Domino Online Meeting Integration

Now that this has been announced publicly at NCUG, btw congrats Hogne for setting up a very useful event, I can talk about DOMI. Me and other Ambassadors have tested it in the last weeks but we were under NDA so we couldn’t share our thoughts.

My fellow Ambassador Cormac Mc Carthy has already done a post on this topic, so here I want to tell something about the configuration.

There is a difference between Sametime and the other online meeting providers you can use with DOMI, i.e. for Sametime you have to edit a Shared Library to tell the url of your Sametime server.

Fire up the Domino designer and open DOMI.nsf. Go into Code -> Script Libraries and edit domiConstantsBE

In there find the string g_DOMI_ROOTURL_SAMETIMEMEETINGS and put inside the two / the url of your sametime meeting server

That’s all. For the other online meeting providers there is nothing to configure, HCL did a wonderful job and everything works out of the box.

Now install DOMI on your mail template, to do so just open the DOMI database and click Install DOMI

Then upgrade the design of your mailfile with the updated template.

That’s it. 5 minutes max to do everything.

How do you use it ? First of all there is a thing to say. Each user must set up the integration using his credentials to get his own token from the providers, so this is not something you do once on the server for all the users. Every user has to create his own meeting credentials. Second important thing is that not all the providers accept free accounts: I set it up with Sametime, Teams and WebEx without problems, but for GoTo Meeting and Zoom you must have a paid account, else it will not work. Their decision, not HCL fault.

Open your mailfile and go in the Calendar. Click on “create” and you will see a new voice

You will see this form

Select you provider, in my example it is WebEx, and click on “Get OAuth Token”. You will be redirected to the provider site and once you authenticate you will see this page with the token. Simply click on the “Copy” button, you don’t have to write it down.

Note: If you use Sametime you will see a slightly different form

It does not use OAuth, but gets directly a token from the Sametime server.

Now go back in your Notes client and click the “paste” button in the Meeting Credentials form.

All of your tokens and credentials can be seen in the “Online Meeting Credentials” view

Now you can schedule, and modify and delete, online meetings with the provider of your choice from the Notes client.

Follow up to the OpenNTF webinar on Domino administration best practices

During the webinar me and Heather ran out of time so we did not have time to talk about all the points that are highlighted in the slides.
Here are some details on those point that we did not cover

Program Documents
Program Documents provide a method for scheduling server tasks to run at a scheduled time/day.  A common usage is for proactive database maintenance.  Prior to release 9, program documents would typically be created to run the fixup and compact tasks against databases.  Release 9 includes the Database Management Task, DBMT, which does the following.

  • runs copy-style compact operations
  • purges deletion stubs
  • expires soft deleted entries
  • updates views
  • reorganizes folders
  • merges full-text indexes
  • updates unread lists
  • ensures that critical views are created for failover
  • System databases are not compacted
  • -compactThreads 8 -updallThreads 8 -range 2:00AM 7:00AM -compactNdays 5 -force 1
  • Remove ServerTasksAt2=Updall

To run DBMT via a program document, create a new one to run DBMT at server startup.  For the command line enter information that includes the number of compact threads, updall threads, time range for running updall and compact, number of days to wait unil running compact and day of the week to run fixup against databases that cannot be compacted.  For example, the following loads 8 compact and updall threads, runs the tasks between the hours of 2 – 7 AM , waits 5 days to run compact and runs fixup on Sundays.

-compactThreads 8 -updallThreads 8 -range 2:00AM 7:00AM -compactNdays 5 -force 1

Additionally, you will want to remove ServerTasksAt2=Updall from the server’s notes.ini.  Also, because the compact is a copy style compact set the ini parameter MailFileDisableCompactAbort=1.  This will cause the router to be compact aware, holding emails until compact finishes running against a mail database.

It is important to note that the DBMT tool does not run compact against the following databases.

  • names.nsf
  • log.nsf
  • admin4.nsf
  • ddm.nsf
  • lndfr.nsf
  • events4.nsf
  • statrep.nsf
  • dbdirman.nsf
  • dircat.nsf
  • clubusy.nsf
  • domlog.nsf
  • cldbdir.nsf
  • busytime.nsf
  • catalog.nsf
  • daoscat.nsf
  • mtdata/mtstore.nsf

Hence, it is recommended that the administrator creates a program document to run compact -B once a week to compact these databases.

Domino Certificate Authority

In many Domino environments the certifier ID that is used to register, rename and recertify users is stored in the Notes\Data folder of the administrator’s computer.  However, this approach has risks for the ID could potentially be stolen if someone gains access to the device or lost if the device is impaired.  Further, if the administrator decides to delegate these tasks to another entity, such as the help desk, then the certifier and its password have to be shared.

Hence, it is recommended that a Domino Certificate Authority be created.  From the administrator client’s configuration tab select Tools – Certificate – Migrate Certifier and follow the on screen prompts.  As a result, an ICL database will be created.  Now, the people you specify can perform user registrations, renames and recertifications without having physical access to the certifier ID nor do they need to know the password.

In addition, the CA task should be added to the ServerTasks lin of the server’s notes.ini.

ID Vault

Introduced with 8.5, the ID Vault provides a method for securely storing Notes IDs.  Further, as ID passwords are changed and as users are renamed and recertified, the ID in the Vault is updated.  The ID Vault is a core component of the Domino security model, is required for Verse on Premises and in Domino 12 will be automatically configured if one does not already exist.  Hence, if you do not have an ID Vault today then create one.

To create an ID Vault go to the Configuration tab of the administration client, select Tools – ID Vaults – Create and follow the on screen prompts.  An ID Vault will be created in the IBM_ID_Vault folder and a Vault ID will be generated.  It is important that you backup the Vault ID and its password.  Additionally, the ID Vault should be replicated to other servers using Tools – ID Vaults – Manage.

Now, users you assign to the vault and new users created will have their Notes ID added to the Vault.  From here the ID can be accessed for web authentication, downloaded as part of the Notes client set up and recovered when a password or ID is lost.

Policies and Settings Documents

Policies and settings documents provide several configuration options for managing the Notes and Domino infrastructure.  Hence, it is important that the administrator create policies and subsequent settings document.  To better understand policy types, hierarchy and settings documents reference the HCL Domino documentation.

Domino Server Monitoring

Like any system, Domino servers require monitoring in order to ensure they are optimally performing and hopefully detect problems before they cause service interruptions.  Natively included, Domino Domain Monitoring allows an administrator to view and manage server events.  In the events4.nsf database DDM probes and event handlers are created and managed.  These drive what is monitored on the Domino server.  When thresholds are met, a document is created in the DDM.nsf database.  The administrator should regularly review the DDM database to be aware of new events and take corrective action.

Domino Server Maintenance

While gone are the days when scheduled system reboots were necessary to avoid memory problems, it is still necessary to have a server maintenance plan.  As discussed earlier, program documents are used to perform database maintenance.  Further, for the system databases log.nsf, domlog.nsf and a recommended practice when Domino is not running is to rename these files and allow the server to create new ones at start up.  Note: change the extension to a different value so that Domino does not attempt to manage the file, i.e. log.old.

As with any server, it is important to stay current with software offerings and operating system patches in order to avoid security problems that hackers may exploit and repair known issues.  Hence, install Domino fix packs as they become available, plan to upgrade following new releases and apply OS patches on a regular basis.  Finally, keep supporting software, such as anti virus software, up to date.

Domino: how not to send delivery failures to the internet

A customer of mine made me a request: he doesn’t want a delivery failure with the indication that the user does not exist in the Directory to be sent back when someone outside his domain sends a mail to a non-existing address.

By default this non delivery report is sent, but you can easily change the behavior of Domino.
Go in the configuration document of the server, then  Router/SMTP -> Advanced -> Controls. Hold undeliverable mail: set to enabled.

This is the explanation of that setting
Enabled – When the Router cannot deliver a message, it leaves the message in MAIL.BOX rather than generate a delivery failure report
Disabled – (default) When the Router cannot deliver a message, it generates a delivery failure report

Remembering Nathan

Please join OpenNTF at an open online gathering to remember our co-founder and friend, Nathan T. Freeman.

We will host an open GoToMeeting for everyone in the Community to join and share their memories of Nathan, this coming Friday, from 1:00 – 2:00 PM EDT. You may use this link to join the meeting:

Sametime Proxy 11.5IF1 issues with iNotes integration

I updated the Sametime Proxy server 11.5 to IF1 for a customer, and the integration with iNotes broke.
When a user tried to start a chat with another user he received an error

I searched about this and I found some references to the Tomcat settings
org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH and org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH
looks like by default are set to false and this is the cause of the error. The URL you see in the image should be converted to without the trailing part with the user name, but it doesn’t.

To resolve the issue edit the file in the sametimeproxy/conf directory and at the bottom add those two lines


Restart the Proxy server and the chat works from iNotes.

Update to Sametime embedded client in Notes 12

I received the following from Sametime Dev:

When Notes 12 ships officially, it will no longer be 122C – we’ll update our clientID listing when that ships to the official one. It will be 122C until then.

So if you allow this client in sametime.ini now, you will need to change the value when Notes 12 goes GA.

Sametime embedded client in Notes 12 beta

The Sametime embedded client in Notes 12 beta has a new client ID. Is 122C, so you have to add it in sametime.ini, on your Community server, in the allowed clients types if you want to use it

Please, see this post for an update

Sametime Chat Verse | iNotes integration stops working after upgrade to 11.5

I updated a customer Sametime server from 11.0 to 11.5 and the integration of iNotes and Verse on Premises with Sametime stopped working.
I asked if anyone has seen this happen and my fellow HCL Ambassador Mathieu Fabien pointed me to a HCL technote, here, that explain what the problem is due to and gives the solution.

Update Traveler before March 31 2021 if you use Apple devices

Apple will not support the legacy protocols used by APNS starting March31, but will only use HTTP/2 API.
This means that if you use an old version of Traveler push notifications will stop working after that date.
The solution is to upgrade to Traveler 11.0.1 or later

You can see all the details in this Technote