How to use Domino OTS on Kubernetes to import an existing TLS Certificate  

By Daniel Nashed | 5/30/23 12:05 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Domino One Touch Setup has been designed with flexibility in mind, with special focus on getting a server up in a secure way. On Docker you can just mount PEM files into the container. On Kubernetes TLS Certificates and Keys are stored in secrets. Personally I am not a big fan of storing PEM files on disk. But you could at least set a password on the PEM file you import. Here is a basic example how to create a secret on K8s and reference it in OTS. Even the simple environment variable setup supports the security settings for CertMgr. Of course the same functionality is also available with the more flexible JSON based configuration.

Importing trusted MicroCA Roots for a Nomad Lab environment  

By Daniel Nashed | 5/29/23 12:39 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Yesterday I worked on a lab configuration based on Windows Sandbox, Domino and Nomad Web. The biggest challenge is to have a trusted certificate for Nomad Web. Nomad Server running with the Micro CA A Nomad Server can use Domino CertMgr Micro CA Certs. But the root is not trusted in your browser. I took a closer look and came up with a simple solution. which makes the import dramatically easier. No more searching for the right trust store and handling PEM files manually.

XPages JEE 2.12.0: JNoSQL Views and PrimeFaces Support  

By Jesse Gallagher | 5/29/23 12:36 AM | Development - Notes / Domino | Added by Roberto Boccadoro

Last week, I put up version 2.12.0 of the XPages JEE Support project. Beyond the usual fit-and-finish bits here and there, there are two main improvements in this release. Jakarta NoSQL Views Jakarta Faces and PrimeFaces

Get prepared for Notes/Domino V14 Early Access Code Drop 1  

By Daniel Nashed | 5/26/23 9:32 AM | Business - Events / People | Added by Oliver Busse

You can get hands on experience with Notes/Domino V14 end of this month. Here are some tips to get prepared. All of the software is only intended for non-production use! So you should prepare a VM to get started. But you should really take a look and have a try. Specially for business partners this is a call for action to test their applications with the updated back-end components. As announced earlier Notes/Domino moved to up to date compilers and a newer Java version. Also the client is 64bit only. I hope to see many of you in the EAP forum or at DNUG conference face to face.

Tuning Domino Servers for TLS sessions  

By Daniel Nashed | 5/24/23 2:13 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

My previous post was mainly about HTTP traffic and I mentioned TLS/SSL don't use the maximum number of connections settings, because they have a SSL/TLS session. Establishing a new TLS session has significant overhead! And you have to make sure in any application, that those sessions are cached and resumed. I revisited a blog post from 2012 where I explained a fix, which went into 8.5.3. And was enabled in 8.5.4 by default (which turned into the 9.0 release when shipped as far I recall). There was an issue with the session cache and a new cache had been implemented in 8.5.3. Today the new cache is the default and SSL_USE_ADDSESSION2=1 does not exist any more.

HCL Connections Mail Plug-in Deployment – Missing Information in the Documentation   

By Milan Matejic | 5/23/23 12:18 AM | Infrastructure - Connections | Added by Roberto Boccadoro

If you are planning to deploy the HCL Connections Mail Plug-in, take note of the KB0092821 knowledge base article. This is a mandatory step that must be done in HCL Connections 8 CR1 and newer environments. If the steps described in KB0092821 article are not followed, you will get the following error message in the browser console: Error: Unable to load https://<mailserver_hostname&gt; status: 403

Domino on CentOS/RHEL compatible Linux - Timezone issues  

By Oliver Busse | 5/19/23 1:34 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

With a new customer server we stumbled upon a strange behaviour using our low-code platform Aveedo we never saw before. We created the server at Hetzner using the Rocky 9 base installation. Rocky is binary compatible with RHEL and should be used in favour of CentOS in general as it is newer and still maintained.

Build mongodb5 image for Component Pack with Buildah  

By Christoph Stoettner | 5/17/23 7:14 AM | Infrastructure - Connections | Added by Wannes Rams

Build Mongodb5 Image For Component Pack With Buildah

Workspace all grey - no icons - workaround  

By Jesper Kiær | 5/17/23 6:30 AM | Infrastructure - Notes / Domino | Added by Oliver Busse

If you are running Notes 12.0.2 or higher you will for sure at some point run into an error were the workspace tabs fills out the entire workspace and you can not access you workspace database icons no more. There is nothing you can do in the UI to fix it. The problem is due to a new setting in the notes.ini and and is easy fixable, if you know what to fix

Attachment is missing from meeting invitation  

By Rainer Brandl | 5/11/23 1:53 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Today I received an information from a friend at HCL (a.k.a. "Wickerl" ) that attachments get lost when sending a meeting invitation to another Domino Domain. In the HCL Software Forum a user complained that this issue also occurs when sending a meeting invitation to external users.This issue is described in SPR # SJOICG3K9F.

HCL Domino 12.0.2: removed user-maildatabase in a cluster symmetry configuration is repaired after removed on 1 server.  

By Remco Angioni | 5/8/23 1:01 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

n HCL Domino 12.0.2 we discovered that when we delete users, some maildatabases are repaired back to the home/mail Domino server……running on Windows servers. Like all of you know, when removing a user from a clustered Domino environment, the cldbdir entry for that database is altered to REPAIR:DISABLED. Repair is not allowed for that database. We raised a ticket because we noticed, ofcourse, that this was not the case for some users we removed. The database was repaired from another clustermember. This left us with 2 maildatabases and NO persondocument.

Domino Server: Let adminp handle renames in maildatabases, but don’t delete users in name fields.  

By Remco Angioni | 5/5/23 1:26 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Ever wondered why adminp treats a deletion the same as a rename when you have set the Administration Server Action to Modify all Names fields? Well, I did. I can imagine why a rename should be performed on all mail and calendar items, but a user deletion?????? Why you want that to happen at all?Why remove the evidence that someone have sent me an email or have sent me a meeting request? It doesn’t make sense at all to me. That’s why I was searching for a way to tell Domino not to delete users in names fields, just renames when using adminp in maildatabases. And there it is, the solution.

The Loose Roadmap for XPages Jakarta EE Support  

By Jesse Gallagher | 5/5/23 1:23 AM | Development - Notes / Domino | Added by Roberto Boccadoro

At Engage, HCL officially announced Java 17 in Domino 14 (I'm sure they announced other things too, but I have my priorities). This will allow me to do a lot in pretty much all of my projects, but it's particularly pertinent to XPages JEE. Currently, the project targets generally Jakarta EE 9, which came out in late 2020 and was "just" a switch from javax.* to jakarta.*, with no official new features. However, Jakarta EE 10 came out a year ago - in addition to bringing a raft of new features, it also bumped the minimum Java version to Java 11, pushing it outside of Domino's realm. Accordingly, I've had to hold off on a lot of major- and minor-version bumps in the XPages JEE project as new releases started being compiled for Java 11. Once V14 is out, though, I'll be able to move to the current JEE platform... at least until JEE 11 comes out next year and requires Java 21, anyway. So I've been working on how I'm going to approach this, and what I'm thinking is that I'll do it in two phases: first, a final 2.x release that provides Java 17/Domino 14 compatibility for existing components, and then a new 3.x breaking-changes release to bring in Jakarta EE 10 components.

In Development: Containerized Builds in NSF ODP  

By Jesse Gallagher | 5/2/23 2:04 AM | Development - Notes / Domino | Added by Roberto Boccadoro

Most of my active development happens macOS-side - I'll periodically use Designer in Windows when necessary, but otherwise I'll jump through a tremendous number of hoops to keep things in the Mac realm. The biggest example of this is the NSF ODP Tooling, born from my annoyance with syncing ODPs in Designer and expanded to add some pleasantries for working with ODPs directly in normal Eclipse. Over the last few years, though, the process of compiling NSFs on macOS has gotten kind of... melty. Apple's progressive locking-down of traditional native loading mechanisms and the general weirdness of the Notes package and its embedded non-JDK JVM have made things get a little weird. I always end up with a configuration that can work, but it's rough going for sure.

XPages JEE 2.11.0 and the Javadoc Provider  

By Jesse Gallagher | 4/21/23 4:11 AM | Development - Notes / Domino | Added by Roberto Boccadoro

Yesterday, I put two releases up on OpenNTF, and I figure it'd be worth mentioning them here. The first is a new version of the XPages Jakarta EE Support project. As with the last few, this one is mostly iterative, focusing on consolidation and bug fixes, but it added a couple neat features. The second one is a new project, the XPages Javadoc Provider. This is a teeny-tiny project, though, not even containing any Java code.

Creating V2 style attachments  

By Andre Guirard | 4/15/23 4:59 PM | Development - Notes / Domino | Added by Oliver Busse

I thought to try attaching the files to a hidden rich text item — one that’s not on the form — and then deleting the rich text item, leaving just the attachments. But LotusScript is too smart for that — when you delete rich text items it also deletes the $FILE items to which they refer.

New Defect Article – Verse on Android can’t sync any emails  

By Andreas Ponte | 4/12/23 11:45 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Various users reported that sync of email/calendar was not working anymore withAndroid devices. The log shows this error: “Error: Sync session XXXXXXX isoutdated and no longer valid. I found the following “brand new” defect article from HCL, explaining the problem. https://support.hcltechsw.com/csm?id=kb_article&sys_id=ac3decf21b066590574121f7ec4bcb8a

Dipping My Feet Into DKIM and DMARC  

By Jesse Gallagher | 4/11/23 3:19 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

For a very long time now, I've had my mail set up in a grandfathered-in free Google Whatever-It's-Called-Now account, which, despite its creepiness, serves me well. It's readily supported by everything and it takes almost all of the mail-hosting hassle out of my hands. Not all of the hassle, though, and over the past couple weeks I decided that I should look into configuring DKIM and DMARC, first for my personal mail and (if it doesn't blow up) for my company mail. I had set up SPF a couple years back, and I figured it was high time to finish the rest. As with any admin-related post, keep in mind that I'm just tinkering with this stuff. I Am Not A Lawyer, and so forth.

Debugging program crashes with gdb on Linux  

By Daniel Nashed | 4/10/23 9:37 AM | Development - Notes / Domino | Added by Roberto Boccadoro

This bugged me for a while because I had no idea what was happening. One of my OpenSSL-based tools in C crashed once in a while. I was only able to find out once wrote my own small tool to check the server listener of my other application. The crash happened very intermittently in different places when I opened and closed the connection very quickly. Adding a delay of 1 ms stopped the crash. But if you are running a service on the internet with port scanners around, you better find out in detail. It turned out to be the SIGPIPE event causing my program to terminate. But the interesting part is how I found out about the crash.

TLS/SSL Cipher Troubleshooting  

By Daniel Nashed | 4/10/23 9:35 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Every Domino release adds more TLS ciphers to the weak list to ensure poper security. We can expect the next versions also to have less ciphers available. Domino ensures for clients and servers, that the list of ciphers provided is safe. In addition the default behavior is that the server decides the order of ciphers to pick. And only allows secure renegotiation to prevent the client to pick a less secure cipher. Usually this doesn't cause a lot of trouble for inbound connections. Modern browsers support modern ciphers. But outgoing connections for LDAP and ICAP could be a challenge. I had to look into an ICAP connection problem this week. To demonstrate how the TLS handshake works, I wrote a small OpenSSL demo program in C. This turned into a quite flexible troubleshooting tool over the weekend.

Issues configuring the Sharepoint widget for Communities  

By Wannes Rams | 4/6/23 11:49 AM | Infrastructure - Connections | Added by Wannes Rams

On a recent deployment of HCL Connections I struggled getting the SharePoint widget to work.

Spam score testing tool and tip how to increase your rating  

By Vladislav Tatarincev | 4/5/23 10:44 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

I was working in one environment which had average spam rating and many emails that this eligible company sent have not reached intended destination. Colleague of mine suggested my a site Mail-tester.com. idea is simple, you sent a mail and gives you score how to improve. long story short, after some time we improved from 6 to 10 from maximum 10 possible. Free version allow 4 mails per day which might be sufficient if you dont do too many changes per day.

Picking the right Linux Distribution  

By Daniel Nashed | 4/5/23 10:42 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

There isn't one best or right distribution in general. There are many variations. For example Redhat/CentOS based platforms have flavors like Rocky and Alma Linux. The HCL Domino community project looks into many possible combinations as the base image --> https://opensource.hcltechsw.com/domino-container/concept_environments/ There are basically three different main flavors with different toppings: - Redhat/CentOS based (with yum and dnf in later versions to manage packages) - Ubuntu/Debian (with apt to manage packages) - SUSE Enterprise/Leap etc. (with zypper to manage packages) The right distribution is really depending on your needs.

Sametime monitoring dashboard on Docker  

By Roberto Boccadoro | 4/3/23 6:25 AM | Infrastructure - Sametime | Added by Oliver Busse

Sametime 12.0.1 introduced a new feature, a monitoring dashboard based on Grafana. But on Docker it was not working, in various panels, for example those related to meetings it showed “no data”. Some of us reported this to HCL and they told that a fix would be provided for FP1.

Categorised view problem in Domino Nomad Web 1.07  

By Sean Cull | 4/3/23 5:54 AM | Development - Notes / Domino | Added by Oliver Busse

We upgraded some servers to nomad Web 1.07 over the weekend but had to revert to 1.06 after a bug appeared. On first inspection it looked like a reader / author field issue but it was not. View robustness, an absolutely fundamental requirement, seem to be challenging.

Certificate Store: Submit vs Save  

By Martijn de Jong | 3/30/23 2:39 AM | Infrastructure - Notes / Domino | Added by Oliver Busse

I regularly receive question about the Certificate Store and CertMgr, which made me realise that there’s a lot of confusion around the Submit Request and the Save & Close buttons in the store and when to use what. Time for an article to hopefully solve some of that confusion.

Quick Tip: Stashing Log Files From Domino Testcontainers  

By Jesse Gallagher | 3/29/23 3:55 AM | Development - Notes / Domino | Added by Roberto Boccadoro

I've been doing a little future-proofing in the XPages Jakarta EE project lately and bumped against a common pitfall in my test setup: since I create a fresh Domino Testcontainer with each run, diagnostic information like the XPages log files are destroyed at the end of each test-suite execution.

HCL Notes – Swiftfile Not Working as Expected   

By Milan Matejic | 3/29/23 3:53 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

When using the "preview pane" in HCL Notes, and clicking on a folder, suggested by SwiftFile, the "move to folder" dialogue would sometimes come up. This was happening to my client, in about 1 of 20 cases

HCL Connections 8 – PDF Export Issues After Installing CNX in a Clustered WAS Environment   

By Milan Matejic | 3/24/23 5:12 AM | Infrastructure - Connections | Added by Roberto Boccadoro

Recently I encountered an issue with PDF Export, right after the installation of HCL Connections applications in a multi-node, clustered, IBM WebSphere Application Server environment. This problem only occurs in a multi-node WAS environment. In the HCL Connections GUI, in the “PDF Export Access” settings of the”Edit Community” menu (Community –> Community Actions –> Edit Community –> PDF Export Access), the following error was displayed: Error 500: org.springframework.web.util.NestedServletException: Handler dispatch failed; nested exception is java.lang.NoClassDefFoundError: com/ibm/ess/ic/ic360/security/tai/Ic360ImpersonateUserTAI

HCL Verse on Premises and HTTP error 404   

By Rainer Brandl | 3/23/23 3:00 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Today I implemented VoP on a Domino Server running on an iSeries like the "implementation" always is done. But afterwards I received an HTTP error 404 when trying to open the URL https://mailserver.company.com/verse.After some rechecks ( did I put the JAR files to the correct location and did I modify the owner ) I recreated the redirect database, rechecked the server configuration but could not get rid of this issue.