fighting for truth, justice, and a kick-butt lotus notes experience.

 
alt

Detlev Poettgen

 

Announcing - Lets Encrypt for Domino - Just Do SSL

 23 August 2017 16:16:43
To enable HTTPS on your website, you need to get a certificate from a public Certificate Authority (CA). Let’s Encrypt is such a CA, which offers free trusted certificates. The only limit is that the certificates expire after 90 days. But you can renew them as often as you like.

There are several clients around to retrieve a certificate from Let’s Encrypt. But none of them offer a consistent way to automate the process, when using Domino as your HTTP-Server. Either the client tool is only available for Linux, or you have to install additional Perl/Python interpreter on your Domino server machine to run scripts. And then there is the Domino properitary keystore format :-(

We at midpoints were looking for a solution to get Let’s Encrypt certificates working together with Domino as close and automated as possible.
So we started the midpoints Let’s Encrypt 4 Domino project for internal use.

Let’s Encrypt for Domino == Let’s Encrypt 4 Domino == LE4D (spoken as lead)


After we got it working, we decided to make the tool available for free, because the Let's Encrypt certs are for free and so midpoints LE4D should be free, too. SSL is important and you should use it.

Yes, you can get  it for free!

Image:Announcing - Lets Encrypt for Domino - Just Do SSL

What midpoints LE4D will do in detail?

The short answer - A lot!

In more details:

- Creates a Let's Encrypt User and Domain Keys
- Creates and puts Let's Encrypt Challenge on your server
- Creates and sends the Signing Request CSR to Let's Encrypt
- Downloads the certificate
- Downloads the Key Chain
- Generates the Domino Key Ring files using the IBM KYRTOOL
- Merges the certificates and chain into the Key Ring
- Backups the generated certificates
- Restarts the HTTP Task
- Periodic Renewal of certificates, when needed

All you will need is our midpoints LE4D template.
Create a new application from the template, create a configuration for your domain and start an agent ( the agent can later be started on a scheduled basis using a program document to renew the certificates).


Interested? Then get your copy of midpoints LE4D today for FREE.

https://www.midpoints.de/LE4D


Ulrich Krause aka eknori and myself digged into the Let's Encrypt API to make LE4D possible. Thank you Ulrich that we together got it working!

And we would like to thank Let's Encrypt and the Let's Encrypt community to provide their great Let's Encrypt Cert service.

Old IBM Apple APNS Push Certificate of Traveler 9.0.1.15 used for Verse expired on 12.08.17

 11 August 2017 12:35:52

If you are still running IBM Traveler version 9.0.1.15, have in mind that the Apple IBM Push Notification Certificates for IBM Verse and ToDo for iOS will expire tomorrow (12th Aug. 2017).

You will may see error messages like this on the console after 12th Aug. 2017:

06.02.2017 11:59:08   Traveler: SEVERE  *system Couldn't send message after 3 retries, Message(Id=692311; Token=8C720F7F9B96D30C184445840EF0D0D925BC8C269618C7523E0B98EE9B61A03E; Payload={"aps":{"badge":14,"content-available":1,"alert":"E-Mail von test.de","sound":"v)"},"LGUID":"2068982","FLAGS":"1001","account":"1"}) Exception Thrown: javax.net.ssl.SSLException: Received fatal alert: internal_error


To solve it you will have two options:

1. Option: Move on to Traveler 9.0.1.18  (Recommended)


2. Option: Stay on 9.0.1.15 (for what ever reason) and only change the P12 certificate files.

You can replace your existing certs and use this three files, which I copied from my Traveler 9.0.1.18 server. The certs are valid until 8th March 2018.

PushAPNSAppleVerseProduction_validto_20180308.zip

Extract the zip-file and copy the three P12-files to your Traveler server: notes_data/traveler/cfg  and restart your Traveler server


You can check, if the Push Notifications are working and how long the certs are valid by executing this command:

tell traveler push cmstatus


It should look like this:

> tell traveler push cmstatus

...
[14B0:002E-0D08] 11.08.2017 12:31:25   Traveler: No connection for MaaS360 Production to gateway.push.apple.com on port 2195 because it is disabled via NTS_PUSH_ENABLE_APNS_MAAS360_PRODUCTION
[14B0:002E-0D08] 11.08.2017 12:31:25   Traveler: No connection for Third Party Development to gateway.push.apple.com on port 2195 because it is disabled via NTS_PUSH_ENABLE_APNS_THIRD_PARTY_DEVELOPMENT
[14B0:002E-0D08] 11.08.2017 12:31:25   Traveler: No connection for Third Party Production to gateway.push.apple.com on port 2195 because it is disabled via NTS_PUSH_ENABLE_APNS_THIRD_PARTY_PRODUCTION
[14B0:002E-0D08] 11.08.2017 12:31:25   Traveler: -- Certificate Validity Dates (Fri Aug 11 12:31:24 CEST 2017) --
[14B0:002E-0D08] 11.08.2017 12:31:25   Traveler: D:\Progs\domino\data\traveler\cfg\PushAPNSAppleToDoProduction.p12 is valid from Mon Feb 06 20:34:55 CET 2017 to Thu Mar 08 20:34:55 CET 2018.
[14B0:002E-0D08] 11.08.2017 12:31:25   Traveler: D:\Progs\domino\data\traveler\cfg\PushAPNSAppleVerseCitrixProduction.p12 is valid from Mon Feb 06 20:38:01 CET 2017 to Thu Mar 08 20:38:01 CET 2018.
[14B0:002E-0D08] 11.08.2017 12:31:26   Traveler: D:\Progs\domino\data\traveler\cfg\PushAPNSAppleVerseIBMProduction.p12 is valid from Mon Feb 06 20:41:08 CET 2017 to Thu Mar 08 20:41:08 CET 2018.
[14B0:002E-0D08] 11.08.2017 12:31:26   Traveler: -- APNS-DelQ --
...


Tesla Model 3 - es wird die Autobranche für immer verändern

 31 Juli 2017 13:23:20
Sehr lesenswerter erster Tesla Model 3 Testbericht:

Image:Tesla Model 3 - es wird die Autobranche für immer verändern


... Ich habe es nur sehr kurz fahren dürfen, aber ich bin so gut wie jedes andere reine Elektrofahrzeug auf dem Automobilmarkt gefahren und kann mit Sicherheit sagen, dass das Model 3 keine Konkurrenz hat.

Doch es ist mehr als das. Obwohl es ein kleiner Viertürer ist und der Markt sich allmählich von dieser Art Fahrzeug entfernt, um sich auf Crossover-Fahrzeuge und SUVs zu konzentrieren, wird niemand in diesem Auto sitzen und es nicht besitzen wollen. Das Model 3 erweckt sofort Begierde, und die Lust auf das Auto bleibt. Das verändert wirklich alles.

Alles, was Tesla jetzt noch machen muss, ist eine halbe Million dieser Autos zu bauen.

via: http://www.businessinsider.de/ich-bin-das-tesla-model-3-gefahren-es-wird-die-autobranche-revolutionieren-2017-7


Wer mich persönlich kennt, dem werde ich vermutlich inzwischen schon mit meiner Begeisterung für Tesla auf die Nerven gehen.
Ich war so verrückt, das ich mein Tesla Model 3 am 31.03.2016 um 10:00 Uhr deutscher Zeit schon vor dem Live-Event ungesehen vorbestellt habe.

Elon Musk beginnt nun 16 Monate später zu liefern und ich werde vermutlich bis in die Mitte 2018 auf mein Model 3 warten. Ich weiß nun, was ich bekommen werde und freue mich darauf.

Image:Tesla Model 3 - es wird die Autobranche für immer verändern

Im Gegensatz zu den deutschen Automobilherstellern hat Tesla eine Vision und setzt diese auch wirklich um. Anstatt auf den Staat zu warten und auf Förderungen zu hoffen, macht Tesla es selbst. Das beste Beispiel ist hier das Tesla eigene Supercharger-Netzwerk, das es schon heute ermöglicht mit seinem Model S oder X auch lange Strecken quer durch Deutschland zu fahren.  

Für mich ist das Tesla Model 3 das iPhone der Automobilindustrie!


Vor 10,5 Jahren wurde ich mit meiner Begeisterung für das erste iPhone von meinen Kollegen sehr belächelt. Die damaligen Marktführer (Nokia, Blackberry, ...) führen inzwischen ein Nischendasein und haben Apple komplett unterschätzt.
Für mich ist die aktuelle Situation und Stimmungslage im Automobilsektor sehr ähnlich wie vor 10 Jahren im Handy-/ Smartphone Umfeld.

Die Zeit ist Reif für Innovationen und die alten Platzhirsche halten zulange fest an Althergebrachtem und finden nicht den Weg aus der Sackgasse.

Ich drücke Tesla die Daumen, das das Hochfahren der Produktion wie geplant funktioniert und die Qualität darunter nicht leidet.
In einem Jahr werde ich hoffentlich in meinem Model 3 sitzen und wir werden sehen, was bis dahin passiert ist. Es wird auf jeden Fall ein spannendes Jahr.

Hash-Tag: #EnttäuschterUndVera***terVolkswagenKunde






Traveler 9.0.1.18 needs Editor access under Maximum Internet Access ACL settings

 13 Juli 2017 15:10:19
A customer called me today, that he has trouble with a few of his Traveler users.
After updating IBM Traveler to v9.0.1.18 users are no longer able to sync and the deletion of these Traveler devices (using the traveler delete command) is not working any more.

When trying to delete the Traveler user using:

tell traveler delete * Detlev Poettgen


He gets this errors on the console:

Traveler: SEVERE  Detlev Poettgen[*] NotesException Notes error: You are not authorized to perform that operation
                          id=4000 occurred trying to access device profiles Exception Thrown: Notes Exception(4000) : Notes error: orized to perform that operation
Traveler: SEVERE  Detlev Poettgen[*] NotesException Notes error: You are not authorized to perform that operation
                         id=4000 occurred trying to access device security profiles Exception Thrown: Notes Exception(4000) : Note not authorized to perform that operation



IBM enabled the Run-as-User function with Traveler 9.0.1.18 and the way Traveler will access the users mail database:


Starting with IBM Traveler 9.0.1.18, the new run as user feature will now be enabled by default. When running as the user, the Traveler server will access the user's mail file as the user ID instead of the server ID.

This feature resolves several long standing issues with accessing the user's mail file as the server ID, including:
  • Honor ACL controls on mail file and corporate lookup for the user.
  • Prevent event notices and automated responses from being sent from the server ID.
  • Prevent the server ID from being assigned as the owner of the mail profile when there is no owner defined.

Important:
For run as user feature to function properly, the Traveler server must be listed as a trusted server in the user's Mail Server document.


So we first checked, if the Traveler server was listed as a Trusted Server in the mail server document.
That was all fine and other users located on the same mail server were able to sync.

So when looking at the ACL of the users mail database, we found really quick the reason:

Image:Traveler 9.0.1.18 needs Editor access under Maximum Internet Access ACL settings

For the users mail database the Maximum Internet name and password access was set to Reader.
After changing it to Editor, the user was able to sync again and a traveler delete command works again.


Update 17.07.2017:


During the last few days I got asked, how you can check, if all your Traveler users are having set Maximum Internetname and password access to Editor.

As far as I know, there is no out-of-the-box solution available from IBM. The Admin-Client will not show this ACL setting in a view and catalog.nsf will not contain this setting.

So I created a small database QuickFix for Traveler , which will query the mail databases of all Traveler users and shows some consolidated database properties (Size, Quota, Template, ACL, Owner, Soft Deletions, Max. Internet Access, #Documents).
From there you can select the databases with Max. Internet access lower then Editor and it will fix it for you.

If you want to use this database, too - just drop me an Email or leave a comment with your mail address. I will send you the QuickFix for Traveler app.





 



IBM Verse for iOS 9.4.0 updated pre-configuration settings

 26 Juni 2017 15:30:05
Last week IBM released a new version 9.4.0 of the IBM Verse for iOS App.

IBM Verse for iOS v9.4.0 had been completely rewritten and was the first feature update since a few months.

Under the hood IBM changed the way to pre-configure the app by an EMM/MDM solution. The Verse app now supports the open AppConfig Community standard to push setting like a server URL or an user name to the app.

Verse for iOS supports custom managed configuration, which allows the MDM administrator to preconfigure many Verse for iOS settings. Any setting defined using the MDM takes precedence over a similar setting or policy defined at the Traveler server.
Setting custom app configuration will vary by the MDM soltution you are using. All MDM providers should support the concept of Apple managed configurations using custom keys and value pairs.

Now it is possible to define most of the user setting within the app and to lock some of these settings. I will post an additional bloentry in a few days, when IBM will have published the AppConfig documentation.

To pre-configure Verse you will need to set in minimum these four settings:
Key Data Type Value  (Example) Comment
appConfigOnly Boolean true       (1*) Will enable the AppConfig Settings within the app and will ignore Maas360 & MobileIron SDK
serverType String onpremises Where is your server located?
onpremises
cloud
choice     (asking user)
serverURL String https://mobile.comp.com/traveler Provide the hostname or a fully qualified URL to your company's Traveler server. Only provide this value if using ‘onpremises’ as the server type.
user String IggyPop Login user id. You should be able to use placeholders depending on your MDM solution



Hint: The key names are case sensitive !!!

(1*)  Depending on your MDM solution you can use "true" / "false"  or "1" / "0" as Boolean Values

Using our own MDM solution midpoints mobile.profiler a simple pre-configuration of Verse for iOS looks like this:

Image:IBM Verse for iOS 9.4.0 updated pre-configuration settings

Thank you at this place to Bill Wimer (IBM) and the Traveler Dev team for the AppConfig integration.
Well done and I will post a few more new settings when the AppConfig documentation will be public.

Update 27.06.2017:
IBM released the AppConfig for Verse documentation yesterday evening. Check out: http://www-01.ibm.com/support/docview.wss?uid=swg27049934


IBM Traveler 9.0.1.18 available bringing one important change

 15 Juni 2017 21:56:11
Today IBM released a new Traveler version called 9.0.1.18 (Build: 9.0.1.18 201706131301_20).

Image:IBM Traveler 9.0.1.18 available bringing one important change

9.0.1.18 brings this new change:
 Traveler Server Run as User

Starting with IBM Traveler 9.0.1.18, the run as user feature will now be enabled by default. When running as the user, the Traveler server will access the user's mail file as the user ID instead of the server ID.

This feature resolves several long standing issues with accessing the user's mail file as the server ID, including:
  • Honor ACL controls on mail file and corporate lookup for the user.
  • Prevent event notices and automated responses from being sent from the server ID.
  • Prevent the server ID from being assigned as the owner of the mail profile when there is no owner defined.

Important: For run as user feature to function properly, the Traveler server must be listed as a trusted server in the user's Mail Server document.

To disable run as user, set this notes.ini parameter: NTS_USER_SESSION=false


Fixlist:
APAR # Abstract
LO90096 Info update continues to be ghosted on mobile device after the event is processed.
LO91797 Empty comments displayed on iOS native Calendar application when event processed in iNotes.
LO91836 Invalid this and future reschedule generated by iOS native Calendar application.
LO91875 Ghosted event not displayed on mobile device.
LO91956 Maill attachment does not sync to mobile device when contains angle brackets < and >.
LO91997 IBM Traveler web administrator may show iOS Verse 9.4 device as not supporting security capabilities.
LO92010 Better handling of special character in mail header fields.
LO92080 Ignore a reply message with out a valid action defined.
LO92085 Hard delete processed notices vs soft delete to prevent from filling up trash folder.
LO92209 Second meeting room may be lost if event updated from mobile device.
LO92210 Unable to turn off iOS Verse application password via Domino policy document setting.
LO92257 Two instances of a previously processed event may show on mobile device if the daylight savings rules change for the time zone.
LO92303 SQL Syntax error adding index TSGUDTSTAMPCREATEIDXSQL9 on DB2.



Note: IBM Traveler 9.0.1.18 does not include a database schema update.

You can download the update as usual on IBM FixCentral.

An IBM Traveler 9.0.1.18 full installation package, which will be available on Passport Advantage on June 21, can be used to upgrade any previous Traveler server or to install a new environment.

Call for Abstracts DNUG Conference 2017 in Berlin

 3 April 2017 14:01:25
Die nächste DNUG Konferenz findet vom 31.05. bis 01.06.2017 in Berlin statt!  

Image:Call for Abstracts DNUG Conference 2017 in Berlin


Wer sich als Referent aktiv einbringen möchte, hat hierzu die Chance einen Abstract einzureichen.
Die einzelnen Tracks werden durch die einzelnen DNUG-Fachgruppen organisiert.

Ich selbst bin gemeinsam mit Jürgen Bischof Mitverantwortlich für die DNUG-Fachgruppe Mobile und würde mich über Abstract zu Mobile-Themen freuen.

Was mir hierbei am Herzen liegt:

Die DNUG ist eine User Group und lebt vom Austausch, der Diskussion und dem Networking untereinander. Daher würde ich mich freuen, wenn nicht nur die üblichen bekannten Sprecher Abstracts einreichen, sondern auch neue Gesichter sich motiviert fühlen, sich einzubringen.
Jeder hat bestimmte Herausforderungen oder Aufgaben bei sich im Unternehmen gemeistert und Lösungen gefunden, die sich im Alltag bewährt haben.
Warum diese nicht teilen und im Rahmen eines DNUG Vortrags vorstellen? Andere stehen in der Regel vor den gleichen Herausforderungen - die DNUG ist die Plattform diese Erfahrungen untereinander auszutauschen.

Wenn jemand also zu Mobile-Themen (IBM Traveler, Enterprise Mobile Device & Application Management, interessante Mobile Inhouse Projekte, Best Practices, ...) einen Vortrag halten oder an einer Diskussionsrunde teilnehmen möchte, kann sich gerne bei mir melden oder einfach Online bis zum 10.04.2017 den Abstract einreichen:

http://dnug.de/dnug44-call-for-abstract/

Wer selbst keinen Vortrag halten will oder kann, aber gerne ein Thema behandelt sehen möchte, kann mir gerne auch einfach einen Themenvorschlag per Mail schicken oder hier einen Kommentar hinterlassen. Ich würde dann schauen, ob wir hierzu einen Referenten in der Community finden.

IBM Traveler 9.0.1.17 fixing the issue introduced with 9.0.1.16

 21 März 2017 17:37:58
Today IBM released a new Traveler version called 9.0.1.17 (Build: 9.0.1.17 201703170414_200).

Image:IBM Traveler 9.0.1.17 fixing the issue introduced with 9.0.1.16

It’s a maintenance release that provides APAR fixes - no new features

Fixlist:

APAR # Abstract
LO90889 Invitee status not correct on mobile device if the invitee response is received in a non-syncing folder.
LO91550 Multiple ghost entries possible if adding invite to event that has outstanding updates pending.
LO91723 User may stop recieving updates to mobile device after mail server restarted and there is no backup mail server.
LO91733 Subject of mail replied to/forwarded from Windows 8 device may display incorrectly.
LO91762 IBM Traveler server may change case of Domino domain to all lower case when sending mail.
LO91770 Subject of new mail sent from Windows 8 device may display incorrectly.
LO91819 User may not be able to sync data to mobile device when the user's mail file name contains special characters.
LO91870 Wipe data option may be greyed out for iOS Verse client.



Note: IBM Traveler 9.0.1.17 does not include a database schema update.

You can download the update as usual on IBM FixCentral.

An IBM Traveler 9.0.1.17 full installation package, which will be available on Passport Advantage on 24th March., can be used to upgrade any previous Traveler server or to install a new environment.


Reminder: Requirements for running IBM Traveler on Domino 9.0.1 FP8

 8 März 2017 09:27:06
 As already mentioned here you will need IBM Traveler 9.0.1.16 before upgrading to Domino 9.0.1 FP8.

Have in mind that when you move your Traveler HA environment to Traveler 9.0.1.16 and Domino 9.0.1 FP8 the JVM will gets upgraded to Java 8.

Please check the following Technote before upgrading to FP8:


Abstract

The IBM Domino 9.0.1 FP8 release will include an upgrade to Java 8. This article details requirements for IBM Traveler servers to run Java 8.

Overview

The steps outlined below are required to run IBM Traveler on a Domino 9.0.1 FP8 or later server. It is not required to run Domino 9.0.1 FP8 or later to use the latest available IBM Traveler release.

Traveler Requirements

Java 8 support is included in IBM Traveler 9.0.1.16 and later releases. It is required to run this level or later on a Domino server running 9.0.1 FP8 or later.


JDBC Requirements
If running IBM Traveler with either DB2 or MS SQL enterprise database server, then follow these steps to ensure compatibility with Java 8.
  • If using DB2 server: In order to support Java 8 you must use DB2 JDBC Driver V10.5 FP7 (4.19.49) or higher, see technote 1983724 for details. The DB2 JDBC Driver can be downloaded directly from Fix Central, see technote 1363866 for download information. Copy the db2jcc4.jar file to the \Traveler\lib directory and restart the Domino server. Be sure to remove any old copies of the DB2 JDBC driver from the system.
  • If using MS SQL server: In order to support Java 8 you must use sqljdbc42.jar file from MS JDBC 4.1 or later release. Download the latest Microsoft SQL Server JDBC Driver from this site. For detailed system requirements for the SQL Server JDBC driver see this Microsoft article. Copy the sqljdbc42.jar file to the \Traveler\lib directory and restart the Domino server. Be sure to remove any old copies of the MS SQL JDBC driver from the system.  



https://www-01.ibm.com/support/docview.wss?uid=swg21999188


DNUG Webcast Fachgruppe Mobile - IBMs Mobile Strategy and Securing Mobile Applications - 14.03.17

 6 März 2017 11:37:22
Ich möchte an dieser Stelle gerne auf den nächsten geplanten DNUG Webcast am 14.03.2017 um 16:00 - 17:00 Uhr aufmerksam machen.

Image:DNUG Webcast Fachgruppe Mobile - IBMs Mobile Strategy and Securing Mobile Applications - 14.03.17

Wir haben für den DNUG Webcast zwei IBM'ler aus dem IBM Traveler und Mobile Product Team aus den USA gewinnen können.

IBM's Mobile Strategy and Securing Mobile Applications

No organization can ignore the fact we live in a mobile-drive world.  IBM software helps organizations support the mobile, social way in which today's companies work.  
Come here about IBM's mobile strategy and the latests updates on mobile applications such as IBM Traveler, IBM Watson Workspace, IBM Verse, IBM Connections, and more.  
Also, learn about the strategic direction of mobile security, and how the IBM mobile applications can help address mobile application management and security requirements.

Speakers:
Paul Miller - IBM Mobile Development Director
Bill Wimer - Mobile Senior Technical Staff Member
Detlev Pöttgen - midpoints (Moderator)


Die Anmeldung für den Webcast ist bereits über den folgenden Link möglich.
(Die Inhalte sollten auf der DNUG Webseite noch heute aktualisiert werden.)

http://dnug.de/event/dnug-webcast_2017-03-14/


Archive