HCL Domino Leap – Fixing Embedded Forms Issues After Updating to 1.1.5   

By Milan Matejic | 11/26/24 5:02 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

If you are embedding HCL Domino Leap Applications or Forms into portals and sites not hosted on the same Domino Server as Domino Leap, you might encounter issues due to the Content-Security-Policy (CSP) HTTP Response Header. Starting with HCL Domino Leap 1.1.5, a Strict CSP policy has been introduced.

Modern email protocols: DANE, MTA-STS and TLS-RPT  

By Martijn de Jong | 11/8/24 3:47 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

n my recent OpenNTF webinar on modern E-mail Server operations, I covered several SMTP-related protocols like DKIM, SPF, and DMARC. However, with ongoing efforts to enhance the security of SMTP, new protocols have emerged, and these are the focus of this article. Two weeks after my OpenNTF presentation, my former colleague Erwin Stamer, contacted me regarding the DANE status of my domain as it was yellow instead of green. He was looking at the status of my domain as they were implementing it at his employer (a large Dutch bank) and was looking for an example. I must admit that I initially had no idea what DANE was, but as it was in line with my presentation, I dived into it. DANE, MTA-STS and TLS-RPT all work together, but let’s look at them separately.

Notes intermittently hangs or opens mail or other database slowly after 30 minutes of inactivity  

By Daniel Nashed | 10/28/24 2:20 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Notes intermittently hangs or opens mail or other database slowly after 30 minutes of inactivity This might help you in some network situations and it came up today in the OpenNTF Discord chat. TCP/IP keep alive is a functionality in the network stack to tell the server's TCP/IP stack and also the active components like firewalls, VPNs etc, that your session is still alive -- even the application is not sending any data. The Windows default keep interval is 2 hours. This Windows sends a keep alive for a TCP/IP session only. Linux and MacOS have a default keep alive interval of 75 seconds, which is a much more reasonable default. On Windows you can change the value by adding a new registry value, specifying a shorter keep alive interval in milliseconds. A good default value would be 75 seconds like on Linux and MacOS.

Key Rollover vs Certifier rollover  

By Daniel Nashed | 10/28/24 2:18 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

This is probably a topic many admins never really looked into and you might still run with your very old 630 key size. Key size and certificate key size play an important role in your security and you should be aware of it. Key Rollover Rolling over keys is a quite normal operation. It's a best practice to rotate keys at least when the recommended key strength changed. Rolling over a key is client side initiated but requires an admin action. Certifier Rollover When rolling over certifiers you are creating a new key for your certifier and sign it with the right signing ID. For your organization certifier this will be the organization certifier itself which signs itself. Once that operation completes you have to re-sign all OU certifiers, server IDs and Notes.IDs step by step in this order. You also have to take care of all cross certificates, Vault trust certificates. The process is quite complex and needs planning:

Upgrading OnTime in a container | Roberto Boccadoro  

By Roberto Boccadoro | 10/25/24 5:32 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Running Domino in a container is becoming more and more popular in these days. I assume the reader is familiar with the topic, I am not going to explain how to create and run a Domino container. If you want to know more about Domino containers watch the replay of the webinar that Martijn did for OpenNTF and read his presentation. OnTime is included in Domino, starting with Release 14, is a great tool and I encourage my readers to use it, the version included in Domino is free and very powerful. The issue is that Intravision, creates new releases of OnTime faster that HCL creates new releases of Domino, which is obviously understandable. For example the OnTime version included in Domino is 11.1, but the most recent is 11.5. Hence if you want to keep updated your environment, you need to upgrade OnTime. That is easy if you run Domino on Windows or Linux native, but what if you run Domino in a container ?

Check the minimum client version for your Notes application  

By Daniel Nashed | 10/25/24 3:12 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Notes provides new functionality in Lotus Script and there also Java classes added to the client. Lotus Script Named documents have been introduced in Notes/Domino 12.0.1. I have just written an application which needs a Java class which is introduced in Notes 12.0.2 as it turned out. So I came up with a simple check I am going to add to all my applications which use more current functionality. You can drop this code into the PostOpen script of any database and switch to the right constant

Using Custom DNS Configurations With CertMgr  

By Jesse Gallagher | 10/25/24 3:10 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

The most common way that I expect people use Domino's CertMgr/certstore.nsf is to use Let's Encrypt with the default HTTP-based validation. This is very common in other products too and usually works great, but there are cases when it's not what you want. I hit two recently. Domino's CertMgr can handle those DNS challenges just fine, though, and the HCL-TECH-SOFTWARE/domino-cert-manager project on GitHub contains configuration documents for several common providers/protocols. For historical reasons (namely: I didn't like Network Solutions in 2000), I use joker.com as my registrar, and they're not in the default list. Indeed, it seems like their support for this process is very much a "oh geez, everyone's asking us for this, so let's hack something together" sort of thing. Fortunately, the configuration docs are adaptable with formula (and other methods) - I'll spare you the troubleshooting details and get to the specifics.

Domino Container image custom add-on support enhancements  

By Daniel Nashed | 10/14/24 3:19 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

There is a custom add-on functionality Martijn and Roberto just blogged about this week. https://blog.martdj.nl/2024/10/10/building-custom-add-ons-for-your-domino-container-image/ https://www.robertoboccadoro.com/2024/10/10/upgrading-ontime-in-a-container/ This was the missing trigger for me to look into it again. It's a quite new functionality which wasn't fully documented yet. Documentation I have added a new documentation mark down page-->https://opensource.hcltechsw.com/domino-container/concept_custom_addons/

Building custom add-ons for your Domino container image – Martijn's Blog  

By Martijn de Jong | 10/14/24 3:18 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

This is a post that I thought I had already written, but I realised today that I hadn’t. It’s about a feature that Daniel Nashed added to the Domino container community project in the past year and that I showed in my presentations on the Domino container project at Engage and OpenNTF. But apparently, apart from that, Daniel and I never documented it. So here it is. The documentation on how to create your own custom add-on packages for your Domino container image.

Installing Domino REST API in an existing Domino container server – Martijn's Blog  

By Martijn de Jong | 10/3/24 1:18 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

The Domino REST API, a.k.a. DRAPI, is a requirement for running HCL Volt MX Go. On a native Domino server, it’s an add-on that you can install. The installation will install files in both a special install directory, the Domino program directory and the Domino data directory. On a Domino server using Domino container images, you need a Domino image with the REST API included. After all, the Domino program directory is not persistent, which means that any addition to this directory that was added in the container and not in the image, is lost when the Domino container is stopped and restarted. Something that happens whenever you reboot the host machine. Luckily, the Domino container community image build tool includes the Domino REST API in the build menu, so it’s easy to add.

Linux LSOF is causing 100% CPU load inside a container in some configurations  

By Daniel Nashed | 10/2/24 4:34 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Linux LSOF is causing 100% CPU load inside a container in some configurations https://blog.nashcom.de/nashcomblog.nsf/dx/ https://blog.nashcom.de/nashcomblog.nsf/feed.rss RSS - Daniel Nashed's Blog Daniel Nashed's Blog Daniel Nashed Linux LSOF is causing 100% CPU load inside a container in some configurations Linux Domino Container width=device-width, initial-scale=1.0, minimum-scale=1.0 Daniel Nashed's Blog ../nashcom.css ../dx/imprint.htm Imprint Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ... Search Search Search Search alt Daniel Nashed # Tags Tag: 64Bit ../archive?openview&title=64Bit&type=cat&cat=64Bit 64Bit Tag: ACME ../archive?openview&title=ACME&type=cat&cat=ACME ACME Tag: ACME HTTP-01 ../archive?openview&title=ACME%20HTTP-01&type=cat&cat=ACME%20HTTP-01 ACME HTTP-01 Tag: ADFS ../archive?openview&title=ADFS&type=cat&cat=ADFS ADFS Tag: AdminCentral ../archive?openview&title=AdminCentral&type=cat&cat=AdminCentral AdminCentral Tag: AIX ../archive?openvie

Disabling XPages if not needed reduces open files and HTTP start/stop time  

By Daniel Nashed | 9/30/24 4:30 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

While working on setup automation I often ran into HTTP startup challenges. It can take up to 40-50 seconds until the HTTP task is started. If you look at open files, you notice that each thread has more than 70 files open. This sums up to up quite some files and the HTTP server start/stop time is much slower. In case you don't use XPages there is a simple switch to disable the XPages run-time and only load the standard Java components. notes.ini INotesDisableXPageCMD=1 I first had the impression Java in general would cause overhead on start. But my tests drilled down to XPages/OSGI.

Domino 14.0 FP2 IF1 installer might fail on new machines -- VCRUNTIME140 32bit is missing  

By Daniel Nashed | 9/24/24 1:06 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

I ran into this today when testing and got a customer reporting this one hour later. So it was easy to reply with a root cause and solution. Domino is a 64bit application. Therefore the Windows run-time installed with the Domino release installer is 64bit only. The Fixpack installer has no VC runtime requirements. But it turns out the hotfix installer, which is also used for interim fixes is also a 32bit installer and has VC dependencies.

Domino does not shutdown cleanly when Windows is rebooted or shutdown  

By Daniel Nashed | 9/11/24 6:23 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

When stopping the Domino service manually, the Windows service control manager (SCM) waits sufficient time to shutdown Domino cleanly. But it turns out a Windows shutdown or reboot does not wait sufficient time for service termination. This is critical because it would kill running Domino processes without notice. Even with transaction log enabled, this isn't a desirable situation.

How to find out what is eating my disk space on Linux?  

By Daniel Nashed | 9/11/24 6:22 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

If you don't know the Linux tool ncdu, this will make your day. The tool by default scans from where you are or any directory you specify. Specially when running on WSL you might want to use excludes. On top there is a delete option, which can be quite helpful when you find large files you don't need. I am using it for years and it did safe my IT life more than once. And it is very fast...

You don't have to overwrite your Command when pasting into the Domino Console  

By Cormac McCarthy | 8/31/24 3:35 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

While having a look at the HCL Domino Portal ideas portal the other week I came across something I was going to vote for, namely Paste (using CTRL+V) in the Server Console “Domino Command” input field should not remove existing content in that input field. Just as I was about to hit the vote button, I read the comments. Someone had helpfully put in the solution

Silent HCL Notes 32 bit to 64 bit upgrade changes - Domino People  

By Cormac McCarthy | 8/27/24 9:59 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

HCL have recently published one of the “gotchas” around upgrading from 32 bit to 64 bit Notes. I came across this again and thought it worth sharing. When upgrading Notes 32 bit to 64 bit via command line/scripting/third party install tool (basically anywhere you’re running silently) the syntax for PROGDIR and DATADIR changes to PROGDIRW64 and DATADIRW64.

Problem when uploading ID file to Vault with Admin Client 14.x to Domino 12.0.1.x   

By Rainer Brandl | 8/27/24 9:57 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Today I had the problem that a customer complained about the problem of uploading the ID of a new registered user to an existing vault. I could see the following entries in the local log.nsf:27.08.2024 11:03:00 ID 'C:\HCL\Notes\Data\user\testuser1.id' failed to upload to vault 'O=customer_vault' on server 'CN=SERVER01/O=SRV'. 'Test User1' made request. Error: Remote system no longer responding After opening a case I received the link to a TechNote where a problem with Admin Client V14.x and HCL Domino 12.0.1.x is documented. I afterwards modified the setting in the NOTES.INI of the client and now the upload of the ID for the newly registered user is working fine !!! Be aware to put the setting “TCPIP=TCP,0,15,16000” only in the NOTES.INI of a V14 client !!! If you set this value in a NOTES.INI of V12, the client will not startup and will cause serious troubles !!!

Does TOTP Work for users in a Secondary Directory via DA  

By Keith Brooks | 8/21/24 6:43 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Like many of our customers, a customer has a large external user community relying on their applications. We have about 7,000 external customers. Some are undoubtedly old customers, but 7,000 is a lot of people. Previously, I wrote about how to bulk add these people into your ID Vault, and that was all fine and good where we have only one names.nsf for everyone and everything. We may have had 2-3 servers in that org. Now, the 7,000 are in a secondary external names.nsf via DA (Directory Assistance). The Problem 1) How do you register and maintain the people in a secondary Directory? 2) Does the DA even work with TOTP?

HCL Domino TOTP & Passkey authentication   

By Rainer Brandl | 8/19/24 7:45 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

In a customer environment I have enabled the great working TOTP authentication. After migration the environment to Domino V14 I also enabled the Passkey authentication in the same Internet Site document.Afterwards neither TOTP authentication nor Passkey Authentication worked. A clarification of the HCL Support delivered the following information: You cannot enable both authentication types for the same internet site document !!

Route HCL Traveler mail to your internal scanner  

By Remco Angioni | 8/8/24 7:28 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Companies normally scan mail only on the first Domino SMTP server, not on all servers. For HCL Traveler server, this could be a problem because your external and mobile device can be infected with ransom-ware or a virus. This way it can harm you organization. How to check all mails coming from HCL Traveler servers using your already running and active scanner?

Domino One Touch Setup (OTS) advanced examples and helpers  

By Daniel Nashed | 7/29/24 3:22 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

OTS is a very powerful and flexible feature of Domino 12+ which has been extended in each dot release since then. I am OTS a lot in the container world. But it also works on Windows. It perfectly fits into the container world. And we added a couple of integration points into the container image. Because I got a couple of questions I wrote up some examples, related information and also an Lotus Script agent to extend the functionality. The agent is intended to be an example how to wrote own integrations and also to leverage and extend the existing agent for own needs.

Pretty-Printing JSON in the (Desktop) Notes Client and Domino  

By Jesse Gallagher | 7/29/24 3:21 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

In the OpenNTF Discord (join if you haven't!), Daniel Nashed brought up a task he was facing: in the Notes client, writing pretty-printed JSON. LotusScript has its NotesJSON* classes that can process JSON in their stark way, but the stringify output is meant for machine reading and doesn't include whitespace and line breaks, making it ill-suited for things like configuration files or other things a human might read or edit. Since the goal is to get it working in the full Notes client and not Nomad, Java is on the table, but Java - for dumb historical reasons - has no proper built-in JSON library. However, as of 12.something HCL shunted IBM Commons down to the global classpath in order to support the "share Java design elements between XPages and agents" feature. Among many other things, IBM Commons includes a JSON library that can suit. I wrote a post almost a decade ago talking about this library and its limited nature, but it's nonetheless less limited than the LotusScript classes, and it's up to the task. There are a couple ways to go about this, depending on your needs, but for now I'll just cover the basic case here of "I have a string of JSON and want to format it".

Pretty-Printing JSON in Notes Client and Domino  

By Daniel Nashed | 7/29/24 3:20 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

The Lotus Script class for reading and writing JSON is that easy. There are not many examples and some functionality is missing. JSON can be either condensed without any new lines and indentation. That's great when you use it for back-end processing or REST services. Why is pretty printing important But in some cases you need pretty formatted JSON. Specially when you want to maintain it manually and extend it. For example for Domino OTS JSON files :-) When you use JSON based configuration pretty printed JSON is very helpful. Condensed JSON is also difficult to check into Git. Everything looks modified when it is a single line.

HCL Nomad server 1.0.12 IF1 shipped with same file name than 1.0.12  

By Daniel Nashed | 7/22/24 6:13 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Nomad 1.0.12 has been replaced with a 1.0.2 IF1 version. MHS has only the new version. The old version can't be downloaded any more. But they left the file names the same. So you can't distinct the files by name once you downloaded them. So you have to delete the old file and re-download it. The same file name with a different content (resulting in a different hash and size), breaks automation. For example it broke the Domino container build automation.

Mindoo - Domino JNA Virtual Views: The Next Step in Domino Data Retrieval  

By Karsten Lehmann | 7/14/24 7:09 AM | Infrastructure - Notes / Domino | Added by Serdar Basegmez

In the previous two articles, "The pain of reading data as a Domino developer - and solutions" and "Overview of Domino Data Retrieval: Exploring NSF Search, DQL, Domino Views, and the QueryResultsProcessor", we explored the challenges and solutions for efficiently accessing and processing data in Domino.

Mindoo - Overview of Domino Data Retrieval: Exploring NSF search, DQL, Domino Views and the QueryResultsProcessor  

By Karsten Lehmann | 7/14/24 7:08 AM | Infrastructure - Notes / Domino | Added by Serdar Basegmez

As you read in the previous article "The pain of reading data as a Domino developer - and solutions", looking up data on Domino is not as easy as it seems - especially compared to other platforms like SQL. Let's explore the available options.

Running Domino Windows container image on Windows 2022  

By Daniel Nashed | 7/8/24 1:43 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Two years ago I have been looking into Domino in a Windows container already. The main purpose was to understand the technology and if this makes sense to be used in general. IMHO container technology is mainly helpful on Linux. Containers on Linux use core OS level functionality, which is part of the Linux kernel. Only Linux makes sense for production use for me. But a Windows container can be a great test environment for automation testing and other test use cases. I revisited my container build on Windows this weekend and first updated it to Domino 14 and also updated all involved tooling like 7Zip. In addition I looked into how I could leverage a Windows container image for testing.

New Nomad Server features -- ACME HTTP-01 challenge support & HTTP redirects via port 9080  

By Daniel Nashed | 7/8/24 1:42 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

There are two new features in the latest Nomad Server versions, introduced to Nomad Server without big notice. I just got the question from a partner why Nomad Server now binds port 9080 in addition to port 9443 and the internal communication port (only loop back). The port might be used by other applications like the IBM Spectrum Protect (TDP) -- which was the problem in this customer case. It turns out the TDP Java based restore GUI and does not work in combination without changing or disabling the port.

An Admin Present You Didn't Know You Needed  

By Keith Brooks | 7/4/24 7:41 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

About 2 weeks ago, I gave an impromptu webinar for Openntf.org as a last-minute fill-in. Openntf, for those that don't know, is the Notes/Domino+ community, where devs, admins, business people, HCL, and others share code and ideas, templates, and projects for the benefit of the greater worldwide community. I wanted to inform people that monitoring Tasks in the Administrator client has some changes. Why is this important? Because unless you are a 1 server company, you have a lot of information to remember, such as: How do you know if DBMT ran? How do you know which server Certmgr runs on? Which web server do you run the Domino REST API on? Which server handles your Backups and Restores, presuming you leverage the v14 options? Is NOMAD running? Is your DirSync working? Are you sure the awesome OnTime Group calendar is running? Have you enabled Aautoupdate yet? One look and you know. Intriguing questions, right?