Professional Documents
Culture Documents
AdministeringtheDominosystem Volume6
AdministeringtheDominosystem Volume6
Lotus Domino 6
Disclaimer
THIS DOCUMENTATION IS PROVIDED FOR REFERENCE PURPOSES ONLY. WHILE EFFORTS
WERE MADE TO VERIFY THE COMPLETENESS AND ACCURACY OF THE INFORMATION
CONTAINED IN THIS DOCUMENTATION, THIS DOCUMENTATION IS PROVIDED AS IS
WITHOUT ANY WARRANTY WHATSOEVER AND TO THE MAXIMUM EXTENT PERMITTED,
IBM DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION THE
IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT AND FITNESS FOR A
PARTICULAR PURPOSE, WITH RESPECT TO THE SAME. IBM SHALL NOT BE RESPONSIBLE FOR
ANY DAMAGES, INCLUDING WITHOUT LIMITATION, DIRECT, INDIRECT, CONSEQUENTIAL
OR INCIDENTAL DAMAGES, ARISING OUT OF THE USE OF, OR OTHERWISE RELATED TO,
THIS DOCUMENTATION OR ANY OTHER DOCUMENTATION. NOTWITHSTANDING
ANYTHING TO THE CONTRARY, NOTHING CONTAINED IN THIS DOCUMENTATION OR ANY
OTHER DOCUMENTATION IS INTENDED TO, NOR SHALL HAVE THE EFFECT OF, CREATING
ANY WARRANTIES OR REPRESENTATIONS FROM IBM (OR ITS SUPPLIERS OR LICENSORS), OR
ALTERING THE TERMS AND CONDITIONS OF THE APPLICABLE LICENSE AGREEMENT
GOVERNING THE USE OF THIS SOFTWARE.
Copyright
Under the copyright laws, neither the documentation nor the software may be copied, photocopied,
reproduced, translated, or reduced to any electronic medium or machine-readable form, in whole or
in part, without the prior written consent of IBM, except in the manner described in the documentation or the applicable licensing agreement governing the use of the software.
Copyright IBM Corporation 1985, 2002
All rights reserved.
Lotus Software
IBM Software Group
One Rogers Street
Cambridge, MA 02142
US Government Users Restricted Rights Use, duplication or disclosure restricted by GS ADP
Schedule Contract with IBM Corp.
List of Trademarks
1-2-3, cc:Mail, Domino, Domino Designer, Freelance Graphics, iNotes, Lotus, Lotus Discovery Server,
Lotus Enterprise Integrator, Lotus Mobile Notes, Lotus Notes, Lotus Organizer, LotusScript, Notes,
QuickPlace, Sametime, SmartSuite, and Word Pro are trademarks or registered trademarks of Lotus
Development Corporation and/or IBM Corporation in the United States, other countries, or both.
AIX, AS/400, DB2, IBM, iSeries, MQSeries, Netfinity, OfficeVision, OS/2, OS/390, OS/400, S/390,
Tivoli, and WebSphere are registered trademarks of International Business Machines Corporation in
the United States, other countries, or both. Pentium is a trademark of Intel Corporation in the United
States, other countries, or both. Microsoft, Windows, and Windows NT are registered trademarks of
Microsoft Corporation in the United States, other countries, or both. UNIX is a registered trademark
of The Open Group in the United States and other countries. Java and all Java-based trademarks and
logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States, other
countries, or both.
All other trademarks are the property of their respective owners.
Contents
Preface . . . . . . . . . . . . . . . . . . . . . . . xv
Volume 1
4 Setting Up Server-to-Server
Connections . . . . . . . . . . . . . . . . . . . 4-1
. . . . . . . . 1-1
Building the Domino environment . . . . . . 1-14
Guidepost for deploying Domino
. . . . . . . . . . . 2-1
Network security . . . . . . . . . . . . . . . . . . 2-6
Planning the TCP/IP network . . . . . . . . . 2-10
Planning the NetBIOS network . . . . . . . . 2-26
Planning the IPX/SPX network . . . . . . . . 2-29
Setting up Domino servers on the network . . 2-32
Server setup tasks specific to TCP/IP . . . . 2-43
Server setup tasks specific to NetBIOS . . . . 2-58
Server setup tasks specific to IPX/SPX . . . . 2-61
NOTES.INI settings for networks . . . . . . . 2-64
Lotus Domino and networks
...
Server installation . . . . . . . . . . . . . . . . . .
The Domino Server Setup program . . . . . . .
Installing and setting up Domino servers
...
Using the Domino Server Setup program . .
The Certification Log . . . . . . . . . . . . . . .
Server registration . . . . . . . . . . . . . . . .
Optional tasks to perform after server setup . .
3-1
3-3
3-8
...
3-46
. . . . . 4-1
How a server connects to another server . . . 4-4
Internet connections . . . . . . . . . . . . . . . 4-21
Passthru servers and hunt groups . . . . . . 4-23
Planning the use of passthru servers . . . . . 4-25
Setting up a server as a passthru server . . . 4-27
Setting up a server as a passthru destination . . 4-28
Planning for modem use . . . . . . . . . . . . 4-33
Commands for acquire and connect scripts . . 4-53
Connecting Notes clients to servers . . . . . . 4-55
Planning server-to-server connections
...............
...
Setting up client installation for users . . . .
Managing users . . . . . . . . . . . . . . . . . .
License Tracking . . . . . . . . . . . . . . . . .
Custom welcome page deployment . . . . .
5-1
5-38
5-41
5-54
5-85
5-87
3-10
3-17
Using groups
3-28
3-29
3-34
.....................
Creating and modifying groups . . . . . . . . .
Managing groups . . . . . . . . . . . . . . . . . .
Assiging a policy to a group . . . . . . . . . . .
6-1
6-2
6-8
6-9
iii
........................
How server-to-server replication works . . . .
Replicas
......
7-1
7-3
7-5
. . . . . . . . 7-6
. . . . . . . . . . 7-11
....
Scheduling server-to-server replication . . .
Customizing server-to-server replication . .
Specifying replication direction . . . . . . . .
Scheduling times for replication . . . . . . . .
Replicating only specific databases . . . . . .
Replicating databases by priority . . . . . . .
Limiting replication time . . . . . . . . . . . .
Using multiple replicators . . . . . . . . . . .
Refusing replication requests . . . . . . . . . .
Forcing immediate replication . . . . . . . . .
Disabling database replication . . . . . . . . .
Forcing a server database to replicate . . . .
Viewing replication schedules and
topology maps . . . . . . . . .
......
7-17
7-20
7-22
7-23
7-24
7-27
7-28
7-29
7-30
7-31
. . 8-20
9 Using Policies . . . . . . . . . . . . . . . 9-1
Policies . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
Policy hierarchy and the effective policy . . . 9-3
Planning and assigning policies . . . . . . . . . 9-6
Creating policies . . . . . . . . . . . . . . . . . . 9-7
Mail archiving and policies . . . . . . . . . . . 9-22
Managing policies . . . . . . . . . . . . . . . . 9-35
Viewing policy relationships . . . . . . . . . . 9-37
10 Setting Up Domain Search . . . 10-1
Domain Search . . . . . . . . . . . . . . . . . . . 10-1
Planning the Domain Index . . . . . . . . . . 10-4
Creating and updating the Domain Index . 10-14
Customizing Domain Search forms . . . . . 10-18
Setting up Notes users for Domain Search . 10-19
Setting up Web users for Domain Search . 10-20
Using content maps with Domain Search . 10-21
NOTES.INI settings for Domain Search . . 10-23
7-32
7-33
7-34
7-31
............
...............
............
....
..
11-1
12-1
12-4
8-1
Setting up scheduling
8-5
8-7
......
. . . . . . . . 8-9
Editing and deleting Resource documents . . 8-13
Creating Holiday documents . . . . . . . . . . 8-17
iv Administering the Domino System, Volume 2
.........
12-16
13-1
13-2
...
.......
13-3
..
...
13-3
15 Setting Up the
Administration Process . . . . . . . . 15-1
13-4
. 13-5
Example of registering a hosted organization . . 13-8
Registering a hosted organization . . . . . 13-11
Using Internet and Web Site documents in
a hosted environment . . . . . . . . . 13-18
Global Web Settings documents and the
service provider environment . .
Configuring activity logging for billing
hosted organizations . . . . . . .
..
13-21
...
13-23
14 Managing a Hosted
Environment . . . . . . . . . . . . . . . . . 14-1
Maintaining hosted organizations
......
14-1
14-2
14-3
......
...
..
14-4
14-4
14-5
..
14-10
...
14-11
.....
14-12
.....
..
..
The Administration Requests database . .
Customizing the Administration Process .
Adminstration Process Statistics . . . . . . .
Administration request messages . . . . . .
.
Viewing hosted organizations . . . . . . . .
Managing users at a hosted organization .
Using the Web Administrator to manage
users at a hosted organization . . .
14-12
14-14
14-14
...........
Installing the Domino Administrator . . . .
Setting up the Domino Administrator . . . .
Starting the Domino Administrator . . . . .
Navigating Domino Administrator . . . . . .
14-15
15-5
15-7
15-8
15-13
15-19
15-29
15-35
15-36
16-1
16-1
16-2
16-2
16-3
. . . . . 16-4
Setting Domino Administration preferences . . 16-5
Domino Administrator tabs . . . . . . . . . 16-13
Web Administrator . . . . . . . . . . . . . . . 16-17
Setting up the Web Administrator . . . . . 16-17
Starting the Web Administrator . . . . . . . 16-22
Using the Web Administrator . . . . . . . . 16-23
The Server Controller and the Domino
Console . . . . . . . . . . . . . . .
...
16-28
15-1
....
........
..........
Setting up the Administration Process . . . .
...
17-1
..
17-6
Contents v
....
17-23
. . . . . 17-25
18 Planning Directory Services . . 18-1
Overview of Domino directory services . . . 18-1
Using directory servers in a Domino
domain . . . . . . . . . . . . . . .
.....
Planning LDAP features . . . . . . . . . . . . .
Planning directory access control . . . . . . .
Planning new entries in the Domino
Directory . . . . . . . . . . . . .
.....
18-1
18-3
18-7
18-7
18-9
....
18-10
18-12
...
.............
18-15
....
Planning directory customization . . . . . .
Directory services terms . . . . . . . . . . . .
18-18
18-19
18-20
..............
....
19-1
19-2
.....
19-16
. . . . 19-17
20 Setting Up the LDAP Service . . 20-1
The LDAP service . . . . . . . . . . . . . . . . . 20-1
How the LDAP service works . . . . . . . . . 20-2
Setting up the LDAP service . . . . . . . . . . 20-7
Starting and stopping the LDAP service . . . 20-8
Customizing the LDAP service
configuration . . . . . . .
. . . . . . . . . 20-9
Setting up clients to use the LDAP service . 20-34
Using LDAP to search a Domain index . . 20-36
Monitoring the LDAP service . . . . . . . . 20-37
NOTES.INI settings for the LDAP service . 20-41
RFCs supported by the LDAP service . . . 20-42
21 Managing the LDAP Schema . . 21-1
LDAP schema . . . . . . . . . . . . . . . . . . . 21-1
The Domino LDAP schema . . . . . . . . . . . 21-2
The schema daemon . . . . . . . . . . . . . . . 21-5
Domino LDAP Schema database . . . . . . . 21-7
Methods for extending the schema . . . . . 21-10
Extending the schema using the Schema
database . . . . . . . . . . . . . . . .
..
Schema-checking . . . . . . . . . . . . . . . .
Searching the root DSE and schema entry .
21-13
21-18
21-19
..
19-2
. 21-21
22 Using the ldapsearch Utility . . 22-1
..
19-5
. . . . . . . 19-9
. . . . . . . . . . . . . 19-13
19-15
.....
Table of ldapsearch parameters . . . . . . . .
Using search filters with ldapsearch . . . . .
22-1
22-2
22-4
22-5
22-6
....
.........
23 Setting Up Directory
Assistance . . . . . . . . . . . . . . . . . . . 23-1
. . . . . . . . . . . . . . . 23-1
How directory assistance works . . . . . . . . 23-2
Directory assistance services . . . . . . . . . . 23-3
Directory assistance concepts . . . . . . . . 23-12
Directory assistance and naming rules . . . 23-12
Directory assistance and domain names . . 23-18
Directory assistance and failover for a
directory . . . . . . . . . . . . . . .
Directory assistance
...
23-19
....
24-15
24-16
.
....
24-25
....
24-26
24-29
....
..........
24-33
24-34
23-22
24-45
23-24
.....
Number of directory assistance databases .
Setting up directory assistance . . . . . . . .
Directory assistance examples . . . . . . . .
Monitoring directory assistance . . . . . . .
23-26
23-29
23-29
23-51
23-60
24 Setting Up Directory
Catalogs . . . . . . . . . . . . . . . . . . . . . 24-1
.................
Condensed Directory Catalogs . . . . . . . .
Directory catalogs
..
Extended Directory Catalogs . . . . . . . . . .
Overview of directory catalog setup . . . . .
Planning directory catalogs . . . . . . . . . . .
Directory catalogs and client
authentication . . . . .
..........
......
Picking the server(s) to run the Dircat task .
24-1
24-2
24-4
24-5
24-8
24-9
24-9
24-14
24-14
.....
..................
. . . . . . . . 24-49
25 Setting Up Extended ACLs . . . 25-1
Extended ACL . . . . . . . . . . . . . . . . . . . 25-1
Monitoring directory catalogs
. . . . . 25-2
Elements of an extended ACL . . . . . . . . . 25-3
Extended ACL access settings . . . . . . . . . 25-3
Extended ACL subject . . . . . . . . . . . . . . 25-9
Extended ACL target . . . . . . . . . . . . . . 25-12
Extended ACL examples . . . . . . . . . . . 25-19
Extended ACL guidelines . . . . . . . . . . . 25-22
Setting up and managing an extended
ACL . . . . . . . . . . . . . . . . .
...
25-22
...............
....
The Domino mail server and mail routing . .
Overview of routing mail using Notes
routing . . . . . . . . . . . . . . . .
...
26-1
26-2
26-5
26-17
Contents vii
...
26-21
Mail journaling
. . . 26-25
27 Setting Up Mail Routing . . . . . 27-1
The Domino mail router . . . . . . . . . . . . . 27-1
Planning a mail routing topology . . . . . . . 27-2
Sample mail routing configurations . . . . . 27-9
Creating a Configuration Settings
document . . . . . . . . . . .
27-18
27-20
......
...........
27-37
27-42
...
Routing mail over transient connections .
27-58
27-59
. . . . . . . . . . . . . . . . . 28-1
Controlling messaging . . . . . . . . . . . . . . 28-1
Improving mail performance . . . . . . . . . . 28-2
Controlling message delivery . . . . . . . . . 28-8
Setting server mail rules . . . . . . . . . . . . 28-20
Customizing message transfer . . . . . . . . 28-26
Setting transfer limits . . . . . . . . . . . . . 28-33
Customizing mail
...
Customizing Notes routing . . . . . . . . . .
Customizing SMTP Routing . . . . . . . . .
Changing SMTP port settings . . . . . . . .
Restricting SMTP inbound routing . . . . .
Preventing unauthorized SMTP hosts
from using Domino as a relay
....
..
28-39
28-50
28-57
28-58
28-70
. . . . . 28-98
. . . . . . . . . . . . . . . . . 28-105
. 28-115
29 Setting Up Shared Mail . . . . . . 29-1
Shared mail overview . . . . . . . . . . . . . . 29-1
Setting up shared mail databases . . . . . . . 29-5
Managing a shared mail database . . . . . 29-11
Disabling shared mail . . . . . . . . . . . . . 29-25
30 Setting Up the POP3 Service . . 30-1
The POP3 service . . . . . . . . . . . . . . . . . 30-1
Setting up the POP3 service . . . . . . . . . . 30-2
Setting up POP3 users . . . . . . . . . . . . . . 30-7
31 Setting Up the IMAP Service . . 31-1
The IMAP service . . . . . . . . . . . . . . . . . 31-1
Setting up the IMAP service . . . . . . . . . . 31-4
Customizing the IMAP service . . . . . . . . 31-5
Setting up IMAP users . . . . . . . . . . . . . 31-22
IMAP settings in the server NOTES.INI
file . . . . . . . . . . . . . . . . . . . .
31-39
. . . . . . . . . . . . . . . . 32-1
iNotes Access for Microsoft Outlook . . . . 32-11
33 Monitoring Mail . . . . . . . . . . . . 33-1
Tools for mail monitoring . . . . . . . . . . . . 33-1
Setting up mail monitoring . . . . . . . . . . . 33-3
Viewing mail usage reports . . . . . . . . . 33-16
iNotes Web Access
.............
28-75
28-86
Setting up WebDAV
..
34-1
. . . . . 34-4
. . . . . . . . . . . . . . 34-15
................
Web Site rules and global Web settings . .
Custom Web server messages . . . . . . . .
Improving Web server performance . . . .
Hosting Web sites
Certificates
34-34
34-48
34-52
.....................
34-17
......
39-2
39-4
. . . . . . . 39-8
ID recovery . . . . . . . . . . . . . . . . . . . . 39-14
Public key security . . . . . . . . . . . . . . . 39-22
35-1
39-27
39-29
....
. . . . . . . . . . . . . . . . 36-1
Setting up a Web Navigator server . . . . . . 36-2
Customizing the Web Navigator . . . . . . . 36-6
The Web Navigator database . . . . . . . . . 36-10
Customizing the Web Navigator database . 36-11
The Web Navigator
Volume 2
37 Planning Security . . . . . . . . . . 37-1
. . . . . . . . . 37-1
. . . . . . . . . . 37-5
. . . . . . . . . . . 37-8
. . . . . . . . . 37-11
38 Controlling Access to
Domino Servers . . . . . . . . . . . . . . . 38-1
Validation and authentication for Notes
and Domino . . . . . . . . . . . . .
Server access for Notes users, Internet
users, and Domino servers . . .
...
38-1
....
38-2
. . . . 38-4
Customizing access to a Domino server . . . 38-7
Physically securing the Domino server . . 38-23
39 Protecting and Managing
Notes IDs . . . . . . . . . . . . . . . . . . . . 39-1
Domino server and Notes user IDs
......
39-1
. . . . . . . . 40-1
Default ACL entries . . . . . . . . . . . . . . . 40-2
Acceptable entries in the ACL . . . . . . . . . 40-4
Configuring a database ACL . . . . . . . . . 40-11
Access levels in the ACL . . . . . . . . . . . 40-13
Access level privileges in the ACL . . . . . 40-16
User types in the ACL . . . . . . . . . . . . . 40-19
Roles in the ACL . . . . . . . . . . . . . . . . 40-20
Managing database ACLs . . . . . . . . . . . 40-22
The database access control list
....
40-23
40-24
..
......
Enforcing a consistent access control list .
Setting up database access for Internet users .
40-24
40-25
..
40-28
40-30
40-30
............
41-1
Contents ix
.............
41-6
42 Setting Up
Name-and-Password and
Anonymous Access to Domino
Servers . . . . . . . . . . . . . . . . . . . . . . 42-1
46-14
.......
46-20
...
42-1
.....
42-6
Multi-server session-based
name-and-password authentication
for Web users (single sign-on) . . .
.
Managing Internet passwords . . . . . . . .
Anonymous Internet/intranet access . . .
Validation and authentication for
Internet/intranet clients . .
46-11
.....
.............
......
.....................
Mail encryption . . . . . . . . . . . . . . . . . .
Electronic signatures . . . . . . . . . . . . . . .
Encryption
43-1
43-4
43-9
44 Setting Up a Domino
Server-Based Certification
Authority . . . . . . . . . . . . . . . . . . . . 44-1
Domino server-based certification
authority . . . . . . . . . . .
.......
44-1
.......
44-5
45 Setting Up a Domino 5
Certificate Authority . . . . . . . . . . . 45-1
....
Setting up a Domino 5 certificate authority . .
Using a Domino 5 certificate authority
....
..........
46-25
47-1
. . . 47-3
Internet certificates for SSL and S/MIME . . 47-5
Setting up Notes clients for S/MIME . . . . 47-13
Dual Internet certificates for S/MIME
encryption and signatures . .
....
..
47-17
47-18
. . . 47-23
48 Rolling Out Databases . . . . . . 48-1
Database design, management, and
administration . . . . . . . . .
......
Rolling out a database . . . . . . . . . . . . . .
Copying a new database to a server . . . . .
Creating a Mail-In Database document for
a new database . . . . . . . . . . . . .
..
Adding a database to the Domain Index . .
Signing a database or template . . . . . . . .
48-1
48-1
48-4
48-5
48-7
48-7
45-1
49 Organizing Databases on a
Server . . . . . . . . . . . . . . . . . . . . . . . 49-1
45-1
.......
49-1
.....................
Setting up SSL on a Domino server . . . . . .
SSL security
46-1
46-2
....
50-1
51 Setting Up Database
Libraries and Catalogs . . . . . . . . . 51-1
Database libraries
.................
..
Publishing databases in a library . . . . . . .
Database catalogs . . . . . . . . . . . . . . . . .
Setting up a servers database catalog . . . .
51-1
51-2
51-3
51-4
51-5
. . . . . . . . 52-1
Monitoring events on the Domino system . . 52-2
Event generators . . . . . . . . . . . . . . . . . 52-3
Event handlers . . . . . . . . . . . . . . . . . . 52-14
Viewing an event report . . . . . . . . . . . . 52-20
Monitoring the Domino system
....
.
Statistics and the Domino system . . . . . .
Platform statistics . . . . . . . . . . . . . . . .
Using the Domino Administrator to
monitor statistics . . . . . . .
.....
Charting statistics . . . . . . . . . . . . . . . .
Domino server monitor . . . . . . . . . . . .
Profiles and the Domino server monitor .
....
Activity Trends . . . . . . . . . . . . . . . . .
Setting up Activity Trends . . . . . . . . . .
Activity Trends server and statistics
profiles . . . . . . . . . . . . . .
.....
Resource balancing in Activity Trends . . .
Setting up resource balancing in Activity
Trends . . . . . . . . . . . . . . . . . .
...........
Configuring the Domino SNMP Agent . . .
The Domino SNMP Agent
54-1
54-2
54-3
54-5
54-6
54-8
54-13
54-17
54-18
54-22
54-26
54-27
.....
54-34
52-24
Analyzing resource-balancing
distributions . . . . . . .
54-37
52-26
........
...........
54-48
52-31
54-51
52-36
Resource-balancing plans
54-53
52-40
52-20
52-21
52-43
...
Server Health Monitor . . . . . . . . . . . . . .
Table of Server Health Monitor statistics . .
Table of Server Health Monitor ratings . . .
Server Health Monitor configuration . . . . .
Using the Server Health Monitor . . . . . . .
IBM Tivoli Analyzer for Lotus Domino
Understanding resource-balancing
behavior . . . . . . . . . . . . .
53-1
53-8
53-21
.....
53-24
...
...........
..
54-61
...............
How transaction logging works . . . . . . . .
Planning for transaction logging . . . . . . .
Transaction logging
.........
Changing transaction logging settings . . . .
55-1
55-3
55-4
55-5
55-7
Contents xi
. . . . . . 55-8
View logging . . . . . . . . . . . . . . . . . . . . 55-9
Using transaction logging for recovery . . . 55-9
Fault recovery . . . . . . . . . . . . . . . . . . 55-10
56 Using Log Files . . . . . . . . . . . . 56-1
The Domino server log (LOG.NSF) . . . . . . 56-1
Controlling the size of the log file
(LOG.NSF) . . . . . . . . . .
.......
Logging Domino Web server requests . . . .
56-1
56-8
. . . . . . . . . . . 56-8
Domino Web server logging to text files . . 56-10
57 Setting Up Activity Logging . . 57-1
. . . . . . . . . . . . . . . . . . 57-1
The information in the log file . . . . . . . . . 57-1
Configuring activity logging . . . . . . . . . 57-12
Viewing activity logging data . . . . . . . . 57-13
58 Maintaining Databases . . . . . . 58-1
Database maintenance . . . . . . . . . . . . . . 58-1
The Files tab in the Domino Administrator . . 58-2
Monitoring replication of a database . . . . . 58-6
Replication or save conflicts . . . . . . . . . . 58-8
Monitoring database activity . . . . . . . . . 58-11
Updating database indexes and views . . . 58-14
Managing view indexes . . . . . . . . . . . . 58-23
Activity logging
....
Fixing corrupted databases . . . . . . . . . .
Using Fixup . . . . . . . . . . . . . . . . . . .
Moving databases . . . . . . . . . . . . . . . .
Deleting databases . . . . . . . . . . . . . . .
Database analysis . . . . . . . . . . . . . . . .
58-24
58-25
58-26
58-33
58-36
58-37
. . . . . . . . . . . . . . . . . 59-1
Decommissioning a Domain Search server . 59-12
Uninstalling a Domino partitioned server . 59-13
Managing servers
60 Improving Server
Performance . . . . . . . . . . . . . . . . . 60-1
Improving Domino server performance
Tools for measuring server performance
...
..
..
60-1
60-2
60-3
60-5
60-6
.
..
. . . . . . . 60-9
. . . . . . 60-11
60-13
60-14
..
...
61 Improving Database
Performance . . . . . . . . . . . . . . . . . 61-1
Setting advanced database properties
....
61-1
. . . . . . . 61-3
The database cache . . . . . . . . . . . . . . . . 61-9
Controlling database size . . . . . . . . . . . 61-12
Tools for monitoring database size . . . . . 61-13
Monitoring database size . . . . . . . . . . . 61-13
Compacting databases . . . . . . . . . . . . . 61-13
Ways to compact databases . . . . . . . . . . 61-16
Database size quotas . . . . . . . . . . . . . . 61-23
Deleting inactive documents . . . . . . . . . 61-25
Using an agent to delete and archive
documents . . . . . . . . . . . .
61-27
61-29
....
.....
.....................
Server.Load agents . . . . . . . . . . . . . . . .
Server.Load metrics . . . . . . . . . . . . . . .
Server.Load
62-1
62-4
62-7
. . . . . . . 62-12
Idle Workload script . . . . . . . . . . . . . . 62-14
R5 IMAP Workload test . . . . . . . . . . . . 62-15
R5 Simple Mail Routing test . . . . . . . . . 62-20
R5 Shared Database test . . . . . . . . . . . . 62-24
SMTP and POP3 Workload test . . . . . . . 62-26
Web Idle Workload test . . . . . . . . . . . . 62-30
Web Mail test . . . . . . . . . . . . . . . . . . 62-31
63 Troubleshooting . . . . . . . . . . . 63-1
Troubleshooting the Domino system . . . . . 63-1
Troubleshooting tools . . . . . . . . . . . . . . 63-2
Overview of server maintenance . . . . . . . 63-6
Server maintenance checklist . . . . . . . . . . 63-6
Backing up the Domino server . . . . . . . . . 63-7
Administration Process
Troubleshooting . .
............
........
Database performance Troubleshooting .
Directories Troubleshooting . . . . . . .
Mail routing Troubleshooting . . . . . .
Meeting and resource scheduling
Troubleshooting . . . . . . . . .
63-8
63-12
63-16
63-21
63-36
....
63-45
.....
Platform statistics Troubleshooting . . .
63-48
..
Passthru connections Troubleshooting .
Replication Troubleshooting . . . . . . .
Partitioned servers Troubleshooting
63-78
63-79
63-80
. . . . 63-89
Server access Troubleshooting . . . . . . 63-91
Server crashes Troubleshooting . . . . . 63-96
Transaction logging Troubleshooting . 63-102
Web server, Web Navigator, and the Web
Administrator Troubleshooting
. 63-104
Server.Load Troubleshooting . . . . . . . 63-110
Appendix A Server Commands . . A-1
Appendix B Server Tasks . . . . . . . B-1
Appendix C NOTES.INI File . . . . . C-1
Appendix D System and
Application Templates . . . . . . . . . D-1
Appendix E Customizing the
Domino Directory . . . . . . . . . . . . . . E-1
Appendix F Administration
Process Requests . . . . . . . . . . . . . . F-1
Appendix G Novell Directory
Service for the IPX/SPX Network . . G-1
Appendix H Accessibility and
Keyboard Shortcuts in Domino
Administrator . . . . . . . . . . . . . . . . . H-1
Appendix I Server.Load
Command Language . . . . . . . . . . . . I-1
Appendix J Server.Load Scripts . . . J-1
Index . . . . . . . . . . . . . . . . . . . . . . Index-1
63-52
....
63-55
........
63-74
Contents xiii
Preface
The documentation for IBM Lotus Notes, IBM Lotus Domino, and IBM
Lotus Domino Designer is available online in Help databases and, with the
exception of the Notes client documentation, in print format.
License information
Any information or reference related to license terms in this document is
provided to you for your information. However, your use of Notes and
Domino, and any other IBM program referenced in this document, is solely
subject to the terms and conditions of the IBM International Program
License Agreement (IPLA) and related License Information (LI) document
accompanying each such program. You may not rely on this document
should there be any questions concerning your right to use Notes and
Domino. Please refer to the IPLA and LI for Notes and Domino that is
located in the file LICENSE.TXT.
System requirements
Information about the system requirements for Lotus Notes and Domino is
listed in the Release Notes.
Related information
In addition to the documentation that is available with the product, other
information about Notes and Domino is available on the Web sites listed
here.
xv
Table of conventions
This table lists conventions used in the Notes and Domino documentation.
Convention
Description
italics
monospaced type
file names
Title
Description
Upgrade Guide
Installing Domino
Servers
Administering the
Domino System,
Volumes 1 and 2
Administering Domino
Clusters
Description
Title
Description
Security
Chapter 37
Planning Security
This chapter includes information you need to know before setting up
security and provides lists to help you plan security at your organization.
37-1
Will more than one Domino domain be needed, or will the new
domain need to interact with existing domains?
Environmental destruction
Change control, through the use of the Domino Change Manager (or
you can build your own)
For more information on change control, see the chapter Using IBM
Tivoli Analyzer for Lotus Domino.
Security
Once you have your incident-handling plans in place, you will be better
able to determine your requirements for:
Domino logging
For more information on the Domino server and Web server logs, see the
chapter Using Log Files.
For information on backing up Domino, see the chapter Troubleshooting.
For more information on event monitoring, see the chapter Monitoring
the Domino Server.
Physical security
Physically securing servers and databases is equally as important as
preventing unauthorized user and server access. It is the first line of
defense against unauthorized or malicious users, by preventing them
from having direct access to your Domino servers. Therefore, we
strongly recommend that you locate all Domino servers in a ventilated,
secure area, such as a locked room. If servers are not physically secure,
unauthorized users might circumvent security features for example,
ACL settings and access applications directly on the server, use the
operating system to copy or delete files, or physically damage the server
hardware itself.
Physical network security concerns should also include disaster planning
and recovery.
Security
Network security
The goal for securing your network is to prevent unauthorized users
from gaining access to servers, users, and data. Physical network security
is beyond the scope of this book, but you must set it up before you set up
Notes and Domino connection security. Physical network security is
established through the use of devices such as filtering routers,
firewalls, and proxy servers that enable network connections for
various network services (such as LDAP, POP3, FTP, and STMP) that
you want to provide for your users. Network connection security access
is also controlled using these devices, as you can define what connections
can be accessed, and who is authorized to used them.
Properly configured, these devices prevent unauthorized users from:
Breaking through into the network and accessing the server via the
operating system and its native services (such as file sharing).
Server security
The Domino server is the most critical resource to secure and is the first
level of security that Domino enforces after a user or server gains access
to the server on the network. You can specify which users and servers
have access to the server and restrict activities on the server for
example, you can restrict who can create new replicas and use passthru
connections.
You can also restrict and define administrator access, by delegating
access based on the administrator duties and tasks. For example, you can
enable access to operating system commands through the server console
for system administrators, and grant database access to those
administrators who are responsible for maintaining Domino databases.
If you set up servers for Internet/intranet access, you should set up SSL
and name-and-password authentication to secure network data
transmitted over the network and to authenticate servers and clients.
For more information, see the topic Server security later in this chapter.
ID security
A Notes or Domino ID uniquely identifies a user or server. Domino uses
the information contained in IDs to control the access that users and
servers have to other servers and applications. One of the responsibilities
of the administrator is to protect IDs and make sure that unauthorized
users do not use them to gain access to the Domino environment.
For more information, see the topic Notes and Domino ID security
later in this chapter.
You can also secure Notes user IDs with Smartcards. Smartcards reduce
the threat of user ID theft, as a user who has a Smartcard needs their user
ID, their Smartcard, and their Smartcard PIN to access Notes.
For more information on Smartcards, see Lotus Notes 6 Help.
Application security
Once users and servers gain access to a Domino server, you can use the
database access control list (ACL) to restrict access that specific users and
servers have to individual Domino applications on the server. In
addition, to provide data privacy, encrypt the database with an ID so
unauthorized users cannot access a locally stored copy of the database,
sign or encrypt mail messages users send and receive, and sign the
database or template to protect workstations from formulas.
For more information on database ACLs, see the topic Application
security later in this chapter.
Application design element security
Although users may have access to an application, they may not have
access to specific design elements in the application for example,
forms, views, and folders. When designing a Domino application, an
application developer can use access lists and special fields to restrict
access to specific design elements.
For more information on securing design elements, see the topic
Application design element security later in this chapter.
Workstation data security
Notes users may keep and use important applications and information
on their workstations. This information can be protected through the use
of an execution control lists (ECL), which defines the access that active
content from other users has to the user workstation.
For more information on execution control lists, see the topic
Workstation data security later in this chapter.
Security
Getting started
You need to develop a set of security documentation for your
organization. There are four basic types of security documents needed
for any security implementation:
Policies are the driving documents for the business. These are
typically high level statements about the security needs of the
business. Your organization probably already has policy documents
for the organization as a whole. You build and, if necessary, expand
on these to develop the security policies for your Domino
environment.
Standards are established rules on what will and will not happen in
an enterprise. Audits may cover all four types of documents, but the
auditor will really focus on the standards set down by a company.
Standards typically cover things like minimum password strength,
password expiration intervals, server operating systems and physical
environments, Internet and dial-in access controls, background
checks for administrators, and auditing requirements.
Role
Responsibility
CEO
CIO / CTO
Security officer
IT Department
HR / Training
Legal
Documentation experts/
technical writers
Security
Server security
Application security
Workstation security
Security
Database managers
Database managers are responsible for one or more Lotus Notes
databases or database applications. A major responsibility of a database
manager includes managing database access control lists (ACLs). Some
organizations will use the concept of a database owner for management
of sensitive data.
Server security
To secure Domino servers, you allow and prevent user and server access.
In addition, you restrict the activities that users and servers may perform
on the server.
Task
Use
Choose an internal or
external Internet
certificate authority
Cross-certify Notes
Allow Notes users and Domino servers in different
user IDs and Domino
hierarchically certified organizations to ascertain the
server and certifier IDs identity of users and servers in other Notes
organizations.
Allow or deny access to Specify which Notes users, Internet clients, and
a server
Domino servers are authorized to access the server.
Allow anonymous
server access
Allow anonymous
Determine whether Internet/intranet users are
Internet/Intranet client allowed to access the server anonymously.
access
Secure the server with
name-and-password
authentication
Enable session-based
authentication
Controlling the level of Specify the level of refinement that the server should
authentication for Web use when searching for names and authenticating
clients
Web users.
Limit access to create
new databases,
replicas, or templates
Control access to a
servers network port
Use
Encrypt servers
network port
Restrict administrator
access
Restrict passthru access Specify which Notes users and Domino servers can
access the server as a passthru server and specify the
destinations they may access.
Restrict server access
by browser users
running Java or
JavaScript programs
Use S/MIME
Prevent relaying
through MTA
Authenticate Internet
clients using a
secondary Domino
Directory or LDAP
directory
Authenticate Web
clients for a specific
realm
Security
Task
Task
Use
Application security
Restrict access to Domino applications to prevent unauthorized users
from gaining access to information.
Task
Use
Encrypt applications
Electronically sign mail messages Verify that the person who sends the
message is the author and that no one has
tampered with the data.
Use
Create Readers and Authors fields Specify which Notes and Internet/intranet
users can create, modify, or read specified
documents
Create signed fields
Security
Use
Recover lost or damaged IDs Regain access to a user ID file instead of issuing
a new ID
Set up a security settings
policy document
Use
Security policies
Domino policies are a way of distributing administrative settings,
standards, and configurations to users, groups, or entire organizations. A
policy is a collection of administrative settings that addresses an
administrative area, such as security. You then use this document to
establish and enforce administrative standards, and to distribute them
throughout the organization. In addition, you can easily modify and
maintain standards across an organization by simply editing a settings
document.
You can set up a security settings document to manage and deploy
execution control lists (ECLs) and Notes and Internet password settings
and synchronization. As these two areas of security are user-specific and
are frequently changed by users, you can use a security policy to enforce
settings for these areas across the organization, and control the extent to
which users can adjust or change these settings.
For more information, see the chapter Using Policies.
Planning Security 37-17
Security
Domino certifier
Security
Security
Chapter 38
Controlling Access to Domino Servers
This chapter includes information on setting up a Domino server to allow
users and other servers to access it.
2. Randi sends Mail-E information in her user ID. Mail-E reads Randis
user ID for the certificate issued by Acme to East. Mail-E uses the
Acme public key, which it now trusts, to verify that the East
certificate is valid. According to the second rule above, if the
certificate is valid, Mail-E trusts the public key assigned to East.
3. Mail-E then reads Randis user ID for the certificate issued by
East/Acme to Marketing. Mail-E uses the East/Acme public key to
verify that the Marketing/East/Acme certificate is valid. Again, the
second rule states that Mail-E now trusts the public key assigned to
Marketing/East/Acme.
4. Mail-E reads Randis user ID for the certificate issued by
Marketing/East/Acme to Randi. Mail-E uses the
Marketing/East/Acme public key, which it now trusts, to verify that
Randis certificate is valid. According to the third rule above, if the
certificate is valid, Mail-E trusts the public key assigned to Randi.
5. After Mail-E establishes trust of Randis public key, the
authentication process begins.
6. Mail-E sends a random number challenge to Randi.
7. Randis workstation encrypts the challenge with her private key and
sends the newly encrypted number back to Mail-E.
8. Mail-E uses Randis public key to decrypt the response. If this yields
the original challenge, Mail-E knows Randi is who she claims to be.
9. The process is then reversed. Randis workstation validates Mail-Es
public key by processing Mail-Es certificates and then uses the
challenge/response procedure just described to authenticate the
server.
Server access for Notes users, Internet users, and Domino servers
To control user and server access to other servers, Domino uses the
settings you specify on the Security tab in the Server document as well as
the rules of validation and authentication. If a server validates and
authenticates the Notes user, Internet user, or server, and the settings in
the Server document allow access, the user or server is allowed access to
the server.
Grant server access to users and servers who need to access resources
stored on the server. Deny access to prevent specified users and servers
from having access to all applications on the server.
For more information, see the topic Setting up Notes user, Domino
server, and Internet user access to a Domino server later in this chapter.
Security
Access settings in the Server document control server access for both
Notes and Internet users. By default, the Server access settings apply
only to Notes clients. You can enable these settings for each of the
Internet protocols through the Ports tab of the Server document.
server access, Domino does not record the names of users and servers in
the log file (LOG.NSF) or in the User Activity dialog box.
When users attempt to connect to a server set for anonymous access and
the server cant authenticate them, they see this message:
Server X cannot authenticate you because the servers Domino
Directory does not contain any cross-certificates capable of
authenticating you. You are now accessing the server anonymously.
You can also set up Internet clients to access servers anonymously. For
more information on setting up anonymous access for Internet/intranet
clients, see the chapter Setting Up Name-and-Password and
Anonymous Access to Domino Servers.
Network port access
Network port access allows or denies access to specified Notes users and
Domino servers, based on the network port they try to use. For example,
you can deny access to Alan Jones/Sales/East/Acme when he dials into
the server but allow access when he uses TCP/IP to connect to the server.
For more information, see the topic Controlling access to a specific
server port later in this chapter.
Frequent Users, *
Enter
Access server
Security
Field
Enter
Not access
server
Any of these:
Names of users, servers, and groups.
An asterisk, followed by a certificate name for
example, */Sales/East/Acme to deny access to all
users certified by a particular certifier.
An asterisk followed by the name of the view for
example, *($Users) to deny access to all names that
appear in a specific view in the Domino Directory.
Access time is quicker if you specify a group name
rather than a view name.
The default value for this field is blank, which means that
all names entered in the Access server field can access
the server.
Names entered in the Not access server field take
precedence over names entered in the Access server
field. For example, if you enter a group name in the
Access server field and enter the name of an individual
member of this group in the Not access server field, the
user will not be able to access the server.
Note An alternative way to deny Notes user access to a
server is to lock out an individual users ID from the
server.
Separate multiple names with a comma or semicolon.
Trusted
servers
After you set up basic access for Notes users and Domino servers, you
can customize access to restrict specific users and servers to specific
activities. To customize access to a server, you can do any of these:
Security
3. Choose Actions - Set Password Fields, and then click Yes when
prompted to continue.
4. In the Check Notes password field, select Lockout ID, and then
click OK.
5. Click the Configuration tab, open the Server document for the server
to which you want to deny user access, and then click the Security
tab.
6. In the Security Settings section, select Enabled for the Check
passwords on Notes IDs field.
7. Repeat Step 4 for each server to which you want to deny the user
access.
You do not need to list a user individually in each field. Adding a user to
the highest level of administrator access automatically grants that user all
privileges listed for more restricted access levels below in the hierarchy.
To restrict administrator access
1. From the Domino Administrator, click the Configuration tab, and
open the Server document.
2. Click the Security tab.
3. In the Administrators section, complete one or more of these fields,
and then save the document.
Action
Security
For all of these fields, you can specify individual hierarchical names,
groups, and wildcards (for example, */Sales/Acme). Separate
multiple entries with commas.
Field
Action
Full remote
Enter the names of administrators who can use the remote
console
console to issue commands to this server.
administrators
Enter the names of administrators who can use the remote
View-only
administrators console to issue only those commands that provide system
status information, such as SHOW TASKS and SHOW
SERVER
View-only administrators cannot issue commands that
affect the servers operation.
Enter the names of administrators who are allowed to
System
administrators issue a full range of operating system commands to the
server.
The type and range of commands depends on the server
operating system. For example, if the Domino server is an
NT server, then these administrators can issue NT
commands at the system command level prompt.
Similarly, administrators for a UNIX server would be able
to issue UNIX commands.
Note This feature requires that you run the Domino
server controller on the server machine. For more
information, see the topic The Server Controller and
Domino Console in the chapter Setting Up and Using
Domino Administration Tools.
Enter the names of administrators who are allowed to
Restricted
issue only the operating system commands that are listed
system
administrators in the Restricted System Commands field (see below).
Note This feature requires that you run the Domino
server controller on the server machine. For more
information, see the topic The Server Controller and
Domino Console in the chapter Setting Up and Using
Domino Administration Tools.
Restricted
system
commands
Action
Administer the
server from a
browser
(pre-Domino 6
servers only)
All the rights as listed for all administrator access levels (see above).
Manager access, with all roles and access privileges enabled, to all
databases on the server, regardless of the database ACL settings.
Manager access, with all roles and access privileges enabled, to the
Web Administrator database (WEBADMIN.NSF).
The ability to create agents that run in unrestricted mode with full
administration rights.
Security
Field
Leave the Full Access Administrator field empty. Add the name of a
trusted individual for emergency situations, and remove it when the
situation has been resolved.
Security
Allow_Access_portname = names
Deny_Access_portname = names
where portname is the name of the port, and names is a list of users,
servers, and groups to whom you want to deny or allow access.
These names must be contained in the Domino Directory.
Field
Action
Create replica
databases
Security
Field
Action
Create master
templates
Field
Action
Allowed to use
monitors
Not allowed to
use monitors
Security
3. In the Server Access section, complete one or both of these fields, and
then save the document:
Action
Access this
server
Action
Route through
Cause calling
Security
Field
Field
Action
Destinations
allowed
Field
Action
Run unrestricted
methods and
operations
Sign agents to run Enter the names of users and groups who are allowed to
on behalf of
sign agents that will be executed on anyone elses
someone else
behalf. The default is blank, which means that no one
can sign agents in this manner.
This privilege should be used with caution, as the name
for whom the agent is signed on behalf of is used to
check ACL access.
Sign agents to run
on behalf of the
invoker of the
agent
Security
Field
Action
Run restricted
Enter the names of users and groups allowed to run
LotusScript/Java agents created LotusScript and Java features, but
agents
excluding privileged methods and operations, such as
reading and writing to the file system. Leave the field
blank to deny access to all users and groups.
Run simple and
formula agents
Sign script
libraries to run on
behalf of someone
else
Action
Run restricted
Enter the names of authenticated browser users
Java/JavaScript/COM and/or groups allowed to run server programs
created with a specific set of Java and JavaScript
features.
Leave the field blank (default) to deny access to all
users and groups.
Run unrestricted
Enter the names of authenticated browser users
Java/JavaScript/COM and/or groups allowed to run server programs
created with all Java and JavaScript features.
Leave the field blank (default) to deny access to all
users and groups.
Web realms
Use the server without a mouse, and keep the keyboard locked.
Use the Local Security option to encrypt databases on the server with
the server ID. Then people at the server can access databases only if
they have access to the server ID that was used to encrypt the
databases.
Use operating system features to secure data files and lock keyboard
access. For more information, see your operating system
documentation.
Security
Have the Domino server workstation on, but do not launch the
Domino server software.
Caution If you do not modify the servers NOTES.INI file to include the
PKCS11_Library variable, when you try to launch the Domino server, it
will shut down and return a Login aborted by user error.
1. On the Domino server workstation, install a Smartcard reader and
Smartcard driver files.
2. On a Notes client workstation, install a Smartcard reader and the
same Smartcard driver files as you installed on the Domino server.
This workstation will be used to configure the Smartcard for the
server.
3. Copy the server.id from the Domino server onto a diskette. Insert the
diskette into the Notes workstation.
4. Launch the Notes client with a User ID from the domain for which
the server has a certificate.
5. Place the Smartcard designated for the server into the card reader of
the Notes client. If required, enter the Smartcard PIN.
38-24 Administering the Domino System, Volume 2
Security
Security
Chapter 39
Protecting and Managing Notes IDs
This chapter describes how to control access to Domino server and Notes
user IDs.
The owners name. A user ID file may also contain one alternate
name. A certifier ID may contain multiple alternate names.
A private key. Notes uses the private key to sign messages sent by
the owner of the private key, to decrypt messages sent to its owner,
and, if the ID belongs to a certifier, to sign certificates.
39-1
Certificates
A certificate is a unique digital signature that identifies a user or server.
Server and user IDs contain one or more Notes certificates. In addition,
user IDs may contain one or more Internet certificates that identify users
when they use SSL to connect to an Internet server or send a signed
S/MIME mail message.
A certificate contains:
The name of the user or server to whom the certificate was issued.
A public key that is stored in both the Domino Directory and the ID
file. Notes uses the public key to encrypt messages that are sent to
the owner of the public key and to validate the ID owners signature.
A digital signature.
Issued to
/Sales/East/Acme (International)
Alan Jones/Sales/East/Acme
Alan Jones/Sales/East/Acme
/East/Acme
/Sales/East/Acme
/Acme
/East/Acme
/Acme
/Acme
CN=AcmeCA/OU=East/O=Acme/L= EMAIL=alan_jones@acme.com/CN=
Cambridge/ST=Massachusetts/C=US AlanJones/OU=East/O=Acme/L=
Cambridge/ST=Massachusetts/C=US
To view certificates
1. From the Domino Administrator, click Configuration - Certification.
2. Click ID Properties.
3. Choose the ID file to view.
4. Enter the password and click OK.
Security
Password-protection features
Password quality
When you register a user or server or create a certifier ID, you use a scale
of 0 to 16 to specify the level of password quality you want enforced for
the ID. The higher the level, the more complex the password and,
therefore, the more difficult it is for an unauthorized user to guess the
password. For optimal security, specify a password quality level of at
least 8.
The password quality level you assign is enforced when you enter a
password for new IDs or when users change the password for an existing
ID. When users change their passwords, Notes displays information
about the password quality level required by the ID file. Users must
enter a password that meets the criteria for the level; otherwise, they are
not allowed to change the password.
39-4 Administering the Domino System, Volume 2
Security
Multiple passwords
To provide tighter security for certifier and server IDs, assign multiple
passwords to those IDs. Using multiple passwords requires that a group
of administrators work together to access an ID. For example, this feature
is useful when you want to avoid giving authority for a certifier ID to one
person. You can specify that only a subset of the assigned passwords be
required to access the ID. For example, you can assign four passwords to
the ID but require that only any two of the four passwords be entered to
gain access to the ID. Requiring only a subset of the passwords allows
administrators to access the ID, even when all of the administrators are
not available.
Note User IDs can also be secured with multiple passwords.
For more information on multiple passwords, see the topic Assigning
multiple passwords to server and certifier IDs later in this chapter.
ID file recovery
If you have ID recovery in place, when a user loses an ID file or forgets
the password to the ID file, a group of administrators can work together
to recover the ID file. Losing an ID file normally prevents users from
accessing servers and reading messages and other data that they
encrypted with the ID. Using the ID file recovery feature, administrators
can prevent this loss of access and prevent unauthorized users from
illicitly recovering IDs.
For more information on ID file recovery, see the topic ID file recovery
later in this chapter.
Using a Smartcard to secure a Notes ID
When using Smartcards to log into Notes, users are essentially locking
and unlocking their user IDs. The advantage of using a Smartcard with
Notes is that the users Internet private keys can be stored on the
Smartcard instead of on the workstation. Then users can take Smartcards
with them when they are away from their computers. For both regular
and roaming users, Smartcards increase user ID security.
Caution In order for Notes users to set up Smartcards, you must disable
password checking, change/grace intervals and expiration in the users
Person document. Otherwise, Smartcard users will eventually be locked
out.
For more information on how Notes users can use Smartcards, see Lotus
Notes 6 Help.
When creating passwords for user, server, or certifier IDs, you need to
understand the criteria by which Domino measures password strength
and security. Domino measures this criteria according to the level
assigned on its password quality scale. The scale assigns a minimum
level of quality to the password on an ID file. Domino bases the
password quality on the number and variety of characters in the
password.
The algorithm used to calculate password quality is used to enforce the
selection of passwords that are sufficiently complex to meet the
password quality scale level chosen to protect user ID files. When a user
is registered, the users ID file contains a password strength value. This
setting is enforced if the user changes the password.
The scale ranges from 0 (weakest no password required) to 16
(strongest). A quality of 1 indicates that any password satisfies the
criteria. Domino defines default levels for certifier, server, and user
password quality. You should change these defaults to meet your
organizations security criteria. You can set the defaults in a security
settings policy document, in Administration Preferences, or in the
registration or certification dialog boxes.
Password strength is not the same as password length. Not all passwords
of equal length have equal strength in the password quality scale. For
example, the 8-character word password (because it is a word) and the
8-character word 1168Acme (because it contains numbers and
alphabetic characters) do not carry the same level of character complexity
and do not have equal strength on the quality scale.
Password quality scale Description
Example
None.
Password is optional.
b, 3
2-6
Allow a weak
password, even
though you might be
able to guess it by trial
and error.
password, doughnut
(password quality scale 3)
lightferret, b 4D (password
quality scale 6)
7-12
Require a password
that is difficult to
guess, but might be
vulnerable to an
automated attack.
pqlrtmxr, wefourkings
(password quality scale 8)
continued
Security
Example
13-16
4891spyONu (password
quality scale 13)
lakestreampondriverocean,
stRem2pO() (password quality
scale 15)
stream8pond1river7lake2ocean
(password quality scale 16)
Require a strong
password, even
though the user may
have difficulty
remembering it.
Set a default value for all Password Quality Scale fields so that all
passwords assigned to servers, users, and certifier IDs in your
organization have appropriate levels of complexity.
If a user has multiple ID files, the user change the password in each of
them to match the new password. You cannot use password verification
on ID files that contain multiple passwords.
Each time a user changes a password, the user must specify a unique
password. Notes keeps a record of up to 50 passwords that have been
previously used. If you enable password history checking (through the
use of a security settings document), you can configure the number of
new passwords that must be used before a given password can be
reused.
An expired password doesnt prevent a user from reading encrypted
mail or creating new signed documents on local replicas; however,
without specifying a new password, users cannot access databases on
servers.
Note that password verification during authentication will not work for
Internet users because they do not have Notes user IDs (unless their
Notes and Internet passwords have been synchronized).
Caution Do not enable password expiration for users whose ID files are
locked with Smartcards. Otherwise, it is possible that a users ID could be
locked out until the password digest can be cleared.
Security
unauthorized user could use an ID and password even after the user
changed the password on the ID, since, by default, the password is used
only to decrypt the ID file and is not verified against the password stored
in the Domino Directory. If you set up password verification, require
users to change the passwords on their IDs on a regular basis. As the
time for the required password change approaches (after two-thirds of
the current change interval has passed, but at a minimum of two days
remaining), a prompt appears to remind the user to change the
password. When users change the password, the current ID and Person
document are updated with the new password.
The first time the user logs onto a server that requires password
verification, the Administration Process generates a Change User
Password in Domino Directory request in the Administration Requests
database. This request enters a corresponding password digest in the
Password digest field in the Administration section of the Person
document. It also records the date the user provided the password in the
Last change date field in the Administration section of the Person
document. To authenticate with servers that are enabled for password
verification, the user must provide the password that corresponds to the
digest.
From then on, when a user changes a password, the Administration
Process generates a new Change User Password in Domino Directory
request in the Administration Requests database. This request updates
the Password digest and Last change date fields in the Person document.
Note that if you modify the change interval or grace period after you
enable password verification, the Administration Process must update
the fields in the Person document and then user must change the
password for the change to take effect.
For information on the Administration Process, see the chapter Setting
Up the Administration Process.
You can enable password verification through the use of a security policy
settings document, which allows you to enable this feature for multiple
users, or you can enable password verification on an individual basis
through the Domino Directory. You can also choose to lock out a users
ID, which prevents the user from logging into the server.
For more information on the security policy settings document, see the
chapter Using Policies.
To enable password verification for individual users
1. Make sure that:
The Administration Process is set up on the server
You have at least Author access and the UserModifier role in the
Domino Directory.
Password verification is enabled on the servers with which these
users authenticate.
2. From the Domino Administrator, click People & Groups.
3. Select each Person document for which you want to enable password
checking.
4. Choose Actions - Set Password Fields, and then click Yes to continue.
5. In the Check Notes Password field, select Check password.
6. Complete these fields, and then click OK:
Field
Action
Required change
interval
Allowed grace
period
Security
Security
ID recovery
To recover from loss of, or damage to, an ID file, recommend to your
users that they keep backup copies of their ID files in a secure place
for example, on a disk stored in a locked area. Losing or damaging an ID
file or forgetting a password has serious consequences. Without an ID,
users cannot access servers or read messages and other data that they
encrypted with the lost ID. To prevent problems that occur when users
lose or damage ID files or forget passwords, set up Domino to recover ID
files.
Ideally, you should designate several administrators who will act as a
group to recover IDs and passwords. Although you can designate a
single administrator to manage ID recovery, you should consider having
two or more administrators work together to recover ID files.
Designating a group of administrators helps to prevent a breach of
security by one administrator who has access to all ID files. When you
designate a group of administrators, you can specify that only a subset of
them be present during the actual ID recovery. For example, if you
designate five administrators for ID recovery but require only three
administrators to unlock the ID file, any three of the five can unlock the
ID file. Designating a group of administrators and requiring only a
subset also prevents problems that occur if one administrator is
unavailable or leaves the company.
Security
Before you can recover ID files, an administrator who has access to the
certifier ID file must specify recovery information, and the ID files
themselves must be made recoverable. There are three ways to do this:
Before users can recover their ID files, you must set up a centralized mail
or mail-in database to store encrypted backups of ID files and specify
information about which administrators known here as recovery
authorities are allowed to recover IDs. You must perform these steps
before anyone loses or corrupts an ID ideally before you begin
registering users.
1. From the Domino Administrator, click Configuration, and then click
Certification.
2. Click Edit Recovery Information.
3. In the Choose a Certifier dialog box, click Server and select the
registration server name from the Domino Directory (only if the
correct server name does not appear).
4. Choose the certifier for which you are creating recovery information.
If you are using a server-based certification authority, click Use
the CA process and select a certifier from the drop-down list.
You must be a Certificate Authority (CA) administrator for the
certifier in order to change ID recovery information.
If you are not using a server-based certification authority, click
Supply certifier ID and password. If the certifier ID path and file
name does not appear, click Certifier ID and select the certifier ID
file and enter the password.
5. Click OK. The Edit Master Recovery Authority List dialog box
appears.
6. Enter the number of recovery authorities that are required to recover
an ID file. It is recommended that you choose at least three.
7. Click Add and select the names of the administrators who are the
designated recovery authorities.
8. Choose whether you want to use an existing mailbox for recovery
information or create a new one.
If you have a mail or mail-in database already set up for recovery
information, click I want to use an existing mailbox. Click
Address and select the database from the Domino Directory.
If you want to create a new database to store recovery
information, click I want to create a new mailbox. In the Create
New Mailbox dialog box, enter the name of the server on which
the database is to be created, and the database title. You can use
the file name that is created from the database title, or you can
create a new one.
Security
Setting up ID recovery
Note Whenever you make changes in this dialog box, the Export
button is disabled. You cannot export recovery information until you
save the new or updated information.
9. Click OK.
10. If you are using a server-based certification authority, at the server
console type:
load ca
4. Choose the certifier for which you are creating recovery information.
If you are using a server-based certification authority, click Use
the CA process and select a certifier from the drop-down list.
If you are not using a server-based certification authority, click
Supply certifier ID and password. If the certifier ID path and file
name do not appear, click Certifier ID and select the certifier ID
file and enter the password.
5. Choose Export, and then enter the certifier IDs password.
6. Complete these fields, and then click Send:
Field
Enter
To
Names of users and groups whose ID files you want to back up.
CC
Subject
Information for users and groups that will appear in the Subject
field of the message. If this field is blank, Notes uses the
following text:
New ID file recovery information is attached. Please add it to
your ID file by using the Actions menu Accept Recovery
Information option.
Memo
Information for users and groups that will appear in the Body
field of the message. Domino automatically attaches the
encrypted backup file information to the message you do not
need to specify it in this field.
Security
3. In the Choose a Certifier dialog box, if the correct server name does
not appear, click Server and select the registration server name from
the Domino Directory.
Enter
To
Name of the mail or mail-in database that will store the backup
copy of your ID. Domino enters the name of the database
specified by your administrator.
CC
Subject
Memo
Recovering an ID
If a user loses or damages an ID file or forgets a password, the user can
work with administrators to recover the ID file from backup.
To recover a user ID from a backup ID
The user completes these steps.
1. If you have recovery information set up for your user ID, contact
your administrator to obtain the password(s) needed to recover your
ID. The recovery password is randomly generated and unique to
each recoverable ID file and administrator.
Note If you do not have access to your user ID file, contact your
administrator, who can provide you with an encrypted backup of
your user ID. Once you have the backup user ID, continue with the
following steps.
2. When you first log in to Notes and the Password dialog box appears,
do not enter your password. Just click OK.
3. Click Recover Password in the Wrong password dialog box.
39-20 Administering the Domino System, Volume 2
Enter a new password for your user ID, and confirm the password
when prompted. Note that if you do not enter a new password, you
will need to recover your user ID again.
7. Replace all backups and copies of your user ID file with the newly
recovered user ID file.
To obtain the ID file recovery password
For security reasons, the administrators must complete these steps from
their own workstations, rather than from the same workstation. Using
separate workstations prevents an unauthorized user from using a
program to capture the keystrokes that the administrators enter on the
same workstation. If an unauthorized user obtains an administrators ID
file and password, the unauthorized user can obtain the administrators
recovery password for all ID files. Therefore, you must protect the
administrators ID file and require that multiple administrators work
together to recover any given user ID file.
1. Detach the encrypted backup of the users ID file from the mail or
mail-in database to the local hard drive.
2. If the users ID file is damaged, send a copy of the ID file from the
centralized mail or mail-in database to the user.
3. From the Domino Administrator, click the Configuration tab, and
choose Certification - Extract Recovery Password.
4. Enter the password to the administrators ID file.
5. Specify the ID file you want to recover. This is the same ID you
detached in Step 1.
6. Give the user the recovery password that is displayed.
Security
Security
The user creates the new public key and submits it for certification.
The user merges the new certificate into the users ID file.
Security
4. In the Mail, Copy Certificate (Public Key) dialog box, click Mail
Certificate.
5. Address the request to the person who will paste the key into a
Domino Directory or Personal Address Book.
6. (Optional) Next to CC, type the name of any other people you want
to notify of the request.
7. (Optional) Click Sign to prove you are the sender of the ID.
8. (Optional) Click Encrypt to protect the message as it is being sent to
the recipient.
9. Click Send.
To copy a public key to a file
1. Choose File - Security - User Security.
2. Select the ID and enter the password.
3. Click Your Identity - Your Certificates - Other Actions. Choose
Publish (Mail, Copy) Certificate.
4. In the Publish (Mail, Copy) Certificate dialog box, click Copy
Certificate and click OK to copy the key to the clipboard.
5. Save the contents of the clipboard to a file.
6. Deliver the file by hand or postal service to someone to paste into a
Domino Directory or Personal Address Book.
To paste the public key into a Personal Address Book
1. In your Personal Address Book, create a Contact document for the
owner of the public key.
2. Click the Advanced tab, and then use the clipboard viewer to open
the file or mail message that contains the public key.
3. Copy the public key from the clipboard and paste it into the
Certified public key field of the Contact document.
4. Save the document.
To paste the public key into a Domino Directory
1. From the Domino Administrator, do one of the following:
a. Click the People & Groups tab and edit the Person document.
b. Click the Configuration tab and edit the Server document.
2. Click Certificates - Flat Name Key in the Person document, or click
Administration in the Server document.
3. Use the clipboard viewer to open the file or mail message that
contains the public key.
Notes cross-certificates
To allow users and servers from the different hierarchically-certified
organizations to access servers in the other organization, and to verify
the digital signature of a user from another organization, you use
cross-certificates. Domino servers store cross-certificates in the Domino
Directory. To access Domino servers, Notes clients obtain
cross-certificates for those servers and store them in their Personal
Address Books. These cross-certificates can be used only by the user to
whom they are issued.
For example, if Alan Jones/Sales/East/Acme wants to access the
Support/Seascape server, he needs a cross-certificate from /Seascape,
and the Support/Seascape server needs a cross-certificate for
/Sales/East/Acme. When Alan tries to authenticate with the
Support/Seascape server, it checks for the cross-certificate in Alans
Personal Address Book. If Support/Seascape finds a valid
cross-certificate, the server then checks whether Alan is allowed to access
the server.
Cross-certification can occur at various levels of an organization. For
example, to allow every user within one organization to authenticate
with every server in another, each user has a cross-certificate for the
others organization certifier in the Personal Address Book. Servers in
each organization have a cross-certificate for the others organization
certifier in the Domino Directory. Cross-certification can also occur at the
Protecting and Managing Notes IDs 39-27
Security
4. Copy the public key from the clipboard, and paste it into one of the
following fields:
Internet cross-certificates
An Internet cross-certificate is a certificate that validates the identity of a
user or server. An Internet cross-certificate ensures the recipient of an
encrypted S/MIME message that the senders certificate can be trusted
and that the certificate used to sign an S/MIME message is valid. It also
validates the identity of a server when a Notes client uses SSL to access
an Internet server.
An Internet cross-certificate is stored in a Certificate document in the
users Personal Address Book and can be used only by the user to whom
it is issued. An Internet cross-certificate can be issued for a leaf certificate
that is, a certificate issued to a user or server by a CA or the CA
itself. Creating a cross-certificate for a leaf certificate indicates trust for
only the owner of the certificate for example, the sender of the signed
message or recipient of an encrypted message. A cross-certificate for a
CA indicates trust for all owners who have a certificate issued by that
CA. If you cross-certify a CA, you trust the CA to issue certificates to
users and servers lower in the hierarchical name tree. For example, after
cross-certifying Sales/ABC, you trust Sales/ABC to issue a certificate to
Fred/Sales/ABC. Alternatively, after creating a cross-certificate for
Fred/Sales/ABC, you trust only Fred/Sales/ABC.
Accessing a server
If a user attempts to access a server in a foreign domain, and the user
does not already have a certificate in common with the domain, a dialog
box gives the recipient the option to add the cross-certificate on
demand. Users can add a Notes cross-certificate this way. This is
usually the quickest and easiest way for a user to obtain a
cross-certificate.
For more information, see the topic Adding a Domino or Internet
cross-certificate on demand in this chapter.
Security
By phone
Users can add a cross-certificate by providing the name and public key of
the certificate by phone. Users can use this method to add a Notes
certificate only.
For more information, see the topic Adding a Notes cross-certificate by
phone later in this chapter.
Security
Examples of cross-certification
Enter
Certifier
Server
Subject
name
Subject
alternate
name list
Security
5. Click Cross Certify. Domino places the cross-certificate in the Server Certificates view of the Domino Directory of the server you specified
in Step 4 or in the Advanced/Certificates view of the Personal
Address Book.
Enter
Certifier
Server
Subject name
Subject alternate An alternate name that identifies the certifier ID. Alternate
name list
names allow you to assign more than one name to an ID,
which is recognizable in a users native language.
Expiration date Date when the cross-certificate will expire
Protecting and Managing Notes IDs 39-35
Security
7. Click Cross Certify. Domino places the cross-certificate in the Server Certificates view of the Domino Directory of the server you specified
in Step 6.
Enter
Subject name
Certifier
Server
Enter
Certifier
Server
Subject name
Subject alternate
name list
Expiration date
5. Repeat Steps 3 and 4 for every user for whom you want to create
cross-certificates.
Security
5. Click Cross Certify. Domino places the cross-certificate in the Server Certificates view of the Domino Directory of the server you specified
in Step 5.
Enter
Certifier
Server
Subject name
4. Repeat Steps 2 and 3 for every certifier for which you want to create
cross-certificates.
Displaying cross-certificates
To view cross-certificates, from the Domino Administrator, click the
Configuration tab and choose the Certificates/Certificates view. The
view lists certificates according to type:
Internet certifiers
Notes certifiers
Notes cross-certificates
Internet cross-certificates
Security
Chapter 40
Controlling User Access to Domino Databases
To control the access that users and servers have to a database, you can
customize the database access control list (ACL) and specify other
security settings.
An access level
A user type
Roles
Note The database ACL should not be confused with other types of
ACLs used by Domino administrators. One such ACL is the extended
ACL, which is used only in the Domino Directory and the Extended
Directory Catalog to restrict access to specific documents and fields
within those databases. You must enable extended access to use this
feature. The other type of access control list is the .ACL file, which is
used by administrators to restrict user access to server directories.
-Default-
Anonymous
LocalDomainServers
OtherDomainServers
Of the default ACL entries, Anonymous and the database creators user
name are the only entries that are defined as a Person in the ACL.
Anonymous and -Default- are the only entries that are specific to a
database, and not related to an entry in the Domino Directory. For
example, LocalDomainServers is created automatically in the Domino
Directory, and added to the ACL when a database is created.
Anonymous is created as an ACL entry only when the database is
created.
-DefaultUsers and servers receive the access assigned to the -Default- entry if
they have not specifically been assigned another access level, either
individually or as a member of a group, or from a wildcard entry. In
addition, if the database ACL does not contain an entry for Anonymous,
then users accessing the database anonymously get the -Default- level of
access. The default access for -Default- depends on the design of the
database template and varies among the different templates.
Anonymous
Anonymous database access is given to Internet users and to Notes users
who have not authenticated with the server.
The default ACL entry for Anonymous for all database templates (.NTF
files) has an access level of Reader, so that users or servers can
successfully read from the template when creating or refreshing .NSF
files based on that template.
The default ACL entry for Anonymous for database (.NSF files) files is
No Access.
For more information about Anonymous access, see the topic
Acceptable entries in the ACL later in this chapter.
LocalDomainServers
The LocalDomainServers group lists the servers in the same domain as
the server on which the database is stored, and is provided by default
with every Domino Directory. When you create a new database, the
default access for LocalDomainServers is Manager. The group should
have at least Designer access to allow replication of database design
changes across the domain. The LocalDomainServers group is typically
given higher access than the OtherDomainServers group.
OtherDomainServers
The OtherDomainServers group lists the servers outside the domain of
the server on which the database is stored, and is provided by default
with every Domino Directory. When you create a new database, the
default access for OtherDomainServers is No Access.
Security
The access level you assign to the -Default- entry depends on how secure
you want the database to be. Select No Access if you want a database
available to a limited number of users. Select Author or Reader access to
make a database available for general use. The -Default- entry should
have a user type of Unspecified.
Wildcard entries
User, server, and group names (including user and group names of
Internet clients)
Alternate names
LDAP users
For more information about creating hierarchical name schemes, see the
chapter Installing and Setting Up Domino Servers.
*/Illustration/*/Acme/US
to represent these entries:
Michael Bowling/Illustration/West/Acme/US
Karen Richards/Illustration/East/Acme/US
When you use a wildcard ACL entry, set the user type as Unspecified,
Mixed Group, or Person Group.
User names
You can add to an ACL the names of any individuals with certified Notes
user IDs or Internet users who authenticate using name-and-password or
SSL client authentication.
For Notes users, enter the full hierarchical name for each user; for
example, John Smith/Sales/Acme, regardless of whether the user is
in the same hierarchical organization as the server that stores the
database.
For Internet users, enter the name that appears as the first entry in
the User name field of the Person document.
Note Many alias names can be entered in the user name field and
used for authentication; however, it is the first name in the list that is
used to perform the security authorization check. This is the name
that should be used on all Domino database ACLs, in the security
settings on the Server document, and in .ACL files.
Security
You can use a wildcard only at the leftmost portion of the ACL entry. For
example, you cant use the entry:
LDAP Directory that has been configured for group authorization in the
Directory Assistance database.
Tip Use individual names rather than group names for the managers of
a database. Then when users choose Create - Other - Memo to Database
Manager, theyll know whom they are addressing.
Groups provide a convenient way to administer a database ACL. Using a
group in the ACL offers the following advantages:
If you need to change the access level for several users or servers,
you can do so once for the entire group.
Tip You can also use groups to let certain users control access to the
database without giving them Manager or Designer access. For example,
you can create groups in the Domino Directory for each level of database
access needed, add the groups to the ACL, and allow specific users to
own the groups. These users can then modify the groups, but they cant
modify the database design.
Terminations group
When employees leave an organization, you should remove their names
from all groups in the Domino Directory and add them to a Deny List
Only group used to deny access to servers. The Deny Access list in the
Server document contains the names of Notes users and groups who no
longer have access to Domino servers. You should also make sure that
the names of terminated employees are removed from the ACLs of all
databases in your organization. When you delete a person from the
Domino Directory, you have the option to Add deleted user to deny
access group, if such a group has been created. (If no such group exists,
the dialog box displays No Deny Access group selected or available.)
For more information on Deny List Only groups, see the chapter Setting
Up and Managing Groups.
For more information on the Deny Access list, see the chapter
Controlling Access to Domino Servers.
For more information about alternate names, see the chapter Setting Up
and Managing Notes Users.
LDAP users
You can use a secondary LDAP directory to authenticate Internet users.
You can then add the names of these Internet users to database ACLs to
control user access to databases.
You can also create groups in the secondary LDAP directory that include
the Internet user names and then add the groups as entries in Notes
database ACLs. For example, an Internet user may try to access a database
on a Domino Web server. If the Web server authenticates the user, and if
the ACL contains a group named Web, the server can look up the
Internet users name in the group Web located in the foreign LDAP
directory, in addition to searching for the entry in the primary Domino
Directory. Note that for this scenario to work, the Directory Assistance
database on the Web server must include an LDAP Directory Assistance
document for the LDAP directory with the Group Expansion option
enabled. You can also use this feature to look up the names of Notes users
stored in foreign LDAP directory groups for database ACL checking.
When you add the name of an LDAP directory user or group to a
database ACL, use the LDAP format for the name, but use a forward
slash (/), rather than a comma (,), as a delimiter. For example, if the
name of a user in the LDAP directory is:
uid=Sandra Smith,o=Acme,c=US
enter the following in the database ACL:
uid=Sandra Smith/o=Acme/c=US
To enter the name of a nonhierarchical LDAP directory group in an ACL,
enter only the attribute value, not the attribute name. For example, if the
nonhierarchical name of the LDAP group is:
cn=managers
in the ACL enter only:
managers
Controlling User Access to Domino Databases 40-7
Security
Alternate names
An alternate name is an optional alias name that an administrator assigns
to a registered Notes user. You can add alternate names to an ACL. An
alternate name provides the same level of security as the users primary
hierarchical name. For a user whose primary name is Sandra
Brown/West/Sales/Acme, an example of an alternate name format
would be Sandy Smith/ANWest/ANSales/ANAcme, where AN is an
alternate name.
ACL entry
Anonymous
Any user or server that accesses a server without first authenticating is
known by the name Anonymous at that server. Anonymous database
access is given to Internet users and to Notes users who have not
authenticated with the server.
Anonymous access is generally used in databases that reside on servers
available to the general public. You can control the level of database
access granted to an anonymous user or server by entering the name
Anonymous in the access control list, and assigning an appropriate level
of access. Typically you assign Anonymous users Reader access to a
database.
Anonymous
access
enabled in
database
ACL
Anonymous
not listed in
database
ACL
Security
The table below describes the different conditions for access that an
anonymous user would have to a database:
The Domino server uses the group name Anonymous solely for access
control checks. For example, if Anonymous has Author access in the
database ACL, the true name of the user appears in the Authors field of
those documents. The Domino server can display only the true name of
anonymous Notes users, but not of anonymous Internet users, in the
Authors field of the document. Authors fields are never a security
feature, regardless if anonymous access is used; if the validity of the
authors name is needed for security, then the document should be
signed.
Replica IDs
To allow an agent in one database to use @DbColumn or @DbLookup to
retrieve data from another database, enter the replica ID of the database
containing the agent in the ACL of the database containing the data to be
retrieved. The database containing the agent must have at least Reader
access to the database containing the data to be retrieved. Both databases
must be on the same server. An example of a replica ID in a database
ACL is 85255B42:005A8fA4. You can enter the replica ID in uppercase or
lowercase letters, but do not enclose it in quotation marks.
If you do not add the replica ID to the access control list, the other
database can still retrieve data if the -Default- access level of your
database is Reader or higher.
Order of evaluation for ACL entries
ACL entries are evaluated in a specific order to determine the access
level that will be granted to an authenticated user trying to access the
database. If a user fails to authenticate with a server, and the server
permits access anyway, access will be computed as though the users
name was Anonymous.
The ACL first checks the user name to see if it matches an explicit
entry in the ACL. The ACL checks all matching user names. For
example, Sandra E Smith/West/Acme would match the entries
Sandra E Smith/West/Acme/US and Sandra E Smith. In the event
that two different entries for an individual have different access
levels (for example, applied at different times by different
administrators), the user trying to access the database would be
granted the highest access level, as well as the union of the access
privileges of the two entries for that user in the ACL. This can also
happen if the user has alternate names.
Note If you enter only the common name in the ACL (for example,
Sandra E Smith), then that entry matches only if the users name and
the database server are in the same domain hierarchy. For example,
If no match is made on the user name, the ACL then checks to see if
there is a group name entry that can be matched. If an individual
trying to access the database happens to match more than one group
entry for example, if the person is a member of Sales and there are
two group entries for Sales - Acme Sales and Sales Managers then
the individual is granted the highest access level, as well as the union
of the access privileges of the two entries for that group in the ACL.
Note If the user matches an explicit entry in the ACL, and is a
member of a group that is also listed in the ACL, then the user
always gets the level of access assigned to the explicit entry, even if
the group access level is higher.
If no match is made on the group name, the ACL then checks to see if
there is a wildcard entry that can be matched. If the individual trying
to access the database happens to match more than one wildcard
entry, the individual is granted the highest access level, as well as the
union of the access privileges of all of the wildcard entries that
match.
Security
Security
Users may still have access to a database by running agents with the
Unrestricted with Full Access privilege, even if they are not listed
in the database ACL. This privilege bypasses the ACL and reader
lists.
This table shows the user access levels, listed from highest to lowest.
Access level Allows users to
Assign to
Manager
Designer
A database designer
and/or the person
responsible for future
design updates.
Editor
Create documents.
Edit all documents, including those
created by others.
Read all documents unless there is a
Readers field in the form. If an editor is
not listed in the Readers field, the user
with Editor ACL access cannot read or
edit the document.
Author
Assign to
Reader
Depositor
No Access
Security
Optional privileges
Manager
Create documents
Create private agents
Create personal folders/views
Create shared folders/views
Create LotusScript/Java agents
Read public documents
Write public documents
Delete documents
Replicate or copy documents
Designer
Create documents
Create private agents
Create personal folders/views
Create shared folders/views
Read public documents
Write public documents
Delete documents
Create LotusScript/Java agents
Replicate or copy documents
Editor
Create documents
Read public documents
Write public documents
Delete documents
Create private agents
Create personal folders/views
Create shared folders/views
Create LotusScript/Java agents
Replicate or copy documents
Author
Create documents
Delete documents
Create private agents
Create personal folders/views
Create LotusScript/Java agents
Write public documents
Replicate or copy documents
Reader
Optional privileges
Depositor
Create documents
No Access None
Create documents
Select this privilege for all users with Author access. If you deselect this
privilege to prevent Authors from adding any more documents, they can
continue to read and edit documents theyve already created.
Delete documents
Authors can delete only documents they create. If this privilege is
deselected, an author cant delete documents, no matter what the access
level. If the form contains an Authors field, Authors can delete
documents only if their name, or a group or a role that contains their
name, appears in the Authors field.
Security
A user type identifies whether a name in the ACL is for a person, server,
or group. When you assign a user type to a name, you specify the type of
ID required for accessing the database with that name. The user types are
Person, Server, Mixed Group, Person Group, Server Group, and
Unspecified. The -Default- group in the ACL is always assigned
Unspecified as the user type. If you have added Anonymous to the ACL,
then it should have a user type of Unspecified.
User types provide additional security for a database. For example,
assigning the Person user type to a name other than unspecified
prevents an unauthorized user from creating a Group document with the
same person name, adding his or her name to the group, and then
accessing the database through the group name.
Designating a name as a Server or Server Group prevents a user from
using the server ID at a workstation to access a database on the server. Be
aware, though, that designating a name as a Server or Server Group is
not a foolproof security method. It is possible for a user to create an
add-in program that acts like a server and uses a server ID to access the
server database from a workstation.
Instead of assigning a user type to each name, you can automatically
assign a user type to all unassigned names in the ACL. The user type
assigned to each name is determined by the Domino Directory entry for
that name. Using this method, a group is always designated as Mixed
Group, and not as a Person Group or a Server Group. To assign a
Person Group or Server Group to a name, you must select the name
and manually assign that user type.
You can assign user types to entries in multiple database ACLs, or you
can have the server automatically assign user types to unspecified entries
in a single database ACL.
Security
6. On the Advanced panel of the ACL dialog, click Lookup User Types
for Unspecified Users.
The server uses the Domino Directory to look up each entry in the ACL
and assign a user type of Person, Server, or Mixed Group. If it cannot
find a match in the Directory, then the entry in the ACL will be left as
Unspecified.
An Authors field
Sections
View properties
Folder properties
Form properties
Form properties
Security
Security
Have Manager access in the database ACLs of all the databases you
want to modify.
Set the Maximum Internet name & password access option on the
Advanced panel of the Access Control List dialog box to Manager on
all the databases you want to modify, if you are not using SSL with
X.509 client certificates. This option is set to Manager by default in
the WEBADMIN.NSF so you can add more user names to the ACL of
the WEBADMIN.NSF from a browser.
You can use the Web Administrator to perform the following tasks for
Internet or Notes users:
Delete a database
Compact a database
Security
5. Type the entry, or select it from the Domino Directory by clicking the
button next to the list box
6. Click OK.
To rename an entry
1. From the Domino Administrator Server pane, select the server that
stores the databases.
2. Click Files, and select one or more databases from the Domino data
directory.
3. Click Tools - Database - Manage ACL.
4. Click Modify.
5. In the From box, type the name of the person, server, or group that
you want to rename.
6. Select Modify Name.
7. In the To box, type the new name of the person, server, or group that
you want to rename.
8. Click OK to save your changes.
You can view all the database ACLs on a server by user name, access
level, or by database.
To view a list of all database ACLs on a server
1. From the Domino Administrator Server pane, select the server that
stores the databases.
2. Click Files.
3. Select the Catalog (V6) - Access Control Lists.
4. Select By Name, By Level, or By Database.
The By Name list shows the ACL list by ACL entry name, then
access level, and then database title.
The By Level list shows the ACL list by access level, then ACL
entry name, and then database title.
The By Database list shows the ACL list by database name, then
server, then access level, and then ACL entry name.
Security
1. Make sure that you have Manager access in all the database ACLs
you select.
2. From the Domino Administrator Server pane, select a server that has
Manager access to the databases on which you want to enforce a
consistent ACL.
3. Click Files, and select one or more databases from the Domino data
directory.
4. Click Tools - Database - Manage ACL.
5. Click Advanced.
6. Select the option Modify Consistent ACL setting.
To enforce a consistent ACL, select Enforce a consistent Access
Control List across all replicas of this database.
To disable a consistent ACL, select Do not enforce a consistent
ACL.
7. Click OK.
Security
The default for this option is Editor access. Tasks such as creating folders,
views, and agents do not apply to Internet users.
Tip You can use this setting to prevent Internet users from accessing the
database using name-and-password authentication. By setting it to No
Access, the database would then be accessible only to Notes users or
Internet users who authenticate using SSL client certificates.
Security
Security
Chapter 41
Protecting User Workstations with Execution Control
Lists
This chapter describes how to set up and manage execution control lists
for user workstation data security.
41-1
Workstation security
Java applet
JavaScript
Access to environment
variables
Ability to read other databases Read information in databases other than the
current database
Ability to modify other
databases
Security
Access option
Access to Workstation
Security ECL
Printing
Process-level access
JavaScript options
These options control access to workstation data for JavaScript that runs
in the Notes client, on a Notes form or on a Web page rendered by the
Notes browser. These options do not control JavaScript run by other
browsers, including the Microsoft Internet Explorer browser, even when
the browser is embedded in the Notes client.
JavaScript ECL settings control whether JavaScript code can read and/or
modify JavaScript properties of the Window object. You can allow read
access from, and write access to, the properties of the Window object. As
the top-level object in the JavaScript document object model, the Window
41-4 Administering the Domino System, Volume 2
Description
Default
Source window
Allow read
Controls JavaScript access to the Window
and write
object on the same page as the JavaScript
code. Selecting this option does not prevent a access
JavaScript directly to the object on the source
window, because doing so circumvents the
Window object; therefore this ECL option is
not enforced.
Other window
from same host
Other window
from different
host
Two additional ECL options control whether JavaScript that runs in the
Notes client is authorized to open a new Web page or Notes document. You
can enable open access for these options, described in the following table:
Option
Description
Default
URL on same
host
Allow open
access
URL on different Controls access for opening a page or Notes Not allow
host
document on a different host as the JavaScript open access
code.
Security
object has properties that apply to the entire window. Securing access to
the Window object secures access to other objects on the page since the
JavaScript program cannot access the objects further down in the object
model hierarchy without first traversing the Window object.
Do not let your users trust unsigned content. To prevent users from
changing their ECLs for example, by giving access to unsigned
content, or to content signed by signers who are not listed in the ECL,
deselect Allow user to modify in the Administration ECL.
Applies to
-Default-
Security
Signature
Applies to
-No Signature-
BT Mail and
Calendar
Migration Tools/
Lotus Notes
Companion
Products
Domino Unified
Communications
Services/Lotus
Notes
Companion
Products
Access to current
database, Access to
environment variables,
Access to external
code, Access to
external programs,
Ability to send mail,
Ability to read other
databases, Ability to
modify other databases
Lotus Fax
Development/
Lotus Notes
Companion
Products
Access to current
database, Access to
environment variables,
Ability to read other
databases, Ability to
modify other databases
continued
Applies to
Lotus Notes
Template
Development/
Lotus Notes
All
Sametime
Development/
Lotus Note
Companion
Products
You can also add additional users or signature types to the ECL. You
could add the hierarchical names of specific users or groups for
example, Phyllis Spera/Sales/East/Acme. If you create a special certifier
to certify the IDs of a group of trusted signers, you could use a wildcard
character to name all signers for example, */Trusted Signers/Acme.
The table below describes the access that these users (or signature types)
in an ECL would have:
Signature
Applies to
*/Trusted Signers/Acme
Phyllis
Spera/Sales/East/Acme
Security
Signature
For Allowed
-Default-
-No signature-
It is possible to write an agent to run on Notes clients and parse the ECL
logging data to provide administrators with specific information on how
users are managing their workstation ECLs, as well as current
information about applications or other code that should be added to
Admin ECLs.
Security
The resulting ECLs for these users should contain more signers than
what the ECL originally contained, unless your organization has
managed the signing process up front and only uses objects signed by a
small number of known trustworthy signers.
For more information, see the topic Editing the administration ECL
in this chapter.
3. Deploy the new ECL to user workstations. This happens
automatically when Notes client software is first installed on user
workstations.
4. Update user workstation ECLs, as required.
Have users update their ECLs through the User Security dialog box.
@RefreshECL("server1":"names.nsf";"")
Note For MIME-enabled users who lose their active content in mail
messages, add the button to a document in a particular Notes
database and tell those users to go there to update their ECLs.
Protecting User Workstations with Execution Control Lists 41-13
Security
10. To let users modify their workstation ECLs or enable Java applets
from trusted senders, select Allow users to modify.
4. Describe the purpose of the memo and instruct users to click the
button.
5. Mail the memo.
Tip Add the @Refresh ECL function to a common database event,
so that all users in the organization can use it to update their ECLs.
To use the Refresh button to update workstation ECLs
1. Make sure the Domino Directory with the ECL changes has
replicated throughout the domain.
2. Address a memo to users whose ECLs you want to update.
3. Describe the purpose of the memo and instruct the users to do the
following:
a. Choose File - Security - User Security.
b. Click What Others Do, and then click Using LotusScript,
Using Java, or Using JavaScript.
c. Click Refresh All
4. Mail the memo.
Note Even after you distribute an updated ECL, users might still
encounter Execution Security Alerts. Make sure that users:
Do not trust any actions with -No Signature-
Check with you before trusting any odd or unfamiliar signatures,
or before clicking Execute once for templates or applications
signed with odd or unfamiliar signatures. Investigate those
signatures, and if necessary, update and redistribute the
administration ECL.
as an entry in the Admin ECL. You then give that entry the ECL rights
that are appropriate for a workstation user. For example, if you want to
give users the ability to write and execute basic Notes programs on their
own workstations, you would enable the appropriate rights for this
entry.
If this key string entry is not included in the Admin ECL, and if Allow
user to modify is not enabled, the current user entry is removed from
the workstation ECL during ECL replace. If Allow user to modify is
enabled, the current user remains in the Workstation ECL
Refreshing the ECL without the key string leaves the current users entry
as is.
Security
Security
Chapter 42
Setting Up Name-and-Password and Anonymous
Access to Domino Servers
This chapter describes how to set up servers for name-and-password and
anonymous access by Internet/intranet clients.
Create an Internet Site document for the Internet protocol for which
you want to require a name and password.
or
Edit the Server document to specify which Internet protocols require
a name and password.
Security
2. In each Person document, complete these fields, and then save the
document:
Field
Action
First name, Middle Enter the users first name, middle initial, and last
initial, Last name name. The users last name is required.
User name
Security
Security
information is lost, and then users must re-enter their names and
passwords. This will not occur with the multi-server session
authentication option.
Create a Person document for each Web client who will use
session-based name-and-password authentication.
Action
Maximum active
sessions
Field
Action
Maximum active
sessions
Action
First name, Middle Enter the users first name, middle initial, and last
initial, Last name name. The users last name is required.
User name
Security
User name
Password
Specify the custom form as the sign-in form. If the Domino Web
Server Configuration database exists on the Web server but you have
not created and specified a custom sign-in form, Domino uses the
form $$LoginUserForm.
Security
Prompt for the user to log in, at which no error message will display.
You can enable single sign-on across multiple Domino domains. See the
topic Setting up the Web SSO Configuration document for more than
one Domino domain later in this chapter.
Clustered servers must have the full DNS server name in the host
name field of the Web Site or Server document. This enables the
Internet Cluster Manager (ICM) to redirect to cluster members using
SSO. If the DNS server host name is not there, ICM will redirect
URLs to clustered Web servers with only the TCP/IP host name, by
default, and will not be able to send the cookie because the DNS
domain is not included in the URL.
WebSphere issues
WebSphere and Domino should both be configured for the same
LDAP directory. The authentication token used for SSO stores the
full Distinguished Name of the user (DN) for example, cn=john
smith,ou=sales, o=ibm, c=us. To set up LDAP for SSO, set up
Directory Assistance in Domino and configure it to point to an LDAP
server that the WebSphere server uses. Or, load LDAP on the
Domino Directory and configure WebSphere to use the Domino
LDAP server.
Setting Up Name-and-Password and Anonymous Access to Domino Servers 42-13
Security
User Web browsers must have cookies enabled since the authentication
token that is generated by the server is sent to the browser in a cookie.
Field
Action
Configuration
Name
Organization
Name
DNS Domain
Domino Server
Names
Expiration
(minutes)
Security
Initialize the Web SSO Configuration with the shared secret key in
one of two ways:
Choose Domino only (no WebSphere servers participating in
single sign-on), and then select Create Domino SSO Key.
Choose Domino and WebSphere (single sign-on with WebSphere),
and then do the following:
a. Select Import WebSphere LTPA Keys.
b. Browse and select the WebSphere LTPA export file. (See
WebSphere documentation for details about generating ltpatoken
keys).
c. Enter the password (specified when generating the keys in
WebSphere). The document is updated to reflect the information
in the export file.
Action
DNS Domain
Action
Domino Server Enter the names of the servers that will be participating in
single sign-on (for example server1/acme,
Names
server2/acme). This document will be encrypted for the
creator of the document, the members of the Owners and
Administrators fields, and the servers specified in the
Domino Server Names field.
Note Groups, wildcards, and the names of WebSphere
servers are not allowed in this field. Only Domino Servers
can be listed as participating servers in the Server Names
field.
Expiration
(minutes)
Security
Field
6. Click Security. For both TCP and SSL authentication, enable Name &
Password.
7. Save and close the Web Site document.
8. At the server console, start the HTTP process by typing:
load HTTP
Setting up the Web SSO Configuration document for more than one
Domino domain
This procedure lets you enable servers in other domains for SSO with
servers in your current domain, by setting up both domains to use the
same key information. Two conditions must exist in order to do this:
To set up the Web SSO Configuration document for more than one
Domino domain
1. Copy the Web SSO Configuration document from the Domino
Directory in which it was created, and paste it into the Domino
Directory in the new domain.
2. Open the Web SSO Configuration document for the new domain and
edit the Participating Domino Servers field to include only those
servers with server documents in the new domain that will be
enabled for single sign-on.
3. The client must be able to find server documents for the participating
single sign-on servers. Make sure that the home server specified in
your clients location document is pointing to a server in the same
domain as those servers participating in single sign-on, so that
lookups will be able to find the public keys of the servers. If the
home server cannot find participating servers, then the SSO
document cannot be encrypted and SSO will fail.
4. Save the document. It is encrypted for the participating servers in the
new domain, and should enable those servers in the new domain to
participate in single sign-on with servers in the current domain.
Security
DN
CN or CN with CN=prefix
Not applicable
Alias name (a name listed in the User name field Not applicable
of the Person document, excluding the first
name listed in the field)
Internet address (users e-mail address as listed Mail
in the Internet address field in the users Person
document)
Last name
Surname
First name
Givenname
DN
DN
Short name
Alias name (a name listed in the User name field Not applicable
of the Person document, excluding the first
name listed in the field)
Soundex number
Not applicable
2. Click Security.
3. In the Internet Access section, choose one of the following in the
Internet Authentication field:
Fewer name variations with higher security (default).
More name variations with lower security.
4. Save and close the document.
See the topic Examples of names allowed for Internet client
authentication later in this chapter.
Note The Domino Web Server Application Programming Interface
(DSAPI) is a C API tool that lets you write your own extensions to the
Domino Web server. These extensions, or filters, let you customize the
authentication of Web users. For more information on DSAPI and filters,
see the current Lotus C API Toolkit for Domino and Notes, which is
available at www.lotus.com/techzone.
Description
Alan Jones
Common name
Alan
First name
Jones
Last name
Ajones
Short name
Alan Jones/Sales/East/Acme/US
alan_jones@acme.com
Security
Description
Alan Jones
Common name
Alan
Givenname
Jones
Surname
Ajones
UID
alan_jones@acme.com
Description
Alan Jones/Sales/East/Acme
CN=Alan Jones
Alan Jones
Common name
cn=Alan Jones/ou=East/ou=Sales/o=
Acme/c=us
alan_jones@acme.com
Example
Description
AJones
UID
Alan Jones
CN
CN with CN=prefix
DN
alan_jones@acme.com
Security
Security
For example, when a user tries to open a database that has an ACL with
No Access as the -Default-, Domino challenges the user for a valid user
name and password. Authentication succeeds only if the user provides a
name and password that matches the name and password stored in the
users Person document and if the database ACL gives access to that
user. Anonymous users are not authenticated.
Security
3. Click the tab that lists the protocol for which you want to allow
anonymous access. For each protocol, do the following:
Security
c. If a match is found for the user name Andrew entered, and the
password that Andrew entered matches the password in the
Internet password field of his Person document, then Andrew
will be authenticated. The server checks the primary Domino
Directory for the Person document. The server also checks
secondary Domino Directories and LDAP directories if it is
configured to search secondary Domino Directories and LDAP
directories.
Security
Chapter 43
Encryption and Electronic Signatures
This chapter describes how to use encryption to secure messages and
how to use digital signatures to verify the author of the message.
Encryption
Encryption protects data from unauthorized access. Using Notes and
Domino, you can encrypt:
containing the public key is also stored in the Domino Directory, where it
is available to other users.
Domino uses two types of public and private keys Notes and Internet.
You use the Notes public key to encrypt fields, documents, databases,
and messages sent to other Notes users, while the Notes private key is
used for decryption. Similarly, you use the Internet public key for
S/MIME encryption and the Internet private key for S/MIME
decryption. For both Notes and Internet key pairs, electronic signatures
are created with private keys and verified with public keys.
You can use one set of Internet public and private keys or you can set up
Notes to use a set of Internet keys for S/MIME signatures and SSL and
another set for S/MIME encryption.
For information on dual Internet certificates, see the chapter Setting Up
Clients for S/MIME and SSL.
When you register a user, Domino automatically creates a Notes
certificate, which contains the users public keys, and adds it to the ID file
and the Domino Directory. The private key is created and stored in the
ID file. You can also create Internet public and private keys after user
registration. Domino stores Internet certificates, which contain public
keys, in the ID file and also in the Domino Directory. The Internet private
key is stored in the ID file, separately from the certificate.
To create Notes public and private keys, Domino uses the dual-key RSA
Cryptosystem and the RC2 and RC4 algorithms for encryption. To create
the Internet public key, Domino uses the x.509 certificate format, which is
an industry-standard format that many applications, including Domino,
understand.
Both the Notes client and Domino server support 1024-bit RSA key and
128-bit symmetric key for S/MIME and SSL. The Notes proprietary
protocols use a 630-bit key for key exchange, and a 64-bit symmetric key.
Encryption strength
All Notes IDs contain two public/private key pairs. Prior to 5.0.4, key
lengths were restricted for the purposes of encrypting data, but not for
authentication or signing. Anything over 512-bit RSA key and 56-bit
symmetric key was considered strong encryption and was not allowed
for export by the U.S. Government. Customers were required to order
and choose among kits of different cryptographic strengths.
With the relaxation of US government regulations on the export of
cryptography, the Domino server and the Domino Administrator,
Domino Designer, and Lotus Notes client products have consolidated all
previous encryption strengths North American, International, and
43-2 Administering the Domino System, Volume 2
Security
Mail encryption
Mail encryption protects messages from unauthorized access. Only the
body of a mail message is encrypted; the header information for
example, the To, From, and Subject fields is not.
Notes users can encrypt mail sent to other Notes users or to users of mail
applications that support S/MIME for example, Microsoft Outlook
Express and Netscape Communicator.
Users can use Notes mail encryption to encrypt mail sent to other Notes
users, encrypt mail received from other Notes users, or encrypt all
documents saved in a mail database. Notes uses the recipients public
key, which is stored in the senders Personal Address Book or in the
Domino Directory, to encrypt outgoing and saved mail.
In general, mail sent to users in a foreign domain cannot be encrypted.
However, if the recipient of the mail uses Notes and the sender has
access to the recipients public key, the sender can encrypt the mail
message. The recipients public key can be stored in the Domino
Directory, in an LDAP directory to which the sender has access, or in the
senders Personal Address Book.
Notes users can also use S/MIME to encrypt mail sent to recipients
who use mail applications that support S/MIME. Senders must have
the recipients public key in order to encrypt the message for S/MIME.
43-4 Administering the Domino System, Volume 2
Security
The user creates a message using a form in which the Body field in
the forms design has Store contents as HTML and MIME selected
in Field Properties. If the recipient can accept either Notes or MIME
format (or if Notes cannot find a Person document for the recipient),
the message will use MIME format.
Security
Encrypting mail
Security
Electronic signatures
3. When the reader accesses the signed data, Notes verifies that the
signer has a common certificate or common certificate ancestor from
a certifier that the reader trusts. If so, Notes attempts to decrypt the
signature using the public key that corresponds to the private key
with which the data was signed.
4. If decryption is successful, Notes indicates who signed the message.
If decryption is unsuccessful, Notes indicates that it cannot verify the
signature. Unsuccessful decryption and comparision may indicate
that the data has been tampered with.
Note Certificate trust checking occurs independently of hash
decryption and comparison. Decryption and comparison may
succeed even if the certificate is not trusted. This might happen, for
example, when a user receives mail from a user in another company
and that user doesnt have a cross-certificate.
S/MIME signatures
When the sender signs a message with an S/MIME signature, only the
body of the message and accompanying attachments are signed.
1. Notes generates a hash of the data being signed and then encrypts
the hash with the private key of the author of the data, forming a
signature.
2. Notes attaches a certificate chain that is, all certificates in the
hierarchy for the certificate and the signature to the data.
3. When the reader accesses the signed data, Notes or the mail
application attempts to decrypt the signature using the public key
that corresponds to the private key with which the data was signed.
If successful, Notes or the application verifies that the signer has a
common certificate or common certificate ancestor from a certifier
that the reader trusts.
Note Typically, the Notes users organizational certifier issues a
cross-certificate to the signers certificate authority (CA). Trust can
also be established if the Notes user issues a cross-certificate directly
to the signers certificate or to the signers Certificate Authority. Or,
the Notes users organizational certifier can issue a cross-certificate
directly to the signers certificate.
4. Notes or the mail application compares the decrypted hash with a
hash of the message generated by the reader. A match means that the
signature is valid.
Security
Security
Chapter 44
Setting Up a Domino Server-Based Certification
Authority
This chapter describes how to set up a Domino server-based certification
authority (CA) to issue server and client certificates using the CA process
server task.
44-1
To manage the CA process from the Domino console, you use a set of
server Tell commands.
For more information on CA process Tell commands, see the appendix
Server Commands.
Issued Certificate List (ICL)
Each certifier has an Issued Certificate List (ICL) that is created when the
certifier is created or migrated to the CA process. The ICL is a database
that stores a copy of each unexpired certificate that it has issued,
certificate revocation lists, and CA configuration documents.
Configuration documents are generated when you create the certifier
and sign it with the certifiers public key. After you create these
documents, you cannot edit them.
CA configuration documents include:
Using CRLs, you can manage the certificates issued in your organization.
You can easily revoke a certificate if the subject of the certificate leaves
the organization or if the key has been compromised. HTTP servers and
Web browsers check the CRLs to determine whether a given certificate
has been revoked, and is therefore no longer trusted by the certifier.
When you use Internet Site documents to configure Internet protocols on
the Domino, you can also enable CRL-checking for each protocol.
There are two kinds of CRLs: regular and non-regular. For regular CRLs,
you configure a duration interval the time period for which the CRL is
valid and the interval at which new CRLs are issued. Each certifier
issues a CRL at the specified time, even if no certificates have been
revoked since the last CRL was issued. This means that if an
administrator revokes a certificate, it appears in the next scheduled CRL
issued by the certifier. The CRL duration period should be greater than
the time period between each CRL issuance. This ensures that the CRL
remains valid. Otherwise, the CRL could expire before a new one is
issued.
However, in the event of a critical security break for example, if the
administrator needs to revoke a particularly powerful certificate or the
certifier certificate is compromised you can manually issue a
non-regular CRL that is, an unscheduled CRL to enforce the
emergency revocation. This type of revocation does not affect either the
timing or the content of the next scheduled CRL. You use a Tell
command to issue a non-regular CRL.
For more information on revoking a certificate, see the topic Revoking a
certificate later in this chapter.
For more information on enabling CRL-checking, see the chapter
Installing and Setting Up Domino Servers.
For more information on configuring a regular CRL, see the topic
Creating an Internet CA later in this chapter.
For more information on issuing a nonscheduled CRL, see the appendix
Server Commands.
Security
You configure the CRL when you create a new Internet certifier. You can
specify the length of time for which a CRL is valid and the interval
between publication of new CRLs. After CRLs are configured, the
certifier issues them on a regular basis and they operate unattended.
Administering a Domino CA
There are a number of tasks associated with managing a certifier. If you
implement a certifier that uses the CA process, you can delegate Notes
and Internet certificate request approval and denial to other
administrators, each of whom acts as a registration authority.
Note Many of the manual tasks associated with managing a CA prior to
Domino 6 are now automated when you use the CA process.
Domino certificate authority administrator tasks
The Domino certificate authority administrator (CAA) is responsible for
these tasks:
The CAA must have at least Editor access to the master Domino
Directory for the domain.
As a best practice, designate at least two CAAs for each certifier. You
then have a backup if one leaves the organization.
Note By default, the administrator who creates a certifier is
automatically designated as both a CAA and an RA for that certifier.
When you create additional CAAs, they must be assigned the RA role in
order to register users.
Domino Registration Authority administrator tasks
A registration authority (RA) administrator registers Notes users and
Domino servers, approves or denies Internet certificate requests, and, if
necessary, revokes Internet certificates. While a CA administrator can
also be a registration authority, the main advantage of having a separate
RA role is to offload these tasks from the Domino and/or CA
administrator. Moreover, the Domino administrator can establish one or
more RAs for each certifier enabled for the CA process.
An RA should approve only those requests that will be accepted by the
certifier. The CA Configuration document, stored in the CAs ICL
database, describes what is acceptable.
Domino administrators who register Notes users should also be listed as
RAs for the Notes certifier.
If you are using the Web Administrator client, you need to set up a
server-based certification authority to register Notes users. The Web
44-4 Administering the Domino System, Volume 2
Note CAs and RAs must have at least Editor access to the master
Domino Directory for the domain.
Security
4. In the Chose ID/key ring file dialog box, select the CERT.ID of the
certifier you want to migrate.
Choose the certifier ID (CERT.ID) and click Select to migrate a
Notes certifier.
Choose the certifier key ring file and click Select to migrate an
Internet certifier.
5. The certifier IDs path and filename now appear in the Migrate
Certifier dialog box. Enter the password for the certifier ID or key
ring file and click OK.
6. If you are migrating a Notes certifier, complete the procedure To
migrate a Notes certifier. Otherwise, see the procedure To migrate
an Internet certifier.
To migrate a Notes certifier
1. On the Basics tab, complete these fields:
Field
Action
Select the
Select the server that will store the migrated certifier.
server where
Make sure that the client location document points to this
the certifier will server.
run
Name of ICL
database to be
created
Security Password
level
required
Encrypt ID Lowest
with
Server ID
None
Action required
None
Security Password
level
required
Action required
If you choose to encrypt the certifier ID
with a lock ID, the certifier is locked
when you create it. Use the tell
command:
tell ca unlock
<idfile><password>
Action
Certificate duration
for EE certificate
Certificate duration
for CA certificate
Security
Option
And then enter the following to see if the new certifier has been
added:
tell ca stat
Security
level
Password
required
Action required
None
None
Server ID
password
Registered
user ID and
password
Security
Action
Certificate duration
Key usage
Note The default certificate type is end entity certificate. This means
that Internet certificates issued by this certifier apply to users of
certificates and/or end-user systems that are subjects of a certificate.
11. Click Miscellaneous, and then click Create a local copy of the
certifier ID. Specify the certifier ID file name and password, and
click OK. A copy of the certifier ID is saved to the default path
...\notes\data\ids\certs\cert.id. You can select a different path. Use
this local copy of the certifier ID as a backup to re-create the certifier
if it become corrupted.
12. Complete these fields to specify Certificate Revocation List
information for this certifier:
Field
Action
Field
Action
Signing algorithm
Key length
Action
Type
Value
15. Click Add to add the alternative name to the certifiers certificate.
16. Click OK. A message appears saying that you have successfully set
up a CA.
17. Complete these procedures:
Add the new certifier to the CA process.
Create the Certificate Requests application.
Security
Non-repudiation
Key encipherment Use when a certificate will be used with a protocol that
encrypts keys. An example is S/MIME enveloping, where
a fast (symmetric) key is encrypted with the public key
from the certificate. SSL protocol also performs key
encipherment.
Data
encipherment
Use when the public key is used for encrypting user data,
other than cryptographic keys.
Key agreement
Use when the sender and receiver of the public key need to
derive the key without using encryption. This key can then
can be used to encrypt messages between the sender and
receiver. Key agreement is typically used with
Diffie-Hellman ciphers.
Certificate signing Use when the subject public key is used to verify a
signature on certificates. This extension can be used only in
CA certificates.
CRL signing
Encipher only
Decipher only
Sign
(downloadable)
executable code
Digital signature
Email protection
IPSEC Tunnel
Security
Extended key
IPSEC User
Timestamping
SSL Client
Digital signature
SSL Server
Key encipherment
S/MIME Signing
Digital signature
S/MIME Encryption
Key encipherment
Certificate Signing
Certificate signing
Object Signing
Digital signature
Field
Action
Supported CA
Do the following:
1. In the Server field, enter the name of the server that
hosts the Internet certifier.
2. In the Certifier field, enter the name of the Internet
certifier to associate with the Certificate Request
database.
Supported
certificate types
Choose one:
Client certificates only Select this option if the
certifier will issue client Internet certificates. Do not
select this option if you want to create a server key
ring for SSL. If you select this option, you must
customize client requests.
Server certificates only Select this if the certifier
will issue server Internet certificates. If you select this
option, you must customize server requests.
Both client and server certificates Select this if the
certifier will issue both client and server Internet
certificates. If you select this option, then you need to
customize both server and client requests.
Action
Validity period
Key usages
Extended key
usages
Security
Action
Validity period
Key usages
Extended key
usages
Action
File name
Enter a file name for the Key Ring file and keep
the .kyr.
Password
Key size
Common name
Country
Security
a. Do one:
Open the Administrators mail file, locate and open a message
with the subject Your certificate request has been approved,
and copy the pickup ID to the Clipboard.
From the Certificate Requests database, open the
Submitted/Accepted view, then open the issued server request
and copy the Request ID to the clipboard.
b. In the Certificate Requests database, choose Domino Key Ring
Management, then Pickup Key Ring Certificate.
c. Enter the key ring file name and password, paste the pickup ID
into the form, and click Pickup Certificate.
8. Do the following to merge the approved server certificate into the
key ring file:
a. When the Merge Signed Certificate Confirmation dialog box
appears, verify the information and click OK.
b. When the Certificate received into key ring confirmation box
appears, click OK.
c. Copy or use FTP (in binary mode) to transfer the new key ring
file and its associated .STH file to the servers data directory.
9.
Security
7. After the CA signs the request for a server certificate and notifies you
to pick up the certificate, do the following:
Modifying a server-based CA
After you migrate or create a certifier, you can modify it through the
certifier ICL or through the certifier document in the Domino Directory.
Note that how you open a certifier to modify it affects the number and
type of changes you can make.
Note Only CA administrators can modify a server-based CA. A CA
administrator must have Editor access to the Domino Directory in order
to modify a certifier.
To modify a certifier through the ICL
1. Shut down the CA process used by the certifier that you want to
modify. At the server console, type:
tell ca quit
Security
6. In the Certifier dialog box, modify the certifier as needed. You can
change these features:
Encryption mechanism for certifier ID
CAs and RAs, and roles of current entries
CRL distribution point extension
Enable or disable backdating of certificate
Certificate duration
Certificate key usage (Internet certifiers only)
CRL publication and duration (Internet certifiers only)
For detailed information on these options, see the topic Creating
a certifier for a server-based CA earlier in this chapter.
7. Click OK.
To modify a certifier through the Certifier document
To modify a Certifier document, you must have Editor access to the
Domino Directory. Full-access administrators and administrators have
this access by default; however, be sure that all certificate authority (CA)
administrators also have this access.
1. From the Domino Administrator, click Configuration.
Note If the certifier is protected with a lock ID, you must unlock it
in order to modify it.
On the Basics tab, you can modify certifier name and issuer.
Click Modify CA configuration to change CAA and RA
associations.
2. Click Save and Close.
Disabling a certifier
To modify a Certifier document, you must have Editor access to the
Domino Directory. Full-access administrators and administrators have
this access by default; however, be sure that all certificate authority (CA)
administrators also have this access.
1. From the Domino Administrator, click Configuration and open the
Certificates view in the Server pane.
2. Select the certifier document you want to disable and double-click to
open it.
3. Click Edit Certifier.
Revoking a certificate
A CA administrator can easily revoke an Internet certificate if the subject
of the certificate leaves the organization, or if the key has been
compromised. After a certificate is revoked, it can never again be trusted.
If you revoke a certificate, especially if a key has been compromised,
issue a non-regular CRL so that any entity checking CRLs has the most
updated revocation information.
To revoke a certificate
1. From the Domino Administrator, click Files. Open the ICL directory.
2. From the list of ICL databases, open the ICL for the certifier that
issued the certificate you need to revoke.
3. Open the Issued Certificates\By Subject Name view.
4. Open the Issued Certificate document for the certificate you want to
revoke.
The document name is the same as the subject name.
5. At the top of the document, click Revoke Certificate.
6. In the Revocation Reason dialog box, select the reason for revoking
the certificate, and click OK.
7. Issue a non-regular CRL.
The next time the CA process refreshes, the Issued Certificate document
will be updated to indicate that the certificate has been revoked. When
you open the Issued Certificate document again, the Revocation
Information section will indicate that the certificate has been revoked, the
revocation date and time, the reason for the certificates revocation, and
date and time the certificate became invalid.
For more information on issuing non-regular CRLs, see the appendix
Server Commands.
Security
The server returns a list of all certifiers using the CA process and their
current status. The number associated with each certifier is used in some
CA Tell commands.
For example:
10/22/2001 02:38:12 pm
CA Process status:
10/22/2001
1. O=Acme
02:38:12 pm
10/22/2001 02:38:12 pm
Certifier type: Notes
10/22/2001 02:38:12 pm
Active: Yes
10/22/2001 02:38:12 pm
ICL DB Path: icl\icl_Acme.nsf
10/22/2001 02:38:12 pm
2. CN=East/O=Acme/ST=Massachusetts/C=US
10/22/2001 02:38:12 pm
Certifier type: Internet
10/22/2001 02:38:12 pm
Active: Yes
10/22/2001 02:38:12 pm
ICL DB Path: icl\icl_East.nsf
For more information about using CA Tell commands, see the appendix
Server Commands.
Back up each certifier that you create, so that you can recover if there is a
problem for example, if error messages are generated by the certifier
when you issue a lo ca or tell ca refresh command.
To back up a certifier
1. When you create a new certifier, keep a local copy of the certifier ID
file.
2. After you create the certifier, make a copy of the ICL database and
keep it in a safe place. Back up the ICL periodically to incorporate
any changes you make to the certifier.
To recover a certifier
1. From the Admin client, click Configuration.
2. On the Tools pane, choose Certification - Modify Certifier.
3. Select the CA server from the list, and click OK.
4. Select the server that hosts the CA you want to modify, if necessary.
5. Select the certifier to recover by doing one of the following:
Select the certifier document from the Domino Directory.
Select the certifier ICL database.
6. You may be prompted for the certifier ID and password. Enter the
path and filename for the local copy of the ID that you created when
you first set up the certifier, and click OK.
Note You will be prompted for the certifier ID only if the certifier
determines that it cannot proceed without it.
7. In the Modify Certifier dialog box, confirm that the certifier
information is correct. Click OK.
If the certifier is still having problems for example, configuration
documents are corrupted or missing replace the ICL database with the
back up copy. The location of the ICL database is specified in the certifier
document.
Security
Security
Chapter 45
Setting Up a Domino 5 Certificate Authority
This chapter describes how to set up a Domino 5 certificate authority
(CA) to issue server and client certificates using a CA key ring file.
Field
Action
Enter the explicit path and file name for the CA key
ring. The default is CAKEY.KYR in the Domino
Administrators data directory. Its helpful to use the
extension .KYR to keep server and CA key ring file
names consistent.
Key ring
password
Password verify
Key Size
Select the size of the public and private key pairs. The
larger the size, the stronger the encryption.
Common name
Organization
Organizational
Unit
City or Locality
State or Province Enter three or more characters that represent the state
or province where the certifier resides, such as
Massachusetts. (For U.S. states, enter the complete state
name, not the abbreviation.)
Country
Security
Action
Choose one:
Yes (default) to specify whether the e-mail message
generated during the security request process includes
a reference to the SSL port for secure certificate pick-up.
No to specify SSL will not be used.
Certificate Server Enter the number of the TCP/IP port for the server.
port number
Domino uses this port when sending an e-mail notification to clients to pick up certificates. The default is 80.
continued
45-4 Administering the Domino System, Volume 2
Action
Choose one:
Default validity
period
Action
Key ring
password
Password verify
Key size
Select the size of the public and private key pairs. The
larger the size, the stronger the encryption.
continued
Setting Up a Domino 5 Certificate Authority 45-5
Security
Field
Field
Action
CA certificate
label
Common name
Organization
Organizational
Unit
City or Locality
State or Province Enter three or more characters that represent the state or
province where the certifier organization resides, such
as Massachusetts. (For U.S. states, enter the complete
state name, not the abbreviation.)
Country
Security
1. From the Domino Administrator, click Files and open the Domino
Certificate Authority application.
2. Click Server Certificate Requests.
3. Open the request to sign.
4. Review the user information and distinguished name. Make sure that
the information provided complies with your organizations security
policy.
If you want to deny the request, complete Step 5. Otherwise, go to
Step 6.
5. To deny the request, do the following:
a. Enter a reason for the denied request.
b. If you do not want to notify the server administrator by e-mail,
deselect Send a notification email to the requester. Otherwise,
Domino sends the server administrator an e-mail indicating that
you denied the request and the reason why you denied the
request.
c. Click Deny.
6. To approve the request, do the following:
a. Enter a validity period. For short-term projects, 90 days is typical;
for ongoing projects, you can enter several years.
b. If you do not want to notify the server administrator by e-mail to
pick up the certificate, deselect Send a notification email to the
requester. Otherwise, Domino sends the server administrator an
e-mail with a URL indicating the location to pick up the
certificate.
c. Click Approve.
d. Enter the password for the CAs key ring file, and then click OK.
7. Have the server administrator complete the procedure Merging a
server certificate into the key ring file.
Security
Security
Chapter 46
Setting Up SSL on a Domino Server
This chapter describes how to set up SSL on a Domino server to allow
secure Internet and intranet access at your organization.
SSL security
Secure Sockets Layer (SSL) is a security protocol that provides
communications privacy and authentication for Domino server tasks that
operate over TCP/IP.
SSL offers these security benefits:
The server certificate accompanies data to assure the client that the
server identity is authentic.
The client certificate accompanies data to assure the server that the
client identity is authentic. Client authentication is optional and may
not be a requirement for your organization.
The Java applet that uses this protocol must be set up to use SSL.
46-1
Security
Action
Key Ring
Password
Key Size
Common name
Organization
Action
Organizational
Unit
City or Locality
State or Province Enter the full name of the state or province in which the
certifier organization resides.
Country
After you read the information about the key ring file and
distinguished name, click OK. Notes creates the key ring file and
stash (.STH) file and places them in the Notes data directory on the
client machine used to create the key ring.
7. Copy the key ring file and stash (.STH) file to the Domino data
directory on the server.
Caution You must ensure that the key ring password in the stash
file is protected. The key ring file password is altered in the stash file
so that it cannot be recognized by a casual observer, but it is not
encrypted. You should not allow unauthorized persons access to
either the stash file or the key ring file. In the normal course of
operation, only the server itself should have access to those files;
however, administrators may also need permission to remove or
replace the files. As with all server resources, managing proper file
permissions and protections is vital to the security of the system.
8. Request an SSL server certificate.
Security
Field
1. From the Notes client, open the Certificate Requests database for the
certifier from which you want to request a server certificate.
2. Do the following to create a server key ring file to store the server
certificate and merge the CA certificate as a trusted root into the
server key ring file:
a. In the Certificate Requests database, choose Domino Keyring
Management - Create Keyring.
b. In the Create Key Ring form, complete these fields:
Field
Action
File name
Enter a file name for the Key Ring file and keep the .kyr.
Password
Key size
Common name Enter the fully qualified host name for example,
server.company.com.
Organization
name
State or
province
Country
7. When the Certificate received into key ring dialog box appears,
click OK.
8. Copy or use FTP (in binary mode) to transfer the new key ring and
its associated .STH file to the servers data directory.
From a Domino CA using a Web browser
This procedure for generating a server certificate request is the same
regardless of whether you are requesting a server certificate from a
Domino server-based certification authority or a Domino 5 certificate
authority.
1. Make sure you already created the server key ring file and mapped a
drive to the directory that contains the server key ring file.
2. From the Notes client, open the Domino Directory of the server on
which you want to create SSL, and open the Server Certificate
Admin application.
3. Click Create Certificate Request.
4. Complete these fields:
Field
Enter
Log Certificate
Request
Choose one:
Yes (default) to log information in the Server
Certificate Admin application
No to not log information
Method
Security
Enter
The name of the server key ring file including the path
to the file
Log Certificate
Request
Choose one:
Yes (default) to log information in the Server
Certificate Admin application
No to not log information
Method
Choose one:
Paste into form on CAs site (recommended)
Send to CA by e-mail
Note You must choose the paste option to submit a
request to VeriSign, which doesnt use PKCS format for
requests sent by e-mail. If you choose Send to CA by
e-mail, enter the CAs e-mail address, and your e-mail
address, phone number, and location.
Security
Organization
Class 3 Public
Primary
Certification
Authority
US
VeriSign, Inc.
Class 3 Public
Primary
Certification
Authority
US
VeriSign, Inc.
Class 2 Public
Primary
Certification
Authority
US
VeriSign, Inc.
Class 1 Public
Primary
Certification
Authority
US
VeriSign, Inc.
Test CA
US
RSA Data
Security, Inc.
Secure Server
Certification
Authority
US
Netscape
Test CA
Communications
Corp.
RSA Data
Security, Inc.
Low Assurance
Certification
Authority
US
US
Security
4. From the Notes client, open the Server Certificate Admin application.
5. Click Install Certificate into Key Ring.
6. Enter the file name for the key ring that will store this certificate. You
specified this key ring file when you created the server certificate
request.
7. In the Certificate Source field, choose Clipboard. Paste the Clipboard
contents into the next field.
8. Click Merge Certificate into Key Ring.
9. Enter the password for the key ring file, and then click OK to
approve the merge.
10. Configure the SSL port.
From a third-party CA
1. Make sure the CA signed the certificate and you mapped a drive to
the directory that contains the server key ring file.
2. Use the instructions provided by the CA to pick up the certificate. In
most cases, the CA mails the certificate as a file attachment or gives
you a URL to visit to copy and paste the certificate to the Clipboard.
3. From the Notes client, open the Server Certificate Admin application.
4. Click Install Certificate into Key Ring.
5. Enter the file name for the key ring that will store this certificate. You
created this key ring file when you created the server certificate
request.
6. Do one of the following:
If you copied the certificate to the Clipboard, choose Clipboard in
the Certificate Source field. Paste the Clipboard contents into the
next field.
If you received a file attachment that contains the certificate,
detach the file to your hard drive, and then choose File in the
Certificate Source field. Enter the file name in the File name field.
7. Click Merge Certificate into Key Ring.
8. Enter the password for the server key ring file, and then click OK to
approve the merge.
9. Configure the SSL port.
Security
If you are using a Notes client, the Notes client must have a
cross-certificate for the server CA or the SSL servers certificate.
Security
Enter
The file name of the server key ring file that the server uses.
Note Domino does not use this field for IIOP, which uses a
separate key ring file. You cannot change the name of the
IIOP key ring file.
Choose one:
Yes to allow this server to accept the site certificate and
use SSL to access an Internet server, even if the Domino
server does not have a certificate in common with the
Internet server.
No to not allow this server to accept site certificates.
Choose one:
Accept
expired SSL Yes to allow clients to access the server, even if the client
certificates
certificate is expired.
No to not allow clients to access the server with expired
client certificates.
Field
Enter
SSL port
number
SSL port
status
Client
certificate
Choose one:
Name &
password
Choose one:
Anonymous
Choose one:
Security
4. Click the tab for the protocol that you want to configure, and then
complete these fields:
For Domino 6 servers, use a Web Site document for requiring SSL
connections for HTTP clients. For IMAP and LDAP, you do this in
the Server document.
After you set up SSL on a Domino server, you must give the clients
access to databases on the server.
For anonymous users
If you set up a client for server authentication only, you cannot enter the
users name in a database ACL since the client does not use a user name
to access the server. Instead, you add the entry Anonymous to database
ACLs and design element access lists. If you do not specify Anonymous
access, Domino gives anonymous users -Default- access.
For client authentication
If you set up a client for client and server authentication, you can control
the clients access to databases by adding the clients name to database
ACLs and design element access lists. You must use the first name listed
in the User name field of the Person document for the client. For example,
if a User name field contains the entries Alan Jones/Acme, ajones, Alan,
AJ; add the name Alan Jones/Acme to the ACL and design element
access lists. Alan Jones can authenticate with the server using any of the
names listed, but Domino uses the first name in the User name field to
verify entries in ACL and design element access lists. It is strongly
recommended that the first name be in hierarchical name format.
For more information, see the chapter Controlling User Access to
Domino Databases.
Security
The expiration date. The default trusted roots that come with
Domino do not have expiration dates.
The size of the public key. The size determines the strength of the
encrypted public key.
Security
Enter
Key ring
password
Enter
Common name
Organization
Organizational
Unit
City or Locality
4. Copy the key ring file and stash (.STH) file to the Domino data
directory of the server.
5. Configure the port for SSL.
6. Set up database access.
Security
Field
You can restrict the use of SSL ciphers for Internet protocols. You can
specify the use of a 128-bit cipher only for the HTTP service, for example,
to require users to access a server using a domestic browser version. If no
configuration parameters are set, then there is no restriction on the SSL
ciphers used for that protocol.
There are three ways to configure SSL ciphers, depending on how you
choose to configure Internet protocols on your Domino server:
Security
Security
Chapter 47
Setting Up Clients for S/MIME and SSL
This chapter describes how to set up a Notes client to use SSL and send
secure S/MIME messages. It also describes how to set up an Internet
client to use SSL to connect to a Domino server.
47-1
Notes and other Internet clients that use client certificate authentication
have an Internet certificate that is stored in the Notes ID file for Notes
client, and in a local file for Internet clients. The certificate includes a
public key, a name, an expiration date, and a digital signature. The
corresponding private key is stored in the ID file, but is stored separately
from the certificate. For Notes clients, the client certificate is also stored
in the Domino Directory so that others can access the public key.
Notes and Internet clients can obtain Internet certificates from either a
Domino certification authority or a third-party certifier.
How you set up the client depends on whether the server requires client
certificate authentication.
As an administrator, you should carefully consider whether you want to
require client certificate authentication. If you do not need to identify
Internet users who access the server, you do not need to set up client
authentication. In fact, in some cases, requiring an Internet certificate
may deter users from accessing a server for example, a server that
hosts a Web site. If you require an Internet certificate, users need to
perform additional steps to obtain the certificate and set up client
certificate authentication.
Note By enabling the setting Accept SSL Site Certificates in the
Location record, the Notes client can ignore cross-certificates and server
authentication entirely. The user can also choose to create
cross-certificates on the fly when connecting to a server using SSL.
You can set up Notes or other Internet clients for server authentication to
encrypt data and authenticate the server identity when connecting to an
Internet server. You do not need an Internet certificate if you set up a
client for server-only authentication.
On the server, SSL is set up on a protocol-by-protocol basis. You can
choose to enable SSL on all protocols, or enable SSL on some protocols
but not others. For example, you can enable SSL on mail protocols
(IMAP, POP3, SMTP) and disable it for HTTP. You must also enable the
port for anonymous access; otherwise, Domino requires an Internet
certificate or a name and password from the client.
To access an Internet server using SSL, clients must have:
Note Secure transactions are indicated by the use of the term https:// in
URLs for SSL-secured sites. A browser user can specify this when
initiating a secure transaction. More likely, the user will navigate to a
login page, where it is necessary to log in with a name and password in
order to access the secure Web page.
Security
Security
SSL server authentication for Internet clients other than Notes does not
require a cross-certificate.
Make sure you have the Administration Process set up on the server.
If you are signing a certificate for an Internet client, make sure you
created a Person document.
Security
Third-party CA
The third-party CA determines how you request an Internet certificate.
Browse to the third-party CAs site, and enter the certificate request. A
dialog box appears that allows you to request the certificate.
1. From the Domino Administrator, click Files, and open the Domino
Certificate Authority application.
2. Click Client Certificate Requests in the left pane.
3. Open the request you want to sign.
4. Review the user information and distinguished name. Make sure the
information provided complies with your organizations security
policy.
5. Leave the option Register certificate in the Domino Directory
selected to add the clients public key automatically to the Person
document.
If you want to deny the request, complete step 6. Otherwise, go to
step 7.
6. To deny the request:
a. Enter a reason for the denied request.
b. If you do not want to send the person e-mail, deselect Send a
notification e-mail to the requester; otherwise, the Domino
Certificate Authority application sends the person e-mail
indicating that you denied the request and the reason why you
denied the request.
c. Click Deny.
7. To approve the request:
a. Enter a validity period. For short-term projects, 90 days is typical;
for ongoing projects, you can enter several years.
b. If you do not want to send the client e-mail indicating that the
client can now pick up the certificate, deselect Send a
notification e-mail to the requester; otherwise, the Domino
Certificate Authority application sends an e-mail with a URL
indicating the location to pick up the certificate.
c. Click Approve and enter the password for the CA key ring file.
This places a request in the Administration Requests database.
When the Administration Process next runs, it processes the
request and adds the certificate to the clients Person document
in the Domino Directory.
Note The client cannot use the certificate to authenticate against
database ACLs until the Administration Process completes the
request.
Security
Third-party CA
If a user obtains an Internet certificate from a third-party CA using the
Notes client, the certificate is automatically added to their Person
document.
If a user obtains an Internet certificate from a third-party CA through a
browser, the certificate must then be added to their Person document.
For more information, see the topic Publishing third-party CA client
certificates in a Person record later in this chapter.
Security
You can also view information about Internet certificates in the Domino
Directory.
To view or delete an Internet certificate
1. From the Domino Administrator, click People & Groups, and edit the
Person document for the Internet user whose certificate you want to
view or delete.
2. Click Examine Internet Certificate(s).
3. To delete the Internet certificate, select the certificate and click
Delete. Note that the certificate will remain displayed until you exit
or save the document.
Security
An Internet client can still access the Domino server anonymously if you
have anonymous access set up on the server, or use name-and-password
authentication to access the server. A Notes client can still send
unencrypted mail messages to the user.
Security
2. When you open the signed message, Notes asks if you want to add a
cross-certificate if you do not already have a cross-certificate issued
for either the author or the CA who issued the certificate to the
author. Complete these fields and then click Cross Certify:
Field
Enter
Certifier
Server
Subject name
Expiration date
You can add two Internet certificates to your Notes ID file and then use
one certificate for S/MIME encryption and another for S/MIME
signatures and SSL client authentication. Doing so lets you maintain
separate public and private key pairs for encryption and electronic
signatures and SSL client authentication.
Security
Security
Security
For example, if the User name field contains these entries: Alan Jones,
AJones, Alan, Al Jones and the client uses the name Al Jones to access the
server, Domino authenticates the user, verifies that the public key
presented matches the public key in the Person document, and uses the
name Alan Jones to check database ACLs and design element access lists.
Have trusted root certificates installed in its server key ring for any
certifier whose certificates you want to accept for publication
Security
If you do not have the servers CA marked as a trusted root in the server
key ring file for the Domino server, Domino automatically adds the
certificate and logs the condition in the log file. Other Internet protocols
do not allow users to proceed unless they have the servers CA marked
as a trusted root. You should, however, mark the CA certificate as a
trusted root instead of automatically adding the trusted root to ensure
that the trusted root you receive is valid.
Chapter 48
Rolling Out Databases
Database Management
This chapter describes the tasks involved in rolling out a database for
production after it has been designed. Be sure to test the database
application thoroughly before announcing its location to users.
Mandatory tasks
Perform these tasks before copying a new database or database replica to
a production server.
Task
Considerations
Set up the database ACL If you plan to make replicas of a database, make sure
for users and servers that that the database ACL lists the name of each server
containing a replica. If the database uses roles,
require access
assign all roles to each server.
If you assign ACL settings on the original database
before copying it to a server, assign yourself
Manager access on the original. Otherwise, you
wont have Manager access to the new copy.
Verify that server ACLs
are set up correctly
Create or edit
Connection documents
Set up a replication
schedule
Optional tasks
The following tasks are not required, but you may want to perform them
after your database is in production. Whether or not you need to do these
tasks depends on the type of database you are rolling out to the
production server and the roles assigned to an application developer,
database manager, or Domino administrator in your organization.
Considerations
Create About This Database Provide the name, phone number, and e-mail
and Using This Database
address of database managers in the About This
documents
Database document. Provide information about
the application in the Using This Database
document.
For more information, see Application Development
with Domino Designer.
Create an index for the
database
Database Management
Task
Making sure that users and other servers are listed in the servers
access control list. Otherwise, they wont be able to access the
database.
8. Optional steps:
Choose Access Control List to copy the ACL.
Database Management
3. On the Basics tab, complete these fields and then save the document:
Mail-in name The entry for this database in the Domino
Directory. Users and applications use this name to send
documents to the database.
Internet message storage The message storage preference: No
preference (default); Prefers MIME or Prefers Notes Rich Text.
Internet address SMTP address in the format
mailfile@organization.domain. Complete this field if you want
Internet users to be able to send messages to the database.
4. On the Database Information tab, complete these fields:
Domain Domino domain of the server where the database
resides.
Server The fully-distinguished hierarchical name of the server
where the database resides; for example, Server1/Sales/Acme.
Filename The path and filename of the database relative to the
Domino Directory. For example, if the database named
MAILIN.NSF is in the MAIL directory of the DATA directory,
enter MAIL\MAILIN.NSF.
5. On the Administration tab, complete these fields and then click Save
& Close:
Owners Fully distinguished hierarchical name of users allowed
to modify this document.
Administrators Users or groups who can edit this document.
Foreign directory sync allowed Yes allows entry to be
exchanged with foreign directories for example, a cc:Mail
directory so that users on the other system can look up the mail-in
database in the cc:Mail post office directory and send mail to it.
Encrypt incoming mail Mail sent to the mail-in database is
encrypted with the Notes certified public key entered in the next
field.
Notes certified public key The certified public key to use when
encrypting mail sent to this database. To copy a certified public
key from the Domino Directory to this field, click Get
Certificates and choose a name.
6. Give the name of the database to users so they can enter it in the To:
field of messages destined for the database.
For more information on setting up a database to receive mail, see the
book Application Development with Domino Designer.
3. Choose File - Database - Access Control, and make sure you have
Manager access.
4. Choose File - Database - Properties.
5. Click the Design tab.
6. Make sure that the List in Database Catalog option is selected, and
enter one or more categories.
Note These categories appear on the Domain Search form to
provide a user with a way to narrow a search. Categories are also
displayed in views of the database catalog and Domain Catalog.
7. Select Include in multi-database indexing.
Database Management
2. Select the database that you want to add to the Domain Index, and
click Open.
Chapter 49
Organizing Databases on a Server
When you create directory and database links, you can increase database
security by specifying the ACL access for an individual user or group in
the Create New Link dialog box. The database ACL, not the database
link, controls access to individual databases that have database links.
Directory links
You can store databases in a directory outside the Domino data directory
to take advantage of disk space available on other servers. Then you
create a link in the Domino data directory that points to that directory. In
the Domino data directory, users see the directory link MKTG.DIR as the
subdirectory MKTG, with a directory folder icon next to it. Users who do
not have access to a linked directory can see the directory link, but
cannot access the directory.
You can use a directory link on a Web server to point browser users to a
directory outside the Domino data directory. When you create this link,
you must specify access for browser users for example, you can
specify access for anonymous users or enter the names of users who use
name-and-password or SSL client authentication.
49-1
Database Management
This chapter discusses how to organize databases that are in the Domino
data directory or on another server and how to create links to directories
and databases that are not in the Domino data directory.
Database links
You can store a single database outside the Domino data directory and
create a database link to it from the Domino data directory. A database
link appears in the Domino data directory as a database icon followed by
the name of the linked database.
You can use a database link on a Web server to point browser users to a
database in a directory outside the Domino data directory. If the
database link points to a database on another server, browser users
cannot access the database.
Create the database link using the complete path and file name of the
database you want to link to. For example, create the database link
SALES.NSF to point to the database D:\PROJECTS\SALES\SALES.NSF.
Domino automatically appends the NSF extension to the database name.
If you want to move a linked database to another location, delete the old
link, create a new database link, and move the database to the new
location. When you delete the database link, you remove the link, but not
the database link references.
To create or update a link
Use links to organize databases on servers. Create a directory folder link
to point users to multiple databases stored in the Domino data directory,
in subdirectories of the Domino data directory, or in directories outside
of the Domino data directory. Create a database link to point users to a
single database stored in the Domino data directory, in subdirectories of
the Domino data directory, or in a directory outside the Domino data
directory.
1. From the Domino Administrator Server list, select the name of the
server on which to create the link. This server can be local or remote.
2. Click the Files tab, and then choose Tools - Folder - New Link or
Tools - Folder - Update Link.
3. In the Link name box, enter a name for the link as the link name
should appear to the user.
Domino automatically appends a DIR extension to the file name for a
directory link and an NSF extension for a database link.
4. Next to Link to a, choose Folder for a directory link or Database for
a database link.
5. In the Path and filename to that folder or database box, enter the
complete path to the directory or database to which the link points.
Database Management
Be sure to move the database named in this step to the directory you
specify here.
For example, for a directory link, enter the directory path,
D:\PROJECT\SALES. For a database link, enter the complete
directory and file name path, D:\PROJECT\SALES\SALES.NSF.
6. (Optional) To restrict access to a linked directory, enter the names of
specific users to whom you want to grant access in the Who should
be able to access this link? box. Click the person icon to select the
names or groups from the Domino Directory that you want to have
access to the link.
Note The database ACL, not the database link, controls access to
individual databases that have database links.
7. Click OK.
8. To verify that the link was created, click the refresh icon.
9. (Optional) To prevent Web browser users from using directory links,
edit the NOTES.INI file to include this setting:
DominoNoDirLinks=1
To delete a link
1. From the Domino Administrator Server list, select the name of the
server.
2. Click the Files tab, and then select the directory or database link to
delete.
3. Choose Tools - Folder - Delete, and then click Yes.
4. To verify that the link was deleted, click the refresh icon. View the
result in the Results pane.
4. In the left pane, select the directory to which you are restricting
access. The access restrictions apply to any subdirectories of the
directory as well.
5. In the Tools pane on the right, select Database - Directory ACL.
6. Below Who should be able to access this directory? click the person
icon.
Database Management
7. In the dialog box that opens, do the following for each name that you
want to allow to access the directory:
Description
DominoNoDirLinks
Chapter 50
Setting Up and Managing Full-text Indexes
Database Management
You must index a database for full-text searches to allow users to quickly
search and locate information within that database.
The encryption key, which is part of the server ID, is active for all
databases on the server. If you index a different database and do not
deselect Index encrypted fields, any fields using that encryption
key are compromised.
Description
Index attached files Indexes attachments. Also choose either With found
text to include just the ASCII text of attachments, or
With file filters to include the full binary content of
attachments. Choosing With found text creates the
index faster than choosing With file filters, but is
less comprehensive.
Index encrypted
fields
Database Management
Note Users update full-text indexes for local databases whenever they
replicate with the server. Users can also do manual index updates for
local databases at any time.
Note You can view your indexing selections later on the Search tab
of the Database Properties box.
8. (Optional) Change the default setting for index update frequency.
Update frequency options are described in the following table.
Update frequency Updates occur
option
Select when
Daily (the
default)
Hourly
Immediate
Scheduled
As scheduled by a Program
document for the Updall
server task in the Domino
Directory.
If you select the Scheduled
option, you must specify a
schedule for Updall in a
Program document;
otherwise, scheduled
updates will not occur.
9. Click OK.
10. Inform users that the database or databases are indexed.
2. Click Programs.
3. Create or edit a Program document.
4. On the Basics tab:
a. Type Updall in the Program name box.
b. Type any optional arguments in the Command line box.
c. Type the server name on which the full-text indexed database
resides in the Server to run on box.
5. On the Schedule tab:
a. Select Enabled in the Enabled/disabled box.
b. Select the time for Updall to update the index in the Run at
times box.
c. Select a repeat interval, if any, in the Repeat interval of box.
d. Select the days of the week for Updall to update the index in the
Days of week box.
6. Save and close the Program document.
Database Management
Hourly
Immediate
Scheduled
6. Click OK.
Database Management
4. Select all the databases for which you want to update the index.
Chapter 51
Setting Up Database Libraries and Catalogs
Database libraries
You can create a database library that contains databases that pertain to a
specific collection of users or to a specific topic. For example, a corporate
database library might include all databases that deal with corporate
policies and procedures, and a marketing database library might include
databases that are useful to the marketing staff.
The main view in a library lists the databases it contains alphabetically
by title, and gives a short description of each database. Each database
document displays the databases title, short and long descriptions,
replica ID, and database manager, as well as buttons that let users
browse the database or add it to their bookmarks.
Note Instead of creating database libraries to point users to the
databases they need, you can use Desktop policy settings to add
bookmarks directly to their workspaces.
For more information on Desktop policy settings, see the chapter Using
Policies.
Server libraries
The databases you choose to include in a library can be located on any
server. More than one library can reside on a server. When a user opens a
database from a database library, Lotus Domino uses the databases
replica ID number to search for it. Domino first searches for the database
on the users workspace, then on the users home server, and finally
looks for a Domain Catalog to find a path to a replica of the database on
51-1
Database Management
Local libraries
You can create a local library for your own use, which lists databases on
your own hard drive as well as databases on servers. The only difference
between a local library and libraries on servers is that no other users can
use your local library or become librarians for it.
To assign librarians
You must be a librarian of a database library in order to make other users
librarians.
1. If someone other than you created the library, make sure you have
Editor or higher access in the library ACL.
3. From the Domino Administrator, select the server that holds the
database library.
4. On the Files tab, double-click the title of the database library.
5. In the Librarians view, click Edit Librarians.
6. Type the names of all users who will be librarians, pressing ENTER
after each name.
7. Close and save the Librarians document.
Database Management
2. Make sure that the users to whom you are giving librarian status
have at least Author access in the database library ACL.
6. Enter information in the following fields, and then close and save the
database document:
In the Abstract field, type a short description of the database to
serve as the description that appears next to the databases title in
the database library.
In the Long Description field, type a more complete description
of the database contents that appears when you open the database
document.
Database catalogs
A database catalog provides a list of all databases on a server. You use
the server Catalog task to create a database catalog. The Catalog task
bases the catalog file (CATALOG.NSF) on the CATALOG.NTF template
and adds the appropriate entries to the catalogs ACL.
All databases on a server are included in the catalog when the Catalog
task runs. Only administrators can see listings for some databases (those
with the List in Database Catalog option selected in the Database
Properties box), as these databases are not included in the default views.
For databases in the default views, you can specify categories in the
Database Properties box to determine how the databases appear in the
categorized view of the catalog. For large catalogs, you can create a
full-text index to make searching the catalog faster.
To help users locate databases across an organization, or to keep track of
all the replicas for each database, you must set up a Domain Catalog a
catalog that combines the information from the database catalogs of
multiple servers on one of your servers. You can set up a Domain
Catalog regardless of whether you plan to implement Dominos Domain
Search capability.
For more information on the Domain Catalog, see the chapter Setting
Up Domain Search.
51-4 Administering the Domino System, Volume 2
To view the documents in the database catalog, open the catalog from the
Domino Administrator or the Web Administrator tool (Files tab).
Notifying users that the catalog exists and is ready for use.
Database Management
Chapter 52
Monitoring the Domino Server
This chapter explains how monitor the statistics and events that occur on
the Domino server and how to view and analyze performance statistics.
52-1
Monitoring
Domino generates statistics that you can use to monitor system activity and
platform use, and includes many server-monitoring features that work
together to inform you about the processes, networks, and use of the
Domino system. Using one of three tools the Domino Administrator, the
Web Administrator, or the server console you can monitor the system. For
example, from the Domino Administrator, you can use the Domino server
monitor and statistics charts to view graphical representations of system
status; and from the server console, you can view a representation that uses
your predefined colors and text attributes to illustrate the status of a process.
Description
Event Generator
Event Handler
Event Notification
Method
Log Filter
Server Console
Configuration
Event generators
Event generators gather information by monitoring a task or a statistic or
by probing a server for access or connectivity. Each event generator has a
specified threshold or condition, which, when met, causes an event to be
created The event is passed to the Event Monitor task, which checks
whether an associated event handler has been defined. If an event
handler has not been defined, the Event Monitor task does nothing. If an
event handler has been defined, the Event Monitor carries out the
instructions in the event handler. The Event Monitor task, formerly know
as the Event task, starts automatically when you start the server and
must run on all servers that you want to monitor.
For more information about event handlers, see the topic Event
handlers later in this chapter.
Monitoring the Domino Server 52-3
Monitoring
After deciding which events you want to know about, decide what will
happen when the event occurs. You have several choices. You can log the
event to the log file (LOG.NSF); you can mail a notification of the event
to a file or an administrator; or mail the event to another application for
further processing.
Description
Task status event generator Monitors the status of Domino server and
add-in tasks
TCP server event generator Verifies the availability of Internet ports (TCP
services) on servers and generates a statistic
indicating the amount of time, in milliseconds,
it takes to verify that the server is responding
on the specified port
Meaning
Fatal
Failure
Warning (high)
Warning (low)
Performance degradation
Normal
Status messages
Action
File name
Servers
Choose one:
Action
Server(s) with
which the database
must replicate
Choose one:
All in the domain.
Only the following. Then select one or more
servers from the list.
Action
Monitoring
Action
Time periods to
monitor
Choose one:
Minimum sessions
Daily
Weekly
Monthly
Daily 10 sessions
Weekly 50 sessions
Monthly 300 sessions
5. On the Other tab, complete these fields, and then save the document:
Field
Action
Action
Target server(s)
Probing server
(source)
Action
Ports
Do one:
Enable the field to use any configured port to check
access.
Disable the field, and specify the port to use.
Time-out
threshold
7. Click the Other tab, complete these fields, and then save the
document:
Field
Action
In addition, the ISpy task monitors the local mail server by default and
generates events for traces that fail. To monitor other Domino mail
servers, create an event generator and set up an event handler to notify
you when an event has occurred.
Monitoring
The Resulting Statistic field, which is not editable, shows the name of
the statistic that is generated.
Action
Probing servers
(source)
Show intermediate
hop times
Action
Send interval
Time-out threshold
6. Click the Other tab, complete these fields, and then click Save &
Close.
Field
Action
Monitoring
Action
Generate a statistic
event of severity
Action
Task name
Servers
Choose one:
All in the domain
Only the following. Then select the name of one
or more servers
What to monitor
4. Click the Other tab, complete these fields, and then save and close.
Field
Action
Generate a monitor
event of severity
Monitoring
By default, the ISpy task monitors all enabled Internet ports (TCP services)
on the server on which it is running. When you create a TCP server event
generator, you can have each server probe its own configured ports and all
services that are running on those ports, or you can select which servers
and services to probe. To verify the statistic name and the type of event
generated upon failure, click the tab for each service.
Action
Probe interval
Service time-out
threshold
Action
To start a wizard
1. From the Domino Administrator, click the Files tab.
2. Open the Monitoring Configuration database, and then choose the
Setup Wizards view.
3. Click the wizard you want to use.
Monitoring the Domino Server 52-13
Monitoring
Start the ISpy task automatically Edit the ServerTasks setting in the
when the server starts
NOTES.INI file to include RunJava ISpy.
Event handlers
An event handler defines the action that Domino takes when a specific
event occurs. You can define an event handler to do one or more of the
following:
Notify you that the event occurred and specify the method of
notification
Broadcast
Log to database
NTLog
Pager
Prog
Relay
Sound
SNMP Trap
UNIXLog
For more information on SNMP agents, see the chapter Using the
Domino SNMP Agent.
Monitoring the Domino Server 52-15
Monitoring
Generates
Add-in
Adminp
Agent
Client
Comm/Net
Compiler
Database
Directory
(LDAP)
Misc
Monitor
Network
Replica
Resource
Router
Security
Event type
Generates
Server
Statistic
Unknown
Update
Web
Messages related to the HTTP task.
(HTTP/HTTPS)
For more information on the wizard, see the topic Using event generator
and event handler wizards, earlier in this chapter.
To create an Event Handler document
1. From the Domino Administrator, click the Configuration tab, and
open the Monitoring Configuration view.
2. Open the Event Handlers - All view, and click New Event Handler.
3. On the Basics tab in the Server(s) to monitor field, choose one:
Notify of the event on any server in the domain
Notify of the event only on the following servers. Then select the
server from a list.
4. Under Notification trigger, choose one:
Any event that matches a criteria. Then complete these fields on
the Event tab:
Field
Action
Event type
Choose one:
Events can be any type
Events must be this type. Then select the type from the list.
Event
severity
Choose one:
Events can be any severity
Events must be one of these severities. Then select a
severity level from the list.
continued
Monitoring the Domino Server 52-17
Monitoring
When you create an event generator, you can launch the event handler
wizard to create an event handler at the same time. You can also
manually create an Event Handler document in the Monitoring
Configuration database (EVENTS4.NSF).
Field
Action
Message
text
Choose one:
Events can have any message
Events must have this text in the event message. Then
type the message text.
For more information about event types and event severity levels,
see the topics Event types used to specify event criteria, and
Event generators, earlier in this chapter.
A built-in or add-in task event. Then click Select Event, select the
event from the list, and choose one:
Events can have any message
Events must have this text in the event message. Then type the
message text.
A custom event generator. Then select it from the list or click New
to create a new custom event generator.
(Optional) Click Details to view a custom Event Generator
document.
5. Click the Action tab and choose the notification method.
For more information on event notification methods, see the topic
Event handler notification methods, earlier in this chapter.
Note If you purchased an add-in product designed to work with
server-management programs, you may see additional notification
methods.
6. Choose one enablement option:
Enable this notification To enable the notification during all hours.
Enabled only during these times Then click the clock and move
the slider to select the start and end time during which this event
handler is enabled.
7. Click Save & Close.
Monitoring
Default color
Console Background
Black
Normal Events
Light grey
Fatal Events
Red
Failure Events
Magenta
Yellow
White
Monitoring
Monitoring
In the Domino Administrator, the Statistic Collector starts when you start
the Domino server monitor, when you chart real-time statistics, or when
you access the Server - Statistic tab. You can also set a Monitoring
Administration Preference so that the Statistic Collector task starts
automatically when you start the Domino Administrator. The Statistic
Collector task continually adds new servers from which it gathers
statistics as you monitor or chart statistics from additional servers.
For example, in the Domino server monitor, if you begin monitoring the
servers in the Acme1monitoring profile, the Collector task begins
collecting statistics from the servers listed in the Acme1 profile. Then if
you switch to charting and chart the statistics in the AcmeEast statistics
profile, the Statistic Collector task simply adds the servers in the
AcmeEast statistics profile to the list of servers from which it is gathering
statistics. It does not stop gathering statistics from the servers in the first
group you monitored in the Acme1 profile.
Monitoring
Action
Database to receive
reports
Platform statistics
In addition to tracking server statistics, Domino tracks operating-system
performance statistics. You can view these statistics from the Domino
Administrator, along with your Domino statistics, which helps you with
Domino server monitoring and tuning. You can include platform
statistics in any statistic monitoring task you perform with the Domino
statistics, including using them in monitoring and statistic profiles, and
charting them.
There may be slight overhead incurred while running platform statistics,
however the overhead is insignificant. No disk space is consumed by
enabling platform statistics, since no log files are created. As with
Domino statistics, disk space is used only if you log platform statistics to
the log file or to the Monitoring Results database (STATREP.NSF). The
amount of disk space used depends on the frequency of capture.
Logical disk Statistics for individual disks and total percent use of
all disks
Process Statistics that show the percent of CPU use, along with
process ID of Domino tasks, if the task is present. (Information for
idle tasks is reported as zero.)
Logical disk
Memory
Network
Paging file
Monitoring the Domino Server 52-27
Monitoring
Process
System
Network statistics
On Solaris, AIX, and OS/400, Domino provides statistics for a
maximum of ten network adapters. On Windows 2000 and Windows NT,
there is no limit on the number of network adapters. The loopback
interface is not included in the list of adapters. On AIX, only Ethernet
and token ring network adapters are supported.
Process statistics
On Windows 2000 and Windows NT, when you view process statistics,
the Percentage Total Domino CPU Utilization value may be greater than
the Total System CPU Utilization. This is because the CPU utilization
value for each individual process is calculated based on the total number
of processes used in a sampling interval.
Monitoring
On Windows 2000 and Windows NT, Domino process names include the
letter n as a prefix. For example, in Perfmon, Adminp the process
name for the Administration Process is nadminp. To maintain
platform-independence in naming, Domino does not include the prefix
on any platform statistics.
System statistics
On Windows 2000 and Windows NT, the value of the combined CPU
utilization statistic (Platform.System.PctCombinedCpuUtil) is not defined
as sum of the user and privileged CPU utilization values
(Platform.PctUserCpuUtil and Platform.PctPrivilegedCpuUtil). However,
on Solaris and AIX, the value of the combined CPU utilization statistic is
defined as sum of the user and privileged CPU utilization values.
Clusters
Communications
Network
Platform
System
Monitoring
For more information on the IBM Tivoli Analyzer for Lotus Domino and
resource balancing, see the chapter Using IBM Tivoli Analyzer for Lotus
Domino.
To create a new statistic
1. From the Domino Administrator, click the Configuration tab, and
open the Monitoring Configuration - Names & Messages (Advanced)
- Statistic Names view.
2. Click New Statistic.
3. On the Basics tab, complete these fields:
Field
Action
Statistic name
Data type
Choose one:
Statistic unit
Enter one:
The unit in which the statistic is measured for
example, bytes or minutes
The word none, if this is a text statistic
Statistic description
Monitoring
Text
Number
Time
7. For the field Is a statistic template? the default is No. Check Yes if
the statistic will be used to create other statistics using a variable
for example, <portname>.
8. For the field Useful for thresholds? the default is No. Check Yes if
this statistic will be used to generate statistic alarms. To use this
statistic in a statistic event generator, you must define a threshold.
Complete these fields:
Field
Action
Threshold operator
Less than
Greater than
Multiple of
Percentage of
Threshold value
Enter a number.
Event severity
Suggested response
Useful in setup
Action
To
Enter the title of one or more mail-in databases for one or more
servers.
Subject
Do one:
Enter a statistic category for example, disk or platform
to get a subset of statistics.
Enter the name of one statistic for example, Disk.C.Free.
Use an asterisk to indicate a group of specific statistics. For
example, enter Disk.C.* to report all disk statistics for drive C.
Leave the field blank to mail all server statistics.
Monitoring
You can mail all or a subset of statistics to yourself. The names of all
statistics are listed on the Configuration tab in the Monitoring
Configuration - Names & Messages (Advanced) view. The category for a
statistic is the first part of the statistic name. For example, the category
for the statistic Disk.C.Free is Disk.
Charting statistics
You can graphically display the statistics generated by Domino, by
creating statistics charts. To chart sets of statistics on a regular basis, you
can define statistics profiles. Using statistics charts you can track and
visualize statistics in real time or historically. Real-time charts reflect the
current server activity. Historical charts pull information from the local
Monitoring Results database (STATREP.NSF). You can also create
statistic profiles so that you can chart a specified set of statistics
routinely.
To create statistics charts you must enable the field Generate statistic
reports while monitoring or charting statistics in Administration
Preferences, and the Domino server monitor must be running.
For more information on setting Administration Preferences for statistic
monitoring, see the chapter Setting Up and Using Domino
Administration Tools.
When you chart statistics, you choose the servers and the statistics to
chart. Using the charting feature you can:
6. Click Done, choose Performance Monitor - Saved Statistics Profiles Save As, and then type a name for the statistic profile.
Monitoring
Action
Get a numerical representation of Click the statistic in the profile list. Then
a graphical statistic
look at the bar area between the profile list
and the chart.
Get a textual representation of
the statistic chart
Action
To modify a statistic profile, you can add or delete statistics, add servers,
or save or delete the entire profile. To add or remove statistics and
servers from a profile for the current session only, make the changes, but
dont save the profile.
To modify a statistic profile
1. From the Domino Administrator, click the Server - Performance tab.
2. Select a statistic profile from the list, and do any of the following:
Task
Action
Add a statistic
1. Click Add.
2. Select the Domain and server, and then select
the statistic.
3. Click Add Statistic.
Add a server
Delete (remove) a
statistic from a profile
Monitoring
Monitoring
3. Click Monitoring.
view, you can change the sort order of the Server Name and Server
Status columns and of any Statistic Value columns that contain numeric
values.
To view the Domino server monitor
1. From the Domino Administrator, click the Server - Monitoring tab.
2. Choose one view:
By Timeline Then set the Column scale selector to a value from
1 to 60 minutes.
By State Then to view past errors only, select the check box
Display past states reporting errors exclusively.
3. Click Start to start the server monitor.
Note If you enable Automatically monitor servers at startup in
the Administration Preferences, the server monitor starts
automatically and monitors the most recently viewed profile.
Meaning
Fatal
Failure
Warning
Not responding
Not running
The task has not been running since the server monitor
started.
Running
All servers Includes all servers in all domains you are monitoring,
as listed in Administration Preferences
Note The Domino server monitor and profiles are not available in the
Web Administrator.
Monitoring
Specifying profiles to use when you start the Domino server monitor
By default, the profile that was being monitored when you stop the
server monitor is the profile that will be monitored when you start the
server monitor. To override this default behavior, you can specify which
profiles to monitor when you start the Domino server monitor.
1. From the Domino Administrator, click the Server - Monitoring tab.
2. Select a server profile.
3. From the Monitoring menu, select Profile Properties.
4. Make sure the name of the profile you want to monitor at startup is
displayed.
5. Check Contact servers in this profile at startup.
Tip You can also rename a nonsystem profile in Profile Properties.
Monitoring
Chapter 53
Using the Domino SNMP Agent
This chapter provides information about the Domino Simple Network
Management Protocol (SNMP) Agent and the Domino Management
Information Base (MIB), which allow aspects of Domino to be monitored
and managed by third-party management stations.
53-1
Monitoring
The Domino SNMP Agent enhances the monitoring and control features
of Domino by enabling third-party management stations, which use
industry standard SNMP, to manage aspects of the Domino server. It
consists of:
Status
12
12
11
Warning
13
14
Normal
14
13
Informational
15
N/A
16
17
17
16
Normal
Monitoring
Two Domino server add-ins the QuerySet Handler and the Event
Interceptor.
The QuerySet Handler and the Event Interceptor depend on the
Domino server; if the server fails for any reason, these programs fail
as well.
Monitoring
SNMP security
SNMP version 1 is not a secure protocol. SNMPs native security uses
only community names and IP addresses. All sites should review
deployment of the Domino SNMP Agent with their security staff.
However, the control functions provided by the Domino SNMP Agent do
not present significant security risks (for example, access to the console
or databases is not affected).
System requirements
The following are system requirements for the Domino SNMP Agent:
Windows requirements:
Windows native TCP/IP.
AIX requirements:
AIX native TCP/IP.
Monitoring
Linux requirements:
Linux native TCP/IP.
Solaris requirements:
Solaris native TCP/IP.
The most current PTFs for the zSeries (S/390) platform, which you
can access on www.ibm.com.
If you want to manage multiple partitions and always be able to start their
servers using SNMP, then its necessary to configure those partitions into
LNSNMP.INI as described below. Configuring LNSNMP.INI also causes
the virtual rows in the MIBs lnServerTable to be allocated in the order
specified in LNSNMP.INI instead of in the order that the partitions are
started. The MIBs lnServerTable contains a virtual row for each partition,
so having prior knowledge about which row will represent a particular
partition could simplify certain management functions.
The Windows operating system limits all SNMP traps to using one IP
address. On UNIX, each partition needs a separate DNS entry in order to
distinguish each trap origin. On the client side, while traps from
partitions will be received, not all SNMP consoles can associate traps
from partitions to map objects. In particular, due to a limitation of
WINSNMP, which is used with OpenView Professional Suite, it cannot
assign traps to Domino icons.
Configuring the LNSNMP.INI file
If you need to always be able to start partitions using SNMP, or if you
need to know which virtual row in the MIBs lnServerTable a partition
will occupy, then you should perform the following steps.
Note By adding a server to LNSNMP.INI youre implicitly allowing
SNMP to start that server if asked to do so. The server may then disallow
Using the Domino SNMP Agent 53-9
Monitoring
If you want to use the Domino SNMP Agent for out-of-band control on
multiple partitions, configure it on each partition. With this option, you
can control servers individually and receive SNMP traps for each
partition, but you lose the ability to query certain branches of the lnInfo
branch of the MIB, including all Domino server statistics. Its also not
possible to use SNMP to start a server that hasnt otherwise been started
since SNMP was itself started. If you dont need to use SNMP to start
partitions, it is not necessary to configure the LNSNMP.INI as described
below.
further SNMP initiated starts once its own configuration options become
known. This situation becomes possible each time the Domino SNMP
Agent is started because the Domino SNMP Agent does not retain server
configuration information when it is stopped.
1. Create a file called LNSNMP.INI in the appropriate directory
depending on platform:
Windows: Windows System directory
AIX, Linux or Solaris: /opt/lotus
zOS (OS/390): /opt/lotus
Note These are the recommended directories. However,
LNSNMP.INI can be in any path in the PATH environment variable
that you like.
2. Edit the file and include one line for each server partition with the
following format:
Server=<Data_Directory>;<Server_Name>;<Domino_Partition_
Number>
Note The case of the text to the right of the equals sign is significant
in UNIX environments.
Troubleshooting
If LNSNMP does not start properly, then check that the LNSNMP.INI file
is correct. LNSNMP will always attempt to reference the LNSNMP.INI
file.
Monitoring
Monitoring
Note Before using the Domino SNMP Agent, make sure TCP/IP and
SNMP are properly installed and configured on the server. If you are
using UCD-SNMP or NET-SNMP its source should have been configured
and built with --with-mib-modules=smux set. If you are not using
UCD-SNMP or NET-SNMP verify your Master SNMP Agent supports
the SMUX protocol, per RFC 1227. Also, make sure that the Domino
executable and the Domino data directories are in your search path.
2. Stop the Master SNMP Agent. If youre using the PEER Agent(s)
enter this command:
peerinit.sh stop
If youre not using the PEER Agent(s) refer to your Master SNMP
Agents documentation.
ln -f -s /opt/lotus/notes/latest/sunspa/peer.snmpd /etc
cp /opt/lotus/notes/latest/sunspa/peer.snmpd.conf /etc
4. Start the Master SNMP Agent. If youre using the PEER Agent(s)
enter this command:
peerinit.sh start
If youre not using the PEER Agent(s) refer to your Master SNMP
Agents documentation.
5. Start the LNSNMP process. Enter this command:
lnsnmp.sh start
Monitoring
8. Create a link to the PEER script, if youre using the PEER Agent(s).
Enter this command, changing the Domino executable path if
necessary:
ln -f -s /opt/lotus/notes/latest/sunspa/peerinit.sh
/etc/init.d/peerinit
If youre not using the PEER Agent(s) refer to your Master SNMP
Agents documentation.
You have completed the Solaris-specific portion of the Domino SNMP
Agent configuration. You should now follow the instructions found in
Completing the Configuration of the Domino SNMP Agent.
Configuring the PEER Encapsulator Agent with other master agents
If you installed the PEER Master Agent above, but were using another
Master SNMP Agent and need to continue using it, you should read the
remainder of this section.
Most Network Management Stations (NMS) view managed objects on a
host through a single SNMP Agent. The NMS will usually direct its
SNMP requests to an agent listening on port 161. Because only a single
SNMP Agent can be listening at port 161, this limits the NMS to
managing only the variables accessible to the one agent listening at that
port. If you install the PEER Master agent, it will listen on port 161, so
that all queries directed to that host will go to the PEER Master agent.
If you already have non-PEER master agents installed on that host, they
too will want to listen on port 161, so you need to reconfigure these
non-PEER agents to listen on other ports. Then, configure the PEER
Encapsulator agent to emulate an NMS and pass on the appropriate
SNMP requests from the PEER Master agent to the encapsulated agents
at their respective ports. The PEER Encapsulator agent works by hiding
the non-PEER agents, so they are visible to the NMS only through the
PEER Master agent.
Configure the PEER Encapsulator agent to recognize non-PEER agents,
respective sub-trees, SNMP ports, and traps. Then when a non-PEER
53-16 Administering the Domino System, Volume 2
agent sends a trap, the PEER Encapsulator agent listening for the trap
forwards it up to the PEER Master agent or discards it, as configured.
When the PEER Master agent receives an NMS SNMP request about an
encapsulated agents managed sub-tree, it passes it on to the
Encapsulator agent which, in turn, forwards the request to that
encapsulated agent at its listening port.
To install the PEER Encapsulator Agent enter these commands:
ln -f -s /opt/lotus/notes/latest/sunspa/peer.encaps /etc
cp /opt/lotus/notes/latest/sunspa/peer.encaps.conf /etc
Monitoring
peerinit.sh start
2. To support SNMP traps for Domino events, start the Event Interceptor
add-in task. Enter this command on the Domino Server console:
load intrcpt
Monitoring
The Allow Server Start and Allow Server Stop configuration options can
be found in the SNMP tab of a server Configuration Settings document.
To start the Lotus Domino SNMP Agent service, enter this command:
net start lnsnmp
AIX
To stop the lnsnmp process, enter this command as root:
/etc/lnsnmp.rc stop
Linux
To stop the lnsnmp process, enter this command as root:
/etc/rc.d/init.d/lnsnmp stop
Solaris
To stop the lnsnmp process, enter this command as root:
/etc/init.d/lnsnmp stop
zOS (OS/390)
To start the lnsnmp process, type the lnsnmp command from an
OpenEdition command line. The command and its parameters are shown
below:
lnsnmp [-I ipaddress] [-C community] [-P dpiport]
community: public
dpiport: 161. The value must match the value in the SNMP
configuration file (SNMP.PORT).
Note Unlike previous releases of the Domino SNMP Agent, the Domino
MIB is actually used by the Domino 6 server, specifically the QuerySet
add-in task, so a copy of the Domino MIB must remain in the Domino
executable directory.
If you are running multiple versions of the Domino SNMP Agent in your
network, for instance, because of migration, your management stations
should use the MIB corresponding to the latest installed version of the
Domino SNMP Agent.
Monitoring
To access any Domino servers objects in the Domino MIB, you must load
the Domino MIB on your SNMP management station. Refer to your
management station documentation for details on adding MIBs. The
name of the Domino MIB file is domino.mib. This file can be found in the
Domino executable directory of any Domino 6 server.
Removing traps
To remove these traps, log in as root, and run:
removetrap -n "Notes"
Monitoring
Each can respond to MIB requests. You can test them together or
sequentially to determine which pieces are responding. You should use
the community name configured into your Master SNMP Agent.
Test the:
The message stops if you start the agent or tell the QuerySet Handler
to quit running.
If the other variables are successful, but the QuerySet Handler is not
responding, verify that the task is running using the Show Tasks
command on the Domino console. You can perform this test remotely if
you are authorized, or you can open a database, such as the Domino
Directory, with the Notes client to verify the server is running.
Monitoring
Caution Every 30 seconds, the Domino SNMP Agent tests whether the
QuerySet Handler is responding. If this test fails you will receive a
Warning trap Domino Server pulse has failed. This is usually a
temporary problem because the server is overloaded. If the condition
lasts 5 cycles, however, you will get a Critical trap Domino Server is not
responding. This means that the server may have crashed or hung. In
either case, while it is occurring you will not be able to query the Domino
MIB. When the pulse returns, you will receive a canceling trap message
that the server pulse is restored.
Chapter 54
Using IBM Tivoli Analyzer for Lotus Domino
This chapter describes the IBM Tivoli Analyzer for Lotus Domino and
explains how you use it to monitor system health, analyze resource
distribution, and balance resources. The IBM Tivoli Analyzer for Lotus
Domino includes the Server Health Monitor and Activity Trends.
The IBM Tivoli Analyzer for Lotus Domino is a separate product offering
from Tivoli Systems.
The Server Health Monitor determines server health by calculating
health statistics and comparing them against preset thresholds. The
Server Health Monitor reports the information, pinpoints problematic
server components, and provides short-term and long-term
recommendations for restoring server health.
Activity Trends collects and stores activity statistics as current
observations and historical trends. The activity statistics relate to the
server, databases, users, and connections of users to databases. You can
explore the collected data to see how database workload is distributed
across servers. Using the data, Activity Trends recommends a
resource-balancing plan. Then, working with the Domino Change
Manager, which is a part of the Domino server, Activity Trends provides
a workflow that facilitates implementing the recommended changes.
54-1
Monitoring
The IBM Tivoli Analyzer for Lotus Domino includes two integrated
system-management tools: the Server Health Monitor, which offers
real-time assessment and recommendations for server performance, and
Activity Trends, which provides data collection, data exploration, and
resource balancing. Using these tools, you can manage servers and
databases, ensure better server performance, and plan for current and
future needs.
The Server Health Monitor includes threshold values for each index on
these platforms: AIX, IBM eServer iSeries (OS400), IBM eServer zSeries
(Z/OS), Linux/Intel, Solaris/Sparc, Windows NT and Windows 2000.
You can modify the thresholds to customize server assessment for each
platform. You reduce or increase the thresholds to make the algorithms
more or less sensitive.
Health Monitoring reports on each server area for which data can be
retrieved. If no data is available, nothing is reported for that component.
You can customize this behavior by specifying which servers you want to
monitor. You can exclude any component from the health report, which
is useful for filtering out known situations about which you dont want to
be constantly reminded.
If you use the Server Health Monitor, the Current Reports view of the
Health Monitoring database (DOMMON.NSF) displays a health rating
for each monitored server and server component.
The Server Health Monitor reports a statistic for the overall server and
for individual components. Each statistic corresponds to a rating.
Occasionally, the Server Health Monitor assigns the rating of Unknown.
This happens when the Domino Administration client workstation
performs at 100 percent of its CPU capacity for an extended period of
time. If this happens you may need to make some adjustments to
improve the performance of the Server Health Monitor.
Server Health reports are stored in the Health Monitoring database
(DOMMON.NSF).
For information on how to improve the performance of the Server Health
Monitor, see the topic Improving the performance of the Server Health
Monitor, later in this chapter.
Monitoring
Rating
Explanation
0 = Health.Overall.Value
0 < Health.Overall.Value
and
Health.Overall.Value <
Health.Overall.Threshold.Warning
Healthy
Health.Overall.Threshold.Critical <=
Health.Overall.Value
and
Health.Overall.Value <= 97
Critical
98 = Health.Overall.Value
Critical
99 = Health.Overall.Value
Critical
100 = Health.Overall.Value
Server
Down
Rating
Explanation
0 = Health.*.Value
Never Seen
0< Health.*.Value
and
Health.*.Value <
Health.*.Threshold.Warning
Healthy
Health.*.Threshold.Critical <=
Health.*.Value and
Health.*.Value <= 97
Critical
98 = Health.*.Value
Fatal
99 = Health.*.Value
Not
The task associated with the
Responding component is not responding.
Server ratings
Rating
Description
Never Seen
The server has never been seen running during the current
server monitor session.
Healthy
Monitoring
Rating
Description
Warning
Critical
Server Down
Component ratings
Rating
Description
Healthy
Warning
Critical
Fatal
For more information about installing the Domino Administrator, see the
chapter Setting Up and Managing Notes Users.
The IBM Tivoli Analyzer for Lotus Domino is a separate product offering
from Tivoli Systems. To learn more about how this integrated system
management tool can help manage your servers and databases, ensure
better performance, and help you plan for current and future needs, visit
http://www.ibm.com/software/tivoli/r/analyzerfordomino or contact
your Tivoli sales representative or Business Partner.
Monitoring
Monitoring
Monitoring
Monitoring
3. In the Health column (Hea), the Server Health Monitor uses these
icons to indicate the servers overall health:
Green thermometer the servers overall health rating is
Healthy. All server components are within the appropriate range.
Yellow thermometer the servers overall health rating is
Warning. One or more server components being monitored are
approaching unacceptably poor levels of performance.
Red thermometer the servers overall health rating is Critical.
One or more server components being monitored are failing to
perform within acceptable tolerance levels.
Monitoring
The Server Health Monitor creates health reports for each server you are
actively monitoring and stores them in the Health Monitoring database
(DOMMON.NSF). You can exclude a server from a monitoring profile, so
that the server is removed from the current monitoring view in the
Domino server monitor. However, the Server Health Monitor continues
to include that server in the health reports until you remove the server
permanently from DOMMON.NSF. You permanently exclude a server
from being included in health reports by removing its current report
documents and its configuration server component document. After you
exclude a server permanently, the Server Health Monitor no longer
generates reports.
1. Perform the steps listed above to exclude temporarily the server from
the server monitor view.
2. From the Domino Administrator, click the Files tab.
3. Open the Health Monitoring database (DOMMON.NSF), and open
the Configuration - Server Components view.
4. Delete the Health Monitoring Server Configuration document for the
server being excluded.
5. Open the Health Reports - Current Reports view and delete the
current health report and all the response documents for the server.
6. (Optional) Open the Health Reports - Historical Reports view and
delete the historical health reports and the associated response
documents for the server.
Activity Trends
Domino server resource utilization can be separated into two types,
system activity and user activity. System activity, which includes the
level of processor, disk, memory, and network consumption that Domino
generates to keep the server running, is a fixed amount of activity, as
long as systems are healthy and performing smoothly. Domino servers
typically use a modest percentage of their resources to run. The
remaining server capacity is used to support user activity, which varies
with the usefulness of the data on the server.
Activity Trends is part of the IBM Tivoli Analyzer for Lotus Domino, a
separate product offering from Tivoli Systems. The Activity Trends
Collector is a Domino server add-in task that records and reports
statistics about database activity on a server. Information is stored in the
Activity Trends database (ACTIVITY.NSF).
The IBM Tivoli Analyzer for Lotus Domino uses the collected data to
determine the load on the server. Then, using resource-balancing
functionality, the Analyzer applies trends analysis and statistics to
intelligent algorithms that can provide computer-aided load balancing on
a set of servers or simplify the server decommissioning process.
Integrated with the IBM Tivoli Analyzer for Lotus Domino, the Domino
Change Manager provides workflow capability that creates
resource-balancing plans and implements database moves, using the
Tivoli Analyzer tools and analysis. The Domino Change Control
database (DOMCHANGE.NSF) and Domino Change Manager are part
of the Domino server core functionality.
Activity Trends includes:
Monitoring
Action
Enabled logging
types
Prime Shift Interval Specify the start and end time of prime shift. Set the
interval on the hour.
5. Click the Activity Trends tab, and complete the following fields on
the Basics tab:
Field
Action
Enable activity
trends collector
Activity trends
collector database
path
Days of the week to Select the days for which you want to collect
collect observations observations. The default is Monday through Friday.
Monitoring
Log Checkpoints for Check Yes and then specify the prime shift interval to
log checkpoints for the prime shift.
Prime Shift
You must enable this field to enable Activity
Logging.
6. Under Activity Trends Data Profile Options, keep the Use defaults
field enabled. If you choose not to use the defaults, complete these
fields.
Field
Action
Trends cardinal
interval
Observation time Specify the time in seconds for one bucket. The default
bucket (seconds) is 300.
The observation time controls how many buckets you
will have for one 24-hour observation period.
Maximum
observation list
time
Trends history
interval
Choose one:
Daily
Weekly (default)
Monthly
Trend Interval
7. Click the Retention tab. Keep the Use defaults field enabled.
Documents are overwritten after the retention period expires. The
defaults are:
Server history 366 days
Server observations 15 days
Database observations 10 days
User observations 10 days
Connection observations 10 days
Inactive database trends 10 days
Inactive user trends 28 days
Inactive connection trends 28 days
Run log 20 days
54-20 Administering the Domino System, Volume 2
8. Click the Proxy Data tab, and enter the names of the databases
containing activity data to search.
9. Click Save and Close.
For detailed information on checkpoint records, see the chapter, Setting
Up Activity Logging.
Monitoring
5. Click Add to add each server, and then click Done when you have
completed your selections. This group is only temporary. To save
this server profile, proceed to the next step.
6. Click the document icon and choose Save As.
7. In the Save Server Profile dialog box, enter a group name and
click OK.
To create an additional server profile
Use this procedure to clear the current server profile and create a new
one.
1. In the Server profile area, click the document icon, and choose
New.
2. Click the green plus sign, and complete Steps 4 through 7 in the
above procedure.
Monitoring
Monitoring
For information about setting charting display options, see the topic
Setting charting options for resource balancing later in this chapter.
To view Activity Trends charts
1. From the Domino Administrator, click the Server - Performance tab.
2. Select the Activity Trends view.
3. Select one of these views:
Latest folder - Server To view the set of data available for
selected statistics on each selected server.
Latest folder - Database To view the databases on each selected
server.
Latest folder - User To view the users statistics for all databases
on the selected servers.
Latest folder - Connection To view information for a selected
statistic from either the User or Database charts.
Historical folder Weekly
Historical folder Daily
Server roles
The role you assign to a server affects the resource-balancing results.
You can open the Server Profile Options dialog box from the Activity
Trends menu or by clicking the Server Profile Options button:
To specify locations
1. From the Domino Administrator, click the Server - Performance tab.
2. Select the Activity Trends - Resource Balancing view.
3. Choose Resource Balancing - Options to open the Server Profile
Options dialog box.
4. Click General.
5. Under Activity Data Search Order, choose one or both:
Search Local Activity Databases To search the Activity
databases (ACTIVITY.NSF) on each server on which Activity
Trends is enabled.
Monitoring
Use the Server Profile Options dialog box to specify which databases and
servers will be searched for activity data, and whether to use cached
data. Because Activity Trends data changes only on a daily basis, caching
data is highly recommended to increase system performance by avoiding
a read across a potentially slow network. The first time a servers data is
read, the data is cached and remains available. For example, if you read
and then delete a servers activity data and later add the same server, the
in-memory data is used.
Font
Bold
Plain
Size
Appearance
Plain
Monitoring
Description
AvgSpaceUsed
DiskSpace
FullTextIndexSize
Statistic Name
Description
HTTP RequestMsecs
HTTP Requests
Notes BytesFromServer The number of bytes sent from the server, as recorded
by the user session data.
The number of bytes sent to the server, as recorded by
the user session data.
Notes Connects
Notes DocumentsRead
Notes
DocumentsWritten
Notes Transactions
Replica BytesRead
Replica BytesWritten
Users
Monitoring
Notes BytesToServer
Action
Statistic Name
Tolerance
Analyze
Choose one:
Trended Data (default) To analyze the resource
balance based on trended data.
Last Observation Data To analyze the resource
balance based on the data that was gathered during
the most recent observation time.
Over period
Choose one:
Complete Day (24 hours) To analyze data gathered
during a 24-hour period.
Prime Shift Only (default) To analyze data gathered
during the prime shift hours.
Note The prime shift hours are defined on the Activity
Logging tab of the Configuration Settings document.
For more information on defining prime shift hours, see the topic
Setting up Activity Trends earlier in this chapter.
6. Click Secondary Goal, and repeat Step 5 to specify the values for the
secondary goal. Goals that were selected as Primary goals will not
appear in the list of available statistics for secondary goals.
7. (Optional for secondary goal only) Enable Other options if any
tolerance value is acceptable as a solution for resource balancing.
8. Choose one of the following to set defaults for goals. You can set
these defaults on either the Primary or Secondary Goal tab.
Use Defaults To revert to previously saved custom defaults.
Save as Defaults To save a custom set of defaults and override
the system defaults.
Reset Defaults To revert to the system defaults.
You pin databases in one of two ways. You can list databases you do not
want to move, or you can list only the databases that you do want to
move. After you define a pin list, you can save it as a pin list profile.
Tip You can also pin individual databases from the Available Databases
list in the Server - Performance tab, in the Resource Balancing view of the
Domino Administrator.
By default, all databases are associated with all servers. The server name
can be specified as part of the entry. Use a colon to specify the server
part. For example, Acme/East:mail/*.nsf applies to all mail/*.nsf
databases on the server Acme.
You can open the Server Profile Options dialog box from the Resource
Balancing menu, or by clicking the Server Profile Options button:
Monitoring
When you select servers to balance resources, you should be aware that
Activity Trends does not recognize that servers are in a cluster. If you
include servers from different clusters or some servers that are in a
cluster and some servers that are not in a cluster, Activity Trends may
suggest moving a database out of a cluster in order to balance the
resources. To prevent this, you can create a separate server profile for
each cluster and one for nonclustered servers, or you can pin databases
that you want to exclude from resource balancing.
Light The top bin when graphed, has the lightest amount of
activity.
Heavy The bottom bin when graphed, has the heaviest amount of
activity.
For more information about charting bin activity and how the values are
calculated, see the topic Understanding current and projected profile
charts, later in this chapter.
You also specify how Activity Trends analyzes the server resource
capacities. By default, server capacities are determined relative to other
servers in the list. For example a server that has a capacity of x1
transactions has half the transactional capability (CPU) of a server at x2.
You could, however balance resources based on actual values (such as
the number of transactions per day, or the total amount of disk space
available). Using the example above, you would specify the servers as
having a capacity of 10,000 and 20,000 transactions. However, if you
choose to balance resources based on actual values, you have to know
that the servers involved can actually handle the capacities specified.
