Recent
Notes intermittently hangs or opens mail or other database slowly after 30 minutes of inactivity 
By Daniel Nashed | 10/28/24 2:20 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Notes intermittently hangs or opens mail or other database slowly after 30 minutes of inactivity
This might help you in some network situations and it came up today in the OpenNTF Discord chat.
TCP/IP keep alive is a functionality in the network stack to tell the server's TCP/IP stack and also the active components like firewalls, VPNs etc, that your session is still alive -- even the application is not sending any data.
The Windows default keep interval is 2 hours. This Windows sends a keep alive for a TCP/IP session only.
Linux and MacOS have a default keep alive interval of 75 seconds, which is a much more reasonable default.
On Windows you can change the value by adding a new registry value, specifying a shorter keep alive interval in milliseconds.
A good default value would be 75 seconds like on Linux and MacOS.
Key Rollover vs Certifier rollover
By Daniel Nashed | 10/28/24 2:18 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
This is probably a topic many admins never really looked into and you might still run with your very old 630 key size.
Key size and certificate key size play an important role in your security and you should be aware of it.
Key Rollover
Rolling over keys is a quite normal operation.
It's a best practice to rotate keys at least when the recommended key strength changed.
Rolling over a key is client side initiated but requires an admin action.
Certifier Rollover
When rolling over certifiers you are creating a new key for your certifier and sign it with the right signing ID.
For your organization certifier this will be the organization certifier itself which signs itself.
Once that operation completes you have to re-sign all OU certifiers, server IDs and Notes.IDs step by step in this order.
You also have to take care of all cross certificates, Vault trust certificates.
The process is quite complex and needs planning:
Upgrading OnTime in a container | Roberto Boccadoro
By Roberto Boccadoro | 10/25/24 5:32 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Running Domino in a container is becoming more and more popular in these days. I assume the reader is familiar with the topic, I am not going to explain how to create and run a Domino container. If you want to know more about Domino containers watch the replay of the webinar that Martijn did for OpenNTF and read his presentation.
OnTime is included in Domino, starting with Release 14, is a great tool and I encourage my readers to use it, the version included in Domino is free and very powerful.
The issue is that Intravision, creates new releases of OnTime faster that HCL creates new releases of Domino, which is obviously understandable.
For example the OnTime version included in Domino is 11.1, but the most recent is 11.5. Hence if you want to keep updated your environment, you need to upgrade OnTime.
That is easy if you run Domino on Windows or Linux native, but what if you run Domino in a container ?
Domino will now get an IQ – The Domino Elf
By Hogne B. Pettersen | 10/25/24 5:30 AM | Business - News | Added by Roberto Boccadoro
For the first time in several years, there was a usergroup meeting in Norway again. Lots of new announcements regarding Domino was presented. Here's my report. A few years back I closed down the Nordic usergroup (which used to be the Norwegian) for various reasons. Then last year Wannes Rams called me and asked me if I would be ok with him and my good friend Arne Nielsen starting it up again. Of course I didn’t mind, and they’ve already had several conferences in Sweden and Denmark. On Tuesday October 22nd they finally returned to Oslo, where we met up at The Mini Bottle Gallery a most excellent venue.
Here are a few highlights from the event.
Check the minimum client version for your Notes application
By Daniel Nashed | 10/25/24 3:12 AM | Development - Notes / Domino | Added by Roberto Boccadoro
Notes provides new functionality in Lotus Script and there also Java classes added to the client.
Lotus Script Named documents have been introduced in Notes/Domino 12.0.1.
I have just written an application which needs a Java class which is introduced in Notes 12.0.2 as it turned out.
So I came up with a simple check I am going to add to all my applications which use more current functionality.
You can drop this code into the PostOpen script of any database and switch to the right constant
Using Custom DNS Configurations With CertMgr
By Jesse Gallagher | 10/25/24 3:10 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
The most common way that I expect people use Domino's CertMgr/certstore.nsf is to use Let's Encrypt with the default HTTP-based validation. This is very common in other products too and usually works great, but there are cases when it's not what you want. I hit two recently.
Domino's CertMgr can handle those DNS challenges just fine, though, and the HCL-TECH-SOFTWARE/domino-cert-manager project on GitHub contains configuration documents for several common providers/protocols.
For historical reasons (namely: I didn't like Network Solutions in 2000), I use joker.com as my registrar, and they're not in the default list. Indeed, it seems like their support for this process is very much a "oh geez, everyone's asking us for this, so let's hack something together" sort of thing. Fortunately, the configuration docs are adaptable with formula (and other methods) - I'll spare you the troubleshooting details and get to the specifics.
Domino Container image custom add-on support enhancements
By Daniel Nashed | 10/14/24 3:19 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
There is a custom add-on functionality Martijn and Roberto just blogged about this week.
https://blog.martdj.nl/2024/10/10/building-custom-add-ons-for-your-domino-container-image/
https://www.robertoboccadoro.com/2024/10/10/upgrading-ontime-in-a-container/
This was the missing trigger for me to look into it again.
It's a quite new functionality which wasn't fully documented yet.
Documentation
I have added a new documentation mark down page-->https://opensource.hcltechsw.com/domino-container/concept_custom_addons/
Building custom add-ons for your Domino container image – Martijn's Blog
By Martijn de Jong | 10/14/24 3:18 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
This is a post that I thought I had already written, but I realised today that I hadn’t. It’s about a feature that Daniel Nashed added to the Domino container community project in the past year and that I showed in my presentations on the Domino container project at Engage and OpenNTF. But apparently, apart from that, Daniel and I never documented it. So here it is. The documentation on how to create your own custom add-on packages for your Domino container image.
XPages App to Web App: Part Seven - CSS
By Paul Withers | 10/8/24 5:09 AM | Development - Notes / Domino | Added by Roberto Boccadoro
In the last part we created the login form. In this part we’re going to start adding some theming.
Theme Colours
The power of XPages is in the out-of-the-box themes available. These provide styling for the various XPages components and some developers may even have not add their own CSS. But hopefully developers have.
Installing Domino REST API in an existing Domino container server – Martijn's Blog
By Martijn de Jong | 10/3/24 1:18 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
The Domino REST API, a.k.a. DRAPI, is a requirement for running HCL Volt MX Go. On a native Domino server, it’s an add-on that you can install. The installation will install files in both a special install directory, the Domino program directory and the Domino data directory.
On a Domino server using Domino container images, you need a Domino image with the REST API included. After all, the Domino program directory is not persistent, which means that any addition to this directory that was added in the container and not in the image, is lost when the Domino container is stopped and restarted. Something that happens whenever you reboot the host machine. Luckily, the Domino container community image build tool includes the Domino REST API in the build menu, so it’s easy to add.
Linux LSOF is causing 100% CPU load inside a container in some configurations
By Daniel Nashed | 10/2/24 4:34 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Linux LSOF is causing 100% CPU load inside a container in some configurations
https://blog.nashcom.de/nashcomblog.nsf/dx/ https://blog.nashcom.de/nashcomblog.nsf/feed.rss RSS - Daniel Nashed's Blog Daniel Nashed's Blog Daniel Nashed Linux LSOF is causing 100% CPU load inside a container in some configurations Linux Domino Container width=device-width, initial-scale=1.0, minimum-scale=1.0 Daniel Nashed's Blog ../nashcom.css ../dx/imprint.htm Imprint Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ... Search Search Search Search alt Daniel Nashed # Tags Tag: 64Bit ../archive?openview&title=64Bit&type=cat&cat=64Bit 64Bit Tag: ACME ../archive?openview&title=ACME&type=cat&cat=ACME ACME Tag: ACME HTTP-01 ../archive?openview&title=ACME%20HTTP-01&type=cat&cat=ACME%20HTTP-01 ACME HTTP-01 Tag: ADFS ../archive?openview&title=ADFS&type=cat&cat=ADFS ADFS Tag: AdminCentral ../archive?openview&title=AdminCentral&type=cat&cat=AdminCentral AdminCentral Tag: AIX ../archive?openvie
Disabling XPages if not needed reduces open files and HTTP start/stop time
By Daniel Nashed | 9/30/24 4:30 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
While working on setup automation I often ran into HTTP startup challenges.
It can take up to 40-50 seconds until the HTTP task is started.
If you look at open files, you notice that each thread has more than 70 files open.
This sums up to up quite some files and the HTTP server start/stop time is much slower.
In case you don't use XPages there is a simple switch to disable the XPages run-time and only load the standard Java components.
notes.ini INotesDisableXPageCMD=1
I first had the impression Java in general would cause overhead on start. But my tests drilled down to XPages/OSGI.
Domino 14.0 FP2 IF1 installer might fail on new machines -- VCRUNTIME140 32bit is missing
By Daniel Nashed | 9/24/24 1:06 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
I ran into this today when testing and got a customer reporting this one hour later. So it was easy to reply with a root cause and solution.
Domino is a 64bit application. Therefore the Windows run-time installed with the Domino release installer is 64bit only. The Fixpack installer has no VC runtime requirements.
But it turns out the hotfix installer, which is also used for interim fixes is also a 32bit installer and has VC dependencies.
LotusScript Classes and Delete
By Paul Withers | 9/24/24 1:04 AM | Development - Notes / Domino | Added by Roberto Boccadoro
A couple of years ago I wrote a number of blog posts about LotusScript / VoltScript classes. The topic is relevant to both languages, we’ve not made any changes to how classes are managed in VoltScript, even though we discussed adding some things added to Visual Basic since LotusScript was created, things like additional modifiers. Even though classes are still the same, we’ve used some quite sophisticated aspects of class, as will be apparent to anyone who has looked at VoltScript Testing, its LotusScript port bali-unit, VoltScript JSON Converter, or VoltScript Collections.
Three particular aspects I used in those projects are of particular relevance for this blog post.
Domino does not shutdown cleanly when Windows is rebooted or shutdown
By Daniel Nashed | 9/11/24 6:23 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
When stopping the Domino service manually, the Windows service control manager (SCM) waits sufficient time to shutdown Domino cleanly.
But it turns out a Windows shutdown or reboot does not wait sufficient time for service termination.
This is critical because it would kill running Domino processes without notice. Even with transaction log enabled, this isn't a desirable situation.
How to find out what is eating my disk space on Linux?
By Daniel Nashed | 9/11/24 6:22 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
If you don't know the Linux tool ncdu, this will make your day.
The tool by default scans from where you are or any directory you specify.
Specially when running on WSL you might want to use excludes.
On top there is a delete option, which can be quite helpful when you find large files you don't need.
I am using it for years and it did safe my IT life more than once. And it is very fast...
Recent Open-Source Project Updates
By Jesse Gallagher | 9/7/24 10:01 AM | Development - Notes / Domino | Added by Roberto Boccadoro
I've released a spate of open-source project updates recently, and I figured it'd be good to round up what's new. Most of them are utilitarian in nature - mostly fixes for things that crop up with Domino 14 and Java > 8 - but the first one is larger.
Radomly removed JAR resources: the reason
By Oliver Busse | 9/6/24 6:50 AM | Development - Notes / Domino | Added by Roberto Boccadoro
Remember my last post about Domino Designer just randomly removing JAR resources from the NSF? I first thought it was something with the ODP and Git but I was wrong.
It turned out that you don't even have to work with an ODP or even Git to run into this problem. The real cause of this is still unclear, I add this to the various hiccups of Domino Designer that we all got used to.
There's a solution....
You don't have to overwrite your Command when pasting into the Domino Console
By Cormac McCarthy | 8/31/24 3:35 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
While having a look at the HCL Domino Portal ideas portal the other week I came across something I was going to vote for, namely
Paste (using CTRL+V) in the Server Console “Domino Command” input field should not remove existing content in that input field.
Just as I was about to hit the vote button, I read the comments. Someone had helpfully put in the solution
Issue with old Domino JAVA agent
By Patrick Kwinten | 8/29/24 11:37 AM | Development - Notes / Domino | Added by Oliver Busse
I got the request to extend the summary report in the email message that a scheduled Domino agent is sending out. In the report some lists of missing data in the database needs to be added so users can work more efficient. So what do we do?
Notes client LTPA authentication issue after Sametime 12.0.2FP1 upgrade
By Vladislav Tatarincev | 8/27/24 10:00 AM | Infrastructure - Sametime | Added by Roberto Boccadoro
We use LTPA Token authentication inside company for HCL Sametime 12.0.2. It was working fine.
When Sametime 12.0.2FP1 arrived we upgraded our Sametime and Notes 14 clients were unable to login with LTPA. Only regular password login was working.
Sametime Authentication container logs brought us the following:
error: Error decoding LtpaToken2: "error:1C800064:Provider routines::bad decrypt". Trying as v1: false
[2024/08/23 13:39:41] info: ::ffff:172.22.0.8 - -
We opened case and support mentioned that: in HCL Sametime 12.0.2 FP1 we disabled LTPA V1 token support by default - in favor of LTPA V2 which is more secure.
The Embedded clients, especially the 'older' ones still present only the LTPA V1 tokens.
In Domino SSO document, our configuration was LtpaToken and LTPAToken2.
We changed format of token to "LTPAToken2 only" and did restart of Domino and this has resolved issue.
Silent HCL Notes 32 bit to 64 bit upgrade changes - Domino People
By Cormac McCarthy | 8/27/24 9:59 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
HCL have recently published one of the “gotchas” around upgrading from 32 bit to 64 bit Notes.
I came across this again and thought it worth sharing. When upgrading Notes 32 bit to 64 bit via command line/scripting/third party install tool (basically anywhere you’re running silently) the syntax for PROGDIR and DATADIR changes to PROGDIRW64 and DATADIRW64.
Problem when uploading ID file to Vault with Admin Client 14.x to Domino 12.0.1.x
By Rainer Brandl | 8/27/24 9:57 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Today I had the problem that a customer complained about the problem of uploading the ID of a new registered user to an existing vault. I could see the following entries in the local log.nsf:27.08.2024 11:03:00 ID 'C:\HCL\Notes\Data\user\testuser1.id' failed to upload to vault 'O=customer_vault' on server 'CN=SERVER01/O=SRV'. 'Test User1' made request. Error: Remote system no longer responding
After opening a case I received the link to a TechNote where a problem with Admin Client V14.x and HCL Domino 12.0.1.x is documented. I afterwards modified the setting in the NOTES.INI of the client and now the upload of the ID for the newly registered user is working fine !!!
Be aware to put the setting “TCPIP=TCP,0,15,16000” only in the NOTES.INI of a V14 client !!! If you set this value in a NOTES.INI of V12, the client will not startup and will cause serious troubles !!!
XPages to Web App Redux: 2
By Paul Withers | 8/21/24 6:45 AM | Development - Notes / Domino | Added by Roberto Boccadoro
XPages to Web App Redux: Part Two - Dev Tools
Many Domino developers may not have used anything other than Domino Designer. We’re stepping into a different world of development here. So we’ll be using different tools. Plural.
Does TOTP Work for users in a Secondary Directory via DA
By Keith Brooks | 8/21/24 6:43 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Like many of our customers, a customer has a large external user community relying on their applications.
We have about 7,000 external customers. Some are undoubtedly old customers, but 7,000 is a lot of people.
Previously, I wrote about how to bulk add these people into your ID Vault, and that was all fine and good where we have only one names.nsf for everyone and everything. We may have had 2-3 servers in that org.
Now, the 7,000 are in a secondary external names.nsf via DA (Directory Assistance).
The Problem
1) How do you register and maintain the people in a secondary Directory?
2) Does the DA even work with TOTP?
XPages to Web App Revisited: Part One - Introduction
By Paul Withers | 8/19/24 7:47 AM | Development - Notes / Domino | Added by Roberto Boccadoro
Many years ago I wrote a series of blog posts on the topic of XPages to web app. At the time my target technology was Vaadin running in an OSGi plugin on Domino HTTP server (initially) and then CrossWorlds - Daniele Vistalli’s innovative approach to use Domino data via OpenNTF Domino API on a Websphere Liberty server running as a sidecar to Domino. My experience of developing with Vaadin lagged behind the technology, because it quickly evolved not only to Java 8 (and undoubtedly beyond) but used annotations which required Servlet 3.0.
Today there are a variety of options for web application. Adjacent to Domino is Jesse Gallagher’s JakartaEE approach. Domino REST API can host applications as well. Frameworks like Angular and React have gained prominence. JSP is still seen in some places, but seems to have slipped from prominence. But after my session at Engage with Stephan Wissel, and particularly the rapid evolution of browser support over the last few years, my target is traditional web, hosted in Domino REST API’s server.
HCL Domino TOTP & Passkey authentication
By Rainer Brandl | 8/19/24 7:45 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
In a customer environment I have enabled the great working TOTP authentication. After migration the environment to Domino V14 I also enabled the Passkey authentication in the same Internet Site document.Afterwards neither TOTP authentication nor Passkey Authentication worked. A clarification of the HCL Support delivered the following information: You cannot enable both authentication types for the same internet site document !!
Route HCL Traveler mail to your internal scanner
By Remco Angioni | 8/8/24 7:28 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Companies normally scan mail only on the first Domino SMTP server, not on all servers. For HCL Traveler server, this could be a problem because your external and mobile device can be infected with ransom-ware or a virus. This way it can harm you organization. How to check all mails coming from HCL Traveler servers using your already running and active scanner?
Domino REST API Proxy Problems
By Paul Withers | 8/1/24 6:36 AM | Development - Notes / Domino | Added by Roberto Boccadoro
Earlier this week I was working with Domino REST API for a personal project and encountered what appeared to be a bug. It was a very strange issue, but one that had a simple cause that was ultimately easy to verify.
In this case, Domino REST API’s `/lists/{name}’ endpoint was resulting in unexpected results. For certain views on the server I was using, e.g. a view with a name “vwFoo” was returning expected results. But for hidden views, e.g. “(luKeys)” I was getting a 405 “Method Not ALlowed” error when accessing via Postman.
Domino RESTAPI Bug and WorkAround
By Keith Brooks | 7/31/24 6:47 AM | Development - Notes / Domino | Added by Roberto Boccadoro
This is not my usual line of thought as an Admin, but sometimes, AdminOps is better than DevOps because troubleshooting is not an exact science.
While customers over the last year or so have been asking about the HCL Domino REST API, my reply is usually something like, I can install it, but you are on your own afterward, or I point them to a Developer friend.
To be fair, HCL will help them/me with getting started or "where is/How do I" questions. But this is about the bug my client and I discovered and how to work around it.