Thursday, April 2, 2009

SnTT - The "You Cannot Authenticate Server" Error

Finally got to write this one down

I mentioned previously about my client that lost or corrupted their certifier IDs. you can't make this stuff up can you?

So way back when they had some person create their Lotus Domino infrastructure and used the name Bill & Ted as in
Adventure/Bill & Ted
for one of the server names.

Fine, not ideal, but you can work around it.

A few years later, their certifer IDs expired. And some one else came up with the brilliant idea to change the Organization name. Thus BillandTed was created.

Two problems ensued over time.
1) Not everyone was moved to the new Organization name for unknown reasons.
2) When other IDs expired, no one certified them properly or if they did they found the wrong certifier!

When we found them they warned us about this and I figured we would deal with it after the main project was completed. Well it is and we dealt with it.

One problem is you might see this error when playing with unknown certifiers:
server certificate error in Lotus Notes...NOT Domino

This threw me off the track a little. An odd message to say the least.

Searching the IBM Support toolbar I found this technote.

However, I do not agree, entirely with the recommendation. If indeed the cross certificates are bad, the ones found in the Notes/data/names.nsf fle under Advanced-Certificates then you can just delete them, hit Ctrl-shift-F9 and then start a new.

Either way you cross certify the new Organization name and if all is normal you get prompted for the cross certificate option to add it to your personal NAB.

Once we get everyone cleaned up, the CA (Certificate Authority) will be used and that should keep them out of trouble.

But wait, recent comments from the blogosphere about how in 8.5 you can not use ID Vault with the CA have come to light, see Paul Mooney's post for more details on how this all interacts.

Edited per Stepha's comments.