2011 domino admin blast

2011 IBM Corporation

BP101 Adminblast 2011

Paul Mooney | Senior Architect, Bluewave

2011 IBM Corporation 2

Who am I?

Paul Mooney

Geek

Blogger www.pmooney.net

Admin guy

Bluewave Technology www.bluewavegroup.eu

Likes bikes


How I got here..


About This Presentation

Provides you with a brain dump of useful tips Presentation is self-contained

There is plenty to cover All the information you need to implement these tips is in this presentation

There are over 60 tips Although some tip pages have more than one tip!

If you have any trouble with a tip, email me at: [email protected]


Where Did I Get These Tips?

From my life as a consultant

Forums www.notes.net www-142.ibm.com/software/sw-lotus/support Blogs

Just too many to mention! www.planetlotus.org

How long does it take to write? A year.


Right... what about the other Adminblast sessions?

Go to www.pmooney.net/resources Many presentations there Different versions of this one Download away! The latest and the must know slides are repeated this year.


Lets get legal! This slide presentation may contain the following copyrighted, trademarked, and/or

restricted terms: IBM Lotus Domino, IBM Lotus Notes, IBM Lotus Symphony, LotusScript Microsoft Windows, Microsoft Excel, Microsoft Office Linux, Java, Adobe Acrobat, Adobe Flash Your mileage may vary My mileage may vary Today is punch a developer day Fill out your evaluations or bad things will happen to you Do not feed the presenter Never feed users A dog is not just for Christmas Always press the red button Look after your knees Yes, the presenter is *that* short


Tip #1: HTTP and Internet Passwords

HTTP password changes are cached on the server Can confuse users

At some point, both their old and new passwords work!

HTTP_PWD_CHANGE_CACHE_HOURS=0 Set in the notes.ini file Prevents both passwords from functioning The moment the user changes his/her password, it is the only active password


Tip #2: Setup global http settings

Too many sites DONT do this! Enable standarised settings on all your http sites Go to internet sites view

Create and save the global websettings document


Tip #3: Cache jpg images on your sites

You can do this per site or using your global settings document. Create HTTP response header document You can cache images, ccs files etc if they are static

Improves performance of websites Discuss this with your developers

Is it ok to cache these items on browsers?


Tip #4: Upgrade the ODS of client side databases

Add the following line to the client notes.ini Create_r85_databases=1 New databases are created with new ODS

You can do more with 8.5.2 Add the following line to the notes.ini on clients before upgrading

NSF_UpdateODS=1

Post upgrade, the client will compact/update local databases One time update only


Tip #5: Restricting Web Access

Certain databases, you just dont want people to browse to names.nsf for example

Create a rule redirecting all requests to that URL to a HTML file You dont need Internet sites enabled

but im assuming you do

Go to the internet sites view Create a global web settings document Give it a name and save it


Tip #5: Restricting Web Access

Open the global settings document and create a rule

Point all requests to the database to a html file you have written..


Tip #6 - Domcfg.nsf

Use it Amazingly useful for redirections, mappings and customised .nsf Error

messages Check the ACL

Anonymous should have reader but NOT write public access Here it is wrong!

14


Tip #7 - Customising 404 errors for non .nsf files

This is nice! What if someone browses for a html file on your webserver? Domcfg.nsf doesn't load custom errors

You get the basic 404 error message Write your own html error message!

Add this to notes.ini HTTPMultiErrorPage=/error.html

15


Tip #8: Setup Internet password lockouts

A nice, easy method to secure your domino http accounts Configured by policies and/or configuration document

Record number of tries ...


Tip #9: Is your http security enabled

Very common security hole By default the browser access to servers bypasses the server security section

Not a good thing

Go to server document Ports / Internet Ports section Web section Set ENFORCE SERVER ACCESS SETTINGS TO Yes


Tip #10 - Stop agents creating indexes

Seen this before? "Warning: Agent is performing full text operations on database '' which is not

full text indexed. This is extremely inefficient." This is BAD

Very inefficient on server Notes.ini FT_FLY_INDEX_OFF=1

Stops the agent from occurring Error returned on console db not indexed Prevents agent but stops server performance hit!

18


Tip #11: Making Server Availability Index work!

The Server Availability Index is a mystery If you want to understand it, go download the clustering session with Kathleen

McGivney and myself at www.pmooney.net/resources (bring a calculator)

If you want it to cheat.. Type in SH AI on the Domino 7 console (or higher) It will tell you what to set the SERVER_TRANSINFO_RANGE= value to in the ini file Availability index will be more accurate now

You have to check this frequently Base your calculations when server is busy


Tip #12: Its all about the disks...

Domino is very reliant on disk performance Know your arrays! Ensure if you are on a SAN that you have dedicated LUN and disks for Domino

data directory Make the SAN administrator promise!

Domino is disk read intensive More so then disk write intensive


Tip #13: Get simple server information

Use the domino server properties box Bring up any properties box in the admin client Change it to SERVER properties


Tip #14: Separate View updates from FTIs

If you have many applications Busy update task

View updates suffer as Full Text Updates are still in operation

Separate the FTI update from the view update FTI updates happen in their own memory thread Performance improves

Update_Fulltext_Thread=1


Tip #15: Take Full text indexing out of Domino memory pool

You can take the FTI thread out of the limited Domino update pool ftg_use_sys_memory=1

Full text thread now gets memory from the OS pool Frees up domino system memory


Tip #16: Dont want certain attachments indexed? You can exclude attachments from indexing at server level

FT_Index_Ignore_Attachment_Types=*.EXT

Excluding attachment formats will improve indexing By default, the following are ignored:

.NSF .NTF .SYS .PAG .IMG .WAV .GIF .JPG .DLL .TAR .EXE .ZIP .AU .MPG .MOV .MP3


Tip #17: Cluster auxiliary port (ND8)

What if the private NIC fails? You should have standard replication as a backup to cluster replication anyway

For a few reasons!

Server_Cluster_Auxiliary_Port=* Tells the cluster engine to failover to alternative port if default port is unavailable


Tip #18: Set DNS on Domino

By default Domino obeys the host OS DNS servers Usually this is fine

Can cause issues You can tell the Domino server to use specific DNS servers

Registry key change or Notes.ini parameter

Enter the following in the server notes.ini DNSServer=x.x.x.x, x.x.x.x

x.x.x.x = IP address of the DNS server you wish to use


Tip #16: Remove MIME conversions from log

Have you ever seen this on your console? Message converted to MIME format....

Annoying isnt it? Happens all the time

You only want to know when it doesnt work

Converter_log_level=10 Only errors logged


Tip #19: Pasting images into mail

From 8.5 on onwards, images pasted into emails are compressed!

Huge saving on disk space! Did you know, a notes.ini setting has been available since 6.5.4? OptimizeImagePasteSize=1


Tip #20: Remove files from your servers

Old but good Do you use modem files

Really? How very 1997 of you

The mdm directory should be removed on all domino servers Security risk

Templates? Take them away if not used all the time

Webadmin.nsf Do you use it? If not, delete it and webadmin.ntf

There will be an error on HTTP startup Ignore it


Tip #21: Load the Files Tab on Admin client quicker

The Data\Domino directory contains LOTS of files Especially if you are running a webserver

The notes admin client may try to list all these Slows things down in the FILES tab

8.5 and later Add the following line to notes.ini on admin client Admin_client_skip_domino=1

The Domino directory is skipped!


Tip #22: Delayed email notifications

Domino is used by really big companies Still, typically no more then 6 hops MAX to get mail from sender to recipient

Server failure causes NDR mail to sender What if its not your fault?

Comms line down Other server down?

What if the message is pending, waiting to get to the recipient You can warn the sender that the message is delayed! Configuration document


Tip #23: Log the IP address of users that access

LOG_SESSIONS=2 in the notes.ini of their server IP address logged for all users now

IP addresses come up on console Stored in log.nsf


YEP - PAUL ADDED THIS TIP AGAIN YEP... PAUL ADDS IT EVERY YEAR YEP... YOU ALL SAY YOU WILL DO IT

Then laugh... The ID files for servers are usually created without a password

If captured, this can compromise security

Place a password on the server.id file Restart server command does not require password to be entered the password is

cached Automatic fault recovery does not require password

Dont hate me for saying this!

Tip #24: Secure the ID Files of Your Servers


Tip #25: Want to list all database information?

Sh Dir -xml >mydata.xml Writes an xml file to the domino directory All data in there Open in browser/import into spreadsheet

Or Julian Robichaux has a free tool

Will export all information from the Files tab to a csv file for you Its free! http://www.nsftools.com/blog/blog-08-2008.htm#08-22-08


Tip #26: When upgrading...

Build a table List ALL the products that touch Domino / Notes at ANY level

Fill out the versions of these products CHECK IT IS SUPPORTED ON THE NEW BUILD!

If not, deal with that issue before upgrading!


Tip #27: Change Attachment Handling on Client

Notes client gives options with attachments Users get confused Too many options!

Remove the options! AttachmentActionDefault=1 Double-click on attachment opens attachment by default


Tip #28: Quick Blackberry tip!

Disclosure... I love this one! Want to ensure an email gets to a blackberry?

I never got that message....blah blah blah!

At the START of your subject place in the line The unit will send you a confirmation receipt

There are other tags you can use... is an example


Tip #29: Get rid of all users with manager access to mail files

Very common problem User registered with manager access to mail file

User can now go wild...(and they will) Delete file Encrypt file Screw with design..

Free tool! Checks for owner field in mail file and resets ACL to whatever you want Runs on server pmooney.net/resources page


Tip #30: When upgrading - copy templates

Did you know that the system databases have had the same replica id for years?

pubnames.ntf admin4.ntf most of the others

It is a GOOD idea to create a new database copy of the templates before you plan start a domain upgrade

Prevents other copies of templates causing replication issues for you


Tip #31: Want to have repeating console commands?

Type in a console command e.g. SH US

Press enter Now press ~

Command will start repeating until you press enter Set the interval on the commands with the following server notes.ini parameter

Console_Interate_Delay=n n=seconds


Tip #32: Run your domino server in the java console

Folks.. its time to do it Move your domino server into the server controller and java console. Stop your domino server Launch REGEDIT Go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lotus Domino Server (LotusDominoData)

Modify the ImagePath key Change to

"D:\Lotus\Domino\nservice.exe" "=D:\Lotus\Domino\notes.ini" -jc


Tip #32: Run your domino server in the java console

Start the service again...and the server controller and java console launch Now you can use the

java controller from your admin client

From your notes\ directorylaunch jconsole.exe

Enter your user name Enter your internet password

You can now do much more Server commands Multi-server commands Stop/start server Batch commands


Tip #33: RTFRL

Read the release notes

They are there to make your life easier

They are good

They will save you time


Tip #34: Adding same db from multiple servers to workspace

Create a new button on your toolbar. Copy in this text _names := @Subset(@MailDbName; 1) : "names.nsf"; _servers := @PickList

([Custom]; _names; "Servers"; "Select servers"; "Select servers to add database from"; 3); _db := @Prompt([OkCancelEdit]; "Enter database"; "Enter the file name and path of the database to add."; "log.nsf"); @For( n := 1; n


Tip #34: Adding same db from multiple servers to workspace

Now.. click on it All the databases with that name

will be added to the workspace (hopefully they stack ;) ) Thank Thomas Bahn for this!

http://www.assono.de/blog/


Tip #35: Enabling the OOO service?

Lovely new feature in ND8.x Want to do it properly? Follow these steps

Disable everyones existing OOO agents Load the service Re-enable the OOO agents

Prevents OOO issues post configuration change


Tip #36: New way to open an admin console

Recon! Thanks to Julian Robichaux Server console widget


Tip #37: Your service

Your service is key

Protect it


Tip #38: Hiding SMTP details

Every time your domino server talks over SMTP, it can tell people lots of things about itself

A lot of unnecessary data given away Not always a good thing

There are always exploiting methods So.. lets hide it


Tip #38: Hiding SMTP details

Add the following to your server notes.ini SMTPGREETING=text here

Now look what happens No server data


Tip #39: More Hiding of SMTP details

Your Domino server data is still visible in the MIME headers though!

Lets hide that


Tip #39: More Hiding of SMTP details

In the Server notes.ini Add SMTPNOVERSIONINRCVDHDR=1 Restart

Gone!


Tip #40: Hide your client details

The notes client version is still listed You can hide it too

Go to your configuration document



Go to MIME tab of the configuration document Advanced sub-tab Advanced Outbound Message Options sub-tab

In the Notes items to be removed from headers field Add $Mailer, $MIMETrack



Now look at your message header

Client details gone


Tip #41: Pasting commands into consoles

Paul nods and Andy and Rob for this one If you try to paste into the admin console (CTRL-v) it will overwrite any other text

you have placed in there already. Example, you are trying to paste in a file name after some command text entered Gets very annoying

Use SHIFT-INSERT instead It works


Tip #42: Hide unused features from the sidebar

Or the sidebar completely! Use a policy

Desktop settings Preferences Window Management


Tip #43: Bypass restriction on Accelerated create replica

Accelerated Create Replica (ACR) is a dammed useful tool Speeds up replica creation

Problem - it has very specific restrictions on when it can be used Versions of domino No DAOS Full text index settings identical Must be clustered

Add ADMINP_ACCELERATED_REPLICA_OVERRIDES=n n = 1,4,5 Bypasses many restrictions

1 = Ignore version and Reply/forward properties checked 4 = Ignore checking to see if servers are clustered 5 = Ignore 1 and 4


Tip #44: Troubleshoot blackberry data

Problems with syncing contacts? You can purge all local contacts and recall from server

Go into your Blackberry address book Go to OPTIONS menu

Type in RSET You will be prompted Say YES

Works in Calendar too!


Tip #45: Set a program document to run on all servers

You can use a wildcard in program documents When specifying server

Prevents you having to have multiple documents


Tip #46:Getting error text for an error number

Daniel Nashed to thank for this I have used it many times

Sometimes Notes clients/Servers may display an error number with no description

e.g. Lotus Notes error 0x1767 Want to know what the error means?

Type in Show Message 1767 on the domino console Error message displayed


Tip #47: Ignore location document inet address

Users like to change their internet address in their location document [email protected] [email protected] etc etc

Want the domino server to ignore the location document email address And only obey the internet address field in the person doc?

RouterTranslateSpecial=1 on the server notes.ini Now it doesnt matter what they set it to


Tip #48: More compact options!

8.5 and up only Add the following to your server notes.ini

DEBUG_ENABLE_COMPACT_8_5=1

You now have more compact options Load Compact -W nn

Compact databases NOT compacted in the last number (nn) of days Load Compact -w

Compact system databases only Load Compact -X nn

Limit the time for compacting databases to number (x) of minutes Load Compact -# nn

Start multiple (nn) compact tasks simultaneously


Tip #49: Want to add to your quota warning?

quotawarningtext= Use your policies

Use your default policy Go to the desktop settings document Custom Settings Notes.ini Edit Text


Tip #49: Want to add to your quota warning?

Warning text ini file parameter will be written to the notes.ini on the clients You can add a more personal message

Advice Links to urls Threats


Tip #50: Show Opendatabases

Want to list all databases open on the server? Show Opendatabases


Tip #51: Changing recent contacts

The recent contacts feature is marmite Users love it or hate it

You can change how it works via policy On or off Desktop settings

You can go further in 852 Notes.ini settings

Deploy using your policies DisableDPABProcessing=1

Disables recent contacts DisableDPABCCprocessing=1

Do not add to recent contacts any name in CC or BCC field in mails you receive To field still added

DisableDPABRecievedprocessing=1 Disable from any received emails Addresses you type are still added


Tip #52: Watch your replicas on the same server

Dennis Van Remortel reminded me of this one Never, ever ever have multiple replicas of the same database on the same

domino server It will break your heart It will break your replication

Notes clients *will* find that replica at some stage and start working off it Use the catalog.nsf to find duplicate replicas per server


Tip #53: Structure your groups

a.k.a. How to really really really annoy Paul Prefix all your group names with your company name

ACMEAllUsers ACMEAdmins ACMERegionalUsers ACMEDevelopers

Then.. search for something Then commence banging your head on desk Prefix group names intelligently

Use Symbols, e.g. $Admins for system groups %AllUsers for mailshot groups DBNAME_users for Database related groups


Tip #54: Multiple administration groups All to many sites..

A single Administrators group

Some people have too much power No control I have seen users in Admin groups to bypass request issues

Create many admin groups $FAA

Full Access Admin Group $DBAdmins

Database administrators Group $UserManage

User Management Group $UserManageDeploy

User/Policy Management Group $ServerAdmins

Server management group

Use notification groups Different groups for different issues


Tip #55: Learn the tools

There are SO MANY tools in the Admin client Never used Timesavers Performance enhancers

Some easy to use Some not Learn

Cluster analysis log analysis Domino Domain Monitor Domino Configuration Tuner License Tracker Activity Monitor


Tip #56: Local open with IP address

Prefix to this tip Never do it unless you have to Never do it on a users machine EVEN if you have to

If you cannot resolve the name of the domino server File/Open/Application Enter IP address Notes client will create a local connection document in names.nsf


Tip #57: Local open with IP address

Think first.. DNS should be working instead of doing this Managing all these connections will become your problem

Note - the connection document is added as low priority This can/will prevent it working all the time

Open the local connection document In Names.nsf locally Under Advanced / Connections Open document and go to Advanced tab


Tip #58: Hide documents in the nab

Tired of people accidentally emailing the AllUsers group in your company? Hide it

Create a group of users that are permitted to use/email your secure groups



Now right click on the AllUsers group and go to the Properties/Security tab Deselect All Readers and Above Add LocalDomainServers Add LocalDomainAdmins Add the permitted group



Even if non-permitted people know the group name, they cannot mail the group Details here

http://www.pmooney.net/2007/10/preventing-users-from-mailing-specific-groups/

Warning - YMMV There are *lots* of ways to achieve this.


Tip #59: Hide views in the nab

Marie Scott to thank for this one What about the domino directory views?

Users need access to the domino directory for lookups In theory, they can open and see all views in the directory

System views (e.g. Servers, connections) Custom Views

Why not hide them too? Open names.nsf in designer Right click on view Go to properties Change readers to selected gorups/roles Dont forget to include admins and servers

Details here http://www.bleedyellow.com/blogs/crashtestchix/entry/

admin_tip_hidden_views_the_domino_directory12?lang=en


Tip #60: Want to open someones mail file quickly?

The people view of the directory has an action button Open Mail File

Find the person in the domino directory Click on the button

It automagically brings you there


Thank you...

Paul [email protected]/pmooney.net


Legal Disclaimer IBM Corporation 2009. All Rights Reserved.

The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBMs current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.

References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBMs sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.

IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both.

IJava and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.

Other company, product, or service names may be trademarks or service marks of others.

2011 domino admin blast

Documents

ibm lotus domino

ibm lotus symphony

ibm lotus notes

http sites

tip pages

sites dont

internet sites

new databases