Dennis' Domino Blog

Disabling HTTP methods

  08/30/13 08:49, by dennisvr, Categories: Administration, IBM, Lotus, security
For those being involved in security scans, you will probably know that they complain about TRACE and OPTIONS methods.
You can disable those quite easily in your Internet site documents, but some products (Traveler,Sametime) don't officially support those.
This Technote #21201202 explains how to do it for those products.
1 comment »

New feature in Domino 9: Lotusscript method warnings

  04/30/13 15:58, by dennisvr, Categories: Administration, IBM, Lotus, Development

The Domino server now warns (on the console and in the console.log) if you are using methods that could cause instability.

Time to kick that developer (in this case: me ;-) )
[0954:0002-02DC] **************************
[0954:0002-02DC] *** You are using LSI_INFO in LotusScript which is an undocumented feature
only used in a controlled environment, and is unsupported
[0954:0002-02DC] *** Please use a GetThreadInfo variation of the LSI_INFO functionality if available
[0954:0002-02DC] **************************
[0954:0002-02DC] *** Agent :   xxx
[0954:0002-02DC] *** DB    :   xxx
[0954:0002-02DC] **************************
[0954:0002-02DC] *** You are using LSI_INFO in LotusScript which is an undocumented feature 
only used in a controlled environment, and is unsupported
[0954:0002-02DC] ********************
[0954:0002-02DC] *** LSI_INFO(14) was found and is known to cause memory corruption, 
leading to server instability.  Please remove all uses of this from your application.
[0954:0002-02DC] ********************
[0954:0002-02DC] **************************
[0954:0002-02DC] *** Agent :   xxx
[0954:0002-02DC] *** DB    :   xxx
[0954:0002-02DC] **************************

Sametime meeting (Classic Community server) and Java.

  03/29/13 09:20, by dennisvr, Categories: Administration, IBM, Lotus, Sametime
It seems that the more recent versions of Java break the browser based meetingroom in ST Community servers.

Follow this technote #21615334 to resolve the issue.

IBM Lotus Notes Traveler Open-Redirection and Cross Site Scripting Vulnerabilities

  10/05/12 11:13, by dennisvr, Categories: Administration, IBM, security, Traveler
IBM Lotus Notes Traveler is prone to an open-redirection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Attackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, and conduct phishing attacks. Other attacks may also be possible.

Versions prior to IBM Lotus Notes Traveler 8.5.3 Fix Pack 2 are vulnerable.

Read more here: SecurityFocus

*tap* *tap* is this thing on?

  09/14/12 08:30, by dennisvr, Categories: Personal, General
Yes, this is another one of those "I'm not dead" posts, but hey, I'm not dead. It's just that life & work got in the way of this blog.
Now that the darker day's are coming upon us, I plan to complete my Installing Domino from scratch-series. Any remarks on the current chapters or future chapters is very welcome and will be used.

So for now some more silence, but expect updates over the coming weeks.
2 comments »

Finding deprecated/obsolete Notes.ini entries on servers

  05/24/12 11:28, by dennisvr, Categories: Administration, IBM, Lotus
A small thing I wrote, so I didn't have to search all notes.ini's manually.
(You can use DCT, but I like my scripting ;) )
It has a keywords document, so you can add/remove entries as you please. Put a replica on the servers you are interested in, and run it.



Keyword document:


notes.ini:


analysed:


Download:
notesini.ntf

Module 4: Installing Lotus Notes Admin/Designer Client

  05/09/12 11:44, by dennisvr, Categories: Administration, IBM, Lotus, article

Module 4: Installing Lotus Notes Admin/Designer Client



We've now setup our first server and now we need to install one of 3 versions of Lotus Notes clients. IBM kept it "simple".
  1. IBM Lotus Notes Basic Classic "Lightweight" client
  2. IBM Lotus Notes "new" fully functional Eclipse based client
  3. IBM Lotus Notes Designer/Admin client Same as previous, but with possibilities to install Admin/Designer functionalities.
More information about this here. We have to download the following file:
Admin Designer client

Before we go to install the Lotus Notes Admin/Designer client, let's stop the Domino server. Enter the Command quit in the Domino Console screen, and press Send.
Shutdown Domino Server
Wait for the text "Server shutdown completed" to appear.
Shutdown Domino Server Completed
Now exit the Domino Console screen, checking the "Also stop server controller and server testsetup/TST".
Close Domino Console
Now we can install the Lotus Notes Admin/Designer client. Doubleclick the executable, accept the UAC
UAC
Unpack files
After the unpack is complete, the actual installation is started
Installation
License Agreement
install path
Accept the default path for now (remember, we are not supposed to install it on the server anyway ;-) )
Install options
Make sure you check the items as I just did. You do not want Symphony on a server.
Notes defaults
Accept the defaults, now the install starts. This can take a while.
Completed
Now the install has been completed, let's start the server first (start the service or double click the icon on the desktop). When the server's running (check via the Lotus Domino Console), start Lotus Notes so we can fill in the details.
clients
Double click the Lotus Notes icon. You'll get prompted by the configuration wizard.
First run Notes client
User details
Enter your Admin name + servername here.
Password prompt
Enter your password.
Additional options
Accept the defaults and click Finish.
Notes Client
Congratulations, you've now installed your first Lotus Notes client. In the next chapter we'll explain the usage of the 3 clients, and get into administration for our server/users.
3 comments »

Module 3: First run configuration

  05/09/12 11:38, by dennisvr, Categories: Administration, IBM, Lotus, article

Module 3: First run configuration



Now that the installation has been completed, we are going to get ready to start Lotus Domino for the first time. On the Desktop of the server you now see 2 icons. 1 is the actual server, the other is the management console. We start by starting the Domino Server.
First run
When you click that, you'll get the following prompt (UAC):
UAC
You now get the Domino Server setup screen. Click Next to advance.
Domino Server Setup
The next screen allows for 2 choices:
  • Setup the first server or a standalone server This option is used for your first server, to begin building you Domino environment. If you reinstall the first server, also choose this option, and provide the "existing" ID files.
  • Setup an additional server You'll use this option when installing a 2nd/3rd etc server in your Domino environment.
We choose to "Setup the first server or a standalone server". Click next to continue.
first/additional
In this screen we have to enter a name for our server. In this case we are going for something generic like "testsetup", which is fine for now. Name your servers to integrate with your current naming conventions. Domino server and usernames are built using a Hierarchical structure. So this server is going to be named testsetup/<name>. The <name> part will be filled in later. Click next to continue.
Naming
This screen is one of the most important screens in configuring a Notes/Domino environment. As I explained in the previous step, the names are Hierarchical, and here is where you define the "Organization" part of the name. all names will be under this "Organization". Also this will give you a file (cert.id) and the password you enter here. Keep this password + ID very safe. It's the most important part of your future empire!
Organization
The next screen will prompt you for the Domino Domain Name. Common practice is that you use the Organization part for this, but it can been random. Click Next to continue.
Domino Domain Name
In this screen we'll register an administator account. Please make this a "unique" name, but not your own! Doctor Notes is an example IBM uses in their documentation, but anything goes.
We'll also save a local copy of this ID file, as we will use that later on. Click Next to continue.
Register Administrator
The next screen allows us to enable/disable various services we want to load on our server. We'll uncheck all for now and click Customize. Internet Services
Here you can see the variety of tasks (we'll explain them later on in the series) Domino has to offer, but also shows you the ones that will be loaded with the server. For now click Cancel, and continue with Next in the previous screen.
Advanced Domino services
We can configure the network settings from this screen. Make sure the hostname listed is pingable on both the server and all clients in the network. Click on customize to configure this.
Network Settings
Enter the hostname in both highlighted fields and click on Ok to close the dialog.
Network config
Click Next to advance to the next screen.
Completed network config
Accept the defaults in this screen, as it increases the standard security level.
Security Standard
Review your settings and click Setup to continue the configuration setup.
Review
Wait untill this process completes.
Installation Progress
Congratulations, the installation has now been completed. Completed
We now have 3 very important files, that are the base of a Lotus Domino environment.
  1. The Certifier ID (cert.id)
  2. The Server ID (server.id)
  3. The Administrator ID (admin.id)
These files should be kept safe at all times, as they will allow you to do all the interesting things.

Doubleclick the Lotus Domino server icon on the Desktop
First run
When you click that, you'll get the following prompt (UAC):
UAC
The following screen display's:
Services choice
We choose "Start Domino as a Windows service" and we check both checkboxes at "Always start Domino as a service at system startup" and "don't ask me again" before clicking OK.
Services choice 2
The server is now started in the background, so we doubleclick the "Lotus Domino Console" icon on the desktop. When you click that, you'll get the following prompt (UAC):
UAC
The Lotus Domino Console application let's you view the Lotus Domino server console, and allows you to type in commands directly on the server.
Domino server started
Before we shutdown the server, give it 10-15 minutes to complete the initial tasks it needs to do.
In the meantime, we'll go to the next chapter.



Next: Installing Lotus Notes Admin/Designer Client

Module 2: Installing Lotus Domino first time

  05/09/12 11:36, by dennisvr, Categories: Administration, IBM, Lotus, article

Module 2: Installing Lotus Domino first time



So, we are going to get our hands dirty now. We start by installing the Lotus Domino server. For this we will use windows 2008, instructions vary a bit per OS ofcourse. See the references for materials on installing on AS/400 or Linux. We are going to install Lotus Domino as is, without preparing. During the course of the chapters, we'll redo it the right way, but as this is just our introduction, we'll go through the steps first, without throwing you in the deep end.

THIS IS NOT THE WAY TO DO IT FOR PRODUCTION, PLAYGROUND ONLY



So for now, get yourself a Windows2008 server (can be a VM) with about 40Gb of C:\ drive, and the Lotus Domino Server software (we'll use Domino 8.5.3 for Windows 64bit, also named lotus_domino853_w64_en.exe ), and follow the install steps.

Executable
When you doubleclick the executable (rightclick + run as administrator in Windows 2008), you'll be prompted for UAC, followed by a location for the temporary files to be extracted.
UAC
Temp file location

Accept the defaults and click Next. The files are now being extracted for install.
Install wizard
The install wizard is now started. Click Next to advance to the following screen.
Read and accept
Read the EULA and accept it to advance.

Default path
Now it get's more interesting, we are going to enter the Domino server program files File path. We'll explain this in more detail, but as a general rule of thumb, never use spaces in paths. So we'll remove the default path, and put our own in place. The "partitioned server" checkmark can be discarded at this moment.
Updated path
The path where the datafiles get installed is also updated to reflect our new path. Accept the current setting and continue.
Data path
This next screen, let's you choose what kind of Domino server this will be. As there are many different license forms out there, there are 3 defaults, and a customize option.
  • Domino Utility Server: Install a Domino server that provides application services only. As we've seen in the Introduction chapter, Domino can provide Mail and Application services. This license type will only allow you Applications.

  • Domino Messaging Server: Install a Domino server that provides messaging services. This license type will only allow you Messaging.

  • Domino Enterprise Server: Install a Domino server that provides both messaging and application services. This license type also allows for clustering. We'll come back to that.

  • Customize Domino Server: This allows you to select the features you want to install.


We'll now use the "Enterprise Server" version, as this allows us to view the most of what Domino has to offer. Please make sure your entitlement allows this before you go to production. You can add/remove tasks after install. Most times, customize will be your choice, because this will allow you to install only what you need.
Install types
A screen is now displayed that shows the choices made. After this the actual install is done.
Overview
Now we wait for the installation to finish
Install progress
Congratulations, you've now succesfully installed your first Lotus Domino server. Let's move on to the next chapter to actually start using it.
Install completed


  • Next: First run configuration

  • :: Next >>

    Yet another Domino/Websphere Admin blog.

    About me:
    Lotus Notes/Domino Admin
    Websphere Commerce Admin
    sceptic
    critic



    Search

      XML Feeds

    Planet Lotus

    powered by b2evolution
     

    ©2014 by Dennis van Remortel

    Contact | Help | b2evo skin by Asevo | open source blog | reseller hosting