Pages
Thursday, December 31, 2020
So, How Do I top 2020 in 2021?
Thursday, December 17, 2020
What Does It Mean To Be An HCL Ambassador
I get asked this often, as do the other 101 Ambassadors, what is an HCL Ambassador?
Every year around this time, a new class is announced for the upcoming year, as it was yesterday and I am blessed to be included in this list.
The inductees are reviewed based on the past year's efforts.
Given 2020, being an Ambassador was no easy feat, for the review committee nor the nominated individuals.
I have been an ambassador since the first year HCL took over the Lotus catalog from IBM in 2019. Before 2019, I was an IBM Champion for many years, which is a similar designation.
I have posted every year after finding out I was selected, while I try to figure out what I did, or did not, do to deserve it.
In keeping with my CI (Competitive Intelligence) activities lately, I want to try to break it down, so people understand it better.
What we are NOT:
- HCL Employees - Although, to be honest, some people have been hired by HCL after being an Ambassador and retire their status.
- Financially Backed by HCL - Everything we do is on our dime. Although HCL may still sponsor some events of their choosing, there is no "pay to play" here.
- Post Planned Content - Yes, we have information and may retweet things or post them on our blogs, but we are under no obligation.
- US Centric - In fact, there is a higher percentage of Ambassadors from outside the US. I am one of those outside the US.
- "Wait and See" type people.
What we ARE:
- Worldwide - Ambassadors come from all kinds of places. We do not always influence our own country as much as the rest worldwide. In my case, this is especially true, but I am working on it.
- Customers and Business Partners - Who better to spread the word than the people who use the products every day and sell them?
- Presentation Happy - Even in a year like 2020 with few in-person events, conferences went on, and Ambassadors spoke at many events and gave their time to various webinars and other efforts to help everyone through a tough year.
- Prolific - Ambassadors like Ales Lichtenberg or Milan Matejic seem to post things as soon as they are announced. Others post never-ending streams of information on social media sites, and still, more do podcasts, videos, Zero to Hero guides, and so much more. And in multiple languages.
- Fountains of Support - We all participate in the many HCL forums, Skype chats, Slack channels, Facebook groups, Twitter discussions, GitHub, StackOverflow, and anywhere questions pop up, one of us, if not a few of us, will try to help you. Please use HCL support too, you do pay for it.
- Realistic - We know it is not easy out there, we have all been in your shoes, and while we also bitch and moan about the same things you do, we balance it with what we can do to make things better where possible. This last point is, I believe, what tips you to becoming an Ambassador.
- Beta Freaks - While I don't have as much free time to play with everything the moment they come out, I still stay up on what is going on because you need that little ounce of extra juice sometimes for clients. Other Ambassadors are rabid Beta people, installing things as soon as they are available.
- Go the extra mile - Find ways to do more, for more people, or more products in some way, shape, or form.
2020 was my year of daily #HCLAmbassadorTips across Twitter, Facebook, and Linkedin.
I set a high bar for myself, time to think about what to do for 2021.
What will you do in 2021 so your name is on this list next December?
Congratulations to my fellow Ambassadors. I hope to see some of you sometime in 2021.
Tuesday, November 17, 2020
The Resiliency of HCL Domino and how to get Multiple SSL Certs to work with it
First, thanks go to Daniel Nashed who told me it could be done and that in R12 it will be even easier! I asked him because I thought the HCL documentation was a bit vague about if it would work as I needed.
Second thanks go to Detlev Poettgen and Ulrich Krause of the midpoints LE4D (Let's Encrypt 4 Domino) team for support while I set it up and providing the community an awesome SSL certificate tool that keeps you rolling SSL certs for free. The link includes the request form to get it.
Lots have been posted about the LE4D and for whatever reason, I had not gotten around to it.
Part of the reason is the resiliency of Domino, will get to that in a minute. But there was a technical limitation since removed in Domino 11 related to how Domino handled the SNI(Server Name Indication). Prior to R11 you can only use one SSL certificate per IP address in Domino. Since I run about a dozen domains on my server, this was not helpful, but now, it works quite well.
What I found along the way was, if HTTP is turned on, it is pretty hard to screw up a website. IP, name, old name, odd folder, missing file, Domino will still publish something. You start working backward to figure out what is going on and along the way end up with a stronger configuration. SSL troubleshooting is a little harder since we do not get specific error messages out of the server.
And this is what happened to me, but perseverance won out.
I requested the LE4D tool (link above), which is really a Domino application and I added it to my Domino 11.0FP1 Windows server.
Did I mention it is Free! As in beer, well when we are at evening events at conferences.
Before you get started, you need the ENABLE_SNI=1 added to your notes.ini on your server as explained in the HCL doc at the top of this post. The document explains that your configuration may need to be tweaked, mine did, and that you need a default web site configured or at least one web site with an IP address configured to use as a starting point. More on this later.
NOTE: On IBM i, SNI is supported natively on IBM i enabled for SSL Plus for HTTP and not for System SSL API.
You can follow directions in their PDF so I won't waste time on those, but the guide provided expects you to know a few things which I will itemize below in case the LE4D teams want to update their help doc.
NOTE: Domino 901FP8 or newer is required due to a reliance on JVM 1.8. Also, if not running on R10 or R11 you will need the KYRTOOL file and the pdf helps you to get it.
Almost everything is built into the application, even a run and sign button so you can do everything from within the LE4D application.
While it is possible to create one settings document for all your domains, I found it better to create one for each domain. It makes troubleshooting easier, but more importantly, because I leverage separate folders for each domain, it allows me to customize the HTML HOME DIRECTORY field which became a problem.
The Let's Encrypt hash codes and certificates need a place to go under the domain so it can be updated automatically, but also to preserve each domain's specific certificates. Otherwise, as I saw, all my domains ended up using the same cert which would not work in the real world, although fine in testing/staging servers.
Also, if you have multiple domains, you need to name the KEYFILE NAME field something different for each, or else all your certs will get written over and that helps no one.
Once you have filled in the setting document, they provide an example in the PDF, save the document. Then enable it so it can run.
I did not have to do the IKEYMAN part on page 7 of the PDF which may be for prior to R10 servers or Linux, not sure.
Set up the automated process to run the program document to keep your server automatically SSL up to date.
You can manually run the agent from their database from the button in the top right corner.
There is an agent log at the bottom of each setting document which helps to troubleshoot it as well.
I found that when I clicked on Run the client would hang for about 2 minutes while it ran and then would come back and either had worked or failed.
Now, this is where Domino was stubborn or resilient, depends on how you view it.
I could not get SSL to work at all. The log showed the cert was downloaded so what was wrong?
This is when I asked Daniel what I was missing and he pointed out that my DEFAULT SITE needed an IP Address. BUT when I set a default site, there was no way to add the IP Address. Seemed odd to me, so I worked backward.
In my case, the default site is Traveler as it is not going away, even if some other domains get retired.
A second auto-generated internet site document is created and that one gets the IP address. You also need to add the correct SSL to this 2nd document so your Traveler devices can connect.
The next thing I had to do was manually add the correct Key File Name SSLFILE.KYR file in the security tab under each domain's Internet Sites document. And then run HTTP Refresh at the server console.
And then it worked. Prior to fixing it all, HTTP worked fine and SSL thought it worked but really just errored out or said I was using a different domains certificate. Domino is pretty resilient to keep going even though parts were wrong.
2 domains I had to try a few times, maybe it was network issues, but eventually, all got done and updated. I had some typos and used the wrong http folder name in one case, but if you have patience you can find all your mistakes and fix them like I did.
Thursday, October 29, 2020
Our Collabsphere Session about O365 from the viewpoint of an Admin and a User
Hogne Pettersen and I gave this session today at Collabpshere.
It is a mix of good, bad, bewildering, and impressive views about the whole O365 story, solution, and parts within it.
We could spend all day discussing this and are happy to do so if anyone wishes to ask for our help.
For more details, follow us on our Twitter accounts at @LotusEvangelist and @NordicCUG
My Collabsphere Session on More Efficiently Working From Home with HCL Products
While my session had a small group of attendees given the great sessions I was up against, the beauty of an online conference is everyone can catch other sessions afterward.
It was great to be a part of MWLUG again now known as Collabpshere.
Monday, October 5, 2020
Will 2021 Include You? Or me? As HCL Ambassadors
Please, in this time of need, I and the other HCL Ambassadors are asking you to stretch out your typing hand and give us one more effort.Hear Ye, Hear Ye. Whether tis nobler to be nominated, or self nominated matters not. What matters is ye help each other and recognize the lord, or ladyship that helped the most over the last year or so. So it is written, so it shall be done. #Dominoforever https://bit.ly/33uANFQ
— Keith Brooks (@LotusEvangelist) October 1, 2020
No Zoom is required. Honest.
It has been a tough year for everyone, we lost 2 uncles, many people lost other relatives, friends lost jobs, companies closed, and yet, here we are, knocking on 2021 to let us be an HCL Ambassador.
What do we do, when we can't see people? When we can't speak at conferences in person? When we can barely get on a plane (where I am we are locked down, again).
Ambassadors go above and beyond their day jobs to do some of the following:
- Bring light into the darkness when involved in competitive discussions
- Save servers and applications from the misguided hands of users
- Run online user group meetings with
Zoom?No, Sametime Meetings! - They come up with ideas to help HCL get the word out better or offer up training ideas or just hold "open office" time to let people ask questions.
- Write some tips, hint follow #HCLAmbassadorTips on Linkedin, Facebook, and Twitter
- Produce some videos about solutions and products
- Blog, tweet, or podcast not only in their native language, I did 3 languages this year, but many Ambassadors speak multiple languages, and they are awesome beyond imagination
- Dream up ideas for "what if we could...."
- Spent WAY too much time, unfortunately, saving many of us, and many of us saving our customers with their help, from the
ahemCloud divorce in July, I owe a few people drinks, if we ever get together again - Answer questions in Slack, Skype, Twitter, Linkedin, Facebook, HCL forums, and numerous other places and are not satisfied until some resolution is found
- Help each other, to better help YOU our customers, after all, we are all global and some of us stretch most of the earth in our workday
Sunday, October 4, 2020
Skills Sunday: Traveler problems since 11.06 iOS Came Out? Help is here
Note: Edited October 6th with more details, see the end of the post.
Hello everyone, I know I don't blog so much about technical items, I have moved away from much of it towards product marketing and specifically CI, Competitive Intelligence.
But I have a few clients still that I help and this came up this week and as people posted in FB and other places about it, figured I should help the greater community.
If you have iPhone users already on Traveler, this is not needed for you....yet. These people are all fine, for now, and even using 11.06 because until it is a fresh uninstall and install, it relies on the "older" authentication method.
If you have a person who got a new phone in the last week, or maybe was a new onboard, then you were probably hit by the Traveler is not working problem.
I do not believe it matters which version of Domino or Traveler you run on the server-side. Of course, you should be on the latest version of Traveler, 11.01 Fix Pack 1 which happens to also run on Domino 10.x, not just R11.
The real problem is on Sept 29/30 release 11.05 was removed from the Apple App Store and was replaced by 11.06.
No big deal, right, apps get updated all the time.
BUT
Not so fast.
HCL slipped in something which only was posted 2 days before the update. Take a look at this technote which in its own words, was posted 6(!?) days ago.
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0082562&sys_kb_id=792782151be7d8d0beab64e6ec4bcbffStarting with HCL Verse iOS 11.0.6, support was added for Certificate Based Authentication. There is currently only one mode supported: the server (or access gateway) requires the client device to provide a certificate only. Requiring a certificate and userid/password is not supported. Additionally, this version of the client does not alternatively support basic authentication in the event the certificate-based authentication fails.
Ok, like any other admin I figured I would follow the paper trail of tech notes which would tell me what to do to fix this.
NOTE: NOTHING in the above technote is helpful, aside from the paragraph quoted.
Now I go searching on this Certificate Based Authentication and 11.06 I find this great session from my friend Milan Matejic (go follow him on Twitter, @Milan_Matejic90) which he gave at the last Engage conference before the whole pandemic started. His slides are here, and a video too and he provides a great example and way to create and merge this certificate.
BUT this is overkill, at least it was for my client.
So try the override option below first, then if not working, go back to Milan's.
The other thing you may find is this Admin Documentation:
https://help.hcltechsw.com/traveler/11.0.0/Android_CBA.html
This includes a freshly added Note, with the article at the end of it, the first technote up above! So circular guidance, please HCL Documentation team fix this:
Note: Starting with HCL Verse 11.0.6 for iOS, limited support was added for Certificate Based Authentcation. For more information, see this article.
What you really want, is the technote below, that HCL support sent me after I was trying to figure out what was going on, this worked for my client very easily.
How to OVERRIDE form-based login for the /traveler URL:
https://help.hcltechsw.com/traveler/11.0.0/httpauthentication.html
Along the way, we figured out the client also changed their notes redirector and renamed the SSL kyr file so the steps we followed caused more oddities, but I fixed those and now can log in fine. So check everything along the way.
The question is which is the right way to go? Should we follow Milan's session or do this override? I am still digging into it but feel free to comment and let me know what you think, and if this helped you, let me know too.
Oct 6 Update: After discussions with HCL, they will be updating the documentation to be clearer about the changes and what is required.
You can continue to log in with just name/password, if you follow the overriding guide(the one that worked for me).
What they were trying to say is IF you needed or wanted the client certification (which is different from an SSL certificate and also NOT your notes id file) then you would have to follow the other links and possibly use Milan's session as your guide and that down the road it may be preferable.
Remember this is ONLY a client-side change, nothing changed in how the server works as the server is flexible, which is why we love Domino.
Sunday, August 9, 2020
Want to pass along what we do to the next generation?
Sunday, August 2, 2020
What can I say, Spinal Tap Edition day at #HCLAmbassadorTips
Tuesday, March 3, 2020
Domino Administration Wizardry - Dark Arts Edition
Tuesday, January 21, 2020
Will I See You at Engage for my Session?
Wednesday, January 1, 2020
One HCL Master's Plans for 2020
I am very honored to be part of the 1st full class of Masters.
For me, it was a slow/low year especially the last quarter due to losing my grandfather and having to back out of Soccnx/Let'sConnect Munich at the last minute. I know, I say this every year, but I wonder, with 100s of people out there being nominated, was I really deserving? Why were the others not more deserving? Surely some of them deserved it too. If you were nominated and did not make it, I am happy to try to help you get it next year. Once, we were all in your shoes but we all took that giant leap.
Without knowing the judging committee, I can presume some brand awareness for me for all these years, and maybe I was #101, but like the old joke, what do you call a person that finishes last of his class? A graduate, maybe that was me this time, #101.
So, for 2020, I am doing something substantive, so at least I can feel like I am repaying HCL's belief in me, from my past, to help the future. This plan involves quite an effort upfront, but I think, if others joined me in doing it as well, we could gather some serious awareness back to the products we love, even the one they refuse to mention as if it was Voldemort reborn.
Remember when we used to blog every day? Yeah, me too. But we float in and out of various social worlds, crowds, friends and time is accelerating as we get older.
With this in mind, I am in the process of setting myself up to be able to push out a new tip, hint, idea, download or benefit for users, admins, and if it is possible in such small textual epistles, devs.
Every day of the week.
Every day of this year, all 366 days of it.
Yeah, I may be off my rocker a bit, but this was one of the ideas I pushed to Richard, Andrew and a few others, and figured I should see what I can do with it.
Each day of the week has their own topic as shown below, posting times will vary so I can gauge interest and traction plus different social media places require different formats so I will start with Twitter and then Linkedin, from there will see which way to go:
- Monday - Domino
- Tuesday - Sametime
- Wednesday - Clients
- Thursday - Traveler
- Friday - Fonts (UI/UX but that doesn't start with an F), Folders and Files tips
- Saturday - Weekend tips for admins and users
- Sunday - Fun stuff day. Why post on Sundays? Because in the Pacific Rim it is a work day already, as it is in Israel where I reside these last 5 years.