2011 domino admin blast
DESCRIPTION
Lotus Domino Administration TipsTRANSCRIPT
-
2011 IBM Corporation
BP101 Adminblast 2011
Paul Mooney | Senior Architect, Bluewave
-
2011 IBM Corporation 2
Who am I?
Paul Mooney
Geek
Blogger www.pmooney.net
Admin guy
Bluewave Technology www.bluewavegroup.eu
Likes bikes
-
2011 IBM Corporation 3
How I got here..
-
2011 IBM Corporation 4
About This Presentation
Provides you with a brain dump of useful tips Presentation is self-contained
There is plenty to cover All the information you need to implement these tips is in this presentation
There are over 60 tips Although some tip pages have more than one tip!
If you have any trouble with a tip, email me at: [email protected]
-
2011 IBM Corporation 5
Where Did I Get These Tips?
From my life as a consultant
Forums www.notes.net www-142.ibm.com/software/sw-lotus/support Blogs
Just too many to mention! www.planetlotus.org
How long does it take to write? A year.
-
2011 IBM Corporation 6
Right... what about the other Adminblast sessions?
Go to www.pmooney.net/resources Many presentations there Different versions of this one Download away! The latest and the must know slides are repeated this year.
-
2011 IBM Corporation 7
Lets get legal! This slide presentation may contain the following copyrighted, trademarked, and/or
restricted terms: IBM Lotus Domino, IBM Lotus Notes, IBM Lotus Symphony, LotusScript Microsoft Windows, Microsoft Excel, Microsoft Office Linux, Java, Adobe Acrobat, Adobe Flash Your mileage may vary My mileage may vary Today is punch a developer day Fill out your evaluations or bad things will happen to you Do not feed the presenter Never feed users A dog is not just for Christmas Always press the red button Look after your knees Yes, the presenter is *that* short
-
2011 IBM Corporation 8
Tip #1: HTTP and Internet Passwords
HTTP password changes are cached on the server Can confuse users
At some point, both their old and new passwords work!
HTTP_PWD_CHANGE_CACHE_HOURS=0 Set in the notes.ini file Prevents both passwords from functioning The moment the user changes his/her password, it is the only active password
-
2011 IBM Corporation 9
Tip #2: Setup global http settings
Too many sites DONT do this! Enable standarised settings on all your http sites Go to internet sites view
Create and save the global websettings document
-
2011 IBM Corporation 10
Tip #3: Cache jpg images on your sites
You can do this per site or using your global settings document. Create HTTP response header document You can cache images, ccs files etc if they are static
Improves performance of websites Discuss this with your developers
Is it ok to cache these items on browsers?
-
2011 IBM Corporation 11
Tip #4: Upgrade the ODS of client side databases
Add the following line to the client notes.ini Create_r85_databases=1 New databases are created with new ODS
You can do more with 8.5.2 Add the following line to the notes.ini on clients before upgrading
NSF_UpdateODS=1
Post upgrade, the client will compact/update local databases One time update only
-
2011 IBM Corporation 12
Tip #5: Restricting Web Access
Certain databases, you just dont want people to browse to names.nsf for example
Create a rule redirecting all requests to that URL to a HTML file You dont need Internet sites enabled
but im assuming you do
Go to the internet sites view Create a global web settings document Give it a name and save it
-
2011 IBM Corporation 13
Tip #5: Restricting Web Access
Open the global settings document and create a rule
Point all requests to the database to a html file you have written..
-
2011 IBM Corporation
Tip #6 - Domcfg.nsf
Use it Amazingly useful for redirections, mappings and customised .nsf Error
messages Check the ACL
Anonymous should have reader but NOT write public access Here it is wrong!
14
-
2011 IBM Corporation
Tip #7 - Customising 404 errors for non .nsf files
This is nice! What if someone browses for a html file on your webserver? Domcfg.nsf doesn't load custom errors
You get the basic 404 error message Write your own html error message!
Add this to notes.ini HTTPMultiErrorPage=/error.html
15
-
2011 IBM Corporation 16
Tip #8: Setup Internet password lockouts
A nice, easy method to secure your domino http accounts Configured by policies and/or configuration document
Record number of tries ...
-
2011 IBM Corporation 17
Tip #9: Is your http security enabled
Very common security hole By default the browser access to servers bypasses the server security section
Not a good thing
Go to server document Ports / Internet Ports section Web section Set ENFORCE SERVER ACCESS SETTINGS TO Yes
-
2011 IBM Corporation
Tip #10 - Stop agents creating indexes
Seen this before? "Warning: Agent is performing full text operations on database '' which is not
full text indexed. This is extremely inefficient." This is BAD
Very inefficient on server Notes.ini FT_FLY_INDEX_OFF=1
Stops the agent from occurring Error returned on console db not indexed Prevents agent but stops server performance hit!
18
-
2011 IBM Corporation 19
Tip #11: Making Server Availability Index work!
The Server Availability Index is a mystery If you want to understand it, go download the clustering session with Kathleen
McGivney and myself at www.pmooney.net/resources (bring a calculator)
If you want it to cheat.. Type in SH AI on the Domino 7 console (or higher) It will tell you what to set the SERVER_TRANSINFO_RANGE= value to in the ini file Availability index will be more accurate now
You have to check this frequently Base your calculations when server is busy
-
2011 IBM Corporation 20
Tip #12: Its all about the disks...
Domino is very reliant on disk performance Know your arrays! Ensure if you are on a SAN that you have dedicated LUN and disks for Domino
data directory Make the SAN administrator promise!
Domino is disk read intensive More so then disk write intensive
-
2011 IBM Corporation 21
Tip #13: Get simple server information
Use the domino server properties box Bring up any properties box in the admin client Change it to SERVER properties
-
2011 IBM Corporation 22
Tip #14: Separate View updates from FTIs
If you have many applications Busy update task
View updates suffer as Full Text Updates are still in operation
Separate the FTI update from the view update FTI updates happen in their own memory thread Performance improves
Update_Fulltext_Thread=1
-
2011 IBM Corporation 23
Tip #15: Take Full text indexing out of Domino memory pool
You can take the FTI thread out of the limited Domino update pool ftg_use_sys_memory=1
Full text thread now gets memory from the OS pool Frees up domino system memory
-
2011 IBM Corporation 24
Tip #16: Dont want certain attachments indexed? You can exclude attachments from indexing at server level
FT_Index_Ignore_Attachment_Types=*.EXT
Excluding attachment formats will improve indexing By default, the following are ignored:
.NSF .NTF .SYS .PAG .IMG .WAV .GIF .JPG .DLL .TAR .EXE .ZIP .AU .MPG .MOV .MP3
-
2011 IBM Corporation 25
Tip #17: Cluster auxiliary port (ND8)
What if the private NIC fails? You should have standard replication as a backup to cluster replication anyway
For a few reasons!
Server_Cluster_Auxiliary_Port=* Tells the cluster engine to failover to alternative port if default port is unavailable
-
2011 IBM Corporation 26
Tip #18: Set DNS on Domino
By default Domino obeys the host OS DNS servers Usually this is fine
Can cause issues You can tell the Domino server to use specific DNS servers
Registry key change or Notes.ini parameter
Enter the following in the server notes.ini DNSServer=x.x.x.x, x.x.x.x
x.x.x.x = IP address of the DNS server you wish to use
-
2011 IBM Corporation 27
Tip #16: Remove MIME conversions from log
Have you ever seen this on your console? Message converted to MIME format....
Annoying isnt it? Happens all the time
You only want to know when it doesnt work
Converter_log_level=10 Only errors logged
-
2011 IBM Corporation 28
Tip #19: Pasting images into mail
From 8.5 on onwards, images pasted into emails are compressed!
Huge saving on disk space! Did you know, a notes.ini setting has been available since 6.5.4? OptimizeImagePasteSize=1
-
2011 IBM Corporation 29
Tip #20: Remove files from your servers
Old but good Do you use modem files
Really? How very 1997 of you
The mdm directory should be removed on all domino servers Security risk
Templates? Take them away if not used all the time
Webadmin.nsf Do you use it? If not, delete it and webadmin.ntf
There will be an error on HTTP startup Ignore it
-
2011 IBM Corporation 30
Tip #21: Load the Files Tab on Admin client quicker
The Data\Domino directory contains LOTS of files Especially if you are running a webserver
The notes admin client may try to list all these Slows things down in the FILES tab
8.5 and later Add the following line to notes.ini on admin client Admin_client_skip_domino=1
The Domino directory is skipped!
-
2011 IBM Corporation 31
Tip #22: Delayed email notifications
Domino is used by really big companies Still, typically no more then 6 hops MAX to get mail from sender to recipient
Server failure causes NDR mail to sender What if its not your fault?
Comms line down Other server down?
What if the message is pending, waiting to get to the recipient You can warn the sender that the message is delayed! Configuration document
-
2011 IBM Corporation 32
Tip #23: Log the IP address of users that access
LOG_SESSIONS=2 in the notes.ini of their server IP address logged for all users now
IP addresses come up on console Stored in log.nsf
-
2011 IBM Corporation 33
YEP - PAUL ADDED THIS TIP AGAIN YEP... PAUL ADDS IT EVERY YEAR YEP... YOU ALL SAY YOU WILL DO IT
Then laugh... The ID files for servers are usually created without a password
If captured, this can compromise security
Place a password on the server.id file Restart server command does not require password to be entered the password is
cached Automatic fault recovery does not require password
Dont hate me for saying this!
Tip #24: Secure the ID Files of Your Servers
-
2011 IBM Corporation 34
Tip #25: Want to list all database information?
Sh Dir -xml >mydata.xml Writes an xml file to the domino directory All data in there Open in browser/import into spreadsheet
Or Julian Robichaux has a free tool
Will export all information from the Files tab to a csv file for you Its free! http://www.nsftools.com/blog/blog-08-2008.htm#08-22-08
-
2011 IBM Corporation 35
Tip #26: When upgrading...
Build a table List ALL the products that touch Domino / Notes at ANY level
Fill out the versions of these products CHECK IT IS SUPPORTED ON THE NEW BUILD!
If not, deal with that issue before upgrading!
-
2011 IBM Corporation 36
Tip #27: Change Attachment Handling on Client
Notes client gives options with attachments Users get confused Too many options!
Remove the options! AttachmentActionDefault=1 Double-click on attachment opens attachment by default
-
2011 IBM Corporation 37
Tip #28: Quick Blackberry tip!
Disclosure... I love this one! Want to ensure an email gets to a blackberry?
I never got that message....blah blah blah!
At the START of your subject place in the line The unit will send you a confirmation receipt
There are other tags you can use... is an example
-
2011 IBM Corporation 38
Tip #29: Get rid of all users with manager access to mail files
Very common problem User registered with manager access to mail file
User can now go wild...(and they will) Delete file Encrypt file Screw with design..
Free tool! Checks for owner field in mail file and resets ACL to whatever you want Runs on server pmooney.net/resources page
-
2011 IBM Corporation 39
Tip #30: When upgrading - copy templates
Did you know that the system databases have had the same replica id for years?
pubnames.ntf admin4.ntf most of the others
It is a GOOD idea to create a new database copy of the templates before you plan start a domain upgrade
Prevents other copies of templates causing replication issues for you
-
2011 IBM Corporation 40
Tip #31: Want to have repeating console commands?
Type in a console command e.g. SH US
Press enter Now press ~
Command will start repeating until you press enter Set the interval on the commands with the following server notes.ini parameter
Console_Interate_Delay=n n=seconds
-
2011 IBM Corporation 41
Tip #32: Run your domino server in the java console
Folks.. its time to do it Move your domino server into the server controller and java console. Stop your domino server Launch REGEDIT Go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lotus Domino Server (LotusDominoData)
Modify the ImagePath key Change to
"D:\Lotus\Domino\nservice.exe" "=D:\Lotus\Domino\notes.ini" -jc
-
2011 IBM Corporation 42
Tip #32: Run your domino server in the java console
Start the service again...and the server controller and java console launch Now you can use the
java controller from your admin client
From your notes\ directorylaunch jconsole.exe
Enter your user name Enter your internet password
You can now do much more Server commands Multi-server commands Stop/start server Batch commands
-
2011 IBM Corporation 43
Tip #33: RTFRL
Read the release notes
They are there to make your life easier
They are good
They will save you time
-
2011 IBM Corporation 44
Tip #34: Adding same db from multiple servers to workspace
Create a new button on your toolbar. Copy in this text _names := @Subset(@MailDbName; 1) : "names.nsf"; _servers := @PickList
([Custom]; _names; "Servers"; "Select servers"; "Select servers to add database from"; 3); _db := @Prompt([OkCancelEdit]; "Enter database"; "Enter the file name and path of the database to add."; "log.nsf"); @For( n := 1; n
-
2011 IBM Corporation 45
Tip #34: Adding same db from multiple servers to workspace
Now.. click on it All the databases with that name
will be added to the workspace (hopefully they stack ;) ) Thank Thomas Bahn for this!
http://www.assono.de/blog/
-
2011 IBM Corporation 46
Tip #35: Enabling the OOO service?
Lovely new feature in ND8.x Want to do it properly? Follow these steps
Disable everyones existing OOO agents Load the service Re-enable the OOO agents
Prevents OOO issues post configuration change
-
2011 IBM Corporation 47
Tip #36: New way to open an admin console
Recon! Thanks to Julian Robichaux Server console widget
-
2011 IBM Corporation 48
Tip #37: Your service
Your service is key
Protect it
-
2011 IBM Corporation 49
Tip #38: Hiding SMTP details
Every time your domino server talks over SMTP, it can tell people lots of things about itself
A lot of unnecessary data given away Not always a good thing
There are always exploiting methods So.. lets hide it
-
2011 IBM Corporation 50
Tip #38: Hiding SMTP details
Add the following to your server notes.ini SMTPGREETING=text here
Now look what happens No server data
-
2011 IBM Corporation 51
Tip #39: More Hiding of SMTP details
Your Domino server data is still visible in the MIME headers though!
Lets hide that
-
2011 IBM Corporation 52
Tip #39: More Hiding of SMTP details
In the Server notes.ini Add SMTPNOVERSIONINRCVDHDR=1 Restart
Gone!
-
2011 IBM Corporation 53
Tip #40: Hide your client details
The notes client version is still listed You can hide it too
Go to your configuration document
-
2011 IBM Corporation 54
Tip #40: Hide your client details
Go to MIME tab of the configuration document Advanced sub-tab Advanced Outbound Message Options sub-tab
In the Notes items to be removed from headers field Add $Mailer, $MIMETrack
-
2011 IBM Corporation 55
Tip #40: Hide your client details
Now look at your message header
Client details gone
-
2011 IBM Corporation 56
Tip #41: Pasting commands into consoles
Paul nods and Andy and Rob for this one If you try to paste into the admin console (CTRL-v) it will overwrite any other text
you have placed in there already. Example, you are trying to paste in a file name after some command text entered Gets very annoying
Use SHIFT-INSERT instead It works
-
2011 IBM Corporation 57
Tip #42: Hide unused features from the sidebar
Or the sidebar completely! Use a policy
Desktop settings Preferences Window Management
-
2011 IBM Corporation 58
Tip #43: Bypass restriction on Accelerated create replica
Accelerated Create Replica (ACR) is a dammed useful tool Speeds up replica creation
Problem - it has very specific restrictions on when it can be used Versions of domino No DAOS Full text index settings identical Must be clustered
Add ADMINP_ACCELERATED_REPLICA_OVERRIDES=n n = 1,4,5 Bypasses many restrictions
1 = Ignore version and Reply/forward properties checked 4 = Ignore checking to see if servers are clustered 5 = Ignore 1 and 4
-
2011 IBM Corporation 59
Tip #44: Troubleshoot blackberry data
Problems with syncing contacts? You can purge all local contacts and recall from server
Go into your Blackberry address book Go to OPTIONS menu
Type in RSET You will be prompted Say YES
Works in Calendar too!
-
2011 IBM Corporation 60
Tip #45: Set a program document to run on all servers
You can use a wildcard in program documents When specifying server
Prevents you having to have multiple documents
-
2011 IBM Corporation 61
Tip #46:Getting error text for an error number
Daniel Nashed to thank for this I have used it many times
Sometimes Notes clients/Servers may display an error number with no description
e.g. Lotus Notes error 0x1767 Want to know what the error means?
Type in Show Message 1767 on the domino console Error message displayed
-
2011 IBM Corporation 62
Tip #47: Ignore location document inet address
Users like to change their internet address in their location document [email protected] [email protected] etc etc
Want the domino server to ignore the location document email address And only obey the internet address field in the person doc?
RouterTranslateSpecial=1 on the server notes.ini Now it doesnt matter what they set it to
-
2011 IBM Corporation 63
Tip #48: More compact options!
8.5 and up only Add the following to your server notes.ini
DEBUG_ENABLE_COMPACT_8_5=1
You now have more compact options Load Compact -W nn
Compact databases NOT compacted in the last number (nn) of days Load Compact -w
Compact system databases only Load Compact -X nn
Limit the time for compacting databases to number (x) of minutes Load Compact -# nn
Start multiple (nn) compact tasks simultaneously
-
2011 IBM Corporation 64
Tip #49: Want to add to your quota warning?
quotawarningtext= Use your policies
Use your default policy Go to the desktop settings document Custom Settings Notes.ini Edit Text
-
2011 IBM Corporation 65
Tip #49: Want to add to your quota warning?
Warning text ini file parameter will be written to the notes.ini on the clients You can add a more personal message
Advice Links to urls Threats
-
2011 IBM Corporation 66
Tip #50: Show Opendatabases
Want to list all databases open on the server? Show Opendatabases
-
2011 IBM Corporation 67
Tip #51: Changing recent contacts
The recent contacts feature is marmite Users love it or hate it
You can change how it works via policy On or off Desktop settings
You can go further in 852 Notes.ini settings
Deploy using your policies DisableDPABProcessing=1
Disables recent contacts DisableDPABCCprocessing=1
Do not add to recent contacts any name in CC or BCC field in mails you receive To field still added
DisableDPABRecievedprocessing=1 Disable from any received emails Addresses you type are still added
-
2011 IBM Corporation 68
Tip #52: Watch your replicas on the same server
Dennis Van Remortel reminded me of this one Never, ever ever have multiple replicas of the same database on the same
domino server It will break your heart It will break your replication
Notes clients *will* find that replica at some stage and start working off it Use the catalog.nsf to find duplicate replicas per server
-
2011 IBM Corporation 69
Tip #53: Structure your groups
a.k.a. How to really really really annoy Paul Prefix all your group names with your company name
ACMEAllUsers ACMEAdmins ACMERegionalUsers ACMEDevelopers
Then.. search for something Then commence banging your head on desk Prefix group names intelligently
Use Symbols, e.g. $Admins for system groups %AllUsers for mailshot groups DBNAME_users for Database related groups
-
2011 IBM Corporation 70
Tip #54: Multiple administration groups All to many sites..
A single Administrators group
Some people have too much power No control I have seen users in Admin groups to bypass request issues
Create many admin groups $FAA
Full Access Admin Group $DBAdmins
Database administrators Group $UserManage
User Management Group $UserManageDeploy
User/Policy Management Group $ServerAdmins
Server management group
Use notification groups Different groups for different issues
-
2011 IBM Corporation 71
Tip #55: Learn the tools
There are SO MANY tools in the Admin client Never used Timesavers Performance enhancers
Some easy to use Some not Learn
Cluster analysis log analysis Domino Domain Monitor Domino Configuration Tuner License Tracker Activity Monitor
-
2011 IBM Corporation 72
Tip #56: Local open with IP address
Prefix to this tip Never do it unless you have to Never do it on a users machine EVEN if you have to
If you cannot resolve the name of the domino server File/Open/Application Enter IP address Notes client will create a local connection document in names.nsf
-
2011 IBM Corporation 73
Tip #57: Local open with IP address
Think first.. DNS should be working instead of doing this Managing all these connections will become your problem
Note - the connection document is added as low priority This can/will prevent it working all the time
Open the local connection document In Names.nsf locally Under Advanced / Connections Open document and go to Advanced tab
-
2011 IBM Corporation 74
Tip #58: Hide documents in the nab
Tired of people accidentally emailing the AllUsers group in your company? Hide it
Create a group of users that are permitted to use/email your secure groups
-
2011 IBM Corporation 75
Tip #58: Hide documents in the nab
Now right click on the AllUsers group and go to the Properties/Security tab Deselect All Readers and Above Add LocalDomainServers Add LocalDomainAdmins Add the permitted group
-
2011 IBM Corporation 76
Tip #58: Hide documents in the nab
Even if non-permitted people know the group name, they cannot mail the group Details here
http://www.pmooney.net/2007/10/preventing-users-from-mailing-specific-groups/
Warning - YMMV There are *lots* of ways to achieve this.
-
2011 IBM Corporation 77
Tip #59: Hide views in the nab
Marie Scott to thank for this one What about the domino directory views?
Users need access to the domino directory for lookups In theory, they can open and see all views in the directory
System views (e.g. Servers, connections) Custom Views
Why not hide them too? Open names.nsf in designer Right click on view Go to properties Change readers to selected gorups/roles Dont forget to include admins and servers
Details here http://www.bleedyellow.com/blogs/crashtestchix/entry/
admin_tip_hidden_views_the_domino_directory12?lang=en
-
2011 IBM Corporation 78
Tip #60: Want to open someones mail file quickly?
The people view of the directory has an action button Open Mail File
Find the person in the domino directory Click on the button
It automagically brings you there
-
2011 IBM Corporation 79
Thank you...
Paul [email protected]/pmooney.net
-
2011 IBM Corporation 80
Legal Disclaimer IBM Corporation 2009. All Rights Reserved.
The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBMs current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.
References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBMs sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.
IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both.
IJava and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.
Other company, product, or service names may be trademarks or service marks of others.