Category: Uncategorized

In IBM Notes/Domino 9.0.1 FixPack 4 and in releases containing the fix for SPR#MKEE9TKDEM, you may see an error page with the following error message:

CLFAD0382E: The databaseName URL parameter value is not one of the allowed database names. The parameter is &databaseName=otherserver!!app.nsf.

The allowed names are configured in the option xsp.data.domino.param.databaseName.whitelist.
There has been a change in the XPages default behavior, that now requires that the allowable databaseNames be configured in a whitelist. The white list is an option that lists allowed databaseNames. Where the whitelist has not been configured, the error above will occur for remote applications (i.e., applications that are not on the current server). There is an option to revert to the previous behavior but there are security implications associated with that decision.

Read all information here

Uncategorized

A customer has one Domino cluster with 2 members on a virtualized environment (VMWare). it is not a big environment (1600 users) but after 3 months working well some thing happened and the system does not work well.

During a period of 4 hours (9 am to 13 pm) the CPU of one cluster member goes to 100% and the cluster does not send users to the another member.

I check everything possible (this server has 800 GB of mailboxes) and run some administrative commands.  I raise a PMR and sent NSD’s.

IBM told me  that the windows kernel is consuming a lot of CPU and Domino was not the cause, but this machine only run Domino.

We talk a lot about the problem an after some verification at the windows 2012 level, we saw a high disk queue lengh (between 8 and 12).

The solution:   The VMWare administrator put each disk on different LUN (We have 3:  OS, Data and Tranlog).

 Until now the machine works well and the disk queue length is bellow 1,2

Uncategorized

IBM Domino Web server configured for Webmail is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. Note that Domino servers configured for iNotes are not vulnerable to this attack.

See this link for details and how to fix it

Uncategorized

Last week two clustered servers are facing performance problems. The cpu was very high for 2 hours and the disk queue above 5,48.

During the problem the command set config UPDATE_NO_FULLTEXT=1 was issued and the cpu and disk queue decrease

To schedule the full text index i use the this TN

Uncategorized

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 SR16FP3 IF1 that is used by IBM Notes and Domino. These issues were disclosed as part of the Oracle April 2015 Critical Patch Update and are resolved by IBM Java 6 SR16FP3 IF2.

Get the complete information and fixes here

Uncategorized

On April IBM stop the updates for IBM Knowledge Base  (lotuskb.nsf). I use this database on a daily basis. But now the beloved database was not updated anymore.

The new way to work is Google or IBM Support Portal
I like  the database.
I need offline access, some customers doesn’t allow aliens laptops on their networks.

I build a java project to update the legacy lotuskb.nsf.  

1 – I get the URLs of the support feeds
2 – Read the feeds and extract the URL’s to technotes
3 – Parse the html of the technotes and store them into the lotuskb.nsf.

I use several packages like JSOUP and JERICHO to parse and render the html. It is not perfect but i got the documents again on the lotuskb.nsf

Thanks to Nathan Freeman for the article about running Domino API on eclipse

The eclipse project is here

Uncategorized

IBM Rational Team Concert integrates task tracking, source control, and agile planning with continuous builds and a configurable process to adapt to the way you work.
Finally — everything you need to build great software, integrated seamlessly together right out of the box.

Get your 10  free license here

Uncategorized

Google are removing support for Java, and other plugins that use NPAPI, from Chrome 45, which is available in September 2015.
http://www.chromium.org/developers/npapi-deprecation

Oracle are not providing an alternative interface for Java and recommend users use a browser that does support NPAPI.
https://java.com/en/download/faq/chrome.xml


Impact to IBM Web Content Manager 8.5 customers

Customers using Chrome will not be able to use Ephox EditLive! from September onwards. It is possible to re-enable the Java plugin in Chrome before then. See the resolution section for instructions.

Impact to users of IBM Web Content Manager 8.0.0.1 and earlier

Customers using Chrome will not be able to use Ephox EditLive from September onwards.

Additionally, the import function of rich text fields, which is used to import an HTML file and it’s images from the local workstation, will no longer function on Chrome regardless of the editor used. This is applicable to all design and markup fields, including rich text elements and components as well as menu and navigator designs. A fix for this is in development and will be available for WebSphere Portal 8.0.0.1 as an iFix and in a cumulative fix (CF) when complete. This fix will not be available on versions earlier than 8.0.0.1.

Uncategorized

I follow the steps bellow to setup my IBM Traveler 9.0.1.4 to allow the IBM Verse App.

My Domino and Traveler is on the same machine using Linux.

1 – Install or upgrade the Domino server 9.0.1 FP3

2 – Install or upgrade IBM Traveler 9.0.1.4

3 – Configure Domino HTTP for SSL.  This link was very useful for self cert.

4 – I am using iPhone. The easiest way to import the self cert was sending the cert by mail and then install the cert on the iPhone.

5 – Upgrade the Domino Directory ( http://www-01.ibm.com/support/docview.wss?uid=swg21699618). The current Domino Directory Template does not have a tab for IBM Verse.

6 – Download the IBM Verse App from the store and be happy 🙂

Uncategorized

Need this kind of port today. The ssh 22 port was used on the firewall for another server. The admin publish the server using port 1234
According to man ssh:

 -p port 

Port to connect to on the remote host. This can be specified on
a per-host basis in the configuration file.

So you should be looking at:

ssh -p 1234 user@host

to connect to port 1234.

Uncategorized

Links on messages from IBM Connections contains links as https and http. The customer want’s only https links

How to set :

1 – On the DMGR profile:

./wsadmin.sh -lang jython -user admin_user_id -password admin_password

2 -Type the following on wsadmin interface

execfile(“connectionsConfig.py”)

3 – Do a checkout of LotusConnections-config.xml

LCConfigService.checkOutConfig(“/tmp/”,AdminControl.getCell())

4 – Change de following to true

forceConfidentialCommunications enabled=”false”

5 Checkin the new LotusConnections-config.xml

LCConfigService.checkInConfig()

6 – Sync and restart the nodes

Uncategorized

This week i setup Domino SSO with Windows. The customer will launch a SharePoint portal server and need a SSO with Domino Web Applications.

I follow this tutorial, the setup is very simple but some problems arrive.

The Domino server have the FQDN domino.mydomain.com.br  and the windows server  server.mydomain.com.br. The SSO doesn’t work.
I read the message  Attempt by HTTP client to authenticate using Windows NTLM security is not supported on Domino console.

After the AD administrator setup the user dominostart, he issued the command SETSPN -a HTTP/domino.mydomain.com.br dominostart.

When the user try to access a url of the domino server the browser show a logon dialog but the title of the dialog show the windows server name (server.mydomain.com.br).

I asked the AD administrator to add another SPN SETSPN -a HTTP/server.mydomain.com.br dominostart

Everything works after a Domino restart. :=)

If you want to use Chrome as your browser you need to start Chrome with arguments

/path/to/chrome --auth-server-whitelist="*.domain.com"

Uncategorized