SPF allows the owner of an Internet domain to specify which computers are authorized to send mail with sender addresses in that domain, using Domain Name System (DNS) records. Receivers verifying the SPF information in TXT records may reject messages from unauthorized sources before receiving the body of the message. Thus, the principles of operation are similar to those of DNS-based blackhole lists (DNSBL), except that SPF uses the authority delegation scheme of the Domain Name System
SPF works for any mail system so deploying it is a must as some recipients are now requiring entries or they block your email. Read more in the article right here or leave your questions below.
I even have some links in the article to let you validate your new or existing SPF records.
As long as both the server and the client (web browser) support SSL 3.0, the attacker can force a downgrade in the protocol, so even if your browser tries to use TLS, it ends up being forced to use SSL instead. The only answer is for either side or both sides to remove support for SSL, removing the possibility of being downgraded.
So if an attacker can force your browser down to the older SSL 3.0 then they could cause some problems. While vendors are hurriedly trying to patch their software, pretty much everyone was still supporting SSL 3.0 on their servers and of course your browsers do too. The only true solution is for both the web servers and the browsers to remove support for SSL 3.0 and force everything to TLS (transport layer security).
You can temporarily disable SSL 3.0 (and prior) in your own browsers for the time being. Just be warned that if a site you frequentdoe not for some reason support TLS then you cannot get a secure connection once you do this. Firefox will be making an update in late November under version 34 that removes SSL 3.0. For now you can manually add a SSL Version Control extension to assist.
Google Chrome can be adjusted by simply changing your shortcut to force TLS as the minimal SSL connectivity. They will have a Chrome update soon that will address it for the end users.
Lastly Internet Explorer (IE) has a manual way fix you can do today. I could not find a date yet on when they will update to fix the problem but in your Advanced tab and the Security section you can simply click to disable older SSL and make sure TLS is enabled for connections.
So I uninstalled Skype 6.21.104 to go back to an older version. My choice was the last Skype 5 version I could find of 18.104.22.168 and ran into a new issue
Since yesterday, all versions of Skype below Skype 6.13 for Windows and Skype 6.14 for OS X are blocked and do not allow you to sign in.
There are all sorts of hacks and workarounds to get old versions to go but that was not what I needed. I wanted to go back at least a few point releases to lower the memory usage again. So this got troublesome. Skype has the newest version plus the very slick looking beta. By the way the beta used even more memory as shown here
So I dug around for sites with the older version listed. I was lucky to find the whole list on Soft32. I went back to 22.214.171.124 and got the following memory results
So for now I will stay on an older version of Skype, even though the new beta was much nicer looking.
The mobile app is available for both iOS and Android devices. Continue Reading here" IBM Redbooks launches a mobile app" »
You can also watch the VMWare Fusion 4 video in full HD on YouTube.
I had the opportunity to get a copy of VMWare Fusion 4 to review and I am more than pleased. I have been an avid user of version 3 on my Macbook for some time, and enjoyed the ease of working with multiple operating systems for demos and testing.
VMWare Fusion Version 4 stepped up it's game with tons of enhancements, speedier graphics and better stability. Take a look at the video for more.
Note: the links above are Amazon Affiliate links. I do hope you buy from there :-)
Also, make sure you keep up with all the product reviews from Spiked Studio on YouTube.
In this May 2011 edition I talk about Lotus' attempt at the Exceptional Web Experience and the following:
* From the Editor: Chris' -0.0123 SOC
* From the IdoNotes Mailbox: Removing Encryption On a Local Database
* IBM Social Business Toolkit and Wiki
* Quick Tip: Free Sametime Plug-ins
* From the IdoNotes Mailbox: Plug-ins and Updatesite
Make sure you also:
* Register for IamLUG 2011! The doors are open for attendees, speakers and sponsors. The event will be FREE for all attendees and is being help Aug 1-2, 2011.
* Register for TackItOn again right after IamLUG. This full day (paid) event brings Matt White for XPages 201 and Paul Mooney for Lotus Traveler
* Sign up for both the Consultant In Your Pocket and IdoNotes newsletters in the upper right corner of the blog. Get early notices before the public, webcast information and commentary not found on the blog. Did I mention the two free whitepapers on DCC and Search in Lotus Notes just for signing up?
Recently I have been watching not only my own mail account but the logs of caught spam across a ton of customers. By domain. You would not think that GoogleGroups would be getting marked, as people subscribe to them for the most part. What I am finding is that spammers are now creating GoogleGroups and adding huge lists to them.
Enterprises for the most part will trust Google as an authorized sender. So unless the email contains words or other variables to set off triggers, they are getting through. User's are then blocking the reply-to address or all of GoogleGroups, depending on how they were trained or what type of spam filter they are using.
Even the DomainKey and DKIM are matching for hostname lookups since it is Google sending the email. The funny thing is you may not even use the address being sent to as a Google account, so removing yourself is even harder.
Most of the senders are technology based companies, so reporting them inside of Google is troublesome to do as well, so you find yourself just marking it as spam and moving along.
I received a link from a customer to this ComputerWorld article with the title 10 ways SharePoint 2010 will impact your Lotus Notes migration. The first thing the article does is make a very bold statement:
Over the past five years, many organizations have abandoned their legacy Lotus Notes/Domino environments
What constitutes legacy? An application that drives their entire business? An application that is a workflow built over many years to save huge amounts of costs for the enterprise?
So why didn't the companies move these applications?
Their concerns range from the cost of rebuilding applications on SharePoint to uncertainty about whether SharePoint has the capabilities needed
I beleive they catch the main reason right away. The article goes on to to start the list of how it is easier, or should be. Even though they list limitations right away.
1. Scalability: It’s not unusual for Notes databases in large enterprises to contain tens of thousands of documents. Organizations attempting to move this content to SharePoint 2007 ran into some severe size limitations on SharePoint lists and libraries. With SharePoint 2010, however, the recommended maximums for many criteria have more than doubled
So right away they admit even with Sharepoint 2010 there is still limitations in large databases. They even note this about keyword fields into the managed metadata store. The scaling and ease of migration is not there.
Office integration, their point #3, is a non-issue. I think John Head has been preaching this for years in his integration sessions. This already exists inside the Notes and Domino world
4. Offline Capabilities: Although many of us count on continuous internet connectivity and bandwidth, many legacy Notes applications depend on the ability to “go offline.” Notes is famous for its ability to replicate to your laptop whatever data you need to continue working while unplugged.
They admit Notes is famous for offline capability so Sharepoint tries to cover this with Workspaces. They taught that it is based on Groove (no defunct in the grand sense) and the same developers that built it for Notes. Maybe some, but the movement and capabilities have far outgrown what ehy know and can do.
Sharepoint Online makes it presence known in post #5. Domino has has hosted offerings for a long time from such partners as Connectria, and now LotusLive. Nothing new here exept competition they had to offer. Move along.
The rest of the points were design capabilities which Notes has been ruling for years in the RAD world. Point 9 even tries to promote workflow. Are they serious? Workflow comparisons? Lotus Notes stomps all over workflow.
So it all made sense at the end being written by a Sharepoint migration partner/specialist. that also runs a blog on the topic.
- Managed mail replicas
- Forced client ODS upgrades
- Domino diagnostic probe
- Administrative accounts for plug-in deployment
- Detecting corrupt databases
- Directory assistance changes
- Miscellaneous changes included!
Head over to the free webcast registration page for the event and get your team signed up! Remember, it is free and only last just over an hour
You can also watch the above video in HD on my IdoNotes YouTube channel right here. A wiki article has been created as well.
After submitting my Lotus Blogger Search Widget successfully to the Lotus Greenhouse Catalog last week (original posting), I was happy to see downloads start. Then the comments of failure began. Well after some sleuth work and willing testers, I found the cause and solution which I posted there. I am more than happy to share those comments and thoughts here as well. Remember it is not a plug-in, a widget.
In order to successfully download my widget, and future ones successfully, from the Lotus Greenhouse you must do the following crazy steps:
Open your local names.nsf -> Advanced -> Accounts -> greenhouse.lotus.com entry -> edit -> supply missing credentials -> save and close -> restart Notes -> drag widget again successfully
Basically the widget can only be accessed via a username/password even for the xml file. So Greenhouse attempts to create a local account. The local account it creates on the fly can not get your web credentials to the Greenhouse site. So the error is generated.
Apparently Lotus has known about this for at least 8 months since I found a document addressing it from Feb 2010. No fix, no solution and a bad way to get it. I will point users to my blog instead for now.
(Update before this got published) Lotus has acknowledged this is a Notes regression bug under Spr OAGU88XK87 that worked in Notes 8.5 and broke in 8.5.1 and 8.5.2. This will make it in 8.5.2 FP1 and 8.5.3 but it is a client fix. Keep that in mind.
All of this had nothing to do with the widget itself as it only allows you to select text in any Notes document, right click and do a custom search!
IBM Blueprint is launching into the next evolution of the software with Blueworks Live. A web based solution for collaboration in process improvement. It includes discovery, mapping, documentation and analysis.
Blueprint's ease-of-use, browser-based delivery and wiki-like structure have changed this and allow stakeholders inside and outside your organization as well as across functions, campuses and even oceans to collaboratively participate in process improvement. Blueprint takes the practice of process from the hands of the few and spreads it throughout your organization. In effect, the Blueprint platform becomes the central communication platform for collecting, sharing and improving how work gets done in your organization.
IBM is launching a free (limited) version as well as a paid professional version. The paid version adds a bunch more functionality such as:
The addition of Visio import is cool if the online software is just as powerful. I walked through thr account creation process and it was as easy as filling out 5 lines and then I had a full 30 day trial. After the 30 days I could pay for pro or keep using the free version (I will see how this works in 30 days).
In this September 2010 issue I talk about the Domino 8.5.2 release with you and the following:
IN THIS ISSUE #62
* From the Editor: Chris' 0.79500 HTG
* From the IdoNotes Mailbox: Changing the Inbox Style for Lotus Protector
* Multi-threaded Replication and More in Notes 8.5.2
* Quick Tip: The One Catch We Found in Domino 8.5.2
* From the IdoNotes Mailbox: Finding Notes Jobs
Make sure you:
* head over to Consultant In Your Pocket and catch upcoming FREE webcasts and full replays of previous webcasts
* catch up on the entire Google Apps Migration for Lotus Notes (GAMLN) series here on IdoNotes
* share this with all your geek friends across the social networks
In order to provide to best results, the custom widget for your Lotus Notes client has been updated with more blogs and removing some that went offline. You simply grab the widget from the public catalog or download from the below linked posts. You can also expand this even further by grabbing the plug-in Julian, of SNAPPS, created joining his search bar and the widget together.
If you don't understand what it offers, here is a quick description:
The custom blogger search is based on the Google CSE and now includes over 350 Lotus related blogs, wikis and technical sites. It only searches these sites for speed and web search efficiency. You can further trim searches down by the categories that are being built such as Sametime and webcasts. This allows you to find information quickly you know you read on some blog at some point. PlanetLotus can handle recent lookups, but going further back in the archives is an issue, mainly if they were around before being added.
If you have any questions, please leave a comment.
|SNAPPS and IdoNotes launch free search plug-in for Lotus Notes|
|New widget : Search across all Lotus blogs with a right click|
If you need help in deploying widgets and plug-ins, watch this webcast on Plug-in and Widget Deployment for Lotus Notes from Consultant In Your Pocket which covers this very topic.
Upcoming webcasts include:
- Lotus Protector for Mail Security - Sep 1 2010
Recent replays available include:
- Sametime: A User's Perspective
- Going Beyond Deploy and Pray - Application Release Cycles
- eDiscovery Primer for Domino Administrators
- Deploying Plug-ins & Widgets for Lotus Notes and Sametime
Recent whitepapers released:
So how do you get your hands on this right away? Simple.
Subscribe to the IdoNotes newsletter (make sure you select that group as one of your choices) in the upper right corner of this blog. Within 24 hours you get a welcome email with the link to the whitepaper and notices on the upcoming ones as well.From then on stay subscribed to keep up to date with the latest commentary only newsletter readers get to see. Feel free to subscribe to Consultant In Your Pocket, TheSocialNetworker or simply general interest as well.
IN THIS ISSUE #61
* From the Editor: Chris' 1.0000 LUG
* From the IdoNotes Mailbox: Are Agents Executed At Once?
* LotusLive Hosted Notes
* Quick Tip: Spellchecker in 8.5.1 Doesn't Skip All
* From the IdoNotes Mailbox: Sametime 8.5.1 Released, Now What?
Make sure you:
* head over to Consultant In Your Pocket and catch two upcoming FREE webcasts (one being August 18th!! ) or free full replays of previous webcasts
* catch up on the entire Google Apps Migration for Lotus Notes (GAMLN) series here on IdoNotes
Join Kathy Brown as she returns to provide you a fun session "Going Beyond Deploy and Pray" on August 18th 2010, 10am CST, covering the following:
Thanks to Lotus and Domino’s rapid application development platform, many developers find themselves in a deploy-and-pray application release cycle. That can be fine for simple applications in uncomplicated environments, but what happens when the feature requests get more and more complex? Come hear about different techniques for managing Lotus and Domino application deployment and how to get beyond deploy-and-pray!
You can register for Deploy and Pray immediately right here.
Join Tom Duff and Marie Scott (Tommy and Marie as they are known now) on Sametime: A Users Perspective taking place August 25 2010 at 10am CST . With the pending launch of their upcoming book on this very topic, follow along as they take you down the path of what a user sees in your environment and how to better think like them when deploying features and functions.
You can register for Sametime: A User Perspective right here
** Yes, we will be using the webcast attendee names of those that actually attend (not just register) to be fair. You can always watch the replay online after the event, but then you only get to see virtual "Bag O' Schwag".
IN THIS ISSUE #60
* From the Editor: Chris' 0.152847 ZAR
* From the IdoNotes Mailbox: How Do I Remove Recent Contacts
* Recent Contacts - A New Evil?
* Quick Tip: Domino 8.5.1 FP3 Forgot the Router FIx
* From the IdoNotes Mailbox: Lotus Notes 8.5.1 Client Crashes
Make sure you:
* head over to Consultant In Your Pocket and catch one of the upcoming free webcasts or free full replays
* head over to IamLUG and register for the upcoming North American Lotus User Group meeting in August 2010
* catch up on the entire Google Apps Migration for Lotus Notes (GAMLN) series here on IdoNotes
Join Marie Scott and Thomas Duff as they introduce you to the fundamentals of Tivoli Directory Integrator and then show you how you can set up your own TDI jobs to take your data synchronization requirements to the next level. In this session, the focus will be on non-directory data integration from a development standpoint, with a future session targeted towards the administrative use of TDI to synchronize directories across operating systems and platforms
They are also planning the TDI for administrator sessions to follow shortly
I had this in the works for some time, but the list was not fully up to date. It is now updated with all the Lotus blogs I could find. I built a Google Custom Search Engine to weed out sites that try to use keywords to draw some of the search focus away. This way we can quickly sort through all of the blogger and technical Lotus content with a narrow focus of a half a thousand sites.
You will always find this engine in the search section on the right side of my IdoNotes blog homepage. I went ahead an embedded it in this posting as well for you to start using and sharing. If you or any site is missing, the index is building still. If by Monday you do not show, ping or email me and I can quickly verify with some filtering.
- Comparing LotusLive, Domino Hosting, Disaster Recovery and More - April 15th. This is great for admins and managers alike to see how to compare and what the differences are.
- Lotus Developer Tips Every Dev Should Know - April 20th. This is with Tom Duff and Kathy Brown, sponsored by the good folks at Ytria
- Tivoli Directory Integrator (TDI) the Best Free Tool You have Never Heard Of - for developers on April 28th with Tom Duff and Marie Scott
The site itself underwent an overhaul in look and feel last night. It also has it's own RSS feed for you to keep up to date with all the new dates.
There is a bunch of upcoming webinars planned covering Lotus Protector, policies, DAOS, ID Vault and more. Too many to list. So get over there, register and share the events as well with other administrators, developers and user groups
In this March 2010 issue I talk about filtering yourself (or not) and the following:
IN THIS ISSUE #56
* From the Editor: Chris' 0.0133167 FKP
* From the IdoNotes Mailbox: Move Sametime Server to Existing Domino Server
* Quick Tip: How Does a Consistent ACL Affect Local Replicas?
* From the IdoNotes Mailbox: What is LotusLive iNotes Versus iNotes?
Don't forget to visit CertFX from the banner above and use the coupon code "IdoNotes" to get up to 25% OFF YOUR EXAMS
In this February 2010 issue I talk about the start of Lotusphere 2010 and the following:
IN THIS ISSUE #55
* From the Editor: Chris' 0.0518 XCD
* From the IdoNotes Mailbox: ICM and iNotes Return
* Directory Independence has Been Pulled From Domino Plans
* Quick Tip: Multiple Attachments In iNotes Showing Incorrectly
* From the IdoNotes Mailbox: Which Domino Blog Template Should I Use?
Don't forget to visit CertFX from the banner above and use the coupon code "IdoNotes" to get up to 25% OFF YOUR EXAMS
In this January 2010 issue I talk about the start of Lotusphere 2010 and the following:
IN THIS ISSUE
* From the Editor: Chris' 1.2010 MMD
* From the IdoNotes Mailbox: Business Card Photos in the Domino Directory
* Quick Tip: Disabling Remote Images in Lotus Notes Mail For Security
* From the IdoNotes Mailbox: Large File Uploads in Quickr
Don't forget to visit CertFX from the banner above and use the coupon code "IdoNotes" to get up to 25% OFF YOUR EXAMS
*** as a side note I did remove the LinkJam entry since it was a link to another place and not an individual or team blog posting
In this December 2009 issue I talk about my annual goofy & geek Christmas gifts and the following:
* From the Editor: Chris' 1.0000 XMAS
* From the IdoNotes Mailbox: Mail Disclaimers on NRPC mail
* Configuring Sametime and iNotes (Domino Web Access)
* Quick Tip: Are You Running DAOS on i? There Are Immediate Fixes
* From the IdoNotes Mailbox: BES 4.1.7 and Domino 8.5.1
Don't forget to visit CertFX from the banner above and use the coupon code "IdoNotes" to get up to 25% OFF YOUR EXAMS
In this November 2009 issue I talk about the following, and pay special attention to the "Win the Fight to go to Lotusphere" section:
* From the Editor: Chris' 0.159650 MOP
* From the IdoNotes Mailbox: Transaction Logging the Notes Client
* Win the Fight To Go To Lotusphere
* Quick Tip: Google On the Hostname Change Game Again
* From the IdoNotes Mailbox: Deploying Signed Widgets and Plug-ins
Don't forget to visit CertFX from the banner above and use the coupon code "IdoNotes" to get up to 25% OFF YOUR EXAMS
Get your software, pre-sales questions answered on SWAN, the IBM Software Answer Network. You can ask sales, strategy and technical questions. When you submit the question, SWAN automatically routes it to one of our 1,200 IBM Software Group experts. Once the question is answered, you are promptly notified by e-mail.
The IBM tool that provides simple search against a wide variety of published technical resources across over 70 data sources is known as Business Partner Q&A (BPQA)
Now, I tried to log in and you do need an IBM id first. You are directed to the BPQA (Business Partner Q&A) first. You must search first befire you can submit any question, which actually make sense. Acronym lookups are available to help in understanding what you are searching for or what they are requiring. Here is a sample screenshot of the Q&A busy busy page.
I hope I didn't forget to mention:
Some eligibility criteria apply. Entitled Business Partners can ask a new question using Software Answer Network, or SWAN. SWAN is available to Advanced and Premier level Business Partners and Value Added Distributors. Member level Business Partners who have purchased the Value Package can also ask a new question using SWAN.
In this October 2009 issue I talk about the following, and pay special attention to the editor comments section:
* From the Editor: CHRIS' 8.86624 XOF
* From the IdoNotes Mailbox: The ID Vault and Lotus Notes 7.0.2
* To Package or Not Package My Client Deployments
* Quick Tip: Lotus Notes 8.5.1 Calendar Drag
* From the IdoNotes Mailbox: Sametime Gateway Sizing
Don't forget to visit CertFX from the banner above and use the coupon code "IdoNotes" to get up to 25% OFF YOUR EXAMS
In this September 2009 issue I talk about the following:
* From the Editor: CHRIS' 0.0542000 SRD
* From the IdoNotes Mailbox: Two Out-Of-Office Agents Per Mailfile
* Potential Security Issue with Microsoft Excel File Viewer in Lotus Notes
* Quick Tip: Display Your Current Timezone in the Business Card Feature
* From the IdoNotes Mailbox: Too Many Mobile Device Types
Use the discount code of "IdoNotes" to get up to 25% off your CertFX practice exams for certification
- Set up transaction logging
- make the ODS in 8.5 format (50)
- click a few flags
- start firing off the attachments
The benefits of usage and savings were staggering in the on disk sizes. Savings were in the 40-50% range right now. Here is the good news many people are missing. It is not shared mail in any way. it uses new NLO (Notes Large Object) file types and the darn thing works across ANY freaking database that shares the attachment and is enabled for DAOS.
DId I say any database? Yes, discussions, and soon I would think Quickr.
IN THIS ISSUE
* From the Editor: Chris' 0.021135 CAD
* From the IdoNotes Mailbox: Sametime Issue for the Blackberry
* Overcoming Issues Using Lotus Sametime with an IP Sprayer
* Quick Tip: Lotus Notes Traveler 8.0.1 Releases HotFixes
* From the IdoNotes Mailbox: Placing a Pilot Domino 8 Server in the Same Domino Domain
Leandro from IBM Brazil also emailed me already and pointed out that the tip for piloting omitted (maybe during editing, who knows) that you should create non replica template copies or set the replication for that server to not include any .ntf files.
So the basics are this:
- You could never give users a pre-defined buddylist
- Users had to manually go in and add public groups/private groups and people
- You want someone in particular added to buddylists, like a bot name
The install was simple. I chose to place it on my Sametime server directly for testing. You can install on another machine, but then you need to trust the IP of that machine in stconfig.nsf. I skipped that for testing. Large amounts of processing will take time, of course. But i was quite fast and the results are immediate. Here is the real kicker to the whole thing.
The tool can run while the server is up and the user is logged in. No downtime
Carl and his team at Epilio went as far as to create an actual manual with screenshots that can be found right here. in pdf format. Amazing job and a welcome toolset for my team.
I need you to create these in one of two ways:
1. as a downloadable feature in a zip file
2. or in a siteupdate database I can import.
One of the below sites I visited today gives specific instructions on how to change the client to allow remote site updates. Unfortunately, policies will revert and disable this for all the users. By providing me with one of the 2 options above, I can guarantee my users will get the plug-in and I can control distribution, security and resigning. I also do not allow them to go to outside update sites from those that I specifically list in my configurations. I really want them to use your apps, but it has to be controlled on this end. If you need help in building a site, let me know. I can easily assist.
Some cool ones:
- SideLog by Jeff Gilfelt - awesome tool for working with the Notes log files
- Formul8 also by Jeff - a developer tool to write formulas
- SecretAgent again by Jeff - see all the agents in a database
- TwitNotes by Mikkel - unfortunately I think it is broke for 8.5
Update: John Head in the comments mentions the widget. Unfortunately that is now a requirement for your site to work, Lotus broke plug-in control and I won't allow foreign widgets that pull sites either and no one else should. Good comment John.
** qrush : Lotus Notes may very well be the most over-complicated office tool ever devised by mankind. It's a UI disaster
** aaron_miller : Woo upgrading to Lotus Notes 8 tonight
** careca : lotus notes blows! give me gmail!
** ckwebgrrl : Hating Lotus Notes... I'm starting to sound like a broken record :(
** aaronmcohen : Lotus Notes works again....Oh Joy.....wait.....now I see all the meetings I need to go to.....damn!
** seanjackson : oh, lotus notes, how I hate you so....
** whitneyhess : @mariobourque Ooh you're right. There is something worse than Outlook. Lotus Notes!
** richrecruiter : Retweeting @kellsworth: Lotus should have been left to karate and plants, and stayed away from Notes and emailing.
So what you find is people that have either bad installs or badly managed environments. You could go on for days reading these as they come across but I thought others might find it interesting.
You can also expand this and make more scans for your company name, product or even yourself.
EDITOR NOTE (May 21 1pm): Everyone understand, the Eclipse Update Site template is one of the better things Lotus has created and shipped that outshines other site update tools. I love the template and the guy that write it (hey to TG on amazing work as usual). I am only talking about the process by which the client uses this template.
Instead of using policies in Notes 8 to force clients to see an update site, they chose server configuration documents. Let me break down what is bad about that in a moment. Currently, most every admin will want to make sure the ability for clients to install their own stuff is turned off. Ok, that works. However, you must then place an update site link in the server configuration doc that the user never seems to see. Why the heck didn't you use policies? The server configuration document has the global setting for both Smart Upgrade and then Provisioning, but the Desktop settings policy only has Smart Upgrade as shown here:
So what is expected is that each user will hit the server and see the server configuration document. This in turn will somehow get them the provisioning database or site.xml from there. Well this opens another can of worms. We teach and implement multiple places to reduce the extreme number of server configuration documents and to simplify. But if I want users on different home servers to hit alternate update sites only, then I have to go back and create multiple server configuration documents. Conflicts terribly. The site update database was built with replication in mind. I can create it once, push it out all over and have users hit sites local to their area for performance. With a policy I would be all set.
The real kicker here is that the client never seems to see this new setting and never gets the provision on a consistent basis. I have had one or two magically work, and others never work. All at the same server with the same version of client. Riddle me that Batman, both why it sometimes works and why it isn't in any policy setting to do controlled/distributed provisioning.
Unfortunately, they want all the bells and whistles, but back to basic mode they have to do.
The downside was that many of the Lotus Notes postings were negative. How about some more positive tweets?
Lotus could not have made seeing quota limits any easier and for training users on new features in 8.0.1 as we deploy
Then it hit me. Why are we going through so much work here? So we got a common and known Internet certificate for both servers, made sure that the other side could understand it and forced all communication via TLS from SMTP to SMTP. Their whole point was encrypting data between the Internet flow, not necessarily once it was received since multiple people may need access to the data.
We set Domino 8 to force the TLS conversation and stop if it could not make one. We made sure the other server understood to start a TLS conversation when asked and off we went. Secure Internet mail flow between disparate sites at will.
Chalk one more up on the wall.
- 95% of the attendees use Sametime
- 100% were at 6.5.x or higher and wanting to go to Domino 8.0.1
- Not having Citrix support already for the Standard client made more than one of them very disappointed
- Widget policies were a selling point
- Lotus Connections, Lotus Protector and mainly Productivity Tools were not anything they cared about. Did I mention Productivity Tools?
- Companies in size from 250 users to 40,000 all really use Domino
- Some admins are lucky when they get to go to Brazil for 9 days to install one Domino server
- Lotus Foundations is a cool product if you don't already have a Domino domain, which they all did of course
- Integration of Sametime is awesome
- Integration of Activities is confusing
- The Sametime Gateway is of interest to them
- Coffee breaks are not often enough, mainly after huge lunches
- Attendees love free tools that we give away
- Expanded policy control for desktops and security will be implemented right away
- People are tired of Smart Upgrade and want full provisioning
I am sure there is a few other I will add in. To summarize, the love Domino 8 and wish there was few more things that had made it into the product at the same time. Social networking over here is not popular, while internal chat is. They always have very specific and unique questions that we love getting answers to for them. So excuse me while I collapse, eat a final dinner here and then head home tomorrow . Check my "Where am I headed" tab to see the cities I have booked up.
I hate to discourage the use of any technique that can stop spam, but I think DNS blacklists should no longer be used by Lotus Domino (IBM Domino) email administrators.
