Update to “How to tell IBM Docs version and iFixes installed”

Three years ago I published a post on how to tell the HCL Docs version and iFix installed. Some time ago I have been asked if I had a plan to update it for the most recent versions; the original post stopped at Docs 2.0 CR3 iFix003.

Here is the updated table

Docs 2.0 CR3 iFix00429
Docs 2.0 CR3 iFix00530
Docs 2.0 CR3 iFix00631
Docs 2.0 CR3 iFix00732
Docs 2.0 CR3 iFix00833
Docs 2.0 CR3 iFix00934

HCL Docs 2.0.1 has no iFixes available as of now. Below are the details for that version


“build_description” : “HCL Connections Docs 2.0.1”,
“product_name” : “HCL Connections Docs”,
“build_version” : “2.0.1”,
“build_timestamp” : “20200630-0812”



“Official answers”

I often get a request from a customer if I can give them an “official answer” say, to a request if a feature is available or not. For example recently I had such a request whether something that was doable in iNotes was doable also in Verse.

Well, the answer is “not from me”

I am a HCL Ambassador, which is a privilege and an honor, and as HCL states clearly “HCL Ambassador is a distinction that HCL awards select members of the community that are both experts in their field and are passionate about sharing their HCL knowledge with others.¬†Importantly they are not HCL employees, but their commitment to sharing their expertise has a huge impact on the HCL community.

This means that I, and the other Ambassadors, am not in the position of being able to give “official answers”. These must come from HCL. What I can do is test if that feature is working or not. But even if I find that it does, this is not absolutely an “official answer”.

What I told to my customer is that there are ways to get an official answer to a question, from HCL:

  • If you have a HCL Lab Advocate, then you should get in touch with him and ask; he/she will be able to escalate your request in HCL.
    (if you are wondering what a Lab Advocate is, then rush here https://www.hcltechsw.com/resources/client-advocacy and join the program. Is absolutely worth to do this.)
  • Ask the technical person in your region (they are called Technical Advisors) to check with Product Management. If you don’t know who he/she is, your HCL sales representative can help you.
  • Open a case with HCL Support, they will be able to give you an answer.

In case you were wondering, my customer request was about the possibility of accessing a shared calendar from Verse, and yes it works. But this is not an “official answer” ūüôā


HCL Domino on Docker Whitepaper

Together with Shrikant Jamkhandi and Aniket Salve, both from HCL, I co-authored a whitepaper that covers the installation of the HCL Domino Docker image.

You can find it here

We are already working on a new version for Domino 12, stay tuned…..


Domino Online Meeting Integration

Now that this has been announced publicly at NCUG, btw congrats Hogne for setting up a very useful event, I can talk about DOMI. Me and other Ambassadors have tested it in the last weeks but we were under NDA so we couldn’t share our thoughts.

My fellow Ambassador Cormac Mc Carthy has already done a post on this topic, so here I want to tell something about the configuration.

There is a difference between Sametime and the other online meeting providers you can use with DOMI, i.e. for Sametime you have to edit a Shared Library to tell the url of your Sametime server.

Fire up the Domino designer and open DOMI.nsf. Go into Code -> Script Libraries and edit domiConstantsBE

In there find the string g_DOMI_ROOTURL_SAMETIMEMEETINGS and put inside the two / the url of your sametime meeting server

That’s all. For the other online meeting providers there is nothing to configure, HCL did a wonderful job and everything works out of the box.

Now install DOMI on your mail template, to do so just open the DOMI database and click Install DOMI

Then upgrade the design of your mailfile with the updated template.

That’s it. 5 minutes max to do everything.

How do you use it ? First of all there is a thing to say. Each user must set up the integration using his credentials to get his own token from the providers, so this is not something you do once on the server for all the users. Every user has to create his own meeting credentials. Second important thing is that not all the providers accept free accounts: I set it up with Sametime, Teams and WebEx without problems, but for GoTo Meeting and Zoom you must have a paid account, else it will not work. Their decision, not HCL fault.

Open your mailfile and go in the Calendar. Click on “create” and you will see a new voice

You will see this form

Select you provider, in my example it is WebEx, and click on “Get OAuth Token”. You will be redirected to the provider site and once you authenticate you will see this page with the token. Simply click on the “Copy” button, you don’t have to write it down.

Note: If you use Sametime you will see a slightly different form

It does not use OAuth, but gets directly a token from the Sametime server.

Now go back in your Notes client and click the “paste” button in the Meeting Credentials form.


All of your tokens and credentials can be seen in the “Online Meeting Credentials” view

Now you can schedule, and modify and delete, online meetings with the provider of your choice from the Notes client.


Follow up to the OpenNTF webinar on Domino administration best practices

During the webinar me and Heather ran out of time so we did not have time to talk about all the points that are highlighted in the slides.
Here are some details on those point that we did not cover

Program Documents
Program Documents provide a method for scheduling server tasks to run at a scheduled time/day.  A common usage is for proactive database maintenance.  Prior to release 9, program documents would typically be created to run the fixup and compact tasks against databases.  Release 9 includes the Database Management Task, DBMT, which does the following.

  • runs copy-style compact operations
  • purges deletion stubs
  • expires soft deleted entries
  • updates views
  • reorganizes folders
  • merges full-text indexes
  • updates unread lists
  • ensures that critical views are created for failover
  • System databases are not compacted
  • -compactThreads 8 -updallThreads 8 -range 2:00AM 7:00AM -compactNdays 5 -force 1
  • Remove ServerTasksAt2=Updall

To run DBMT via a program document, create a new one to run DBMT at server startup.  For the command line enter information that includes the number of compact threads, updall threads, time range for running updall and compact, number of days to wait unil running compact and day of the week to run fixup against databases that cannot be compacted.  For example, the following loads 8 compact and updall threads, runs the tasks between the hours of 2 – 7 AM , waits 5 days to run compact and runs fixup on Sundays.

-compactThreads 8 -updallThreads 8 -range 2:00AM 7:00AM -compactNdays 5 -force 1

Additionally, you will want to remove ServerTasksAt2=Updall from the server’s notes.ini. ¬†Also, because the compact is a copy style compact set the ini parameter MailFileDisableCompactAbort=1. ¬†This will cause the router to be compact aware, holding emails until compact finishes running against a mail database.

It is important to note that the DBMT tool does not run compact against the following databases.

  • names.nsf
  • log.nsf
  • admin4.nsf
  • ddm.nsf
  • lndfr.nsf
  • events4.nsf
  • statrep.nsf
  • dbdirman.nsf
  • dircat.nsf
  • clubusy.nsf
  • domlog.nsf
  • cldbdir.nsf
  • busytime.nsf
  • catalog.nsf
  • daoscat.nsf
  • mtdata/mtstore.nsf

Hence, it is recommended that the administrator creates a program document to run compact -B once a week to compact these databases.

Domino Certificate Authority

In many Domino environments the certifier ID that is used to register, rename and recertify users is stored in the Notes\Data folder of the administrator’s computer.  However, this approach has risks for the ID could potentially be stolen if someone gains access to the device or lost if the device is impaired.  Further, if the administrator decides to delegate these tasks to another entity, such as the help desk, then the certifier and its password have to be shared.

Hence, it is recommended that a Domino Certificate Authority be created.  From the administrator client’s configuration tab select Tools – Certificate – Migrate Certifier and follow the on screen prompts.  As a result, an ICL database will be created.  Now, the people you specify can perform user registrations, renames and recertifications without having physical access to the certifier ID nor do they need to know the password.

In addition, the CA task should be added to the ServerTasks lin of the server’s notes.ini.

ID Vault

Introduced with 8.5, the ID Vault provides a method for securely storing Notes IDs.  Further, as ID passwords are changed and as users are renamed and recertified, the ID in the Vault is updated.  The ID Vault is a core component of the Domino security model, is required for Verse on Premises and in Domino 12 will be automatically configured if one does not already exist.  Hence, if you do not have an ID Vault today then create one.

To create an ID Vault go to the Configuration tab of the administration client, select Tools – ID Vaults – Create and follow the on screen prompts.  An ID Vault will be created in the IBM_ID_Vault folder and a Vault ID will be generated.  It is important that you backup the Vault ID and its password.  Additionally, the ID Vault should be replicated to other servers using Tools – ID Vaults – Manage.

Now, users you assign to the vault and new users created will have their Notes ID added to the Vault.  From here the ID can be accessed for web authentication, downloaded as part of the Notes client set up and recovered when a password or ID is lost.

Policies and Settings Documents

Policies and settings documents provide several configuration options for managing the Notes and Domino infrastructure.  Hence, it is important that the administrator create policies and subsequent settings document.  To better understand policy types, hierarchy and settings documents reference the HCL Domino documentation.

https://help.hcltechsw.com/domino/11.0.0/conf_policies_c.html


Domino Server Monitoring

Like any system, Domino servers require monitoring in order to ensure they are optimally performing and hopefully detect problems before they cause service interruptions.  Natively included, Domino Domain Monitoring allows an administrator to view and manage server events.  In the events4.nsf database DDM probes and event handlers are created and managed.  These drive what is monitored on the Domino server.  When thresholds are met, a document is created in the DDM.nsf database.  The administrator should regularly review the DDM database to be aware of new events and take corrective action.

Domino Server Maintenance

While gone are the days when scheduled system reboots were necessary to avoid memory problems, it is still necessary to have a server maintenance plan.  As discussed earlier, program documents are used to perform database maintenance.  Further, for the system databases log.nsf, domlog.nsf and mail.box a recommended practice when Domino is not running is to rename these files and allow the server to create new ones at start up.  Note: change the extension to a different value so that Domino does not attempt to manage the file, i.e. log.old.

As with any server, it is important to stay current with software offerings and operating system patches in order to avoid security problems that hackers may exploit and repair known issues.  Hence, install Domino fix packs as they become available, plan to upgrade following new releases and apply OS patches on a regular basis.  Finally, keep supporting software, such as anti virus software, up to date.


Domino: how not to send delivery failures to the internet

A customer of mine made me a request: he doesn’t want a delivery failure with the indication that the user does not exist in the Directory to be sent back when someone outside his domain sends a mail to a non-existing address.

By default this non delivery report is sent, but you can easily change the behavior of Domino.
Go in the configuration document of the server, then  Router/SMTP -> Advanced -> Controls. Hold undeliverable mail: set to enabled.

This is the explanation of that setting
Enabled – When the Router cannot deliver a message, it leaves the message in MAIL.BOX rather than generate a delivery failure report
Disabled – (default) When the Router cannot deliver a message, it generates a delivery failure report


Remembering Nathan

Please join OpenNTF at an open online gathering to remember our co-founder and friend, Nathan T. Freeman.

We will host an open GoToMeeting for everyone in the Community to join and share their memories of Nathan, this coming Friday, from 1:00 – 2:00 PM EDT. You may use this link to join the meeting: https://www.gotomeet.me/howardtlcc/nathan



Sametime Proxy 11.5IF1 issues with iNotes integration

I updated the Sametime Proxy server 11.5 to IF1 for a customer, and the integration with iNotes broke.
When a user tried to start a chat with another user he received an error

I searched about this and I found some references to the Tomcat settings
org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH and org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH
looks like by default are set to false and this is the cause of the error. The URL you see in the image should be converted to sametime.company.it:8443/chat/conversations without the trailing part with the user name, but it doesn’t.

To resolve the issue edit the catalina.properties file in the sametimeproxy/conf directory and at the bottom add those two lines

org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true

Restart the Proxy server and the chat works from iNotes.