Monday, March 15, 2010

Webmail Redirector #4 - Unable to Login Issue

I posted the other day that I was unable to login for iNotes for some unknown reason.

While that specific issue I did not test on THAT server yet, a different one has occurred and since it is all part of my session at The View conference, might as well help some poor admin pulling their hair out with what I learned, the hard way, and from ignoring my own notes in one case.

So no matter how I tried I could not login. I searched the web, I Googled till I could Google no more, IBM support toolbar probably hates me from asking so many variations of the same bad error message. Namely the infamous:
you provided an invalid user name and password

But I did not enter an invalid name or password.

Here in no specific order are what you need to do, take a deep breath, we will fix it! And if not, you know how to find me as many already have on this topic. If you have any other pointers please advise as well in the comments. Two paths for you to follow, specific users unable to login and ALL users unable to login.

If a Specific user:

1) Obvious, but check the mail file(if it is a specific user), that their administration server exists or is the proper one. In a demo environment like mine right now, it's easy to not pay attention to this. For a different but same conclusion, read this from David.

2) Replace the design on the mail file to make sure it is the correct version. Again in my demo environment I was using a slightly tainted template.

3) Check the ACL of the mail file that the user did not do something, um, user like, and change all the ACL settings.

4) Make sure the user's name is properly shown as the owner in the preferences section. (More-Preferences from the Inbox view)

5) Check the person document is correct for the server name, file location and name, etc. Mail jump, depending on how you configure it, can be, shall we say unsympathetic to your errors.

6) Change the users internet password...just in case.

When done, do a CTRL-SHIFT-F9 on the names.nsf and try again.

If no one can login:

1) Many places to check but let's start with the key databases. Did you set up the mail jump properly? Did you set up the Domino Web Services Configuration properly? Check the ACL's on both of those, set Anonymous to reader.

2) If you have many websites on the server or many services(like Traveler which is most common), check the Internet sites documents are set up for proper redirection or Override Session authentication. See this subsection from an Excellent IBM Technote, titled "Configuring IBM Lotus Notes Traveler 8.0.1.x and Domino Web Services on the same server". technote # 1298016

IBM Lotus Notes Traveler and Domino Web Access (DWA)

After Lotus Notes Traveler has been installed and configured, DWA is still functional, however with Internet Sites enabled and Single Server or Multiple Server specified for Session Authentication, the default DWA login mechanism is changed from a 401 challenge to an HTTP login form. Many devices and web clients are not equipped to handle the HTTP login form. Follow these steps to revert back to the 401 challenge.

* Once Lotus Notes Traveler is installed and configured open the Domino Administrator Client and connect to the Domino Server
* Navigate to the Configuration Tab --> Web --> Internet Sites
* Locate and open the Internet Site document entitled "IBM Lotus Notes Traveler Web" or your equivalent Internet Site document for Web (HTTP) protocol.
* Choose the Web Site button and select Create Rule.
* Enter these values for the rule:
* Description: DWA Rule (any value here is fine)
* Type of rule: Override Session Authentication
* Incoming URL pattern: /mail*

Note: Choose the URL pattern appropriate for your organization. The default URL for DWA is /mail/username.nsf so in general /mail* will work fine.
* Save and Close the rule.
* Restart the HTTP Server.

3) Check that the security sections in the Internet Sites Document shows this as well:
name and password in mailjump redirection for inotes

4) Make sure proper fully qualified name and/or hostnames or IP addresses are stored in the proper place of the Internet Site Document Basics tab under "Host names or addresses mapped to this site:"

5) This wiki page might help if you have an HTTP Authentication issue preventing people from completing their login.

6) Lastly if you did follow my previous posts and edited your login forms, try reverting it back to a basic login and see if that works.

Now I know some of you reading this are saying "Of course, who wouldn't think to do that"? The problem is not who wouldn't think of it, but who wouldn't stop to check they spelled something incorrectly or the IP/name was incorrect. Years of experience tell me all the time that what should work and doesn't is probably my fault, especially if it works everywhere else I set it up.

So the moral of the story is what you learn in a demo(or in my case what I am playing with for a demo) and what you configure in real life do not always equal perfectly. Different versions, even point releases can have major differences and while I and other bloggers, even the IBM Infocenters and wiki's, try to keep our posts up to date with changes in the software, don't rely only on what you read, your intuition will help you decide as well.

Take a vacation after this, you'll need it.