fighting for truth, justice, and a kick-butt lotus notes experience.

Announcing - Lets Encrypt for Domino v2.1 - Just Do SSL

 12 Juli 2019 08:37:24
Today we are pleased to announce the new version 2.1.0 of midpoints Let's Encrypt 4 Domino aka LE4D

Image:Announcing - Lets Encrypt for Domino v2.1 - Just Do SSL
LE4D 2.1.0 uses the ACME v2 protocol, based on Java 8, and is supported on Domino 10 and Domino 9.0.1 FP8+ on Windows & Linux.

What's new in LE4D 2.1.0


-        Multi value field for Domain now supports comma, semicolon and new line as separator.

-        New Setting: HTML Directory to support custom domino/html directory.

-        New Restart Option:  Restart of the Domino Server after successfully renewal.

-        Extended log messages during agent execution.

-        Agent output will be added and saved in the settings document and can be viewed there.

-        Added additional hints in the settings form to make it a little bit easier to start using LE4D.


Upgrade Instruction


-        Request the new version here:
https://www.midpoints.de/LE4D
               We are sending out the new version by mail. Please, check your spam folder, if you don't receive it within 15 minutes after sending the request.

-        Sign the new downloaded Template
-        Upgrade the database design of your existing LE4D database

-        Open the database and your existing settings documents once and save them


Regarding Let's Encrypt Wildcard Certificates


We are getting asked quit often regarding support for Let's Encrypt wildcard certificates and we already have a running prototype, that works really well - but:


The Let's Encrypt ACME protocol for wildcard certs is using a DNS challenge instead of a HTTP challenge used for a single server certificate.

We had a running prototype supporting wildcards, but we skipped further development, because you will have to add a TXT-Record with the challenge to your DNS zone.
The challenge will change with every renewal, so you will have to automate the update of the TXT-Record on your DNS server too.

The problem here is, that every DNS server solution or hoster provides their own set of APIs to do that. There is no standard DNS API.

Our own hoster for example does not provide any DNS API for example, only a webfrontend to manage the DNS zone.
We tried to find a solution by running a local small DNS server integrated into LE4D and to configure a DNS delegation for the ACME DNS challenge pointing to the local DNS server.
It works yeah! We can get Let's Encrypt Wildcard Certificates issued by LE4D running on your Domino Server and we were able to do automated renewals.

But the requirements and configurations will be complex. You will have to make changes to your DNS zone (hint: DNS delegation) and open additional firewall rules to allow incoming DNS queries to our local LE4D integrated DNS server. We already started doing a documentation, but it is a longer list of steps and the number of possible error cases are high.

Because LE4D is for free and we don't make any money with it, the time for support and development to implement and test against all the different DNS API's would costs us to much time and money :-(


So - at the moment LE4D does not support wildcard certs.



If you have any feedback or suggestion, pls. let us know.


Let' Encrypt !

Domino gehoert nun HCL und das ist gut so

 2 Juli 2019 13:26:08
Das lange Warten hat ein Ende und jetzt ist es offiziell:

Seit gestern dem 01.Juli 2019 gehört die IBM Collaboration Produktfamilie (Notes, Domino, Sametime, Connections, Portal, Mobile Connect, ...) nun allein verantwortlich HCL International.
Der Verkauf wurde bereits am 06.12.2018 angekündigt und hat sich nun doch bis zum 30.06.2019 hingezogen. Die mehr als sechs Monate waren eine komische Zeit:

HCL durfte nicht über zukünftige geplante Dinge sprechen, obwohl sie bereits daran entwickeln und die IBM durfte auch nicht über Dinge sprechen, die HCL plant.
Somit war es insbesondere im Connections-Umfeld sehr ruhig in den letzten Monaten.

Ich freue mich darauf, dass die Zeit des Wartens vorbei ist und es gemeinsam mit HCL vorrangeht.  Wer auf der diesjährigen DNUG in Essen war, hat die Aufbruchstimmung mitbekommen. HCL ist offener, agiler und engagierter als es die IBM in den letzten 10 Jahren je war. Das wachsende HCL-Team steht hinter ihren Produkten und lebt diese auch. Das war unter dem oberen IBM Management anders.

In dieser Woche sind viele Bekannte alte Lotus Gesichter, die entweder bei der IBM in andere Bereiche gewechselt waren oder die IBM verlassen haben, zu HCL gewechselt:

Maureen Leland, Stefan Wissels, Bill Wimer, Wes Morgan, Dave Kern, Andre Hagemeier, ...

Nun was ändert sich:

Wir als midpoints GmbH sind bereits HCL Partner und in engem Kontakt und Austausch mit HCL. Somit bleiben wir Ihr Ansprechpartner für Notes, Domino, Traveler oder Mobile Connect.
Wir sind natürlich aktuell weiterhin IBM Business Partner, aber ob wir dies auch noch 2020 sein werden, wird die Zeit zeigen.

Für Sie als Kunde bleiben Ihre laufenden IBM Software und Wartungsverträge weiterhin gültig, welche in Zukunft aber von HCL erfüllt werden. Ansprechpartner für Neulizenzen ist der HCL Partner Ihres Vertrauens.



PS: Ich musste das letzte Jahr sehr oft an ein Lied der Einstürzenden Neubauten aus dem Anfang der 90’er Jahre denken: Die Interimsliebenden


Image:Domino gehoert nun HCL und das ist gut so

Die Interimsliebenden passt sehr gut, wie die IBM und HCL in vielen Bereichen sehr gut  zusammengearbeitet haben, auf der anderen Seite sich gegeneinander sehr genau beobachtet und belauert haben. Die Interimsliebenden sind nun getrennt und die Zukunft der Collaboration Produkte ist bei HCL in guten Händen.

#dominoforever

10 years netzgoetter blog

 30 Mai 2019 13:52:08
wow - how time flies. 10 YEARS

Image:10 years netzgoetter blog

Today I saw accidentally that I have been running the netzgoetter blog for 10 years now.


When I started it in 2009, I just wanted to give it a try. On the one hand whether I have something to report regularly and much more importantly whether someone is interested to read it.

 
Many thanks to everyone who subscribed to my blog or read it regularly. The 10 years have been a lot of fun for me in any case.


Although it has become a little quieter here, as I now post more via Twitter, but there are exciting topics in the coming months, which I would like to accompany here as well:


Professionally it is the upcoming takeover of the IBM Notes Domino business by HCL. A lot of positive things happened here last year and I am looking forward to the things to come.


In my private life, I am currently very much interested in e-mobility and photovoltaics. I have been driving purely electrically for three months now and love it!
Next month I will have my solar system with battery storage installed in order to charge my Tesla as CO2 neutral as possible from my own roof.  

But I'm not sure yet whether I should publish my experiences here or set up a separate new blog for it.


Thank you so much for your support during the last 10 years



PS: Since I am often asked, how you can thank me for a hint or solution, I have inserted a Buy-Me-A-Coffee link in the navigation. I'm always available for a cup of coffee :-)

Traveler HA running on MS SQL Server issue with TLS 1.2 and travelerutil command

 5 April 2019 17:57:17
Last week I installed a new Traveler HA environment at customer side.

We started with Traveler 10.0.1.1 on Domino 10.0.1 from scratch with a Microsoft SQL Server in the back.


When running the travelerutil command to configure the MS SQL connection, we were not able to connect to the MS SQL system seeing the following error:


com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption


The reason for the error, was quickly found and IBM published a matching Technote 2 day earlier on 27th of March.


https://www-01.ibm.com/support/docview.wss?uid=ibm10871764&myns=swglotus&mynp=OCSSYRPW&mync=E&cm_sp=swglotus-_-OCSSYRPW-_-E

The MS SQL server is now using TLS 1.2 by default.

The root cause of the issue is the IBM JVM being used by the Domino server for both the HTTP and Traveler tasks.  By default, the IBM JVM tries to use TLS 1.0 and does not retry using TLS 1.2 unless certain JVM options are specified.


If you have an existing Traveler service pool and MS SQL server in the back and your MS SQL admin enabled TLS 1.2, you will be in trouble.


You will have to launch the Domino JVM with an additional JVM option:


-Dcom.ibm.jsse2.overrideDefaultTLS=true


The IBM Technote explains the three needed steps in detail:

Step 1:

Create a new jvmOptions.properties file in the domino_data/traveler/cfg folder containing:


-Dcom.ibm.jsse2.overrideDefaultTLS=true


Step 2:

Set the following notes.ini JavaUserOptionsFile property to point to the new file created in Step 1

Example:


Linux:  JavaUserOptionsFile=/local/notesdata/traveler/cfg/jvmOptions.properties
Windows:   JavaUserOptionsFile=C:\Program Files\Domino\data\traveler\cfg\jvmOptions.properties


Note: If JavaUserOptionsFile parameter already specifies a JVM Options file, simply append this setting the JVM Options file already being used:  -Dcom.ibm.jsse2.overrideDefaultTLS=true


Step 3:


Set the notes.ini NTS_JAVA_PARMS property on all Traveler servers.


NTS_JAVA_PARMS=-Dcom.ibm.jsse2.overrideDefaultTLS=true

Note:  If NTS_JAVA_PARMS is already defined, add a space and -Dcom.ibm.jsse2.overrideDefaultTLS=true to the existing value.  


So we created the jvmOptions.properties file and added the JavaUserOptionsFile and NTS_JAVA_PARMS notes.ini properties, restarted the server,  but the travelerutil tool still did not work.

The traveler util is a simple commandline script executing a Java program.

To get it working you will have to add the
-Dcom.ibm.jsse2.overrideDefaultTLS=true option to the travelerutil script, too.

Here is an example:  Red marked - what and where we add the option



@echo off

pushd "E:\Lotus\Domino\data"

setlocal

set PATH=D:\Lotus\Domino;D:\Lotus\Domino;%PATH%

"D:\Lotus\Domino\jvm\bin\java.exe"
-Dcom.ibm.jsse2.overrideDefaultTLS=true -cp "D:\Lotus\Domino\Traveler\lib\*" -Ddomino.data.dir="E:\Lotus\Domino\data" com.lotus.sync.util.OfflineUtilities "D:\Lotus\Domino" "E:\Lotus\Domino\data" "D:\Lotus\Domino\notes.ini" %*
endlocal

popd



After the changes all works fine :-)

Call for Abstracts DNUG Conference 2019 in Essen

 11 März 2019 14:41:47
Die nächste DNUG Konferenz findet vom 04.06. bis 05.06.2019 in Essen statt!  

Image:Call for Abstracts DNUG Conference 2019 in Essen

Wer sich als Referent aktiv einbringen möchte, hat hierzu die Chance einen Abstract einzureichen.

Die einzelnen Tracks werden durch die einzelnen DNUG-Fachgruppen organisiert.


Ich selbst bin gemeinsam mit Jürgen Bischof mit verantwortlich für die DNUG-Fachgruppe Mobile und würde mich über Abstract zu Mobile-Themen freuen.


Was mir hierbei am Herzen liegt:

Die DNUG ist eine User Group und lebt vom Austausch, der Diskussion und dem Networking untereinander. Daher würde ich mich freuen, wenn nicht nur die üblichen bekannten Sprecher Abstracts einreichen, sondern auch neue Gesichter sich motiviert fühlen, sich einzubringen.

Jeder hat bestimmte Herausforderungen oder Aufgaben bei sich im Unternehmen gemeistert und Lösungen gefunden, die sich im Alltag bewährt haben.
Warum diese nicht teilen und im Rahmen eines DNUG Vortrags vorstellen? Andere stehen in der Regel vor den gleichen Herausforderungen - die DNUG ist die Plattform diese Erfahrungen untereinander auszutauschen.

Wenn jemand also zu Mobile-Themen (IBM Traveler, IBM Domino Mobile Apps, Enterprise Mobile Device & Application Management, interessante Mobile Inhouse Projekte, Best Practices, ...) einen Vortrag halten oder an einer Diskussionsrunde teilnehmen möchte, kann sich gerne bei mir melden oder einfach Online bis zum 15.03.2019 den Abstract einreichen:


https://dnug.de/dnug46-call-for-abstracts/

Wer selbst keinen Vortrag halten will oder kann, aber gerne ein Thema behandelt sehen möchte, kann mir gerne auch einfach einen Themenvorschlag per Mail schicken oder hier einen Kommentar hinterlassen. Ich würde dann schauen, ob wir hierzu einen Referenten in der Community finden.

Traveler Sync Issue with more than one device

 5 Februar 2019 15:09:49
Daniel Nashed made a blog post a few minutes ago and I want to proxy the post here.
We worked together on this issue and are having different customer situations, where we are seeing this issue.

We ran into a situation where secondary devices not used all the time had missing mails, contacts and events.
That's a reason why Verse or SecurePIM users are affected more than iOS native users, because over the weekend the Verse / SecurePIM will be closed in most situations.

This was a long going support ticket, because it was very difficult to provide data from when the problem initially occurred.

It turned out that this is caused by a bug in the way the cache worked. The cache is removed after the device is inactive (by default 24 hours) and the next sync when coming back when the device came back was affected by this.

The fix is in Traveler 10.0.0 and higher. Traveler 10 is the next version after 9.0.1.21 and works on a Domino 9.0.1 server with current FPs (I would recommend using the latest IF for FP10).
In contrast to Domino 10, Traveler 10 is an incremental release -- even it has some new features. So installing the Traveler 10.0.1 release on your Domino 9.0.1 FP10 server is perfectly OK.

For some internal reason the fix was not included in the fixlist but the fixlist has been updated end of last month.
See description of the fix here --> https://www.ibm.com/support/docview.wss?uid=swg1LO93818

From what we see this does not only happen if the Traveler server was shutdown but also when all devices for an user are offline.

To figure out if you have the issue, there is a command "DbRecordsCheck"  that you can run on your Traveler server.
This check takes a while and goes thru all sync state entries for all users and devices.
It will tell you which users have missing device records by comparing the table of documents that should be synced with what actually is synced.

You can also take a dump for an individual user and check the dumped data for missing "DB records".

Example:
tell traveler dump detlev poettgen

Check the dump for lines that look like this:


  100000000000181001: ApplDMPT12XYZABC DB record was not found for this device.  LGUID: 100000000035031204 Type: 100000000000000401 (Event)
  100000000035510212: 6978dbc6ffab4180a1e1c7f16d42f70e timeSyncInDevice: 1543308447 (11/27/2018 09:47:27) timeSent: 1543308447
(11/27/2018 09:47:27) DeviceRecordId: 100000000035031204 tsTaggedForSlowSync: 0 mChangeData: 0 mChangeMove: 0


But if you want check all your users the db records check command is the right way.

It comes in two different modes

1. just check the records and show affected users
2. check the records and if missing records are identified reset the device


We took the approach to first check for all users and from the list we took the VIP users and users we know have been on the road and reset them manually.

Example:
tell traveler reset ApplDMPT12XYZABC detlev poettgen


The command is either

Example:
tell traveler DbRecordsCheck show 2500

Or if you directly want to repair by resetting the users:

Example:
tell traveler DbRecordsCheck repair 2500

The number is the maximum number of users that should be checked/fixed.

See https://www.ibm.com/support/docview.wss?uid=swg1LO87614 for reference.

The result looks like this


10.12.2018 12:41:41   Traveler: IBM Traveler Database is checking the records for 2202 accounts...
10.12.2018 15:02:38   Traveler: 316 out of 2202 accounts were missing records and may need to be reset.
10.12.2018 15:02:38   Traveler: Command DbRecordsCheck Show complete.


The error for a user looks like this:

10.12.2018 12:44:08   Traveler: CN=xyz.../O=Acme with account ID 100000000001234567 is missing at least one Traveler database record for a device but not all devices.  The first encountered record to be missing has LGUID 200000000012345678 and was not found



The command runs a while (it could be 1 hour or more for 1000 users) and checks one user after another.
So if you are concerned about resetting too many users at a time, the reset will be spread over time just by the time it takes to analyze.


Conclusion/Recommendation:

If you are concerned that you might have this issue, you should do a DbRecordsCheck show first.
When you have users facing this issue, you should upgrade to Traveler 10.0.1 first and afterwards run the DbRecordsCheck repair command or reset users/devices individual.

If an user is in a good network location, it will take a couple of seconds to resync a device.
But you should take care when users are on the road with a slow network connection!



IBM Traveler 10.0.1.1 available and why you should upgrade

 5 Februar 2019 10:04:50
Today IBM released IBM Traveler 10.0.1.1 (Build 201901271808_20) in addition to the Notes Domino 10.0.1 Group 1 language pack.

Image:IBM Traveler 10.0.1.1 available and why you should upgrade

IBM Traveler 10.0.1.1 is more a maintenance release but with two important fixes beside others.

First Fix:
MIME message processing reads attachments multiple times

This is really an important one. Before this fix a MIME message including attachments reads and downloads the attachment two times from the mail server.
First to get the exact file size and a second time, when the attachment is requested by the device. That was ... not smart, right?

This is fixed now. There were already improvements in that space in 10.0.0 and 10.0.1 but hopefully 10.0.1.1 will fix it finally.

Second Fix:
Emails with body data type TEXT get converted to error message


When your mail includes a Body field as Text field not Richtext, 10.0.0 should show a message, that the mail is misformatted and should be opened with iNotes.
This can happen, when the mail was generated by an agent and the developer created a Body Text field instead of an Richtext field.

This is fixed now, too.

Beside another topic (Traveler sync issue ) , it is a good idea to upgrade to 10.0.1.1.



Please note that Traveler 10 does not require Domino 10, but Domino 9.0.1 FP8 is sufficient.

IBM Traveler 10.0.1.1 requires Domino 9.0.1.x (or later) on Linux, Windows and IBMi platforms.  

IBM Traveler 10.0.1.1 can be used to update any previous Traveler environment running
Domino 9.0.1.x or Domino 10.0.0.x without requiring a Domino upgrade.  
Of course it is always recommended to keep Domino at the latest level.



Database Schema Update:


IBM Traveler 10.0.1.1 does not include a database schema update, however Traveler 10.0.0.0 had a small schema update for MS SQL Server deployments.

Fix List


Note: IBM Traveler 10.0.1.1 includes all fixes delivered in all previous releases up to and including IBM Traveler 10.0.0.0 in addition to the fixes listed here.


TRAV-3274
- Set alternate out of office message for IBM Traveler on premises versions (already available in the IBM Connections Cloud)
TRAV-3283
- Remove warning message for client certificate authentication setting
TRAV-3298
- Emails with body data type TEXT get converted to error message
TRAV-3307
- Invalid Copyright in database DDL
TRAV-3279
- MIME message processing reads attachments multiple times
TRAV-3401
- Console messages: WARNING *system Thread could not be found for session



Details can be found here:

https://www-01.ibm.com/support/docview.wss?uid=ibm10729985


The installation versions for Traveler 10 are already available for download in Fix Central and Passport Advantage.

Link to Fix Central: here

DNUG Development Day - 20.02.2019 - Essen

 31 Januar 2019 10:53:26
Am Mittwoch, 20. Februar 2019 lädt die DNUG Fachgruppe Development von 9 bis 17 Uhr nach Essen zum Development Day 2019 ein.

Image:DNUG Development Day - 20.02.2019 - Essen

Die Agenda des Fachgruppentages umfasst u.a. Themen wie


- Node.js &DQL
- Domino 10 aus Developer Sicht
- Open NTF Update
- IBM Domino Mobile Apps for iPad

Ich bin bei dem Tag auch mit einem Vortrag dabei und stelle im Detail die neue IBM Domino Mobile Apps for iPad vor:

Mit der IBM Domino Mobile Apps ist es erstmals möglich, bestehende Notes Client Anwendungen dirket auf dem iPad zu nutzen. Wir stellen die Lösung im Detail vor und werfen dabei auch einen Blick hinter die Kulissen:


- Wo liegen aus Sicht des Entwicklers die Unterschiede zu einem „normalen“ Notes Desktop Client?
- Wie kann App-Installation und die Erstkonfiguration vereinfacht werden? -
- Was sollte man bei der Erstellung oder Anpassung von Notes Anwendungen für das iPad beachten?


Da sich mit Domino 10.0.1 -insbesondere für Entwickler - viel getan hat, kann ich jedem die Teilnahme nur empfehlen. Für DNUG Mitglieder ist die Teilnahme übrigens kostenfrei möglich.

Schnell anmelden, es sind noch ein paar Plätze frei.


DNUG - Development Day 2019 - Agenda & Anmeldung



IBM Traveler 10.0.1 available

 18 Dezember 2018 10:04:06
Today IBM released IBM Traveler 10.0.1 (Build 201811191126_20) in addition to Notes Domino 10.0.1

Image:IBM Traveler 10.0.1 available

IBM Traveler 10.0.1 is more a maintenance release with one new features and two documented fixes.


If you are using Secure PIM this release is yours.


Please note that Traveler 10 does not require Domino 10, but Domino 9.0.1 FP8 is sufficient.


IBM Traveler 10.0.1 requires Domino 9.0.1.x (or later) on Linux, Windows and IBMi platforms.   IBM Traveler 10.0.1.0 requires Domino 10.0.x or later on AIX platforms.

IBM Traveler 10.0.1 can be used to update any previous Traveler environment running Domino 9.0.1.x or Domino 10.0.0.x without requiring a Domino upgrade.  Of course it is always recommended to keep Domino at the latest level.




But to the new features and the fixlist:


What's New


·        
Support Firebase Cloud Massaging (FCM) for automatic push notifications for Android based mobile devices..  

Database Schema Update:


IBM Traveler 10.0.1.0 does not include a database schema update, however Traveler 10.0.0.0 had a small schema update for MS SQL Server deployments.

Fix List


Note: IBM Traveler 10.0.1.0 includes all fixes delivered in all previous releases up to and including IBM Traveler 10.0.0.0 in addition to the fixes listed here.


- TRAV-3214
  SecurePIM S/MIME sync issue with Fetch Cache enabled.
- TRAV-3223
   Allow configuration of Admin action URL for device approval.


Details can be found here:

https://www-01.ibm.com/support/docview.wss?uid=ibm10729985


The installation versions for Traveler 10 are already available for download in Fix Central and Passport Advantage.


Link to Fix Central: here



DNUG Fachgruppentag Mobile zu IBM Domino Mobile Apps

 17 Dezember 2018 15:29:41
Zum Start ins neue Jahr lädt die von mir mitgeleitete DNUG Fachgruppe Mobile zu einen kompakten, praxisnahen Workshop rund um IBM Domino Mobile Apps for iPad (IDMA) ein.

Image:DNUG Fachgruppentag Mobile zu IBM Domino Mobile Apps

Termin: Dienstag, der 22.01.2019 - 09:30-16:30


Ort: Fulda

Der Tag wird ganz im Zeichen der neuen App „IBM Domino Mobile Apps for iPad“ (IDMA) stehen.
Mit dieser App können klassische Notes-Anwendungen ohne spezielle Anpassungen auf dem iPad verwendet werden – inklusive der Möglichkeit mit lokalen Repliken wirklich offline arbeiten zu können.


Agenda:


Wir beschäftigen uns u.a. mit folgenden Themen:


- Einführung IBM Domino Mobile Apps
- Deployment, Vorkonfiguration und MDM-Integration der IDMA App

- Fine Tuning und Optimierung von Notes-Anwendungen für IDMA

- IDMA und Domino als Rapid Application Development (RAD) Plattform für Mobile Apps: Ein praktisches Beispiel


An dem Tag soll das Thema Informationsaustausch und Best Practices nicht zu kurz kommen und soll im Sinne einer Fachgruppe / Arbeitskreises auch dem Informationsaustausch der Teilnehmer untereinander dienen.


Von daher sind alle (auch nicht DNUG Mitglieder) herzlich eingeladen, an dem Workshop teilzunehmen.

Für DNUG Mitglieder ist die Teilnahme kostenfrei - Die Teilnahmegebühr für Nichtmitglieder beträgt 149,00 € zzgl. MwStr.!

Hinweis: Falls jemand spezielle Fragen oder Probleme mit der aktuellen IDMA Beta hat, die im Workshop angesprochen werden sollen. Bitte mir diese Punkte im Vorfeld gerne schicken, dann schaue ich, ob diese noch in die Agenda aufgenommen werden können.


Link zu weiteren Details und zur Anmeldung: hier


  • Über diesen Blog
  • Datenschutz
  • Impressum
  • Kontakt

  • If you like the Blog...Donate
  • Buy me a coffeeBuy me a coffee


Archive