So then jump down to the comments and see what others have to say:
Blacklist can produce false positives but really have positive impact on load. Especially when our SMTP server have limited bandwidth and ratio rejected/accepted messages is high as on our server (we have over 90% rejected connections). Then disabling DNS blacklist does mean that our load on line will be 10 times bigger which is of course unacceptable.
So to our customers that saw this, I write my opinion here. While someone may be blocked accidentally for whatever reason, there is the phone. The load that could come from this on your server is not worth letting a Domino based spam solution solve.
Determining path to server XXX.XX.XX.94
Available Ports: TCPIP
Checking normal priority connection documents only...
Allowing wild card connection documents...
Enabling name service requests and probes...
Checking for XXX.XX.XX..94 on TCPIP using address 'XXX.XX>XX.94'
Connected to the wrong server SaidServer2/SaidDomain using address XXX.XX.XX.94
Connected to the wrong server SaidServer2/SaidDomain using address XXX.XX.XX.94
Unable to connect to XXX.XX.XX.94 on TCPIP (Connection denied. The server you connected to has a different name from the one requested.)
Checking low and normal priority connection documents...
No default passthru server defined
So NotesPing showed us that the server they gave us as an IP address and name, was not the right one for one of the two variables for the setup. Correcting either the IP address for the SaidServer or the server name for the IP address solved the issue.
- The rate limit numbers are not linear
- The rate limit numbers are built dynamically with an algorithm, meaning each company will be different
- If you run a bot that does heavy traffic, like an automated helpdesk or query bot, through your Sametime Gateway into the Clearinghouse, you may contact AOL to have it provisioned
So as you see there is no hard numbers per customer, per connected Sametime Gateway. It is a dynamically changing rate based upon your normal usage. Now I know they do not have 40 guys that are there doing simple math charts. Which means that if you suddenly spike the amount of traffic you are sending through the gateway into the AOL Clearinghouse, you might get limited down until they figure out what is going on. Meaning you might end up calling them. So if you are implementing a new bot, I would get in touch with them and get it provisioned first
Make sense? If not let me know.
IN THIS ISSUE
* From the Editor: Chris' .4630821 VGS
* From the IDoNotes Mailbox: Bringing Together Multiple Sametime Services
* Part 2 of 3: Domino Monitoring and Reporting
* Quick Tip: Can Both Lotus Sametime and QuickPlace/Quickr Be Installed on the Same Server?
* From the IDoNotes Mailbox: Websphere Books For the Sametime Gateway and Sametime Advanced
All the Domino servers restarted successfully as a core, but any server that had HTTP in the servertasks= line would not fire up the task after the hard shutdown. We had to manually go in and start it to clear the alert. This was on all the servers 7.x and higher (sorry no older ones to test on)
What are you waiting for?
IBM Lotus Notes and Domino 8.0.1 (including Lotus Domino Web Access and Lotus Notes Traveler) are now available to address issues and provide new features. The following document contains important resources to assist you with your upgrade to Lotus Notes and Domino 8.0.1.
Note that you select which technote you want and click the twisty to have it slide open to see more of the entry
Without implementing this fix, administrators will not be able to successfully maintain Sametime Connect clients and keep them up-to-date with the latest maintenance releases.
If the Sametime 8.0 Connect client has not yet been deployed, administrators can simply replace the provisioning manifest (also known as the install manifest) with the updated one included in the download package referred to above. This issue impacts both the stand-alone client installation package as well as the Network Client Install (NCI) package.
Since there are screenshots on the other pages (including webware) I will leave those out but tell you what I think. The iconic type desktop works well overall. While some of the icons actually utilize the main center window to show the results of what you click, others open new tabs or browser windows (found in settings). You actually get the most function by making your own pages and adding content that you want. There is more than a handful of built in widgets and feeds, from there you can also add your own site or feed. There was 2 Gmail links. One took you to the actual Gmail login page in a new tab, the other was a functioning widget. I would suggest they blow the new tab one away and stick with the widget to keep you in their page. I also found I could not drag the icons between pages, which is something we are used to in Notes for sure.
What I didn't like is how most of their icons they provide of them simply took you to the site. You cannot enter your credentials and have it log in and bring you some form of miniapp window. Symbaloo is a visualization of your bookmarks. But there is no way to take my existing bookmarks and make them a visual page!! That bites. I also could not find a way to import an OPML stream to have it populate pages with existing feeds I watch. RSS streams in the blocks would make this site somewhat useful, but I still prefer Particls, Spokeo and now Streamy. I found places to manually enter single bookmarks and manually enter a single RSS feed, both labeled beta at this time.
You can create links for audio streams and use widgets for Last.FM. But the widget area has a lot of room to grow before it is very useful.
If you take the second line that says Microsoft 2007 Office System, you could go with either Lotus or Microsoft on this one. So without reading what Stuart had to say on the topic, I have my own thoughts. Both of the companies are fighting for what the consumer (public) space already has in abundance. The question are:
- how to relate it to business usage
- secure the data
- get people to utilize it
- allow outside data to be referenced and pulled in
- give the users the Ohh's and Ahh's they find on the consumer side
- provide presence both for internal and external awareness
- open the system to pull in external feeds in a structured and loose manner (ie: Attensa and user defined feeds)
The approach on the underlying purple, blue and green colored areas above fit into both vendors. The question is who can make their product grow up the quickest and maybe pay attention to suggestions (cough cough)
IBM's Metaverse virtual reality software ... Though still a bit rough around the edges-it won't be mistaken for Second Life-some 2,200 IBM staffers are testing ways to collaborate with colleagues in the Metaverse, according to Mike Ackerbauer, innovation manager for collaboration development at IBM.
Ackerbauer said IBM staffers leverage IBM's internal virtual conferencing application through Web services to have online meetings in 3D. This approach is a boon for IBM employes, who are spread out all over the world.
The meeting room Ackerbauer showed eWeek was sparsely furnished, but serviceable, with a screen on the wall to simulate the typical conference room.
What interested me was the statement in the article that they are looking for VOIP solutions inside of it, including hooking it to Lotus Sametime. Forget making profiles in Lotus Connections, get ready to make avatars.
The demo that was shown at Lotusphere used the Ascendant to bridge all the Sametime users into a conference call.
Then another update showed from someone else putting it all together
Today, you are "linking" a Sametime user to an entry in your address book so that you get the added menu items of "Email, Call, SMS, MMS." RIM will add the Click to Map feature
Looks like a winner when it arrives!
RIM Showcases Unified Communications Breakthrough for Blackberry Users At Lotusphere
RIM is showcasing a new feature called "Click to Map" that will allow users to generate maps on a Blackberry handset within the context of a Lotus Sametime session. The "Click to Map" feature will launch Blackberry Maps from within the Sametime client software and generate a map that illustrates a colleague's location based on presence information retrieved from Lotus Sametime.
This is a cool feature I would love to see in place. I know the "Convert to Call" is kind of there, but that seems to not be in place either. Maybe I missed something in implementation or does this need the Sametime 8 Advanced Server that is not due out till next year some time? Also, does the map render from the location they type into the client? I am not sure how that would work either looking at the preferences in the Sametime Connect client for the Blackberry as shown in this screen capture:
I can't seem to find a menu item for mapping the user in the Business Card or main screen. Anyone?
error returned from CreateSTDatabases
Error encountered in the local server while setting up LDAP directory support da.nsf
File does not exist
DDNALocalDominoSetup returning with error code = 0103
SetupLocalSvr returning with error code = 3701
SetupSvrMergeWithDomino returning with error code = 3701
I quickly started the Domino server, created the Directory Assistance and then restart the Sametime setup. Weirdly it now saw the install as the ability to:
- Install a new instance of Sametime ?!?!?
- Upgrade an instance of Sametime ?!?!?
I took upgrade as fix the install that is there please. And away it went. Now let's see how it did.
Here is what happens. Sametime 8 does not see the previous install path (as shown yesterday) since it is not upgrading your Sametime 7.5.x client. It is installing Sametime 8 and then uninstalling 7.5.x from your system. It reads your settings and places them into a lookaside database to move them across during provisioning of the new 8.0 client. What this means to you is that you then cannot install into the same directory you had 7.5.x at first. If you install 8.0 into that folder and then it goes to uninstall 7.5.x it really removes all the new files also. Quite the conundrum isn't it? I know I want mine in the same path all the time. With this scenario, I cannot hit the site and have it upgrade what I have in place. So if you have company standards on how the client is installed, you may be looking at uninstalling the old version from everywhere, then running the install for 8 afterwards into that same directory.
Lotus also changed the folder structure and naming of the Sametime Connect files. This adds a new level of change for the plug-ins. We will cover more on plug-ins on the next posting.
Issue with the Sametime 8 network-install if you misconfigure the original network package on the server
I then went back and placed the correct URL in the download properties file and tried again. I noticed that the install seemed to download incredibly quick. Halfway through, it then stopped and just sat there for a long time. I killed the install and tried again. Same thing. It then hit me. The original download was still in my cache for the browser so it was still reading the bad data. Here is a screenshot:
So I went in and removed that bottom file from the cache to see what the result would be. As expected a much longer download started again. You need to know the original part is 29MB and then more is pulled from the server. The client code itself is still 135MB when it is on the machine. So I am off to delete the file and redo the install.
Content Hardware requirements
The following hardware is required for the systems that host IBM® Lotus® Connections services.
At least two Intel® 64 or IA-32 based server machines
Two CPUs per server, 2.6 GHz CPU speed or higher
Minimum 4 GB of memory per machine
Plus a special note for using Lotus Domino as the directory source:
Lightweight Directory Access Protocol (LDAP) server
IBM Lotus Domino 7.0.2 and later.
Note: Before you can use this LDAP server, you must apply fix PK52839 to WebSphere Application Server.
Gmail has a hidden feature: Atom feeds for Labels! The technique is simple:
1. Setup a filter to catch all email from a specific mailing list.
2. Apply a label to all of that mail (e.g. 'list').
3. Access the Atom feed via this URL: https://mail.google.com/mail/feed/atom/list/ (changing 'list' to be the name of the label.
So if you take this and then flip it to Domino, you could create a rule to tag or sort your mail-in databases and then push this out to the feed readers with the RSS capabilities of Domino. This would solve an alert issue for numerous people that share part in a mail-in database. Everyone could read the stream based on what category they handle from a single course that is tagged/foldered/categorized properly like you can do already with my blog. Go to the archives tab above and look at the different pre-categorized feeds you can get form one single database.
Same idea, just move it to other data stores in your Domino architecture.
There you go, just over 600MB of RAM dedicated to the gateway including some DB2 processes
Location of keystore for Premier - Tell him to look in the notes.ini for the location of the java SSL keystore. That is the location of the file it is using. We actually had to remove the file and then create a new one with ikeyman and import the Equifax cert since it is not a default certificate
Alas, never mind that portion we found the culprit of why it stopped working. Premier updated their SSL certificate on October 4th of this year. The local keyfile had the expired previous certificate. So it just never connected. No warning, no alert, no log. No connection.
We could get no debug variables to place in for the adapter so after a clean install and replace some files I copy in below, all was well once again after a week of running in circles. Good job to Chris O at my office for sticking this through and beating out of them that they changed their SSL after we told them that was an issue a ton of times before we got confirmation.
The AA install program installs a stkeys.jks file that I cant 'open' using Ikeyman, (haven't tried certsrv). So after a re-install i delete the stkeys.jks file that the audio adaptor creates, and then create a new one using Ikeyman. But the Equifax cert ( the SSL cert premiere uses ) isn't included by default so I had to download it and add it to the stkeys.jks.
Comcast officials say the Lotus Notes problems were caused by a software glitch, adding that the company does not block customers from using file-sharing applications. It does, however, manage its network so that a few subscribers using bandwidth-hogging programs don't slow everyone else's Web surfing.
As we prepare to his DST again, I sat in the open mic call this morning. A simple request to Lotus..
- Listen to Episode 28 with Scott of Lotus that not only got downloaded an amazing number of times, but had tons of info.
- Listen to Episode 27 with Andy and Rob of Technotics as we talk all about DST impact
But I noticed one thing from listening to the callers this morning. A lot of people have been doing upgrades, changes and deploying applications since the last DST time change. Yet everyone has the same question. What version has what fix and if I upgrade is it done?
So Lotus, we need a simple scenario listing in a whitepaper or technote that shows the outcome of where they are now and what steps are needed. Such as:
- you already patched for spring and have not changed the server code
- you patched for spring and have now upgraded to X.xx version
- you just installed version 7.0.2, is there any patches I need or is it included?
- you were in a version 6.5.x and patched in spring, we then upgraded to 6.5.6. Do I have to repatch?
- Other countries are now going into time changes, so if I have international servers/users I now need to patch those? (like Australia and Brazil)
- Telephony integration
- Peer to peer audio and video
Ok, here we go... Bill McAnn was the call moderator. hey took some questions from the forum first to prime the call
- Lock a client to connect to a specific Sametime server geographically? Yes, point to a home Sametime server.
- I have installed Sametime 7.5.1 client and did the Outlok disablement hook after following the workaround. But when upgrading to FP1 it came back. This will possibly be fixed in a later version, but not 7.5.1 Technote #1259391 addresses the issue
off to the live calls
- I know the voice and name of this caller! But I wont call him out. He wants to build a silent install package to dump out with SMS. There is some issues with this. There is a new client with the proper fixes, including CF1. It comes with the installer and since it is a full client you have to open a PMR to get the updated installer package.
- Provisioning the preferences in the Sametime client. One is the site update. One is the plug-in customization.ini, but that only gets read once. Does the site update have to be a feature jar file? The feature jar file approach is delivering a new or updated piece to the plugin_customization.ini filer. This file is read each time the client is started. The ini provides the default settings preferences. End user overrides in the client preferences will still overtake what is set in the ini file. You cannot swap it out at install time. An update site must be a jar file
- Policies regarding chat recording, with the value set to save or not save. If you uncheck this does it force down to users not saving chats. Lotus says unchecking this does not set auto-save in the client. Checking this forces the user to save chats. There is actually two policies. One allows them to save at all and the other allows auto-saving.
- When was the silent install that includes the msi, when was it released? Sep 21st or so was the release date. Also, they want to fill in the community name and pre-configure TLS? Craig jumped in to say he belive it is possible now.
- They have multiple servers, a web portal with stlinks, web conference server and chat servers. People get logged off when the move around servers, why? Jennifer at Lotus says Portal was giving a new IP address coming in so it was being seen as another user. She gave the example to ignore when you come in twice that goes in the config section. The user must also be homed to a Sametime server or cluster.
- The CF1 version of 7.5.1 takes care of a lot of issues but one they had. When you install and launch the client the Terminal Services application continues to run? Harry, dev manager at IBM, asked to clarify operating system and client. It was OSX 10.4.10 with Sametime 7.5.1 CF1. When you launch the Sametime client it also launches Terminal Services. They do not quit and continue to stay launched. The client works fine, but you must manually quit the Terminal Services. The Sametime 8.0 beta weas brought up to try it there.
- The next caller wishes to turn off the resert button in the client. Craig said there is no policy or previous request to turn this feature off. The caller saysd for compliance reasons they muyst lock the user from being able to change communities. Craig says 7.5.1 said you can change the host without resetting the user, which could be an issue. He referred to the policy to force the default community. Unless you have multiple communities, then this policy would apply. The caller has Facetime in the middle to capture for compliancy. Lotus suggests hiding the Sametime MUX so no user can directly connect to it.
- The user policy, user preference, and then plugin_customization.ini is the order of load for the Sametime Connect client.
- I missed one call for a person coming in, sorry
- The next caller asked about the StReflector being set up. If you are doing many audio or video chats then moving it to another box will assist in performance. Voice chats work fine internally but not over VPN nor outside, including NAT. The reflector will let each clients see the others IP address. Point to point will always be first, then the reflector. With exxternal users with symmetric NAT you put the reflector outside the organiuzation. A normal or non-NAT firewall, the clients will still try to do point to point. The reflector must be able to go through the firewall.
- Prudential wants to deploy a basic client and send out the features, yet they cant lock them down. They want a list of what cnd cannot be locked down. The only settings available for lockdown are those in the policies on the server
- Can you secure audio and video to a particular group? Yes, use policies
Here is the page...
This web log is a joint effort by the key technical architects and user experience professionals to open a direct line of communication with developers about the capabilities of user facing composite applications.
I also had the link up on how to move a Sametime plug-in to Notes 8 client. Here was that link.
The issue is that if you wish to have it on in the server configuration document, policies must then be used to turn it off. Instead of enabling it further for certain users, which one would expect. When I relayed info from the podcast that Susan and I did weeks ago about how the Domino 7 server will send the recall requests to the Internet by default and you can even recall mail sent in the past before the upgrade, eyes went wide. The final straw was that no indication is left in the recipient mailfile that a message was even there.
This discussion and slide review covered about 30-40 minutes of the session itself. Without giving away all the parts, just because it is a new feature doesn't mean it should be on was the general consensus. Some said they would have it enabled after some time, but having it on when you install/upgrade was the wrong choice.
Well unknown to me, if you do not run in a central clustered environment and have users spread across servers that may be geographical or just in the same place , but not clustered, the gateway needs and wants a port 1516 connection to each and every server, which it then holds in a local file. This does not worry me as much as it appears some company security groups.
The Gateway is just what the name applies, a gateway. Just how you deploy external SMTP servers and then only allow them in through the firewall, via trusted IP's usually, this acts the same. So have no fear, the Gateway is doing it's job by not storing data and only offering a direct connection to the public providers and then 'proxying' the traffic to Sametime. Your user directory is not affected as well as you can control which providers come into the Gateway and then how just the Gateway communicates to Sametime.
So do not freak out, it is all in how you present it to the team in most places. Those that still don't get it, probably never will.
I shut down all electronic devices as required and prepare to get some rest on the flight. Which does not go as planned, but not as bad as getting no sleep at all. Once off the plane it is time to turn the Blackberry back on to check if the car service is there and if any other plans had changed. All is well and on schedule. I arrive at the customer site and get straight to work. They don't have an extra network line ready for me in the conference room and I accept that I cannot get on the wireless. No problem, the corporate housing awaits that evening (or 8am my normal home time) So I would not have missed much of anything and I got email all day. well the housing has one TV in a common area and one PC line in there also. No lines in the rooms, no wireless. I can live with that. Until I discover that the PC line there only accesses their Intranet and you need a username and password for the proxy. I send a quick email with the Blackberry to the team I worked with. Some answers from their Nokia phones. We can check tomorrow. I say hey, I have email and a bunch of DVD's haven't watched anyway! Time to relax for a night.
The next day I load JiveTalk to consolidate all my IM services onto my Blackberry instead of individual clients. More on that later. I like it though. I also have the office set me on tether modem on the Blackberry but overseas it gives me some weird error. Maybe because you dial that weird #777, who knows. I work on that later. Word comes from the security team that they are very unfriendly and do not have or will issue a temporary proxy account so I can use the network there or at the housing. So I am full fledged Blackberry and accept my fate.
- Lotus Notes email access - well duh, BES server
- Sametime - Yes, Sametime Mobile 8
- Chat - JiveTalk for AOL, Yahoo, ICQ, Google and MSN
- Google email - yes I have the downloaded Blackberry mail app from them
- Other emails already configured to go to the Blackberry device through BIS
- News and such - many choices. Bloglines for Blackberry and Pocket Express
- Facebook - Blackberry access in browser at http://m.facebook.com
- Jaiku - Blackberry access via JaikuBerry
- Blackberry Messenger - for all the time chat to the wife on her 8830 and also friends with Blackberry that have connected
- Tethered Modem - heck no, Verizon Access manager needed which takes a PC to get. Their website is not Blackberry friendly at all and really needs a WAP interface. All the darn scripts drove me nuts using the Blackberry browser
So where do I sit now? Thumbs really do hurt some, the battery goes faster when you constantly use it, I expect no less. Could I make it my lifeline, sure. Do I need some of the Domino apps, sure. That is how we do business. having them offline is great, but not being able to sync does no one any good. The Blackberry stepped up when it needed to and covered all the basics. It does have me on the hunt for even more and better applications for it too.
- Janine Popick, CEO of Vertical Response
- John Landau, CEO of Customer Experience at Huddle.net (UK company)
- Mike Walsh, CEO of Leverage Software
Matt Anderson of Radicati was the speaker. After 5 slides it went to Q&A with the panelists.
- Vendors that they listed included Lotus and a slew of others I did not know offered such solutions.
- The suites are what Lotus Connections offers with some added parts like Business Intelligence
- They then have specialists that work on each part of the software itself
- The market drivers were just what you know now. Make some teams and share some info then find people around them
- The market barriers are what you expect but easily overcome. Compliance (US issues), deploying new technologies
- What does your offering provide to set it apart from other offerings
Mike Walsh - They are trying to making it easier for the business person to make and find relationships. Taking some of the Web 2.0 items , with security and making it easier for the business worker to share information in a collaborative environment within and outside the company.
2. What was the initial pain point that caused them to look for a social networking solution for their enterprise?
Janine Popick - They have 30K small business customers with only a small number (50) of employees. So they are the customer experience side. They let the customer
3. How has business social software changed how employees share information between themselves and with customers?
Janine Popick - They have an award winning blog. Employees post more content to give them exposure. They use Leverage as their social software choice it was said. They also started a Facebook group with about 200 members giving product feedback. There is a wiki in place to post documents and share information.
4. What are some of the key factors when vendors go up against Microsoft Sharepoint in this space?
Mike Walsh - Everything is based on the needs of the users. It varies across prospects. He said Sharepoint, which is a great product, and Lotus Connections, which he was not familiar with, helps them find the right people for a specific person to assist with a project or prospect. he said Sharepoint seems to be for internal collaboration behind the firewall. he does not look as them as a competitor, but as augmentation.
Jon Landau - They are often compared to Sharepoint. The perception he finds is that is a free tool but the TCO is incredibly high for a business. It does well for internal collaboration. But the idea is to bring external clients together with the inside groups and becomes costly with Sharepoint. Kingfield is a customer of theirs, and they were looking at Sharepoint until he brought Huddle to them.
5. What were some of the critical features that your business looked for in a social software package?
Janine Popick - They found that their customers that used their service needed different feedback. So small groups of customer types are forming. They are also able to push focused product release information. Finding users "like me" on a people map and then reaching out is helping the company since they already compile a large amount of data from each customer. Live chats are helping get feedback on what features of their product are most important.
Questions from the audience....
1. What are the real benefits, like ROI. These seem like a solution looking for a problem.
Janine Popick - One of the things they did when deploying was hire someone to manage the deployment. Without someone to drive and manage this can fail. This person also participates in the social network by watching and even generating conversations. On a hard ROI front they know they are saving time on email and feedback processing. Vocal people in the communities help promote what is needed without them sending out constant user surveys.
John Landau - Huddle offers the ability to share documents and work together internally and with external partners gives a tangible ROI. If that was done by email instead, You end with multiple people looking at different versions and chasing information. Huddle has the centralized upload, sharing and work area to set approvals and tasks, etc.
Mike Walsh - They were out as a social network platform before Facebook caught on and now everyone is clamoring for this type of application. They work with 300 companies with different goals and needs. ROI might be decreasing support, increasing upsell, increasing customer loyalty, getting products to market faster by getting feedback. Microsoft, HP, Oracle, Salesforce, Time Warner, NY Times are all sample customers. Some need projects done faster and others are using it to find hidden talent in the company.
2. Were are a small software startup with 400 partners/resellers, can you describe the benefits of utilizing the software?
Mike Walsh - They do work with smaller companies to share best practices. Relationship building through the social network is a huge benefit.
John Landau - You are able to bring all these partners and resellers into one social network so you can all chat, talk working group and share information with branding and customization.
3. How does voice and real-time collaboration overlap with services such as the social networking vendors? Will you follow?
John Landau - Huddle is in a position in the next few weeks to offer integrate single sign-on ability. Web conferencing tools are also being built into the product offering.
Mike Walsh - Open architecture through widgets allows you to add features and functions even without their help. They are partnering with companies like Webex and SalesForce, or even pulling in a Skype or Webex widget. Also a GoToMeeting widget as they used in this conference.
4. Is there a listing comparing what these vendors offer in their social network offerings? (my question)
They will have a listing in the Radicati report
5. How do you deal with issues around compliance. (yada yada yada) ?
Janine Popick - She does have compliance issue it seems. They use a wiki for a lot of collaboration but will be tightening up how the information is controlled.
John Walsh - needed the question repeated. The data can be exported so it depends on the requirements of the organization. One feature they do not have is document check-in and checkout. Their solution has revisioning and tagging. How it is completed and found is up to the client, such as Wells Fargo.
John Landau - The document management system saves every version of the document as it is worked on. Their solution is geared towards compliance. You can see date and time stamps for all edits, updates, changes and new items.
6. What is the cost for trials of these softwares?
They will send that out later or go to the websites and get some free trials. Huddle and Leverage offer free trials.
Sara Radicati wrapped it up with not much fanfare but look for their report, of course
He then equates Google to the latter-day Lotus, painting a scenario where Google smugly laughs off a bloated but feature-rich (imaginary) NewSDK from a bratty startup, only to then get disrupted by this SDK when browser capabilities improve. Of course, part of the analogy breaks down because Microsoft was hardly a bratty startup when it succeeded where Lotus failed.
This article goes after the older Lotus office entry with SmartSuite I believe and not the current Symphony part Deux. I have not said much about Symphony, there is plenty out there. I used the Productivity Tools during Collaboration University as well as OpenOffice. I found issues in both. I use Microsoft Office most of the time because that is where the masses were right? But will Symphony part Deux take over a huge slice of the MS Office world? Not in a large percentage. Can it assist in the SMB space that uses Lotus already? Maybe not if they move to 8 and use the built in Productivity Tools. So the press is behind the announcements, IBM is pushing the newswires with the announcements, people are downloading to check it out. So how fast will Lotus update the software to match and exceed what is out there now is what remains to be seen.
So we were being silly to play around with the features. Headsets on backwards and others. When you use the chat room it takes a snapshot of just how you are when you click send. So the pictures are resized too small for you to see, but Carl and missing pants is bad all around.
Free video conferencing is good no matter how you slice it if it works well. This one seemed to do just fine. Now, we didn't get 8 people in the room, but that is next on the list. You had the choice between hands free audio and push-to-talk type. Both seemed to function fine.
Creating a room for the conference did not even require registration at this time. Simply name a room and click invite and it copied the link to the clipboard. It then uses the Flash connection for your video and audio. No problem, worked right away for both of us. No fuss, no mess, no firewall issues, no downloads. The chat was, well chat.
It seemed there was a way to record but I couldn't find the button. Chat worked fine, but needs a bit more ability. Attaching or sending a file would be nice so everyone could talk. It still is not a 1.0 release so I imagine more is coming. I am curious about the bandwidth as this grows, but let's see how it plays out.
So overall, did I say it was free with no firewall issue in the tests? No tunneling and numerous ports for AV like I got asked yesterday for Sametime
You can work around this issue by either creating a presentation of fewer than 100 slides or by not selecting the Master Slide option in PowerPoint.
I couldn't remember, and didn't bother checking, what hierarchical name he used in his id so I simply entered Sean Burgess as unspecified into the ACL. He could not get in the database. I changed it to type person and added his O certifier and he got in fine. Wondering what gives here as this might have other implications for us in multi-tenant cross-certified environments.
Iread with much interest all comments about DDM, in response to my (previously published) article. I can only say that I fully agree with all these comments and I hope that this post will make things even clearer.
DDM is for sure an improvement and IBM kept improving the monitoring of Domino since version 4. Some DDM features are very useful and a few of them cannot be provided by any other product, including ours.
My article is actually not only regarding the benefits of DDM, Admins can judge by themselves about its value. What I can hardly understand is the marketing made by IBM around DDM. Was there so little to say about new features in Notes 7 that IBM chose to present DDM as a revolutionery product ? I do not question the value of DDM but all Admins having worked with Notes since R4 know that DDM is mainly a revamp of existing features.
I'm also surprised by IBM's plans of releasing a major release yearly. In my opinion, a major release must provide significant enhancements and new features. Fixing such deadlines leads to a very strange situation where 4 different versions of Notes are maintained, including the version 6.5 which nobody knows whether it can be considered as a major version or not.
The ones having discussed with me know that I'm a strong advocate of Notes for many years. However, I agree with Philip's comment about IBM competing with it's partners and I'll add that I'm puzzled by the lack of long term strategy in this company. I'd prefer that IBM spends its energy fighting with its competitors, not its partners. OK, I'll stop now before IBM people get mad at me once again.
Back to DDM, I don't like the design of this product:
1) It bypasses some standard Notes concepts, which is unacceptable to me:
- automated replication
- relies on Notes when it's supposed to monitor it
2) almost all information is not real time (unacceptable for a monitoring product)
3) it's mainly server based with all related drawbacks:
- resources taken from servers and possible crashes
- problems with heterogeneous environments (versions of monitoring code and servers)
4) real useful features are in my opinion reserved to skilled users
Comparing to Monitor:
1) Monitor doesn't have any of the drawbacks listed above
2) Monitor provides major additional features and supports other platforms (clusters, Sametime, BlackBerry, etc ... and soon Exchange)
In conclusion, I agree with someone's comment that DDM can be useful as a entry level monitoring tool but falls short for monitoring large (or critical) environments. As far as being a revolution in the Notes world ... let's be serious a minute, it's not. The real revolution happened about 20 years ago when the concepts of replication, UNID, certificates and views were put together to create Notes.
BTW - nice to see that quite a few people also use our products :-)
- Asia Pacific area looking for a proof of concept install for their business and need NAT and public CA documentation. Caller said they got the wrong certificate purchased, that it didn't support TLS. Lotus is working hard in 8 to simplify install and config. As for NAT, they list the restrictions for NAT due to SIP. Certain NAT providers are becoming SIP aware due to VOIP and other real-time collaboration. As I posted about the morning call, I will shoot out some diagrams for everyone since this seems to be a main focus.
- Caller is implementing Sametime 7.5.1 and having client issues, even with CF1, of getting layout and pre-population to clients. Preference controls like auto-status changes, for example. Lotus suggested utilizing the plugin_customization.ini file to change and set some of the settings. They have no policy control with the 6.5.1 server and Sametime Connect 7.5.1 CF1. The issue is that they must then match the new policies when going live with the server on 7.5.1 or 8 to make sure they do not change everything back. This is a big part of rolling out the advanced client and wanting particular features enabled or set a certain way before the server policies are deployed.
- Another caller emphasizes the issues with SSL config from Premium Server as first caller. Thawte server worked fine. Yes, I am seeing in installs that you need to import root certificates in many instances to get it to work.
- Australia - IBMUS and Australia connectivity problems. Customer is using dual network cards trying to route public and private address. asking if the OS will do the routing. Part 2 - Wants to talk his SIP to their SIP. Asked about port 443, which is not right. He needs port 5061 for encrypted, not 5060 which is unencrypted. No 443 need. 1516 and 1533 open for internal connectivity on 7.5.1. Then 1516 for 7.5.1 CF1. Also asked about LDAP server connectivity over 636. DB2 server, is it encrypted by default and does Express C handle it? Not by default, and maybe not in Express version, have to verify that. IBM SIP gateway connectivity actually needs port 5060 for the first connection then 5061 to finish. LDAP SSL relies only on the LDAP server having a public certificate. What data is stored in the DB2 database, a security concern question. Lotus answers that in the DB2 database you can find the gateway configuration data, user id and group id in UNID form. Last question, checkpoint firewall in front to cover NAT issue? Lotus has customers with it. Multiple NIC cards not an issue as long as its config'd correctly. I say why not use NAT and routing with a single NAT instead of trying the dual-NIC approach.
- What kind of arrangement does IBM have with the chat vendors in terms of IP address changes? same question as this am, same answer. Then MSN connectivity question. no official statement yet from Lotus. I see the IP address changes a hard part for firewall teams that are trying to set the port to only allow certain addresses to talk to the gateway. That is a tough move when you are relying on a 3rd party (IBM) to tell you when they are changing their IP addresses. How about just moving to a DNS range for the provider and then everyone is happy.
- SIP phone as PBX install. Asking for connectivity options as general PBX integration. Good question but no comment was provided to direct them to the vendors writing plug-ins and softphones.
- Customer wants an easy way to find out what other corps are using the gateway? Lotus does not keep or publish that. Creating a Sametime Gateway group in Facebook or a posting in the Sametime forum was a recommendation. There is a Facebook group for the Sametime Gateway already with a good couple handfuls of members
There were at least 15 calls taken, and I managed to capture and write down the main point of each one. The majority revolved around a couple key areas, and that is where the concern is. Participants were asking for network diagrams, port settings and allowable IP addresses and better clustering support. While some of the questions did receive direct answers, in my opinion some did not. Now someone there will say it was not official support inquiries, no official statements, yada, yada. But when you have large enterprises trying to deploy a clustered solution in large deployments with too many network security teams in the mix, well you get confusion.
First thing to the companies. Too many companies are trying to reverse proxy, put servers in front of server even in the DMZ, build SIP clusters with load balancers/IP sprayers. I agree with one thing for sure, everyone needs the cluster support to deploy this is an enterprise solution. As for all this worry over this server in the DMZ, why the stress? No data sits on the gateway server, it connects over SSL to your internal LDAP (further restricted by port and hosts is needed), it uses the encrypted VP protocol to the Sametime clusters in the back. DB/2 can sit behind the firewall restricted by host/port access also. So you basically have a shell running a program that acts as the gatekeeper. Or gateway as it is named. Get the security team to understand this. There is no data to be protected, if the gateway gets bombed or hijacked, then they get an empty shell that you cut off.
Second thing is to Lotus. Come prepared. Half answering chat logging questions, diagram requests, proxy support and numerous clustering questions won't fly for long if this is truly an enterprise solution. Yes you did answer some areas of what is coming, things that are verified in support and even how to map multiple O's through LDAP queries to Domino. But the lack of testing of clustering and the network outline support is frustrating to most of the callers if my current pings I am getting are right.
I would have sent you here on Notes Net, but apparently the published info for CF1 is not complete. See line 21 for some humor.
So what happens is that you can set an update site in the default policy, but it then overrides all the new group or explicit policies. You can not set alternate update sites for different users. They are grayed out with the provided default site.
Move on to leaving the update site blank and then the sub ones are forced to be blank. Same scenario as above in reverse. So in essence you have to provide only 1 update site at this time for your user population. That doesn't help if you want users to get alternate updates or plug-ins at this time.
I bet it is on the list for the future though..
So the updates do fire down the changes, and they do leave the other files locally, just one of those things to deal with.
URL for UIM provisioning:
This never seemed to work. Updates were not coming down as I talked about on Friday. We then placed the site update in the default policy. Unfortunately we also had to do a reboot. So I am not sure if the reboot or using the policy instead of stconfig did the trick. We are testing that again one step at a time to let you know.
Interesting.. the site update isn’t updating anyone yet for CF1 and they did some goofy naming in the updates
So looking at the local files in the plug-in directory you already have for Sametime Connect 7.5.1 compared to the new site update, none of them seem to match from the first 10 iI checked. Either they had
listed instead of the new ones that did
or they were entire new features that did not exit before. So the new ones should come right down. But how about the ones that do the same thing but compete? Shouldn't they simple update the date at the end of the feature line. Instead of
They go and toss some oddity name of
How does that update the existing one or how does it know which to use unless called from somewhere else? How can we clean up these older ones with the updates?
The Readme for the CF1 update can be found right here.
So I compressed the installer and let it fire off for the server. It says the total update size is 79.9MB and goes on quite willingly.
So you have choices to either run the installer in it's entirety on the local machine or push out updates via the update site.
CAUTION(S): Not all updates are applied when using the update site method. Read the release notes carefully to know if your issue is covered band by which method. Also, you may not want the automatic update if you have not aplied at least CF1 to 7.5. There is an admin update that must be done as shown below in the image.
There is quite a few packages as shown in this image:
Also, the Single Sign-on with the operating system is now available, as well as additional dictionaries. Those are added plug-ins that need to be deployed. Each comes with it's own site.xml that you can merge centrally or push into siteupdate.nsf from a Domino 8 server. Then you get the user policies in place.
Let me run the update and full installer and let you know those results next
Problem In very specific scenarios, there is a possibility that a Sametime® server could be exploited by a Cross Site Scripting vulnerability. Solution In a specific instance, it was found that a precisely crafted Sametime meeting could potentially contain text that would expose a Cross Site Script vulnerability.
This can be addressed in Sametime 7.5.1 by applying an available hotfix. All future releases will contain this fix within the shipping version. Additionally, the same issue was not seen using the EMS server.
Keep that in mind when deploying the update. Some of the features will not be updated properly without downloading and installing the full package just as you would for a fresh install.
This is in regards to the entry in the May issue of the Sys Admin Tips
newsletter from someone who wanted a tool/agent to report on user mailfile
sizes and quotas. I had previously written an agent to generate just such a
report. It sends a simple text email with the report details. I've attached
an export of the agent as an .lss file which can be imported into any
database. The only other setup that needs to be done is to set a few
variables in the Initialize event (name of the server to run against, name
of the person(s) to send the email to).
Hopefully you can pass this along to the person who posted the entry.
Here is the download -->
CA key rollover not recommended in large organizations In Domino 8, administrators can assign a new set of public and private keys to a Domino certificate authority (CA), which are used to certify the keys of OUs, users and servers in that organization. The process of assigning new keys is known as key roll over, and is documented in the Domino Administration Help topic "Certificate authority key rollover."
The CA key rollover feature has not been tested in Domino customer deployments, so its use is currently not recommended in these environments. Organizations that want to become familiar with the feature are encouraged to use the feature to roll over the keys of a test CA, and then test users in their environment.
We are testing this on a test domain and found some oddities in who got updates and who did not, plus the variance in Lotus Notes client versions plays into it.
After some friendly cajoling to Rob Novak, I dug deep and found that the notes.ini variable for the Quickr admin name did not match the name in the LotusQuickr\LotuysQuickr\Admin.nsf database. The very place you had to authenticate. I even ran the qptool to change the admin password incase I mistyped it originally, no go. Modifying the notes.ini variable to match the database ACL, creating a group to match the database ACL for the QuickPlaceSuperUser group and then adding the administrator group to that as a subgroup worked great. I was able to log in as myself, change the directory, security and Sametime settings and it seems Quickr is flying high on our internal server.
Oh yes, do not forget to also do the technote changes for fixes for Quickr already.
Notice you get to replay quick bursts of audio and video chat. Quite the cool tool when you miss something.
The best part is that if the database already has a local replica then the menu option is grayed out. Cool! Seems to be a very simple way for users to create local replicas of databases.. errrr.. applications
This broke the ability to add names to policies or browse from the 7.5.1 Connect client. If I allow the maximum returned entries to unlimited, it allows you to add names to policies and browse from the Connect client.
In my humble opinion, I should be able to set a limit, still add names to policies and only have a certain amount returned when someone tries to browse the entire LDAP directory. This would force the user to use a finer search string and release load on the LDAP server when there are over 20,000 users involved.
Make sense? Bug or no bug?
Now if we removed the qpconfig reference to the DNS cluster hostname and set it to a totally different host such as quickr.ibm.com it worked perfectly.
The solution? Remove the DNS cluster name from the server document hostname entry back to the actual DNS entry for the server and then reference the DNS cluster name in qpconfig.xml and it all worked great. Apparently placing the same name in both causes a duplication but having alternate names get replaced.
So grab it right here or go back and read the previous blog posting. I will post more tech tips around tweaking it shortly.
It does prompt you to become your default RSS reader, so beware on those screens. It also puts a desktop alerts icon in the system tray, I am waiting to see what that part does with a follow-up posting. Here is the screenshot from the first part of the install after selecting ONLY Sametime components. It did drop a nice amount of files into other areas however, not just a plug-in as one would normally expect.
However, there is no click or double-click on this icon. Only right-click that has status changes and the ability to log off. If this will not offer the normal client functionality, then I say remove it. More confusing that I cannot double-click and have it open my contact window or pop it open in the client.
- I send a video chat request to another user, they get an audio prompt
- I find out the local laptop firewall might be interfering and disable it temporarily
- I get video to work (which runs across the UDP ports)
- Recipient drops randomly and can't see text chat windows
- I end video chat and text chat I was typing appears
Later, I check the memory utilization. If I do not start a video or audio meeting, I can get the memory down to 5MB or so after the initial launch through the old bug they still have in how you minimize the client.
However, if I run a video chat, no matter how I minimize the client I still eat over 40MB of RAM. I will grab some screenshots shortly. This is amazingly high compared to any other chat program I run, even Flock
- Stuart McIntyre will be moving over the QuickrBlog, LotusConnectionsBlog and CollaborationMatters
- Richard Thomsen started up the midwestik.com blog (I need to get him not to forward and to point it to the server I see). He talks about kayaks and Domino. Interesting combo.
- BucktheBug.net is also live from Michael. While I can't read a thing in it, Babelfish might be a good idea here
- Carl TYler moved over iminstant.com a while ago
I totally reinstalled 7.5 FP1, then patched Websphere to 126.96.36.199 and the gateway to 7.5.1. All seems to be well at this point. But note, when I say removed and reinstalled, I did not create any community connections until the code was upgraded. Apparently if there is any community defined, the error commences. Without them, or a new install, you are good to go.
So I am back on AOL, Google Talk and Yahoo through the gateway.
Sametime Gateway 7.5.1 new installs have different directory paths then previous.. should have seen this coming
DB2 also takes a new table name as STGW. While the upgrades will work just fine, it is interesting to see such changes as this. I imagine this has much to do with the renaming of the product from the original Real-time Collaboration Gateway to Sametime Gateway last year.
However, the profile name does remain the same at RTCGW_Profile and the server as RTCGWServer. Weird some areas made the shift but not others..
I then mentioned that I went through the 7.5.1 upgrade and it did the exact same thing. Now I have been getting some help from Lotus, but I don't get how having communities defined would break the install. I also thought it might just be me until I finished a customer call this morning who had a pilot of the gateway running. They attempted to upgrade and got the same exact same portlet destruction.
Pardon my frustration..
Lotus Connections invites started hitting mailboxes today for Greenhouse for more select customers and partners
This site allowed self nomination some time ago and apparently has had people in it for a while. Growing slowly, just like a greenhouse would grow plants.
First impressions are that this could be a very cool way for partners customers to start communicating from all over the globe. The site is a bit bogged down, I imagine over the demand of everyone logging in.
Do not panic if you cannot edit or update your profile yet. Read the fine print. It can take up to 24 hours to get your profile built into the system. While you can log in, you just can't update it yet.
The intro screen is cool with hints of Quickr to come. I would love to see Sametime tossed in there for presence. This does add a minor change to my Activities plug-in in the Notes client. I had it pointed to the wrong IBM server it seems. Not Greenhouse.
As I just around Greenhouse some, you will see there is a heavy European presence that has been in there for weeks creating communities, Activities and profiles. So don't be surprised to see almost 900 bookmarks already in play.
Will it be the start of a BP "MySpace" or "FaceBook" with no long term inherent value? Or will it grow into a full networking, people locator, community of interest, project (activity) sharing and link sharing that you would dream. Can it handle the influx of visitors it will generate soon? Where the heck is the integrated Sametime?
Sit back with me and watch. Martha Mealy posted about the attempt to find relevant statistics for collection. I strongly agree with that question she put out to everyone. What are valuable stats? Number of hits? no. Number of communities? no. Usage patterns of features? yes. Blog entries? no. Profiles? no. Searches against profiles? yes.
the list grows....
On the 7.5.1 Connect client installation, it asks if you want to remove any existing Sametime 3.x or 7.0x. Generally you would say yes as I did. It then identified that I had Sametime 7.0x and asked if I really wanted to remove it. That was OK because I knew what was going on. But the problem is that I didn't have Sametime 7.0x, I had 7.5
P.S. after I installed, I launched it and the About splash screen didn't go away. But that was fixed once I rebooted. :-)
It seems that under certain circumstances the Sametime Connect 7.5.1 client keeps looking for the Microsoft Outlook profile. Even with Lotus Notes clients on the desktop and Outlook not configured. A check of IE shows that the mail program preferences is also set to Lotus Notes, so no conflict there.
There is the new Office integration component that is offered, however the client still prompts for Outlook profile upon launch after configuring it to use Notes.
Hey Chris, saw all your postings today on 7.5.1. I downloaded the new client but don't see anything but the full exe file. Do I need to expand that to get the Eclipse update or will that be coming soon? Great postings, thanks!
Well that is a great question. One I have asked. You would expect with all the hype around Eclipse and provisioning clients you could simply toss some code for a site update. While this would be many files and larger than a normal small push, it would all be done in the background and then they get restarted and viola. However, Lotus said they were not ready for it at this release, or something in those words. You get the drift.
So what that means is you must have each client download and install the full new code, just like a fresh install would be. It will upgrade seamlessly, it is just a packaging step you need to do.
Either that is a cool white plug-in or something is amiss
- The memory utilization is crazy. Upon launch with no plug-ins loaded yet, it was 67MB of RAM. Compared to other chat programs, that is an easy 3-4 times larger for some of the exact same functionality (like Yahoo messenger 8.x)
- If you happened to load the previous Eclipse updates for the Sametime Gateway on your Sametime 7.5 CF1 server, then you get the following prompt that new code was added. However, this isn't newer as they changed the numbering scheme (see image below)
- You are not prompted to change your geographic location for the new install and fill out you location information
- You users will appreciate the icon changing from Sametime Connect 7.5 to Sametime Connect (no version number listed).
- Privacy settings for different communities is still a single point and not set up to support the feature of logging into multiple communities
- It seems some people are getting two instances of the client when they install and click to Launch the client right away instead of closing the installer and then launching.
Java virtual machine (JVM) changes made to Domino 7.0.2 are causing nHTTP crashes.
|If you are running a Lotus® Sametime® server release 7.0 or 7.5 on Domino® release 7.0.2 you may experience nHTTP crashes. These crashes do not occur in versions of Domino prior to 7.0.2. |
QUOTE FROM THE PDF
BlackBerry servers may crash unexpectedly when the server Name and Address Book (NAB) is upgraded to the new Notes/Domino 8 design or when users switch to the mail8 template. On your server console, you may see an error similar to the following:
Process E:\domino\nBES.EXE (4172/0x104C) has terminated abnormally
In addition, NSD may or may not activate. In either case, the BES task is not functioning, and BlackBerry users will be unable to receive mail.
Workaround Administrators should upgrade to the latest BES release that has Domino 8 support.
It's page 18 and 19.
Read the pdf right here
Microsoft Transporter Suite for Lotus Domino is used for interoperability and migration from Lotus Domino to Active Directory, Exchange Server 2007 and Windows SharePoint Services 3.0.
Anyone tested the gold release yet? You need the following installed also:
- MMC 3.0
- Windows Powershell 1.0
- Microsoft Exhange Server MAPI Client and Collaboration Data Objects 1.2.1
I will load them on the test machine and see what we get.
The Release Notes
The actual product page
However! RIM states no support of Domino 8 in any fashion at this time so run at your own risk
AOL has released a location plug-in for its AIM messaging client. The plug-in, developed by Skyhook Wireless, allows AIM users to see where people on their buddy lists are physically located. Skyhook tracks locations by using the wireless pulses emitted by all Wi-Fi transmitters, including Wi-Fi-enabled computers. The AIM plug-in allows users to add a new "Near Me" group to their buddy lists. This group will show usernames of those AIM members who share their locations and are within a set distance. The plug-in, which is a free download, also enables users to see a buddy's location on a map as well. Currently this is available only for PC users - however Skyhook has said it expects to see the location capabilities eventually integrated with AIM clients on mobile phones.
Interesting twist as the race continues for IM domination...
Hmmm, something is amiss here
The users gets it, the users understand it and for gosh sakes they don't have to call me about icons
For example, with Win32, the default memory available to each Domino partition is 2 GB. There is a switch to increase memory to 3 GB, but that solution has a performance impact of ~10% CPU utilization. With Windows 2003 x64 Edition and Domino 7.0.1, this switch will not be needed and 3 GB will be supported by default.
So the issue is that with large data stores (this is over 2TB we are talking right now), the /3GB switch causes crashes. While the internal IBM info is not published at this time, I hope it will show. The funny thing is that this exact issue affects Exchange shops too as shown in this posting. I found a warning on Ed's blog, under comment #8.
This led us to find out about the transaction logging issue with 7.0.1 so we are headed for 7.0.2 with no /3GB switch. Let's see if we can get that new technote.
Well in the ReadMe file there is a section about uninstallation of the versions that cured my issue it seems. Some loose files left over in the C drive, a folder in the old installed program directory and 2 registry deletions and I was on my way. It launched fine, worked well (except the local NAB still) but crashed on the way closing. I will reboot now that install is done and see how we fare.i
So go and get it from Ebf.de or use the very simple site update they provide if you have trouble reading German. You can use the site.xml for your client at the following:
What this means is that while the agent completes, it might have skipped certain documents in the user's calendar. Of course, this is totally random. We found most mailfiles were good, but then some would have appointments that did and did not convert. Running the new agent again against these mailfiles seemed to solve the issue. WAS far as we can tell because there is not enough time to go through the properties of each entry and find the timezone values.
So good luck once again..
Anyone care to explain how McAfee SpamKiller doesn’t work with Lotus Notes emails? I think this is fishy
Now normally I would laugh and enjoy the humor. However., there is a link on the McAfee site that takes you to a simple statement form them that they do not support Lotus Notes in it's native mail format, use POP3 and then it links to an Oct 1998 article on LDD about setting up local POP/SMTP accounts.
So I browsed their site and came across the product page which states it supports Lotus Notes and the other product. SO I am guessing this article writer is pulling old data out to stir the pot since the link was for the R4 version of the product also.
IBM is holding daily "Open Mic DST Calls". These calls are intended to
provide a forum for our customers to bring their questions, concerns etc..
around DST to us! Our goal is to provide them with the information they
need and to answer the questions that they have in order to ready their
systems and WPLC products for the DST changeover.
IBM has planned calls for Tuesday - Friday (March 6th - 9th) and March
12th from 12:00pm - 1:00pm Eastern.
Tuesday 3/6 -
Toll free: 1-888-732-6202
Participant Passcode: 893498
Toll free: 800 214 0745
Toll: +1 719 457 0700
Participant Passcode: 158121
Toll free: 1-888-373-5705
Participant Passcode: 547292
Toll free: 1-866-237-3252
Participant Passcode: 163964
Also, the demo videos can be found here:
New Videos show sample scenario of applying DST change to Notes and Domino
New video instructions (screen capture with audio narration) have been provided. These videos demonstrate how a Notes calendar is impacted by the DST change and show one scenario of applying the necessary updates to allow for the new Daylight Saving Time definitions. The download link to the videos is embedded within the "C&S Agents" technote below.
Title: Agents for updating Calendaring and Scheduling entries and Resource Reservation entries for Daylight Saving Time (DST) 2007
In addition, a video has been created to demonstrate how to use the Java Time Zone Update (JTZU) tool for updating DST information in your Java Runtime Environment(s). The JTZU video can be accessed via the following updated technote:
Title: Using the IBM Time Zone Update Utility for Java (JTZU) with Lotus software products
You then go in an edit and resave the document (or run an agent to refresh them all) and you get the following.
Ignore the Adminp statement if you edit and resave. It is the saving action that does it apparently.
The blog technology is based on open source for this, using the Roller technology. This is an easy way to get users started but also the floodgates on information. One of the speakers even stated this was not a highlight of what Connections has to offer.
Currently only ITDS and Active Directory 2003 are supported. They are 'actively" looking at properly utilizing the Domino directory for the LDAP services. This is something that was addressed during Q&A at the end. Domino support is crucial to many enterprises that have based and aggregated themselves around a Domino directory choice.
There will be a pilot and production install options. The pilot builds the required tables on DB2 for you and the WAS part is a very basic install with security needs. Much like the Sametime Gateway base install. All the services are installed for testing ability in the pilot mode. Production will offer standalone or clustered services with the ability to include or not include parts of Lotus Connections. Data preservation should be preserved if you move from pilot to production. This is a great way for customers to get their feet wet
A slide was pushed on ITDI (IBM Tivoli Directory Integrator) abilities to allow enhanced profile support across data sources. ITDI will be offered as a bundled part of Connections. A good move on the part of IBM to allow a greater building of profiles from numerous data sources. Such as a Domino directory for usernames with HR info on profiles. Using some data mapping in XML you could build a nice table and hierarchy for profiles, including skillsets.
If you read my LUG Sys Admin newsletter I had some initial candid talk about Lotus Connections inside. I would suggest popping over there for some beginning thoughts.
But as a quick note, look for another new agent (188.8.131.52) to come out and fix some of the looping script errors we received on numerous servers while running the server based agent against the mailfiles. We saw this on more than a few customers across versions of templates as well as Domino versions. It drove us nuts, and wasted a lot of time to have to go into the text files and remove the offending user mailfile to get the agent to run on. Until it encountered another one and looped again. Now some ran without incident. Others stopped more than 20 times on larger sites.
I also talk about the order we did things and across the product lines.
5:30am - So first up for me was the Sametime servers. Others were prepping the DWA, calendar and RnR stuff. I have some of those to do in a bit, but I started with our internal servers first. Running the JTZU patch took far too long to search the Sametime systems. You really cannot run this tool in interactive mode since then you need to specify what gets updated and you have no clue. It even prompts you that letting it search could take hours. It really only took a few minutes when all was said and done to find what needed updating. It did take a while to run however.
6:16am - This was incredibly frustrating when the IBM support site was up and down all morning also. Yes we have knowledgebase locally, but it is faster to web grab some of the files. Also, it also would be nice not to get just random error messages on documents not existing when you know they do.
7:00am - First batch of RnR changes completed and one test mailfile set done. One weird error on one customer and the rest went smooth so far.
8:00am - Script errors when the calendar agent runs on a bad mailfile in the text list. We find endless script loops running. Removing the last mailfile attempted (and all previous completed ones) from the text list and restarting the agent fixes it. Some clients have no issues at all, others have a handful that cause grief. It has you going back to each server and making sure it it not looping.
8:30am - The path for managed and hosted server is an issue, so we created numerous agents with different drive letters that we can fire off. Now AS/400 and some random servers ever have different data paths from the norm. Standardization I say, standardization.
8:50am - Encounter first Domino Directory in foreign language. Script in agents only works on English views. It says it can't find the Server\Mail Users view. Which is there, however it is Servidor\Usuarios do Correio. First glance doesn't show where the agent grabs that view name to change it.
So I will give another (after much sleep) overview tomorrow on steps, commands and other things we figured out and streamlined as we went along to make your life easier.
1. To run as multiple instances (i.e., four instances), copy/paste the agent multiple times in the same database, and change the name to "AdminAgent1", "AdminAgent2" etc.
2. Ensure you have the server setup to run the desired number of concurrent agents in the Server document in the Domino Directory. The "Max concurrent agents" setting is found on the Server Tasks -> Agent Manager tab. Note: There are separate settings for "Daytime Parameters" and "Nighttime Parameters," make sure that you set each as desired.
3. Repeat steps 1-5 from the section above on configuring the agent to run in the background:
- in step 1, ensure that multiple TXT files are used to evenly divide the list of files to process
- in step 2 ensure the individual agents are edited to point to the individual TXT files
- in step 6, simply issue "Tell AMGR Run" for each of the individual copies of the agent:
i.e. for 4 agents it would be the following
Tell AMGR Run "mail\AgentDb.nsf" 'AdminAgent1'
Tell AMGR Run "mail\AgentDb.nsf" 'AdminAgent2'
Tell AMGR Run "mail\AgentDb.nsf" 'AdminAgent3'
Tell AMGR Run "mail\AgentDb.nsf" 'AdminAgent4'
So notice the key area about having enough Amgr threads defined to run all the instances you wish.
(4) is in relation to putting the OS patch on the clients. For one thing, Lotus suggests that the Notes client is closed when the patch is applied. How many of your users leave the client open all night long?
The computer should be restarted after the patch is applied and before restarting Notes. If the computer is not restarted after installing the patch, Notes will return the old time zone information for time zones other than the current time zone.
A lot is riding on this client restart or even patching. I am also not sure how you are forcing your users with machines at home or laptops to do it. If you start scheduling meetings across the clients that do and do not have the OS patch, then you will get variances in what they see and how correct they are.
Now to toss in some confusion, (5) should be done as soon as possible in relation to the OS updates. This is finely designed and choreographed dance folks. The amount of errors that DWA users will get relies heavily on this. See technote #1241063 for the alternative issues. From simple error pop-ups to meetings getting scheduled in Greenwich Mean Time, I think we have a problem here. There is no way to get all those DWA user machines.
(6) moves on to the RnR database and the users mailfiles. Now, if the users have local replicas also, they should be grabbing the change agent through replication before you run it on the server too. See technote #1254639. The RnR Manager must be shut down when the agent runs, and you even get a prompt while running this from the database Action menu. Note, you will be signing these agents with some id file that needs at least editor access to the RnR database.
I will have more info for you to follow this one as we finalize and formulate the plan to update servers globally, hopefully it helps.
It was called Musicovery and I happened to stumble across it. You can select year ranges/tempo/mood/genre and all of that in a sliding connected image that let's you choose paths. There is like 18 genre's and then sub moods then a sliding bar for year coverage.
I find it hard to see all the blogger sites at one time looking for content when we all do not tag the same way. So I have 83 sites already listed (from my own links) and will take more and even volunteers for the Custom Search Engine on Google. Alan L started one quite a few months ago but I think this has broader appeal. Since we all do not use Technorati the same way, but wish to see who said what on a topic, this will search only the blog sites and not hear the noise from everywhere else
- The Clearinghouse works well for adding @aol.com and @company.com names and does not fare well with @aim.com names
- If you add someone to your buddylist with an alias it does not add the little fancy orange running dude next to their name and instead adds the globe. This , of course, gives no indication that they are even an AOL person you added. I need to try this with Google Talk and Yahoo in a few
- If you add someone with an alias to your buddylist from @aol.com, you can never again see their online name from the UI. You can go local into the buddylist file, but not from the client.
Much to my humor after it was installed, it destroyed the management screen changing the gateway section to portlet entries that would not launch as shown below.
So I went back in and uninstalled following the simple task of switching the word install for remove. Another 21 seconds later and I am back in business, without Yahoo integration, but back in business.
[delete] Deleting dir
Total time: 21 seconds
It was an interesting touch if we could move those deign elements into the Domino 7 template and provide a hook into the Barracuda natively from the user's mailfile. Anyone have experience with this integrated template in production yet?
From there I started manipulating the browser to use (a button to browse the local OS would be nice instead of having to figure out and type it in manually) and what search host. I couldn't figure out how to use my Sametime custom search engine yet, but it worked well otherwise and you can change the name and play with some of the basic code to make a nice internal Intranet and specifically targeted search. You could then deploy this to the right people for some good quick reference help.
Take a peek if you haven't.
However (isn't there always one of these with me), they showed with the custom icon for the community and not with the little AOL running man. So I removed the username entirely from my buddylist, and then manually added a new contact from the buddylist window. I choose external contact and add the AOL name and the AOL running man shows up just fine.
Bizarre and makes sense in a weird way, it is broke.
I never looked until today, which I should have. While running the Sametime Mobile client for Blackberry, you can see all your AOL and gTalk contacts just great. However, when they see you through the gateway, they do not get the mobile icon like other Sametime users see. This might be a limitation of the gateway itself, but users will notice, trust me.
So what you get is the standard online and status ability, just not client type indications.
So chalk this one to a 'feature request' I guess.
Here is the issue. After loading 7.0.2 in the new VMWare, we shut down the old 6.5.3 server and began the simple mailfile and few database copies. We brought the server up under the old name and started seeing countless lines of the different tasks with the same error message
"cache entry not found"
No maintenance or convert task would fix it. Convert, Fixup, compact, index all failed with the same error. Yes, all of them.
Now I searched Knowledgebase and online to limited success. The Sched task, RnRMgr and HTTP were all reporting this same error. Well with numerous tweaks to the Google search, I finally found some insight. The customer had moved to a single copy template (SCT) for the DWA 6 infrastructure. When the databases were moved over, the SCT templates in use were not. I simply moved those over and the server came right up with the error removed. Convert then ran successfully to move them to DWA7 and then compact to reclaim much of the unused diskspace.
Issue solved and into the books for another oddity of undocumented weirdness.
I am getting lot of IM's and a few emails over setting this up and I hope to have a nice document shortly to answer those burning questions for all of you
- how to deep fry a turkey
- change users SMTP domain name across 17 acquired companies
- whitelisting servers
- Sametime error codes for users dropping connectivity
- set update flag in local address book
- multi language notes clients?
- strip attachments from NDR's?
- port failover in a clustered server - teaming NIC cards as solution at hardware level
- migration of domains by moving everyone into the new domain and then recertifying
- server_transinfo_range proper setting?
- Nomad questions on the uninstall/U3 and performance speed issues on USB
|As we fired up a new customer server remotely over in China, it had terrible bandwidth and connection issues. It could telnet to the Notes port on the US based Domino server, see the server in DNS and IP, but when Notes popped up it had the worst time trying to connect and would time out too fast.|
So there is a couple ways to handle this. As commented before, there is no documentation of what format or data should be included for the setup selection of choosing local media. We have played around with it to some success, but it should be much cleaner. So we copied down the names.nsf, admin4.nsf and the notes.ini from a freshly installed and working server. A quick change of the id file and paths and the server came right up. You could note the CleanSetup=1 in the notes.ini but I wanted everything built, not just to tell it that the setup.nsf database was placed and removed.
You used to be able to create profiles, pre-configured in the setup.nsf database and place that on numerous servers. it doesn't like that in the newer code streams.
This is exactly what should have been done for the CF1 patch that came out, but now you have it. I would either read more on how to configure or build the site.xml, including all formatting or I see there is a session on it at Lotusphere in using your Domino server to push and become a site update server for your Eclipse updates.
Continue Reading here" So let's talk RTC Gateway" »
So that is a weird thing to me when I see and can chat with them.
SOLUTION: We removed it from there and installed to the local device and it came right on.
PROBLEM: Each time he closed a chat or Sametime with the 'x' in the upper right corner it kept dropping him back to the page where you had to specify the hostname and port.
SOLUTION: I found that I only created a profile for the Blackberry users and not the Nokia/Windows users. I created that profile and it fixed that issue.
Some of you are saying, hey that is what they do for a business. But I am looking at it as they jumped onto a screen sharing meeting to make sure everything was fine (which it not been modified in months so we knew this was abnormal) and implemented some new features and things that are coming soon in a future release at the spur of the moment to keep their and our customer happy and functioning.
That is when you like telling people that you have multiple customers using their product with good success. Bravo to the team at Granite Software today.
- I received a comment yesterday asking about the 7100 and SureType. Well an answer was presented in the Sametime Forum that says SureType is possible with a quick manual user intervention. You need to go into Preferences on the mobile device for Display and select Full Screen Input. But then enter doesn't just send the text, you have to click the wheel. I didn't like that much. Luckily mine is the 8703 so I don't have that issue.
- Setting text size bigger than small made it easier to read but took up a lot of real estate which meant scrolling. So the default small font worked for me. Emoticons looked the same.
- Chat history on the mobile device is great. When you jump into a chat it pulls the previous bit of history. That is very cool
- The icon for the 7200 series is just a big blue square. However, on the 8703 it shows as the familiar Sametime icon, even if it was a bit larger than the other desktop icons.
- Port 80 access for tunneling seems to work as Gerco reported, we went for the default 8082 to test.
- The ability to flip between multiple open chats and the buddylist is nice.
- N-Way chats are very cool and interesting.
- Get ready for the standard blue and black text
- Get used to the
option in the click menu. I thought would back me out until I realized it did close Sametime instead of the window I thought I was in. is at the bottom of the scroll list instead of towards the top
- I didn't test Quick Find yet, will do when more are online with the new client
- Alert Me should be fun to play with. I wonder if it carries over into the client too, or just the mobile device.
Now then, the rest is where I sat silly for a moment but then it all made sense. You must manually add Fallback MIME types to the httpd.cnf file in order for it to see the .jad file that is needed for the RIM installs. I was hitting the server with the browser before I realized this was a step to perform. A quick restart of HTTP and you are off.
They also suggest you create an easy to remember web redirect for users. I will do that later after testing. The code then did an OTA install fast and I launched the client direct from there to the server. It uses port 8082 so make sure firewalls are ready for that. I tried hitting another Sametime 7.5 server without CF1 on it and the connection failed every time no matter what port or connection type I selected. So the fixpack install is required for this to work right.
One other thing, you should go into the new Configuration-Sametime Mobile and set a couple default fields to make it easier for your user once they load the client. Sort of like creating a pre-populated sametime.ini for the device.
So the device list for now looks like this:
- Microsoft Windows Mobile 5 and 2003 SE
- Nokia Eseries
- RIM Blackberry 7100/8700 Series
From there the clients are not set to properly retrieve incremental releases from a central site. Forgiving all of the config areas on our part, the package that came from Lotus also uses forces an alternate directory for installation (Carl makes a good point in the comments on why they may have made this change) and was not wrapped with the proper feature and manifest files to move into the site.xml for automatic distribution. However, this screws with plug-ins it seems. We have found no documentation around this in the readme yet.
I thought that was one of the points, but I am not sure when we can expect this to be available. I would love to grab a fix from Lotus, update the site.xml section appropriately and let it fly so everyone gets the prompt that the updates are installed and do you wish to restart the Sametime Connect client now, or in 5 minutes as the documentation around it showed as an example.
I have more to say on this topic but I am thinking of a series or podcast. Any takers on comments/interview of your thoughts in a podcast?
Dinner the first night was Wildfire, a pretty good local chain. Apparently they are expanding to other cities like Atlanta shortly. Besides the snowshowers that hit tonight, dinner was split among people trying to go to different places. We ended up at Momotaro, a Japanese restaurant for some sushi.
The Real-Time Collaboration Gateway is an extensible platform built on WebSphere® Application Server, and allows various real-time collaboration communities such as IBM Lotus Sametime and public instant messaging (IM) services to share presence and exchange text-based instant messages with each other. The Real-Time Collaboration Gateway receives messages from one or more communities, checks their legitimacy, translates them if necessary, and forwards them to their destination.
So you will need another piece of hardware to replace the current Sametime SIP gateway, or just reuse the one you have with an outage. Keep in mind the outage could be a couple days as you provision with AOL to get connected directly. DNS and domain management will be a key to you deploying the RTC Gateway successfully.
All the blogs I host on DominoBlog I have pushed toward this configuration when they first went live or we found out this trick from Steve. I would say almost 3 years ago.
I see they did blue-wash the template and trim it down (I still use a whole database from the DominoBlog 3.0.2 template for my stats database). From there you can create your own reports or just use the views that were provided. Apparently there is a document refresh that needs to take place when converting over, which for me will take quite some time. I am thinking about just archiving out the old one and using the new stat database. Makes more sense in a way.
Remote Server Setup
Now I cannot go and give away all the little secrets, but you get a great headstart here.
Do not try and install Nomad straight from the downloadable code, you must unpack it first. I am hearing rumblings of those trying to install with the flags right from the exe file, which does nothing but install onto your local machine. I quite image that Susan Bulloch will have many more comments on that thought.
It might have come out a while ago, but I just ran across it. You can even look down into specific brands, like Lotus to search only those site areas. That is the key thing.
Hawaiian for "Engineer" made to be a set of blog and wiki templates in Quickplace. You can deploy it now on current versions and it is open source based on Ajax and Web 2.0 capabilities. It can be packaged as a PlaceType for all or used individually. The RSS and Atom feeds will be awesome.
Quickplace 7.0 and beyond through 8.0
There will be a fixpack for QP 7 that will contain some new features before we move into 8.0
Quickplace 8.0 will have numerous enhancements launched around the time of Domino 8.0
- Simple (if not almost automated) upgrade from version 7 to 8
- The features above from Wiliki are listed as native in 8.0 of Quickplace
- Better integration into Lotus and Microsoft
- editing of QP content directly within Microsoft
- Access QP from directly within Notes and Hannover
- ODF support with integration from the IBM Productivity Tools
- A Place Superuser access role
- Better administrative reporting and dashboard control
- Access content from within Sametime 7.5 chat , meeting or buddylist. WOW
- Transfer files from within QP right through Sametime
- A Quickplace shelf (plug-in) for ST with even more capabilities in the screenshots
- Subscriptions to key data like calendar, folders, what's new
- My Places would move into folders in the inbox of your mailfile
- Drag a mail thread right into Quickplace
- Future mails in this thread get automatically pushed
- A Quickplace Dashboard (we have to meet the Web 2.0 acronyms)
- UI right click actions sensitive to users rights in the QP and context of usage
Quickplace Next has even more changes in mind towards the second half of 2007
- Backup and restore Team Spaces
- Offline access with the rich client - Hannover
- Desktop integration - Office and Windows Explorer
- Solid document management capabilities
- New blog and Feed Reader ability
So how does that sum up announcements at Day 2?
The Sametime Connect 7.5 client does not support configurations where the only browser installed on the machine is Firefox. This may be, for example, a Windows machine where Internet Explorer has been uninstalled, or a Linux machine where only Firefox is installed.
Otherwise certain features do not work, like chat
With so much information overflow, I see the path Mike Rhodin has talked about. While I do not agree with dogears and some of the mash-up talk just yet, the consolidation and compilation of all the data I want can now be sent from and into Notes databases easier than ever.
How much time do we spend trying to keep clients gathering feeds all to ourselves? How does that benefit our business partners, customers and even friends? It doesn't when only you see Bloglines, your Feed Demon or Atom application.
Right now we all fight over what is important to us by subscribing to RSS feeds individually and hoping the content continues to give us what our minds find interesting. But, I have to get links from others to find new content I never subscribed to. In a portal or enterprise scenario I can reach everyone with what is important to the company and then let them see what is important to each other by rankings and how often topics are reviewed.
Who has the first workflow driven, tracking and mashed together RSS database built?
"We seeing larger customers moving to Exchange," says Ron Robbins, product manager for Exchange migration solutions at Quest. "we are seeing 20,000 to 50,000 user accounts moving over..."
Quest, which says it has migrated more than a million Notes mailboxes to date, ...
Where the heck are all these users?
There is a podcast you must listen to, for at least the first minute, that they put on the right side. The podcast's first question that asks why people are moving. Ron, quoted above, actually states that there is confusion around whether Notes will be around and the move to Workplace Messaging replacing Notes. Of course, the interviewer and Ron are both Quest employees. The statement that there is more mobile options on Exchange and greater reliability had us laughing in the office. Oh please go listen and laugh along. Then taunt them with me.
Continue Reading here" Interesting quote in a company's claim of migrating Notes to Exchange" »
'Meet me @ 5'
'I will be @ the office'
But, I found that when I went home last night with the new Sametime 7.5 Connect client, I said @Home in my Location when prompted. Unfortunately it blanked out the Location field from showing. If I simply removed the @ symbol,, it all came back. Bizarre and from reading it was deferred to a later fix.
On the positive side, the location setting is great and makes finding how to contact and where people are a great thing. It works well so far for our sales team that upgraded right away and some of our people at customer sites. Good stuff there.
Sean Harris points me to Chris Pepin's posting with the pdf from Lotusphere on the scalability of the IBM Sametime environment. Taking a screenshot from there, how many of you could get your enterprise to offer a server farm like this (of course scale to your size of employees) ?
Picture multiple MUX servers with Community Sametime servers sitting behind that. A world of possibilities yes. But my posting was not about the server side as much as the client.
My comments revolved around how fast it jumped out of of beta even after a beta call just days before, not the scalability of the product. That is to be determined at a later date as usual. I personally think (since this is a personal blog) that I was anticipating another beta drop or longer cycle to clear some of the items to get built in or fixed for the product.
The server core stays the same in 7.5 with a few added things and UI for web meetings. Most of the work is in the awesome Connect client. However, there is still management things to be done with this amount of capabilities.
|So here is the issue. You wish to do SSL for SMTP. Looking at Domino you see that it is disabled by default for both inbound and outbound SSL over port 465. |
However, we could not get anything to connect from outside out network to a server that was offering SSL for SMTP after being enabled. We had both Anonymous and Name & Password set to 'Yes" also.
After searching the firewall logs we found that connections were never getting to the firewall in the first place. So we went farther back to the edge routers. What we found was that the port 465 packets were getting dropped for some reason. After some digging by our network team we found this lovely bit of information. Basically Domino still uses port 465 for SSL over SMTP. This port was assigned and picked up by Cisco URD (URL Rendezvous Directory for SSM) after the V3 SSL standard was drafted 10 years ago. The port never made it out of Reserved (pending) with IANA according to what I could find on the Internet.
So the recommended approach is to start communications with a START TLS encryption instead of move your SMTP SSL port somewhere else. While it might work over port 465, there is no guarantee is Cisco routers are somewhere in the middle of the communication.
Keep in mind these numbers are represented by the latest beta code and might still have debug left, yada yada. You know the drill..
Well here is what I have found for the standard user on Windows XP:
- When first launched and opened it was eating ~32MB
- When minimized to status bar with the minimize button and not the 'X' it drops to a nice low ~2-3MB
- When reopened to the screen it was ~12mb
- When a text chat comes in it jumps to ~42MB and then settles back into ~35-37MB
- When closed with the 'X' to the status bar it stays at ~34MB
- When a chat is open but the buddylist is sent to the status bar with the minimize it ran about ~10-13B
- When a chat is being typed in with the buddylist minimized it ran about ~17MB
- A voice chat kept the system at ~38MB plus another sametime.exe at ~2MB
- Chat History ate up about the same memory as when you have the client opened
- Instant Meetings didn't change the client memory just added the browser usage as expected
So take that how you wish, but that is what the basics are for now
I must apologize and amend my earlier today Sametime 7.5 posting. I found it in the new beta stream!
Apparently somewhere along the way they fixed the issue from what I posted right below. In the recent beta you can go into preferences for the community and change icons. That always worked. Then under Contact List Window you select (which the UI changed from earlier) to show the community icon for each person with some percentage of transparency and viola!!
Now we have to see if that is true for the RTC stuff. I know there is some hidden AOL icons in some jar files, so I bet it will exist somehow. Crossing fingers... (this is looking like Trillian in the main buddylist window now) Prey for tabbed chats.
So I went into simpler items such as adding community icons to my client and trying to replace the darned greyman group. If you have not seen it yet, when a users does not have a picture available, it shows a nice grey head of a person as a placeholder. I was able to track down that .png image in the .jar files and replaced it with a company logo. Turned out quite nice actually
- Image_Placeholder better known as Greyman Group is 37x37 pixels
- Community icons are 16x16 and only affect the community icon at the top of the buddylist window, not anyone associated with it.
Here are some new icons I added for the communities for more color selection. Orange, "Yellow is the new black" and green.
Go away, nothing to see here, it has been fixed, see newer posting above this one.....
< rant >The community icon should apply to each person you add in my eyes. That really bites as it would be nice (like other clients, *cough* Trillian) to tell which community a person came from. Then you can cross match groups by task, team or whatever and see where they are linked to.< / rant >
There was a technote references under #1242317 for "Migrating privacy data after upgrading to Sametime 7.5." Unfortunately this is being held.
I found the UpgradeBLUtil.jar on the server but I am not sure what flags or whatever to run so I am holding off testing it for now. Let me see if I can get some info.
I would love to see this ship sooner or even start playing around with it. I have companies asking about this ability since it will allow a more controlled chat environment with the rest of the world. Now the gateway will use SIP to hit the outside products (Yahoo, G-talk and AIM) which the native protocol will take care of Sametime to Sametime connectivity. I can see a bunch of connectors (including one for Sametime to Sametime communities) you can install or turn on and off to control which outside chat vendors your people speak to. Or maybe this will move into policy control also.
So pointing the chat transcript folder to the USB drive doesn't always work either as the drive letter might change each time you plug the device in. A native directory path to the Sametime folder would be nice however. Or just turn it off for that instance of the Connect client is my next thought.
Sorry for the rambling thoughts on getting certain features working, but I am really trying to make sure this works on the USB now.
You need just over a GB of temp space to get it installed, no matter what it tells you. If you do not have enough, we got to see it actually install just the Workplace components and note the Notes part. That made for an interesting desktop.
No documentation the Linux guys found showed how to go back and install just the Notes part, so the uninstalled and started over.
However, I must say that they are extremely happy at this point and gave it good reviews so far. All this on Red Hat 4 I believe.
- You need 4 files (or the cd's). You can get the part numbers on-line but it is almost 3GB worth to download
- Put them all in a single directory and unpack them there. It will create all the necessary folders and structure if you keep using the same exact path for each unpack. This in turn makes another 3GB of unpacked files on the server too
- There is a file called launchpad.exe that brings up some Java and a GUI. Unfortunately that damn thing would never come up, ate CPU like a Survivor winner and hung with an ugly grey box
- I opened the install guide and went with the command line install instead
- The old 2.5 version seemed to honestly take between 30-45 minutes
- This one was the following:
- Started GUI at 9:22am
- Switched to command line at 9:26am
- Started install at 9:27am
- Install completed at 11:40am
So that means it took 2 hours as compared to the previous 30-45 minutes.
With that being said, it still worked fine and installed flawlessly past that point. The page loads are always horrendously slow the first time. This was no exception and the install guide even tells you to do so.
|That is what the Skype looks like on the Blackberry. Not bad. Uses SkypeOut to make the calls and runs as a plug-in for the desktop Skype for the free version. A good compromise in some ways. Sucks in others. The documentation was a bit misleading on how to get it configured, plus it gave 2 icons on the Blackberry with no reason what the difference was.|
Also, the Skype id was to be used locally on the Blackberry (one would think) but in turn, you have some weird id name you enter into the WebMessenger plug-in that links the two together. Keep that in mind if you download this freeware portion. Just a step that you have to mix the guide and online help in figuring out.
Next up is the Sametime integration. I already had Skype for the U3 working successfully, this is a nice addition so far.
Next, Naylor says, WebMessenger will be expanding beyond Skype. "We have SIP compatibility as well, and so we're going to be rolling out similar capabilities for various SIP-enabled networks and telephony systems," he says. "On the enterprise side, we're close partners with IBM - in fact, they deploy our mobile client internally as the extension to Lotus Sametime on the desktop."
But this is the part I really enjoyed. Grabbing connectivity to other SIP providers for integrated click-to-call and conferencing.
The release of Lotus Sametime 7.5 this fall, Naylor says, will add a full set of voice capabilities. "They'll have click-to-call and Web conferencing, all tied into various telephony systems from Avaya, Siemens, Nortel, and so forth - and all of those are SIP-compliant systems as well, so we can provide that same capability out to the mobile device for them," he says.
I grabbed the Sametime integration for WebMessenger and will play with that and the Skype part on the Blackberry. Here comes the review.
However, having all my personal information available for scanning from some short distance could leave you open for more than just identity theft. How about identifying people by country as they walked by? The idea of having the technology is to speed immigration and cut down on human entry errors. I do not believe that it will prevent any type of false documentation. Just take it to the next level of sophistication. Now will this chip only contain a serial number that relates back to some database that stores all the information? That would be a bit better. But I canot find what is included on the tag at this point documented anywhere.
Now for the kicker. Let's say the first run of these have a glaring security hole. US Passports are good for ten years for adults from date of issue. How do you recall and remake the ones with open RFID? Operating System makers have enough issues with it and they have more automated ways of deployment. Now we have to count on ourselves to send it back in?
So what do you think?
If you cannot monitor and generate some type of alert or notification for some type of event, you haven't looked hard enough. Ok, there is one, no disk space monitoring on AIX.
So today I discover and play with DDMdiravail.dat file. This shows a list of polled servers, port number and rep ID for directories you are checking for availability. It looks something like this:
So you get the domain, server/organization, port, filename, rep ID and then if enabled or not. So witha bit of manipulation, you can understand what is being checked on what port and enablement of the directory for DDM scanning.
As soon as it fired up it prompted for my DAMO hook I had installed. Which then is able to grab my calendar.
I jumped into a chat with Carl Tyler (who was on Trillian at the time) and we did the normal testing to see what works and what doesn't when not using the same client. I switched to "Share my Screen" and since he was not running AIM Pro, it offered him a URL that was all Webex technology behind the scenes. And it was lightening fast. Highlighting, text, annotations. The whole idea of screen sharing.
Tabbed browsing worked very well and even notified you in the left pane of how many unread lines I had per chat on other tabs. We couldn't do audio and video as this was a test machine, so I will load this and try again. File sharing offered an inbound and outbound window to show multiple transfers. Firewalls were no issue in testing so far.
Quick contacts was a cool feature. Add by email address or name in a drag and drop or selection box. Since I had the DAMO loaded, it grabbed our Domino Directory also. Encryption was built in to all the chat sessions.
What I didn't like was there was no install path selection available, it chose it's own. Plus, there were some things in the EULA that got announced it was installing I was not sure about. I am investigating those. It also used some hefty memory but I was trying everything. Still smaller than the recent Sametime 7.5 betas unfortunately.
Go and take a look. Once all the federations are complete, you could have a powerful free client to choose from for chat and meeting services.
The diagrams of the internal flow were very nice to have and reference though. Those were a huge help. The instructor knew his stuff and only put off a couple questions he needed answers for. Most were specific to things we were trying to do but fall outside the normal scope.
Now, I have had talks with the product managers at RIM at conferences and follow-ups. They are still missing the boat on a couple things with true scalability and deployment in a large hosting environment. Recently, RIM announced a hosting package but it was not well defined and the instructor had no knowledge. From all of my readings it still lacks some true scalability features we require. True clustering and failover are not there and policies need some more granularity and inheritance control.
But send us your hosting needs for Blackberry, that area is growing quite rapidly
Ok, Scott brings up an interesting point about IM becoming email without some of the functionality of archiving and foldering wrapped around it. I say this all depends on how you look at it. With the ability to save chat logs by date or who the conversation was with, that is a form. Add in some indexing ability and you have searching right away. Whether or not a central server is in the mix is no matter (as Scott points out that is more a store and forward mechanism). But without that store and forward, things like Yahoo would be less functional to get messages from when you were offline.
Now, it would be great is Yahoo would see that and convert that to an email that has some intelligence wrapped around it to know you prefer to be notified in some manner. That leads to mobile IM capabilities across numerous devices. Blackberry can log into all the messenger services, including Sametime. Windows Mobile devices can log into everything. So there is no real time you have to be offline if you desire. I almost forgot. Go here to see a nice layout of what different packages can do acorss platforms. You have to scroll the whole page but a nice layout that someone spent time doing.
Scott goes on to mention email will soon die off with IM being the form. I tend to think the convergence of the two will be seamless, with the capabilities of both being integrated. Spam is already present in IM and will only grow as devices hook into it.
IM is replacing email for the younger groups because of the ease of usage and communication, the sense of relationship it brings and the integration into many facets of their daily lives. IM is now used as a selling point of cell phone abilities and chat takes the place of what kids did with the phone years ago. Then there was the ability to have 3-way calls on phones. Now there is n-way chats. It grows.
So go back to Ed's thread to read the tossing of ideas there in asynchronous mode
Now the option was to remove the users, take the server down and then use the 20 enterprise keys. However, that would have meant redoing the users which was not an option. Luckily, the customer saw the humor in this and also knew that buying the upgrade gave them 30 licenses for a lower cost (since there was some free in there) and the ability to then add license keys as necessary.
Just a forewarning.
Yes you can make Designer, Admin and a bunch of other things work. Lotus will not support these, but I am using Java Console, Server.Load and slew of others successfully for some time.
But, security on Nomad fits the same security you would offer for any portable device, including a laptop.
- Password security for the USB. Not the top of the line security measure, but a welcome alternative. Laptops have them, everyone seems to overlook that part
- Biometric security. This happens to be stronger than most laptops. The data sits in an encrypted data partition until you provide a finger scan
- Make sure you have Domino policies in effect that force encryption of all local replicas. How much data do you really plan on storing on these smaller drives? Let's be realistic here. Some people think they will be carrying a ton of data. The idea of Nomad is portable access to important info and then the ability to connect at any machine. With multi-GB mailfiles, not including the base install and simple things like address books, bookmarks and directories, it is a bit. You can assist by stripping out unnecessary templates
- U3 support will not be coming from Lotus direct. Look for that from 'other' sources though. If you are unfamiliar with U3 on USB, look it up right here
- As was mentioned, don't worry about VPN connectivity. You can load VPN files just fine on a USB and make it work. This gives you more than portability.
- Lost USB keys. If you can get the password quality higher, remove unnecessary templates and data and encrypt everything, like you should, then you can lower your exposure
I saw a comment on Ed's or Declan's blog about manageability.
- Smartupgrades will be an issue. I do not see it feasible to have users send in USB keys and go without. Some work needs to be performed here.
- User id management will remain the same. It is a Notes client for gosh sakes! If you can rename, recertify or lock out users in Notes, then no worry here
- Loading time for the initial install can take a little longer than you desire. But that is a cost you pay for that one time part of the work.
- **** Ed had a comment on his blog about turning this ability off. Well no you cannot turn it off, it is a Notes client with the same code. I see no identifier that shows it is Nomad versus the full Notes 7.0.2 client
- Ben Rose wants to see it work at airport kiosks that still have USB ports enabled. It should as my basic testing as a non-admin user launched fine as long as USB support was there. I did not attempt on a fully restricted and locked down UI, but that is next
Don't get me wrong, the coding is good and I appreciate the time he is spending offering free code for the Exchange admins. Heck, we have hosted customers on Exchange. My only point was that it should be native to the product.
Like opening the Domino Directory, seeing all the nice servers and connecting to the files tab in the Notes Admin client to get disk usage. Heck, even select just the mail folder and see that count. Yes you could automate that more, or *GASP* use stats to gather it automatically for you like I mention using the same thing in my last posting.
How easy is it to monitor and be alerted of freespace on a Domino server? let’s compare to Exchange with no tools purchased
In Exchange I saw someone doing this..:
I came into a situation where there are several Exchange servers without any monitoring. While software is procured, I created the following script to do some basic monitoring of Exchange services and disk space (to make sure circular logging doesn't kill the server). I have the script running as a scheduled task every 15 minutes. The script will create a log file every time it runs. If one of the thresholds is reached, an email is sent
Note the comment about having to buy software and then go look at the script. Hooray for text logs?
Block your calendars of now to attend in either the United States (Kansas City means cheap domestic flights) or London. Both dates are in September.
Here are some of the highlights of the conference:
- Deep-dive into Sametime 7.5 and preview Quickplace 8.0
- Programming code examples
- More challenging as the conference progresses. Meaning apply what you just learned and grow your knowledge, not jump in too far at first
- All the sessions are from Business Partners that specialize in these products or the IBM persons responsible for bringing them to you
Now here are the bonuses:
- Dinner with the speakers for some of the first that select that option. (See the site for details)
- Phone follow-up consultation with the expert of your choice from the conference (See the site for details)
Check out the site to gather all the information, including early-bird discounts.
Despite expectations that it would take only days to retrieve student reassignment e-mail, Wake school officials needed 15 weeks and spent almost $17,000 in response to a public records request from The News & Observer.
But it was apparent by Feb. 14 that the district's information technology staff did not have the ability to easily search past e-mail.
Wake's e-mail system -- called Lotus Notes -- was installed last year, said Vass Johnson, director of network systems. Officials felt the system could handle a large public records request, but this was its first big test.
Staff members soon found they had to do much of the time-consuming work themselves, such as writing computer scripts that reconstructed databases and searched for specific e-mail.
Someone needs to tell them that they could have had journaling turned on, multi-database searching or whatever instead of all this wasted time and script writing. Life can be much simpler.
Mail, Calendar, and Scheduling improvements
Performance improvements made to the Mail, Calendar, and Scheduling functions include:
- The "typeahead" feature now looks into the server address book first, instead of the user's personal address book
Users will face new clustering limitations and will have to eliminate all Exchange 5.5 servers from their environments. In addition, they will not be able to do any in-place upgrades between Exchange 2000/2003 and Exchange 2007.
.....major changes include a new role-based architecture that could require users to roll out as many as five types of Exchange servers.... The current versions gives two deployment options...
So let me get this right? Your clustering gets worse and I can't even have old versions around? Oh yeah, and don't plan on overlaying that code, let's get that new hardware. If you are large scale, plan on revisiting clustering and adding a bunch of servers to handle the roles. While they could run on fewer machines, that is not likely for a lot of users.
Bless Domino folks.
Then to add insult to the injury (as they say):
And Exchange no longer will have its own site topology but will run on top of Active Directory topology
While this is good and bad. Good because you streamline your topology management. Bad because you have to rip and migrate the topology and then rely ONLY on your AD topology. What if that tree has funny limbs that can't talk right. Cut it off and grow a new one :-)
Q. Why isn't Microsoft also delivering a 32-bit version of Exchange Server 2007?
A. Exchange Server 2007 is designed to be a stable, reliable enterprise messaging platform that delivers the fundamentals of e-mail and calendaring while providing innovative new capabilities. These new capabilities make the messaging system more cost effective and scalable for your organization and at the same time more productive for users accessing the system. Simply put, given the new capabilities of Exchange Server 2007, Microsoft could not guarantee a high-quality 32-bit version.
Q. Will I need Microsoft Windows Server 2003 x64 to run Exchange Server 2007?
A Yes, to deploy Exchange Server 2007, you will need an x64 edition of Windows Server 2003 or Windows Server 2003 R2. Volume-licensing customers are free to exchange their 32-bit version of Windows for the 64-bit version at any time, using their media kits.
So let us not forget that Exchange is 64-bit, but the operating system itself, and the hardware to support it is not 64-bit people. Count em, add em up, spend that cash and welcome to "stable, fundamental and reliable enterprise messaging".
Wait, does that mean they are saying their past products are not even fundamental or reliable?
Yes, I still love my U3 USB thumb drive, so what about Notes on it via Nomad in 7.0.2? My current thoughts on the press around it
So what this means from reading, is that Notes will be installable onto any USB drive with enough space. How much will that take? Looking at a current Notes client only, you can expect to rim down templates and some other items for sure. But you will still eat up a couple hundred MB or more minimum. Security of the data is in place, so you can replicate. I am curious about the speed and performance. I am guessing a selective replication for mailfiles would be the way to go, say the last XX days of mail, so you still get folder structure.
If all this works as planned, this will become a great selling point for mobile users. Now, what about kiosks? Those won't be available in most airports, but who would trust their USB on a kiosk nowadays? I imagine with some U3 embedded anti-virus (which is available) it would be more of a warm fuzzy feeling. There is even keystroke logging detection programs.
Can you carry your entire desktop with you? I am getting there. Firefox, Trillian, Skype, soon to be Notes, a PDF reader, OpenOffice and even Zinio for digital magazines. With a couple GB USB drive and U3, visiting the parents and not tugging along the laptop will be a breeze
(chart removed for a second, it was giving me blog sizing issues, you can find it in the technote)
The long run is to have some back end script for locked-down users actually extract the pieces of the cab file and place the DLL on their system. Not a pleasant experience but just what we had to deal with. Hence the reason for this posting. The users could not accept the controls themselves so an alternate way to push them out had to e designed. Lotus addressed just that with technote #1214819.
Another question from an attendee wished to restrict certain users from receiving SMTP mail (SEC needs and requirements) and still have them receive SMTP mail from internal applications. There was too many users to add by name to SMTP restricted fields (where groups don't work). Instead, it was suggested to selectively remove them from replication to the edge SMTP servers (or put flag for LDAP from spam filter) and then point the internal applications to inside servers directly. A simple solution for the problem.
Sametime on Blackberry came up at the end. They just wanted hints and tips which no one had any up front. So can some readers assist?
We are cleaning up the local access protection issue and letting it run again.
The rollout consists mainly of five Microsoft products-the Office 2003 desktop suite, Outlook E-mail client, Communicator instant-messaging software, Live Meeting conferencing service, and SharePoint document-sharing portal-plus Windows Server 2003 and other server software. The deal represents the largest license to date of Microsoft's real-time collaboration suite (Communicator 2005, Live Meeting 2005, and upgraded Live Communications Server 2005), introduced in March
I cannot see where the migration attempt for all these applications as well as the 20 terabytes of email. Where the heck are they migrating that kind of data into Exchange? How many servers is that going to be living in redundancy while the migration continues? In the article the CIO notes that you cannot live in hybrid mode forever due to costs. But no mention of the migration costs for 92,000+ PC's. I guess there is no Linux clients anywhere :-)
So my question becomes, where does productivity, training, costs and manpower sit to run both at once, perform the migration and then support both systems?
The article mentions "pressing 8 years" for running Lotus Notes which leads me to believe customizations or slow upgrades. How can a well embedded 8 year old system be harder to upgrade and maintain than an entire multi-product rollout banking on a version that was not even out yet? I want to see some numbers here...
Notes 5 was pretty basic with what you could do with an Execution Security Alert....
Run once, trust them or run away.
Then Notes 6 stepped in and Lotus stepped up the game for running unknown code as seen here..
Actually, the options were exactly the same. Hotkeys got changed and some verbiage, but more information was given on what the code was attempting to do. Note that the help function was removed from the main pop-up.
Now we go on to Notes 7
A single session trust ability added on to the option to trust them forever. Hotkeys are not underlined anymore but work just fine. Guess that was just an oversight in the UI.
So issue resolved on that end for good, the 7.0.1 code is smoking along great and the world of the blog-o-sphere is at peace once again.
If you attempt to add a high number of names to your Sametime Connect client contact list, only some of the names are added. Is there a limit to the size of the buddy list?
This limitation applies to both the Sametime Connect client for desktop (C++ client) and Sametime Connect client for browsers (Java connect)
I could not get any login in the world to work for creating Electronic Service Tickets, but I leave that to my mistake in not knowing if my IBM id is registered to do so.
The only thing I liked so far was the Collector task that ran, including the ability to create remote collectors. I went through the Updater to load any product tools for remote collection and found that Notes/Domino 6 and 7 were both there. Unfortunately Sametime was labeled at V3 only. Not sure if that carries forward. A restart of the Assistant was required after installing the tools, no biggie. But then I could not get any tools to load from them after install. Just the homepages and some tech info for each product.
The local system collection jumped a jar file somewhere on the operating system. I wish I could specify or open it from the collection screen. Unfortunately it just gives the path to where it is, which you have to remember. If you change screens and come back it resets the screen I found.
I might play around some more, but I am guessing that NSD, Automatic Diagnostic Collection and Fault Analyzer will get all this and more in the Lotus world.
|Well of course it does not work without a policy. It is stored under the policy name in the local address book ($Policies) view and in a field of the desktop settings called DCLoc. If you have no policy, even manually running the nsenddiag executable would have no routing information assigned to it. |
So no policy, no way to change an ini variable to send the diagnostics anyway that I can find at this point.
So I generated a quick policy, ran ndyncfg to update the local client config and then ran nsenddiag to get the crash information over to the Fault Analyzer database on the server to see what was wrong.
Live Clipboard uses a simple metaphor, the Windows Clipboard, to let users copy and paste live information - for example, another user's calendar - from one site to another without losing the link to its data source. The clipboard uses Real Simple Syndication (RSS) and the Simple Sharing Extensions (SSE) to handle data feeds.
I love the idea of moving and copying web data objects without losing where it came from. But does this allow content to be shown as someone else's with no proper credit? Can you simply use these to glue things together? They state they have enough interest that a draft specification has been tossed together too. So this moves beyond taking web text like I do for the posting here and referencing it, it moves into meshing that data with my own and making it part of my entry. While maintaining the link and integrity of the original posting.
Myself not being a developer, I read this with a different twist. Some read it as a way to move data easier and bring systems together, I see it as a way for someone to grab your stuff, mark it up some and make it their own while still pointing to you and your resources serving it up. I might have to reword that. Here is Ray's comments from his own blog entry:
Where's the user model that would enable a user to copy and paste structured information from one website to another?
Where's the user model that would enable a user to copy and paste structured information from a website to an application running on a PC or another kind of device, or vice-versa?
And finally, where's the user model that would enable a user to 'wire the web', by enabling publish-and-subscribe scenarios web-to-web, or web-to-PC?
On Ray's blog he states there is good threads and feedback, but you still can't comment back on his directly, bummer.
According to the company, electives for the IBM Certified Advanced Application Developer track will be:
- LotusScript exam
- Web Services exam
- Managing Domino Web Servers exam
- Sametime 7.5
I was setting up a 6.5.4 server and turned on the listener for the remote setup. I then went to my local 7.0.1 client and started the remote setup client. Part of the way through I noticed that while customizing the server tasks, there was some 7.x info in there. Specifically the RnRMgr came to notice in the list. I left it checked for grins figuring it would have no bearing.
I was wrong. It actually did add it to the notes.ini servertasks= line and attempted to start the task when the server first launched. No big deal, it simply said it could not find the task and went on it's way. But I am thinking this is not a good thing overall. I will search some docs and see if I can find it. But no luck so far.
- Customer embraces Lotus technology
- Customer expands SMTP services with Domino
- Customer believes in workflow
- Customer enables server based rules
- Customer enables a lot of server based rules
- Customer finds all rules not working
- I find a whole lot of rules in the server configuration
- I find more than 100
- I have light bulb in head
- I add notes.ini parameter to server MailMaxFilters= xx
- I warn customer of performance issues with that setting
- I bill customer :-)
- We are all happy
As Rob Novak pointed out, IE ActiveX issues with new patch. Microsoft answers.."You have 60 days to be assimilated"
And my favorite part
The big push now is for developers to recode Web sites and Web applications to cater for the browser update.
If not, users won't be able to directly interact with Microsoft ActiveX controls loaded by the APPLET, EMBED or OBJECT elements without first activating the user interface with an extra mouse click.
Can you say click-click for using that Quickplace,
DWA and some other stuff as Rob so eloquently points out right
The colors represent who each router is registered to. Red is Verizon; blue AT&T; yellow Qwest; green is major backbone players like Level 3 and Sprint Nextel; black is the entire cable industry put together; and gray is everyone else, from small telecommunications companies to large international players who only have a small presence in the U.S
You can directly to the pdf image to drill down right here.
Hey there, Chris.
Just wanted to let you know that Taking Notes is now available through PodZinger. We wanted to make sure this was made available, as you noted you couldn't on your post. We're constantly scouring the Web to find the even expanding world of video and audio podcasts.
So if you like Taking Notes but want a certain point, there you go. Searchable. Thanks for PodZinger for such a quick reponse.
Then I realized they are just starting out. It uses a speech recognition software to "read" the podcast and then make searchable text on the site. Quite amazing and hits on Lotus Notes yielded quite a few accurate results of people talking about Notes in their shop or elsewhere.
So if you podcast or think you might, get listed. A great way to find content.
Set a Program document to purge the MTSTORE more frequently. Currently, the default is every 30 days. You can increase this by running a Program document to issue the following command:
tell mtc purge value
...where value is the maximum number of days. Set this to 7 (you may want to start with 14 if 7 seems too aggressive), and then run this command via a Program document once a week during off hours.
We can now move on to IBM/Lotus's statement that this feature or function will be free. From the LCS website here, there is more costs involved:
Public IM Connectivity licenses are available on a per-user, per-month subscription and are additional to the Live Communications Server Client Access License (CAL). Public IM Connectivity has two licensing components associated with its use, a Services Subscription License (SSL) and a User Subscription License (USL).
Public IM Connectivity service licenses are available for Microsoft Volume License customers only and are not available for retail open customers following other Microsoft subscription licensing programs.
You then jump to this site to fill out forms to get public connectivity. Unfortunately the Public IM Connectivity Partner site has nothing there yet either and states so. This is how you merge your ID into the public systems.
Let's see how fast organizations move into federated connectivity with a free system versus licensing, I am curious.
"CCH1 is not yet available. We have been told that it should be out sometime next week. It was pushed back because xxxxx xxx xxxx xxxxxxxx xxxxx xxxxx with the Notes Client and the development team wanted to include them in the CCH rather than having a CCH2 come out soon after CCH1."
It also followed with this (keep in mind these are never hard dates and should not be taken as such)
A server side hotfix is available for all platforms for effected customers via standard support channels; so if you have a support contract - and you are actually affected by this bug - call support and get it
- A client side fix will be included in Notes 7.0.1 Cumulative Client Hotfix (CCH) 1 due out by end of March 2006 (possibly sooner), available for effected customers via standard support channels - so once again if you have Notes clients affected by this bug, and if you have a support contract, call support and get it
- This fix will be included in Domino 7.0.1 Fix Pack (FP) 1 due out in 2Q06; I have heard that this is probably around late April, but don't hold me to it
- This client and server fix will also be in the next Maintenance Release, 7.0.2 due out 3Q06
It all starts at 2:59pm yesterday as seen in the following image
By the time the clock reaches 5:47am this morning the same mail message has now grown to an incredible 25MB in size
So how many times did it loop before the disk started being eaten up? Here is that screenshot too
So what does that mean? Loops suck.
So what is the big selling point they have? It runs via Macromedia Flash to all platforms and most browsers can access it. One install, all web based, right out of the box. Commendable. There are profiles, multiple rooms and bundled with Flash the ability to put graphics, banners and change the UI/skins. It does integrate with the major chat services also.
Does it integrate with Domino? it could always be embedded on the web side. Does it look at your Domino LDAP server for directory information? Couldn't find it on the site anywhere. They did have a lack of detailed specs, but provided all the OS and browser info necessary.
So after the upgrading mail slowly started building and not always going out to the Internet. Internal mail was fine. I couldn't think for a few moments why the upgrade would have changed anything in the mail routing. Then it hit me. The upgrade also included a hardware swap for better performance and the growth of the User Group itself. I then had one of those famous epiphanies. Windows, since the 2000 days has a technote that comes into play a lot here at the Data Center. We usually find the time to use it after a machine goes from DHCP to a fixed IP and Domino has been loaded when it was in DHCP mode. (Why that takes place is not the focus here and can be covered later). So what happens is that the NameServer parameter in the registry does not get set with the DNS servers when you switch. So the server cannot find DNS to send the mail , on a regular basis. How Domino uses it is beyond me since some mail goes.
So I went in today and adjusted the registry under
A quick restart of Domino, for grins even though the router task would have sufficed, and viola, mail went flying out.
You could also add DNSServer=Ip address to the notes.ini, but who would want to manually manage the servers like that?
What is Sender Policy Framework (SPF)? Does
Lotus Domino support SPF?
Domino 7.x, 6.5.x, and 6.0.x do not support SPF. An enhancement request was submitted to Quality Engineering as SPR# RCE5XZQTT; however, there are no plans to address it in the Domino 7.x or 6.x code stream.
Formerly known as "Sender Permitted
From," SPF, an open source code, is an extension of SMTP. Because
standard functionality of SPF has not yet been published by the Internet
Engineering Task Force (IETF), SPF occupies an experimental stage. A
number of competing methods share the goal of preventing SPAM via these
sending server-identification records.
What's New in Email Authentication?
Over the past 18 months, authenticated mail has evolved significantly from concept to implementation, with two complementary approaches: the Sender ID Framework (SIDF) and DomainKeys Identified Mail (DKIM). SIDF is an Internet Protocol (IP)-based solution that was developed from the merger of the Sender Policy Framework (SPF) and Microsoft Caller ID for Email. DKIM is the merger of Yahoo! DomainKeys and Cisco's Identified Internet Mail (IIM) specifications.
There is more rant to read on this below ... a search on Google for SIDF turned up some fun.
Continue Reading here" Messaging News: The Urgent Need to Implement Authenticated Email" »
It had a default password on the screen (at least there were tiny asterisks in place of the password) but we could not tell if it was really there or something they put in. We tried manipulating the config doc for that person in the control database to no avail. So at Lotusphere we found out that the code version had a tiny bug that would not let you configure the password on the device. At all. They took his Treo for a couple hours, cleaned up some backend log and config things that get hidden and left behind (we were told) and viola, a new version gets installed on it and we can change the password on the device again. The funny part was that calling support we were told someone there ran the same device but we could never, ever get that person on the phone to see what the deal was.
So we run the Windows CE and Palm integration in Enterprise mode on the server letting multiple device types sync. Keep in mind that it uses two different services to do that. The Thin Client Connector is for the Palm devices and the Commontime main service is for CE. Both listen on different ports by default also. Port 603 for CE and 608 for Palm. Huge thing to know for wireless synching and firewalls. But awesome for me anywhere I can get an 802.11b connection for my PDA. Or anywhere the Treo can get a signal now.
Simply open the names.nsf with a Notes client for the DAMO user and modify the necessary connection records to make the proper passthru connection records. Usually modifying the existing attempted connection to use a passthru and then making a new one to the passthru server. I found a good way is to just email it over to an admin to open, modify it, and then drop it back on the machine for testing reasons.
If you still cannot get something to work, there is a notes.ini parameter, of course, that you can set on the client and server to log more info on passthru of
More that fun..now if we can only get policies to work against DAMO users.
The installation found the path and previous install as multi-user perfectly. That was a good sign. It forced the multi-user option and gave the same pieces that were currently installed on the machine. The code went on flawlessly.
The problem started when I launched the client. It forced the setup to be run again choosing the user name, home server, TCP setting for the hostname and everything else. Even though I did not have cleanup set on those workstations. (Yes this is my network at home that I totally redid this weekend but that is another posting). So I went through and recreated the setup for each account in roaming to make the kids life easier. They never knew the difference, but then again what user knows what the admins do on the back end do they? LOL
tell amgr quit
Quit is pending on the Message Queue
02/17/2006 02:20:02 PM AMgr: Some Executives are still active, shutdown continue ...
02/17/2006 02:20:03 PM Agent Manager shutdown complete
02/17/2006 02:20:16 PM Admin Process: Searching Administration Requests database
02/17/2006 02:20:46 PM AMgr: Error adjusting number of Executive, Executive '1' is still stopping
02/17/2006 02:20:46 PM AMgr: Only able to start '2' Executive(s); Agent Manager will continue running
02/17/2006 02:20:46 PM Agent Manager started
02/17/2006 02:20:57 PM AMgr: Executive '3' started
02/17/2006 02:20:57 PM AMgr: Executive '2' started
Notes Instant Messaging encounters a looping
condition causing the Sametime server to become unresponsive or to hang.
|Under very specific circumstances
the Sametime server can receive incoming requests at an extremely high
rate from the Notes client. These incoming requests must be resolved
in order for instant messaging users to communicate and share presence
information. As a result of receiving these requests at an extremely
high rate, the Sametime server can become unresponsive as it consumes system
resources during the processing of these incoming messages.
The Sametime servers' state of unresponsiveness
may manifest itself as out-of-memory errors or by disconnecting from the
Sametime Mux (which is used to route instant messages).
Symptoms of this problem can include:
To fix this problem, the Notes client must be upgraded to 6.5.5 CCH1, 7.0 CCH1 or 7.0.1. If upgrading to these versions is not an option, the administrator can request a hotfix for 6.5.3 and 6.5.4.
Link1 via Chris W
Link2 via Bruce E
Link3 via Vince S
Now I have not done all the servers yet, pending what the heck happens with some of these issues.
When creating a group in the IBM Lotus Domino
Directory, you can set the group as "ACL only" so that this group
is only used in the Access Control List (ACL) of databases. When
addressing a message in IBM Lotus Domino Web Access (DWA), however, "ACL
only" groups can be selected as the recipient of the message. If
you address a message from the Notes Client, "ACL only" groups
are not available for selection as recipient.
|This issue was reported to Quality
Engineering as SPR# MNAA5B8DAC. There are currently no plans to fix
As a workaround, the ACL group document can be hidden to allow only the Lotus Administrators to see the document. This will prevent end users from being able to select the group when addressing a message. If the document is hidden, be sure to include the server in the list of allowable readers so that the group can be accessed for authentication purposes.
I will put my thoughts together for tomorrows posting. But that means everyone has homework. Get to it.
In Lotus Domino, message disclaimers no
longer work when the RFC 822 phrase is enabled and added at the server
level. In one particular case, a Domino 7.0 server configured for "Use
CN as phrase" failed to create a disclaimer.
|This issue was reported to Quality
Engineering as SPR# LMES6HATES. If you are experiencing this issue, contact
IBM Lotus Support to investigate whether a test fix is available for your
You can also work around this issue by enabling disclaimers at the client level. In one particular case, when the option, "Do not use phrase," was used instead of "Use CN as phrase," the disclaimer was created.
Jingle is the new extensions for XMPP from the Jabber Software Foundation (press release from them). Basically it is an alternative to SIP, without the additional hardware. If you have built some infrastructure on XMPP, then it will use that exact infrastructure for negotiations and setup. What a cost savings for enterprises instead of having to create and manage SIP servers. This might be something for IBM to investigate and get them back into linking to public IM networks. I would not be surprised to hear they already have this being tested somewhere.
Now here is the real kicker. Google Talk is already using something quite similar Jingle so they are pooling their resources. Trillian has, of course, stated it will support Jingle in upcoming releases. Who are they to be left out?
Ok, so Meebo. Picture three friends that come up with a great idea and actually do it. It is an ajax-based web interface that lets you log in to the major chat providers from any machine with a web browser. They grab and encrypt your passwords after you type. I wish SSL would pop up but the idea of this is quite fascinating. No client locally to install, it supports most everything but audio/video at this time. So if you are the grandparents or kiosk, one interface lets you log into the chat providers. Mini windows are maintained in the big one, so that can get cluttered if you have a lot going on. From reading, they haven't added Skype yet but have interest in it. The big 4 are there and ready to go. My first experience was excellent and I could see the promise. Their end goal is to sell the rights to use code I imagine as the service is free and donations are accepted for all their hard work. Emoticons and stuff need work but who cares at this point. I was more interested in the technology and basic functions. But then again everyone whined and Sametime is tossing them in now aren't they?
The document is just over 40 pages long, so quite the good read in time and material. I will say one thing. A Domino cluster is more like a few paragraphs compared to the complexity of performing this operation. While I have installed Portal, I have never done this step so I plan on testing this a couple times for practice.
PANIC: Object handle is invalid
Fatal Error signal=0x00000005 JOB=HTTP/QNOTES/054112 PID/TID=124/0x0000002d
They apparently were pleased and impressed that we had it working. We use Notes to Notes routing for all of our customers to drop NSDs to a mail-in database for collection and tracking purposes. After Lotus received it they stated it is an exact match for some other customers and they are working on coding a patch right now.
Bless ADC and Fault Analyzer tasks in Domino 7
Notes had just about the simplest possible replication mechanism imaginable. After all, we built it at Iris in 1985 for use on a 6Mhz 286-based IBM PC/AT with incredibly slow-seeking 20MB drives. We were struggling with LIM EMS trying to make effective use of more than 1MB of memory. Everything about the design was about implementation simplicity and efficiency.
Besides understanding what Tom was saying about not being able to actively comment back since he is saying he has discussions (which I personally take to mean with MS people as I grabbed maybe 6 or 7 links and saw no responses from Ray), I did find the idea intriguing.
One trackback posting made a quite simple and decent comparison of the previous Pull technologies of RSS with the proposed Pull Pull of SSE. But the initial spec has nothing noted about security or master sources yet. But, my thought here is that it will grow into that with Ray having input and his above statement about Notes. With the moves into XML throughout Microsoft products, enabling SSE ability is the first move into having replication in their technologies over another standard. Instead of the proprietary Domino replication abilities. The security and authorization has a long way to go yet, have no fear.
If we take this like school, Ray is trying to develop a new learning program on new standards and Lotus has had an established college for 20 years that has grown around some very basic roots of security, portability and simplified scalability.
The point of this posting is not how Lotus does the replication, but the far reaching capabilities it has after years of growth and enhancements. Then Ray floats an idea to base some Microsoft work on emerging specs and the slower flocks will follow far too soon. Take that last part and let it marinade some.
A review of a password recovery program that came to my desk today for IM packages and a question to my readers
|I was hesitant at first on Advanced
IM Password Recovery by Elcomsoft
(they apparently do a ton of software, but Notes was not one of them),
but did some research and reading on the web about it. It clearly
does what it says, and quite easily. The freeware version is limited,
it will do the task but not always give
you the password depending on
the complexity. They are very up front in the readme about the few
things they can or cannot do, which was nice to read. GoogleTalk
was recently added into the mix as another IM provider.
The point of all this you ask? Sametime was not listed if you peek at the images. But imagine that it was, which in turn gives a person your Internet password. In turn, this might sync to your Notes password. So the question begins, how many of you maintain numerous alternate password across systems, and from web to id file?
we could run numerous directions with this one, form retention times, to forced password changes to password quality and complexity requirements through policies and registration.
Give me the feedback, I tihnk it could be a good thread this week in numerous directions, theme blogging time!
First we have the wonderful license which included this tidbit
(ii) FEATURE USAGE INFORMATION. The Software may also provide AOL with anonymous information about use of AOL features and buttons on the Software. AOL uses this information in the aggregate to determine which Software features and buttons are most popular and useful to its users.
(iii) SOFTWARE ID. The Software may contain a specific identification number for the purpose of tracking the number of unique instances of the Software in use.
Now, the damned browser software proceeded to install even though I am positive I deselected it on the first screen. Of course, it always uses the integrated browser for launching what you click and even sucks over your bookmarks automatically from IE. Now the tabbed browsing is a nice touch that is coming out soon enough in IE.
I also noticed that they integrated streaming music to compete with Yahoo. Nice touch, along with the drag and drop file transfers. It seems there is not a limit but I recall back in the day there was no limit and we used ti all the time to move huge files around. I wonder when that changed.
I didn't even go far enough to play with the emoticons or chat windows. Once I saw the initial look, I made sure it was not set to launch when Windows starts (as most things do it seems now by default) and closed it up. One more application to sit in the unused program directory.
Domino first server setup creates IDs with a default public key width of 1024 bits. If a different key width is required, run SETUP.EXE to install the Domino files but before starting the server, open the server's NOTES.INI file, and then set SETUP_FIRST_SERVER_PUBLIC_KEY_WIDTH to the desired key width. For example, for Domino R5-compatible keys, install the files for the Domino server by running SETUP.EXE, but before starting the server, open the NOTES.INI file and then set SETUP_FIRST_SERVER_PUBLIC_KEY_WIDTH=630. The public key width can be set to either 630 or 1024 when using the NOTES.INI variable.
The old hieroglyphics are alive and well. They could make this little used piece of code work even better with more options, but it is respectable for what it does in the first place.
Domino server names are unique names that identify servers in a given Domino domain. Domino server names can consist of one or more words (a maximum of 79 characters) and can consist of any characters except: parentheses, at (@), slash and backslash (/ and \), equal (=), and plus (+). Using spaces or periods is not recommended. If you use spaces, you must enter that server name in quotes ("") when entering a command at the server console. As the Domino server name is also used within the given protocols name to address resolve process the use of underscores and periods can create lookup failures within different protocols. As such they are strongly not recommended.
So no more spaces in server names please. FQDN naming is nice for making everything work smooth, but sometimes quite long as a server name. Common sense seems to rule. Make the server names unique, not match the OS and keep them reasonable.
** Exchange 12 will automatically encrypt messages by default, and communications between Exchange 12 environments will automatically share keys
** Exchange 12 will feature full text indexing and searching capabilities
** The new version will include transport rules that are modifiable via a rules editor and will include a separate set of rules for managing retention and deletion policies
I am sure plenty of people have long drawn out theories on all of this. From the initial reading, transporting the keys between different Exchange systems isn't well laid out yet. But where is anything but server side for the encryption? Since the users do not have local keys, there is not the individual encryption we are used to in Domino. So the real value in this is protecting traffic across the network? Hmmm. Then we have the automatic sharing of keys. I once again presume these are all in the same AD and have a master key structure much like an O in Domino.
Full text indexing and searching. I am curious what filters they will have outside of Office type attachments for the searching.
Lastly they tossed in retention and deletion. Is this a simple growth or does it include archiving solutions. I was not clear on the new policies yet and there is a new interface for 12 that might explain the ability.
Let's go back in time. POP3 had numerous issues with the unread marks and locking the mailfile. In the old days, R5 and back, if the mailfile got locked by the POP3 task you had to restart the entire Domino server. Yes I said entire. Documented, read the technotes if you can find the old ones that showed:
POP3 Server: Unable to open mail file for xxx/yyy: unable to obtain exclusive access to maildrop
Large attachments caused the issue, a corrupt message could cause the issue, a bad full moon could cause the issue. Besides POP3 being an older protocol without true load balancing. Domino looks to the client to retain the unread table for the host it is hitting since agents or even API programs could change the Unread ID Table (see technote #1100308).
I consulted with a couple places that were looking to rollout wide scale (20,000 users or more) POP3 implementations. My statement then and now stands at no for Domino and POP. Forget the other issues around having mail locally, backups, leave on server, and a slew of others. Heck, there is not even any scheduling ability. part of the whole reason of using Domino
IMAP had issues a long time for memory leaks and usage. When it started you would see less that 100 full blown IMAP users on a box. That got better over time but you still will not run as many Notes or DWA users. Once again we are back to full failover ability. IMAP does a fine job of reading the folders and letting you work online, but the back end processing through Domino 6 left some to be desired. Scalability still has reported issues in Domino 6, technotes and all. No room for discussion.
Editor note: I have not tested this in Domino 7 yet so everything might be peachy keen now. But not many are to the point to upgrade and I don't have the client load of POP/IMAP to test. Or a desire to configure a load tester for that.
So to close on Ed's posting, why not move to DAMO if you want the Outlook client. Move to DWA, move to Notes. But let's get off the older standard of POP. The servers were made to be a simple storage facility for mail until the client could access it and grab it from the server. Then someone got smart and asked why don't we leave it there so I can get it in more than one place. Great idea, sounds like this needs to move to a server type application. I understand this was before web mail and some client technologies took off. I am not disputing that. But why not sell the abilities of scheduling (not POP as I mentioned), clustering (not POP), alternate client access to the same data (not POP as the unread tables are different) and richness of doclinks and other cool things.
Welcome to the graduate level course material (as Tom Duff said it should be) !!!!
HOMEWORK: From now on you are required to draw out the topology for your environment at each level. Even if you are doing it for future planning or hypothetical looks. This is a learning experience folks.
Here is what I said about Tiered (Binary Tree) topology:
Taking the hub and spoke idea a bit different, a central servers updates two or a few servers. Those servers update two or more each and so on down the pyramid. This works well if you have some good network connections to a few servers and then those have some decent speed to downstream servers without the top having that speed access. Otherwise you could go back to hub and spoke. The downside is that in a large tiered environment, it can take some time for a change to go up and down the tree if they do not share a parent server all the way to the top. I have seen some tiers that cross somewhere in the middle to alleviate that and leave the top server for administration and NAB master
A well thought out tree keep the data flowing; makes it locally available and with multiple tiers it can move between localities even if the connection is down to the main servers. This is a great solution for multi-continent deployments or in countries that have Internet connectivity issues to the outside world. Imagine a tier in America, Europe and Australia. All the top level servers from each country then tier up to one other server in China. If the link to China goes down, each country will still have the updates from all sites within itself. Later, the rest of the world will catch up.
This idea also gets around timezone difficulties. Data is most important to other sites in your timezone (in most instances, yes there are some corporate apps that rely on HQ but that is a side class). So moving it between multiple cities to the top tier in that country keeps people happy. You could some more tier levels into the mix, but for homework, draw one out for your company, no matter how big.
I said it best in the outline from the very start. You can spend an enormous amount of time if you build the pyramid too large. Imagine how it was done in ancient times. One large stone was carried from the bottom to the top, very slowly. You knew it was coming, you could see it in the distance down the great pyramid, but it took forever to get to the top so you could build on it. Then the call has to go all the way back down the other side to let them know it was there. Companies try to get around this by speeding up the cycle time in between each hop. However, your schedule could become faster than the replication time of the data and you start to miss things until it can catch up. I recently saw this with a DMZ at one corner of the pyramid. During the day it was trying to keep up the fast 7 minute cycle that was set. However, they noticed some data not showing for 2 plus hours. Looking in the logs we saw that it was never finishing at the time the most data was being updated all over. Then when the day slowed down or at night, it could easily catch up. This also had to do with bandwidth being utilized, but it all adds to the issue.
We had strike #3 already, I guess this is the start of out #2 in the graduate level class.
Now the catch was that I wanted to use the wildcard document to configure everything, but I do not want the Fault Analyzer task running on all the servers. So I did have to create a new config doc just for that server, which isn't what I wanted but works.
Size restrictions of the Faults are not a problem across any of the customers, so we are going with Notes to Notes traffic. No size issues to speak of through router restrictions either. I will put a snapshot of the config (maybe Visio) shortly
After registering there is an Advanced Developers area for an XML interface with more metadata. I was thinking about this and it would be cool to have the online status next to people in my blog listing too. Hmmmm.
But be aware of this last part if you restrict who sees you to your Buddy List
Why can't visitors to my Web site see my online availability?
If you have chosen to utilize the Allow List feature in AIM, other users will not be able to see you online unless they're on that list. Check your privacy settings to make sure you aren't blocking anyone unintentionally.
If you are online but invisible, other users will see you as offline
The scary part always comes out though. The admin that left had a copy of the default system id that not only signs a lot of the agents, but has Full Access to all files and even encrypts the mail journals. With no audit trail of that id usage, it is impossible to tell if someone outside of the current team has used that id recently. They also do not run password checking/digest so it leaves a nice gaping hole.
A question came today about Remote Server Setup when connecting over a VPN where the standard port for setup of 8585 is being blocked. TO get it unblocked took more than some time, three turns and clicks of heels. So I went digging.
In the local Remote Server Setup client you can select the host and port (see screenshot), but the server mode is not well documented. I actually restricted my search from Google to the Notes.Net site and found a Z/OS document that shows the simple command to do so.
nserver -listen newport
How simple is that? Quite! Except we could not find it documented anywhere until this search. If you know where it is other than that let me know. Maybe it will sneak out in a technote.
I am busy looking for Partition Magic in the office somewhere
- Great job as usual. He is at the point now where Ed probably murmurs competitive things in his sleep. He got a question on Outlook and how does the GUI compare or how was it enhanced Domino 7. We all know Hannover addresses this issue even more. Basically people, Lotus is saying it does what you need since the 6.x days, but looks a little different. Heck, I don't like some of the UI in Outlook, so why is it so much better? Let's call it training!
- Another asked about Domino Access for Microsoft Outlook and enhancements. DAMO in 7 is using the same template as 6.5.4 uses for now. Great idea to get that out the door in time with 7. I imagine when the point releases start coming out, some more fixes for DAMO will be there. I also imagine that some new bugs might be found when using the back-end of 7
Rob Ingram, lead Domino Product Manager
Benchmarked improvements was a highlight hit often with Rob. He did well also. Here are two screenshots:
Ok, maybe I am off but they did not hit 30 something percent improvement even according to their own charts??? I will let that one go with the thought that the improvements in performance are definitely there.
Then he made me sit up in my seat. Finally a new benchmark that addresses what the old ones missed, real world activity!!!!
Mark Jourdain, product manager , Application Development, Domino Designer
Mark did very well also. Even though he had to cram the last slides in at the end due to time.
Mark got a question on a rumor that LEI would be included with the server for free. Come on now, they charge like $50K per processor retail for that product. Per sale. DECS has been around got some a little better over the years, but I am guessing that you will never see that full type of LEI featureset in the core product for some time.
Will there be support for Forms5.nsf on a Domino 7 server?
- The iNotes5.ntf template will not be included
with Domino 7, so you cannot create Forms5 users from the 7.x Domino
Administrator client; however, the Forms5.nsf has been updated to work
with Domino 7 and is included with Domino 7.
- Domino 7 is backwards compatible for existing iNotes5 users; however, you cannot create new iNotes5 users using the 7.x Domino Administrator client. IBM Lotus does support upgrading existing users; we do not support creating new iNotes5 users on Domino 7.
Error: Did not accept the new certificates because they were not issued after the current certificates
This error will get spit back by AdminP when the server date is set too far behind. Someone in their brilliance was able to set the server clock to 2004
Ok, so the first part of the demo was Outlook and Exchange. He was using VMWare to show the servers and clients running all together. I paid attention but that is not what you are here for. We took a quick 5 minute break while he loaded the Domino VMWare to show us that.
- Template modifications are necessary to add the necessary action buttons and menu items. Not a big deal overall but he stated they stay about 6 months behind major Domino releases so nothing for 7 yet
- You have the ability to grab just attachments or the whole body to archive off. You can also specify certain parameters based on date/time/size of message/size of attachments/etc/etc to grab for archiving.
- You have the choice to leave the small stub in your mailfile and then retrieve from there. Or remove the stub and use the CommonStore interface to get it back. This runs from a web browser over SSL (we were told and saw it looking for SSL requests in the background on a console)
- New icons are used to designate that the message was moved to archive. I took issue with the icon choice since in Domino 7, that same icon appears in the lower right of your client (between the access icon and IM component) to let you know that messages are signed or encrypted.
- Signatures on all emails get broken since the document is opened, things deleted, lines added and then it is saved. So you get the old error that document might have been modified or corrupted since last signed
I could go on for some time just explaining, but if you have an archive policy setting that works with some journaling of all or based on subject/sender then you have a lot of what this does. Yes there are some features and benefits that revolve around compliancy.
Now another thing should be noted is that they push the idea of Single Copy Object Store heavily in numerous slides and conversation points. We all know the old versions of SCOS in Domino were not the best, but they touted it like Domino cannot do ti either. Interestingly enough it was pointed out that with archiving, journaling and SCOS in Domino you have all of what they have in databases that are still searchable. In reality, unless you have some strict recoding/archiving needs (SEC, HIPPA, S/O) then all you are doing is pushing the mail onto yet another machine that needs backup, maintenance and management. The product will hit mailboxes on most platforms, but only runs itself on Windows and AIX. So all of you that invested in iSeries to get away from Windows, break out the old hardware and add tons of disk space.
That might be a little strong. It is more like the new kid at school being put in a locker and no key. You have the option to choose LTPA only, or LTPA and tokens. We had deselected the option to allow the tokens and even removed the stauths.nsf database as it was not needed for the secrets. The database stautht.nsf should never be replicated as it contains server specific info.
I am about to leave you sitting here wondering if there will be a part 2 to the saga. I am sure there will be.
But down to business. I know part of the customer team reads this daily (however we know that the IBM'ers here do not and have no idea what they are missing right?) and are expecting a lot. But I won't let too many secrets out. In my eyes the basics of the cluster are a success. There were modifications to be made to a class file that searched and modified the appearance of the Sametime home server when using LDAP. But they also had some other customizations that we have to build back in.
Replacing the Home Sametime Server (HSS) is a main key of Community Clusters. Proper DNS plays a major role in this since we are parsing the server name with the LDAP queries. Integrating this new cluster with an existing Sametime chat server (during the migration time) and then the internal and external meeting configuration is all still to come.
We did somehow manage to make a Sametime admin client that only did Meeting Services. How we got it, we don't know nor did we spend the time to work it out. But it was blue (from the new Sametime FP1 for 6.5.1 changes. Yes, this means that IBM put a blue IBM banner at the top for branding above the normal yellow. The only strange part was that the product title was called IBM Lotus Web Conferencing. I wonder what happened to the Instant Messaging part of that title bar? And now it goes back to Sametime.
I am definitely full from the Keang Keow Wan (Thai green curry with chicken, medium spicy) and a dessert that was recommended. Fried bananas with mango and green tea ice cream.
The customer stuck with the F5 solution. Testing went well over the past few moths and the actual server hardware arrived and got loaded with the operating system of Windows 2000. The current plan is creating an exact duplicate of the single, existing Sametime server and moving that into the cluster architecture. Which in turn, mirrors the test cluster we built in all the configurations. Let me bring one point to the front that you should know and is verified in technotes. Make sure you have a loopback record in stconfig.nsf and the world may be at peace. Not really, but with some proper planning, good budget, etc etc.
Ok, that is a bit strong as there is a myriad of patches and the recent FP1 to be applied to 6.5.1 of Sametime to start. Interestingly enough, moving the database across that had transaction logging enabled threw a bit of a wrench in the works for a few minutes. Some compact -t to remove that flag assisted. We ended up with a corrupt NAB on one server for some unknown reason, but replacing that made the universe at harmony once again.
So how are we moving from the single server to the load balancer and having two new servers as a Community Cluster? Sounds like you will have to wait until after the sauteed mushrooms, pesto basil pasta and tiramisu at my current location.
From the beginning, I gave a scenario of how it looks
Basically data starts on one end, passes through multiple servers through replication and then comes right back. Timing becomes and issue to make sure that data can make it all the way down and back before the next baton is passed. Think of it as runners that pass the baton, and if one runner takes off too early, who knows where the baton is.
So I hopefully already broke you away from the idea of a meshed environment in class 101 due to the sheer number of connection records that are possible and messy management.
End to end offers it's own set of benefits and pitfalls, of course. If you can imagine your science class from way back in elementary school.....where they gave you a stack of batteries and a bunch of light bulbs. You were then told to light them all up. The first thought is batteries, then wire to next bulb, then wire to next bulb and so on until they were all connected. Well if one went out in that serial connection idea, then everyone behind them went out. So the teacher taught you about parallel connectivity to get around it. Which end to end does not do in the true form. Any variation moves it towards circular or even tiered architecture (with a bizarre slope).
The benefit is that data passes along in a cycle, reducing replication conflicts. Save conflicts are entirely different as people across the string could be editing the exact document on every server. Timing, as I mentioned, also becomes and issue since it could run any amount of time to get the data back and forth. If a server or network is down, the others will replicate as scheduled, yet that missing link in the middle brings the idea of timeliness to a screeching halt on each end.
The end result is a long line of servers, spread in the same room or geographically, that have a start and end point. Sure, you can argue that every topology has a start and end point. But with the proper hub cluster setup, only an individual spoke failure would affect any users. In end to end design, there are too many holes along the way.
|The Dynamic Client Configuration
(DCC) process is vital to several features of Lotus Notes and Lotus Domino
6. This document will help Notes/Domino administrators find the information
needed to better understand and troubleshoot this process.
What is Dynamic Client Configuration (DCC)?
DCC is a Notes client process that synchronizes certain information between Notes clients and Domino servers. The DCC executable, ndyncfg.exe, is located in the Notes client program directory.
What does DCC do for me and my users?
It does a lot! To begin with, DCC populates the Client Information section on the Administration tab of Person documents. DCC is also required for the proper operation of certain AdminP processes such as "Move Mailfile" as well as new Notes/Domino 6.x features including Policies and Roaming Users. So, if you encounter issues with any of these processes/features, remember to troubleshoot the DCC.
What triggers DCC to run?
Dynamic Client Configuration runs when the user authenticates with their home server, and either their Person document has been modified, or their assigned Desktop Policy has been modified since the last authentication. DCC is designed as a push mechanism only from the server to the client. The DCC updates settings on the user's workstation based on the current settings in the user's Person document and any Desktop Policies that are in place. For example, if changes are made to a user's Person document, DCC will detect the changes when the user connects to the server, and then push the appropriate changes down to the client.
How can you confirm that DCC is actually running?
By default, the DCC is installed with every client and runs daily at the first user authentication with the server. When DCC executes it adds the following lines to an entry in the Miscellaneous Events view of the local LOG.NSF:
How would you know that DCC is not working?
An easy way is to look in the Domino Directory (NAMES.NSF). There should be Client Information on the Administration tab of each Person document. If that information is missing, or the information is there but not up to date, you may have some DCC failures. Also, if your policies, especially your desktop policies seem to skip certain people, that could possibly indicate a DCC failure. This also applies to roaming users and mailfile moves via AdminP. For additional information, refer to the technote titled "Known Policy Issues with Dynamic Client Configuration" (#1137728). If you have intermittent failures, you may need to troubleshoot DCC.
2. Select Actions -> Advanced -> Set Update Flag
3. When the prompt "Allow administrators to keep this location's settings up to date with those settings on your mail server" appears, click "Yes".
4. Save and Close.
2. Select Actions -> Remove Address Book Preferences.
What do Address Book Preferences have to do with DCC?
Good question. When you select the option to "Remove Address Book Preferences", you are actually removing the directory profile document (directoryprofile), which contains something called $DynInfoCache. With this document deleted, the cache will be completely rebuilt when the user re-authenticates with their home server . Note that, the user will need to re-set certain items if they have customized the preferences of their personal address book (e.g., the group sort order, the format of contacts, and the address format).
Are there any known issues related to DCC?
There can be, but as of Notes 6.5.4, most known issues have been fixed. However, since you may be running earlier versions of Notes 6.x, here are some issues you may encounter:
Sorry for the delay, but other posts were taking precedence. So let's get right to it.
One of the dilemmas when building out the infrastructure is how to start the replication topology after you break away from just one server. Let us not debate why someone does not have a cluster, just live with the fact that plenty of sites out there still have a single server. When there is two servers, it should be obvious. One calls the other and it is done. Add a third to the mix and decision making seems to evaporate faster than spilled drinks in Las Vegas right now. For some reason, some admins find it necessary to create a replication connection from one to every other server over and over (Please note the spaghetti reference from class 101). Instead of planning a hub architecture right from that point, the confusion begins.
The good part of this topology is that there is no dependence on a hub server in case of failure. If you have 3 servers with all these connections, and one fails, 66% are then still in sync waiting for the third to come back on-line. Awesome idea. You do not eliminate everyone having current data with a failure.
Yet, most admins want the data to replicate every few minutes all day long. Amazingly at the same exact start and end times with the same interval in each connection document. This leads into two things:
- Large possibility of replication/save conflicts as data access and updates take place. If this application needs that much replication, you can bet it is getting updated regularly and by numerous people.
- This is like the 1¢ slots, you play those, soon the 5¢, then 25¢, then 1$. Soon you are betting large on the roulette table that you make document 1 get to server C cleanly and in some timely fashion.
SO what does all this get us. Peer to peer almost works for two servers, yet calling each other back to back doesn't really make sense. So start thinking about which should be the hub and plan accordingly.
... it was expected to be fixed in Beta4 but unfortunately it didn't get into this build. It has been categorised as a 7.0 ship stopper so it should be fixed prior to GA.
The second issue was after upgrading the client form beta 3 to beta 4. I was getting an error on the Welcome Page. The client would still open, you just had to get past the error. It then gave a gray area on the Welcome Page but rendered the rest of the information correctly.
Formula Must Evaluate to Text
I heard back directly from some of the wonderful folks at Lotus stating that they thought this had been fixed. So they gave a fix that involved either replacing bookmark.nsf with the new one they put in the forum, or following a set of instructions they provided. Here it is for anyone that needs it. Thanks to Debbie for getting it to me so quick.
Open bookmark.nsf in designer
Go to the Views
Click on the view called (Downloads) and click Design - Preview In Notes
You will most likely see two $branding documents there.
If you do, go to the "multiple $branding documents" section below.
If instead you see two documents with the exact title of $branding4AA10721D4DE2AFF85256D4F003B84B4 go to "multiple $branding+UNID documents" section below.
multiple $branding documents
Look at the far-right column for the UNID's of the $branding documents.
Select the $branding document that does NOT have a UNID that starts with "3493F249..."
Press DEL (ignore error message)
Press F9 key so that the $branding document is permanently deleted from the database
Close the view
Close Notes and reopen.
The "Formula must evaluate to text" error should not appear.
multiple $branding+UNID documents
If you see two documents with the title of "$branding4AA10721D4DE2AFF85256D4F003B84B4"
Look at the far-right column for the UNID's of these documents
Select the document that does NOT have a UNID of "3887F989A309670F85256F97004F"
Press DEL (ignore error message)
Press F9 key so that the $branding document is permanently deleted from the database
Close the view
Close Notes and reopen.
The "Formula must evaluate to text" error should not appear.
There are a few options of topology design when you have multiple servers in a Domino domain. You can classify the architecture in a few different ways:
- Hub & Spoke - A typical design where a central server pushes and controls changes to all the servers around it. You update one central source and everyone gets happy eventually. But, if there are too many spokes, you can have times where the hub cannot reach all the servers during a cycle. So you moved to the next couple ways. The other downside relies on one central server for all updates. If the hub dies, so does the topology.
- Multiple Hub & Spoke - Here there is more than one hub, possibly even in a cluster, that handles the updates to their own sets of spokes. This allows redundancy for the centralized architecture and lets the servers make the rounds updating the spokes. This works well in a good LAN speed environment. The downside, not too many if the central hubs are in a cluster. That way data can pass across spokes fairly quickly on opposite sides. If there is no cluster, see above.
- Tiered (Binary Tree) - Taking the hub and spoke idea a bit different, a central servers updates two or a few servers. Those servers update two or more each and so on down the pyramid. This works well if you have some good network connections to a few servers and then those have some decent speed to downstream servers without the top having that speed access. Otherwise you could go back to hub and spoke. The downside is that in a large tiered environment, it can take some time for a change to go up and down the tree if they do not share a parent server all the way to the top. I have seen some tiers that cross somewhere in the middle to alleviate that and leave the top server for administration and NAB master.
- Ring - Simple enough, servers call each other in a circle updating, adding and deleting as it goes. The downside relies on a large ring where it can take some time to get all the way around. Also, if one server in the ring goes down, so goes the cycle.
- End-to-End - Basically data starts on one end, passes through multiple servers through replication and then comes right back. Timing becomes and issue to make sure that data can make it all the way down and back before the next baton is passed. Think of it as runners that pass the baton, and if one runner takes off too early, who knows where the baton is.
- Meshed (or Peer-to-Peer) - This is basically random servers that call other random servers. It is all made with some reason when laid out, but you are never quite sure how or when data is getting to somewhere else. It just shows up.
- Spaghetti - This is the last result and the most frustrating. Admins just create connection records form one to all the others, over and over again. For each server in the domain. Replication conflicts occur, the servers have no idea who owns the database, and design changes fly everywhere. I usually encounter this when doing audits of domains where they keep patching and adding band-aids instead of fixing the real issue. No topology design.
So there we are. We can now mentally picture multiple types of topology right? But the path of decisions is yet to come.
I actually present some of my thoughts in my sessions around IM and mail management and policies. Most enterprises have some form of Internet (browser) usage policy in place that the employee signs when getting hired. Most of those seem to be done in combination of HR, for harassment issues, IT for technical and virus type issues and finally someone concerned about legal reasons to restrict content.
The availability of email policies if very light. Most only consist of notifying the employee that the email system is the company property and not to use email to transmit personal email (yeah right) and confidential emails.
IM policies seem to mainly be nonexistent everytime I ask the question. Surprisingly they only know they are told to standardize and block consumer products But nothing else. The problem fits your article well. No one wants to step up to the plate and restrict what is becoming a mission critical application. No one group wants to take the blame, or downfall or making a policy for IM usage that does not fit every department. Plus, there seems to be plenty of people that needs exceptions to the rules. ie: Sales for outside contacts (who can find the SIP/SIMPLE standard that actually works across two different products all the way?)
OK, that was starting to turn soapbox, let me stop. Do you have all the necessary policies in place?
SIP uses the Uniform Resource Identifier (URI) as an assignable tag for the reason of subscription and notification. In this case the URI would be Bob's email address. You can think of your phone as a URI since it identifies only your house or cell phone.
Once cool thing about SIP is that any user can register numerous devices to be assigned and then (with technology) each device can be tried at once or in order. The phone company does this now when you call a main phone number which then rings your cell and then a pager if necessary.
The Canadian company said a second North American outage on Wednesday was the result of an unrelated "hardware failure." A RIM statement said a "back-up system functioned with lower capacity than expected and the lower capacity then caused latency in message delivery for some customers."
RIM declined to elaborate on the number of customers affected or the nature of the software and hardware involved in the two incidents. The company also seemed to dispute the magnitude and length of last week's disruption.
Cellular carriers Cingular Wireless and T-Mobile said on June 17 that service for all of their BlackBerry users--at least 1 million people, but probably many more--was down nationwide nearly four hours.
Has Blackberry implementations become a required commodity at your enterprise like the phone and IM are? Is their major upheaval with this kind of outage or do people get along fine without the Blackberry for short amounts of time?
Companies should not ban employees from writing down their passwords because such bans force people to use the same weak term on many systems, according to a Microsoft security guru.
Speaking on the opening day of a conference hosted by Australia's national Computer Emergency Response Team, or AusCERT, Microsoft's Jesper Johansson said that the security industry has been giving out the wrong advice to users by telling them not to write down their passwords. Johansson is senior program manager for security policy at Microsoft.
Now where did I put that piece of paper I wrote the certifier all my password(s) on?
a Domino environment running for some time under R4 into R5. They aggregated a while ago into the Domino Directory for LDAP (as well they should right?) and all was well. They were point to attributes, pulling information, authenticating.
Then the upgrade to Domino 6. Some authentication and lookups stop functioning. The schema database was recreated properly. Some applications still work great. Yet some lookups are failing now from some other systems. Binding works fine and all use the same account to bind. What oh what could it be?
|In Domino R5, the LDAP attribute
Shortname was set by default. It mapped to the field "Shortname"
in the Person document. However, in Domino 6.x this attribute does
|Both Shortname and UID map to
the field "Shortname". In Domino 6.x, the attribute Shortname
was removed as this was redundant.
It is possible, however, to add the attribute with the following steps:
1. In the Domino Directory create a Configuration document set to be used as the default settings for all servers (on the Basics tab).
2. On the LDAP tab, in edit mode, click the "Select Attribute Types" button.
3. In the drop-down box "Object Classes" select dominoPerson.
4. Click "New", type Shortname in the New Field window and click OK.
5. Click OK for the LDAP Attribute Type Selection window.
6. Save the Configuration document and restart your server.
NOTE: The above information applies only to anonymous searches; this does not actually add the attribute back for LDAP.
The document titled "LDAP Queries On "Shortname" Fail To Return Results" (#1160538) describes how to put the shortname back in the schema, and so would then work for authenticated searches. Both steps must be performed for authenticated and anonymous searches.
Here is the one tip that made it into a new slide yet no the actual cd's that went out to attendees. You can troubleshooting the integrated Notes client connectivity for Sametime by using a notes.ini parameter.
The Notes client must be restarted but it provides some useful information on connectivity and some buddylist issues.
Carl always says it best. If you do not understand that FQDN matters in Sametime, then don't load Sametime. Of course, I am paraphrasing there, but it is so true. A Sametime cluster name does not get referenced except internally inside the server in stconfig.nsf. You will use a virtual DNS entry for the cluster through some sort of load balancer. A Domino cluster is for the clients and servers to find and talk to each other only.
I found that having some form of similar name matching for Domino clusters worked wonders to identify where the Sametime cluster resides. Now is a Domino cluster required? I would say that for vpuserinfo.nsf it is of course required. How else would buddylist changes get pushed across. If you are using LDAP then the directory is of no immediate importance so you are pointing to the same clustered source. Admin4 won't process much since there are no name changes on the servers directly.
There you have it. Then again my mind is like butter as I prepare for this week so I know that sounded (read) like a bit of ramble.
Blogger's note to his faithful readers:
So I wrote a bit more below but on third reading edited some. I thought that heck, here is a quite a bit of a guide the past few days to get you rolling, but just hire me to do that darn thing for you instead :-) It might be my hunger thinking that right now, or small amounts of greed. Bwa ha ha ha ha!!! But either way I loved the experience of doing it again at a customer site since we already do this on our hosted side and have the steps down to a nice science. Anyone upset over that? Forgive me in advance if so
Ok, down to business. Carl was right in saying that the client chose the F5 hardware based solution for load balancing. We have it set to load balance some ports and let the servers talk to themselves behind it on others as necessary. Server 2 had a hard time understanding it was to really run Sametime, so it spent a lot of time overnight on the naughty mat as I stated and for punishment got reloaded today.
So chat fails over from the Java and Sametime Connect client. The Notes client does not have that ability in the current releases, but that is on the list for later ones. Instant Meetings are a whole other posting that needs to be done with some sort of Matrix that only the Swedish Chef from the Muppets could understand.
One key thing when setting up Community Clusters, do not forget to work with and choose if you wants Secrets & Tokens or SSO. Don't try and be fancy and do both. Domino has hard enough time, then layer Sametime and it's ability for S&T and you get a deadly mix. Yes it does write to the notes.ini when making this change but playing with that isn't the route to go. You should sneak and see my session on notes.ini deciphering at Admin2005 for that.
One other side tip, we learned another important lesson. Sametime debug parameters rely heavily on ] and not on } now don't they?
Now instant meetings are started on the home server (or the one connected to in a cluster) so if that server dies, then you lose that meeting when you fail over. Now this is where one server became a very very bad server. One of them decided that it would not start a meeting no matter how hard we begged. So a quick rebuild tomorrow and we will test that last piece. I have one remaining question. If I am on the server that stays up as the owner of the instant meeting and the other participant was connected to the server that dies, will they stay in the instant meeting and reconnect for chat? Oh those begging questions to be answered.
Anyone want me to run through the steps of how to cluster two Sametime chat servers?
After some brief time of just getting to know more particulars about their Sametime environment, we got right into it. Look for some tips as we move along the next couple days. For starters, most of you already know how important DNS is to Sametime. It becomes even more important as you deploy some sort of load balancer. Note I said load balancer and not round-robin DNS entries. There is no heartbeat or knowledge of a server being down in that approach and ultimately, the scaling and deployment will fail miserably. So they were well prepared with a hardware load balancer solution in place. But, due to DNS update times, we got most of the cluster built, documents created and servers ready and had to wait till tomorrow for a move of some DNS names.
I will cover the document building in the next post, my Chimichanga is here.
SSL session resumption greatly improves performance when using SSL by recalling information from a previous successful SSL session negotiation to bypass the most computationally intensive parts of the SSL session key negotiation. HTTP is the protocol that benefits the most from SSL session resumption, but other Internet protocols may benefit as well.
By default, the server caches information from the 50 most recently negotiated sessions. This number can be modified by setting the variable SSL_RESUMABLE_SESSIONS in the NOTES.INI file. Increasing that number may improve performance on servers that tend to carry large numbers of concurrent SSL sessions.
SSL session resumption can be disabled by setting SSL_RESUMABLE_SESSIONS=1 on the server.
SSL_RESUMABLE_SESSIONS has no effect on the Notes client. The Notes client will cache the most recent SSL session.
Note You cannot configure SSL sessions to time out and expire.
Let's give it a shot and see if the results
are of benefit, will let you know
- If a lot of mail is coming in for non-legitimate addresses, then it can be directory harvesting or even a DoS attack
- If mail is going to large groups at one time, and not from an internal or approved course, it would be tagged as spam if from a single source
- Mail flowing between people in the organization can be checked as well
Plus, if the mail is encrypted (Notes), then how would many of these appliances even read the message to begin with? There is no ability to track content then. Then how do the users manage retrieving the mail that has been quarantined by the appliance? What interface is available? Do administrators have to do this manually? How are the signature and content files updated? What is the support for blacklists, whitelists and even SPF or Domain Keys? Just things to think about.
- Strong industry leading security. Up to an unmatched 4,096 bit encryption technology.
- Extensive privacy settings and block list abilities.
- Create private conference rooms.
- Integrated web search technology from BlowSearch.
- Customizable sounds and notifications.
- Full message logging capabilities including export of conversations.
- File transfer capabilities between users.
- User profiles, public or private. You control your information.
- Chat rooms galore. All categories with admin capabilities.
- Tabbed interface allows for easy access to launching desktop applications.
- Updated scrolling news and information.
Blowsearch Secured Messenger utilizes theOpenSSL library to provide encryption routines for your Instant Messages. We use a combination of randomly selected schemes and bit lengths, ranging up to 4096 bits, with additional algorithms added in to make your messages even more secure. We start with an RSA foundation and move out from there.
So I am downloading and playing with it some. Anyone want to test?
- If you leave the second NIC enabled then it will start trying to grab that NIC as the bind and tunneling and whiteboarding starts to fail
- If you disable the second NIC and run enterprise backups across it (as most companies will), then you screw yourself there
- If you move a NIC out of the NAT into a DMZ or other area, you expose the server
- If you chant loudly "Sametime rules the planet and LCS is a spawn of Satan" nothing happens but you feel better about your decision to use Sametime
Ok, I am kidding about the third, I mean last one. Needless to say I need everything to work together. Backups, two NIC's and Sametime with tunneling. By the way, yes Lotus pushed out a technote under #1088421 Link
Application support in most companies is already a nightmare, but having a mix of local applications make it far worse.
Ed has prompted us on the security patches, which is always an important reason for the upgrade. I will keep you up to date as I finalize the cluster upgrade and all the clients through Smart Upgrade
- No categorization - meaning there is no description area or ability to group them together from a drop-down list. Maybe that list comes pre-built from Lotus or maybe it is open so you can add your own as you go along.
- No sorting - this follows right behind categories as there is no way to sort the rules in the server or email file. How are you to find any certain rule if you have to scroll and hunt.
- Order in embedded view is only shown as the order the rules are applied to the message. This goes to sorting
- You cannot use special characters - Now I am not implying that every character should be used. But if you ever tried to be creative and use a "\" and perform some rudimentary sorting you were in for a surprise. Everything after the slash is ignored. So yes it looks nice, but the rule is then not applied properly to any mail message. This also removes the possibility of wildcards.
- The amount of rules in mailfiles should be decreased. Finding the appropriate rule in a list of 100 becomes unreasonable. Compounded with the current issue of some rules staying active after deletion makes finding them to help users a long trek.
So yes, there is some good things. The ability to sort mail on the fly is awesome for mail management. The ability to have numerous strings of AND/OR makes adding exceptions to rules easy. (yes mail can get lost in the matrix if you do not understand all your rules)
So there is some quick thoughts! Any of your own
First we ran into the Sametime server binding to the wrong NIC card. This was causing the MUX to act like a person in the mall that forgot where they parked the car. They knew it was in the garage somewhere, but were busy looking on level 2 instead of level 1. This lead to it thinking the port was stolen. Much like a person would think their car was also. The solution for now was to disable that second NIC card. The sametime.log file then showed that the MUX was binding to the right IP address and NIC card. Then that card is NAT to the Internet .
This is where the firewall comes into play. So what we are looking for as the final result is that the MRC (meeting room client) of Sametime will download to the meeting attendee and try the standard ports to access the Sametime server for the meeting. If those ports are not available through their network, or we are preventing them from getting in via the firewall, then the MRC should try port 80 for a tunneled connection. However this is where you can have awesome success or some failure. So here is where it stands on how to do it.
Install your 6.5.1 server as tunneled, if you did not you can always make the changes manually. Quite simply too. Then open the firewall for ports 80, 8081, 554 and 1533. This will allow tunneling and also attempts at direct connect for screen sharing, whiteboarding, chat and broadcast meetings. This has nothing to do with audio/video tunneling. That is a whole other topic.
Unfortunately the only technote that is close, and describes the problem almost exactly, has no fix. The almost exactly part states that you get MUX exception errors in the Windows Event Viewer only when the service terminates normally. So basically, don't worry about it. But I am getting the exact error, on the exact operating system version while the server is running and not shutting down. Still the answer is quite simple:
This issue has been reported to Quality Engineering.
UGH! Updates on the solution as they come in.
You can adjust the indexes and expansion factor as you wish, but they were not high enough to begin with. So we started that morning with an unstable 6.5.1 server cluster, with availability somewhere in the 40/14 range with the 40 being the internal server. After the upgrade to 6.5.3 we saw the availability jump to 75/30 on normal load. This tells me there was some improvements along the way in stability and scaling. Yes, they do use iNotes very sparingly on the outside server. Most load is the clients accessing mail and applications.
What is the point to all this? Well the expansion factor stayed low on the outside server, around 7-8 but jumped to as high as 60 when it was the only server and we were upgrading the internal one.
My guess is that the outside server was sending traffic randomly between the internal NIC and external NIC to talk to the same server. But wait, you say! Chris, you said one was internal and one was external. Due to their architecture, you can get to the outside server from inside to let them have some sort of cluster. But, since the connection records use DNS, it reads the external IP address and tries to go out through the proxy and Internet to connect to the server. The organization does not run internal DNS and relies on the ISP.
I verified they did not have any ini parameters to adjust the availability and help regulate load. They did not and were allowing Domino to decide the factor on the fly for them at each polling. To make this shorter, we decided to let it sit this weekend and get a better range of availability with a couple days of usage instead of relying on the few hours after the upgrades.
More on Monday or Tuesday on this topic then.
We were called in last minute to help scale a LearningSpace infrastructure. The website itself will be public, but where we had to go was not. It is amazing the security precautions and what you go through to even move a server from build-up to production. At least three different groups are involved in that activity and once that server leaves the build-up, odds are (if it stays running) you will never see it again except through a remote console.
So let's move into the tech side since I can't say any more detail about the above. It was a simple tiered architecture without much redundancy. The real issue was the number of concurrent users they get now and what is expected by Aug. There was no way that they could handle the load. We ended up taking the 3 server environment to 7 total with some hardware load balancers. All this was architected, installed, configured and ready for production in two days. The site will actually go live on their scheduled outage time of Tue nights though.
The end result was a LearningSpace 5 environment behind a few firewalls, a load balancer, then 4 core servers, 2 content servers and some back-end database servers to provide the redundancy and scaling needed to reach their concurrency goal. I would love to give the nitty-gritty details like usual but just be happy and pleased with that. But no, they are not using LDAP so there is no tech info there.
since R6 it is official that the users names.nsf can live on a server (a.k.a. Roaming profile - We did that for backup since R4). With a little scripting help we do:
a) synchronize the users NAB with the Names in the mailfile automatically (user doesn't even know that they would need to do so)
b) Filter out the names from the public NAB. Here we tried two strategies: either remove them from the users NAB (which p***d some users off) or exclude them from the sync with the mail file.
So he is saying with the roaming feature enabled in Domino 6, they are pushing names to the mailfile in the background with scripting or filtering out public address names. I fully agree with the second choice for a couple reasons:
- If the user is utilizing Domino Web Access (DWA) then why would they need the public addresses in the personal address book? The server has that directory as an option. Sure, we could go so far as to say DOLS, but why not then give them the public directory in DOLS also? Makes sense to me.
- If you filter the names from the public NAB and then push a mobile directory catalog for users requiring it, you guarantee updated names, addresses and encryption keys for all users. Plus doing this on the server side (could be a strictly roaming server for scaling reasons) would take the user end scripting out of the picture also. A nightly scan could be done. Once again some would say they store possible personal or additional information in the local listing for another employee that you would not want or shown in the public listing. So let's just make the filter match the public listing and even match the public key. All would be satisfied that way.
I guess where we are heading in all this is the option to guarantee that addressing will not fail and there will not be those weird names when addressing from the web in DWA.
Of course we (as administrators) expect this behavior. But the way the name shows really throws users off Here is a screenshot, and yes it was blurred some but you get the idea. I didn't want the names out there for gosh sakes.
As you see, the yellow part says more than one entry was found for the name and the white part shows both the way the user would see it from Domino and then one that almost looks like LDAP. This server has no Directory Assistance or Directory Catalog in place. So through testing and troubleshooting using our own mailfiles, if you had an entry that did not exactly match the server NAB, then this pop-up would show. If they did match, the mail would address as normal and off it went. So no more typing in names in your personal NAB of people from the Domino Directory folks!
Well we came across an issue where the checkbox to enable Instant Messaging could not be found in the Domino Web Access preferences. I know it should be there, and the users had a Sametime server specified in their person records. I was dumbfounded that it wasn't there for some reason. So I broke out the laptop to do a quick search of the Knowledgebase. The new IBM support for Lotus really bites and sometimes it seems you cannot even find technotes with the darn number in the first place. So here is the exact reason (technote #1190873) that is was not showing, matching down to the version. Who knew they made this little gem of a change? Quite frustrating when a point release makes a change like this for some reason.
|In Domino Web Access (iNotes
Web Access) 6.5.3 or above, you want to use the Instant Messaging feature.
The Help documentation states to do this you must enable Instant
Messaging via Preferences > Other > Enable Instant Messaging. However,
when you navigate to this area the "Enable Instant Messaging"
option is not there. This option is definitely available in previous
releases of Domino Web Access 6.5x.
|This is working as designed
starting in Domino Web Access (DWA) release 6.5.3. An enhancement
request was made in DWA 6.5.1 to hide this "Enable Instant Messaging"
option in the user preferences if the DWA server is not configured for
This request was addressed in DWA 6.5.3.
Excerpt from the Lotus Notes and Domino Release 6.5.3 MR fix list (available at http://www.ibm.com/developerworks/lotus/):
- The download includes an updated template for the Sametime Meeting Center (I always presumed this database name won't change since it is hard to type Lotus Web Conferencing Meeting Center onto a desktop icon). This new template has some changes for the adapter, but of course will wipe out any customizations you might have made to your own template. So, as always, back it up first before the install.
- Next is a catch with the Sametime Meeting Room Client (MRC651). This downloadable piece that gets installed when you participate in meetings (remember the nice grey screen as you wait for a server, that is this downloading). Well if the user does not have permission to install or this gets blocked then the meeting won't work either.
Now if you play with this new feature and don't like it or want to turn it off there are two simple steps you must perform. Yeah simple, right.
1. Open the stconfig.nsf database and edit the MeetingServices document. Set the Audio Bridge Services field value to "false."
2. Run the "regedit" command and change the following registry setting to "0":
So we are playing with this new piece and will let you know as the test goes on.
You may observe that a deleted mail rule continues to function, even though it no longer appears in the Rules folder. You may also observe that an enabled mail rule does not run.
So they go on to provide two scenarios where this might occur. If you actually delete the rule, it might still be hidden. They show steps to see the hidden rules that I wanted to pass on.
Look at the Calendar Profile using NotesPeek or LotusScript and you will still see the corresponding $FilterFormula_x field present.
Now there is a ton of resolution scenarios that are listed in the technote (#1088058) but this was the most important thing to pass on right away.
This occurs when a rule was deleted while it was still enabled. This causes the rule entry in the Calendar Profile to not be removed. In order to avoid this issue in the future you should be sure to always disable a mail rule prior to deleting it. Ways to workaround this issue (and remove the rule entry from the Calendar Profile) are listed further below.
So make sure you disable the rule before removing it. Seems to make a world of difference until this get sorted out in a future release.
Place: Data Center with smiling sales rep and customer
Customer has a server for some time and adds a domain for web and mail as they merge with another company. Following easy DNS we make a new DNS zone and create MX and A records for the new domain. Wow, the world of the web and email is great
Place: Data Center and Customer Site (flip back and forth) with smiling people
Customer goes for years with awesome performance and no issues
Place: Customer site and Data Center with people running around and banging on keyboards
Customer fails to renew one of their original domains. This domain was used in the reference for the CNAME and MX records for the merger. Suddenly mail and the website cannot be found and no apparent reason. After much troubleshooting we tracked it backwards and made the appropriate changes to get it back in line.
Place: Cubical with people with missing hair in patches
Closing scene with customer. Phone conference explaining to them that they let one of their original domains expire. This in turn broke the other domains that referred to it through CNAME and MX.
Writer summary: For gosh sakes check your DNS tables and make sure you are current on domain registrations
Creating the blog was just as easy as any other site. Log in with your Passport of choice and choose a URL (of course my title was "IdoNotes more than Exchange". Not bad. You can then fly right into the blog itself or choose a color/theme for the blog. No big deal, reminds me greatly of Quickplace to be honest. Little snippets of the corner and color/theme and a checkbox you select before clicking Save.
Inside the blog the first thing I noticed was the 'admin' homepage. It showed recent comments and even trackbacks. I liked that. What did catch my eye was the link on the left to add music lists. Some of you know I am a music fiend. The little hook they put in was it would read your playlists from Windows Media Player.
The do allow HTML as any web blog should do, but it is mentioned that some HTML may be removed for formatting and security. I find this to be along the lines of they won't let you run any funny little scripts. You can make book lists, blog lists or custom lists that get placed along the sides. There are some pre-built categories for sorting the blog entries you make and you can provide your own as you go.
|In a Domino Web Access 6.5.2
mail file accessed via the browser, adding a name to the Buddy List from
the Domino Directory does not work unless the hierarchical name is changed
to a common name in exactly the correct case.
For example, if you attempt to add John Doe/ACME, you will not be able to in 6.5.2, although doing the same thing in versions 6.5.1 or 6.5.3 you will be able to add the name.
If the name is entered in 6.5.2 as John
Doe, assuming John Doe is the correct case, the name will successfully
be added. However, entering John doe or john Doe or john doe or JOHN
DOE, etc. will not work.
|This issue appears to be isolated
just to version 6.5.2.
As a workaround for the 6.5.2 Domino Web Access server, add the following parameter to the 6.5.2 Domino DWA server's Notes.ini file:
This setting will use the Sametime Connect for browsers user interface, rather than the Domino Web Access chat user interface.
I run beta 2 of 7.0 and he runs a 6.5.x version. Now opening the same database from the Notes client works just wonderfully, but not from admin. Go figure. Just a little tip.
Cerulean Studios has added support for Apple's Rendezvous protocol to its popular Trillian instant messaging application.
With Rendezvous support, Trillian now will offer serverless IM capabilities for users on the same LAN.
While all this is only available in the Pro version, they added another feature or two to entice you.
In the new Trillian 3.0, the Rendezvous plug-in allows employees on the same LAN to automatically discover each other for messaging, file transfers and videoconferencing.
Paid users also get access to plug-ins for connection to Jabber and Novell GroupWise Messenger, and video-chat support with enhanced logging capabilities.
Trillian 3.0 also adds several bells and whistles, including an "Instant Lookup" tool that integrates with the Wikipedia online encyclopedia to offer real-time information based on text conversations
With the Sametime plug-in that IBM Alphaworks currently has out, let's just figure out the licensing issues.
Of course, adding the group straight from their directory would be nice, but what would happen if you both had groups with the same name? So I do get why they did it that way. Mainly in the first implementation.
|You use the Sametime Session
Initiation Protocol (SIP) Gateway to chat with users in the external Sametime
community and would like to add groups of SIP users to your buddy list
instead of adding them one at a time. Is this possible?
|Currently, you can only add
one external SIP user at a time to the Sametime Connect client buddy list.
An enhancement request to add a group of SIP users at one time to the buddy list has been submitted to Quality Engineering.
|You have configured Domino Mail Journaling for your system and have configured the appropriate mail rules. Mail Journaling is working as desired; however, occasionally a message is duplicated in the mail journaling database. Why is this happening?|
|There are two scenarios in which
duplicate journal entries can occur: |
1. A message is composed with at least one internal Domino recipient and at least one external SMTP recipient. The message is duplicated as long as there is at least one internal and one external mail recipient.
2. When all recipients are internal Domino users, they have different values for their preference for incoming messages in their Person Document in the Domino Directory (names.nsf). For example, User1 has "Prefers MIME" option selected and User2 has "Prefers Notes Rich Text" option selected. When a message is sent to User1 and User2, the message is duplicated in the mail journaling database.
As a workaround, try the following:
1. Verify that the sender's "Format for messages addressed to internet addresses" on the Location document and set this value to the same value as the internal user's preference for incoming mail. For example, both are set to "Prefers Notes Rich Text" or "Prefers MIME".
2. Set the mail format preference in the Person document the same value (either "Prefers Notes Rich Text" or "Prefers MIME" for all internal users.
Both scenarios have been reported to Quality Engineering team; however, there are no plans to address these issues in the R6 codestream.
|When you are working in your
mailfile, Notes crashes. It does not happen every time, but you notice
it happens more often when you have a preview pane open.
Your Notes client crashes in the following situations only when the preview pane is open:
|This issue was reported to Quality engineering and is under investigation. You can work around this issue by keeping the preview pane closed. The preview pane can be disabled by clicking the word "Preview" on its title bar or on the down arrow next to it.|
After a brief walk, much "shoot the monster' on the PS2, my head was clearer and I could get back to working with the configuration files. I don't much like the effort of having to go into text editor for .properties and .cfg files to place absolute paths. There was even a large environment variable that had to be manually entered into the Windows system. That to me just seems wrong that the install package doesn't account for that yet. Troubleshooting a typographic error there could take some time. Troubleshooting ones in the text editor is much simpler.
So, getting back to the story. You have to place the path where you place ILWWCM files, the node information for Websphere in some places, the host name (for gosh sakes) and definitely the port information over and over. I would think it should come with the host name (pulled from what you type in during install) and append the port. Then there could be specific instructions on how to modify it outside of the standard if you so desire. I did a lot of Find-Replace commands with Wordpad as I went through the instructions.
There are also lines that you comment and uncomment with the # sign, but that is not so unusual and did not concern me as much since this is not a GUI type managed configuration.
But once installed, the management screen was consistent throughout the steps I went through on customization. Some of the menu items were not easy to grasp at first why you only saw certain documents, but flipping around I could find what I wanted.
More later, phone........
|Are IBM Lotus Domino Web
Access (iNotes Web Access) and IBM Lotus Domino Off-Line Services (DOLS)
supported under Windows XP with Service Pack 2?
|Currently, neither Domino
Web Access nor Domino Off-Line Services are supported when running on a
Windows XP operating system that has Service Pack 2 installed.
Errors may occur when attempting to run DWA or DOLS on XP SP2.
Support for DWA and DOLS under Windows XP SP 2 is currently being researched.
|After installing a Sametime
3.0 Critical Fix 1 (CF1) server, users that connect to the server with
a Sametime 6.5.1 client see the error message: "Application version
does not match the server version. Please upgrade."
|This is an issue with Sametime
3.0 CF1 and has been reported to Quality Engineering.
There are two ways to fix the problem:
1. Disable Critical Fix 1. In order to disable the Sametime 3.0 CF1 set the VP_SECURITY_LEVEL ini parameter in the sametime.ini to 0, as described in technote #1145812Link.
2. Copy the stsecurity.exe file from a Sametime 6.5.1 server and use it to replace the original 3.1 CF1 version, as follows:
a. Stop Domino on the 3.1 server.
b. Rename stsecurity.exe to stsecurity.old.
c. Copy the stsecurity.exe from the 6.5.1 server to the Program directory on the 3.1 server.
d. Start Domino.
Dynamic Console Logging
Starting with Domino 6.0, the Domino server creates a console.log file by default in the "IBM_TECHNICAL_SUPPORT" folder, which is located in the server's Data directory. The development of the console.log file, which can be dynamically enabled and disabled at the server console, makes the use of the parameter debug_outfile no longer recommended.
For backwards compatibility, when debug_outfile is present in the notes.ini it takes precedence. However, using the debug_outfile parameter is no longer the preferred method for capturing console output.
Console.log is superior to the use of "debug_outfile" because it can be dynamically enabled and disabled at the server console, thus eliminating delays capturing crucial data. Server reboots are no longer required to begin capturing basic console logging, which is not the case when using the parameter debug_outfile.
- There may be a few customers who wish
to continue to use debug_outfile to rename the log file or to relocate
the log file to a different directory via debug_outfile=
- If you just want to relocate the directory these files are saved into, but are happy with the name of console.log, you can use another new parameter logfile_dir. Here are some examples of these parameters at work
|notes.ini parameters||show server output|
Console Log File: C:\Lotus\Domino7\Data\IBM_TECHNICAL_SUPPORT\mylog.log
|debug_outfile=C:\temp\mylog.log||Diagnostic Directory: C:\Lotus\Domino7\Data\IBM_TECHNICAL_SUPPORT
Console Log File: C:\temp\mylog.log
|logfile_dir=C:\temp||Diagnostic Directory: C:\temp
Console Log File: C:\temp\console.log
|Diagnostic Directory: C:\temp
Console Log File: C:\temp\mytemp.log
- If you place a debug_outfile=xxxxxx statement in your notes.ini and start the server, it will internally start writing to the log file, regardless of the value you might have set for CONSOLE_LOG_ENABLED (discussed below). However, the log writing will still respond to stop consolelog to stop writing to the log.
How it Works
- The Chairperson creates a meeting invitation in the Calendar view of his/her mail file and selects the option, "This is an Online Meeting". The fields for the type of Online meeting, the meeting place and attachments appear.
- The Chairperson clicks the address picker for the place and selects the Online Meeting document from the Domino Directory.
- When the Chairperson clicks the 'Save and Send Invitations' action button, the meeting gets mailed to the Resource Reservations database.
- The router on the Resource Reservations database does a lookup on the meeting notice, and once the router finds the field called 'External Address' on the meeting, the meeting gets copied and then forwarded onto the external address. The external address is the name of the Mail-in Database that is in the Domino Directory, usually named Stcs.nsf.
- In addition, the router mails a copy to the Sametime Meeting Center (Stconf.nsf). The router autoprocesses the reservation and sends an accept notice from the Online Resource to the Chair. The meeting is placed in the database for the external address, Stcs.nsf and the Sametime Meeting Center (Stconf.nsf) on the Sametime Server.
- The meeting is tracked by the Notes Calendar Servlet (Stcal) by its meeting identifier, which is the APPTUNID. When the Chair and invitees click the 'Attend Online Meeting' link in their meeting invitation, the browser opens the URL to the Sametime server with the link to the Stcal servlet, processing the meeting APPTUNID.
There you go, the flow of C&S when inviting
a meeting room.
I found a technote that linked to a Notes.Net article that can be found about Centrally Managing the Desktop. It was back from Domino 5 days but addresses many of the questions.
The components you can manage are:
The Mobile Directory
We'll show you how you can:
Move a mail file
Change an Internet address
Use a user setup profile to make location document modifications and add fields of your own design to the User Setup Profile
Add bookmarks and new replica stubs, including one for the mobile directory
Add new Internet server account information
Use multiple User Setup Profiles for users sharing computers
So take a peek at the article and the related articles, and we can close out DCC unless anyone emails me some questions.
You are using the Instant Messaging (IM) feature in the Lotus Notes 6.5x Client. After changing the "Sametime Server" field in your Person document in the Domino Directory, the Notes Client fails to automatically update the "IBM Lotus Instant Messaging Server:" field in your Location document, despite the Dynamic Client Configuration (DCC) feature being configured correctly and working otherwise.
Well that really sucks you say, what is someone supposed to do if DCC didn't get updated to include this when you upgraded to 6.5x you say?
While the DCC picks up other changes from the Person document and makes the appropriate changes in the user's Location document, the "Sametime Server" field from the Person document is currently not being supported by the DCC.
This issue has been reported to Lotus software Quality Engineering and is currently being investigated.
As a workaround, you can configure a Sametime Server in Desktop Settings and an associated Explicit Policy, and assign it to the user in his/her Person document. When the user accesses the Domino Server, the Location document will be updated according to the Desktop Settings/Policy.
So for those of you slacking on rolling
out policies, there you go! A reason to implement at least one piece.
What is Dynamic Client Configuration?
Dynamic Client Configuration is the Notes Client process that synchronizes local Notes Client settings with the user profile stored on the Domino Server. In Notes 5.x, DCC is used to sync user setup profiles. In Notes 6.x, DCC works with Domino server Policies to sync desktop profiles as well as setup profiles.
OK, so now we defined what it actually is, how about how it runs locally?
DCC is actually an executable file named Ndyncfg.exe and it exists in the Notes Program directory. It runs automatically only on the first authentication the user has with the server for that day. During the user's first authentication to the server, the server dynamic profile is compared with the client dyninfo object, which is stored in the Personal Address Book preferences. If there are differences between the dynamic profile and the dyninfo object, DCC runs. Otherwise, DCC will not run. Technically, Ndyncfg.exe can be forced to run by typing "ndyncfg" at a DOS command prompt, but this is not the recommended method of running DCC manually. DCC can be forced to run by clicking on Actions > Remove Address Book Preferences. This clears the dyninfo object on the client, and de-synchronizes the client dyninfo object with the server dynamic profile forcing DCC to run on the client's next authentication with its home server.
Now we see how it kicks off and how to force it. I tried it in some testing and yes, exactly as they say it seems. There was a caveat which we can explore tomorrow.
Dynamic Client Configuration runs when the user authenticates with the server, and serves to update settings on the desktop from the Person document on the server and any Setup Profiles/Policies that are in place.
This of course has nothing to do with replication. I bring this up since it was asked why DCC was not also being updated when replication took place. DCC only occurs when the user actually authenticates, not replicates since they are already possibly authenticated and active.
This all boils down to that is a great synchronization tool, but policies far outweigh what we are attempting to do.
The Indexer works from a queue that contains various requests for databases to be indexed. The Indexer reads a request from this queue, removes it from the queue, and performs the indexing functions. Therefore a single Indexer task works on a single database that it pulled from the queue. If a second request comes into the queue, the next indexer then removes the request from the queue and starts working on it. If both of these requests are for the same database, then the two tasks will work on the same database. More than likely, however, the two tasks will work on different databases.
Multiple Update tasks can update different view indexes within the same database at the same time. However, the full text index is one index; therefore multiple Update processes cannot update the same full text index.
NOTE: Having multiple indexers does not mean that performance will improve. Both tasks would be in contention for the same database semaphore.
In essence running more than one can be quite helpful, but not for full-text issues.
America Online Inc.'s announcement Wednesday that it would abandon its attempts to support Microsoft's Sender ID e-mail authentication standard are a serious setback for the Redmond, Wash., software company.
AOL still will provide Sender ID information for outgoing mail so that its users can communicate with e-mail providers using that system, but that will be the limit of support for the standard. AOL, meanwhile, is moving ahead with its plans to implement the industry-standard Sender Policy Framework.
But shortly after, here comes a news announcement on a new Microsoft patent that, arguably by some, mocks the Sender Policy Framework (SPF) used. Basically the supposed patent-free technology now has patents being applied for.
This time, a Microsoft patent made public Thursday appears to be broad enough to cover not only methods of the authentication algorithms for which Microsoft wants licensing but also the SPF (Sender Policy Framework) method being touted as a patent-free alternative, according to legal experts and participants in the e-mail authentication working group.
At the customer site, they have proxy servers and also restrict outbound 1352 traffic. So I could not reach many of the destinations I had in preferences. Well when launching the administrator client, it tried to reach the primary servers for the domains first, then the secondary. Since it couldn't reach any of them, it started trying others. What I started getting was numerous pop-ups stating it couldn't reach ServerX then ServerY and etc throughout the domains. It go to the point they were coming up as fast as I could click OK on the pop-up. Eventually the client just crashed and burned. I took it as a one time anomaly at first, and tried again. Apparently I was in a good mood since the same result. The answer? I removed many of the domains that I didn't use often from the preferences to get past it.
TiVo for iPod
Remember Adam Curry? He was one of the original MTV V-Jays,
before leaving the cable net for the inter net. The latest
of his feline nine lives is a nifty way to transmogrify RSS
for the iPod. We've got all the details on "ipodder," which
will help you increase your music collection, and maybe even
TiVo-fy your iPod.
RSS Comes to iPod:
Netscape at least gives you a nice HTTP error code of 500. Microsoft Exploder only throws a Cannot find server or DNS error out for some reason. But to make it short, here is why when you are running on Domino 6:
Sametime 3.1 and later releases run on a Domino 6 server. Domino 6 introduced two new fields that can affect this:
1. In the Server document > Internet Protocols tab > Domino Web Engine tab > POST Data section > Maximum POST data (in kilobytes) field.
2. In the Server document > Internet Protocols tab > HTTP tab > HTTP Protocol Limits > Maximum size of request field.
Change the values of these fields accordingly. Entering 0 in each of these fields allows unlimited size.
I would never recommend setting the value to zero, that is just asking for trouble in ways that no one has even dreamed up in error code land.
So let's just follow along on more of my thoughts and let the two postings work together. Chris covers header changes and brings up a point I was getting to on the receiving side posting I was going to do actually. Many of you scan, add fields and make all sorts of changes. My thought here is that to make this work the right way would be an investment on the receiver side to place a SMTP box that does nothing but check DomainKeys before sending the message through. This box would not scan, add fields, or do about anything but verify integrity. This whole thing also assumes that the sender does nothing to the message past the point of the sending server that is listed with DomainKeys.
So Chris summed it up right there. If there is changes made to the message after the sending and before the DomainKey can be verified, there is huge flaws in this plan. While whitelisting is something I have been playing with internally, it has a long way to go since you require management of a private DNS whitelist or, you have to trust a public one, just as you do the blacklist sites. I also pondered one thing, and that has to deal with S/MIME and keeping the encryption and digital signatures separate. I would imagine the content is of course S/MIME and the wrapper of the message is DomainKeys, but what about digital signatures. This is all leading me to a complete rewrite for verification that would cover all three. I could see this draft coming somewhere down the road. A single source solution that would eliminate having to keep track of whitelists, blacklists, keys for individuals and encryption. A buffet of sorts.
I can see abuse of public whitelist servers, of people trying to get themselves listed. How would that occur? Well some sort of verification one would presume right? And even if a domain is whitelisted, who is to say that is where it came from, or what if the sending SMTP host differs from the domain, as many of you companies do now.
OK, I had people coming in the office so I rambled through 14 topics in a short time, sorry about that.
Set up: The domain owner (typically the team running the email systems within a company or service provider) generates a public/private key pair to use for signing all outgoing messages (multiple key pairs are allowed). The public key is published in DNS, and the private key is made available to their DomainKey-enabled outbound email servers.
Signing: When each email is sent by an authorized end-user within the domain, the DomainKey-enabled email system automatically uses the stored private key to generate a digital signature of the message. This signature is then pre-pended as a header to the email, and the email is sent on to the target recipient's mail server.
So if we follow this, you as the faithful email administrator, must create the key structure and get it published in DNS for the receiving servers to work with. If you use a service provider for outbound email services, then there could be a longer delay or even non-support at getting this implemented. I do like the idea of multiple keys for numerous domains. Of course there could be management issues if DNS is not handled properly or no good tools are in place. I cannot see handling this with text files and FTP. A good management console would be a bonus. Then your mail server must be able to go out and check the key for verification. How many of you block servers from making outbound calls? And then each call would need to go to the DNS server for the domain. So making a simple list does not work. You will get referred all over the place as you do now for web address lookups for browsing.
Tomorrow lets talk about the receiving side and put all this together.
I love the part of faxes coming to the inbox. You do need to allot for DID or DTMF routing and numbers, which means acquiring more phone numbers for DID, or making people understand DTMF extensions. I use eFax a lot now for those brief faxes, so I see benefit here. Add a few phone lines to the server on a modem board and then allow people to send outbound also. Makes sense to me since every fax machine in the world is still 14.4 baud and no faster. So buying those 56k modems make no sense. Save the money and buy slower fax modems.
The only other big catch is voicemail doesn't work with encrypted mail, so if you encrypt everything this is not the right thing for you to investigate at the current release level. I know I can sound negative, but I always fall back into administration mode and how this will be architected. Go read the full article I linked above and get more information for yourself. The business reasons are definitely there. The drive and need are there to centralize all this and provide multi-platform access. It is driving the big bus up the hill that slows us down.
Even some games seemed to stop functioning. John Head should have issues with Unreal Tournament versions not working, LOL
Microsoft announced (today) that starting October 1st, mail received by Hotmail, MSN, and microsoft.com would be subject to Sender ID validation. Un-authenticated messages will not be rejected, but they will be subject to a higher level of scrutinization than messages which are delivered with proper authentication credentials.
Since the current proposal for Sender ID record format will be compatible with most of the syntax of SPF, you can use the SPF Setup Wizard to help create the right DNS records for your domain.
I would investigate the SPF Setup Wizard to see if your domain servers are ready for this. Mainly if you send a lot of mail to Microsoft directly. I am sure they sent you announcements also, but a lot of businesses use MSN still for some reason.
SolutionPlanet expects to release later this year its Admin-on-Air system, which lets Lotus Notes administrators manage and configure their Notes servers over cell phone or 802.11 links.
With wireless Terminal Services on the PocketPC, that lets me start and stop services already. I would love to see the Java Controller over wireless though. The best of both worlds, operating system and Domino all in one interface.
Websphere Edge, Whale eGap, Neoteris
|Domino Web Access||
Whale eGap, Websphere Edge (no Gzip), Neoteris, Tivoli SecureWay, iPlanet Web Proxy
|Workplace Team Collaboration||
Websphere Edge, Tivoli Policy Director, Netegrity
3.1 and 6.5.1
Websphere Edge, Whale eGap, Tivoli Webseal
Well AdminP cannot read MIME, so it must convert all those documents for AdminP to work on them. Apparently this has been going on even in Domino 5 but Lotus hid those conversational messages from the console and log files. So the MIME got a voice. No fear, you can quiet him back down to hand signals only, with of course a notes.ini variable
So a recent one came in for lost passwords in Domino R5. If you, as an admin, have not invested the time to implement password recovery in your organization, I would do that as soon as practical. We could have a long winded dispute about id storage, default passwords on id files and recovery. We might actually have it depending on responses and feedback here and email.
But if you are doing things the right way (this is in my eyes and darn it, this is my blog right?) then you are using unique passwords now, storing the id files in a secure encrypted database and have implemented password recovery. If you have ventured into Domino 6 you might have even spent the time to migrate to the CA process.
Password recovery on certifiers are an entirely different matter, I realize that. I am strictly speaking of user id files. As for the Google search, you could attempt to use one of the brute force tools on the Internet that can be downloaded, but invest the time to also stop this from occurring in the future. So do we need to discuss where and how to store id files?
I did manage to find a technote (1158614) that dealt with the issue and provided the simple answer. The iNotes60 template that shipped through 6.0.1 still related the design to the forms5.nsf database. Then in 6.0.2 and the 6.5 releases, they added the forms6.nsf database. Instead of re-pointing the iNotes60 template, which we all know would confuse users, they added the new one and then left it to you to change the template that was applied to user mailfiles.
- Mail comes from dtri2.rampellsoft.com (dtri2.rampellsoft.com [184.108.40.206])
- img src="://didtheyreadit.com/index.php/worker?code=c18feef2de6a615adcfc6282e8d60d31" width="1" height="1"
I removed the http part above so it wasn't a hotlink but it shows the clear 1x1 gif image they embed.
So through some work with SpamJam we can block it by looking for that image or just blocking mail from that domain entirely. You could of course use Domino for the domain blocking, but not the content piece. Rampellsoft is of course the company that makes Spector, ViewRemote and TypeRecorderX that is local spyware to watch everything someone does on a PC. So this is not a huge product step in their arsenal.
Amusement park Legoland in Billund, Denmark, has taken the concept of "lost and found" to a new level. If a child gets lost somewhere between Titania's Palace and Safari Park, a parent quickly can home in on the youngster's location using a cell phone and rented ID worn by the child.
At its opening day in March, the park launched this child-tracking system, which relies on radio frequency identification (RFID) and wireless LAN technology. If a child wearing a wireless-enabled wristband gets lost, parents can send a text message to an application called Kidspotter, which sends a return message stating the name and coordinates of the area of the park where the child is located.
I say low-jack those kids all the time. Nothing better than yelling at them to come home for dinner. They say they were three doors up the street, you know they were six blocks away where they shouldn't have been. Ok, kidding aside, the park idea is brilliant for those parents that want the semi-young group to explore on their own some while being able to have an idea where they are.
I would like to see this used in schools more (as the article covers in the other example) for attendance. The kids already have school id cards they wear or carry at most schools. Why not add some RFID for attendance and purchasing school lunches. They use a proximity reader and a PIN number and they have just bought lunch on their account. I like how the school uses it for attendance but I will let you read that.
Several users of the search engine's Gmail Web-based e-mail service noticed Tuesday that their storage limits had quietly been raised to 1 million megabytes, or 1 terabyte. That's four times the typical capacity of a new high-end PC's hard drive.
I wonder what would have happened if you found time to fill more than 1GB when they made the mistake. Would they delete your data or send nasty letters like a good Notes admin would to someone over their quota?
Yahoo has responded to this Gmail move by upping their space to 100MB over the current below 10MB that they offer. Who says friendly competition is dead?
- Enforce anti-relay policies and test your settings. Domino 6 now sets a default in the configuration documents to stop some basic relaying on your server, but if you migrated from a previous version of Domino, your previous settings are maintained.
- To learn how to quickly test your settings, see my previous e-Pro Magazine article on Troubleshooting Internet Messaging in Domino at e-ProMag.com, article ID 1999.
- Authenticate all users for relay privileges. You can choose not to authenticate local domain users, but if someone is forging an address then you’re defeating the purpose of this ability introduced in Domino 6 (you could do this previously but only if you locked the whole SMTP server down) The ability to modify these setting can be found in the Configuration document under the Router/SMTP – Restrictions and Controls – SMTP Inbound Controls – Inbound Relay Enforcement.
- Use blacklists to reduce that spam. Now that Domino 6 natively supports blacklists by adding them into the Server Configuration document’s DNS Blacklists Filter section, take advantage of the numerous free blacklist services that can be found!
- Understand whitelists and their purpose for mail management. Whitelists allow the administrator (or user, on local spam products) to allow certain messages to be allowed through your spam filters based on sender or domain If an address is on both a whitelist and a blacklist, the whitelist will win, causing the message to be delivered. Whitelisting is not available natively in Domino, but there are third-party tools available.
- Investigate purchasing a third-party spam filtering tool when Domino SMTP/Router and blacklists rules are not enough to reduce spam in your environment.
- Create SMTP/Router rules in the Server Configuration document for better enterprise mail management . You can deny, sort, and route mail based on server-side rules of subject, sender, importance, and even recipient count! There are many others, investigate these options! Remember server based rules effect everyone, not similar to mailfile rules users maintain on their own.
- Change the setting in the Server Configuration document to not allow mail for local domain recipients not found in the Domino Directory (Domino 6 only). Enabling this setting reduces the amount of dictionary-attack spam clogging your mail.box on the server by not accepting mail that is destined for unknown names.
- Try to use named groups or wildcard Server Configuration documents to control multiple servers at one time. This gives you consistent control over numerous servers to ease administration and to make sure each server responds the same for troubleshooting. Keep in mind there may be instances when a server will need specific configurations based on user needs, such as a server that needs specific domains or users to be blocked while still aloowing other servers to receive the same mail.
- Increase the number of mail.box databases on your system if you currently have only the default one (1). This allows faster processing of mail and increases performance (up to a certain point). Busy SMTP servers benefit greatly from an additional mail.box. It can consume resources if you allow the server to have too many. Best practices for the number of mail.box databases relies on server usage and mail load. Remember, too many mail.box databases can have adverse effects!
- Enable a maximum message size for mail messages. A mistake many enterprises make is not establishing a balance between business need and convenience. Is it convenient to accept 100MB messages via email? Of course it is! But does your business need large graphic packages or CAD drawings? If not, you need to evaluate a business need for a size limit. A majority of enterprises we deal with are very comfortable in the 15-20MB limit. This also saves disk space and prevents someone from sending a large attachment to multiple users, possibly bringing your system to a halt.
- Leave the default Configuration document settings that are created for each server. By default a new Configuration document does have an anti-relay setting, as I mention above, but everything else is left to the administrator to configure. There are great performance enhancements that can be found by understanding all the variables I am not able to fit here. I would suggest following the administration guide for a full description of each field and section.
- Simply enable the setting to check for connecting host names in DNS. Not all companies have correctly configured DNS, or their ISP does not allow reverse DNS entries for them. This will have your system denying their mail to you. While this is a very powerful feature at reducing spam, it immediately becomes noticeable that you will reject legitimate email.
- You can also very senders domain in DNS instead of the connecting host. By not checking the host in DNS (to protect false positives for ones that don’t allow reverse DNS), but instead checking the actual sender’s domain name, you can trim down unwanted emails that way also. A legitimate sender should have a DNS entry correct?
- Try to micro-manage who can and cannot receive Internet email. Maintaining that listing is a manual process that most administrators do not have time for. I have only seen a couple companies that had reasons to only allow mail to certain people or addresses.
No matter what you type, the chicken will attempt to do it for you. Hop on one leg, lay down, stand on one leg, watch TV, etc. Try typing do the hustle. Obscene suggestions are rewarded by the chicken coming close to the camera and making a no-no sign with his, er, fingers.
It just so happens that the developers were ready for you. You can read more here and even see the darn main-in-chicken suit here. Apparently they had 1 million hits in a day before the site even went public through announcements.
|What are the known Lotus Team Workplace (QuickPlace) 6.5.1 and Lotus Instant Messaging and Web Conferencing (Sametime) 6.5.1 issues addressed by the Domino 6.5.1 Interim Fix Pack 1?|
I would look for this to be out very quickly as people upgrade to the new versions. I would check this one out to see if you are having these issues already. Luckily we have not, be now we know to beware.
So off we go! RSS works once again!! Sorry you couldn't get all the missing posts from the 8th to the 21st. It won;t seem to kick those off, maybe resaving them might help.
Lotus Workplace requires an immutable ID in the LDAP directory to map Lotus Workplace member entries to LDAP person records. When a user first logs in, an id is assigned to the user. This id is used to retrieve user-specific information, such as the contact list, and is also used internally for Team Space and Web Conference Access Control. This id is used by Lotus Workplace as an internal representation of a user.
Now to take some info straight from a technote:
If the LDAP directory that you are using with Lotus Workplace already has an attribute whose value is unique, static, and never reused, you simply map that attribute to the extId attribute in Lotus Workplace. Most directory servers supported by Lotus Workplace products 1.1 have such an attribute, with the exception of Domino and IBM Directory Server 4.1. However, the default Websphere Member Manager settings for Lotus Workplace must be modified manually during installation in order to use this attribute for theLotus Domino, Novell, Sun, and Microsoft Active Directory. If you do not make these changes, some Workplace features will not operate properly, and you may see any or all of the following problems:
- Errors when creating Team spaces or Web conferences
- Inability to add members to a Team space or Web conference with restricted access
- Inability to add contacts to the My Contacts lists
- Loss of access to Lotus Workplace data when a user's name changes
If your directory server does not contain a suitable extId attribute, Lotus Workplace can be configured to generate one. This typically requires you to modify your LDAP schema.
So what you see is that there must be: this field in either your existing LDAP schema; you must generate it on the fly; and you might manually configure Workplace to work with certain types of directories. I see this process possibly getting easier in 2.0 or even sooner, but for now this step must be done.
This also has another feature, that when name changes are performed in things like Workplace Messaging, the system can do it 'lazy' in the background since the extId never changes!!!
|SPR Number||SPR Status||SPR Fixed Release|
|NTER5T2C7B||Resolved/Fixed||Lotus Workplace Messaging 1.1a|
|In IBM Lotus Workplace Messaging
1.1, you send a message with the To, CC, and BCC fields populated. You
go to the Sent folder and open the message, and then forward it. You
find, however, that the BCC recipient's name is displayed.
|This issue was reported to Lotus
software Quality Engineering and has been addressed in Workplace Messaging
Workaround: Manually remove the BCC recipient's name before forwarding the message.
- I tested on a Domino 6.5.1 server on a blank database that I quickly created. I removed myself entirely from the ACL, tried to get in and verified I was denied. I then used the admin client and enabled Full Access Administration (from yesterdays posting) and I was able to manage and get into the database. I then turned off Full Access Administration again and moved to the next step.
- I logged into a remote live console and tried to use a Set Config command and it generated an error right away
> set config SECURE_DISABLE_FULLADMIN=1
This system variable cannot be set via the server console. You must edit NOTES.INI to set this variable.
- So that was cool that you can't enable or disable it that way. Next step was to do it through a web browser and use the Edit the notes.ini feature.
02/20/2004 08:41:17 PM Agent message: 02/20/2004 08:41:17 PM Webadmin: Chris Miller remotely viewed file ':\Lotus\Domino\notes.ini'
02/20/2004 08:41:34 PM Agent message: 02/20/2004 08:41:34 PM Webadmin: Chris Miller remotely edited file ':\Lotus\Domino\notes.ini'
02/20/2004 08:41:34 PM Agent message: 02/20/2004 08:41:34 PM Webadmin: Chris Miller remotely viewed file ':\Lotus\Domino\notes.ini'
- This of course works well, so then I restarted the server. My concern was that you could come back and edit the notes.ini file again through the browser and change it back.
- But no such luck!! When you come back into webadmin.nsf the options to editthe notes.ini from the webadmin.nsf database are gone. The only way to reset it is physical access to the machine to set the variable to '0' or remove that line entirely.
So very cool on the security and access front. I had meant to fully test it even though I have implemented and used it per the documentation. But now I feel great about using it and controlling it. They have some guidelines and suggestions in the technote I referenced yesterday about account naming for use of this function. I don't agree with all of those, but they are there at least.
Let's visit technote #7003449
What Rights Do Full Access Administrators Have?
This is the highest level of administrative access to the server. Administrators who have full administrator access to the server have the following rights:
- All the rights granted to "Administrators", plus
- Manager access, with all roles and access privileges enabled, to all databases on the server, regardless of the database ACL settings
- Manager access, with all roles and access privileges enabled, to the Web Administrator database (WEBADMIN.NSF)
- Access to all documents within databases on the server, regardless of reader name field controls
- Unrestricted agent rights
- Overrides "Enforce a consistent ACL across all replicas" setting
- Supersedes directory link ACLs and .ACL files
Note: Full Access Admin does not allow access to read encrypted fields. In the case of mail encryption (and other documents encrypted using public keys), the specified user's private key is required to decrypt. In the case of document encryption using secret keys, the secret key is required to decrypt.
Disabling the feature via the Notes.ini
Customers can disable this feature by setting SECURE_DISABLE_FULLADMIN=1 in Notes.ini. When this value is set, the server will ignore any values in the Full Admin Access field in the server document. This parameter cannot be reset via a remote or local console or via the server configuration document. It can only be reset by editing the server's notes.ini file. It is constructed so that a site that wishes to disable this feature in a way that it cannot be reenabled without direct access to the server's file system can do so.
So I am unsure if one should create a separate id file as suggested in that technote or attempt to know when to use the toggle yourself.