Sort it out (your JSON collections)  

By Patrick Kwinten | 11/8/24 3:49 AM | Development - Notes / Domino | Added by Roberto Boccadoro

The day after the US elections. Time to sort it out. Not the election results but the collections in the Run4Fun application. I hope you like lists with JSONObjects in your XPages application as much as I do but what you see is normally the order you stick the objects in the list. If you want them to have sorted in a certain way, perhaps by a certain key (firstname, lastname, email, age, time etc) either you have your source (a NotesView?) adapted to it OR you have to apply something that does that to your objects in the list. That something is called a comparator.

Modern email protocols: DANE, MTA-STS and TLS-RPT  

By Martijn de Jong | 11/8/24 3:47 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

n my recent OpenNTF webinar on modern E-mail Server operations, I covered several SMTP-related protocols like DKIM, SPF, and DMARC. However, with ongoing efforts to enhance the security of SMTP, new protocols have emerged, and these are the focus of this article. Two weeks after my OpenNTF presentation, my former colleague Erwin Stamer, contacted me regarding the DANE status of my domain as it was yellow instead of green. He was looking at the status of my domain as they were implementing it at his employer (a large Dutch bank) and was looking for an example. I must admit that I initially had no idea what DANE was, but as it was in line with my presentation, I dived into it. DANE, MTA-STS and TLS-RPT all work together, but let’s look at them separately.

Partial refresh gone bad   

By Patrick Kwinten | 11/4/24 3:43 AM | Development - Notes / Domino | Added by Roberto Boccadoro

For a (very) large and complicated intake form I have checkboxes that based upon the value (checked/unchecked) should calculate the visibility of multiple sections of the form. I guess most of us remember Tim Tripcony’s comment on a question about partial refresh on SO. That seemed to work fine from scratch but the intake form has grown and grown during the years due to regulations and the responses from the chained xsp.partialrefreshget calls gone bad. As a result sometimes the other sections pop up very late or not at all ��

Notes intermittently hangs or opens mail or other database slowly after 30 minutes of inactivity  

By Daniel Nashed | 10/28/24 2:20 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Notes intermittently hangs or opens mail or other database slowly after 30 minutes of inactivity This might help you in some network situations and it came up today in the OpenNTF Discord chat. TCP/IP keep alive is a functionality in the network stack to tell the server's TCP/IP stack and also the active components like firewalls, VPNs etc, that your session is still alive -- even the application is not sending any data. The Windows default keep interval is 2 hours. This Windows sends a keep alive for a TCP/IP session only. Linux and MacOS have a default keep alive interval of 75 seconds, which is a much more reasonable default. On Windows you can change the value by adding a new registry value, specifying a shorter keep alive interval in milliseconds. A good default value would be 75 seconds like on Linux and MacOS.

Key Rollover vs Certifier rollover  

By Daniel Nashed | 10/28/24 2:18 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

This is probably a topic many admins never really looked into and you might still run with your very old 630 key size. Key size and certificate key size play an important role in your security and you should be aware of it. Key Rollover Rolling over keys is a quite normal operation. It's a best practice to rotate keys at least when the recommended key strength changed. Rolling over a key is client side initiated but requires an admin action. Certifier Rollover When rolling over certifiers you are creating a new key for your certifier and sign it with the right signing ID. For your organization certifier this will be the organization certifier itself which signs itself. Once that operation completes you have to re-sign all OU certifiers, server IDs and Notes.IDs step by step in this order. You also have to take care of all cross certificates, Vault trust certificates. The process is quite complex and needs planning:

Upgrading OnTime in a container | Roberto Boccadoro  

By Roberto Boccadoro | 10/25/24 5:32 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Running Domino in a container is becoming more and more popular in these days. I assume the reader is familiar with the topic, I am not going to explain how to create and run a Domino container. If you want to know more about Domino containers watch the replay of the webinar that Martijn did for OpenNTF and read his presentation. OnTime is included in Domino, starting with Release 14, is a great tool and I encourage my readers to use it, the version included in Domino is free and very powerful. The issue is that Intravision, creates new releases of OnTime faster that HCL creates new releases of Domino, which is obviously understandable. For example the OnTime version included in Domino is 11.1, but the most recent is 11.5. Hence if you want to keep updated your environment, you need to upgrade OnTime. That is easy if you run Domino on Windows or Linux native, but what if you run Domino in a container ?

Domino will now get an IQ – The Domino Elf  

By Hogne B. Pettersen | 10/25/24 5:30 AM | Business - News | Added by Roberto Boccadoro

For the first time in several years, there was a usergroup meeting in Norway again. Lots of new announcements regarding Domino was presented. Here's my report. A few years back I closed down the Nordic usergroup (which used to be the Norwegian) for various reasons. Then last year Wannes Rams called me and asked me if I would be ok with him and my good friend Arne Nielsen starting it up again. Of course I didn’t mind, and they’ve already had several conferences in Sweden and Denmark. On Tuesday October 22nd they finally returned to Oslo, where we met up at The Mini Bottle Gallery a most excellent venue. Here are a few highlights from the event.

Check the minimum client version for your Notes application  

By Daniel Nashed | 10/25/24 3:12 AM | Development - Notes / Domino | Added by Roberto Boccadoro

Notes provides new functionality in Lotus Script and there also Java classes added to the client. Lotus Script Named documents have been introduced in Notes/Domino 12.0.1. I have just written an application which needs a Java class which is introduced in Notes 12.0.2 as it turned out. So I came up with a simple check I am going to add to all my applications which use more current functionality. You can drop this code into the PostOpen script of any database and switch to the right constant

Using Custom DNS Configurations With CertMgr  

By Jesse Gallagher | 10/25/24 3:10 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

The most common way that I expect people use Domino's CertMgr/certstore.nsf is to use Let's Encrypt with the default HTTP-based validation. This is very common in other products too and usually works great, but there are cases when it's not what you want. I hit two recently. Domino's CertMgr can handle those DNS challenges just fine, though, and the HCL-TECH-SOFTWARE/domino-cert-manager project on GitHub contains configuration documents for several common providers/protocols. For historical reasons (namely: I didn't like Network Solutions in 2000), I use joker.com as my registrar, and they're not in the default list. Indeed, it seems like their support for this process is very much a "oh geez, everyone's asking us for this, so let's hack something together" sort of thing. Fortunately, the configuration docs are adaptable with formula (and other methods) - I'll spare you the troubleshooting details and get to the specifics.

Domino Container image custom add-on support enhancements  

By Daniel Nashed | 10/14/24 3:19 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

There is a custom add-on functionality Martijn and Roberto just blogged about this week. https://blog.martdj.nl/2024/10/10/building-custom-add-ons-for-your-domino-container-image/ https://www.robertoboccadoro.com/2024/10/10/upgrading-ontime-in-a-container/ This was the missing trigger for me to look into it again. It's a quite new functionality which wasn't fully documented yet. Documentation I have added a new documentation mark down page-->https://opensource.hcltechsw.com/domino-container/concept_custom_addons/

Building custom add-ons for your Domino container image – Martijn's Blog  

By Martijn de Jong | 10/14/24 3:18 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

This is a post that I thought I had already written, but I realised today that I hadn’t. It’s about a feature that Daniel Nashed added to the Domino container community project in the past year and that I showed in my presentations on the Domino container project at Engage and OpenNTF. But apparently, apart from that, Daniel and I never documented it. So here it is. The documentation on how to create your own custom add-on packages for your Domino container image.

XPages App to Web App: Part Seven - CSS  

By Paul Withers | 10/8/24 5:09 AM | Development - Notes / Domino | Added by Roberto Boccadoro

In the last part we created the login form. In this part we’re going to start adding some theming. Theme Colours The power of XPages is in the out-of-the-box themes available. These provide styling for the various XPages components and some developers may even have not add their own CSS. But hopefully developers have.

Installing Domino REST API in an existing Domino container server – Martijn's Blog  

By Martijn de Jong | 10/3/24 1:18 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

The Domino REST API, a.k.a. DRAPI, is a requirement for running HCL Volt MX Go. On a native Domino server, it’s an add-on that you can install. The installation will install files in both a special install directory, the Domino program directory and the Domino data directory. On a Domino server using Domino container images, you need a Domino image with the REST API included. After all, the Domino program directory is not persistent, which means that any addition to this directory that was added in the container and not in the image, is lost when the Domino container is stopped and restarted. Something that happens whenever you reboot the host machine. Luckily, the Domino container community image build tool includes the Domino REST API in the build menu, so it’s easy to add.

Linux LSOF is causing 100% CPU load inside a container in some configurations  

By Daniel Nashed | 10/2/24 4:34 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Linux LSOF is causing 100% CPU load inside a container in some configurations https://blog.nashcom.de/nashcomblog.nsf/dx/ https://blog.nashcom.de/nashcomblog.nsf/feed.rss RSS - Daniel Nashed's Blog Daniel Nashed's Blog Daniel Nashed Linux LSOF is causing 100% CPU load inside a container in some configurations Linux Domino Container width=device-width, initial-scale=1.0, minimum-scale=1.0 Daniel Nashed's Blog ../nashcom.css ../dx/imprint.htm Imprint Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ... Search Search Search Search alt Daniel Nashed # Tags Tag: 64Bit ../archive?openview&title=64Bit&type=cat&cat=64Bit 64Bit Tag: ACME ../archive?openview&title=ACME&type=cat&cat=ACME ACME Tag: ACME HTTP-01 ../archive?openview&title=ACME%20HTTP-01&type=cat&cat=ACME%20HTTP-01 ACME HTTP-01 Tag: ADFS ../archive?openview&title=ADFS&type=cat&cat=ADFS ADFS Tag: AdminCentral ../archive?openview&title=AdminCentral&type=cat&cat=AdminCentral AdminCentral Tag: AIX ../archive?openvie

Disabling XPages if not needed reduces open files and HTTP start/stop time  

By Daniel Nashed | 9/30/24 4:30 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

While working on setup automation I often ran into HTTP startup challenges. It can take up to 40-50 seconds until the HTTP task is started. If you look at open files, you notice that each thread has more than 70 files open. This sums up to up quite some files and the HTTP server start/stop time is much slower. In case you don't use XPages there is a simple switch to disable the XPages run-time and only load the standard Java components. notes.ini INotesDisableXPageCMD=1 I first had the impression Java in general would cause overhead on start. But my tests drilled down to XPages/OSGI.

Domino 14.0 FP2 IF1 installer might fail on new machines -- VCRUNTIME140 32bit is missing  

By Daniel Nashed | 9/24/24 1:06 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

I ran into this today when testing and got a customer reporting this one hour later. So it was easy to reply with a root cause and solution. Domino is a 64bit application. Therefore the Windows run-time installed with the Domino release installer is 64bit only. The Fixpack installer has no VC runtime requirements. But it turns out the hotfix installer, which is also used for interim fixes is also a 32bit installer and has VC dependencies.

LotusScript Classes and Delete  

By Paul Withers | 9/24/24 1:04 AM | Development - Notes / Domino | Added by Roberto Boccadoro

A couple of years ago I wrote a number of blog posts about LotusScript / VoltScript classes. The topic is relevant to both languages, we’ve not made any changes to how classes are managed in VoltScript, even though we discussed adding some things added to Visual Basic since LotusScript was created, things like additional modifiers. Even though classes are still the same, we’ve used some quite sophisticated aspects of class, as will be apparent to anyone who has looked at VoltScript Testing, its LotusScript port bali-unit, VoltScript JSON Converter, or VoltScript Collections. Three particular aspects I used in those projects are of particular relevance for this blog post.

Domino does not shutdown cleanly when Windows is rebooted or shutdown  

By Daniel Nashed | 9/11/24 6:23 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

When stopping the Domino service manually, the Windows service control manager (SCM) waits sufficient time to shutdown Domino cleanly. But it turns out a Windows shutdown or reboot does not wait sufficient time for service termination. This is critical because it would kill running Domino processes without notice. Even with transaction log enabled, this isn't a desirable situation.

How to find out what is eating my disk space on Linux?  

By Daniel Nashed | 9/11/24 6:22 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

If you don't know the Linux tool ncdu, this will make your day. The tool by default scans from where you are or any directory you specify. Specially when running on WSL you might want to use excludes. On top there is a delete option, which can be quite helpful when you find large files you don't need. I am using it for years and it did safe my IT life more than once. And it is very fast...

Recent Open-Source Project Updates  

By Jesse Gallagher | 9/7/24 10:01 AM | Development - Notes / Domino | Added by Roberto Boccadoro

I've released a spate of open-source project updates recently, and I figured it'd be good to round up what's new. Most of them are utilitarian in nature - mostly fixes for things that crop up with Domino 14 and Java > 8 - but the first one is larger.

Radomly removed JAR resources: the reason   

By Oliver Busse | 9/6/24 6:50 AM | Development - Notes / Domino | Added by Roberto Boccadoro

Remember my last post about Domino Designer just randomly removing JAR resources from the NSF? I first thought it was something with the ODP and Git but I was wrong. It turned out that you don't even have to work with an ODP or even Git to run into this problem. The real cause of this is still unclear, I add this to the various hiccups of Domino Designer that we all got used to. There's a solution....

You don't have to overwrite your Command when pasting into the Domino Console  

By Cormac McCarthy | 8/31/24 3:35 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

While having a look at the HCL Domino Portal ideas portal the other week I came across something I was going to vote for, namely Paste (using CTRL+V) in the Server Console “Domino Command” input field should not remove existing content in that input field. Just as I was about to hit the vote button, I read the comments. Someone had helpfully put in the solution

Issue with old Domino JAVA agent  

By Patrick Kwinten | 8/29/24 11:37 AM | Development - Notes / Domino | Added by Oliver Busse

I got the request to extend the summary report in the email message that a scheduled Domino agent is sending out. In the report some lists of missing data in the database needs to be added so users can work more efficient. So what do we do?

Notes client LTPA authentication issue after Sametime 12.0.2FP1 upgrade  

By Vladislav Tatarincev | 8/27/24 10:00 AM | Infrastructure - Sametime | Added by Roberto Boccadoro

We use LTPA Token authentication inside company for HCL Sametime 12.0.2. It was working fine. When Sametime 12.0.2FP1 arrived we upgraded our Sametime and Notes 14 clients were unable to login with LTPA. Only regular password login was working. Sametime Authentication container logs brought us the following: error: Error decoding LtpaToken2: "error:1C800064:Provider routines::bad decrypt". Trying as v1: false
[2024/08/23 13:39:41] info: ::ffff:172.22.0.8 - - We opened case and support mentioned that: in HCL Sametime 12.0.2 FP1 we disabled LTPA V1 token support by default - in favor of LTPA V2 which is more secure. The Embedded clients, especially the 'older' ones still present only the LTPA V1 tokens. In Domino SSO document, our configuration was LtpaToken and LTPAToken2. We changed format of token to "LTPAToken2 only" and did restart of Domino and this has resolved issue.

Silent HCL Notes 32 bit to 64 bit upgrade changes - Domino People  

By Cormac McCarthy | 8/27/24 9:59 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

HCL have recently published one of the “gotchas” around upgrading from 32 bit to 64 bit Notes. I came across this again and thought it worth sharing. When upgrading Notes 32 bit to 64 bit via command line/scripting/third party install tool (basically anywhere you’re running silently) the syntax for PROGDIR and DATADIR changes to PROGDIRW64 and DATADIRW64.

Problem when uploading ID file to Vault with Admin Client 14.x to Domino 12.0.1.x   

By Rainer Brandl | 8/27/24 9:57 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Today I had the problem that a customer complained about the problem of uploading the ID of a new registered user to an existing vault. I could see the following entries in the local log.nsf:27.08.2024 11:03:00 ID 'C:\HCL\Notes\Data\user\testuser1.id' failed to upload to vault 'O=customer_vault' on server 'CN=SERVER01/O=SRV'. 'Test User1' made request. Error: Remote system no longer responding After opening a case I received the link to a TechNote where a problem with Admin Client V14.x and HCL Domino 12.0.1.x is documented. I afterwards modified the setting in the NOTES.INI of the client and now the upload of the ID for the newly registered user is working fine !!! Be aware to put the setting “TCPIP=TCP,0,15,16000” only in the NOTES.INI of a V14 client !!! If you set this value in a NOTES.INI of V12, the client will not startup and will cause serious troubles !!!

XPages to Web App Redux: 2  

By Paul Withers | 8/21/24 6:45 AM | Development - Notes / Domino | Added by Roberto Boccadoro

XPages to Web App Redux: Part Two - Dev Tools Many Domino developers may not have used anything other than Domino Designer. We’re stepping into a different world of development here. So we’ll be using different tools. Plural.

Does TOTP Work for users in a Secondary Directory via DA  

By Keith Brooks | 8/21/24 6:43 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Like many of our customers, a customer has a large external user community relying on their applications. We have about 7,000 external customers. Some are undoubtedly old customers, but 7,000 is a lot of people. Previously, I wrote about how to bulk add these people into your ID Vault, and that was all fine and good where we have only one names.nsf for everyone and everything. We may have had 2-3 servers in that org. Now, the 7,000 are in a secondary external names.nsf via DA (Directory Assistance). The Problem 1) How do you register and maintain the people in a secondary Directory? 2) Does the DA even work with TOTP?

XPages to Web App Revisited: Part One - Introduction  

By Paul Withers | 8/19/24 7:47 AM | Development - Notes / Domino | Added by Roberto Boccadoro

Many years ago I wrote a series of blog posts on the topic of XPages to web app. At the time my target technology was Vaadin running in an OSGi plugin on Domino HTTP server (initially) and then CrossWorlds - Daniele Vistalli’s innovative approach to use Domino data via OpenNTF Domino API on a Websphere Liberty server running as a sidecar to Domino. My experience of developing with Vaadin lagged behind the technology, because it quickly evolved not only to Java 8 (and undoubtedly beyond) but used annotations which required Servlet 3.0. Today there are a variety of options for web application. Adjacent to Domino is Jesse Gallagher’s JakartaEE approach. Domino REST API can host applications as well. Frameworks like Angular and React have gained prominence. JSP is still seen in some places, but seems to have slipped from prominence. But after my session at Engage with Stephan Wissel, and particularly the rapid evolution of browser support over the last few years, my target is traditional web, hosted in Domino REST API’s server.

HCL Domino TOTP & Passkey authentication   

By Rainer Brandl | 8/19/24 7:45 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

In a customer environment I have enabled the great working TOTP authentication. After migration the environment to Domino V14 I also enabled the Passkey authentication in the same Internet Site document.Afterwards neither TOTP authentication nor Passkey Authentication worked. A clarification of the HCL Support delivered the following information: You cannot enable both authentication types for the same internet site document !!