HCL Domino 14.5, Fix your iNotes Redirector for Verse

By now, if you have updated your Domino server and relied on iNotes, you have found that it no longer works.

HCL was clear about this, and there is no workaround, so if you want iNotes and not Verse, better keep a server on 14.0 and point everyone there.

For the rest of us that move forward with the times, we will have seen that logging into the iNotes URL gets you to a pop-up which looks like this:

It states that iNotes is no longer available, and you need to open HCL Verse. If you click on the link, it directs you straight to Verse.

The URL for verse is something like https://companyname.com/verse, and you change your bookmark, but that doesn't work exactly. When you hit that URL, you will get the framework of Verse but this message:

So, you try the manual way, https;//companyname.com/mail/brooks.nsf, and that lets you in, via the 1st pop-up as above..

The next morning, you open your browser, and the /verse URL is not working with the same error about recent contacts.

What is going on here?

iNotes required the iNotes redirector. Well, there is no new redirector, but it did get renamed to Verse redirector(same template name), but it does include some options you probably hadn't considered, and this is how you resolve the problem.

If you haven't changed any settings in a while, now is a great time to update them. The redirector has been updated periodically along the way.

These are the ones to change or review:

Server Settings Button:

Do you wish to force SSL for the entire session? Yes

UI Setup Button:

Your company logo should be there, so your users know it is a legitimate site.

Enable Personal Options: Set to No, they were really about iNotes anyway.

Enable HCL Verse: Yes, you need this now.

Enable SAML options: If you use SAML, enable this option, which displays a secondary option for the Default Mail Application. Select Verse.

When you have finished all your changes, click Save & Exit and then test to ensure everything works properly.

And no more weird error messages about recent contacts.

This tech doc can help those who want more details: https://help.hcl-software.com/verse_onprem/2.0.0/admin/vop_configuring_server.html

Update June 30: I found that I now see this error the next morning.

Googler search shows up this Technote: https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0089441

Which leads to this: https://help.hcl-software.com/verse_onprem/3.1/admin/vop_configuring_server.html

Step 19 is what you want.

Which leads to this: https://help.hcl-software.com/domino/12.0.0/admin/secu_creating_the_credential_store_application_on_a_single_domino_server_t.html

In my case, I already had a credstore created, and this new key would not get added to that credstore.

I went back to the original technote, vop_configuring_server, and added a new entry in my domcfg for DWA, but that now redirects me to a different domain on my server, which has TOTP.

Also verified that the 'inotes/verse' tab in the configuration document met the proper configuration as per the document.

As it turns out, my secondary domain was set for SAML instead of single server in my Internet Site document, Domino Web Engine tab. Probably because I was testing something. Changing that back to single server now allows me to log in correctly with https://companyname.com/verse. With my erse redirectpr in place and everything now correct.

What was my session about at Engage? Money and your Job

It was a cathartic, contrarian approach to our current situation, in which we, the admins, developers, and business partners, are supporting our Domino worlds.

I wish this were all in my head. But every single person in the room for my session at Engage was nodding their head at some point and others had very serious faces when confronted with my thoughts. The couple of people that talked with me afterwards were very happy they came to it. After all they gave up the Domino IQ roundtable for my session.

 

How did we get here?

 

The road that got us here is not the road that will get us out of here.

But enough cliché’s let’s be realistic.

We put ourselves in this situation.

Some items to think about:

(Almost) Every time we had a chance to ask for a budget, we failed.

We got what we needed, but this is not what an Enterprise solution desires, deserves, or requires.

We are selling our environments short if we only ask for licensing money, salaries, and some equipment. Way too short.

If your annual budget request does not include enough money that a respected enterprise solution requires, your request will not go up to the budget committee. Each company sets these meetings at various levels. Enterprise ready products have a staggeringly large annual budget, because that is how you know what is important. Or so the executives believe.

Maybe you think this is too much for “your team”.

Here is a little secret: Security budget money usually does not come from your team. It comes from the security budget. Leverage that every year.

Your environment needs to maintain perpetual security, which includes external and internal resources, people, apps, disaster recovery, development architectures, and more.

Everything you do in your Domino environment is for the company's greater good, and extending easier, faster processes for everyone, in a secure and meaningful way, needs to be backed by a secure environment.

I am not talking about 10k, 5k, or even 50k. You probably need to be asking for at least 100/250 or 500K to get to the budget executive committee. These days, maybe starting at a million. This is obviously relative to your situation and industry.

Some of you reading now might think I am out of my mind, but I am just a contrarian who has learned from 30 years of mistakes.

Maybe licensing is handled by a different group, so you didn’t need to ask for a budget. This also happens.

