Domino Administration Wizardry - Dark Arts Edition

Here are the slides to my session I just completed at the Engage conference.

This session was and is aimed at junior admins that need to find better, faster ways to do some redundant tasks.

If you have any questions just ask me. The code used is not perfect and alternative options do exist but for an admin with little to no development knowledge, I hope this saves you time and provides reasons for your users, and manager, to love you even more.

Domino Administration Wizardry - Dark Arts Edition from Keith Brooks

Will I See You at Engage for my Session?

For the 3rd time in 3 years I will be presenting at the great Engage conference.

Together with 400 attendees, I will be one of the 38 HCL Masters speaking at the event.

This time I am extending even more Domino Administration fun culled from real life every day client headaches surprises by incorporating some LotusScript code and other bits of development to make your daily admin lives better, faster, easier so you can get to the free beer at Engage quicker.

Tuesday, March 3 13:30 - 14:30 Room G: Knoefzaal

Ad09. Domino Administration Wizardry - Dark Arts Class

Bring your wands(laptops) and let's create some magic (scripts, code) so you can go home a 1st class Wizard. 

ALL code discussed, and shown, will be made available in the slides so even if you are a nascent developer like me, you can do this too, no prior coding knowledge is required, but you will need the Designer Client for some items.

Go signup and attend this annual conference that leaves you wanting more every time. 

If you want need to graduate and need me to issue O.W.L Domino Certificates, let me know in the comments or via social media and I will see what Hermione can conjure up for you so you can prove your completed the course.

Time Travel the Daylight Savings Time Way

Over here, we change the clocks tonight. It is a random event decided by the government.

But that is not the point of this blog post.

Governments suck at understanding technology, be it farming or digital, they should just stop messing with us.

But I digress.

While working on a client site I noticed that the log file view shows a time, say 9:45am-10:02am.

When you open the document, I saw 8:45am times.
Please be aware this will not hurt your server in any way as it is a client side view issue, not a server side issue. Well, in this case.

Whoa! Daylight Saving Time issue! DST sucks!

Hang on a second. I am in Israel, +2 of GMT, customer servers are in EST.

My admin client of course runs local time for me. I am used to seeing log times in funny ways but this bothered me. I checked the server console, time stamp and date is correct. We checked the OS itself, also correct.

In a Skype chat with some friends, I posted the issue, this was an AIX server by the way, I also posted this Technote # LO68032 from IBM which describes it perfectly well.
http://www-01.ibm.com/support/docview.wss?uid=swg1LO68032

Unfortunately it states "This APAR is closed as FIN. We have deferred the fix to a future release."

And not in the 9.x stream.

I tried other servers at the same client, same problem.

I then tried other customer sites, no problem.

While discussing it with Susan, she advised that it would not be a problem after this coming Monday based on the historical dates for the time changes. Kudos to Susan who is always helpful and up to date with information. Note to her boss, you do not pay here enough!

The work around is to change the OS to EST then restart Notes and that works. 

However, I am interested in what caused it and how to fix it.

It occurred to me that this was the only client I was using a specific CISCO VPN and client (5.0.07.0290) which I do not use for any other clients.

It would seem to me that the problem lies not with IBM, Notes or Domino but with the VPN from the customer and the settings or policies it enforces when I login to it.

So maybe IBM should revisit that technote and customer and see if a VPN was involved. In the mean time I am opening a ticket at the customer site...after Monday if it still happens.

SnTT - In Which Port Settings Don't Quite Work

Been a long time since I wrote a Show n Tell Thursday so let's get on with it.

Building an IBM Domino cluster is not as difficult as it was years ago and I was done with the basic parts and wanted to test the fail over.

I figured easiest way to do this was to enter at a server console "stop port tcpip" while connected via rdp to the server.

I tested mail clients could fall over to the 2nd server and mail routed. Great.

Back to the server and server console and tell it to "start port tcpip".

I didn't think much about it and since there were some server updates to add to the box, I decided to shut it down after the updates were done.

It came back up and was running and I was working on another server in the domain when the client let me know no one could connect to the server. Odd, I was there and it "looked" ok. On closer inspection, it was not ok.

Errors that said databases could not be found, no route found, no network could be found, trace connections and some other fine error messages that mean nothing to the average person.

After poking around a bit, I figured the notes.ini needs to be edited. I checked with Rob Kirkland, of this book fame on Domino System Administration, and followed it to solve the problem.

I found the TCPIP port listed under disabled ports. Deleted it form there.
Found TCPIP=TCP,0,15,0,,45088 was missing which is for compression and encryption (see below).
Also missing was Ports=TCPIP

After putting it all back together, rebooted and all is good again. Still not sure why the commands failed and did not help this 8.5.3FixPack6 server but at least someone else out there will not have to waste an hour or 2 tying to figure it out.

Selection NOTES.INI parameter

          Nothing TCPIP=TCP,0,15,0,,12288,

Compression only TCPIP=TCP,0,15,0,,12320,

Encryption only TCPIP=TCP,0,15,0,,45056,

Both TCPIP=TCP,0,15,0,,45088,

EDITED: October 20, 2020 The below is pulled from the most awesome list of ini settings ever.

https://entwicklercamp.de/customer/notesini.nsf/85255a87005060c585255a850068ca6f/8d0f57b937909eefc1256e9e0045eddb?OpenDocument

Configuration for a TCPIP port.

Examples: TCPIP1=TCP,0,15,0,,12288

TCPIP=TCP, 0, 15, 0 [,,x] <----------- This is the setup for your TCP Port
.......|...|..|... Application Data buffer size (0 is default which = 8000)
.......|...|..Placeholder not used by TCP
.......|...Placeholder not used by TCP
.......This is the port driver name

The last parameter x ([,,x] above) can be decoded as follows:
0 X 8000 Encryption is enabled
0 X 0020 Compression is requested
0 X 4000 driver is internal
0 X 2000 no-op
0 X 1000 always for V2 and V3
0 X 0002 set to log modem I/O
0 X 0004 set to enable RTS/CTS

8020 which would be Encryption plus Compression is in hexadecimal code 45088

Selection NOTES.INI parameter
Nothing TCPIP=TCP,0,15,0,,12288,
Compression only TCPIP=TCP,0,15,0,,12320,
Encryption only TCPIP=TCP,0,15,0,,45056,
Both TCPIP=TCP,0,15,0,,45088,

21+ Easy ways to be an Admin Champion

Sam commented on this post about "How an Admin Could Sell Domino to Management" with the following:

Further to this, do you have a list of "easy wins" that you think every client should have installed? What would this list look like?
I'm thinking of things like Sametime, Swiftfile, Spell Check...and much more, but...when you do a new install, do you have a checklist that you follow?

 The simple answer is yes, there are basic things everyone should do, but do I have a checklist, not exactly. These won't necessarily make you an IBM Champion, but they should make you one in your company.

There are easy things to do but to really encourage usage, you need to give everyone the tools and then show them, teach them how to use them, in video, person or emails.

1) Sametime basic is still part of entitlement, use it if you don't have full Sametime, install this on your mail server or something else, anything else.

2) There have been add-ons like SwiftFile and then there are some great widgets produced for the Sidebar. While talking about the sidebar apps, see this post on a bunch of them and the prior one it links to as well.

3) Enable the Widget Catalog, AA's probably will like the Fedex, UPS tracking widgets as an example. There is a widget catalog available from a few places. Here is one, and another from IBM.

4) Sales people may like having the CRM app in the sidebar as well, you can pick a view, form or the whole db.

5) LiveText is also important as it can do so many things from using Google maps to locate addresses in emails to more integrated lookups like Linkedin. Here is a link to the docs on LiveText.

6) Policies make the help desk life easier, spell check enabled is a good start. Configure as many of the "default" settings which everyone will need. Think about every setting you configure for an install and you get the idea. You do configure the installs, even a little bit right? RIGHT?

7) Synch passwords, not just single sign on to Windows but also for iNotes. I thought I posted this but could not find it. Here is the Technote #1229510.

8) iNotes redirector - make it easy to remember, company.com/mail, see my iNotes tab for the posts on iNotes or the slides page for past presentations on it. (missing the slides, will find them and post shortly).

9) Managed replicas which is new in 8.5 will also make life easier, here's how.

10) Signatures, explain the differences and send an example for the company to use, or add it to the mail template for everyone as a default.

11) If you have a few minutes customize the company memo template fields with your company logo too.

12) Preload the personal names.nsf with connection docs for your servers for external and internal usage, if applicable.

13) Lotus Notes Traveler, just do it. Some recent BPs have made some other enhancements you may want to look into as well. Extracomm has one for OoO click here to learn more

14) Quickr connectors, if you use Quickr. See my slides from The View on how to pre list some places for new installs, it's towards the end.

15) Configure Activities if you have Connections installed. Disable it if you don't via policies.

16) Sametime online meetings, did you know you can pre define your conference line numbers in preferences settings? DO IT!  You can also add it to the calendar profile settings for users.

17) Also set up rooms and reservations, and make people use it to book conference rooms.

18) Explain how to save individual emails or drag n drop them to a Quickr site in connectors.

19) Remind users that the larger their inbox, the longer it takes to open and do anything, especially if working off the server.

20) Set up an external db for larger files for external clients to access, define login/passwords. Large companies have other methods but smaller ones just send it. Bad idea on many levels to the server, clients and your network bandwidth.

21) Security, enable your server for encryption, compression and do the same for the clients, again via policies.

No doubt there are ones I am forgetting and ones others set, please comment for everyone to learn.

Share because you care.

In short, the basics are there and if you did all of these, and these really are the basics, start looking at usage.

PS - If you don't need quotas, don't use them, biggest pain to users.

Exposing Security holes is not funny business

This is being written for CYA purposes.

In reading some tweets from someone I noticed a link to a site which was personally and professionally relevant.

A nice usage of a shared calendar and I investigated it deeper.

As I usually am want to do, I tested their network for basic security holes which would usually point to junior admins work or one of those "damn forgot to fix this" moments of us senior admins.

And sure enough their NAB is exposed. Not only that but the server IDs as well as most employee ID files are attached in the NAB and free to be downloaded. Oh and employee personal details are exposed as well, kids, home address, etc.

Odds the server IDs have a password? I'm not going to check to find out but my guess is they don't.

And the top 2 senior executive ID files? Yes, you guessed it attached.

I sent one of the executives, responsible for IT, an email outlining what we can do to help them with this problem and that they should really take notice of it.

Sometimes this leads to clients, sometimes not. But it does point out the larger picture which is just because you run Domino on a non-Windows platform, doesn't mean your IT staff knows anything about securing Domino, although I am sure they are excellent at their OS of choice.

This is NOT funny and sadly it is an R8.5 server too which means that either they did this on their own, with no advice or worse another BP did it and really exposed them to potential lawsuits and other potential issues.

Either way hopefully we will at least be able to discuss this with them further before it goes on like this for too long.

The bottom line is NEVER make your NAB open to the outside world. Default should always be No Access. If you have an internet connected server you are just asking for trouble.

Luckily they have it set to reader and not editor! I will NOT test delete but my guess is that is available to me, although adding a person is not.

And for those who question how bad is this, I COULD recreate any of their servers, then their certs, after all I have valid server IDs and user IDs and can read the NAB so I could build a server to match theirs and then create accounts as the executives and start sending out 100% valid emails. In fact this is how I had to save 2 customers in the last year, I posted about them too.

Not funny at all. A great write up case potentially for Lotusphere.

LS08: Admins just say FUC it

This Blog is brough to you by the letters F-U-C but sadly no K.

On occasion I do admit to being an administrator on here and NOT a developer, when not discussing more serious business(more on this next week).

However, while training in Mississippi last week before Lotusphere I taught an acronym to the group of admins that when you have a corrupted nsf or database or just want to make sure one is okay, you have to FUC it.

I am sure somewhere in the world this has been used by some admins, if not I stake my claim and all royalties may be paid in the form of a bottle of single malt scotch(please check on our stocks so we do not duplicate, unless you have Macallan 30yr old we accept all bottles including half full ones), but I digress.

Note to Paul Mooney, you can use this for next year's tips list. We can discuss speaking slots.

I do not believe you heard this in Lotusphere this year or ever
.
All admins know this, if not, please read the help files or email me for an excellent chart that outlines the switch options for these.
I am not going to detail the multiple ways to run these but there are at last count at least 8 diffeerent ways to accomplish these tasks if you include web admin, server console admin, rconsole, command line, admin client, DOS I mean windows command line, notes client, designer client and more. keep in mind I am talking asbout running it on demand, not at a set time in the configuration doc or notes.ini on the server, or a policy or well yuou get the idea.

F = Fixup
U = Updall
C = Compact

There is Q for quit but we are trying to keep the server up and not restart it.

Couldn't think of a K, although there is Kill from nsd -kill(run from your Notes program file, mine looks like c:\lotus\notes8\nsd -kill) which is used to stop all Lotus processes in the event of a Windows or Java conflict or some other reason which crashes your Notes client.

For those that wonder, yes I do run Notes R8 and Domino R8 on a ......Vista laptop. I also run R2,3,4,5,6,7 on it as well. No VM either.

So to all the new admins out there, I was there once too and there are no stupid questions when it comes to managing your Lotus infrastructure.