192 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
Traveler 9.0.1.15 available with some important changes
Tue, Nov 15th 2016 24
DNUG Domino Day 2016 in DUS und DNUG Comes to you in BER
Fri, Oct 21st 2016 26
IBM Champion Nomination 2016
Tue, Oct 18th 2016 22
IBM Domino 9.0.1 Fix Pack 7 Interim Fix 1 addresses critical issues affecting Domino 9.0.1 FP7 for Linux64 & zLinux64
Fri, Oct 14th 2016 18
Domino 9.0.1 FP7 issue Notes User Id File Upload To Vault Failed If Port_enc_adv Parameter Is Enabled
Wed, Oct 12th 2016 24
Cluster replicator hang with 9.0.1 FP7 on Linux64
Wed, Oct 12th 2016 15
CD to MIME Conversion Issue in 9.0.1 FP7 generating Javascript for sections
Mon, Oct 10th 2016 14
Top 10
IBM Notes V9.0.1 Mac 64 Bit English (CN6VDEN )
Tue, Sep 29th 2015 30
DNUG Domino Day 2016 in DUS und DNUG Comes to you in BER
Fri, Oct 21st 2016 26
Notes & Domino 9.0.1 FP7 shipped
Wed, Sep 14th 2016 25
Domino 9.0.1 FP7 issue Notes User Id File Upload To Vault Failed If Port_enc_adv Parameter Is Enabled
Wed, Oct 12th 2016 24
Traveler 9.0.1.15 available with some important changes
Tue, Nov 15th 2016 24
Symantec Backup Exec End of Life
Sat, Dec 5th 2015 22
Domino 9.0.1 FP6
Sun, May 22nd 2016 22
IBM Champion Nomination 2016
Tue, Oct 18th 2016 22
Notes and Domino Future
Fri, Sep 23rd 2016 18
IBM Domino 9.0.1 Fix Pack 7 Interim Fix 1 addresses critical issues affecting Domino 9.0.1 FP7 for Linux64 & zLinux64
Fri, Oct 14th 2016 18


Daniel Nashed
Blog Title Daniel Nashed’s Blog
Blog Description Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...
Blog URL http://blog.nashcom.de
RSS Feed http://blog.nashcom.de/nashcomblog.nsf/feed.rss
Validate Feed feedvalidator.org or validator.w3.org
Feed Last Checked Nov 15, 2016 7:16:13 PM EST. Realtime Update:
Location Germany


Recent Blog Posts
24
Traveler 9.0.1.15 available with some important changes
Tue, Nov 15th 2016 7:14p   Daniel Nashed
Traveler 9.0.1.15 has been released with some important fixes and also changes. The Release documentation has some interesting details. Here is the extract from the release documentation with some comments. What's New "Device wipe is no longer an option for iOS 10.x devices as support was dropped by Apple. You can still use the Wipe Traveler Data option." For security reasons Apple disabled wipe over ActiveSync which is understandable. Before that change every server could wipe
26
DNUG Domino Day 2016 in DUS und DNUG Comes to you in BER
Fri, Oct 21st 2016 7:13a   Daniel Nashed
Auch in diesem Jahr haben wir wieder einen DNUG Event im Bereich Notes/Domino in Düssldorf. Und Anfang November hat Anett Hammerschmidt für unsere Fachgruppe einen halben Tag DNUG Comes To you mit anschließendem DNUG Stammtisch in Berliin. Bei beiden Events geht es um atkeulle Themen und Entwicklungen im Bereich Notes und Domino. Und es werden auch Kollegen von IBM vor Ort sein, mit denen man die aktuelle Strategie von IBM im Bereich Notes/Domino diskutieren kann. Ich hoffe viele von
22
IBM Champion Nomination 2016
Tue, Oct 18th 2016 5:07a   Daniel Nashed
The IBM Champion program is a great way to thank active members of the community and also to help them in some way to continue their work for the community. The nomination is still open until November 14th. So you still have time to nominate someone. Or renominate one of the current IBM Champions. See some details and official links below. -- Daniel "The IBM Champion program recognizes innovative thought leaders in the technical community — and rewards these contributors by amplif
18
IBM Domino 9.0.1 Fix Pack 7 Interim Fix 1 addresses critical issues affecting Domino 9.0.1 FP7 for Linux64 & zLinux64
Fri, Oct 14th 2016 9:08a   Daniel Nashed
As reported before on Linux64 there is a issue with the cluster replicator which has been addressed with IF1 (SPR #KBRNAEMPX2). Because of a change in FP7 that needed a recompile of the whole core including all components (SPR# KBRN9Q7EZW) but some files where missing in the installations. IBM has fixed the issue with 9.0.1 FP7 IF1 which is already available for download. I got it already yesterday for testing thru our PMR and it replaces the missing files. If you are running Domino on Li
24
Domino 9.0.1 FP7 issue Notes User Id File Upload To Vault Failed If Port_enc_adv Parameter Is Enabled
Wed, Oct 12th 2016 6:45a   Daniel Nashed
Alex Novak mentioned another issue with FP7 which might affect you in my blog comments. We only have the public description of the SPR and I assume only the ID Vault server communication is affected. SPR # BBSZAEEK8C APAR #LO90429.: Notes User Id File Upload To Vault Failed If Port_enc_adv Parameter Is Enabled So for now you should not enable the new AES encryption on your ID Vault server until this issue is fixed. Given the 3 issues I reported in the last days in my blog (one is on
15
Cluster replicator hang with 9.0.1 FP7 on Linux64
Wed, Oct 12th 2016 6:32a   Daniel Nashed
There is another issue (SPR #RSOIAEME5L) that might affect you when running with Linux64 and 9.0.1 FP7. Due to the change in FP7 on Linux64 (SPR# KBRN9Q7EZW) all server binaries needed to be updated in FP7. It turned out that some binaries have not been replaced by the FP7 installer. In this case the cluster replicator task wasn't updated. Because of the change of internal structures this causes issues with older core servertasks in Domino (business partner applications using the public C-
14
CD to MIME Conversion Issue in 9.0.1 FP7 generating Javascript for sections
Mon, Oct 10th 2016 4:41a   Daniel Nashed
We ran into an issue at a customer on Friday. Today we got the confirmation that it is a bug and development is already looking into this. It looks like a low level issue when converting Richtext into MIME in mails on server side. In my test I have seen than probably all server based conversions are affected. Clients sending MIME message directly do not show this issue. When the server converts a message to MIME JavaScript is generated for collapsible sections (for example when you reply t
15
Change in Apple iOS 10.x (and later) devices prevents full device wipe via Traveler Web & SmartCloud Notes Administration interfaces
Thu, Sep 29th 2016 3:11a   Daniel Nashed
Surprisingly and without any notice that I am aware of Apple has removed the ability to reset iOS devices over ActiveSync. A chance in this area was expected in general because it could be risky to allow an ActiveSync account to wipe a complete device. It's still a surprise that they completely removed the wipe functionality. IMHO the better change would have been to just remove all data that this ActiveSync profile has synced -- similar to the application wipe IBM implemented with Travel
18
Notes and Domino Future
Fri, Sep 23rd 2016 7:49a   Daniel Nashed
There have been a lot of rumors and IBM is not very good in communicating road-maps since a couple of years. I hope we will see a clear statement about future functionality soon. There is already a public statement in the IBM blog that gives some answers and I have been at a couple of events where IBM explained part of the strategy. https://www.ibm.com/blogs/social-business/2016/09/12/ibm-notes-domino-v9-extends-support/ Now that the current strategy is more clear and IBM decided to cont
14
Traveler 9.0.1.14 -- Calendar Issue Tentative Accept
Fri, Sep 23rd 2016 5:03a   Daniel Nashed
One of my customer ran into this issue with 9.0.1.14. When you tentative accept a meeting on your mobile device and accept it completely afterwards that change is not updated on the senders invitation. The tentative accept remains as the status. We have two PMRs and there is a APAR -> LO9030. If you did not update your Traveler Servers yet I would stay on 9.0.1.13 which is the first iOS 10 supported release and wait for the fix. If you already updated to 9.0.1.14 you also have to
12
Setting up the first server and Certifier with 4096 bit keys instead of 1024 bit
Wed, Sep 21st 2016 7:33a   Daniel Nashed
Today at AdminCamp I got the question how to register a first server and the organisational certifier with larger key size. By detault the setup process is still using 1024bit -- I guess for compatibility. There is a notes.ini setting that increases the key length for the organisation, server and first admin.id. SETUP_FIRST_SERVER_PUBLIC_KEY_WIDTH=4096 You have to set this parameters in your first servers notes.ini before you start the server for the first tile to do the server setup.
16
iNotes borken with German locale with 9.0.1 FP7
Thu, Sep 15th 2016 2:46p   Daniel Nashed
Today I got a customer question about iNotes not working for him after updating to FP7. I can reproduce the issue on my Linux machine. Apparently something went wrong with the German locale. Reports show that the English locale should work fine. Also one of my customers forwarded me a IBM L1 support response for a different question which stated that if iNotes does not work with FP7 they should restore the FP6 Forms9.nsf databases. They got that info without any further information. I ha
25
Notes & Domino 9.0.1 FP7 shipped
Wed, Sep 14th 2016 6:07a   Daniel Nashed
Notes and Domino 9.0.1 FP7 has shipped with quite a number of important fixes. - The JVM was updated to the current quarterly release replacing the JVM patches that came out since FP6. - There are stability fixes which include many areas including Compact, Archiving API, iNotes, DXL and also some important security fixes. In one client SPR even ADFS 3.0 is mentioned so maybe we can hope that we get full ADFS 3.0 at some point in one of the next FPs - which is high on my priority list s
8
Traveler 9.0.1.14 shipped with few but important fixes preparing for upcoming 9.0.1 FP7
Wed, Sep 7th 2016 6:01p   Daniel Nashed
The fixlist for 9.0.1.14 is quite short but it fixes a crash situation and issue in the upcoming Domino 9.0.1 FP7 fixpack which is scheduled for this month. APAR # Abstract LO89934 Meeting chair may get multiple response notices from invitee who is using Apple native calendar application. LO90090 Verbose flag missing from HADR command help display. LO90109 Domino API change in 9.0.1 FP7 could cause a server crash on Linux x64 if running IBM Traveler server 9.0.1.13 or earlier release. L
13
Traveler 9.0.1.13 released with some fixes
Thu, Aug 18th 2016 6:12p   Daniel Nashed
There is a new traveler release that just shipped. Some of the issues might affect you. APAR # Abstract LO82881 Domino server may crash if $NTTrack field is corrupted. LO89471 Traveler invitee status may be incorrect if using mixed case internet addresses. LO89606 Number of recipients limited to 100 when sending mail from a mobile device. LO89745 Traveler server enters constrained state when load balancing a large number of users. LO89772 Meeting chair may receive multiple notices
10
Extended Master Secret Extension issue affects all Internet Protocols including STARTTLS
Wed, Jul 27th 2016 8:23a   Daniel Nashed
There is a an issue described in a technote which describes an issue with Win 2008 R2 and LDAP. This issue also occurs for other internet protocols!! It is specially important for servers using STARTTLS because you don't control which version and settings the receiving/sending host is using. So the issue I blogged about today does also affect other protocols. That's why I decided to have two blog posts to ensure it is better found on the web. Hiere is the info from the other blog po
10
Secure LDAP to Active Directory fails with Domino 9.0.1 FP5 IF1 and higher
Wed, Jul 27th 2016 2:21a   Daniel Nashed
Domino 9.0.1 FP5 IF1 adds support for the Extended Master Secret Extension with TLS 1.2. Windows 2008 R2 does only supports TLS 1.0 but still sends the Extended Master Secret Extension in the server helo. Domino fails to connect because once this is offered Domino wants to use it. There is a work-around to disable this new functionality globally on the server via notes.ini SSL_DISABLE_EXTENDED_MASTER_SECRET=1 This is just a work-around and the real fix would be that Microsoft prov
9
IBM Traveler 9.0.12 released including a security fix
Thu, Jul 14th 2016 9:45a   Daniel Nashed
IBM Traveler 9.0.12 shipped with some important changes. The first change is a security fix which is described below. But there is another security fix in the installer on Windows as well and some other fixes that could be affecting you. Upgraded my server already. -- Daniel Security Bulletin: XML External Entities Injection Vulnerability in IBM Traveler (CVE-2016-3039) IBM Traveler is vulnerable to a denial of service caused by an XML External Entity Injection (XXE) error wh
9
IBM Traveler 9.0.1.12 released including a security fix
Thu, Jul 14th 2016 3:45a   Daniel Nashed
IBM Traveler 9.0.1.12 shipped with some important changes. The first change is a security fix which is described below. But there is another security fix in the installer on Windows as well and some other fixes that could be affecting you. Upgraded my server already. -- Daniel Security Bulletin: XML External Entities Injection Vulnerability in IBM Traveler (CVE-2016-3039) IBM Traveler is vulnerable to a denial of service caused by an XML External Entity Injection (XXE) er
12
BM mail support for Microsoft Outlook officially released
Wed, Jun 29th 2016 10:49a   Daniel Nashed
Finally IBM has released IMSMO 2.0. It has been around already under controlled distribution and is finally available for all customers and partners. It enables you to connect a Microsoft Outlook 2013 client to a Domino V9.0.1 Server. The software is an add-on to your Domino server similar to what a Traveler does (in fact they share some code base but they are not the same!). Also the gateway need to resist on the mail-server of the user. We asked to have a way to use a gateway server app
8
Domino Catalog vs Domain Catalog
Sat, Jun 11th 2016 12:50p   Daniel Nashed
I while ago I ran into this and I did analyse how it works in detail. But I never posted this information. Today we ran into this again and I looked for my old documentation. -- Daniel Here is how it is intended to work and how most admins are currently using it. I was very surprised when I figured out how the catalog and domain catalog really work. My impression was always that the catalog.nsf is a replica that is replicated everywhere. But there are two different types of catalogs
9
DE-Mail Mail-Template with Command Line DNS Lookup
Wed, Jun 8th 2016 2:43a   Daniel Nashed
We ran into a limitation with the DE-Mail Template that T-System implemented in their Notes Mail Template. It turned out that they are invoking a cmd.exe because this is the only way to return data directly from nslookup to the application with a redirect on Windows. The function is used to check if the recipient's domain is a DE-Mail domain and queries SRV records defined in RFC RFC 2782 (check https://en.wikipedia.org/wiki/SRV_record for details). SRV Records can not be queried with s
10
43. DNUG 1. + 2. June in Hamburg
Thu, May 26th 2016 4:58a   Daniel Nashed
Hi and good morning! This will be my first blog entry in Germany and it's about German about our German "Notes" User Group "DNUG"... Bei der DNUG hat sich einiges getan in den letzten Monaten! Seitdem die DNUG einen neuen Vorstand hat, werden einige Dinge anders angegangen und auch die Art und Weise, wie die DNUG Konferenz geplant wird, hat sich geändert. Die Geschäfts-Stelle ist jetzt virtuell und auch die Server der DNUG sind entsprechend virtualisiert. Aber auch an anderen S
22
Domino 9.0.1 FP6
Sun, May 22nd 2016 4:55p   Daniel Nashed
Domino 9.0.1 FP6 has been released a while ago. I have installed it and I got positive feedback from customers already. FP6 contains all the fixes from previous IFs and also the updated JVM Java60SR16FP20 which addresses a couple of security fixes. Also the server controller interoperability issue is fixed. But for a client based connection you also need to update your admin client! All the TLS fixes are also included and there is an additional fix for an issue in a TLS handshake. SPR#
8
Domino Federarted Web Login / SAML with F5 and ADFS 3.0
Mon, Apr 25th 2016 12:14p   Daniel Nashed
In the last couple of weeks I spent a lot of time with customer Web Federated Login workshops and implementations. Not sure what happened but suddenly everyone is interested in SAML. It looks like more and more customers are looking into that because they have already implemented SSO for other applications like O365. In one case a customer had an existing F5 configuration. In one other case we had a customer with Windows 2012 R2 and ADFS 3.0. Both configurations are not officially support
7
Server Controller Issue when applying 9.0.1 FP5 IF2
Thu, Mar 31st 2016 9:27a   Daniel Nashed
After applying 9.0.1 FP5 IF2 you cannot connect to the server controller -- again! That's another issue that cannot be fixed allowing MD5 in the java security files. What you need is an updated version of the JVM patch. The new patch has a release data of 25.3.2016 an can be downloaded from Fixcentral. Here is the relevant information from the updated technote referenced in the SPR. SPR RSSNA6UU79 is fixed in version 9.0.1FP5 Interim Fix 2 (IF2) via a server code fix and an updated JV
10
Security Issue - IBM Domino AES GCM weak nonce generation vulnerability
Tue, Mar 29th 2016 6:02a   Daniel Nashed
There is a new vulnerability affecting AES GCM ciphers which have been introduced in 9.01. FP3 (enabled by default). For very large data sets, IBM Domino Web servers using TLS and AES GCM generate a weak nonce which could be potentially used for a man-in-the-middle-attack. All Domino 9 versions supporting those ciphers are affected and there is new IF (9.0.1 FP5 IF2) which addresses this issue. The IBM Domino AES GCM weak nonce generation vulnerability is tracked as SPR #KLYHA6ZP4F. If
6
Critical: glibc security and bug fix update
Wed, Feb 17th 2016 8:02a   Daniel Nashed
There is a critical issue with the glibc lib that Linux and other systems are using. The best short description I found is the following: "A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called
9
Domino Server Controller does not connect after upgrade to Java6SR16FP20
Tue, Feb 16th 2016 1:33p   Daniel Nashed
The IBM Java Team disabled MD5 in there latest patch to tighten security. But the Server Console currently can only use MD5 right now. So by this intentionally change by the IBM Java Team the Domino Console cannot connect any more. For now to have the Server Controller local and remotely working again you have to re-enable MD5. This is a similar issue than what we had when the IBM Java team disabled SSLV3 some time ago. There are two lines that you have to chance in the ..jvm/lib/securit
10
Domino Start Script New Version 3.1.0
Thu, Feb 11th 2016 10:26a   Daniel Nashed
As already mentioned at IBM ConnectED last week, I am working on a new version of my start script. Most of the new functionality has been build in because I found it useful for the customer environments I am working in. On top of the new functionality I added a new script "rc_all" that can start, stop, cleanup, diag ... all partitions a the same time. The new rc_all script is a separate script that will search for your Domino partition rc-scripts and is mainly interesting when you run L
10
Domino 9.0.1 FP5 IF1 with Security Fixes
Sat, Jan 30th 2016 9:47a   Daniel Nashed
There is a new IF1 for Domino 9.0.1 that includes two fixes we have waited for in the TLS area specially when communicating with STARTTLS and web-services as posted before on my blog. SPR #KLYHA57S37 - Disable TLS Session Resumption on outbound connections by default This fix addresses and issue for outgoing STARTLS sessions on SMTP. See some more details in my other blog post --> http://blog.nashcom.de/nashcomblog.nsf/dx/tls-1.2-connection-issues-with-protection.
5
Linuxfest VII Gets a Slot at IBM Connect 2016
Sat, Jan 30th 2016 8:17a   Daniel Nashed
If you are attending IBM ConnectED in Orlando and you are interested in Linux you should attend the Linuxfest Session. Thanks to Bill Malchisky we made it again into the agenda! I am looking forward to this session and will bring the brand new Start Script Version 3.1.0 with many enhancements. Here is a copy of Bills' original post. Looking forward to this session. -- Daniel Linuxfest VII Gets a Slot at IBM Connect 2016 Bill Malchisky January 28 2016 02:00:00 AM Linuxfest VII -
4
Traveler 9.0.1.9 shipped
Sat, Jan 16th 2016 8:23a   Daniel Nashed
Traveler 9.0.1.9 is the first update shipped this year. It comes with a number of fixes. See details here --> http://www.ibm.com/support/docview.wss?uid=swg21700212#9019 And it solves an important issue for Traveler HA Servers. There is a technote describing the issue in detail and you should have a look into the new command introduced in this version as soon you have updated your servers. The following TN #1974741 "Two scenarios where multiple accounts for users could be created on
13
TLS 1.2 Connection Issues with mail.protection.outlook.COM
Thu, Jan 7th 2016 6:57a   Daniel Nashed
Two of my customers had issues connecting to the Microsoft hosted environment over TLS 1.2 once we got the session resumption working (see previous blog posts). My environment had the same configuration and could connect just fine. It looks like the servers are behaving different with different certificates. That's the only difference we saw in configuration. After a couple of tests and working with IBM support we got a hotfix that we successfully tested yesterday. I know of 3 custom
7
STARTTLS Outbound Sessions might fail with TLS 1.0 used and TLS 1.2 Ciphers
Tue, Dec 15th 2015 2:18p   Daniel Nashed
We have been running into some issues and I got multiple customers reporting that outgoing STARTTLS did not work in some cases specially for some German provides like web.de and gmx.net. The error you see when enabling debugging is SSLEncodeClientHello> We offered SSL/TLS version TLS1.0 (0x0301) FindCipherSpec> Cipher spec DHE_RSA_WITH_AES_256_CBC_SHA256 (107) is not supported with TLS1.0 It turned out that session resumtion in combination with the new introduced TLS 1.2 causes




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition