199 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
The Curious Case Of The Configuration Document
Sun, Feb 7th 2016 6
A friendly reminder about iOS9, Traveler and self-signed certificates on Domino
Fri, Aug 14th 2015 7
My Birthday Edicts - Obey!!! (Updated!)
Sun, Jun 28th 2015 8
Issues with IBM Verse (Traveler) App
Thu, Jun 11th 2015 5
The horrors of migrating to Domino when Single Item Recovery is in use on Exchange
Mon, Mar 16th 2015 5
Don't cry because it's over. Smile because it happened.
Thu, Feb 5th 2015 5
Andy's Guide To......
Wed, Jan 21st 2015 6
Top 10
My time with the Surface Pro
Sun, Feb 2nd 2014 8
Migrating Traveler to HA Error
Sat, Mar 15th 2014 8
Sametime Video Calls on a MacBook Pro - not happening
Thu, Mar 27th 2014 8
My Birthday Edicts - Obey!!! (Updated!)
Sun, Jun 28th 2015 8
All good things..... My week at IBM Connect 2014
Sun, Feb 2nd 2014 7
A friendly reminder about iOS9, Traveler and self-signed certificates on Domino
Fri, Aug 14th 2015 7
Andy's Guide To......
Wed, Jan 21st 2015 6
The Curious Case Of The Configuration Document
Sun, Feb 7th 2016 6
Unable to find where I am in Sametime
Fri, Jan 9th 2015 5
Don't cry because it's over. Smile because it happened.
Thu, Feb 5th 2015 5


The Curious Case Of The Configuration Document
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
   

Wow, had to blow the dust off of the old blog here so that I could share something I learned over the weekend.  And it was a bitter lesson, indeed.

Here's the scenario:
Had to stand up a new Domino server in my domain that would allow for SMTP traffic between us and our cloud based anti-spam/malware service.  A requirement of this mail flow topology is that the connectivity between my on-prem and cloud solution must have TLS connectivity.  Okay, not a big deal, right?  Well, it didn't work out that smooth.

First, I followed Gab's steps on how to create a secure SSL certificate with Domino.  Yes, Gab is awesome for writing these steps up.  Then, I went through and followed the standards that IBM has had set for years on setting your configuration document up to allow for TLS to work.  Okay, no worries, right?  Well just like in life, things don't always work the way you want them to.  When we started testing of the mail flow, we were getting repeated messages from the vendor in the cloud that they Domino server was not allowing for a STARTTLS session.  So I opened a ticket with IBM, I opened a ticket with the vendor, I had people at work much more knowledgeable then me try to hack into the servers connection and they were able to get a STARTTLS, but nothing I did with anyone , vendor, consultant worked.  

And that's when it hit me.

I deleted the configuration document for that particular Domino server, replicated that delete around, then went back in and recreated it from scratch.  Brand new document.  Made sure all my settings were set correctly, (based on the IBM doc and a server that is already doing this in my enviroment), and then walked away from it for a while.  After a bit, I started seeing STARTTLS, (we had logging on), start flashing across my server console.  Yes Virgina, there is a STARTTLS Santa Claus!  

So, why did that work?  The simple answer is, I don't know.  It's Domino.  Domino, while it's a powerful server platform, does fall prey at times to corruption in documents.  My thought was creating a brand new server config document from the ground up may help.  In this case it did.

My word to the wise, when all else fails, go back to the basics and start over.  In this case, it paid off and we are securely communicating.




---------------------
http://blog.macian.net/2016/02/the-curious-case-of-configuration.html
Feb 07, 2016
7 hits



Recent Blog Posts




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition