203 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
Our story continues.....
Tue, Dec 13th 2016 5
#employed
Tue, Nov 15th 2016 5
An iOS10 gotcha for the 16GB'ers
Thu, Sep 15th 2016 6
Missed the blog-o-versery
Tue, Aug 16th 2016 7
My updated birthday edicts! - OBEY!
Tue, Jun 28th 2016 4
With my boots on
Thu, Apr 14th 2016 5
The Curious Case Of The Configuration Document
Sun, Feb 7th 2016 7
Top 10
Unable to find where I am in Sametime
Fri, Jan 9th 2015 8
A mystery......
Wed, Dec 4th 2013 8
Missed the blog-o-versery
Tue, Aug 16th 2016 7
The Curious Case Of The Configuration Document
Sun, Feb 7th 2016 7
Don't cry because it's over. Smile because it happened.
Thu, Feb 5th 2015 7
An iOS10 gotcha for the 16GB'ers
Thu, Sep 15th 2016 6
My Birthday Edicts - Obey!!! (Updated!)
Sun, Jun 28th 2015 6
The horrors of migrating to Domino when Single Item Recovery is in use on Exchange
Mon, Mar 16th 2015 6
The annoyance that is encrypted internet mail
Wed, Jan 22nd 2014 6
Andy's Guide to Connect-o-sphere 2014
Sat, Jan 4th 2014 6


The Curious Case Of The Configuration Document
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
   

Wow, had to blow the dust off of the old blog here so that I could share something I learned over the weekend.  And it was a bitter lesson, indeed.

Here's the scenario:
Had to stand up a new Domino server in my domain that would allow for SMTP traffic between us and our cloud based anti-spam/malware service.  A requirement of this mail flow topology is that the connectivity between my on-prem and cloud solution must have TLS connectivity.  Okay, not a big deal, right?  Well, it didn't work out that smooth.

First, I followed Gab's steps on how to create a secure SSL certificate with Domino.  Yes, Gab is awesome for writing these steps up.  Then, I went through and followed the standards that IBM has had set for years on setting your configuration document up to allow for TLS to work.  Okay, no worries, right?  Well just like in life, things don't always work the way you want them to.  When we started testing of the mail flow, we were getting repeated messages from the vendor in the cloud that they Domino server was not allowing for a STARTTLS session.  So I opened a ticket with IBM, I opened a ticket with the vendor, I had people at work much more knowledgeable then me try to hack into the servers connection and they were able to get a STARTTLS, but nothing I did with anyone , vendor, consultant worked.  

And that's when it hit me.

I deleted the configuration document for that particular Domino server, replicated that delete around, then went back in and recreated it from scratch.  Brand new document.  Made sure all my settings were set correctly, (based on the IBM doc and a server that is already doing this in my enviroment), and then walked away from it for a while.  After a bit, I started seeing STARTTLS, (we had logging on), start flashing across my server console.  Yes Virgina, there is a STARTTLS Santa Claus!  

So, why did that work?  The simple answer is, I don't know.  It's Domino.  Domino, while it's a powerful server platform, does fall prey at times to corruption in documents.  My thought was creating a brand new server config document from the ground up may help.  In this case it did.

My word to the wise, when all else fails, go back to the basics and start over.  In this case, it paid off and we are securely communicating.




---------------------
http://macian.blogspot.com/2016/02/the-curious-case-of-configuration.html
Feb 07, 2016
8 hits



Recent Blog Posts
5
Our story continues.....
Tue, Dec 13th 2016 2:32a   Andy Donaldson
In The Next Chapter....... (the new blog)




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition