199 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
Blog Certificate updated and Let’s Encrypt Update
Tue, Aug 8th 2017 21
SLES 12 SP2 Issues with Domino running with Systemd
Mon, Jul 24th 2017 6
Microsoft fixes Notes Client Windows 10 Creators Crash
Wed, Jun 28th 2017 3
Traveler 9.0.1.18 with new Security Mode for Mail-File Access
Thu, Jun 22nd 2017 5
Notes Client/Windows Crash with Windows 10 Creators update
Thu, Jun 1st 2017 15
Security Bulletin: IBM Domino TLS server Diffie-Hellman key validation vulnerability (CVE-2016-6087)
Thu, Jun 1st 2017 4
Important Security Fix for IMAP
Sat, Apr 22nd 2017 3
Top 10
Details about JVM 1.8 Update in Notes/Domino 9.0.1 FP8
Sun, Feb 5th 2017 25
Blog Certificate updated and Let’s Encrypt Update
Tue, Aug 8th 2017 21
IBM Notes V9.0.1 Mac 64 Bit English (CN6VDEN )
Tue, Sep 29th 2015 15
Notes Client/Windows Crash with Windows 10 Creators update
Thu, Jun 1st 2017 15
TLS 1.2 Connection Issues with mail.protection.outlook.COM
Thu, Jan 7th 2016 14
Solution for Notes/Domino related process is still running when applying a Fixpack or Hotfix
Wed, Mar 25th 2015 9
Symantec Backup Exec End of Life
Sat, Dec 5th 2015 9
Some Additonal TLS 1.0 Information
Thu, Nov 6th 2014 8
Notes and Domino 9.0.1 Feature Pack 8 shipped
Tue, Mar 7th 2017 8
Passing a document to an agent without saving it first
Sun, Apr 6th 2014 7


Traveler 9.0.1.18 with new Security Mode for Mail-File Access
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
Daniel Nashed    

Traveler 9.0.1.18 comes with a couple of minor fixes and a big change in the way Traveler Server access mail-databases.
In 9.0.1.15 IBM introduced a new check if the Traveler server is listed in Trusted Servers (Server Security Tab) to show a warning if not.

Now we know what IBM was preparing for. The server now acts as the user instead of the server. That's only possible if listed in Trusted Servers.

You still need the Traveler server to be listed in the ACL of the mail databases. Trusted Servers means that to server itself can make the session on a database look like it would be the user session.
But the remote server still needs access to the database.

I have done a quick test. Without the proper ACL an error is logged and also the user status reports an error.

The IBM Traveler server encountered an internal error validating your User ID CN=John Doe/O=Acme/CÞ.  Please contact your server administrator.
[CN=notes.acme.de/OU=Srv/O=Acme-Net, mail/johndoe.nsf] is not reachable, status(0x4ac) "Unexpected internal error".

The new method for accessing mailfiles solves a couple of limitations. See details from the documentation below.


-- Daniel

What's new?


Traveler Server Run as User


Starting with IBM Traveler 9.0.1.18, the run as user feature will now be enabled by default. When running as the user, the Traveler server will access the user's mail file as the user ID instead of the server ID. This feature resolves several long standing issues with accessing the user's mail file as the server ID, including:

  • Honor ACL controls on mail file and corporate lookup for the user.
  • Prevent event notices and automated responses from being sent from the server ID.
  • Prevent the server ID from being assigned as the owner of the mail profile when there is no owner defined.

Note:
For run as user feature to function properly, the Traveler server must be listed as a trusted server in the user's Mail Server document. To disable run as user, set this notes.ini parameter: NTS_USER_SESSION=false



APAR # Abstract
LO90096 Info update continues to be ghosted on mobile device after the event is processed.
LO91797 Empty comments displayed on iOS native Calendar application when event processed in iNotes.
LO91836 Invalid this and future reschedule generated by iOS native Calendar application.
LO91875 Ghosted event not displayed on mobile device.
LO91956 Maill attachment does not sync to mobile device when contains angle brackets < and >.
LO91997 IBM Traveler web administrator may show iOS Verse 9.4 device as not supporting security capabilities.
LO92010 Better handling of special character in mail header fields.
LO92080 Ignore a reply message with out a valid action defined.
LO92085 Hard delete processed notices vs soft delete to prevent from filling up trash folder.
LO92209 Second meeting room may be lost if event updated from mobile device.
LO92210 Unable to turn off iOS Verse application password via Domino policy document setting.
LO92257 Two instances of a previously processed event may show on mobile device if the daylight savings rules change for the time zone.
LO92303 SQL Syntax error adding index TSGUDTSTAMPCREATEIDXSQL9 on DB2.





---------------------
http://blog.nashcom.de/nashcomblog.nsf/dx/traveler-9.0.1.18-with-new-security-mode-for-mail-file-access.htm
Jun 22, 2017
6 hits



Recent Blog Posts
21
Blog Certificate updated and Let’s Encrypt Update
Tue, Aug 8th 2017 9:30a   Daniel Nashed
My certificate expired after 90 days because I did not track it. And the Let's Encrypt original client configuration did not work any more when I was looking into renewal today. The client was Python based and there is a newer client --> https://certbot.eff.org/ which is officially recommended by Let's Encrypt. It's still complicated to use and you need to have Python installed. But since I first implemented it there are many other ACME clients that properly integrate with Let's Encr
6
SLES 12 SP2 Issues with Domino running with Systemd
Mon, Jul 24th 2017 10:01a   Daniel Nashed
There is a new feature introduced in SLES 12 SP2 which could lead to issues with larger Domino or Traveler servers. The default nproc size is still set to 7400. So in most cases this tunable does still not need to be set in your Domino service file. But there is a new security feature introduced in SLES 12 SP2 which will cause processes fail to start or not able to span more threads. The error you might see is the following: Jul 20 11:02:41 dom-srv kernel: cgroup: fork rejected by pi
3
Microsoft fixes Notes Client Windows 10 Creators Crash
Wed, Jun 28th 2017 8:16p   Daniel Nashed
Today I got feedback from IBM that the fix that Microsoft releases does solve the blue screen issue with Notes and the customized home page issue. There have been multiple situations in which the client crashed or caused a blue screen because of some Windows UI calls in Notes after the Windows creators update. I am interested to get feedback if the fix does solve all your Notes Client on Windows creators update. Here is a link for the update: https://support.microsoft.com/en-in/help/
6
Traveler 9.0.1.18 with new Security Mode for Mail-File Access
Thu, Jun 22nd 2017 9:07a   Daniel Nashed
Traveler 9.0.1.18 comes with a couple of minor fixes and a big change in the way Traveler Server access mail-databases. In 9.0.1.15 IBM introduced a new check if the Traveler server is listed in Trusted Servers (Server Security Tab) to show a warning if not. Now we know what IBM was preparing for. The server now acts as the user instead of the server. That's only possible if listed in Trusted Servers. You still need the Traveler server to be listed in the ACL of the mail databases. Trus
15
Notes Client/Windows Crash with Windows 10 Creators update
Thu, Jun 1st 2017 12:00p   Daniel Nashed
Just got that question today at DNUG. There is an issue with the Notes Client with the current Windows 10 Update - aka Creators Update (Build 1703). According to the responsible person who is at DNUG today, this happens because of changed Windows graphics APIs. IBM is working on a fix which will be available in FP9. FP9 will also have full High Resolution support! We saw a demo with FP9 which really looked great! Here are the two relevant SPRs: SPR LHEYALMCEP : Domino Designer cra
4
Security Bulletin: IBM Domino TLS server Diffie-Hellman key validation vulnerability (CVE-2016-6087)
Thu, Jun 1st 2017 6:27a   Daniel Nashed
There is a vulnerability in the TLS stack which could lead an exploit which could lead a less secure connection. The good news is that the fix is already included in FP8. So you should upgrade to 9.0.1 FP8 if you have a public facing Domino Server with HTTPS. See the details and reference below. -- Daniel A vulnerability in the IBM Domino TLS server's Diffie-Hellman parameter validation could potentially be exploited in a small subgroup attack which could result in a less secure conne
3
Important Security Fix for IMAP
Sat, Apr 22nd 2017 9:13a   Daniel Nashed
In case you are running IMAP on a server that is reachable over the internet you should look into this fix ASAP. It might not be that critical for internal services. See details about this vulnerability here --> http://www.ibm.com/support/docview.wss?uid=swg22002280 All versions of Domino are affected!
4
NIFNSF Supported Maximum Size above 64 GB!
Fri, Apr 21st 2017 9:02p   Daniel Nashed
After getting that question offline and having a discussion on my blog, I checked with IBM if they plan support NIFNSF sizes above 64 GB. Since it is kind of a database container and needs a database handle someone could think that the maximum limit is also 64 GB. That would give us at least 64 GB room for the NIF index -- which would be already a big improvement. But from what I recall from some comments at Connect some years ago the maximum limit was not around 64 GB when they designed it
5
Disclaimer Attachment Issue not yet fixed in IF1
Fri, Apr 14th 2017 6:28p   Daniel Nashed
As Rob Kirkland commented in one of my last blog posted, the fix in IF1 does not solve the iusse. We both checked with IBM and got the reply that the SPR just changes back the default and disables the change introduced in FP8 for Google calender integration. IBM is working on a fix hopefully makes it into FP9. So for now you should keep the notes.ini Parameter MIMEDisclaimersNoEncode=0 disabled. Thanks to Rob to bring this up! -- Daniel TPONAKFJLP After upgrade to FP8, with
0
Get Notes FP Version in @Formulas
Wed, Apr 12th 2017 6:19a   Daniel Nashed
In C-API and Lotus Script, Java developers the version information already shown for each FP. For example Lotus Script returns the full version string with session.NotesVersion. But if you want to check the version information in @Formulas @Version will still return 405. There is a new optional parameter which returns the Feature Pack version. So you use @Version to check the version and if it is 405 you check @Version(1) which will return 8 for Feature Pack 8. It is used in the new ma




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition