198 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
Notes Client 9.0.1 FP9 F1 released
Sat, Oct 14th 2017 230
Domino 9.0.1 FP 9 IF2 available with important fixes
Fri, Oct 13th 2017 302
IBM Champion Program Nominations are open
Tue, Oct 10th 2017 25
Installing C-API Applications on Linux
Wed, Oct 4th 2017 11
Known issues with Domino 9.0.1 FP9
Wed, Sep 27th 2017 14
Fix Available: SMTP regression issue in Domino 9.0.1 FP9 can cause malformed headers
Fri, Sep 15th 2017 7
Domino Performance issue on some Linux Versions
Thu, Sep 14th 2017 4
Top 10
Domino 9.0.1 FP 9 IF2 available with important fixes
Fri, Oct 13th 2017 302
Notes Client 9.0.1 FP9 F1 released
Sat, Oct 14th 2017 230
IBM Champion Program Nominations are open
Tue, Oct 10th 2017 25
IBM Notes V9.0.1 Mac 64 Bit English (CN6VDEN )
Tue, Sep 29th 2015 20
Details about JVM 1.8 Update in Notes/Domino 9.0.1 FP8
Sun, Feb 5th 2017 20
TLS 1.2 Connection Issues with mail.protection.outlook.COM
Thu, Jan 7th 2016 17
Solution for Notes/Domino related process is still running when applying a Fixpack or Hotfix
Wed, Mar 25th 2015 15
Notes Client/Windows Crash with Windows 10 Creators update
Thu, Jun 1st 2017 15
IBM Notes/Domino 9.0.1 Feature Pack 8 Preliminary Release Notice
Fri, Jan 27th 2017 14
Known issues with Domino 9.0.1 FP9
Wed, Sep 27th 2017 14


Traveler 9.0.1.18 with new Security Mode for Mail-File Access
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
Daniel Nashed    

Traveler 9.0.1.18 comes with a couple of minor fixes and a big change in the way Traveler Server access mail-databases.
In 9.0.1.15 IBM introduced a new check if the Traveler server is listed in Trusted Servers (Server Security Tab) to show a warning if not.

Now we know what IBM was preparing for. The server now acts as the user instead of the server. That's only possible if listed in Trusted Servers.

You still need the Traveler server to be listed in the ACL of the mail databases. Trusted Servers means that to server itself can make the session on a database look like it would be the user session.
But the remote server still needs access to the database.

I have done a quick test. Without the proper ACL an error is logged and also the user status reports an error.

The IBM Traveler server encountered an internal error validating your User ID CN=John Doe/O=Acme/CÞ.  Please contact your server administrator.
[CN=notes.acme.de/OU=Srv/O=Acme-Net, mail/johndoe.nsf] is not reachable, status(0x4ac) "Unexpected internal error".

The new method for accessing mailfiles solves a couple of limitations. See details from the documentation below.


-- Daniel

What's new?


Traveler Server Run as User


Starting with IBM Traveler 9.0.1.18, the run as user feature will now be enabled by default. When running as the user, the Traveler server will access the user's mail file as the user ID instead of the server ID. This feature resolves several long standing issues with accessing the user's mail file as the server ID, including:

  • Honor ACL controls on mail file and corporate lookup for the user.
  • Prevent event notices and automated responses from being sent from the server ID.
  • Prevent the server ID from being assigned as the owner of the mail profile when there is no owner defined.

Note:
For run as user feature to function properly, the Traveler server must be listed as a trusted server in the user's Mail Server document. To disable run as user, set this notes.ini parameter: NTS_USER_SESSION=false



APAR # Abstract
LO90096 Info update continues to be ghosted on mobile device after the event is processed.
LO91797 Empty comments displayed on iOS native Calendar application when event processed in iNotes.
LO91836 Invalid this and future reschedule generated by iOS native Calendar application.
LO91875 Ghosted event not displayed on mobile device.
LO91956 Maill attachment does not sync to mobile device when contains angle brackets < and >.
LO91997 IBM Traveler web administrator may show iOS Verse 9.4 device as not supporting security capabilities.
LO92010 Better handling of special character in mail header fields.
LO92080 Ignore a reply message with out a valid action defined.
LO92085 Hard delete processed notices vs soft delete to prevent from filling up trash folder.
LO92209 Second meeting room may be lost if event updated from mobile device.
LO92210 Unable to turn off iOS Verse application password via Domino policy document setting.
LO92257 Two instances of a previously processed event may show on mobile device if the daylight savings rules change for the time zone.
LO92303 SQL Syntax error adding index TSGUDTSTAMPCREATEIDXSQL9 on DB2.





---------------------
http://blog.nashcom.de/nashcomblog.nsf/dx/traveler-9.0.1.18-with-new-security-mode-for-mail-file-access.htm
Jun 22, 2017
13 hits



Recent Blog Posts
230
Notes Client 9.0.1 FP9 F1 released
Sat, Oct 14th 2017 5:31p   Daniel Nashed
There is also a client IF1 for 9.0.1 FP9 which fixes one part of the issue that I reported. Depending on your configuration MIME messages sent did show up with different fonts on Notes clients. It happened in edit mode or when the embedded MIME browser was disabled. What has been fixed is that the IF1 client shows correct fronts. But earlier clients still shows different fonts (for example if you send a mail with sans serif it will show up in serif). I don't know if that can be fixed at
302
Domino 9.0.1 FP 9 IF2 available with important fixes
Fri, Oct 13th 2017 9:09a   Daniel Nashed
Two of the issues fixed in IF2 have been discussed before in my blog. But there are also two other critical issues fixed. Some of my customers reported DBMT and updall hangs which have been fixed with TDOOAREP8W. And the Private on first use folder issue also has been reported before. If you have installed 9.0.1 FP 9 you should update to IF2! -- Daniel JPAIAQ5SKW PANIC: DbMarkCorrupt! (d:notefileadmin4.nsf Dbiid: 0x3D91E116 0x3C07FE17) JVEKAQSGCC S
25
IBM Champion Program Nominations are open
Tue, Oct 10th 2017 6:05p   Daniel Nashed
The IBM champion nominations have just started today. You can nominate your favorite persons in the community to appreciate what they are doing for the community (--> https://developer.ibm.com/dwblog/2017/ibm-champion-program-nominations/) Libby just expressed it in short words what a champion makes stand out. Let me quote instead of just passing a link! -- Daniel "You may know an IBM Champion if… The best way to understand the IBM Champions program is to know an IBM Champion. D
11
Installing C-API Applications on Linux
Wed, Oct 4th 2017 11:51a   Daniel Nashed
When installing binaries on Linux you have to be aware of the directory structure for the files installed in the opt directory. For installing a servertask the recommended way is to copy it to the Domino binary directory and create a start link. For myself I created a script that handles installation of servertasks and extension managers because I don't want to do those steps manually and my script comes with a wrapper script that benefits of sudo when installing binaries on my developmen
14
Known issues with Domino 9.0.1 FP9
Wed, Sep 27th 2017 3:38a   Daniel Nashed
A couple of customers and partners asked me about current known issues with FP9 in my blog and offline. Beside the issue with the garbage chars fixed in IF1 there are 3 other issues that could prevent you from upgrading to FP9. There is an issue with private on first use views and folders on the server side which prevents those views and folders to be created. IBM has a hotfix for this as Sascha already reported in my blog comments. SPR# JVEKAQSGCC / LO92948: SHARED, PRIVATE ON FIRST USE
7
Fix Available: SMTP regression issue in Domino 9.0.1 FP9 can cause malformed headers
Fri, Sep 15th 2017 11:43p   Daniel Nashed
Finally we got IF1 for 9.0.1 FP9 for the issue I reported in an earlier blog post . The regression was introduced by a fix that IBM has removed in IF1 (and I got a hotfix earlier as mentioned in an earlier blog post). The root cause is an issue with malformed headers -- specially the from header that are generated at message itemization. Depending on your configuration this causes garbage chars in your headers. In any case some functionality like SMTPVerifyAuthenticatedSender=1 or capt
4
Domino Performance issue on some Linux Versions
Thu, Sep 14th 2017 10:13a   Daniel Nashed
When working on a larger Domino migration and consolidation project I ran into an new Linux specific performance issues that might hit some of you depending on your Linux version. I have tested with current RHEL 7 servers which are not affected. But on customer site we are using the latest patch level of RHEL 6.9 and I have also seen it with SLES 11 SP2/3. I did not yet test with SLES 12 (maybe someone volunteers to do some testing). There has been an issue in the 8.5.3 code stream which ha
1
How to resolve synchronization issues that start after upgrading to IBM Traveler 9.0.1.18 (or higher)
Sat, Sep 9th 2017 9:21a   Daniel Nashed
If you are running on Traveler 9.0.1.18 and higher you should read the following support flash technote in detail. http://www.ibm.com/support/docview.wss?uid=swg22005703 You must read this technote if you are running on 9.0.1.18 and higher. And with this new information it makes a lot of sense to move to this new version soon. As mentioned before, IBM changed the default security mode for Traveler. Traveler uses a run as user feature to ensure that all functionality is invoked in th
3
Traveler 9.0.1.19 with important fixes
Fri, Sep 8th 2017 7:15a   Daniel Nashed
We have been waiting for Traveler 9.0.1.19 for some important fixes and also updates SQL server support and push certificate update: Support for MS SQL Server 2016 Enterprise Edition. Updated APNS Certificates with expiration 8/1/2018. Improvements for the Run as User Feature. But the most important changes are for the "Run as User" Feature which has been introduced in 9.0.1.18. Some of my customers and issues with Traveler profiles which could not be read correctly in some cases.
6
SSLV3 disabled by default since 9.0.1 FP9
Tue, Sep 5th 2017 2:18p   Daniel Nashed
This change has been discussed a while ago. Now it was finally time to disable default SSLv3 in Domino. The SPR did not make it into the fixlist. Thanks Thibaud Maes for your mail! The change addressed by SPR # DKENAKNSEG will affect all connection types that utilise the native Domino security stack such as HTTPS and secure DIIOP. If you still need SSLv3 you need this new notes.ini parameter ENABLE_SSLV3=1 There are not many applications left that need SSLV3 ... Daniel




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition