chris Miller
Currently my favorite 6.5.1 client fix (and another tip)...
So now when minimized, it stays down like any good fighter against Lennox Lewis would do. Then it just blinks and blinks until you are ready to get back in the chat. No more popping up at odd times. Woo hoo!!
Now to take it a step further for those of you note ready for the integration, introducing the new notes.ini variable
IM_DISABLED=
If you choose zero then it will be there as usual, with any other variable it will act as if Sametime is disabled. I saw a few people asking about this in the forum and at Lotusphere that weren't ready to roll out Sametime to the 6.5 client base.
Instant Messaging not shown in Status Bar
When Instant Messaging server is not specified
in Location document, Instant Messaging item doesn't get displayed in the
status bar, regardless of the setting in Status Bar Preferences.
Like that?
-
for this posting
On Tuesday, February 3rd, 2004 by Chris Miller
E-Pro: Storming the Sametime Fortress
Most of the fearless readers of this article have either chosen Lotus Instant Messaging (previously Lotus Sametime) or are heading down the treacherous path of choosing and evaluating an enterprise instant messaging (IM) system. (Note that I am not including the option of Lotus Web Conferencing, as it is not necessarily the focus of this article. It is a complementary piece that contains another list of competitors for that market.) Choosing the right IM package for the business has become choosing your favorite form of business torture. It can either make or break the size office you will be getting very soon and/or determine how far away from the office your parking space is.
With numerous smaller players existing in the enterprise IM market, it was only a matter of time before the large public instant messaging providers entered into the race to gain a foothold and momentum (I prefer calling it catching up since Lotus Instant Messaging holds such a strong lead) into the enterprise instant messaging market. The three major public providers, Yahoo!, AIM (AOL Instant Messaging), and Microsoft have all announced attempts into the corporate market.
Take into account that the end user is familiar with the consumer product interfaces and the volume of IM that travels across the networks using these public providers; they launch a strong case in utilizing their new solutions. But IBM Lotus is the only one of these providers that does not have a public IM branding, giving them the edge and years of head start in enterprise integration. (see Quenching Your IM Thirst with Sametime-Ade in the May 2003 issue of E-Pro Magazine)
According to the September 2003 Osterman Research Semi-Annual IM Tracking Survey, the three providers I list above now show a 9.1% market ownership. Taking this a step further to include: recent announcements by Yahoo! and AIM for agreements with Rueters; the existing Microsoft Exchange IM (which will see some enterprises moving to the new Microsoft Live Communication Server); and the multi-carrier abilities of Jabber; the market penetration moves to an incredible 32.7%. There are other providers listed in the survey that are not included in this percentage. For example, Novell offers an enterprise IM solution that hasn’t quite taken hold in the market.
Michael Osterman, president of Osterman Research, Inc. had the following to say when asked his overview from all the information he gathers in his IM surveys.
“The leading consumer IM providers -- AOL, Microsoft and Yahoo! -- are well positioned to gain substantial market share in the enterprise IM space. Each of these providers' IM systems is already used widely in the enterprise -- our tracking surveys show that each of these products has a presence in at least 50% of enterprises that currently use IM. Microsoft, in particular, may have an advantage in the enterprise space by integrating its new enterprise-grade IM offering with Microsoft Office, thereby expanding IM use beyond simple text chat and into true collaboration. Although Lotus still holds a substantial lead among those enterprises that have already established a corporate IM standard, that market share has been under assault over the past 18 months.”
I compiled a comparison of the capabilities with some general information on each provider, as well as some of the drawbacks. You can go to http://www.e-ProMag.com for a graphical comparison chart for easier observations of the differences. These vendors were chosen based on their current marketshare of the public IM market and competitive capabilities they offer. A brief overview of the product, followed by important features and drawbacks were listed for each one. Microsoft is the newest offering and had the most limited information available at the time this article was written.
YAHOO! Business Messenger
Yahoo! calls their enterprise release “business-class instant messaging bringing the best features of free public IM, with business-class security and administrative control.” This is exactly the type of marketing effort I discussed above. They claim with over 30 million public IM users of their network, they needed to build a business class product.
Features include:
Encryption of traffic through SSL
Centralized management by an administrator
Logging & archiving
Namespace provisioning
Integration to leading portal software and directory providers
Webcam
Macintosh support, web messenger and mobile devices (version 2.0)
Current drawbacks:
Reliance on a hosted model
Lack of full integration with Notes client and presence awareness
No developer API for application integration available
Yahoo! took a strong position by changing the actual product name soon after it was released. To show their desire to capture the small to medium business market, the name changed from Enterprise Messenger to Business Messenger.
The approach taken is that Business Messenger is a hosted environment with two options. The service is either entirely outsourced to Yahoo! or portions may be installed onsite. Having a server onsite allows encrypted file transfers and messages since it would sit behind the company firewall. The architecture relies on J2EE servlets that run and act as connectors from the enterprise IM client to your IT services group. Presence and message routing are handled by Yahoo! in it’s data centers.
Yahoo! also allows authentication from corporate directories for auditing or regulatory compliances. With the ability of Domino to serve LDAP compliant directory services, username integration could be fairly simple. While Domino wasn’t listed as an optional directory on their website, other LDAP servers were.
Policies are possible to provide certain features per user or group. The administrator may restrict all or individual features for security, bandwidth or usage reasons. Lotus Instant Messaging only offers global setting in regards to things like the ability to perform file transfers. No granular policies are available. Auditing and reporting are also done through J2EE servlets. A hidden feature regarding logging is if the logging server goes offline for any reason, the local client buffers the logs until it can move them to permanent storage on the server.
Recently, in late Oct 2003, Yahoo! moved the Business Messenger group to the free consumer sales and marketing division and laid off people from the previous enterprise solutions division. (see http://www.news.com/2102-1032_3-5100685.html for more on this story) This had no reported impact on services or new sales offered. It was stated by Yahoo! to be an organization move only.
Microsoft Office Live Communications Server (LCS) 2003
Microsoft finally brought LCS to production in Oct 2003 after much talk, press and anticipation. The new LCS brings many features along that were nowhere to be found in the Exchange IM product that was offered previously. But overall it turned out to be a letdown in manageability, deployment and features in this first release.
The enforcement of having Windows 2003 servers to support LCS gives other vendors the immediate edge. Most enterprises are not nearly that aggressive in upgrading or deploying that new a server version from Microsoft. You must also deploy the Messenger 5.0 client to perform the basics of IM with LCS.
Features include:
Utilizes the Microsoft Management Console (MMC) for administration
Permissions are managed from the Active Directory from a new LCS tab that is placed on the property pages
Archiving for all IM traffic (requires SQL server)
Kerberos and NTLM authentication – except there is a new documented issue with current passwords having to be at least 14 characters long
TLS encryption of IM traffic
Integration into Microsoft Outlook 2003
Rich text support
Current drawbacks:
Only Microsoft Windows Server 2003 and Windows 2000 or later client operating system required
Servers must be members of the Windows domain
Third party management tools must be purchased to fill gaps in the core product
Even with SIP and SIMPLE support, you could only use the Messenger 5.0 client in tests performed by eWeek Magazine.
As enterprises consider moving towards upgrading to Windows Server 2003 and more features are added to the core product, the integration with Microsoft Office and Outlook could make it more attractive. However other drawbacks are immediately recognizable.
The reliance on Active Directory, or LDAP, could be an immediate show stopper for those companies that have not progressed from older Windows domains. Or, have not consolidated all users into an LDAP container with the proper naming, groups and structure to manage and assign policies correctly. Also those companies that are years away from a Windows 2003 migration will find that they cannot run the product.
Jabber Extensible Communications Platform (XCP) 2.7
In September 2003, Jabber released version 2.7 of the XCP messaging platform with some new features and benefits. Jabber and Lotus Instant Messaging are currently the only ones that have a web interface that allows for more flexibility and less need for client deployment. They currently claim over 4 million seats deployed.
You might ask why I chose to include them in this comparison. Well, I wished to have a baseline, growing company that works with numerous public providers through a custom interface. This left quite a few ‘consolidation clients’ that were able to offer this. But Jabber has built their own server architecture, based upon XMPP (Extensible Messaging and Presence Protocol), an open standard for interoperable messaging systems, and linked it into public providers also. I feel that they are a good definition of where the market needs to head to gain even more momentum in turning IM from a commodity into a business critical function. XMPP is expected to be ratified by the Internet Engineering Task Force (IETF) soon as an Internet standard for IM.
In an October 2003 press release from the company, Don Bergal, VP of Business Development for Antepo, talks about how the open standards of XMPP is leveraged by stating, “The XMPP-to-SIMPLE gateway extends XMPP networks to other relevant and leading players in the marketplace. For example, it interoperates with IBM’s Lotus SameTime, the largest enterprise IM installed base.”
Features include:
Sending IM transcripts to other users
Alternate user name display for LDAP fields
Modular installer
Administrative broadcasts
Client-Server version locking: Administrators can lock the server to enforce the use of a specific client or clients, ensuring that all users have a specific client and/or version
Integration of weather, news and sports into the client available
Current drawbacks:
The client is more plain that the other
three public providers, but does offer custom views
No easy administration interface
Native message log analyzing is through
external tool as it is stored in a flat text file
On November 11, 2003, Jabber announced
it has also partnered with Akonix (as was mentioned about AOL previously)
to provide a unified reporting and compliance ability to track communications
internally on Jabber and across the gateway to the public networks. This
move lets enterprises secure, manage and archive all IM traffic to not
only internal employees, but also external partners and customers.
AOL Enterprise Gateway
Launched
in 2002, AOL entered the market with an interesting beast of a product.
Imagine taking all the wonderful features of their public IM and
wrapping security, auditing/ reporting and directory integration into it.
It makes for a strong competitor and attacker of the Lotus IM market.
The gateway itself was developed by Facetime (who offers their own
product, under the name IM Auditor, with similar capabilities). It
secures and monitors communications between users, can intelligently route
traffic and even restrict who can access the public network. An API
allows developers to exploit the IM network into their applications.
AOL
also prides itself on being able to make the claim that the public network
processes 2 billion messages per day. This includes over 2 million
unique users daily. Both of those statistics are further backed by
AOL stating it has not had a full service outage in the company’s six
year history of offering the service, unlike Microsoft.
One
feature that stands out for this gateway service is the intelligent routing
capability. If you choose to let your employees utilize the public
IM network through policies, the gateway is smart enough to realize that
traffic destined for another internal user should remain behind the gateway
and it is not sent to the Internet. This allows for internal communications
to continue if access to the public Internet is lost.
Features include:
Ability to block signing on
User/group policy management
Use audio features
Send and receive buddy lists
Send and receive files
Access the public IM network
Receive alerts
Map external IM names with directory names
Encryption through S/MIME
Support for federated authentication
Rich text client
Current drawbacks:
A portion is still hosted
AOL
has recently been signing agreements with third parties to provide more
functionality and features. Akonix was partnered with to bring advanced
corporate messaging capabilities and compliance features in Oct 2003. It
gives the ability to track IM traffic in real-time based on keywords, phrases
or even time of day. It is a solution for behind the enterprise firewall
that is managed through the Microsoft Management Console (MMC).
A news report from CNET News on Oct 31,
2003 states that AOL is pulling back from selling directly to enterprises
and instead is focusing on partnering with established vendors like Reuters.
Lotus Instant Messaging
With
beginnings years ago, Lotus entered the IM arena with Sametime, before
changing the name to Lotus Instant Messaging in 2002. Lotus has the
foresight before the push to have it in the enterprise existed. It
was offered as an integrated and stand-alone version in the first releases
until Lotus realized the powerful product they had and continued to evolve
collaboration by offering ease of developing solutions that utilized Sametime.
That is where they made such strong inroads in market penetration
mentioned in surveys and articles about it being the current champion.
Carl
Tyler, Chief Technology Officer of Instant Technologies, a 2003 Lotus Beacon
and Apex Readers Choice Award for it’s instant messaging solution, offered
an excellent overview of where he sees Lotus IM in the marketplace.
“IBM
Lotus Instant Messaging is facing a number of new challengers in the Corporate
Instant Messaging market right now with major challenges coming from the
traditional consumer based IM players such as Yahoo and AOL. Yahoo
and AOL obviously have experience in building systems that can scale to
huge numbers, but do they have the experience working with traditional
corporations? AOL and Yahoo are still building a sales force, and
skills to sell to this type of customer, and it’s not something that can
be built overnight. Where IBM Lotus has the biggest lead over the
new competitors is in their toolkits, toolkits for 3rd parties
to develop applications for the enterprise versions of Yahoo and AOL are
slim if not non-existent, as people use Instant Messaging in their day
to day business they realize that integration of presence and awareness
are the components that make Instant Messaging much more powerful and useful
than just chat. IBM Lotus should not sit idly by however, where AOL
and Yahoo do have a huge advantage is the ability to integrate with their
existing consumer base, allowing for easy corporate to consumer communications,
IBM Lotus can make an effort to educate the customer though, these corporate
to consumer conversations are often not encrypted, there is no guarantee
the person you’re chatting with “BillBobLogger37” is actually who you
believe it is. So IBM Lotus must be sure to let corporations know
that there are other solutions that can be used to provide conversations
with consumers via websites etc. using the toolkits that are available
for IBM Lotus Instant Messaging. If IBM Lotus plays this right, AOL
and Yahoo entering the market can help validate their offerings, and show
that much of what is promised for the future is available today.”
Features include:
Encrypted messages
Authentication
File Transfer
Pulling of public groups from the directory
source
Administrative broadcasts
Notes client and database integration
Presence alerts
Current drawbacks:
Lack of a rich text client support found
in the other packages
Connection to AOL does not include namespace
mapping
No ‘out of the box’ auditing and archiving
No ability for user and group policies,
settings are global
The ability to use audio and video relies
on a separate browser window launching and is not available on the integrated
Notes client version
I asked Ed Brill, Manager, Lotus Competitive
Project Office for Lotus Software his final thoughts of where Lotus Instant
Messaging will continue to offer the best advantage to enterprises as the
battle wages on. He responded by saying, “Today, instant messaging
is viewed mainly as a stand-alone tool. In the next few years, though,
as web services becomes a more prevalent model, and the need for instant
communication increases, IM will morph into a component of the overall
collaboration infrastructure. Think back to when e-mail first was
widely adopted by businesses -- it was used primarily for interpersonal
communication. As APIs and standards emerged, e-mail became the core
business communications engine. IM is in for a similar evolution
-- from stand-alone, person-to-person chats -- to becoming an adjunct to
the traditional asynchronous messaging, embedded within business processes
and systems.”
One feature introduced in Domino 6.5 to
slow the intrusion, was the tighter integration of Lotus Instant Messaging
and the Notes client (see Notes/Domino 6.5 Preview in the Sep 2003
issue of E-Pro Magazine). Awareness indicators come standard in the
mail template for Notes and iNotes and can easily be placed into databases
through simple design changes.
The current drawback of the integrated
Lotus Instant Messaging into the Notes client is the lack of functionality
it provides compared to the actual Lotus Instant Messaging fully installed
client. While new features may be introduced in later versions, currently
such items as file transfer, multi-user chat capabilities and presence
alerts are not possible.
However, Domino also has the ability to
serve it’s directory as LDAP so the other providers can take advantage
of this. Lotus also introduced Lotus Workplace features into the
Notes 6.5 client. This allows easy deployment on applet or HTML based
chat from some of the providers to be integrated into the welcome page
of the Notes client, also web applications.
Conclusion
All the major public vendors are working
with everyone, everyone but each other on a regular basis, to stitch together
the tens of millions of IM users.
AIM signed an agreement with Reuters to
share users and add names to buddy lists
IBM Lotus signs a similar arrangement with
Rueters
MSN then follows in the same arrangement
with Rueters
Akonix as a vendor has it’s own agreements
with the public IM providers and now AIM and Jabber.
This is increasing the need and
demand for corporate IM standards. The difficulty arises when certain
departments in your company are finding that their partners, suppliers
and customers are using numerous IM packages. Therefore, no standard
will work for everyone. IM is fast becoming a line item in 2004 budgets
and providers are scrambling to be the ones to capture those funds.
As Lotus builds the barricades to thwart
the attack of IM providers, they continue to deliver an integrated, behind
the firewall solution. Adding to that the vision of automated IM
bots that interact with applications and data stores, componentizing of
IM into the Lotus Workplace strategy and ease of awareness integration
that came in the Domino 6 products, Sametime continues to prove why it
is the leader and “king of the castle” in enterprise IM.
-
for this posting
On Sunday, February 1st, 2004 by Chris Miller
WASTE not want not
The developer of Gnutella (Justin Frankel) took a bold move by releasing WASTE on the Nullsoft website (subsidiary of Time Warner America Online). Well for the short hours it was up there before someone in management had a coronary and removed it form the site, it was of course downloaded. A nice warning was put in it's place that revokes all user licensing to the program.
It soon reached the open source community on SourceForge.net and, of course, it has jumped into Alpha version for Windows. What the heck does it do then Chris? A lovely, non-centralized, small file size (approx 300k), P2P application for IM, group chat, file sharing and directory browsing. So what is the big deal?
Architecturally, WASTE creates a web of distinct nodes linked by peer-to-peer connections; it's not centralized, like the traditional instant messaging networks operated by America Online, Microsoft, and Yahoo!.
As a result, network traffic flows throughout the entire web of nodes -- even circumventing firewalls -- and the loss of one user won't bring down the entire network. The application also can support a form of authenticated auto-discovery of new users -- enabling recent additions to the network to appear in others' contact lists, automatically.
Trust comes into play because a user wishing to gain entry into the network must exchange public keys with a current participant. Depending on users' trust settings, a user that joins the network by linking to an already-collaborating peer is generally available for collaboration with all others, although participants can set their program to require manually authorization of new peers.
In other words, WASTE's lowest level of trust protections mean that someone in a WASTE workgroup must authorize the entry of an outsider. At its highest setting, individual users must decide whether to become visible to each new addition.
WASTE also provides for high-level information security. The system relies on 1,536-bit RSA public keys for session key exchange and authentication. Links between users are encrypted using Blowfish in Propagating Cipher Block Chaining mode. Consequently, text chat and file sharing is secure and encrypted.
The application also provides for clear-text logging of IM conversations.
Hot damn I say. Distributed P2P, trusted source only sharing and freeware. Hmmmmm, what is next on the horizon?
-
for this posting
On Wednesday, January 21st, 2004 by Chris Miller
Interesting push technology implemented at the Navy
U.S. Navy Group Taps Fine Point Alerting Solution
The U.S. Navy's NAVAIR Weapons Division has signed on to use Fine Point Technologies' alerting and file-transfer applications.
The New York-based firm's Direct Messenger and Direct Update applications will be used to manage software repair on the Navy division's internal network. Direct Messenger enables an administrator to send messages straight to users' network-connected computers; Direct Update adds the ability for admins to deliver software to end-users.
Fine Point said that unlike similar applications, Direct Messenger and Direct Update ports remain 'closed' while not downloading new messages and software, which provides a greater level of security.
Desktop and wireless alerting has become a hot area in instant messaging, with a slew of companies ranging from the major IM networks to enterprise/government-focused plays like WiredRed and others seeking to gain traction for their instantaneous alerting platforms.
Now the begging question I have is ................
"Does the push technology still intrude
too much for the user/enterprise to embrace such products?"
-
for this posting
On Monday, January 5th, 2004 by Chris Miller
Sorry all, I was out with the flu but I am back now. Back to Workplace
When a user runs the Lotus Workplace Installer it will check to see if Portal is installed on the system. If it is not, it will install it. If Portal is on the system, the Lotus Workplace installer will set a property called PortalSafeMode=true in the lwpprops.properties file. This property is checked in the configuration code to make sure Lotus Workplace does not corrupt WebSphere Portal databases. Therefore, Workplace will not corrupt an existing WebSphere Portal installation, however, the Lotus Workplace server will not work if it is installed on a server that already has WebSphere Portal server installed.
So we have learned something here. Just because it says it requires a certain version of a certain software doesn't mean to be all proactive and install it by yourself now does it?
-
for this posting
On Monday, December 22nd, 2003 by Chris Miller
following Carl’s posting from a few days ago
Do I think things are still moving in the right direction? Overall yes, but this was a big speedbump followed immediately by a pothole the size of Rhode Island (sorry if I offend that state :-) with that remark, lol).
Read the comments on this posting of Carl Tyler's blog and I will write about my experiences over the next couple posts to keep it fresh in my mind for future installs and also for your reading benefit.
-
for this posting
On Thursday, December 18th, 2003 by Chris Miller
I wondered how they were linking IM in Workplace
To provide that access, IBM partners with FaceTime, which acts as a sort Web services layer for IM, allowing Lotus Workplace to exchange message with AOL, MSN and Yahoo!
Where the words "that access" refer to IM interoperability. So it relies on SIP Simple to get the communication flowing and working between the different IM products out there.
This all became more interesting as I am playing with the 1.1 install the past week.
-
for this posting
On Monday, December 15th, 2003 by Chris Miller
one for Ed’s files
HP Surestore Fast Recovery Solutions for Exchange 2000 XP (FRS) is an application designed to enable fast recovery of damaged Exchange 2000 databases. FRS, integrated with Windows 2000, Exchange 2000 server, and the HP Surestore VA and XP Disk Arrays stages recovery ready copies of the Exchange 2000 databases to be used in the event of database corruption. The FRS tool takes what would otherwise be hours or days of downtime, and enables a recovery-ready copy of the database to be brought online and accessible to customers in minutes. FRS will be valuable to enterprise companies with high availability requirements for their large, centralized Exchange 2000 environments, which are seeking to improve the service level agreements they are able to offer, or anyone who has experienced significant loss due to downtime of their Exchange 2000 databases.
Can anyone say Domino clustering? Here is their snapshot of the architecture with that huge honking array :-)
-
for this posting
On Tuesday, December 2nd, 2003 by Chris Miller
Users forgetting passwords? Try this tool
Radio frequency identification tags aren't just for pallets of goods in supermarkets anymore.
Applied Digital Solutions of Palm Beach, Fla., is hoping that Americans can be persuaded to implant RFID chips under their skin to identify themselves when going to a cash machine or in place of using a credit card. The surgical procedure, which is performed with local anesthetic, embeds a 12-by-2.1mm RFID tag in the flesh of a human arm.
What scares me more is identity theft with this device, not with someone cutting off your hand and using it to go to the ATM and gas station.
Links to more on the story can be found here and here and here (this is actually a discount coupon link from the manufacturer)
After reading more I came across this little tidbit of information about the company
ADS shares have slid from a high of about US$12 in 2000 to 40 cents, and the company is now fighting to stay listed on the Nasdaq. "Our common stock did not regain the minimum bid price requirement and on Oct. 28, 2003, the Nasdaq Stock Market informed us by letter that our securities would be delisted from the SmallCap," ADS said in a Nov. 14 filing with the U.S. Securities and Exchange Commission. The company also warned that its implantable microchips are manufactured solely by Raytheon without a "formal written agreement," and any price increases or supply disruptions would have serious negative consequences.
Yeah I see this idea took off now didn't it?
-
for this posting
On Wednesday, November 26th, 2003 by Chris Miller
Playing with DOLS on Mozilla and Domino 6.5
The Domino 6.5 Win32 server kits have the incorrect DOLS (Domino Off-line Services) filesets for Linux/Mozilla clients. Not much exposure to this kitting problem should occur, as it only applies to non incremental Win32-only server kits, where the administrators are deploying Domino Web Access (DWA) to Linux/Mozilla clients that need offline capabilities.
Now of course don't think that you can just apply this fix, the user still has to uninstall the existing DOLS form the client machine first.
IMPORTANT NOTE:
Any Domino Web Access users that had previously installed their mailfile offline to a Linux/Mozilla client will need to uninstall the DOLS files from the offline machine, and then install again to apply the files from this hotfix.
The following steps are required to uninstall DOLS from the Linux/Mozilla client.
1. Remove the following files from the Mozilla program directory plugins/libnpdolctlm.socomponents/npdolctlm.xpt
2. Remove the following files from the Linux user's home directory inotes/*
3. Remove all the files from the /usr/tmp folder.
So the link for DOLS 6.5 Filesets for Linux Mozilla can be found there.
-
for this posting
On Monday, November 24th, 2003 by Chris Miller
the History Workspace interface on the client
Ahh the fun of finding hidden tips
-
for this posting
On Thursday, November 20th, 2003 by Chris Miller
Workplace Messaging and groups
Lotus Workplace Messaging uses LDAPv3 to look up users and groups. In IBM Lotus Domino, people have an organizational structure (for example, /ACME/US) as part of their name, but groups generally do not. Because Lotus Workplace Messaging relies on this organizational structure for user and group lookup, you will need to give the groups in Domino a name that includes an Organizational structure, for example, "SalesPeople/ACME/US", for Lotus Workplace Messaging to be able to find the groups.
So as you see, either rethink the groups you will be using and make new ones, or get ready to rename a bunch of groups.
-
for this posting
On Monday, November 17th, 2003 by Chris Miller
Lotus did make it easier to modify the iNotes template in 6.5
Domino Web Access 6.5 template customization
Notes/Domino application developers have new customization options with the Domino Web Access template to better suit the needs of their users. Using the Forms6.ntf file, you can create action buttons for the Domino Web Access views or dialog boxes, provide more options for the Domino Web Access Welcome Page, and substitute the Domino Web Access logo with your corporate logo. The Custom_JS_Extensions, Custom_WelcomePage, and Custom_Banner forms are available for modification. In addition, you can modify subforms.
So get to customizing your interfaces with the tools they make available. We have just begun this for a customer we moved to 6.5
-
for this posting
On Thursday, November 13th, 2003 by Chris Miller
Faster wireless or weirder tests?
In a test at a automobile test track north of Tokyo, NEC says it successfully demonstrated in-house developed software that allows for a fast sign-on and hand-over between standard access points. The test involved four 802.11b access points placed at 500-meter intervals. The access points were connected to a router that used NEC's high-speed handover software was installed. A Porsche car traveling at 205 miles per hour sped past the access points while software managed the switch from one access point to the successive one, NEC says.
How many of your users can run past access points at 205 MPH? If they can then give them a raise and a courier job.
-
for this posting
On Monday, November 10th, 2003 by Chris Miller
Trillian fixed the bug and Skype
Yahoo Patch Beta 1 is available for Pro customers; patches for 1.0 and .74 are on the way and will be released once the patch is 100%...
This allows Yahoo to log back in and stop giving bizarre errors on passwords being incorrect. All this comes after Yahoo decided to redo their protocol to stop third party products from logging into their system. So much for that theory. I figured it wouldn't take long to rework the clients.
Today I spent some time working with Skype, the nice VOIP product. I must say I was incredibly impressed with the quality. For now it is free but I can see the revenue model starting to form as they get more and more signed up. There was reportedly 51,000 users on-line. That makes for some nice $$ when they start charging since there is no spyware built into it for now. I talked to a couple of the other bloggers while testing it and found it pretty easy to use with nice big icon buttons. It seemed to find it's way through firewalls and proxies on it's own.
-
for this posting
On Wednesday, October 1st, 2003 by Chris Miller
for those of you that can"t get enough IM
AgileMobile is seeking to gain traction for its mobile IM application, which -- like Cerulean Studios' Trillian and other players' offerings -- enables messaging to and from a number of proprietary IM networks, including AOL Instant Messenger, ICQ, Yahoo! Messenger, and MSN Messenger.
Like a number of the latest-generation mobile IM applications, Thailand-based AgileMobile's Agile Messenger runs in the background on 2.5G/3G phones, surfacing only when a user receives or wishes to send an IM. Currently, it works with Symbian devices, including the Nokia 7650 and 3650, and the Ericsson P800. The firm said it's in the process of developing a Microsoft Smartphone OS version soon.
So basically we move from connected
all over to connected to all over all the time? Yes most of the IM
providers now offer wireless version, but not in one interface. I
use the Jabber interface on my Toshiba PDA, but nothing on my cell.
Of course Microsoft never wants you to work hard to do anything so I present you their new toy. Microsoft, especially, has been pushing hard to "mobilize" MSN Messenger. In addition to supporting sending IM's to wireless phones via Short Messaging Service (a feature shared by its rival networks,) the software titan also has struck a deal with KT Freetel in Korea to develop a phone with a branded MSN Messenger button -- enabling users to launch an IM session easier than with most rivals' menu-driven systems. |
-
for this posting
On Monday, September 22nd, 2003 by Chris Miller
Yahoo! has entered the fray
With that comes the following announcement from Yahoo! at about the same time.
The upgrade, which must be completed by Sept. 24, ensures that users have IM clients that are compatible with changes in the Yahoo! network. For that reason, Yahoo! Messenger users must upgrade their software by the end of September, or risk being kicked off the system. The upgrade requirement pertains to Windows versions earlier than 5.0, Mac earlier than 2.0, and Unix earlier than 1.02.
But Yahoo! said most of its users already
have later versions of its IM clients, and wouldn't be affected by the
required upgrade as a result. Instead, it's likely that unauthorized, third-party
clients -- a number of which use older versions of the Yahoo! protocol
-- could be cut off from the system after the Sept. 24 deadline.
Our friends at Trillian
have already put out a patch for the free and Pro version of their software
for this.
-
for this posting
On Thursday, September 18th, 2003 by Chris Miller
More 6.5 M3 information
-
for this posting
On Thursday, September 11th, 2003 by Chris Miller
small 6.5 Workplace bug on the IM panel
-
for this posting
On Wednesday, September 10th, 2003 by Chris Miller
Proxies and ports
Now I was reading Ed's blog on the closing on port 135, which of course, is the Exchange to Outlook connection port. What a bummer. But to take that a step further, the port blocking is for a virus. What if someone wrote a virus that used the Notes port? (no I am not going to debate if that could happen, just go with me here on the theory side) What would happen to all those remote workers that connect directly to Notes server? The effect could be just as disastrous.
Imagine all the sites not on Domino 5 or 6. Domino 5 for the NRPC over 80 that Ed mentions, but also 6 to push out policy changes for connection records and other changes required. Maybe I am going overboard with the idea, but I see this happening at some point.
Anyone ever use this to configure Notes RPC over a proxy and port? What if the user is at home? What proxy do they use? A local one or something that the enterprise supports? Who manages the proxy for good communications and other attempts? What makes the proxy any better than direct requests?
Oh the mind is working now...
-
for this posting
On Monday, August 25th, 2003 by Chris Miller
Bring on the viruses!!!!
We are running Windows updates and making sure the virus software is up to date across the whole hosted server infrastructure. Everyone has had the pleasure of seeing or reading about the Blaster (scans for port 135) virus or the SoBig (SMTP based) Worms. Now the variant of Blaster runs across ports 666-765 and usually arrives as DLLHOST.exe in reports.
Well in reading up today there are variants that are set to hit tonight and through the weekend. Some reports say a lot of China is already infected. Symantec has upgraded the W32.SoBig.F variant to Category 4 as of yesterday.
-
for this posting
On Friday, August 22nd, 2003 by Chris Miller
Milestone 3 client upgrade and Ed’s blog.
The client upgrades to 6.5 Milestone 3 went quite well. No annoying JS32.dll errors or anything of the sort. Due to time constraints I had to wait until today for the server upgrade. Which gives me a topic for tomorrow of course. I see they took the release notes for Milestone 3 down from the website though. They are truly pushing for September release it seems and I am getting the feeling the general public will not see another beta before gold.
They did fix one thing in the Sametime integration on the client, the buddy list now only shows on-line users instead of anyone. That was quite annoying if you had a huge list. Lotus upgraded the Lotus Web Access Demo with some of the new features (formerly iNotes as we learned to love it as). You can find that here.
I am reading the M3 release notes to see what other tidbits I can toss out with a clear conscious.
-
for this posting
On Thursday, August 21st, 2003 by Chris Miller
Another iNotes 6.5 observation
I am not sure I want my users
seeing the total available disk space when checking their iNotes mail file
size in preferences
Don't we have enough issues with them cramming tons of mail on the server? |
-
for this posting
On Tuesday, August 5th, 2003 by Chris Miller
Notes 6.5 updates..
Here is what I noticed so far:
- When I upgraded the Sametime server to 6.02cf1 and Sametime 3.1 things went haywire on the Notes client integration. It used to log in beautifully. But when I changed the server I lost the bottom toolbar I was able to re-add it though. (The middle part was lost magically)
- Sametime will not log in upon launch like it used to since the Sametime upgrade. It prompts you again for the password and then takes it. Weird I tell you.
- We have a bad issue with crashes when opening documents with embedded images. This has been reported in the forums so we shall see what happens there.
- The admin client hasn't changed much. It seems most of the current work is rolling down the Notes client path for usability enhancements.
- I love this new setting for some of our clients SMTPVerifyAuthenticatedSender=
Otherwise the new blog template I applied seems to be a big hit and I will try out the other one shortly, but I think this is here to stay awhile by general consensus.
-
for this posting
On Thursday, July 24th, 2003 by Chris Miller
LWM update
Oh we are rocking now. Well ok it is just one guitar player screaming loudly but at least the Lotus Workplace Messaging install is coming to a close. I have to do a few things to do now:
- Commend Bryan at IBM for the 3 hours of us haggling back and forth to get it working.
- Beat the install guide writer
- Give a big bodyslam to whoever decided we can't use the Domino 6.02 CF1 codestream for the LDAP server. It must be 5.011 for some weird reason or the global security won't work with it. So we had to uninstall the Domino 6 server and reinstall it and that seemed to fix that kink.
We currently seem to sit at a point where the final change to the httpd.cnf file won't let the IBM HTTP server start. If I remove the lines, it works great. With the required lines, no. So after we tackle that it should be fully functional !!.
-
for this posting
On Tuesday, July 15th, 2003 by Chris Miller
well after reading the feedback..
Ok, another part questioned the inability of make comments. Well I could incorporate comments tags on there pretty easy, I know how to do that, but I wanted to keep the comments in the blog itself for searching at some point through FT indexing. That comment area wouldn't be in the main blog the way it is set up.
Third, the other actual complaint was scrolling. Well....I can limit the amount of IM postings to make it non-scrolling but that isn't as much fun mainly on days full of rants. I am debating that one. For now, either read the current one and don't scroll, or well, the mouse wheel works wonders in that box
I almost forgot. I was asked why I didn't do everything with IM blogging instead. While that is a great idea, it is over my head in coding. Because I still want to use:
- locations
- subjects
- keywords
- categories
On other news, back to LWM (Lotus Workplace Messaging). I am doing a two server install this time and moving along through issues I ran into before. Things are looking up. I did find some documentation issues, but I will address that with that group directly.
-
for this posting
On Friday, July 11th, 2003 by Chris Miller
another cool 6.5 Sametime feature I discovered
Has anyone seen this tool called Plaxo yet? I just received a mail form someone using it asking to update my contact info since they use Outlook. Unfortunately after reading their site Lotus Notes is on the way but not available. An interesting idea to keep contact info in sync. But when you update via the web, who else sees all this contact info that they can enter about you? hmmmmm
I am also playing around with HTML instead of Notes Rich Text for certain things, so bear with me if the font looks funny sometimes.
-
for this posting
On Wednesday, July 2nd, 2003 by Chris Miller
on-line status indicator update
Also, I am implementing Sametime Links into the site. I am using the awesome PDF by Carl Tyler of Instant Technologies. Rob Novak uses the links and it works great. I imagine it will help me, since with the new 6.5 client I mentioned Friday, I am always logged in when the client is running. Which to make it short means I am pretending I am working at that time.
Update, silly me!!! I went to ICQ and they provide their own code and icons. I also found a new host for AOL and MSN, but for some reason the MSN is acting flaky. I will deal with that later though. Thanks to Tony Kelleran (aka DominoDude) for the code I grabbed straight from Yahoo! for their on-line status. Forget these 3rd party hosts that provide presence ability. OK, reverse that theory. I found a 99.9% (reported) uptime service. The actual Yahoo icon was either too large or looked funny scrunched down. So lets try the ones I am using now for a while.
-
for this posting
On Monday, June 30th, 2003 by Chris Miller
6.5 IM integration talk
I also submitted some requests for the Sametime (excuse me IBM Lotus Instant Messaging) capabilities. I would like to show or hide all off-line users. That would help for large buddy lists. Now here is one thing I actually really like!!! When you want to send an instant message you can click the new toolbar icon and here comes the cool part....it brings up a pop-up box that lets you type a partial name of who you want to IM, I love that feature!! I can quickly type a first, last or partial of someone and either get a list of people that match or it automatically jumps into an IM with the only available selection. As an example, type Dave here at our office and you get like 15 billion optional people. Type Fish though and I get one. That was a hint, fishis an alternate in his fullname field, so it reads all the aliases, COOL!!
-
for this posting
On Friday, June 27th, 2003 by Chris Miller
one word - RBOD
Also, yes, they took my LWM machine. So our hero is transported back to level 1. It seems he lost all his extra men and has to hit the reset button. Oh what the hero wouldn't have given for a memory card with the level saved. Anyone got one of those fancy game hint books? hehehehe
Spyware, spyware. Ugh. Just when you think it is safe to go out into the world of the web unarmed, you keep your nose clean clicking 'no' all the time and you stay away from those known sites. But somehow, somewhere, it waits in the bushes ready to strike when you are your most relaxed.
-
for this posting
On Thursday, June 26th, 2003 by Chris Miller
Our hero returns, the saga ensues
AS for LWM, well I went to do the LDAP configuration but now the Domino server seems to think there is a TCPIP Listener error. Now it would be nice if it said what port was in use!!!
more shortly.......
Our hero has been sabotaged, they want the test server back for a customer, OH THE HORROR !!!
-
for this posting
On Tuesday, June 24th, 2003 by Chris Miller
spamJam update and helping a friend
But my users definitely noticed the difference right away and many commented on what happened to the filter that we were running. They are all eager to get it back in place, even after such a short amount of time that it ran. That is good news!!!
Today I was still working with my friend Bob down the Carolina's way at CommScope with a mail routing issue. To make the story short.....they had databases that the users would do a Action-Forward form but the mail never went anywhere. It would show in their Sent Mail view after some digging so we moved on to mail routing logs and saw the mail never get from the mail server, to the next hop (relay server). Some tests and traces and it confirmed that the mail was sticking on the mail server of the users. Well the solution?? The developers had built some fields into the forms they were forwarding around. Guess what the fields contained? Things like "XXX" as spacers and some other random words like "Cost you more". See where this is headed? The spam filter on the mail server was blocking the email because of their own database design and humor :-). I thought that was fitting for today.
-
for this posting
On Monday, June 16th, 2003 by Chris Miller
A break...
So I installed the evaluation of SpamJam the past two days. While the only bug I uncovered was in the installation of multiple users (it had an error that wouldn't let it put one of the forms into the mailfiles) it was otherwise pretty simple. I complied some suggestions that I am forwarding on, but I can say one thing. Their support (email) was excellent and quick, even for an evaluation copy.
UPDATE: I diabled spamJam due to constant crashes over and over since enabling the software, will give more info later. The volume seems to be killing it.
As for links to start discussion topics, here is one and another from the infamous BAS himself. NOTE: BAS in no way agrees with this line of thinking, he was being informational. Who thinks that a person should give up their domain name (via litigation) when they registered the domain name before a word term copyright (read link) was issued??
I say if you bought it before any copyright was issued, and you are not competing with this name by selling competitive products and had no bad faith they can prove by obtaining the link, who can say you give it up? Did that make sense?
-
for this posting
On Friday, June 13th, 2003 by Chris Miller
Who needs that virus software?
Well that hit a managed customer of ours. We have mentioned the need for a multi-server virus software install, but it never quite made it through a final signed Statement of Work. Let that be a lesson :-)
I had an interesting call this morning with Cobra Technologies and Brian Rowe about their bot technology for Sametime. Something we are looking into for a customer.
Lotus Workplace Messaging (LWM) is on table this afternoon to be installed. I am making this my internal test server, so I won't be performing a multi-server install, but instead linking it to an LDAP server from our existing domain so we can play with the directory extension and ability to reach those deskless workers. We don't have any real deskless workers, but the theory and testing is a nice idea.
more after lunch....
-
for this posting
On Friday, June 6th, 2003 by Chris Miller
Answer for yesterday and new issue
Yesterday I mentioned an Adminp issue we were troubleshooting. This one was quite simple in the end. For some reason the user name was not being changed in a TeamRoom after a recertification was done. Well come to find out, all the AdminP settings were left at the default. For some reason this database was waiting until the default Sun at 12:00am to process the request. Basically treating it as a delayed request. So after forcing everything to process in Adminp and checking, all done. Needless to say we have modified their default settings.
The new issue for today brings me to one of the most feared pieces of Domino server tasks. The ICM !!!! (I can hear the screams of horror and many of you running away from the keyboard in droves thinking of the Internet Cluster Manager). Here is the scenario...........
The server was 5.011 and behind a firewall. We moved it to a new firewall and went ahead and upgraded it to 6.01 just for grins. OK, we weren't grinning for long. It stopped working entirely. First was a port conflict warning that never existed before. No configurations were changed at all except the Domino upgrade. So I cheated so far and disabled the actual TCPIP port after Dave F and I banged our heads on the desk forever.
sorry, lunchtime real quick, I will continue on shortly.....
OK, back from lunch, let's continue.
So at the last step we disabled the TCPIP port and restarted the ICMPORT. Wham, I am running an unsupported Domino HTTP stack for the ICM through a wonderful hack. We found doing show port commands that the primary IP address was binding to port 80 before we stopped the port and the secondary IP assigned to the ICM was only seeing 1352 as a bind. So after stopping the TCP port, we were able to pick up 80 on the ICM.
-
for this posting
On Wednesday, June 4th, 2003 by Chris Miller
Back to the grind
- Adminp and a rename of a user. The rename took, the directory was updated, mail names and even most database ACL's. Now I use the word most here loosely. There seems to be one certain type of database that is being stubborn. TeamRoom databases did not change author name fields. Yes the Admin server was set just as all the others were. But now the user cannot edit any of the documents she previously created. We are working on an agent but there is a field somewhere not showing that allows this capability I imagine. NotesPeek here we come I bet.
- Notes encrypted mail over SMTP/MIME. No we are not talking S/MIME here, they want to use Notes public keys to encrypt mail without cross-certifying the servers or domains. Now you admins are saying to yourself, won't MIME just destroy that attempt and give that wonderful error
[Portions of this MIME document are encrypted with a Notes certificate and cannot be read.] |
Well you would be absolutely correct if you guessed the above!! Unfortunately this is not currently an viable answer, LOL
Sorry all for the depressing posting yesterday, heck it even made the comments section quieter. But I appreciate all the IM's and email. I am off to see him later today and we just go from there.
-
for this posting
On Tuesday, June 3rd, 2003 by Chris Miller
One Sametime issue resolved
Apparently the user was running Ad-Aware Plus, which we all know and love. Well I found out Sametime doesn't love it. If you read the page of features, sure enough it stops pop-ups and reads the registry for programs and launchers that might do it.
Enhanced
scanning and blocking
+ Kill popups + Reanalyze scan results using additional heuristics + Block ActiveX and web installations |
Well guess what the JIT Loader does and what little window Sametime tries to start each time you enter a meeting. A pop-up!!!!! Of course there was also something like 60 trojans and hidden spyware on the users machine, but this is the one that was blocking the pop-ups from occurring in all those spyware programs. Those were removed and Ad-Aware uninstalled (it embeds nice and deep in the registry to keep tabs on things) and all is well. Sametime rolls along as if the user was here with us.
One more mental note to add to the long list in the crammed file cabinet of a brain.
-
for this posting
On Wednesday, May 21st, 2003 by Chris Miller
Quickplace 3.01 anyone??
As for the LVC blog I did two days ago I received a comment from Michael Braly wanting more info. Plus I loved his comment about what blogs are helpful for. So I hope he doesn't mind I posted it here. Well heck, it is a public comment so he can't mind now can he? lol
I love this kind of stuff. Please keep us posted on what's eating the disk space and why you can't post large files.
This is the type of information you get from blogs and no where else.
Well to answer him, the LVC was creating horrendous bitmap temp files on the C drive for all the presentations that were being loaded. Each slide is a bitmap. So imagine 1.3 GB of bitmaps and that was growing as they did more sessions. As we got to 4MB free, well the system choked. I had hoped that the server would remove them. Well it does, unfortunately if there is a crash they sit there on the next reboot as we quickly discovered. Also, the system CANNOT, repeating for those not reading me here, CANNOT go down between the time you schedule a session and the time it is to go live. Otherwise, well no session.
Also, you cannot upload large files because the thing plainly just won't work. There is a technote on it also (#1105127). You have to call support for them to tell you to reak the file into smaller ones.
Creating courses with large presentation files
Problem (Instructors): Sometimes during a session, large presentation files either do not display in the outline or prevent the entire outline from displaying. This is particularly true of large presentations over 1 MB that contain lots of graphics.
Resolution: To workaround this problem, you can break up large presentation files into smaller files when you create the course. To fix this problem, contact Customer Support.
Hope everyone has a good weekend, or had a great one if reading this on Monday. I am making one more change to the right sidebar at some point adding recent comments. I already verified and added the RSS icon with the current upgrade I did today to the blog version!!!
-
for this posting
On Friday, May 9th, 2003 by Chris Miller
Something non-Domino today
a combination of blogging and news aggregrators will largely replace B2B email marketing within 5 years. |
Imagine the time in the future where your spam is not filtered in the email, but spoon fed from channels to which you subscribe as ride along advertisements. Kind of like inviting your brother over for dinner and he brings the drunken friend that won't be quiet. You didn't ask for that guy to come, but he had a free ride to the food (money) source.
The FTC held a nifty session last week as a Public Spam Workshop. Now I am not one to whine about going to conferences, but 3 days of bulk email vendors lobbying around gives me the creeps.
Otherwise I continue on my quest to get LVC for this one customer up and successfully operational with Lotus' support help for some non-documented issues so far.
-
for this posting
On Thursday, May 8th, 2003 by Chris Miller
LearningSpace Virtual Classroom
For those unfamiliar, it is one of the E-learning initiatives. It utilizes Quickplace 3 and LVC Course Manager on one server, and then Sametime 3 with LVC Session Manager on the other server. Of course they are both Domino overlays and then there is the LVC Connector service that runs to make the two talk.
Well you cannot schedule a session less than one hour in advance which is making one customer unhappy. I know the connector needs time to, well connect of all things. But since it constantly polls every five minutes for an available session server, why can't we move to more like 15 minutes?
Second, can someone explain why the Course Manager server eats diskspace from 50-99% every few minutes and then goes back down? Creating temporary files? We are researching that now. Looks like main.nsf and vcmm.nsf are the current culprits.
Lastly, and I cannot find this in the admin guide or the install guide, another customer is looking to attach PDF files in the courseroom for download outside of any whiteboard files for the live sessions. Hmm, can't seem to find it and technote state do not load unsupported whiteboard file types into the Session server or too large of files. If your files are large, contact support to find out how to break them up. Now that one sounds quite bizarre, but luckily they knew about it in advance.
Ok, off to find the whip and chair to tame the box
-
for this posting
On Wednesday, May 7th, 2003 by Chris Miller
E-Pro: Quenching the IM Thirst with Sametime-Ade
by Chris Miller
As the manager or owner of your enterprise, you feel that business is doing well. You can hear the sounds of doors opening and closing, a doorbell ringing, and the click of your employee’s keyboards. Unfortunately, what you don’t realize is that much of that keyboard activity may actually be employees using chat clients.
In today’s computing environment it’s becoming common to see unmonitored and unrestricted chat, file transfers, and audio and video connection bandwidth utilization. This largely personal use of enterprise resources is growing and will soon become an issue that all companies have to face.
It was back in the days of talk on Unix systems that simple realtime messaging in the most basic form was introduced to computing environments. Realtime messaging today has evolved into a language that combines fonts and emoticons (see Figure 1) with text, and has seemingly become the way some teenagers spend all their waking moments. And some of your employees are following the trail blazed by youth.
Current estimates are that 70 percent of enterprise employees are utilizing instant messaging, according to Gartner. (You can find more statistics on its findings at http://www3.gartner.com/3_consulting_services/marketplace/instMessaging.jsp.) Unfortunately, this figure represents both authorized and unauthorized instant messaging. Osterman Research released a study (see http://www.ostermanresearch.com/results/surveyresults_im0902.htm) that shows the current mindset of enterprises in curbing or embracing the rise in instant messaging. The survey found that 30 percent of enterprises support instant messaging, 35 percent were neutral in their support stance, and 14 percent just say “OK” to its existence in the enterprise but have no security safeguards in place as of yet. Osterman’s final estimate is that 225 million people will have instant messaging as part of their daily work lives by 2005.
Many administrators underestimate the number of chat clients and services that are available to the public. Outside of the biggest four (AOL, MSN, Yahoo, ICQ), there are numerous others. A current explosion of what I call “consolidation clients” is now being embraced by the user community. The most popular client is provided by Trillian (see figure 2). It lets the users to log into all of the abovementioned clients, plus IRC, from a single interface. All buddy lists, as well as the features of each individual chat service, are available and integrated. Some other vendors now offer the same consolidation but Trillian appears to be the leader in that space.
In my view, this proliferation encourages users to join more than one chat community. By simplifying the user interface and ability to maintain presence in numerous systems, users are amassing large groups of chat buddies.
If an Internet standard to connect these services together is ever agreed upon, the rise in usage can only grow. Currently SIP does connect messaging services together through gateway servers so communities may interact (more on that in a minute). Users that can only reach family on AOL IM because the enterprise supports it, will soon be able to reach all their friends on MSN and Yahoo through the same connectivity.
Chat Security Concerns
Aside from the concerns about company time and bandwidth being eaten alive by excessive chat, this situation raises legitimate security concerns. For example, how many of your users would you expect use the same password for the public chat services that they use to access internal systems? Would you wager over 60 percent of your users do that? If so, according to a recently published survey, you’d lose that bet because your estimate is low. This means most chat users are sending the same password they use to access your internal e-mail and file systems in plain text across the Internet to public- and shared-chat services.
Another feature that the public instant messaging clients now offer is file transfers. Some even offer upload ability to a temporary Web server if your firewall won’t allow clients to connect. This means, for example, that you must manually configure your virus scanning software within each chat service independently or you have a vulnerability. InstantMessagingPlanet (http://www.instantmessagingplanet.com/security/print.php/1470691) completed a survey in the fall of 2002 that included statistics on file transfers. The most surprising result I read was not the fact that 48 percent of those surveyed had accepted a file transfer within the six months previous to the survey. The surprise to me was that 15 percent of those accepted files came from unknown parties. Imagine an employee receiving a file transfer with the Klez, Nimda, or Slammer virus hitching a ride. Then imagine the subsequent effect on your internal network maybe several times a month.
For an example, imagine a new fast spreading virus is brought into your infrastructure. The Sapphire/Slammer virus, as an example, shows the speed at which it can take over your infrastructure much in the same way it propagated throughout the Internet. (http://www.caida.org/outreach/papers/2003/sapphire/sapphire.html) This virus doubled in size every 8.5 seconds and infected most vulnerable hosts within 10 minutes. Overlay that theory as a loose virus in your enterprise and you can see the possible results through file transfers.
Even worse, one of the biggest existing security holes is the passing of corporate data unmonitored and uncensored out of your network. After all, such file transfers can be set to automatically accept and send files upon connection. Imagine an employee placing confidential product or sales information in that essentially public folder, after which pretty much anyone can grab and download those files. The next most dangerous security hole is the users’ ability to do simple cutting and pasting of information into instant messages. Without any logging and filtering, data might be passing out of your enterprise by this means even as you read this article.
Plugging the Holes
Some corporations have set stringent firewall policies that only allow port 80 requests to access the Internet, in the hopes that this will eliminate use of public messaging clients. Unfortunately, the majority of those putting this finger in the dike also offer the capability of pushing requests over port 80 to the ISP’s servers. Some go so far as to offer SOCKS and proxy server configuration options with detailed help files.
The next preventive step some administrators take is to set the firewall to only allow requests that are generated by a browser to go through the proxy servers. But once again, the chat community has already overcome that restriction with a product designed to act like a browser request. Users even have the choice of what type of browser to use to present the chat request, to better trick the firewall into allowing the traffic (see figure 3). This product also lets the user install and run a proxy host that masks the Internet traffic and bypasses your filtering at the firewall level.
With so many dangers to allowing public IM products to operate in most environments, why don’t enterprises just lock them entirely out of the desktop environment and prevent anyone from loading them? Well, because such messaging services can be useful and productive when used responsibly in a business setting..
The Osterman Research study also examined some IM benefits and found that most companies using IM do it to maintain communication with remote employees. Improving overall corporate communications and reducing telephone use and expense were close behind in the reasons that enterprises employ IM. Other reasons for using IM are to provide quick answers to questions and the ability to share documents.
Due to the demand for IM for legitimate purposes, some enterprises’ efforts to manage it consist of simply creating Quality of Service (QOS) contracts for their users that include restrictions and requirements for presence and availability. Limiting the hours the user is available online, or restricting knowledge of IM’s presence to limited parties, is fast becoming a standard part of such contracts.
Corporations have numerous options for putting controls on use of public messaging clients. As mentioned earlier, many administrators think the most direct approach is to simply put port restrictions in the network that disallow access to the common messaging services. Although this can deter novice users, the chat companies themselves offer help files on how to reconfigure a client to bypass this restriction.
My first comment to the companies I visit is to suggest they put controls in place and possibly streamline the available client options. Basically, I’m advising the administrators of the network and systems to become even savvier about IM than their users. While a lot of administrators use IM in their daily activities, many don’t yet know all the tricks for controlling client usage and for thwarting and client control workarounds. This means administrators need to take the time to learn details such as what ports the different clients access, when they access them, and to what host names the clients connect on the Internet.
Most commonly, the next question I hear is whether I can provide a list of these ports and hosts. As I mentioned before, there are so many clients available, you could spend quite a bit of time accumulating those options. But you can still affect the majority of users by learning about the top few services (see figure 4). A recent poll (available at http://www.InstantMessagingPlanet.com) shows that of those surveyed, 37 percent are AOL users, 27 percent use ICQ (also owned by AOL and now integrated to talk to each other), 16 percent use MSN Messenger and 12 percent use Yahoo Messenger. The remainder used numerous other clients, such as Jabber, Bantu, EyeballChat and even NetMeeting for host to host calls. The only answer is to keep an eye on which chat clients your users access and educate yourself accordingly.
Something overlooked that I find important is the monitoring of employee chat when regulations mandate it. Because users are allowed to use online names, matching any name with a particular employee can be a time-consuming process. Some users employ more than three aliases that they use regularly depending on the chat service or time of day. Some are used for business reasons and some for personal. But such anonymity won’t protect your enterprise if some content that passes into your organization becomes the source of sexual-harassment or other inappropriate-content complaints.
Some third party vendors, such as Facetime Communications (http://www.facetimecommunications.com), are offering chat filtering software that operates via a corporate gateway. In this scenario, users can access public IM systems, but all traffic is routed out through the gateways, which provide monitoring for usage, content, and auditing, a necessity in today’s world of lawsuits and document retention.
Another Solution: Lotus Sametime
IBM/Lotus has stepped in to take the lead in business IM. More than 66 percent of corporations that have adopted any official corporate standard have made Lotus Sametime that standard. Among large organizations, more than 80 percent of the market share belongs to Sametime. IBM Lotus Software is currently rebranding Sametime. The attempt is to make the name more recognizable in function. The new names are Lotus Web Conferencing and Lotus Instant Messaging. (New to the enterprise market is AOL and Microsoft offering an enterprise controlled messaging environment based on their chat systems.) There have been other vendors in this space for some time, but these two are flexing their names in the public IM space as the largest providers to enter into the enterprise market. Of course, both also offer custom integration of the enterprise and public IM systems.
As I discussed earlier, You can control the security risks inherent in public IM systems by using a corporate-standard IM product. Lotus Sametime fits such situations well because it was designed with the following in mind:
Security
Directory integration
Secure chat sessions and meetings
Intranet deployment
Extranet deployment
Scaling with clustering
Chat Logging
Web services integration
Integration with other chat systems
Web meeting services
Lotus Sametime enables directory integration instead of relying strictly on self-registration. Administrators can use an existing Domino Directory or provide authentication through any LDAP server. This flexibility alone lets you integrate Sametime easily into environments that have Active Directory or any other LDAP service running but no secure chat services, without worrying about custom integration work. When you first install and configure Sametime it prompts you to choose which directory type to use. (You can always modify this later either direction.) This removes the anonymous naming capabilities of the public messaging systems.
Sametime also supports intranet and extranet deployment. Sametime behind the corporate firewall is a simple installation as long as the network infrastructure is in place. Placing a Sametime server in the DMZ is just as simple. While installing, you have the option to have Sametime tunnel requests over port 80 to reduce the effort of reconfiguring firewalls. (Note that some firewall work may be necessary to exploit all of the capabilities.) Sametime, installed with the default settings, uses numerous ports for all its capabilities. You can find a list of supported ports Technote #192384 at http://www.support.lotus.com.
You can even take this architecture one step further by connecting your extranet and intranet environments. Employees connect to the internal server while customers and partners use the external server in the DMZ. Sametime then has the ability to host a simultaneous meeting on both servers without having the users pass inside or outside of the network firewalls to share in that meeting. Presence may also be extended through both servers to enable secure IM.
Sametime 3.0 offers numerous enhancements in clustering and scalability. For example, 3.0 lets you provide a redundant infrastructure by creating Community Clusters of Domino servers. This lets chat clients connect to an alternate server if connection is lost due to server failure.
Also, for scaling purposes, you 3.0 lets you create Community Server multiplexers (MUX servers) that receive only Sametime client connections, which then connect to the actual Community Services on a Sametime server. This reduces the client connection load on the Sametime server, and lets you add additional MUX servers as demand increases. Each Sametime server then maintains only a single IP connection to each MUX, reducing the load considerably.
Sametime also enables geographic dispersion of chat services. For example, let’s suppose a national company with offices on each coast wants to deploy a corporate-standard IM service. Due to existing WAN traffic, having all users access a single point isn’t feasible. Creating Community Clusters on each coast and assigning users to the clusters by geographic region provides the necessary redundancy. Then by connecting the two communities you provide the scaling in one overall solution.
In addition, Lotus has introduced the Sametime Enterprise Messaging Server (EMS), which sits in front of Sametime clustered servers. This new server provides failover and load balancing while providing no Sametime services itself. It’s strictly used to manage large IM loads across numerous servers.
Through an API or a third-party utility, you can also log Sametime chat activity. This logging may be archived and indexed for searches if necessary. For those companies under federal requirements to maintain chat as well as e-mail records, this service is invaluable.
There are products for the public IM services available, but the user names chosen may not be easily matched to the users in your organization. (Please see “Lotus Business Partner Products with Name-Matching Capabilities” for a list products with these capabilities). You can write your own chat logging application by using some C++ programming and the API. Information on how to do this is available in Technotes at http://www.support.lotus.com. I suggest starting with Technote #187707, which gives a very brief overview of writing your own chat logging support.
Sametime also brings secure, encrypted chat and e-meeting capabilities to further increase security of your messages between employees, or even between employees and customers through Web services on your corporate Web site.
As corporations merge and collaborate, you’ll likely begin to encounter different messaging systems from company to company. Sametime 3.0 now has the ability for Session Initiation Protocol (SIP). The SIP Gateway functionality and SIP Connector enable users in one SIP-enabled IM community to share online presence and IM services with another SIP-enabled community.
Taking that SIP connection a step further, you can then also add Transport Layer Security (TLS) to encrypt traffic between the two SIP communities. Although during a meeting you would see the open padlock in the corner of the browser (reflecting that a session was not encrypted), because the Sametime server cannot tell if the other SIP-enabled community supports encryption, the session can still be encrypted if the administrators both configure TLS. This configuration does require an additional server to handle the SIP Gateway. Sessions between the SIP Gateway and the Sametime server are also encrypted with TLS, and then a proprietary encryption is utilized between the Sametime server and Sametime Connect client (see figure 5). The SIP Gateway isn’t open to just any other community to connect to yours you decide which other gateways are allowed to connect.
Sametime offers additional features many other consumer products don’t that may be useful to you. For example, Sametime provides Meeting Services with whiteboards, screen sharing, and audio/video capabilities, all integrated into the same server and with security wrapped around it.
It’s OK to Use IM If It’s Secure
It’s not my intent to scare you away from IM. It has many uses and its importance will continue to grow. But what is important is that you realize that unsecured IM is a danger to the confidentiality of your enterprise information, and that solutions and compromises do exist that both support users’ IM needs while providing the security and control you need.
But in my mind, the best solution is to secure, standardize and implement a corporate standard for IM. A well-defined QOS plan that provides reliability, auditing, and filtering can deliver a business benefit and productivity enhancement for your enterprise. Lotus Sametime, in particular, has proven itself to be a valuable business solution for all of these needs.
Chris Miller is the Director of Messaging and Collaboration at Connectria in St. Louis, Missouri. A CLP in ND6, PCLP in R5 and R4, Chris has been working with Domino administration since 1994 and is just finishing his Lotus Collaboration CLP also. Some say he spends all his time behind a computer, but you can also find him on the soccer field — playing or coaching.
SIDEBAR Material:
SNAPPShot
by SNAPPS
http://www.snapps.com
Collaboration CONTROL!
By DYS Analytics
http://www.dysanalytics.com/prod_collaboration.php
IM Auditor Enterprise
By Facetime Communications
http://www.facetimecommunications.com/risk.shtm
Facet for Sametime
by Pistolstar
http://www.pistolstar.com/cmbr_st_reporting.html
-
for this posting
On Thursday, May 1st, 2003 by Chris Miller
First things first.....
Well here we are, the Friday before Admin2003 and I just don't feel like everything was completed. I am on patch #3 from Lotus for Sametime 3.0 for numerous customers. We have now patched, patched and newly patched Stconf.nsf trying to remove error after error. Currently we fixed the little pop-up window that didn't used to go away. Some of you say Ah Ha! Either yours always goes away or for some of you it doesn't. Well I can definitively say the answer to fix it is, well unknown to them also, LOL. It is different each time for each customer we have.
The current environment has a hostname that differs from the actual WWW name because it is a hosted server. Then they use an alias name. The WWW is a C Name entry in DNS, the alias name we entered as an A record in DNS. So guess what, different results.
Secondly, multiple NIC cards. Sametime has the uncanny ability to bind to the first card in the operating system order. Well we build with the backup NIC first because well, we like to make sure backup works before it goes live. So the production NIC goes second. Disable NIC, install, re-enable NIC? Yeah right, lets just fix this issue. Editing the sametime.ini file for every server does not bode well inputting hostnames and addresses under [config].
On a side note, if you wish to read a true/fantasy/we don't really know blog, then the link at the right for FlightRisk is for you..hmmmm. Start at the bottom of it and read up to follow the story. DO NOT start at the top, you get stuck in the middle.
-
for this posting
On Friday, April 25th, 2003 by Chris Miller
reading up on the Domino 6.5 beta
So late last night I was reading the Release Notes to gather some info before I installed today. This one really stuck out in my mind as something a lot of enterprises will have to deal with.
So get to checking those ACL's folks, strange times are a brewing. Back later....
-
for this posting
On Wednesday, April 16th, 2003 by Chris Miller
well I had no title here
This means if you have 5.x servers and use 6.x clients, the selective replication will not work correctly in the databases. Now there are some work-arounds that might be possible, but not if you have large distributed replicas at numerous client machines or sites on lots of databases.
I spoke on IM with Bruce Elgort today, and he said we don't have long to wait till OpenNTF Mail 1.2 comes rolling out the door. I love the current release enough to have most of my internal users on it, but I welcome some of the enhancements. Head on over to the link on the right to read about the current release if you don't already run it. Hint: There will be iNotes support in the next point release he says.
It seems Rob Novak sent me an IM last night to announce that he started blogging. I personally think he cheated since he didn't get us linking on the first day to read that initial post. He waited a whole week before telling me he was out there. But I will pay him back in a few weeks when we are both at Admin2003 in a couple weeks.
Interesting link of the day, ever wonder about those inventions that didn't work?? The Museum of Unworkable Devices. Take a peek here
-
for this posting
On Thursday, April 3rd, 2003 by Chris Miller
You would think it would get better..
As fast as they could connect they disabled replication on the NAB on servers. They then replicated a clean new directory to a subdirectory on the server. Now some are saying Ah HA! Replicating a new one, but disabling replication on the primary causes Domino to search everywhere on the server for a replica right? Riiiiggghhhhttt. So when they pushed out the others, left the ACL the same and did not turn off replication overall, guess what?
We have a winner!!!! It proceeded to overwrite the new pushed out replica!. Basically it was a circus of speedy efficient replication with no ringmaster.
By the way, sneak over to Libby's site and tell her what you think of her skills at macaroni and cheese :-)
-
for this posting
On Friday, March 28th, 2003 by Chris Miller
Here is the Sametime update
Layman terms: Umm, it seems that Sametime is broke in some way
On server #1 that I mention in a past blog, we are starting to get complaints about the ability to do screen sharing. Well I found one of them was the fact that the company uses the Sun JVM since they have an accounting package that requires it. Of course telling them to change the settings to the Microsoft JVM< well it sank before the ship was out to sea.
On server #2, NRPC seems to come and go. We don't know where it goes, it doesnt leave a note either. Then it comes back, usually around meal times. Seriously, it just wanders away for random amounts of time and then knock knock!!! it is back and running fine. We are putting the collar on it now with the electric fence and we shall see if it escapes the compound again today.
-
for this posting
On Wednesday, March 26th, 2003 by Chris Miller
Rampant Sametime Upgrades
Server 1 - This is a shared Sametime server, tunnelled protocols and heavily used. It was running 2.5 with the FP1 on top. The Domino code installation went smooth and fast. Sametime on the other hand, wasn't as cooperative. It throws an error trying to full-text index the sthelpad.nsf database. It says it cannot complete it. Now instead of playing nice and skipping along to the next task and sending me an alert about this, the installation fails. Stops, won't go, *poof* when you click OK. Now I am definitely not a software developer, but after using Domino this long, I am quite aware I can create a full-text index at a later date if necessary. Why would you possibly want to stop an installation because of a full-text index? So I removed the previous index from 2.5 and tried again. No go. So I removed both the database and index, deleted the registry keys and anything to do with Sametime in the Notes.ini file (see Technote #195123). Reinstalled and there you have it, simple as can be......until #2 creeps along.
Server 2 - I should have seen this coming. No, not the above error, which I got in full force, and cheated more by moving the ST 3.0 sthelpad.nsf database and the new full-text index across from server 1. This server apparently hid it's troubles in the shadows of the data center rack. Keeping them in hibernation like a hungry bear that wanted a quick snack on morning hating administrators. This server was not only an upgrade from 2.5 to 3.0, but also a move from a stand-alone server to joining the customers domain. Domino upgrade, once again successful and simple. I then restarted the server as a new one, and had it bring the address book down from the customers domain across the country. They had already shipped a server.id file to use so that was simple. Now the bear apparently wakened at this point in time. Since we are switching domains that also means we need to switch the signing of the Sametime information. Well this happens after the above fiasco of aborted installs because of full-text indexing, but we won't go there again. I am still taking Tylenol because of this and thinking Domino therapy might be needed). Oddly enough, the registry decided not to update fully. How do I know this? After much head banging. The server installed, launched, showed Sametime coming up, but threw these weird errors on the screen I had never seen nor could I find documented.
Server 3 - I don't even have to type here, I had seen it all. Traveled the world of Sametime. Been in the drudges of battle with evil network cables and multiple IP's for tunneling. So the battle was swift and furious as I forced the machine to follow my orders and be done damn quick. :-)
If I find the energy to type more, it will be after my nap under my desk.
-
for this posting
On Monday, March 24th, 2003 by Chris Miller
Lots to talk about today...
Second item of the morning before I have to do some work and come back to this. I talked to Bruce of OpenNTF last night, yes actually spoke on the phone and not IM, about the upcoming release. It is getting better and better. I even had a hand and tossing him an idea. Let's see if it makes it in. The idea was generated from my friend Bas about emails with importance flag settings. He believed that if he received an email with high importance then it should be automatically set to go back the same way. But without modifying the mail templte it wasn't possible. So I figured if you were going to use a totally different template anyway, why not ask to have that feature in there.
Third item of the morning, I am finishing my judging for the Apex Awards from E-Pro magazine. Here is the link to last years winners. I will have plenty to say when I am done with these later today.
-
for this posting
On Friday, March 14th, 2003 by Chris Miller
E-Pro: Using LDAP in Domino
by Chris Miller
Lightweight Directory Access Protocol (LDAP) is a TCP/IP protocol that was designed as a lightweight option to Directory Access Protocol (DAP) to access X.500 directories. LDAP defines a standard way to search for and manage entries in a directory, where an entry is one or more groups of attributes that are associated with a distinct name. LDAP provides a format that defines the communication between the server and client for X.500 directory searches. Binding occurs when a client opens a session with an LDAP server. The client then searches based on anonymous rights or is authenticated (if offered the opportunity) to gain more privileges.
People often say that they’re “implementing an LDAP directory.” What they really mean is that they’re implementing an LDAP-accessible directory. An LDAP directory can contain many types of entries for example, entries for users, groups, devices, and application data.
Before LDAP, as each network and application grew, so did the number of unique directories. Each directory became an island that was unreachable from the others. LDAP evolved to address this problem, and vendors have embraced it. LDAP is appearing frequently in many software packages as a way to offer directory integration. Even Sun recently used LDAP as a directory infrastructure in Solaris 9.
Lotus began offering LDAP capabilities in Domino version 4.6x, and R5 included many enhancements. Here, I’ll explore how to configure and use LDAP effectively and troubleshoot common errors in Domino R5.
Domino LDAP Security
Before you open your Domino Directory to LDAP searches, you should review which fields you’re making available (for security purposes) and which policies you’ll set regarding directory updates via LDAP. Although opening your directory to the public for searches of e-mail addresses or phone numbers might be beneficial, it may not be a good idea to make available certain information that’s enabled by default, such as Location. On the LDAP tab in the Server Configuration document in the Domino Directory (Figure 1), you can configure the fields that users with anonymous access are allowed to search.
Domino integrates the security policy of the Access Control List (ACL) into LDAP to authenticate users wanting more access to information or more permission for directory management. You can let users update entries via LDAP by setting at least Editor access or Author access with additional roles in the ACL of the Domino Directory. You must also enable the “Allow LDAP users write access” setting in the Server Configuration document (Figure 1). After you select Yes at this field, authenticated LDAP users can make adds, deletes, and modifications based on the roles and rights in the ACL.
If you don’t allow anonymous access and require all users to provide a name and password to authenticate, you have options for forcing users to provide their user (short) names or their more specific, fully qualified, distinguished names. By default, Domino LDAP uses the short name option. The only way to enable the more specific option, which refers to RFCs 2251 through 2254, is to add a line to the Notes.INI of the server:
LDAP_Strict_RFC_Adherence=1
Once you have this Notes.INI setting in place and restart the LDAP server task on Domino, users can authenticate using only their hierarchical names. For example, Bob Jones/Sales/Corp can authenticate, but Bob Jones or bjones can’t.
Authentication options for allowing anonymous access are set in the Domino Server document. Select Ports, Internet Ports, and the Directory tab. As long as “TCP/IP port status” is enabled, you can answer Yes or No to allowing Name & Password and Anonymous access from LDAP clients. If you do allow Anonymous access, I’ll cover how to set which fields are available to Anonymous access in a moment.
Loading LDAP on Domino the First Time
One configuration item that confused me at first is how Domino offers LDAP configuration. You can set advanced LDAP settings (e.g., timeout values, anonymously queryable fields) in the Server Configuration document. But this tab is only available if you select the option “Use these settings as the default settings for all servers” on the Basics tab.
Basically, there is one default document for your domain that controls LDAP for all servers. You specify LDAP settings for all servers in the domain in one general configuration. Don’t create a specific Configuration document for the server running LDAP or you’ll lose the LDAP tab. Lotus designed this feature to ease administration by listing information in one global document. But sometimes you need to maintain different LDAP settings for different servers; for example, some company staff settings might be inside the firewall, and those for business partners and customers may be in the DMZ.
A common misconception about the timeout setting on the Server Configuration document for LDAP is that connections are dropped after the timeout period specified. (This timeout is for LDAP searches only and not actual connections to the LDAP server.)
Loading LDAP on your Domino R5 server for the first time is as simple as typing load ldap on the server console. This starts the LDAP server task and lets LDAP clients make inquiries against your Domino directory.
One immediate error message that may appear is, “LDAP Server: Error reading configuration settings, check server and domain configuration records . . . LDAP Server: Initialization failure.” This error occurs when LDAP Port 389 is set to Disable in the Server document. The problem is easily remedied by editing the document in the Domino Directory for the server running the LDAP task. Select Ports, Internet Ports, and the Directory tab, and notice the TCP/IP port status field. Before loading LDAP, verify that this field is set to Enable (unless you’ll be using LDAP only over an SSL or Simple Authentication and Security Layer (SASL) connection).
If you choose SASL in your LDAP solution, there are a few items you should be familiar with. No protocol other than LDAP has the ability to utilize SASL. Domino integrates SASL into the LDAP server. Administratively, you need only enable SASL and go to the same Server document tabs as above and enable the SSL port for LDAP. The connecting LDAP client must also support SASL, of course, and when it connects, the Domino server automatically initiates an SASL session. For more information about SASL, consult RFCs 2222 and 2444 at http://www.rfc-editor.org/rfc.html. SASL is still evolving, so expect modifications.
Performance Enhancement Opportunities
Lotus offers one main option to enhance LDAP performance: Create a full-text index of the Domino Directory on the server running LDAP. (This is for cases in which you’re only looking up names of users.) As Domino uses the ($users) view first, full-text indexing isn’t necessary in such cases, so you use resources maintaining the full-text index.
The Domino LDAP task also allows (by default) searches to take as long as necessary when a query is made from an LDAP client. If your server performance slows, set limits for the timeout and maximum number of entries returned on searches. These configuration options are also found in the Server Configuration document. But if an LDAP client also has the ability to control these settings, the one with the lower setting takes precedence.
One other area that can affect performance is the setting you configure for search results returned and the number of wildcards allowed. The setting lets you specify the number of characters that an LDAP client must place before the wildcard search (*) in the request. The default number of characters is 1. If performance is slow, and you’re aware that LDAP clients are performing searches, try increasing this value to 2. This simply requires the LDAP client to make a more specific search, so the lookup also returns fewer entries to the client.
Some caveats exist. If the LDAP client attempts to use a wildcard as the first character (e.g., *ones), then Domino drops the first wildcard (unless “Minimum characters for wildcard search” is set to 0) and proceeds with the remainder of the search without it. To take this one step further, let’s say the search was cn=*h* and the minimum number of characters required for a search was set to 2. Domino ignores the first wildcard (*) and then rejects the entire search because the user didn’t specify two characters and the other wildcard (*) was at the end.
Also, the “Minimum characters for wildcard search” won’t apply to the LDAP client search if the only character sent in the search is a wildcard. Basically, you use that type of search only to see if a specific LDAP attribute exists. You can still set the “Maximum number of entries returned” configuration setting if you’re concerned about performance hits from that search type.
LDAP Capabilities in Domino
Overall, the directories in Domino aren’t updated as often as they are searched or read. I’ve heard many administrators say that no one even reads their Domino Directories, and they don’t keep anything other than the items created at registration in the Person record. But the server reads the Domino Directory consistently, checking access rights and configurations. Most administrators never realize how often the Directory is read until it breaks.
LDAP searches the Domino Directory in a certain order, looking for requested information. The order of the search is as follows:
1. The ($users) view
2. The full-text index
3. If there is no full-text index, the ($PeopleGroupHier) view
If the LDAP client makes an attribute request, such as a spouse’s name, the Domino LDAP task goes directly to the full-text index. If there is no full-text index, it goes to the ($PeopleGroupHier) view.
I recently had a client ask for the ability to synchronize a Domino Directory by pulling updates from another existing LDAP-accessible directory. Domino doesn’t currently let you pull updates from another directory via LDAP. This is possible if you choose to make all initial changes in Domino and then let some third-party LDAP directory connect and update itself from Domino. You’ll need to check with the third-party vendor to verify that its product has that capability.
Domino R5 also has the ability to export the Domino Directory into Lightweight Data Interchange Format (LDIF). LDIF is the RFC-compliant format that LDAP servers and clients adhere to in building their LDAP schemas. You can retrieve the exported file via a simple command at the Notes client command line:
ldapsearch -h LDAPservername objectclass =
* > filename.txt
You can then import the specified output file to another LDAP server. I’ll say more about LDAP schemas in a moment.
Not all fields are available for LDAP searching. Resource documents are one such field. Resources are an object class of a database, which excludes them. When you’re configuring LDAP fields in the Server Configuration document, some of these excluded fields show as choices, but they aren’t valid. For a complete list of fields that are excluded from LDAP accessibility, see technote #190495 at http://www-3.ibm.com/software/lotus/support.
Groups in a Domino Directory serving LDAP requests are also handled differently if your groups contain spaces. When an LDAP client makes a request for the e-mail address of a group that’s stored with a space, the LDAP server returns underscores where the spaces were. This is because spaces in Internet addresses aren’t valid SMTP characters. Of course, mail to this address will fail because it’s not valid in the Domino Directory. You can correct this by editing the Group document and filling in the Internet Address field on the Basics tab. All LDAP client searches will then return a valid Internet address that can accept mail properly.
If you use LDAP queries for Web authentication on your Domino server, you must enter names differently within ACLs for users to authenticate correctly. LDAP retrieves names in full canonical format. A returned result looks like “CN=Bob Jones/OU=Sales/O=Corporation”. This is the exact name you’ll then list in the ACL for a user authenticating via a Domino LDAP lookup. (Of course, if the user is a member of a group, the group must exist in the primary Domino directory.)
On the Notes client side, I once had a client request the ability to search each LDAP-accessible directory individually from the Notes client. Currently, you create an Account document in a user’s Personal Address Book (PAB) to selectively search one of multiple secondary address books via LDAP. Lotus documents this ability as an enhancement request. This situation also involves type-ahead addressing from the Notes client. In R5, you can’t get type-ahead features to work when addressing a mail message. You must hit F9, which invokes the namelookup, to get an address-choice list to appear.
The Notes client may also encounter an issue with searching for groups that Domino accesses via LDAP rules in a Directory Assistance database. Domino stores groups in a flat naming convention, and creating a rule to search for anything but the default of */*/*/*/*/* (see Figure 2) won’t return that group. For example, say you create a rule based on */*/*/*/Company/US for all searches related to that LDAP directory. If you want the group to show in a search with those restrictions, each group must be created hierarchically. Refer to technote #180188 for more information.
Working with the Domino LDAP Schema
A schema is a map of LDAP attributes to the actual record stored in the directory. Any software that provides an LDAP-accessible directory uses schemas. Domino R5 offers special forms with mapping information in the Domino Directory that link to other forms. This gives the LDAP task access to virtually all the information stored in it.
It’s possible to get errors related to loading the LDAP schema. One reason that such errors occur is if one of the LDAP forms is corrupted or was customized incorrectly. The LDAP task can’t reconcile the schema. This, in turn, shows the LDAP task closing immediately after loading it. For this type of error, you can add a line to the Notes.INI file to show the form (or the directory) that’s not functioning correctly:
DEBUG_LDAP_SCHEMA=1
DEBUG_OUTFILE=
Keep in mind that this will continue to run and create an output file as long as the Notes.INI variable is in place.
A couple of options let you retrieve information about the schema that Domino provides on your Domino LDAP server. The most user-friendly selection is the Domino LDAP Schema database (SCHEMA50.NSF). That database is created in the data directory if you use the following command on the Domino server console:
tell LDAP exportschema
Make sure you have the database closed before running the console command, or the export into it won’t function. You can run this command as often as necessary to update the database when you make schema changes.
The Designer task that normally runs on your Domino server also updates this database (or creates it for the first time) after loading the schema into memory. The Domino LDAP Schema database provides extensive information on attributes. I suggest opening and becoming familiar with this database after loading LDAP. You can even do full-text searches in the database by default after the full-text index is created, of course.
You may also use the ldapsearch utility mentioned earlier with some other options or any LDAP V3-compliant client. A sample command to retrieve the directory schema is:
ldapsearch -h hostname -b "cn=schema" -s base "(objectclass=subschema)">filename.txt
This creates an output in text format. Although it’s not as user-friendly, other LDAP directories can import this type of output.
It’s also possible to extend the Domino schema by adding attributes and object classes to it. You do this by using Domino Designer and creating new or modifying existing subforms and forms within the Domino Directory. Any time you extend the schema, you can enter “tell ldap reloadschema” at the Domino server console to put the new schema into memory. Then, use the above export server command to put the schema into the Domino LDAP Schema database.
The LDAP service in Domino doesn’t perform schema checking by default. You must manually enable it by editing the Notes.INI file with the line
LDAP_Enforce_Schema=1
You must then restart the Domino LDAP server task for this to take effect. Once enabled, LDAP will only accept modifications that already conform to the directory schema. The Domino directory LDAP attributes and content are then kept under control. Keep in mind that schema checking is based on the primary Domino Directory. If you use Directory Assistance and have customized those designs, you must also make those changes to the primary Domino Directory for schema checking to function correctly. If any check of the schema fails while doing adds or modifications, you’ll get an “Object Class Violation” error.
Comments on Notes and Domino 6 LDAP
Notes and Domino 6 takes LDAP a step further with some new enhancements. The first big thing is that LDAP is a mandatory task that starts by default on the administration server for the domain. Even if you don’t have the LDAP task in the ServerTasks line of the Notes.INI file, Domino sees that server as the Administration Server for the domain and automatically loads LDAP and writes it to the Notes.INI file. To find more information about ways to disable or make this unavailable, see the Release Notes for Notes and Domino 6 at http://www-10.lotus.com/ldd/notesua.nsf/find/rnrnext.
Regarding enhancements, Lotus plans some performance improvements, including
· the ability to edit the ACL and pull names from a LDAP directory via the normal “add” dialogue rather than the way I described above
· improved migration capabilities via the LDAP Directory Upgrade Service
· Directory Assistance Failover capability to failover to third-party LDAP directories
But, of course, all of these features may not make it into Domino 6.
LDAP continues to grow as a protocol and in usage across applications. It can be quite a powerful tool for administrators to bring together disparate directories quickly, and it’s flexible enough to be modified to suit your enterprise’s needs. Domino has embraced LDAP and integrated it with the Domino server and Notes client, and you can expect more LDAP functionality in Domino as the technology continues to mature.
Chris Miller is director of messaging and collaboration at Connectria in St. Louis, Missouri. A PCLP in R5 and R4, Chris has been working with Domino administration since 1994 and is just finishing his Lotus Collaboration CLP. Some say he spends all his time behind a computer, but you can also find him on the soccer field — playing or coaching. You can reach him at chris@connectria.com.
-
for this posting
On Tuesday, October 1st, 2002 by Chris Miller
E-Pro: Notes and Domino 6 Security Enhancements
One of the most important aspects of your messaging and collaboration system is security, and some of the security improvements in ND 6 are related to more granularity in administrative functions. For example, can you imagine the ability to extend tiny pieces of server and database administration to users without giving them the keys to the kingdom? How about enhanced certificate management and new smart card integration for the Notes client? Well, loosen your imagination because Lotus listened to the administrators and developers to create some wonderful security enhancements.
User Registration
The most exciting change in Domino security involves the user registration process. Previously, the administrator, or delegate, needed access to a copy of the certifier to be used and the certifier password. Now the administrator can authorize certain individuals or groups the rights to create new users without direct access to the certifier and password by assigning them particular rights in the Certificate Authority (CA). (Note that in R5, CA refers only to Internet certificates. Notes certificates are now part of the CA process.)
This new role is a Registration Authority (RA) administrator. Each certifier can be given its own RA to offload and delegate administration. It's all done via the CA process, which includes the CA and Certificate Requests (Certreq.NSF) databases and a new CA server task. Only one CA task runs on the server, but you can link this task to numerous certifiers in the database.
The Certificate Requests database contains active certificate and revocation requests. The administration process receives requests from this database for processing. Requests may be processed manually or automatically. If you choose automatic processing, the administrator must have permissions to run unrestricted agents in the Security section of the Server document where the databases reside.
You can manage the CA server task from the Domino console with Tell commands. A key ability is locking of certifiers that carry a lock ID, so new certificates can't be issued. An administrator can also process new requests immediately and then push a nonscheduled Certificate Revocation List (CRL) to the Domino Directory. For example, a CRL push would occur for a security breach or to remove someone immediately. For a full list of the available commands, see the Lotus Domino Administrator 6 Help at http://www-10.lotus.com/ldd/notesua.nsf/find/dominornext.
CRLs consist of revoked or expired Internet certificates. You can view CRLs in the Issued Certificate List (ICL) database. An ICL database is created each time a new certifier is entered into the CA to store a list of the certificates that haven't expired. A certifier document is also created at the same time and placed in the Domino Directory. This new area entails some configuration, but it can simplify management of certificates.
Extended ACLs
ND6 also introduces extended Access Control List (xACL) entries, which apply only to the Domino Directory, Administration Requests database, and Extended Directory Catalog. You configure xACL on the Advanced tab under File, Database, Access Control. This new granular access level even allows document-level control. Some developers may suggest that this capability exists already in Reader and Author name fields. But creating those fields is unnecessary on a form you want to protect with xACL. You can apply it to all the necessary forms at one time through a single interface. The xACL has three components: Privileges, Targets, and Names. They're all defined in the Lotus Domino Administrator 6 Help. Keep in mind that xACL rights can't override the rights provided by the ACL of the database or Reader and Author name fields.
Server Document Security
The next place to see the most change in ND6 (once your Domino Directory design is updated) is in the Domino Server document itself. Lotus has changed several tabs to add fields and configuration areas for backward compatibility. Some fields have also been moved or modified. The main security tab remains in the Server document (Figure 1), but the sections and fields included on it are moved around. For example, the former section for Server Access is now titled Administrators. The previous setting providing access to administer the server from a browser still appears (for the sake of backwards compatibility), but you don't use it in ND6. Due to the new fields introduced, control is passed to the ACL of the Webadmin.NSF database.
All of the new fields in the Server document let you enter users, groups, and wildcards. I suggest using groups or wildcards for an organizational unit (OU) if your architecture is designed that way, to ease the administration of these fields.
One of my favorite new security fields is View-only Administrators. This lets you display a server console with the administration client or other console tool and perform simple commands (e.g., Show users, Show server, Show tasks, Show stats) to show the status of the server. It's certainly helpful for senior help desk staff to be able to see server status. When such employees can confirm that tasks are running and view simple server statistics, you can decrease the number of calls that escalate to the next level in your support organization.
The Restricted System Administrator field lets you issue server commands that are listed in the Restricted System Commands field. An administrator can now allow a junior administrator general maintenance-task access. For example, in a distributed server environment that has a WAN or even dial-up access to servers, you could give someone local to the site the rights to perform some simple operations (e.g., Fixup, Compact, Updall).
A wonderful new administration level is the Database Administrator. According to the documentation, users in this field can adjust ACLs, set administration servers, and delete databases as needed, but server commands and controls remain restricted to Domino administrators. In testing this field, I determined that users placed in it have rights to compact and create full-text indexes but not to manage the ACL. Either a correct listing in the ACL or higher server administrator rights is necessary for ACL maintenance.
Full Remote Console Administrators is self-explanatory. You can issue any server console command, including the ability to shut down the Domino server.
Administrators takes on a new meaning while offering the same capabilities provided in previous Domino releases. In my testing, I found no changes in rights from what existed in the R5 Administrators field.
The biggest change is the new field Full Access administrators. This level of access includes everything that an Administrator can perform, with an added benefit of manager access to all databases on the server, regardless of the ACL setting. You must give this field careful consideration before implementing it. For example, some enterprises forbid administrators from having default manager access, which provides access to mail and other databases that could contain sensitive information. Encryption of data within the database is the best precaution when utilizing this new feature.
Administrators should be aware that Lotus has modified certain security fields in previous releases of Domino. In the past, fields such as "Access server," "Not access server," and "Only allow server access to users listed in this Directory" applied only to Notes clients. Now, these fields apply to all types of Internet protocols. This option isn't enabled by default; you must modify the Server document for Internet Ports for each protocol for which you want to use this new feature.
HTTP Security Changes
Another exciting change is in the HTTP task area of the Domino server. Lotus has hardened HTTP for security purposes in several areas in which HTTP servers come under attack. For example, to help prevent buffer-overflow attack, Lotus has included the following changes:
- The maximum URL length request is now 4 K.
- URL path segments (e.g., http://www.abc.com/a/b/c/d/e/f/g/h) are restricted to 64 segments by default.
- The default number of header requests is 48.
- The request headers are restricted to 16 K.
You can increase some of these settings in the Server document, but unless you have a need, I don't recommend it. As more varied types of attacks are made against Web servers, these enhancements to the management of the Domino HTTP task will become more important.
Notes Client Security Enhancements
A casual Notes user may find some of the new certificate and security features overwhelming. The average user will never modify or investigate most of them. But as Notes and Domino reach further into Internet integration, and as security becomes a more prevalent demand, enterprises will demand to have them available.
One new feature is the ability to either blank the Notes client screen when your user ID logs out due to inactivity or hit F5 to lock the client and prevent anyone from seeing the screen you were just visiting. (In R5 and previous Notes releases, you couldn't open documents once the client was locked, but you could see the documents in the view if a database was left open. This was a potential security risk.) You can even place your own image on the screen when it's locked. The setting to blank the screen can be found in user preferences and in the ID file properties.
In previous Domino releases, configuration items were scattered across the client. ND6 lets you manage these items in an easily navigated user interface (Figure 2). Some changes may occur after this article is published (ND6 is still at Pre-Release 2, and nothing is set in stone until the Gold version is released), but the current version is already a huge leap toward a unified place for managing encryption, certificates, and security preferences for the client.
First, you now use a different menu option to inspect a User.ID file. The user selects File, Security, User Security to display the dialog. The structure of this information has moved and changed a bit to account for the new features and functionality.
The Basics section includes name and certificate information for the user, the ability to change the user password, and the ability to set the idle timeout. The administrator can create a server-wide setting to synchronize user IDs and Internet passwords. (This ability was missing in R5 but desired by large shops that didn't want to manage this field.) The user can override this administrator setting so the two passwords don't synchronize. However, unless this synchronization was included in a policy assigned to the user or was selected during the user registration process, the user cannot enable this option. (For information about policies in ND6, see the Lotus Domino Administrator 6 Help.)
Another added option is a button for users to click when they believe that their Notes User.ID passwords have been compromised. The button initiates a four-step process for the user to follow to help secure the ID file.
The section titled Your Identity contains three subsections. Your Names simply contains your current certified name plus aliases it finds from the Domino Directory. There are no variables to change. The subsection Your Certificates (formerly Certificates when you're inspecting an ID on the R5 client) has a wonderful drop-down list to inspect all Notes, Internet, and saved key information. The previous R5 abilities of requesting new certificates, requesting name changes, and creating safe.id files are located in this section now, too. A new subsection, Your Smartcard, is also configured here.
I encourage sites to look at the option of smart cards where possible. Lotus has taken advantage of this technology within the Notes client. In ND6, you can select the necessary smart card driver and then configure Notes to utilize it. The smart card must be with the user when logging in each time. The user enters a smart card PIN (rather than the Notes ID) for authentication. I suggest following the advice of Lotus and backing up your ID file before you embed the smart card information into it.
It's not possible, however, to move your Notes certificate to the smart card (although this would be a useful feature). You can move Internet certificates (e.g., S/MIME for Internet mail encryption) to the smart card from the interface. But you can't move existing certificates on the smart card back into Notes.
The subsection People, Services under Identity of Others lets a user query a local address book and/or Domino server for certificate and trust information on users. Another drop-down menu lets you show all users that you trust already by their Notes or Internet certificates. This menu lets you manage these certificates centrally, whereas in previous releases you had to search your Personal Address Book (PAB) view for certificates.
A new enhancement that deserves a special mention is users' ability to download the trusted certificates that are stored in the Domino Directory on their home servers (that is, to merge them into their user ID files) or to simply browse other address books to find a certificate. The user clicks the radio button "Find more about people/services," and a button appears to offer the choice to retrieve the administrative defaults. This way, the Domino administrator can build a trusted list once and users can retrieve that trust when needed directly from the server. Of course, automated ways of distributing this trust are always easier, but this feature lets users be selective or take the entire trusted list for their enterprises.
You can also retrieve an Internet certificate and import it into your ID file. After you click the button "Retrieve Internet service certificate," a pop-up box appears to let the user specify an Internet site name and optional protocol/port information. All the default protocol/port choices for HTTP, Lightweight Directory Access Protocol (LDAP), and Simple Mail Transfer Protocol (SMTP) are the SSL ports for security when retrieving the certificates.
When testing options in the Authorities section, I was able to reproduce what Notes thought was an attack or corrupt certificate (Figure 3). For administrators who must cross-certify with numerous sites, this is a welcome new security feature. The user sets the trust (or, if the certificates are downloaded from the central authority, the administrator has set the trust) for each certificate.
The previous Execution Control List (ECL) has been moved into a section called What Others Do. Here, the user specifies which permissions the signer of a piece of code or agent may perform on the local workstation. The client also now receives more detailed information when an ECL alert pops up. Details about the signature and design note are included to help the user make an informed decision about whether to trust the requested action.
The Log.NSF on the Notes client shows entries for ECL events. Previously, once an event occurred, no audit trail was available for the action. The design title, NoteID, database title, and even the path are now stored in the Miscellaneous Events view. Also, changes that are pushed to the client through programmatic actions (such as an ECL refresh) that modify the ECL in any way (including adds and deletes) are logged in the same place.
Notes Data lets you configure the default encryption settings for any new local replicas created. The subsection Documents lets you view and control secret keys (single encryption keys) that are stored in the user.id file. The creation, mailing, and importing of secret keys is available through a drop-down list or button as well. These private keys let you encrypt single documents and give that single key only to those people you trust.
Encryption settings for mail, signature warnings, and Internet Mail style options are listed in the Mail section. You can import, retrieve, and examine certificates used for encrypting Internet mail. You can also edit all the locations that must use the new or existing certificate.
Final Observations
Security management has come to the forefront
of most enterprises. CIOs are now given directives to obtain and manage
certificates for encryption and SSL and to unify the multiple directories
across their companies. This single-interface management ability has become
crucial to Domino to allow it to move ahead and bring user ID files and
Internet certificates closer together. I hope this information about ND6
helps guide you in upgrade decisions.
-
for this posting