Once you stop asking for a budget, you don’t get invited to ask for one in the future. You mysteriously get left off the group email, or worse, your boss stops asking you about it. It is very hard to get back on the budget list. VERY HARD. 

For those who say, "No, we submit a budget," my question is, do they take it seriously, and do you get funding beyond the licensing basics?

Developers, you fall under this spell as well.

How many times have you said (as an employee), "Oh, I can put something together. Give me a few days or a week or two." Every time you did this but did not chargeback some business units' code or lay out the process and document why the app is needed and what it does for the company, you have also failed your Domino infrastructure.

If you were an outside vendor, you would have a project plan and bill X amount of hours or a total cost.

But you think that as an employee, you can’t do that, and you are wrong.

Everything goes to a cost center somewhere.

The group you are writing this for should be paying your team some of their budget.

But I bet few of you have done this.

While internal cost centers are a BS accounting move, they do work with your budget, so play ball by their rules, not the ones in your head.

Fear of Unemployment

I understand your predicament. You don’t want to lose your job, and I don’t want you to, either. However, no one has ever been fired for asking for budget money. A raise is a different matter.

For some reason, employees started to think they would get punished if they asked for the budget. You don’t get everything, but have you budgeted for the 2-8 various updates (now multiply by how many servers you have) you may need to do all year for your Domino environment? That number gets large fast, especially if you assign a value to it.

Why assign a value?

Because you should be clawing back money from every cost center. Again, internal budget money matters. Think about your budget if you had been "paid back" by the other cost centers.

When Lotusphere/Connect/Connected existed, you had to beg your company to go sometimes. How many of you went to the HCL Factory Tours? I hope you all knew they did these. If not, why not? You should all have been at them.

Did you think you would get fired for asking to go?

No, usually, the fear is to do anything that will get Domino seen inside your company. The CIO may demand someone's head for saying the D word, or your boss gets pushback for the old software. Whatever the reason, I understand, but keep in mind, you are not helping yourself in the long run because you aren't giving your company any reason to stick with Domino. 

I also blame the HCL sales rep at this point because they should be talking to you regularly by phone, email, WhatsApp, SMS, X, TikTok, set up an Ai auto message, whatever, I don't care, but they need to be on your side and not just "we have a webinar" or licensing renewal times. 

To be fair to the HCL rep, they do what makes them money first before anything else, but if they don't want to lose customers, they could be more proactive, so could most of us, that's all I will say here.

Money is everything, and you don’t understand what money means.

Money means one thing to you, but it is totally different to executives. 

You think asking for 10k is too much when the executive deals with million-dollar deals.

I am not saying deals don’t get lost because of price; that does happen. However, when properly laid out and defined, a solution for your company is not a 25k over-the-weekend app. If you want the executives to take it seriously, it is a 500k project or equivalent for your organization.

They will take it even more seriously if you can show that the new app either helps make money or manages some part, if not all, of your company's manufacturing, selling, marketing, or finance. 

Do this, and you can ask for even more money.

I am not talking about fake ROI projections of “time saved,” but real money tied to real work processes.

If you used your budget for licensing, what else would you ask for? I have listed what I expect to be in your budget in the spreadsheet I have uploaded for everyone. I presume you are the budget submitter; otherwise, you must bother your boss more.

Spreadsheet for download.

It includes guideline pricing, multiple items, education, conferences, T&E for these events, and other items that should be clawed back from cost centers.

It is also laid out as though you built an environment properly, and you can understand why, as you start playing with it, how the numbers multiply easily the more servers you have, and some costs also multiply. I aimed to show that all your costs after the Year 1 hardware purchases should be budgeted for you and cover your expenses.

Some of you may find this enlightening, while others may find it far from reality. I will wager that few of you even have something laid out like this, on which you are basing your budget. I hope I am wrong.

UI/UX is NOT HCL's Fault

All the BS talk about a poor UI/UX falls on your developers, now.

Older apps did have limitations, but this is not 2001 and R5, why haven't you refreshed them? Even just using Restyle would help. NOMAD web can be your friend here to reduce the web overhead to convert an app from Notes only to web, but you probably do need a nicer UI.

There are some gorgeous apps, Notes and web ones, so we know it is possible.

Again, who is to blame for this? Your app's UI/UX is not HCL’s fault.

Your executives see it as IBM/HCL's fault, but that only relates to the mail template. Your apps are your own to be creative.

Speaking of executives.....

New Executives have no idea what Domino does for your company

Because NO ONE has told them.

In this situation, I am talking about apps here. Mail is basically a cost of doing business. While on-premises and keeping your data inside are essential and more secure, email is a cost.

Some of you have been trapped by this “cost” term. Just because email is a cost and you are told to reduce expenses(notice they never drop new applications or revise older ones to save money), you may have been mistaken in thinking you shouldn’t ask for more money. But this, again, is what got us into this mess in the first place.

Servers do not update themselves; they can now under v14.5, but you get my point.

But apps, apps run your world, make you money, reduce paperwork (hopefully), and should be so good that no one is looking to replace them. 

Every time a new executive comes on board —and let’s face it, executives bounce between companies every 2-5 years—how have you briefed them on your Domino apps and what they do for the company, what they make for it, or what they provide that would cripple you if it suddenly stopped?

Have you? Has your HCL rep? Have you even told your rep what your apps do? Your HCL rep can't help you be that internal champion if you don't help them with what exists.

In my session, I used one of my clients as an example. They make millions of dollars a day using their Domino app worldwide inside their company. It handles everything from initial email requests for pricing and online sales to shipping, inventory, and manufacturing, tracking everything along the way. It is typical of Domino and an insanely elaborate application put together over two decades of teams of developers.

And yet, EVERY MEETING that involves leadership, I have to go to bat for my client and their app. Their internal people are too afraid to be connected to the “old server” stuff. See the above section Fear of Unemployment".

Imagine that meeting, discussing when we will move off Domino (I have been managing their environment for over 10 years or so) soon, but hearing this every year from me that it keeps them running.

They back down and then ask what is replacing it, which I suggest nothing, since it is an active and constantly changing environment, why would they replace it. Keep in mind that they only know the app by its internal name, which is how I introduce the topic, because they have zero idea it is a Domino application. But it always comes up from the Microsoft guy.

Of course, the business units say some cloud thing or an app made out of another database or workflow solution. Anything they move to would be a considerable cost, and ALL THEY WILL DO IS REWRITE WHAT THEY ALREADY HAVE, and from experience, end up with less functionality. I offer our help with whatever route they choose.

Like I said, 10 years, same meetings, every year. Many partners have similar stories, because we believe in the product, management believes in their bonus and their next salary when they move on.

This is exactly what one person in the meeting said about his situation. While he isn’t happy about the reduction in physical servers (personally I prefer less, but clustered, even when you have remote locations) he agreed that he will be there until he retires, nothing is moving that fast. 

Management has made the decision in his case, but to be fair, their environment might be faster and perform better with less overhead from the dozens of servers being consolidated.

Details matter, but for every excuse or peculiar circumstance, a completely normal one is ignored or under-budgeted until it becomes too late.

I hope my session and this blog post help you never reach that point of no return.

Conclusion

TL:DR The problem is and has been us.

I hit on other items that we all see or hear when advising clients. But almost everyone should know how to handle those by now.

If not, reach out to me. The lack of integration FUD, the “old software” line, the “lack of knowledge out there” hiring managers, and the perpetual “everyone uses <insert some other company>” lazy man excuse from someone that doesn’t want to be accountable for anything.

But we could turn this around by addressing the money issue and how we handle pricing/budgeting.

If you need help with this discussion, contact me, my fellow HCL Ambassadors, your Business Partner (or dump them for me), your HCL sales Rep/ Customer Success Manager/Customer Success Executive.

We are at a fulcrum. The cycle is coming back to in-house data from Cloud data, and now is the best time to Make Domino Great Again in your company and champion it as a proper Enterprise solution.

My IQ has gone up thanks to Engage

Engage just finished. The first one is under new management, and it is in safe hands.

I don't think I have ever seen Theo so happy with a big grin on his face the whole time. Tom and Kris did really well for their first time out. And they told us next year Engage will be in Belgium.

I had to miss last year's due to the timing and circumstances of the war at home, so it was great to talk to everyone. Thank you all for asking about the situation and the family. It means a lot.

The star attraction was Domino IQ, which adds AI to the core product. As an Admin, all I can say about this is that you will need to spend time building this out properly if you want to move beyond the basic regurgitation of your knowledge base or other internal documents. Also, IQ needs some extra hardware and configuration, so be prepared and read the what's new and requirements docs. Your developers will be busy.

It will be available starting with v14.5, which is coming out June 17! IQ is part of your license if you are under CCB Term(I believe). If you are a perpetual license org, this is your incentive to change licensing plans.

I was happy to see friends from past Engage shows, and in some cases people I hadn't seen in many years. Yes, we all got older, but we still have fun together.

There was a tease of Notes.Next but it is far from prime time ready so don't ask about it yet.

Roadmap sessions were broad with partial timelines for new items.

One thing that also stood out is the added accessibility to all the products which need to be up to certain laws soon and so that is taking over a lot of dev time.

As an Admin, I want to let everyone know to go get Cormac's slides from his session. His session was filled with great ideas and details about cleaning up your administrative items, and as he said, even old admins can learn something new, which I did about SMTP failover routing.

His blog is here, and hopefully, he will post his slides there or at the Engage website.

Lastly, the Lotus brand might return for at least one product. Or not. While this was from Richard Jefts' opening keynote, later on, other HClers implied the name may not stay.
I will leave the debate about the brand to others, as both sides of the argument have their validity.

I was also in some partner/ambassador/HCL Roundtable sessions, which I can't say much about, but there are plans that will help the partners in the long run, which in turn will help you, the customers.

I think my own session scared a lot of people, but I hope it also helped them rethink how they and their teams interact with upper management and budget committees. My slides will not be posted, and I don't publish my Competitive Intelligence info. I will probably make a second blog post about it over the weekend.

Safe travels home everyone, talk to you soon or see you, at least virtually, some time soon.

SnTT - Does TOTP Work for users in a Secondary Directory via DA

TOTP, DA, and Domino

For the last 3 years, I have worked with TOTP inside HCL Domino and customers with unique requirements.

This has provided fodder for my blog, and today, we have a new entry into the TOTP Mystical Ways of the World.

Let me state my usual caveat upfront: TOTP is about the URL, not the server, the database, or the user.

You enable TOTP for each URL you want on your server.

PSA is completed. Let's discuss the circumstances that brought me here.

Like many of our customers, a customer has a large external user community relying on their applications.

The customer has licensed this with HCL, so I am not going to get involved in that discussion. However, be warned: It is not a comfortable one if you have been relying on some old licensing options and now fall under the new ones.

We have about 7,000 external customers. Some are undoubtedly old customers, but 7,000 is a lot of people.

Previously, I wrote about how to bulk add these people into your ID Vault, and that was all fine and good where we have only one names.nsf for everyone and everything. We may have had 2-3 servers in that org.

Now, the 7,000 are in a secondary external names.nsf via DA (Directory Assistance).

The Problem

1) How do you register and maintain the people in a secondary Directory?

2) Does the DA even work with TOTP? 

The Options I See

Officially, there is only one place, and one place only, where everyone gets registered: the names.nsf.

This is not very helpful, especially given the reliance on the ID Vault for many things these days. By changing licenses, there is no way to "convert non-ID people to Notes ID people."

What do you do?

1) Copy, not replicate, the name.nsf, to extnames.nsf, move the actual names.nsf out of the way, rename extnames to names and then register everyone to it. Once done, put back the original names.nsf and off you go.

As pointed out in our Openntf.org Discord channel, the problem with this is that the user and ID would not be properly found for encryption/certification. This is a very valid point I wasn't thinking about at first. Thank you, Ulrich and Detlev.

2) register all 7,000 into the names.nsf properly, like normal. Then, manually copy the 7,000 to the extnames.nsf. Then delete, just regular delete, not Adminp delete, the 7,000 from the names.nsf.

By doing this, we preserve the user's encryption/certification, and should a name need to be renamed/edited, we can copy the user back and fix it. One could also just create a new account etc.. and remove the bad one from extnames.nsf.

3) Create a new Domain and register everyone to it and cross certify it with the existing domain. This may or may not be the answer as well, depends on circumstances.

4) I have no other idea otherwise. However, there is an AHA idea asking HCL to think about a way to register people to some other .nsf. Take a look and vote over here. 

If anyone has any ideas, let me know in the comments.

I will get to the DA question shortly.

Details and Planning

I started with my blog post and the CSV file I needed with 4 test users.

Copied the 4 test users from the extnames.nsf to the names.nsf.

Went to register the users, verified information etc..

And got this error: "The user's flat name matches another user with a different hierarchical name."

You should know that I ran into a bug in the Notes Admin and Domino Server v12.0.2, which you can read about here. Upgrading the client/server is the basic answer to resolve this one. Since Domino was already at 14.0FP1, my Notes Admin client had yet to be updated. 

Once updated, everything went as it should.

Well, only some things. 

I need to do more testing, but I think the "just updating an existing user" registration option is not working properly because I now have 2 completely different entries for each test user. 

My theory is the existing users being "unregistered web users" with "other mail" were not seen as the same people, and so Domino created the new entries. I know the ways to work around this if it is the case, but more testing will validate what I need to do. After all i will have 7,000 to update, fixing one manually is fine, but all of them? For that, I have my Openntf Admin Snippets to help me. I will blog about this after testing is completed.

In any event, I copied the 4 people out of names.nsf, put them in the extnames.nsf, and reindexed both directories as it was testing time.

Testing TOTP and DA

Ready for testing, I turned on TOTP in the Security setting, edited the domcfg.nsf for the test URL, and checked that the extnames.nsf was enabled in the DA, then restarted Domino.

When Dominno comes up, everything looks okay. I open a browser, put in the URL, and see the login screen with the MFA details. So far, so good.

The first test is my own log-in. I am in the names.nsf, and my ID is in the ID Vault. I passed, and there are no issues.

Log in as one of the new test users for the second test. Invalid password.

It seems, and this may be a customer agent, that the users are not supposed to have a web password. I added there password back, it was in my CSV, and reindexed and tried again.

Different error. User not found type error.

I was logging in as FirstName LastName, which is how I logged in, but there is only one record of me, but 2 of the test users. I logged in with the Org domain name and got one step closer, this time it just crashed on me.

Ok, I cleared the browser cache, restarted Chrome, and tried again.

This time I received a invalid access error.

This is important because the HCL documentation does not say anywhere that the DA will work with TOTP on its own. It only discusses the DA via Cross-Domain Authentication, as you can see here.

I looked at how the DA was set up and changed the Group Authorization setting to Yes from No.

Made sure Trusted for Credentials in the Naming Contexts tab was set to YES.

Then I tried it again.

And it worked this time. I was prompted to set up the MFA and log in as the extnames test user.

Conclusion

I still have more procedures to test and document, but the ability to leverage TOTP in a secondary directory via DA is not a limitation for the rollout. 

Domino RESTAPI Bug and WorkAround

This is not my usual line of thought as an Admin, but sometimes, AdminOps is better than DevOps because troubleshooting is not an exact science.

While customers over the last year or so have been asking about the HCL Domino REST API, my reply is usually something like, I can install it, but you are on your own afterward, or I point them to a Developer friend.

To be fair, HCL will help them/me with getting started or "where is/How do I" questions. But this is about the bug my client and I discovered and how to work around it.

While updating the v1202FP3 servers to v14FP1, all went okay, even with the change in Java classes, until we got to the REST API server.

If you had downloaded and added my tasks update for the Admin client, you would see that RESTAPI was running on the machine, as I saw. I let the customer know I would upgrade it from 1.04 to 1.014.

Usually, it's not a big deal; you run a long string of commands or broken down into 4 lines like the example shown in the documentation which I prefer as my typing is not perfect.

java -jar restapiInstall-14r.jar ^ -d="C:\Program Files\HCL\Domino\Data" ^ -i="C:\Program Files\HCL\Domino\notes.ini" ^ -p="C:\Program Files\HCL\Domino" ^ -r="C:\Program Files\HCL\Domino\restapi" ^ -u

 You then type an A to accept the update, which will upgrade the REST API code.

It replaces the existing files with new ones and any updated files.

Great. I rebooted the server, and it looks like everything is up. The task view in the Admin client shows REST API is up.

Test a few things, but Swaager is not connecting to anything.

My initial thought was that the developers had some code that had been deprecated or maybe not valid with something in v14. I wasn't far off. I tried a few things to get it to work, and then I decided to look at the schemas. I found them deactivated, which seemed wrong to me, so I enabled one to test.

And it worked again.

Great! I did the same trick with the others, and they also worked.

One last test, shut down Domino and reboot the box clean to ensure it was ok.

No luck. Back to square one, but now the schemas all showed activated, but still just errors like this one:

This not being my first effort, I figured let's deactivate everything and reactivate it and test it.

Sure enough, it worked.

So, in my mind, the problem was somewhere between the REST API code and some type of flag on the schemas/databases that just wasn't being accepted.

Opened a ticket with HCL to discuss the bug I found.

After the usual back and forth, get us this, debug that, a copy of the NAB, a db, schema db, etc.. HCl said they could not recreate my problem, yet here it was.

We had an online meeting so the dev team could get a good luck at my testing and poke around deeper.

They agreed something was fishy and went off to look into it further.

In the interim, given this was a key production server, we wanted to revert back to the old REST API version, which worked fine prior to the upgrade. But would it work on v14, among other questions we had?

HCL and I discussed it with the customer, and this is how you revert to an older version.

We had the old code downloaded, which is key as sometimes HCL has a way to make older versions "disappear" from the public. The steps included:

1. Shut down Domino
2. Copy the Domino\restapi folder contents out from Domino to a backup space.
3. Once the RESTAPI folder is empty, you can then walk through the installation steps as I showed them above, but the last line instead of -u should be -a.
4. This will reinstall all you need(presuming all URLs, folders, etc are NOT being edited/changed)
5. Start Domino
6. Test

This worked well, and the customer was back up and running on V14FP1, albeit with the older REST API code. 

After a few days, we got back some information from HCL, which I quote directly below:

Problem:
REST API 1.014 Running the APIs in local swagger returns Error "Failed to Load API Definition"

Possible cause
The issue is that the scope's Server name is not correct.
This setting was not working correctly in older versions of DRAPI and was fixed in v1.0.6. It was pretty much ignored in v1.0.4.

Possible solution/Workaround:
With DRAPI 1.0.14 you have to add the CN name/hierarchical name of the Domino server instead of host name for example: CN=customerTest/O=HCLLabs in the Edit scope>>Server field>>CN=customerTest/O=HCLLabs or CustomerTest/HCLLabs
Earlier server name field in scope>>Server field was: Host name of the server i.e keithbrooks.com

Change it to either CN name or the hierarchical name of the Domino server or can be left blank stating any server that has this scope in the KeepConfig.nsf assumes the database / schema exists.

Moving further the product dev team is going to update the error message in the product code as 'You need to query a different server' so it makes more sense to the testing on affected DRAPI versions.

There you have it. My guess initially was partially correct. 

The configuration was correct for the old version, but because the customer did not upgrade the RESTAPI code along the way, they missed the changes in code at 1.06, which would have probably prompted an HCL ticket at that time as well, but it would have been easier for all of us to see as the issue at that time. as the change would have been fresh in their mind.

The story's moral is, of course, ABU or "Always Be Upgrading" because of security, code, and functionality adjustments over time. While we don't want to break production, sometimes you must do so for your benefit.

The second moral is to have a Development or Staging environment for these critical applications. In this case, the lower environment did not match the upper one entirely, so the problem was not seen when we updated the lower environment.

An Admin Present You Didn't Know You Needed

 Hi, welcome back to my burnt out blog. 1,500 posts and, well, I am kind of burnt out, but that doesn't stop me from giving to the community these little bits.

I'd like to write more but a lot of things have been internal client items that I can't write about, but I am active.

Preamble, excuses out of the way, so, who wants some goodies?

About 2 weeks ago, I gave an impromptu webinar for Openntf.org as a last-minute fill-in.

Openntf, for those that don't know, is the Notes/Domino+ community, where devs, admins, business people, HCL, and others share code and ideas, templates, and projects for the benefit of the greater worldwide community.

I wanted to inform people that monitoring Tasks in the Administrator client has some changes.

Why is this important? Because unless you are a 1 server company, you have a lot of information to remember, such as:

1. How do you know if DBMT ran? 
2. How do you know which server Certmgr runs on?
3. Which web server do you run the Domino REST API on?
4. Which server handles your Backups and Restores, presuming you leverage the v14 options?
   
5. Is NOMAD running?
   
6. Is your DirSync working?
   
7. Are you sure the awesome OnTime Group calendar is running?
8. Have you enabled Aautoupdate yet? One look and you know.

Intriguing questions, right?

Between v9 and v12, nothing changed in the tasks that could be monitored. Traveler seems to have been the last item added, and that was from 8.5, but it found its way into the Monitoring Dashboard in v9.

Now comes v14 and HCl has cleared out some older items, like x500 info and the Fax server....but did not add any of the newer tasks that have come along since v9.

To be fair to HCL, it is not as simple as a few fields and renaming a file.

But fear not my fellow Admins, for I have not only explained it all in my presentation, which you can watch over here on the Openntf YouTube page, I have made the tasks available for everyone to update their Admin Monitoring Dashboard.

If you just want the slides, go here.

And because I know you are probably as lazy as I am, I have made the forms available with instructions to help you get more from your Monitoring Dashboard.

Go get the tasks from my Openntf project over here.

If I missed a task that is not listed, let me know, and I will update the project database.

Domino V14 - A New User Capability - Mail Merge

I have asked for this for many years, and we got it in V14! 

This is my guide and first reaction.

If you have Admin Assistants or need to do your marketing, you need to use Word or some 3rd party to do what should be a simple effort.

HCL has given us a nice Mail Merge inside the notes client.

It may take some testing for your first one, but hang in there, it is much easier than other methods I have used.

I will elaborate on these topics below:

• Where is the Mail Merge option
• What you need to set up the Mail Merge 
• Creating your Mail Merge
• Previewing and Running a Mail Merge

Where is the Mail Merge option?

Naturally, the first place to get information is the HCL Documentation.

https://help.hcltechsw.com/notes/14.0.0/client/mail_create_mailmerge.html

I'd like to say this is well-documented, so someone who is not a developer or in IT can follow along.

But it isn't, which is one of my few issues and why I am writing this blog post.

Presuming you updated your Notes client to V14 and updated your mail file template to V14, Mail Merge is a newly added option in your Mail inbox view, when you select New > Mail Merge.

(1st screenshot is from the HCL Docs and presumably a Mac client, the 2nd is from my Windows client, How do I get the Stationery option in Windows?)
   

What you need to set up the Mail Merge 

Like most Mail Merges, you need your data, usually in a spreadsheet. HCL asks for Excel. I did not test any other spreadsheets.

The documentation says, but doesn't show or provide an example:

1. Create an Excel spreadsheet.

   Each column represents an aspect of the email body that will be personalized; each row should specify every user receiving the email and their personalized information.

2. Save the Excel file.

Took me a few tries to figure this out.

Naturally, every row should be a name, easy enough.

What is the column story exactly?

At first, I tried putting in details, but that didn't work right.

You need to provide a Title to each column.

I thought I needed the Notes designer name for each field, which would be crazy for an end user, but I was wrong. 

The title can be anything you want; this is cool because oftentimes, you get hard requirements for naming.

But make it easy to follow, as you will see in the next steps.

Here is an example of my simple test Excel file, without the attachment column.

Then save your file.

Creating your Mail Merge

This is what you came here for, and it is set up like a Wizard to help you.

After selecting New>Mail Merge and you select the Excel file you created, you will see this dialog box:

(1st screenshot is the documentation and a mac client, 2nd is my windows client. Note the differences, Stationery, and Attachments are not consistent)

If you click on the drop-downs you can see all the column titles you created and in my screenshot below, it recognizes some names directly.

Attachments in Excel are messy, but I tested using a local file link.

Once your basic fields are defined, you move to the memo form.

NOTE: The attachment(s) do not appear anywhere in this form! But they are there, as we will see shortly.

I did not know what to expect, so I created a "Body" column with the text I wanted. Normally, this is where you would paste your Word document or email template, so the body field I created is not needed, but I added the field there to show an example of fields and text.

People who are used to creating a Mail Merge will understand that you format the mail/body text like usual and you can include graphics and other changes to fonts, etc..

NOTE: In my testing graphics that appeared in the preview did not come through to the recipient.

Usage cases for this include bulk email senders, bill notifications, or other similar types of standardized messages, but if you don't need heavy, intensive graphics, this will do quite well for your marketing team, too. YMMV.

When you need your fields from the Excel file, click on the Insert merge field, and it will add the block. You can then move it or work around it, as i did with BODY below.

Once your mail is ready, click the Preview and Send button.

Previewing and Running a Mail Merge

I grabbed a side-by-side screenshot to show you how the form looked compared to the preview.

You can see the attachment is now shown and takes up the top part of the mail, I would prefer it be on the bottom, and this causes a different issue when NOT including attachments, as we will see below.

There is a little arrow and number for you to check your previews, and if you need to edit it, select the Continue Editing button, or if it is ok to send, click on the Send Mail Merge button.

The screenshot below is how the email looks in my Verse client, and Gmail, when I receive it.

NOTE: I need to verify what went on, but the Mail merge seems to include an auto bcc to the sender. Be nice if this was documented or stopped, because why would I want 100s of emails flooding my inbox?

Note the long line across and how the message doesn't start on top but only under that long line? That area is the attachment area.

My hope is HCL fixes this in the future because it looks like the mail got cut off or is missing something.

For a fresh Out of The Box benefit for people, I like it and hope to use it in my marketing efforts.

Hope this helps you and your team that needs mail merge and thank an HCL person for listening to the customer voice.

V14 Notes, Domino, Traveler are out Now

But your Notes install may have an issue.

NOTE: This post will be updated/edited as I figure out more of what is going on. Domino install-info after the Notes client info below.

I tried installing HCL notes, only comes in 64-bit now, on 2 different machines.

The installation was on top of the existing ones.

You may want to use the NICE tool to clean up the prior install first, might save you some headache.

1st is my usual laptop, 6 months old, Windows 11 Pro which already had 1202fp2(64-bit), and while it looked ok after about 20 minutes of waiting to finish, it gave me this, with no more details. It possibly happened while uninstalling or disabling something.

And then backed out the installation.

Subsequently, what I did was extracted the installer to a new location.

Then ran the setup, RunAs admin.

And this time it worked. Thank you Marc Thomas for the hint that there may be some extraction issue and to try it this way.

So, 2 clients installed, a server with traveler installed and it took about an hour and a half including troubleshooting/retries.

The 2nd installation on my Windows Server 2019 which is a hosted VM gave me this message:

And after trying again to click ok said this:

Never had something like this happen before during an install. 

I extracted the 1202 notes client as requested to get the MSI file and then the installation continued on its way. Also takes about 20 minutes.

So the Server install completed, even after asking for the 1202 code.

Now to figure out what is wrong with my Windows 11 install.

Domino Install

If you do a custom install, like I do, you will see the options to install Nomad and Ontime and I think Verse, my screen capture did not capture, sorry.

You will also see something my beta code did not do which is confirm the Domino login name for the startup services.

You may want to be careful with that if you don't know how you are logging in because your server may not start afterward.

Time to update was between 5-10 minutes including restarting the server and updating the Directory.

Traveler is also available and installs like usual in a few minutes.

Nomad works just like it did before, so the update did not change that, but it would be nice if it told us which version it was, instead of developer code which is 1.0.9.5525-3341. How do I know if mine was even updated? Maybe 1.0.9 was what was installed, but i already was at that level.

Verse works as well. 3.2, which I had installed, need to look up what version is installed as V14.

Ontime kept my configuration, and the booking settings still work as well.

Pretty cool when you think about all the stuff HC has to verify on the Domino side given these things are now included in the installation.

SMTP BlackListing, WhiteListing and Log and Reject/Tag

If you rely on your Domino server to handle all your mail, you probably have had numerous attacks on your server over time or even lately, as I did last week.

My personal Domino server is a mix of real code, websites, and active email, with various half-coded things and weird templates or customer testing.

However, I started getting harassed by sites looking for open SMTP accounts recently and figured something was amiss in my configuration document.

The official blacklist servers worked fine, but some of these rogues were missing.

Looking at my log file, I found a few domains/IP addresses and put them into the deny access group known as the Private Blacklist Filter found in the Servers Configuration document, as shown below.

But that wasn't enough to stop them. They kept coming. 

I wondered if 12.02.FP2 had some problems, so I opened a ticket with HCL.

Turns out the problem was on my end, but I still have some questions, but first, what was the problem?

I had a default configuration document, which was fine, but I  also had a separate one for my server explicitly named a relic from a test issue.

The explicit one took over the default one, and so while I thought I was maintaining one list, I was wasting my time.

I deleted the explicit one and just focused on the default document, it is my server after all.

And all was good, sort of.

I wanted to understand why I was still getting a few spam emails.

I had set the server to Log and tag instead of Log and reject. 

Here is where the problems got worse.

I decided to block all spam and set all fields to Log and reject messages. You probably can guess what happened next.

My inbox was very clean. Very few emails came through.

I thought I would whitelist what I needed, like bank mail, and HCL support mail (not so simple, someone at HCL should look into their SMTP issues that have them on a blacklist).

Still not getting lots of mail.

Next, I looked at what else was set in the doc and saw the verify domain lookup option was set, and rightly so as this does a great job.

However, I have learned that many organizations don't have good, clean SMTP/DKIM/SPF entries, and thus, they are getting blocked.

Sadly, I had to revert back to Log and tag to interact with customers and business partners.

Customers of mine with issues were notified, as was HCL, but if you have been playing with SMTP, something else always pops up. It needs babysitting.

While my mail is more stable now, I know I lost a few entities that got the denied server message and probably will not resend anything in the future. Which is a problem as some are bills and other items of usefulness.

If you are a new Domino administrator be careful with how you edit your Configuration document.

SnTT - Which Database has an FTI?

Earlier this year, Martin Vogel and I gave a session at Engage titled "Teaching Young and Old Dogs New  Tricks: Notes & Domino Shortcuts You Wish You Knew," It was a great session with a filled capacity of the room.

But I was neglectful; I had planned to post some essential tips in my blog at the time but did not get to it. I will try to make up for it over the next few weeks.

The first one that not everyone may know about is how to find out which databases have a FTI, Full Text Index.

Here is the scenario:

You are asked to build new servers for your customer or organization and while looking at the old server, notice some indexing on some databases. This causes you to think, how do I find out which databases have an FTI so they can be rebuilt on the new server?

Good question, right?

I will first provide an answer for anyone not on R12 and then post the R12 way.

Pre R12 FTI Details for any given Database

1. Open the catalog.ntf in the designer client
2. Open the Views List
3. Edit the Applications\by Server view
4. Insert a column where you want it, and name it FT Index
5. Change the field for this new column to DbFullTextIndexed
6. Set the column to sort both ways
7. Save your changes
8. Replace the design of your catalog.nsf

NOTE: This presumes all your databases are set to show in the catalog.nsf, so not 100% foolproof

The R12 way to see FTI Details for all Databases on Your Server

Open the Administrator client

Go to the Files tab

Click on File-Preferences-Administration Preferences

Select the Files Tab

Add the FT Index (see screenshot below, FT Index is the last one in the list)

Reorder the column location, or it may end up in the 27th column

Restart the Administrator client to see the change

If you need it, you can copy and paste the full view into Excel if that helps you track what you are doing.

Pretty cool if you ask me that this got added in R12. I had asked for it in an Aha request, and it got done, so Aha is listened to by HCL, here is the link to that request:

https://domino-ideas.hcltechsw.com/ideas/DOMINO-I-264

It was the first item added to the column list since before R9 at least.