IBM Lotus Sametime 8.5 Meetings

Frequently Asked Questions about SPF

Frequently Asked Questions about SPF

Lotus Notes Profile Document

What is Profile Document?

Profile documents, new in the 4.5 release, are a useful tool for storing and retrieving user-specific or database-specific values that you need to access quickly. You can use Profile documents for quick data retrieval, because they are cached while the database that stores them is open. Profile documents are like other database documents except they are somewhat invisible -- they do not display in views and are not included in a document count for the database. Additionally, a user does not create a profile document from the Create menu; you provide an action or agent that uses LotusScript or the command language to create the profile document and make it available for editing.

Click here for more information about Profile documents.

Managing profile documents.
How to view profile documents?
By using Notes Peak tool, you can view profile documents.
Click here for more information about Notes peak tool.

How to delete and modify profile documents?
Andre Guirard, from IBM USA created a form to view and delete profile documents.
Click here to download the Zip file.
Unzip it.
Copy the form from the database to the desired database.
Open the database in Louts notes.
Go to Create => Other => Profile document list, to view , modify or delete the profile documents.
Click here for more information.

How to delete profile document by using Lotus Script?

Upgrading To Notes Domino 8.5

Upgrading To Notes Domino 8.5

View more documents from chrissparshott.

IBM Lotus iNotes on Google Android phone

How to open inotes ultralite directly on mobile devices?

http://yourserver.yourdomain.com/mail/database.nsf?OpenDatabase&ui=dwa_ulite

 

Setting up Domino to work with Microsoft IIS servers

Setting up Domino to work with Microsoft IIS servers

To use a Microsoft^® IIS server as a front-end machine, you must install the IBM WebSphere^® Application Server plug-in for IIS on the IIS server. The plug-in files are packaged with the IBM^® Lotus^® Domino^® server and must be copied from the Domino server to the IIS server. After you copy the plug-in files, you must configure the plug-in, then configure the Domino server to work with the plug-in IIS. You do not need to install any other WebSphere components to use the Microsoft IIS plug-in.

To install the WebSphere plug-in on an IIS server

Do the following to install the IBM^® WebSphere^® plug-in on the IIS server and enable it for a Web site. Before beginning this procedure, you should be familiar with the Internet Information Services (IIS) Manager configuration tool. On Microsoft^® Windows^® 2000/2003, this tool is accessed through the Microsoft Management Console.

1. Create the following directory structure on the IIS machine (you may use any drive);

C:\WebSphere\AppServer\bin

C:\WebSphere\AppServer\config

C:\WebSphere\AppServer\etc

C:\WebSphere\AppServer\logs

2. Download the Web server plug-in files for WAS from IBM software downloads - Trials and demos Web site.

IBM software downloads - Trials and demos

Follow the instructions, according to platform, that display on the Web site.

3. Copy the plug-in files to the IIS server.
1. Copy data/domino/plugins/plugin-cfg.xml to c:\WebSphere\AppServer\config.
2. Copy data/domino/plugins//w32/iisWASPlugin_http.dll to c:\WebSphere\AppServer\bin.
4. Start the Internet Information Services Manager application.
5. Create a new Virtual Directory for the Web site instance you want to work with WebSphere. To do this with a default installation, expand the tree on the left until you see "Default Web Site." Right click on "Default Web Site" and select New - Virtual Directory. This opens the wizard for adding a Virtual Directory.
6. In the Alias field, enter "sePlugins."
7. In the Directory field, browse to the WebSphere bin directory (C:\WebSphere\AppServer\bin).
8. For access permissions, check "Execute" and uncheck all other permissions.
9. Click Finish. A virtual directory titled "sePlugins" is added to your default Web site.
10. In this step, follow the appropriate procedure for your version of Windows.

On Windows 2000:

1. Right-click the machine name in the tree on the left and select Properties.
2. On the "Internet Information Services" tab, select "WWW Service" in the "Master Properties" drop down box and click Edit.
3. In the "WWW Service Master Properties" window, click the "ISAPI Filters" tab.

On Windows 2003:

4. Right-click the individual web site to enable for the plugin.
5. Click "ISAPI Filters."
10. Click Add. This opens the "Filter Properties" dialog.
11. In the "Filter Name:" field, type "iisWASPlugin."
12. In the "Executable:" field, click Browse. Open the WebSphere bin directory and select "iisWASPlugin_http.dll."
13. Close all open windows by clicking OK.
14. In this step, follow the appropriate procedure for your version of WebSphere.

• For WebSphere 4.0/5.0 plugins:

Open the Windows registry file and create the following key path: HKEY_LOCAL_MACHINE - SOFTWARE - IBM - WebSphere Application Server - . Select this last key and create a new string value "Plugin Config". Set the value for this variable to the location of the plugin-cfg.xml file (C:\WebSphere\AppServer\config\plugin-cfg.xml)

• For WebSphere 6.0 plugins:

Create a text file that contains the full path to the plugin-cfg.xml file (including the file name) and save the text file in the C:\WebSphere\AppServer\bin directory as "plugin-cfg.loc." For example:

c:\WebSphere\Appserver\config\plugin-cfg.xml

16. To enable the plug-in for additional Web sites, repeat Steps 4 through 8.

For more information, see Configuring Microsoft Internet Information Services (IIS) in the WebSphere Application Server Information center.

To configure the WebSphere plug-in

The WebSphere^® configuration file WebSphere\AppServer\config\plugin-cfg.xml controls the operation of the plug-in. In order for the plug-in to relay requests to the target IBM^® Lotus^® Domino^® server, you must add directives to plugin-cfg.xml to define a transport route to the server, and pattern rules for the URL namespaces that identify requests which are to be relayed to Domino. The plug-in will only relay requests that match a namespace rule. All other requests will be handled by the front-end Web server.

To configure plugin-cfg.xml

1. Open plugin-cfg.xml in Notepad.
2. Modify the element to target the appropriate Domino server. To do this, change the Hostname and Port parameters to the proper values required for the plug-in to reach your back-end server's HTTP task. For example:

3. Add these directives to the top of the section. These directives specify common URL patterns needed for accessing Domino Web applications.

If your Domino application requires additional namespaces, you can create directives for those patterns also.

Note All the WAS plug-ins automatically reread the configuration file once a minute to pick up changes. If you don't want to wait that long, you must stop and restart the front-end Web server. In the case of the IIS plug-in, you must stop the World Wide Web Publishing Service from the Windows services control panel, then restart the Web site from the Internet Services Manager. Just stopping and restarting the Web site by itself won't work because the plug-in DLL won't be reloaded.

For more information, see plugin-cfg.xml file in the WebSphere Application Server Information center.

To configure the Domino server to work with Microsoft IIS

On the back-end IBM^® Lotus^® Domino^® server, add the following line to NOTES.INI:

HTTPEnableConnectorHeaders=1

This setting enables the Domino HTTP task to process the special headers added by the plug-in to requests. These headers include information about the front-end server's configuration and user authentication status. As a security measure, the HTTP task ignores these headers if the setting is not enabled. This prevents an attacker from mimicking a plug-in.

Setting up security for Microsoft IIS

When you have set up an IIS plug-in and an IBM^® Lotus^® Domino^® back-end server, Web applications are subject to both IIS security and Domino security. After IIS authenticates a user based on the Microsoft^® Windows^® account registry, those credentials, if any, are passed to Domino for user authorization.

Microsoft IIS supports four methods of user authentication. The Domino plug-in configuration supports all except Digest authentication.

• Anonymous access (the user does not enter a name or password)
• Basic Authentication (the user enters a name and password)
• Digest authentication (an enhanced version of Basic authentication available only on Windows 2000). The Domino plug-in configuration does not support this authentication method.
• Integrated Windows authentication (a special protocol supported by Microsoft Internet Explorer).
• SSL

IIS requires user authentication in order to control access to resources owned by IIS such as the file system and Active Server Pages. If a user requests access to a Domino resource, the IIS plug-in passes the authentication information to Domino. The information passed depends on the combination of authentication methods enabled on IIS. After the information is passed, Domino authenticates the user according to the procedures discussed in the topic "Details of Microsoft IIS security." All of the Domino directory options are available, such as using multiple Domino Directories and LDAP directories.

To set up security on the IIS server:

1. Start the Internet Services Manager
2. Right-click the IIS Web site and select Properties.
3. Click the Directory Security tab.
4. Click Edit in the Anonymous Access and Authentication Control section.
5. Choose one or more of the authentication options and click OK.

For more information on the plugin, including installing it on Microsoft Windows Vista^™ and Windows 2008, see Installing Web server plug-ins in the WebSphere^® Application Server Information center.

Details of Microsoft IIS security options

Anonymous Access

Anonymous Access lets Web users access a Web site without a user name or password. IIS always maps anonymous Web users to a specific anonymous user account, which you can configure. If Anonymous Access is the only IIS authentication method enabled, IIS does not use any user credentials -- that is, a user name and password -- sent by the browser for authentication, but the IIS plug-in passes the credentials to Domino, and Domino will authenticate the user according to the normal procedure for Web users. If an anonymous user attempts to access a Domino resource that requires authentication, Domino will respond appropriately according to the security options you have set for the Domino Web site (a Basic name-and-password challenge, or a session authentication login page). Therefore, if you want Domino to completely handle user authentication, you should enable Anonymous Access as the only security option for the IIS Web site when setting up name-and-password authentication.

Anonymous Access uses the following guidelines:

• The Web user does not need to be a registered 2000/2003 user.
• If you want a user to access secure resources, the Web user must be a registered Domino user and the user must have an Internet password.

Basic Authentication

When using Basic Authentication, IIS verifies the user credentials that the browser sends as a valid user account. If Basic Authentication is the only IIS authentication method enabled, IIS requires all browser requests to have credentials -- anonymous access is not allowed. Whenever a user sends a Domino request, the IIS plug-in passes the user name to Domino and informs Domino that the user has been authenticated by IIS. Such a user is called a "pre-authenticated" user. The plug-in passes the pre-authenticated name exactly as the user entered it in the browser. Domino then attempts to look up that name in its directories. Since IIS has already verified the user's password, Domino does not use the Internet password stored in the user's Person document or LDAP entry.

If Domino finds the name in a Domino Directory, then Domino uses the primary name in the Person record for authorization (ACL checking). If Domino does not find the name, then Domino uses the pre-authenticated name as-is for authorization.

In both cases, Domino builds the user's group list from the set of groups in the Domino Directory which include the user as a member, and Domino also adds the special group "-WebPreAuthenticated-" to the group list. You may use -WebPreAuthenticated- as a group entry in database ACLs and other access lists.

Note If you want to list IIS users by name in database ACLs, you must be careful to use the correct form of the name. Use the primary name if the user is listed in the Domino Directory, or the IIS pre-authenticated name if the user is not in the directory. Remember that if a user is listed by name in an ACL and is also a member of a group in the ACL (including "-WebPreAuthenticated-" or any other group), the name entry takes precedence over the group entry.

In summary, Basic Authentication uses the following guidelines:

• Anonymous access is not allowed.
• The Web user must be a registered Windows 2000/2003 user.
• The Web user does not have to be a registered Domino user.
• Domino does not use the user's Internet password.
• The Web user is automatically assigned to the -WebPreAuthenticated- group.

Integrated Windows Authentication

Integrated Windows authentication is a Microsoft-specific protocol supported by Internet Explorer (IE). When a Web user makes a request to the site, IE automatically sends to IIS the user's current Windows logon account name. IIS verifies the name against the Windows registry on the IIS server. When a user makes a Domino request, the IIS plug-in passes to Domino the user's Windows name and Domino processes the pre-authenticated name as described above for Basic authentication.

Windows account names use the form domain\username or machinename\username -- for example, SALES\JSmith. If Domino is using Person documents in the Domino Directory to authenticate the Windows users, the documents must contain the exact Windows account names as aliases. For example, if Joe Smith has an IBM^® Lotus^® Notes^® ID in the "CorpSales" domain and a Windows user account in the "SALES" Windows domain, the User name field in Joe Smith's Person document needs to contain:

Joe Smith/CorpSales

SALES\JSmith

This allows Domino to authenticate the Windows user SALES\JSmith as the Domino user Joe Smith/CorpSales.

In summary, integrated Windows authentication uses the following guidelines:

• If this is the only authentication method enabled, only IE users can access the Web site.
• Anonymous access is not possible since IE automatically sends the user's Windows account name on every request.
• The Web user must be a registered Windows 2000/2003 user.
• If you want to match the Windows user to a Domino Person document, You need to add the user's Windows account name as an alias to the Person documents.
• Domino does not use the Internet password.
• The user is automatically assigned to the -WebPreAuthenticated- group.

SSL

If you enable SSL on a Web server, IIS handles the actual SSL connection. However, if a Web user provides a client certificate, the IIS plug-in passes the certificate to Domino and Domino uses the certificate to authenticate the user. If Domino cannot find a certificate for the user, then Domino will downgrade the user to Anonymous access.

Error: "Can't Find view" when trying to open lotus notes 8.5

When you try to open Louts Notes 8.5, it gives error " Can't find view".
This happens due to a corrupt bookmark.nsf
To solve this problem recreate a bookmark.nsf
How to recreate a bookmark.nsf?
Close Lotus Notes.
Rename or delete bookmark.nsf
Start Lotus Notes. (Starting Lotus Notes will create a new bookmark.nsf file)

Lotus Domino 8.5 Client Comparison

Lotus Domino 8.5 Client Comparison

View more presentations from Ed Brill.

Lotus Notes 8.5 version to version comparison

Lotus Notes 8.5 version to version comparison

View more presentations from Ed Brill.

Mobility Strategy - IBM

Mobility Strategy - IBM

View more presentations from chrissparshott.

Lotus Domino 8.5 Traveler Overview

Lotus Domino 8.5 Traveler Overview

View more presentations from chrissparshott.

Louts Traveler 8.5

Introducing Ibm Lotus Notes Traveler 8.5

View more presentations from tcoustenoble.

Installing Lotus Notes Traveler on a Windows Mobile Device

Installing Lotus Notes Traveler on a Windows Mobile Device

Configuring IBM Lotus Notes Traveler 8.0.1.x and Domino Web Services on the same server

Configuring IBM Lotus Notes Traveler 8.0.1.x and Domino Web Services on the same server

Lotus Traveler Tab Settings in the Domino Server Document

Lotus Traveler Tab Settings in the Domino Server Document

Server Fast restart in Lotus Domino 8?

What is Server Fast restart in Lotus Domino 8?

When a Domino outage occurs, Fast Restart allows a new Domino instance to start while NSD diagnostics are being run on the initial Domino server instance. When diagnostics are completed the initial Domino server instance is automatically terminated. In the current release, Server Fast Restart is only available on AIX and Solaris versions of the Domino server.

How does Server Fast Restart work?
All files and connections in use by the initial Domino instance are closed but processes and shared memory remain active until NSD diagnostics are completed. The new instance will be started by a Server Fast Restart process called faultmon.

When the initial Domino instance fails, it will send a message to a monitoring program called faultmon. faultmon receives the message over a named pipe, and restarts Domino. faultmon has two options for restarting the new Domino instance; the default option is to start the new Domino instance in the background, while the second option allows the user to specify a script to start the new Domino instance.

For More information visit IBM Technote

How to rebuild the Domain Index for the Domino server

our Lotus® Domino® server's Domain Index is
(1) not working properly
(2) corrupted
(3) otherwise needs to be recreated.
How is this done?

Answer
1. From the Admin client, select File -> Database -> Properties -> Design tab and check the following properties for the databases to include in the index (this should already be in place for databases previously included in Domain catalog):

- List in Database Catalog
- Include in multi-database indexing


2. At the Windows Domino server console type:

tell domidx q

3. In Windows Explorer, navigate to your Lotus\Domino\Data directory and delete ftdomain.di directory.
4. From the Admin client, delete the catalog.nsf from the Files view.
5. Restart the Domino Server.
6. At the Windows Domino server prompt, type:

load catalog

7. From the Admin client, open the new catalog.nsf that has been created. Verify that the database is listed in the Databases -> by Server view with the Multi-database Indexed property marked Yes.
8. In the Server document, change Server Tasks -> Domain Indexer -> Repeat Interval of: to reflect a short indexing interval (this will speed up the Index rebuild). Close and save the document.
9. At the Windows Domino server prompt, type:

show schedule


10. Verify that the Domain Indexer schedule has been updated.
11. From the Admin client, open the new catalog.nsf and monitor the Domain Indexer Status -> By Server view, to verify that the database is indexed.


"The Domain Index can take a considerable amount of time to create, and its creation is resource intensive. As a result, it should not be deleted casually. When you build the initial Domain Index, it is important to free up as many resources on the Domain Search server as possible. Memory and CPU are taxed heavily during this process. By eliminating extraneous, unnecessary server tasks, you can increase the available resources for building the index."