fighting for truth, justice, and a kick-butt lotus notes experience.

IBM Domino Mobile Apps - Native Notes Apps runing on iPad

 12 Oktober 2018 15:28:16
A big innovation, which IBM showed on Tuesday at the IBM Notes Domino 10 Launch Event, are the IBM Domino Mobile Apps.

This is a separate native iOS app, which can run classic "old school" Notes applications without any adjustments. Including the possibility to create local replicas on the iPad and to really work offline.  
A preview version of the IBM Domino Mobile Apps can be expected at the end of this month.

I will report more here as soon as we are allowed to publish detailed information about the functionality, the scope of functions and requirements.
At the moment this appetiser should show what it looks like and what we can look forward to.

Thx to Hagen Bauer from IBM for sharing the first hands on!

Domino 10 - NSD no longer installs or runs as service

 11 Oktober 2018 20:28:54
If you misse the NSD Service after the upgrade to v10, don't panic. The upgrade worked like designed.
NSD no longer available to be run as a service in Domino and Notes 10.0

As of IBM Notes and Domino 10, Notes System Diagnostics (NSD) can no longer be installed and run as a Microsoft Windows service on Notes clients or Domino servers.  If you upgrade to release 10 from a previous release of a Domino server or Notes client that ran NSD as a service, the NSD service is uninstalled.
If you run NSD as a service in Notes or Domino 9.x, for reliability, best practice is to uninstall it. For information, see the section Uninstalling the NSD service in this topic in the Domino 9.0.1 documentation in Knowledge Center.

via IBM Technote:

IBM Traveler 10 aka is available

 11 Oktober 2018 09:46:43
Yesterday IBM released IBM Traveler 10 (Build 201809171646_20) in addition to Notes Domino 10.

Image:IBM Traveler 10 aka is available

IBM Traveler 10 is more a maintenance release with some new features, but primarily a continued release with fixes.

Please note that Traveler 10 does not require Domino 10, but Domino 9.0.1 FP8 is sufficient.

IBM Traveler requires Domino 9.0.1.x (or later) on Linux, Windows and IBMi platforms.   IBM Traveler requires Domino 10.0.x or later on AIX platforms.

IBM Traveler 10.0 can be used to update any previous Traveler environment running Domino 9.0.1.x or Domino 10.0.0.x without requiring a Domino upgrade.  Of course it is always recommended to keep Domino at the latest level.

Traveler 10 should therefore be treated like a version, that will probably not be available any more.

But to the new features and the fixlist:

What's New

·        New Traveler Administration APIs added to obtain push status information.  
            See for details.
·        Traveler statistics monitoring via Domino 10.0 integration with external monitoring services.
·        Added support for AIX 7.2 with Domino 10.0.x.
·        Added support for CentOS 7.x with Domino 10.0.x.
·        Traveler tell command "pmr" renamed to "support" and allows case number as argument by default.
·        Traveler installer is now 64 bit.  Therefore, it is no longer required to install 32 bit runtime libraries when installing Traveler on a 64 bit OS.
·        With Domino 10.0.x, the separate IBM Mail Server Add-on (IMSA) installer for Microsoft Outlook (IMSMO) support is no longer needed.  
           Simply use the Traveler server installer.  See​ for details.
Database Schema Update:

IBM Traveler 10.0 includes a database schema update for MS SQL Server deployments.

Fix List

Note: IBM Traveler includes all fixes delivered in all previous releases up to and including IBM Traveler in addition to the fixes listed here.

APAR # Abstract
TRAV-2522 Long email addresses with non-ASCII and rfc2047 especial characters may add extra double quotes to display names.
TRAV-2818 DBUsage (directly or via user dump) loses the IMSMO accumulation date.
TRAV-2827 NotesException while sending device security approval notice.
TRAV-2859 Sync failure due to invalid date error Aug 11 1910.
TRAV-2877 Attachment with file name mime.htm and display name C.htm may not sync to device.
TRAV-2947 Update "User Cleanup Timeout" on server document does not update NTS_ADMIN_CLEANUP_TIMEOUT as expected.
TRAV-2952 Master Monitor queue bottlenecked by slow response from mail servers.
TRAV-2961 XSS Vulnerability in file name for TPR upload form submission of file parameter.
TRAV-3004 Avoid streaming attachments just to calculate size.
TRAV-3018 Device Name and Approver ID may not support national language characters.
TRAV-3036 If NTS_MAIL_SERVERS_ALGORITHM is set to LOCALONLY or LOCALPREFER, look for a local replica with the same path and file as the primary server if the local replica isn't already in the list of replicas obtained from cldbdir.nsf.
TRAV-3074 CAException: convertBodyToPlainText Status=3a5a itemName=Body (ERR_HTMLAPI_NOT_SUPPORTED).
TRAV-3129 Updated APNS certificates, new expiration date Oct 14, 2019.
TRAV-3165 Reduce Dispatch logging to reduce network utilization.


Details can be found here:

The installation versions for Traveler 10 are already available for download in Fix Central and Passport Advantage.

New Interimsfix for IBM Notes for Mac OS Mojave

 22 September 2018 12:45:15
If you are a Mac user, you should install the latest IBM Notes client Interimsfix 9.0.1 IF16 to be safe for MAC OSX Mojave (10.14))

via @HCL_CollabSup on Twitter:

Get your new Interim Fix for the #IBMNotes Client MAC 64-bit (901IF16) today before MAC OS Mojave is released Monday!

#HCLCWPDev #WeLoveNotes #Domino2025

Fixlist Notes 64-bit 9.0.1 IF16:

IFBTB4QLEJ - Fix a Notes client crashes on new Mac OSX Mojave 10.14 release

You can download the Fix here

IBM Technote: Apple iOS 12 Mail, Calendar and Contacts fail to sync if HTTP Basic Authentication is not properly configured

 18 September 2018 20:40:25
IBM published a new Technote today, regarding issues with Traveler and iOS 12 devices, when HTTP Basic Authentification is not properly configured

Image:IBM Technote: Apple iOS 12 Mail, Calendar and Contacts fail to sync if HTTP Basic Authentication is not properly configured

Apple iOS 12 Mail, Calendar and Contacts fail to sync if HTTP Basic Authentication is not properly configured

Flashes (Alerts)


Starting with Apple iOS 12, native Mail, Calendar and Contacts applications fail to sync if HTTP Basic Authentication is not properly configured.


Starting with Apple iOS 12, native Mail, Calendar and Contacts applications fail to sync if HTTP Basic Authentication is not properly configured.

Prior to Apple iOS 12, the device would send the HTTP Authorization with the user's credentials on the first request.  As long as the credentials were correct, the device would not get challenged for credentials and it would not matter if the challenge was an HTTP 401 response (correct) or not (such as an HTTP 200  form login HTML response).  

But starting with Apple iOS 12, the device no longer sends the HTTP Authorization header on the initial request which means that it will always get a challenge response for the user's credentials; if this challenge is an HTTP 401 (basic authentication), the devices should continue to work, but if it is some other sort of challenge (such as an HTTP 200 with a form), the devices will be unable to connect to sync.

IBM Traveler has always documented that HTTP Basic Authentication is required (  
Prior to Apple iOS 12, even improperly configured servers would allow the devices to sync because of the credentials being supplied without requiring a challenge.  But with the change on Apple iOS 12, properly configured HTTP Basic Authentication truly is required or the Apple iOS 12 devices running the native applications will be unable to sync.

Related information: Configuring IBM Traveler server - HTTP authentication

via IBM Technote

Must read: HCL - Iris is back again

 14 September 2018 15:57:41
John Curtis of HCL has published a wonderful blog post, which answers some questions for me and confirms my opinion, what went wrong at IBM regarding Notes Domino and the ICS products in the last years.

The longer article should be read by everyone to understand how HCL ticks and which team got together again.

Image:Must read: HCL - Iris is back again

The post makes me optimistic for the future and my previous experiences with HCL are very positive. So much already as feedback from the participation in the Betas and the discussions around the HCL Factory Tour.

Iris is back and HCL brings new life, new ideas, regained freedoms and very important engagement into the products (Notes, Domino, Sametime, IBM Mobile Connect, On-Premises) which are neglected by IBM management during the last years.

I could already see and touch some upcoming things (unfortunately I'm not allowed to tell you more about this yet) and I only say one thing about it: Wonderful - A dream comes true

They're baaack!

Many thanks in any case to John Curtis for his view of things and the courage to post this.

Read John Curtis Blogpost here: The Iris Bloodline

New iOS 12 MDM feature to control access to contacts by third-party apps

 14 August 2018 14:53:29
Starting with iOS 11.3 in the spring of this year Apple already created the possibility to control which third party apps (keyword: WhatsApp) can access the managed company contacts of the ActiveSync account via MDM restrictions.
This was done via the Managed OpenIn restrictions. These can be used to control whether an unmanaged app can access the content of a managed app or account.

See also my blog post: ios-11.3-update-regarding-contact-containisation.htm

Apple released an updated Configuration Profiles documentation yesterday, which contains two new restrictions, among other iOS 12 extensions, that allows additional control to access contacts, when Managed OpenIn restrictions are being set to false.


Optional. If set to true, managed apps can write contacts to unmanaged contacts accounts.

Defaults to false.

If allowOpenFromManagedToUnmanaged is true, this restriction has no effect.
A payload that sets this to true must be installed via MDM
Availability: Available only in iOS 12.0 and later.



Optional. Supervised only. If set to true, unmanaged apps can read from managed contacts accounts.

Defaults to false.

If allowOpenFromManagedToUnmanaged is true, this restriction has no effect.
A payload that sets this to true must be installed via MDM.
Availability: Available only in iOS 12.0 and later.


16. OpenUserGroup-Westfalen Stammtisch am 29.08.18 in Bielefeld

 7 August 2018 15:41:41
Bitte schon einmal Vormerken:

Image:16. OpenUserGroup-Westfalen Stammtisch am 29.08.18 in Bielefeld

Der 16. OpenUserGroup | Westfalen Stammtisch findet am Mittwoch, den 29.08.18 in Bielefeld statt.

Neben dem "networken" und der Diskussion aktueller Themen in gemütlicher Runde bei einem guten Essen und Kaltengetränken wird ein kurzer Impulsvortrag rund um die IBM und HCL Collaboration & Social Produktfamilie gehalten.

Start ist um 18:00 Uhr:

Aktuelle News aus der IBM und HCL Welt:

- Notes Domino v10 – New Features
- Domino Apps on iPad – HCL Nomad
- HCL Factory Tour und DNUG Review
- Gemeinsame Diskussion  

Weiter Details zum Stammtisch, der Lokation und der Agenda findet ihr hier: OpenUserGroup | Westfalen

Neue Mitglieder sind gerne Willkommen. Bitte einfach bei mir melden oder kurz das Kontaktformular ausfüllen: OpenUserGroup | Westfalen - Kontakt

PS: Wie immer:  Die Veranstaltung selbst ist Kostenfrei - Die verzehrten Speisen und Getränke zahlt jeder Teilnehmer aber selbst.

midpoints LE4D 2.0 – some hints

 30 März 2018 12:31:29
On March, 28th, we released Let's Encrypt 4 Domino aka LE4D . If you are running LE4D v1.x, you must update to v2.0.

Certificate renewal will no longer work with v1.x because of some changes Let's Encrypt made on their Let’s Encrypt API endpoint.

If you are new to Let's Encrypt 4 Domino  you can get it here:

Here are some additional hints to get v2.0 working:

Settings documents are disabled after design update to v2.0

In v2.0, we added a new feature to toggle the status of setings documents.

Image:midpoints LE4D 2.0 – some hints

All new settings are disabled by default. You have to enable them prior to run the agent.

Error: No trusted certificates found

You might see the following error message on the Domino console:
29.03.2018 08:21:39   Agent Manager: Agent  error: Caused by:
29.03.2018 08:21:39   Agent Manager: Agent  error: No trusted certificate found

29.03.2018 08:21:39   Agent Manager: Agent  error:         at

This happens most likely after you have applied a Domino FP or HF. In all cases we have seen, the cacerts is replaced with the default cacerts during FP/ HF install.

To fix this problem, you have to import the needed certificates again.

The certificates can be found here

You should import the ISRG Root X1 CA and the two Intermediate certs:

ISRG Root X1 (self-signed)

    ◦        Let’s Encrypt Authority X3 (IdenTrust cross-signed)

    ◦        Let’s Encrypt Authority X3 (Signed by ISRG Root X1)

An “HowTo” about importing the certs can be found here:

Error: Order’s status (“invalid”) was not pending

You might see the following error message on the Domino console:
28/03/2018 22:51:58   Agent Manager: Agent  error:         at Source)
28/03/2018 22:51:58   Agent Manager: Agent printing: [ERROR] – Order’s status (“invalid”) was not pending

28/03/2018 22:51:58   Agent Manager: Agent printing: LE4D  – finished!

Due to the change in the underlying ACME protocol, Let’s Encrypt needs to re-validate the HTTP challenge on certificate renewal.
To do this, the challenge token must be accessible on the Domino server on port 80.

If you only have port 443 enabled or forward port 80 to 443, then the challenge will fail and you will see the error message.

Just for clarification. Port 80 is only needed for the first time challenge validation after the upgrade to LE4D v2.0. It is also needed, when you change the configuration and add a new host to the existing list of hostnames.

After the challenge has been validated, you can close port 80 again. It is not needed for certificate renewal.

Announcing - Lets Encrypt for Domino v2.0 - Just Do SSL

 28 März 2018 18:07:34
We are pleased to announce today the new version 2.0 of Let's Encrypt 4 Domino aka LE4D

Image:Announcing - Lets Encrypt for Domino v2.0 - Just Do SSL


If you are already using LE4D, be sure to update to the new version 2.0.  
Starting March, 16th, the renewal of certificates generated with version 1.0 is longer possible due to a changes Let's Encrypt made to their CA-API-infrastructure.

What is new in LE4D 2.0

LE4D 2.0 uses the ACME v2 protocol, based on Java 8, and is supported on Domino 9.0.1 FP8 + on Windows & Linux.
The complete code is now contained in a single Java agent.  
The internal communication between the agent and the XPage in LE4D 1.0, which controlled the certificate generation and renewal, is therefore eliminated.

The support for wildcard certificates is not included in this version, but will be available in the next few weeks.  

How to upgrade to LE4D 2.0

Already existing LE4D users should already received an email from me with the new version.

To upgrade an existing installation simply replace the design of your LE4D application with the new template.
You can delete the data in the LE4D workdir. The data does no longer work with the new ACME v2 protocol.

LE4D has been tested on Domino 9.0.1 FP8, FP9 and FP10 on both, Windows and Linux. There are no known issues.

For further information on how to do a first time setup refer to the documentation. The documentation is part of the zip package.

I made an additional blog post regarding possible issues and how to solve them: midpoints LE4D 2.0 Some Hints

If you have any feedback or suggestion, pls. let us know.

Let' Encrypt !