Notes / Domino
HCL Verse on Premises and HTTP error 404 
By Rainer Brandl | 3/23/23 3:00 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Today I implemented VoP on a Domino Server running on an iSeries like the "implementation" always is done. But afterwards I received an HTTP error 404 when trying to open the URL https://mailserver.company.com/verse.After some rechecks ( did I put the JAR files to the correct location and did I modify the owner ) I recreated the redirect database, rechecked the server configuration but could not get rid of this issue.
New C3UG video: Low-Code with Tooljet using the HCL Domino REST APIs
By C3UG | 3/15/23 4:26 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
This is a video about the new HCL Domino REST APIs in conjunction with the open source low code development environment "Tooljet". I do an intro to both systems and a (lengthy) demo, showing how to set up access to HCL Domino using the new REST APIs on Domino 12 and to get the data into data tables in a ToolJet project.
On Domino thread IDs and Linux/Windows process IDs
By Martijn de Jong | 3/1/23 9:53 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
A short tip on something which many people are probably not aware of, but which can be a huge time saver when you’re troubleshooting a Domino problem.
As an example, see this error message from a Domino log:
[062372:000014-00007F8001776700] 28/02/2023 13:16:20 CertStore: Error opening CertStore database [CN=PROD02/OU=SRV/O=ACME!!certstore.nsf] : The server is not responding. The server may be down or you may be experiencing network or VPN problems. Contact your system administrator if this problem persists.
[062372:000014-00007F8001776700] 28/02/2023 13:16:20 CertStore: Error opening CertStore on [CN=PROD02/OU=SRV/O=ACME] : The server is not responding. The server may be down or you may be experiencing network or VPN problems. Contact your system administrator if this problem persists.
Your first hunch might be that this is an error that’s caused by the CertMgr process. It’s related to the Certificate Store after all. But is this really the case?
HCL Nomad Web – User moved to another Domino Server
By Rainer Brandl | 2/23/23 3:44 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Today I had the issue that a user could not successfully complete the initial setup of HCL Nomad Web. The user always received the following error message: Afterwards I checked the result of the LDAP request for the home server which looked fine and the Domino Server also was available. So what could cause this error message ?
CAUSE: the user was moved to another mail server some days ago !!
width=device-width, initial-scale=1 http://gmpg.org/xfn/11 HCL Nomad Web – User moved to another Domino Server – Tips and News for Collaboration solutions max-image-preview:large //s1.wp.com //s0.wp.com //s2.wp.com //blogbyrainer.wordpress.com //wordpress.com //fonts-api.wp.com https://fonts.gstatic.com Tips and News for Collaboration solutions » Feed https://brandlrainer.info/feed/ Tips and News for Collaboration solutions » Comments Feed https://brandlrainer.info/comments/feed/ Tips and News for Collaboration solutions » HCL Nomad Web – User moved to another Domino Server Comments Feed https://brandlrainer.info/2023/02/22/hcl-nomad-web-user-moved-to-another-domino-server/fe
Domino 12.0.2 SAML Not Sending User to Originating URL
By Ted Hardenburgh | 2/23/23 3:43 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Fresh off the press is a new Knowledge Base article at HCL that describes an event where a user authenticating via SAML is not being sent to the originally requested URL after authentication, but is sent to the home URL for the site. This affects new or upgraded Domino 12.0.2 servers.
The cause for this is the new default setting for samesite=strict that is added to the relay state cookie. The notes.ini setting DOMINO_RELAY_COOKIE_SAMESITE=0 will resolve this issue after restarting Domino.
SVG Images not working in older Domino releases
By Fredrik Norling | 2/17/23 4:26 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
By default svg images doesn’t work in older versions of Domino like version 9.01, 10 perhaps even 11
I have verified in version 12 and there it work fine without problems.
Luckily there is an easy fix, in the Domino data directory there is a file httpd.cnf open up this file add add this line below i.e the Images section, placement isn’t important.
AddType .svg image/svg+xml # SVG format
Notes Tip #54: From Microsoft Outlook to HCL Notes
By Hogne B. Pettersen | 2/14/23 3:44 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
After some false stops and starts, Brainworker and I can finally publish my full user guide for Notes Mail, Calendar, Contacts and To do. Perfect for new employees used to Outlook, but also as a user guide for any Notes user. While Notes is so much more than just an email, calendar, and contacts application,these features are nevertheless some of the most important features of the client.
Setting up HCL Domino Time-based one-time password (TOTP) authentication
By Remco Angioni | 2/14/23 3:43 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Here is the easy guide how to setup HCL Domino TOTP on a Domino V12.0.2 server with internet site document.
TOTP and vert.x
By Stephan Wissel | 2/7/23 9:13 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
TOTP and vert.x - Time-based one-time passwords (TOTP) are a common security feature in Identity Providers (IdP). There are use cases beyond IdP, mine was 'Understanding what it takes').
TOTP interaction
You have two phases: enrollment and use. During enrollment a secret is generated and (typically) presented as QR Code. A user points one of the many Authenticator apps to it and gets a numeric code that changes once a minute.
When you use it, you pick the current number and paste it into the provided field. The backend validates the correctness with some time leeway.
What it is not
Typically when enrolling you also get recovery codes, sometimes called scratch codes. They are NOT part of TOTP and implementation is site specific and not standardized. An implementer might choose to check your recovery codes when your TOTP fails or provide a separate interaction using those.
The initial confirmation, is actually the first instance of "use" and one could have a successful enrollment without it. This is depending on the implementation.
It isn't foolproof. An attacker could trick you into typing your TOTP code into a spoofed form or just hijack your session (cookie). That's why responsible web apps run a tight security with CSP and TLS (and once browser support is better Permission Policy)
Calendar entry not displaying notes in HCL Verse 3.x
By Rainer Brandl | 2/3/23 4:20 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Today I had the issue that a customer complained that notices on the calendar form keep on loading and loading and you're not able to create a calendar entry or even display the content of the notes an existing calendar entry.After some conversation with HCL Support ( which again was working extremely fast in person of Suraj Joshi ) I received the information that the upgrade to HCL Domino 12.0.2 could cause this issue.
As mentioned in the official Defect Article this only occurs when the display language of the browser is set to another language than English.
Overdue PSA: Reverse-Proxy Headers in Domino 12.0.1FP1 and Newer
By Jesse Gallagher | 1/25/23 11:19 AM | Infrastructure - Notes / Domino | Added by Oliver Busse
Just over a year ago now, I wrote a blog post describing the sudden removal of my beloved HTTPEnableConnectorHeaders notes.ini parameter in the 12.0.1 release.
However, during the administration-focused OpenNTF Repair Café today, I was reminded that I never modified that post or made a followup to detail the changes since then. I plan to remedy that here!
Nomad Web server connection options
By Daniel Nashed | 1/25/23 7:30 AM | Infrastructure - Notes / Domino | Added by Oliver Busse
Nomad Web is a modern HCL client offering in form of a Progressive Web Application (PWA) running in your web browser.
In addition to Windows or Mac, it also works on Ubuntu and other Linux distributions! So there is finally a client offering for Linux clients again!
The Nomad Web application is installed on a server providing the required files for download.
Those files can be stored on a SafeLinx or Domino/Nomad Web server.
Windows Sandbox - A feature you should know
By Daniel Nashed | 1/23/23 2:20 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
The sandbox can be a very useful tool for many different situations.
I am often using it for Domino server or client install tests.
But there are many other use cases including training environments etc.
It's a full throw away sandbox environment recreated every time you start it.
The only limitation is that you can't reboot the Windows for example after a software update.
But even installing the Windows re-distributable run-time package does not require a boot.
Most applications like Notes/Domino install it on their own.
I needed it to test my own applications. But there is an easy way to download and silent install it:
NGINX TCP Stream with SNI support. More than helpful for lab environments
By Daniel Nashed | 1/23/23 2:15 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
In production you usually want centralized certificate handling and off-loading TLS termination to a load-balancer.
I posted scripts to have NGINX realod certs automatically from Domino CertMgr via HTTPS to leverage Domino's Let's Encrypt implementation.
But sometimes you really want all your servers directly exposed over TLS.
For example in a lab environment with limited resources and only one IP, you might want to still have each of the hosts expose their services on their own.
Quest for SAML to everybody continues
By Fredrik Norling | 1/23/23 2:10 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
My article regarding debugging SAML on HCL Domino is updated today with 2 points
What is the SP certificate used for
What can be wrong when you get a login loop
Check it out in the article https://www.xpagedeveloper.com/2022/debugging-saml-setups-in-hcl-domino
Certificate Information tool
By Fredrik Norling | 1/17/23 2:40 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
SSL certificates, SAML certificates, Signing certificates the number is long of different kinds of certificates and you might need to check the name of a certificate, the start or end date or perhaps the thumbprint.
I use the tool mainly to get end dates of certificates sent to me from customers because I hate when they expire and need to be changed without any preparation. And the worst kind that most administrators often miss is the certificates that is auto created i.e. in ADFS servers, Azure Enterprise apps, Okta
Email Encryption
By Prominic.NET | 1/12/23 9:20 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Emails are now not only an important part of our daily lives but also one of the most used gateways for cybercriminals into our lives. Let’s explore how we can keep the door shut.
Please wait until that HTTP service is ready
By Stephan Wissel | 1/3/23 10:17 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Our brave new world of containers and microservices runs on a combination of YAML and shell scripts. Getting them to run in the desired sequence can be a challenge. When ready isn't ready All container environments have a 'depends' clause, so the container runtime can determine the correct startup startup sequence for the zoo of containers comprising the application to be launched. Each container will usually signal when it is ready.
However ready can mean different things to different applications.
In the container world it should be: the service is available.
However it could be: service was successfully started, but might be busy with house keeping. In the later case the start scripts of the dependent services need to do their own waiting
HCL Domino, view indexer stuck with very high CPU usage
By Jesper Kiær | 1/2/23 6:16 AM | Infrastructure - Notes / Domino | Added by Oliver Busse
I have a customer who has a Domino server running with very high CPU usage, and it should not, since it is not a very busy server.
It is the indexer which gets stuck with very high CPU usage
Solution for broken TrendMicro ScanMail for Domino 12.0.2 on Windows
By Remco Angioni | 12/23/22 4:16 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
After upgrading the Domino to 12.0.2, TrendMicro scanmail stops working. The cause is C API OSLoadLibrary changes in Domino 12.0.2.
TrendMicro had identified the problem and created a temp workaround for it.
See article: https://success.trendmicro.com/dcx/s/solution/000291870?language=en_US
Posted presentation on CompareDBs
By Andre Guirard | 12/14/22 2:16 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
I gave a presentation about CompareDBs, the new template in 12.0.1 Domino server, for a recent OpenNTF webinar. The slides for that — with their attached notes — are a reasonably good summary of what the tool is good for, so I decided to post them here.
How to configure SAML SSO for HCL Nomad Web for Domino using Keycloak - Part 2
By Heiko Voigt | 12/13/22 12:38 PM | Infrastructure - Notes / Domino | Added by Oliver Busse
So it took a little bit longer to get this 2nd part of the series - I ran into some issues during the configuration, also, we decided to upgrade our Keycloak implementation to the latest version 20.x and experienced some setbacks when re-importing the configuration from version 18.x - we lost a couple of settings and it took a while to find the differences and patch them up.
How to get the error message for a Notes error code
By Daniel Nashed | 12/13/22 1:34 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Sometimes scripts or Domino server commands only return an error code and you would like to know the error message.
There is an easy way to get the error message back from a server command.
"show message [module]
In most cases you don't need server tasks specific error messages and just use the decimal error code.
Setup DKIM for HCL Domino 12.0.2
By Remco Angioni | 12/9/22 1:58 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Finally we can setup and use DKIM email authentication in HCL Domino. Here are the steps for adding DKIM in Domino and DNS.The actions are my actual commands for adding DKIM to my angioni.nl domain.
HCL Notes Client – “Invalid RTF Data On The Clipboard”
By Ulrich Krause | 12/3/22 11:30 AM | Infrastructure - Notes / Domino | Added by Oliver Busse
The issue applies to HCL Notes 12.0.1 standard and basic as well as HCL Notes 12.0.2 32/64Bit standard and basic.
When you try to change your signature in the Calendar Profile, you get the error message
OpenNTF Quickie: Install Domino + Nomad + Leap on Docker - YouTube
By OpenNTF | 11/30/22 3:40 PM | Infrastructure - Notes / Domino | Added by Oliver Busse
This video demonstrates the installation process for Domino 12.0.2 including HCL Nomad Web and HCL Domino Leap on Docker using the Domino Container build script.
ID Vault “Invalid or nonexistent document” error caused by Cluster Symmetry Repair
By Kim Greene | 11/29/22 12:34 PM | Infrastructure - Notes / Domino | Added by Oliver Busse
In helping a customer who was having an issue with getting TOTP working, I came upon an interesting situation with their ID Vault. When issuing ‘show idvault’, the following error was displayed.
Invalid or nonexistent document: Vault replica list inconsistency for vault /ID_Vault
The really strange thing about this situation was the replica of the ID Vault was on both the primary and secondary server, however only the primary server was listed as a Vault Server in the ID Vault itself.
How to configure SAML SSO for HCL Nomad Web for Domino using Keycloak - Part 1
By Heiko Voigt | 11/29/22 10:57 AM | Infrastructure - Notes / Domino | Added by Oliver Busse
This is part one of my series on how to utilize Keycloak as the SAML IDP for HCL Nomad Web for Domino. While HCL describes the use of ADFS in the online documemtation, Keycloak can serve for this purpose with ease as well. Within this series I want to describe the components and configurations that are necessary to make the two work together.
The lsconst expedient
By Andre Guirard | 11/28/22 10:12 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
There are a lot of handy constants included in the LotusScript file lsconst.lss, which you can include in your scripts via the statement:
%Include "lsconst.lss"
It contains many “Const” definitions for symbolic names needed for calling built-in functions, such as this constant useful when calling Messagebox function:
Public Const MB_OK = 0
None of these constants is necessary since you can also hardcode the constant value when you make your call. But it makes your code easier to read and maintain if you use the symbolic names, so this is a best practice.
Domino 12.0.2 on Docker - some changes with One Touch setup
By Oliver Busse | 11/28/22 4:03 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Today I learned the hard way what it means to "reset" the Docker Desktop installation using a tool like "Clean My Mac X", a tool that I strongly recommend to get rid of all crap that slows down your system - and does much more.
However, resetting a Docker Desktop installation means that everything is wiped - except from the program itself. Docker started to be unstable, so my plan was to re-install it.
After I did this task, I found out that all my containers were gone - including the images and volumes. The latter is the worst, so be careful.