Another way in which you indicate server resource capabilities, is to
specify how the server volume is determined. You can either use server
volume and file system information when resource balancing, or ignore
volume information and treat all space as flat. The default is to use the
volume information, which uses the different physical volumes and their
sizes that comprise the space available to Domino, rather than just the
total amount of space on the server. Volume balancing is recommended.
Using IBM Tivoli Analyzer for Lotus Domino 54-35
Monitoring
Deciding the exact percentages for each of the bins depends on how your
organization uses their databases and the type of server being balanced
(mail server versus application server). For mail servers in most
organizations you may want to increase the size of the light bin and
decrease the size of your heavy bin, while for application servers the mix
may be different.
Monitoring
9. For the field Warning when data is older than n days, enter the
number of days before a warning is generated. The default is 7 days.
Then if you create a resource-balancing plan and the data is older
than 7 days, you receive a warning that the resulting plan will be
based on old data.
a particular server. There are many reasons why this could happen.
Sometimes, there is no solution within the parameters specified and
resources are balanced as well as they can be.
4. Review the server capacity and accuracy information before and
after proposed targets.
5. Change the mix of servers and server properties and run the analysis
again, if necessary.
6. Submit a plan to the Domino Change Manager to implement the new
balance of resources.
Filter out servers and their databases that you do not want displayed
on the Available Databases tab
Change the layout of the Activity Trends view on the Server Performance tab of the Domino Administrator
To create a proposal
1. From the Domino Administrator, click the Server - Performance tab.
2. Under Activity Trends, click Resource Balancing.
3. Choose a server profile.
4. Click the Available Databases tab to display the list of databases
that can be moved.
5. (Optional) To change the databases that are available for moving,
select a database and click Pin or Unpin.
6. Make sure that each server in the top frame has an arrow next to its
name. If there is a red (x) instead of an arrow, the server is not
reporting its trended data. You must remove the server or make it a
phantom server; otherwise, the Analyze button will be disabled and
you will not be able to create a proposal.
7. Check the server properties to make sure that the capacity of each
server is weighted correctly.
54-38 Administering the Domino System, Volume 2
Available Databases Lists the databases that are not pinned in the
Master Pin List and are, therefore, available to be moved
Projected Profile Shows how the servers will be balanced after the
plan is carried out
Evaluate the changes that are proposed during resource balancing. If you
are not satisfied with the proposed changes, change the mix of servers or
databases or adjust the specified tolerance level in the Server Profile
Options dialog box. If you are happy with the proposal, then you are
ready to submit the plan to the Domino Change Manager.
Monitoring
Hover over the red X with your mouse to see the status of the server,
including the error message. The Edit Server Properties dialog box also
shows associated error messages in the Status field.
For each goal specified in the Server Profile Options dialog box, Activity
Trends displays the following information that you use to evaluate
whether a server is a candidate for resource balancing:
Target The target value that you want to meet during resource
balancing. This value is based on the statistics specified as primary
and secondary goals. For example, if Notes Transactions is a goal, the
value is the number of transactions. So, if a server has a target of
2000 transactions, the resource-balancing solution attempts to
provide this server with 2000 transactions.
Example
The following chart shows database transactions on each server. The
overall height of the bar represents the sum (total) of the database
transactions. The three bins represent the light, medium, and heavy
modal distribution of the database metric in this case, transaction. In
this example, heavy is the first 30% of databases; middle is the next 40%;
and light is the top 30%, all adding up to 100%.
100
90
Light activity
80
70
60
50
Medium activity
40
30
20
10
Heavy activity
Monitoring
The charts use light, medium, and heavy bins to show the distribution of
user activity. Each bin represents a group of databases and their metric
values. These bins reflect the bin sizes values specified in the Server
Profile Options dialog box. View the distribution of activity before it is
balanced (Current Profile), and then view it again to determine if your
goals have been met. Resources that are not well balanced show a
disproportionate amount of activity in the heavy bin. After resource
balancing has been applied, the recommended distribution in bins
should be relatively even across the servers, if your goals were achieved.
The higher the accuracy of resource balancing, the more evenly activity is
distributed.
Light The light bin is the top bin when graphed, using the lightest
color of blue. This indicates the bin with the lightest amount of activity.
Medium The medium bin is the middle bin when graphed, using a
medium blue. This indicates the bin with a medium amount of activity.
Heavy The heavy bin is the bottom bin when graphed, using the
darkest color of blue. This indicates the bin with the heaviest amount
of activity.
0.8
Server: Sales1/Acme
Stat: Notes Transactions
Units: transactions
0.7
0.6
0.9
0.5
0.4
0.3
0.2
0.1
0
Sales1
When you view these charts, you see that 29% of the chart is light blue;
30% is medium blue; and 40% is dark blue. Hovering over the bar on the
chart, the pop-up shows that most transactions on the server occur on
relatively few (three) databases. In this case, 15% of the databases
account for about 40% of the transactions. If the bars for the other servers
on which you are balancing resources have different proportions for
light, medium and high bins, then resource balancing would better
spread the load across the system and probably result in better server
performance.
Monitoring
Action
Type
Choose one:
Real To identify a server that physically exists in the
domain.
Phantom To identify a server that does not physically exist
but is factored in to the resource-balancing analysis.
Note The option to toggle between a real server and a
phantom server is available only for real servers whose data
cannot be obtained.
Role
Choose one:
Any Databases can be moved to or from the server.
Source Only This server will not have any databases
moved to it.
Destination Only This server will not have any databases
moved from it.
Note Phantom servers are always Destination Only.
Goals
Select either the primary or secondary goal from the list. These
are the goals set in the Server Profile Options dialog box.
For more information about goals, see the topic Primary and
secondary goals for resource balancing.
continued
Field
Action
Capacity Select this option to balance resources for the selected goal,
based on server capacity. Enter the number of resource units.
The default is 1.
Target
To filter servers
1. From the Domino Administrator, click the Server - Performance tab
and open the Resource Balancing view.
2. Click the Filter button on the Available Databases tab.
3. In the Servers field choose one:
All Servers
Selected Servers
4. Check or uncheck one or more:
Hide System Databases (default is checked)
Hide Master Pin Databases (default is checked)
Hide Databases appearing in Plan (default is unchecked)
Monitoring
You can change the displayed list of available databases by setting filters
that hide databases from display without affecting the master pin list or
affecting how a plan is generated. Using these options provides you with
the information you want quickly and easily. For example, using hide
databases appearing in plan shows only the databases that will remain
and filters out all databases that will move. The hide system databases
and hide master pin databases options show all of the databases on the
servers, even though you dont want to move them. This option is useful
when you need to see the complete picture of databases on a server and
is useful especially when decommissioning a server.
database that is pinned by the master pin list. However, the status of
each database is saved with the server profile information for the
selected server profile.
To pin or unpin databases as you balance resources
1. From the Domino Administrator, click the Server - Performance tab,
expand the Activity Trends section, and choose Resource Balancing.
2. Click the Available Databases tab.
3. Do one of the following:
Select the databases that cannot be moved, and then click Pin.
Select one or more databases that are currently pinned, and then
click Unpin.
4. Click the Analyze button to see the effect of the new pinning
information.
Monitoring
Maximum Height
Tip To display full help text for this task, append -? or -help to the
command.
Increase the number of concurrent plans when you want many plans
to execute at the same time.
You set these options in the Configuration Settings document for the
domain. This Configuration Settings document applies the settings as the
default settings for all servers and uses the * [All Servers] as the group or
server name.
To specify the maximum concurrent tasks
1. From the Domino Administrator, click the Configuration tab, expand
the Server section, and click Configurations.
2. Select the * [All Servers] Configuration Settings document, and click
Add Configuration or Edit Configuration.
Monitoring
There are three thread pools that control the number of concurrent tasks
that the Domino Change Manager can carry out. The combination of the
number of concurrent plans and demands creates a pool from which all
the demands of all the plans are run. How the size of these thread pools
affects performance depends on the size of the server. If necessary, you
can limit the amount of CPU used by the Domino Change Manager. On
very powerful machines, however, you may want to increase these
numbers considerably. You typically want to increase the number of
concurrent demands to change the total number of demands (across all
executing plans) that can run simultaneously. This is the key variable
that will affect performance. As a general guideline:
Action
Domain Change
Server
Database file
name
Max. concurrent
messages
Max. concurrent
plans
Max. concurrent
demands
Action
quit
stop
exit
help
restart
Stops and then restarts the Change Manager and all plug-in
subsystems.
start plug-in
stop plug-in
Option
Action
restart plug-in
Change Admin
A Change Administrator has the authority to change the settings in any
plan or plan element, such as a constraint or variable. In addition, a
Change Administrator can alter and add some elements used to create a
plan. Specifically, a Change Administrator can edit, create, and delete
constraints and constraint sets, approval profiles, keywords, and resources.
A Change Administrator must commit a plan to be executed. All plans
(including move requests created in the Administration Process
database) execute with the authority of the Change Administrator who
committed the plan. For that reason, the Change Administrator must also
have Create Replica access on each destination server. A Change
Administrator automatically has the Plan Reader role.
System Admin
The System Admin role is distinct from the Change Admin role, which
does not automatically include the role of System Admin. Each of these
roles is independent but not mutually exclusive in terms of the access that
the role grants. As with a Change Administrator, a System Administrator
can edit, create, and delete keywords, resources, interfaces, functions,
domain configurations, and plug-Ins. Because users with the System
Admin role can make powerful and potentially catastrophic changes,
assign the role only to users or groups of users who have an in-depth
understanding the Domino Change Manager. In addition, all control
Using IBM Tivoli Analyzer for Lotus Domino 54-51
Monitoring
There are four ACL roles created specifically for those who are working
with the resource-balancing plan. However, users or groups can also
have standard Domino ACL roles, such as Author or Reader. The roles
specific to resource balancing are: Change Admin, System Admin, Plan
Creator, and Plan Reader.
Manager
Change Admin
System Admin
Plan Creator
Default
No access
No roles
LocalDomainServers
Manager
Plan Reader
OtherDomainServers
No access
No roles
Anonymous
No access
No roles
Assign the Plan Reader role to people and groups that will be allowed to
read plans only. This role assumes that the people and groups reading
the plans are not Authors or Requesters.
Make sure that the Change Administrators and servers in the
LocalDomainServers group have Create Replica access rights.
Resource-balancing plans
The purpose of a resource-balancing plan is to move databases according
to the set of criteria defined in the Server Profile Options. The plan is
based on the analysis and proposal created during data exploration in
Activity Trends. When a plan is first submitted to the Domino Change
Manager, the plan has draft status. By default, the person who submits
the plan to the Domino Change Manager is the author and has the Plan
Creator role.
After the plan is submitted, it follows a prescribed course of submissions
and approvals until the final plan is activated and then completed. The
flowchart below shows the progression of a resource balancing plan from
its original draft state through its completed, archived state.
Monitoring
Prepare
Submitted
Redraft
Prepared
Commit
Redraft
Committed
Redraft
Reject
Rejected
Approve
Cancelled
Cancel
Approved
Activate
Retry
Fail
Activated
Hold
Failed
Complete
Release
Completed
On Hold
Archive
Archive
Archive
Archived
(Pseudo-state)
In the Domino Change Manager, these demand sets are titled database
move sequences. Each database move sequence has a maximum of 25
moves. The contents of each move sequence is generated automatically.
You can see these database move sets when you submit a
resource-balancing plan to the Domino Change Manager. You can
restructure the contents by cutting and pasting the demands from one
demand set into another or by creating additional demand sets and new
demands. (To cut and paste, select a demand and use the Edit menu.)
The Domino Administrator creates as many of these demand sets as
needed to accomplish a move. For example, the Acme Move Plan
includes 55 database moves, so the Domino Change Manager creates
three database move sequences two that include 25 moves, and one
that includes 5 moves.
You can determine whether the database moves and database move
sequences are executed sequentially or concurrently or any combination
of the two. By default, all are moved concurrently. Using the Acme Move
Plan example, the Domino Change Manager attempts to perform all
three database move sequences at the same time. Within each database
move sequence, the Domino Change Manager attempts to move all
databases at the same time.
Monitoring
3. Find the target plan and expand the plan to view the database move
sequences.
4. Expand any of the database move sequences and view the individual
moves.
To view database moves in the resource-balancing plan
1. From the e-mail notification, click the link to the plan.
2. In the plan document, select the Demand Details tab.
Each plan can have an associated approval profile that lists the names of
persons or groups who must approve the plan document. If there is no
approval profile, you can list the names of approvers in the plan
document. If you assign a group as an approver, any one of the group
members can approve the plan.
For more information on creating an approval profile, see the topic
Creating a resource balancing plan approval profile later in this
chapter. For more information about demand sets, see the topic
Understanding demand set moves later in this chapter.
The Resource Balancing plan document is a dynamic document that
provides the current status of the plan and keeps a history of plan
modifications, including the author and date of each modification.
Whether you make any changes to the plan document, it must be moved
to its next state, which is the prepared state. In its draft state the plan can
be edited by its author.
To prepare a plan document
1. From the Domino Administrator, click the Server - Analysis tab.
2. Open the Domino Change Control view, and then select the Plans by Status view.
3. Select the draft plan to move to the prepared state and then click Edit.
Monitoring
After you submit a plan, the plan document is a draft document that may
require additional input before it is ready to be submitted to the Change
Administrator. In the plan document, you specify how the moves are
carried out, when the plan is submitted to the Administration Process,
and when you want the Administration Process to execute the plan.
When the Domino Change Manager moves databases, it creates groups
of database move sequences, called demand sets. You can choose
whether to move the demand sets one at a time or all at the same time.
Action
Name
Categories
Description
Action
Approval profile
Do one:
Click Choose Profile and select the approval
profile from the list.
Click Clear Profile to remove the assigned
profile.
9. Click the Notifications tab. This tab lists, by role, those who will be
notified at each stage of the plan. Add or remove the selection of any
role as needed. Check Others, and then select from the list to add
users to the notification list.
10. (Optional) Click the Variables tab. The default variable is Execution
time, and the value is unspecified. To specify an execution time at
which the Administration Process executes the plan, you must edit
the variable.
For information on editing variables see the topic Editing and
creating resource balancing plan variables later in this chapter.
11. Click the Constraints tab to view and edit the constraints that will
apply to the moves executed by this plan. By default, no constraints
are assigned automatically.
Referenced constraints Lists the constraints that apply to this
plan. Click Edit to add or remove one of the constraints.
Ad-hoc constraints Click New to create a new constraint.
For information on creating constraints see the topic Creating
constraints in the Domino Change Manager later in this chapter.
12. When you finish changing the draft plan, click Apply.
Monitoring
13. Click Change Control to promote this plan from draft state to
prepared state, and then click OK.
Action
Name (unique)
Description
Category
Members
Action
Owner
Administrators
Choose one:
No To allow the upgrade of all template
documents during a version upgrade.
Yes (default) To prevent edited template
documents from being overwritten during a version
upgrade. This will not affect any documents that the
user creates it will only affect documents that
match those from the templates copy.
7. Click OK.
Is after hours
Not on workdays
Major change
Minor change
Trivial change
Monitoring
Action
Name
Unique name
Description
Action
Name
Unique name
Description
For example, you can define a plan variable called ExecutionTime. Then
you can specify the value (in time) that you want a plan to be executed.
You define a variable at a higher level (usually within a plan) and then
reference it within a demand. When the value of a variable changes, all
demands and plans that reference that variable automatically use the
new value.
If you have the Change Administrator role, you can add, delete, or
modify local variables that are referenced by function arguments and
other variables.
Monitoring
7. Select a Type:
Text
Number
Time
Boolean
8. For the field Special, do one:
Choose Simple value, and then enter a Text value.
Choose Formula, and then click Keywords and Variables and copy
a text formula.
Chose Unspecified to leave the value undefined.
To create a new variable
1. Perform Steps 1 through 5 in the procedure above.
2. In the Edit Variables dialog box, click New
3. In the Name field, enter a name for the variable.
4. Complete the Type and Special fields.
Chapter 55
Transaction Logging and Recovery
This chapter explains how to set up and use database transaction logging
and how to take advantage of fault-recovery strategies.
Transaction logging
Domino supports transaction logging for servers that run Domino 5 and
later, and for databases that are in a Domino 5 or later on-disk structure.
Recover from a media failure. If you have a media failure, you can
restore the most recent full backup from tape, then use the
transaction logs to add the data that was not written to disk.
55-1
Monitoring
Log the database views. You can avoid most view rebuilds.
To use all the features of transaction logging for backups and backup
recovery, you need a third-party backup utility that uses the backup and
recovery methods of the Domino C API Toolkit (Release 5 or later). For
example, in the case of a media recovery, a database backup is taken with
the third-party utility, while logging keeps track of updates to the database.
When the database is then lost, the backup is brought up to current state by
going through the transaction log and applying any updates which have
happened to that databases since the database backup was taken.
Note that restart recovery does not require a third-party utility. In this
case, logging goes on while updates are happening. When the server
crashes then restarts, any updates which would have otherwise been lost
are written to the database. This significantly reduces lost data and
database corruption because of server crashes, and reduces overall
restart time since the consistency check of databases is not required.
You run the Compact task with an option for example, the option
to reduce file size.
The employees who use the databases do not notice any difference in
how they do their work. They might notice, however, that servers are up
and running more often and that there is less down time.
Monitoring
A few days later, theres a media failure. The administrator restores the
corrupted databases from the most recent weekly backup and replays the
changes.
Allocate space for the log files. Use a dedicated, mirrored device,
such as RAID level 1 with a dedicated controller for optimal
performance and data integrity.
Choose the logging style that fits your needs. Logging styles include
archived, circular, and linear.
4. Click the Transactional Logging tab, complete these fields, and then
save the document:
Field
Action
Transactional
Logging*
Choose one:
Log path*
Monitoring
3. Select the Server Document for the Domino server you want to edit
and then click Edit Server.
Field
Action
Maximum log space For circular and linear logging only. The maximum
size, in MB, for the transaction log. Default is 192MB.
Maximum is 4096MB (4GB).
Allocate a separate disk with at least 1024MB (1GB)
of disk space for the transaction log.
Domino formats at least 3 and up to 64 log files,
depending on the maximum log space you allocate.
Automatic fixup of
corrupt databases
Choose one:
Enabled (default) To run the Fixup task automatically if a database is corrupted and Domino
cannot use the transaction log to recover it. Domino
assigns a new DBIID and notifies the administrator
that a new database backup is required.
Disabled To not run the Fixup task
automatically. Domino notifies the administrator
to run the Fixup task with the -J parameter on
corrupted logged databases.
Runtime/Restart
performance
Field
Action
Logging style**
Choose one:
Circular (default) To re-use the log files and
overwrite old transactions.
Archived (recommended) To re-use the log files
after they are archived. A log file can be reused
when it is inactive, which means that it does not
contain any transactions necessary for a restart
recovery. Use a third-party backup utility to copy
and archive the existing log. When Domino using
the existing file again to Start, Domino increments
the log file name. If all the log files become inactive
and are not archived, Domino creates additional
log files.
Linear To re-use the log files and overwrite old
transactions for log size greater than 4GB.
** If you change this field, Domino assigns a new DBIID to each database.
You must restart the server and perform another full backup.
Issue
Transactional
Logging
Monitoring
* If you change this field, you must restart the server so that the change
takes effect.
Field
Issue
Log path
Logging style
View logging
View logging provides a way to maintain consistent views in failure
conditions and allows media recovery to update those views. View
logging is transaction logging support for Notes views and folders. All
updates to Notes views or folders are recorded in the transaction log for
recovery purposes.
To enable view logging, you use Domino Designer. In Designer, open a
view or folder, select the Advanced tab, and check Logging - Include
updates in transaction log.
Note If you enable view logging in a template, all databases created
from that template and all databases whose designs are replaced from
that template have those views logged.
Monitoring
Fault recovery
You can set up fault recovery to automatically handle server crashes.
When the server crashes, it shuts itself down and then restarts
automatically, without any administrator intervention. A fatal error such
as an operating system exception or an internal panic terminates each
Domino process and releases all associated resources. The startup script
detects the situation and restarts the server. If you are using multiple
server partitions and a failure occurs in a single partition, only that
partition is terminated and restarted.
Domino records crash information in the data directory. When the server
restarts, Domino checks to see if it is restarting after a crash. If it is, an
e-mail is sent automatically to the person or group in the Mail Crash
Notification to field. The e-mail contains the time of the crash, the server
name, and, if available, the FAULT_RECOVERY.ATT file, which
includes additional failure information from an optional cleanup script,
will be attached.
The fault-recovery system is initialized before the Domino Directory can
be read. During this initialization, fault-recovery settings are read from
the NOTES.INI file, and then later read from the Domino Directory and
saved back to the NOTES.INI file. Any changes to the Domino Directory
or the NOTES.INI file become effective when the Domino server is
restarted. To disable the reading of the Domino Directory, and
subsequent update to the NOTES.INI file, use the NOTES.INI setting
FaultRecoveryFromIni=1.
Field
Action
Cleanup Script
Name
Cleanup Script
Maximum
Execution Time
Monitoring
Chapter 56
Using Log Files
This chapter describes how to use the Domino server log (LOG.NSF) and
the Domino Web server log (DOMLOG.NSF) to collect information about
the Domino system.
56-1
Monitoring
Every Domino server has a log file (LOG.NSF) that reports all server
activity and provides detailed information about databases and users on
the server. The log file is created automatically when you start a server
for the first time. You can do the following:
Description
Log
Log_AgentManager
Log_Console
Log_DirCat
Log_Replication
Log_Sessions
Log_Tasks
Log_Update
Log_View_Events
Mail routing
Logging level field on the Router/SMTP Advanced - Controls tab of the Configuration
Settings document.
Modem I/O
Traced network
connections
Web Navigator
Web server
For more information on the Domino Web server log, see the topic
Viewing the Domino Web server log (DOMLOG.NSF) later in this
chapter.
Monitoring
Database - Sizes
Database Usage
Mail Routing
Events
Miscellaneous
Events
Object Store
Usage
Passthru
Connections
Replication
Events
Sample Billing
continued
View
Usage by Date
Usage by User
Search Results
Some advanced queries can be made on Domino 6 servers only, and then
only if the Event task is running on them.
When you perform a log analysis, the search results display
automatically and are also saved in the Search Results view of the log file
(LOG.NSF). They include the following types of information:
Type of event
Monitoring
The log file (LOG.NSF) contains a wealth of information for the Domino
Administrator. However, if you are troubleshooting a problem, searching
through all of the information can be time consuming. Using the Log
Analysis tool, you can search the log file for specific events, event
severities, or for specific words, and you can specify the dates you want
to search. For example, if you are troubleshooting a mail routing
problem, you can search for routing events with an event severity of
warning or failure, that occurred during the time you were experiencing
difficulties.
Note You can select more than one when specifying search criteria.
For example, you can select more than one event type, then you must
select one of these options:
The results must match one of the criteria select this option if
the results must match the selected criteria, such as event type, or
event severity.
The results can match one of the criteria select this option if
results that do not match the selected criteria can be included in
the log search as well.
Search criteria
Date
Start and End Date Select the dates you want to search.
Start and End Time Select the times you want to
search.
Select one:
Use above time range in any time zone Use this
setting when you do not need to vary the search start
and end parameters.
Convert time range to servers time zone Use this
setting if you are searching the log file for a server in
a different time zone.
Any time Use this setting if you do not want to
limit the log search by date or time.
Event Type
Event Severity Select the type of severity for which you want to search.
Add-in Name Select the add-in name for which you want to search.
Add Add-in Name Enter the name of an add-in task
if you do not find it on the list.
Error Code
Event Text
Search criteria
Queries
4. When you click OK, the Log Analysis Results are displayed and a
copy of the results is stored in the Search Results view of the log file.
Tip Search strings can be any length containing any type of character
and the search is not case sensitive.
To view a search result
1. Open the log file (LOG.NSF).
2. Select the Search Results view.
Monitoring
3. Results are listed by starting time and server name. Select the results
you want to view.
Text files Text files are smaller and can be used with third-party
analysis tools.
Note You can log to both text files and a database. These options are not
mutually exclusive.
Users name (if the user supplied a name and password to access the
server)
Status code the server returns to the browser to indicate its success or
failure in generating the request
Enter
URLs
Methods
MIME types
User agents
Monitoring
To set up the Domino Web server log, you must enable logging (by
default, logging is disabled). You can restrict the information logged to
the Domino Web server log to analyze log file results. Some information
may increase the size of the log file without providing meaningful
information requests for graphics or icons, for example, so you may
want to exclude that type of information from the log. Domino creates
the Web server log database when the HTTP task starts after you enable
logging to DOMLOG.NSF.
Field
Enter
Return codes
Hosts and
domains
6. Save the document and then restart the HTTP task so that the
changes take effect.
Extended Common
Common
Records
Access
Depending on the file format you choose, the Access log file records
the following Web server request information in the order shown:
Common
1. Client DNS name or IP address if DNS name is not available
2. Host header from request, or server IP address if Host header is
not available
3. Remote user if available
4. Request time stamp
5. Http request line
6. Http response status code
Agent
Referer
Monitoring
Extended Common
1. Client DNS name or IP address if DNS name is not available
2. Host header from request, or server IP address if Host header is
not available
3. Remote user if available
4. Request time stamp
5. Http request line
6. Http response status code
7. Request content length if available, otherwise shows -
8. Referring URL if available, otherwise shows -
9. User agent if available, otherwise shows -
10. Amount of time, in milliseconds, to process the request
11. Value of the cookie header
12. Translated URL, (the full path of the actual server resource, if
available)
Enter
Access log
format
Choose one:
Common To log information in three separate log
files
Extended Common To log information in one file
Note Although you have the option of logging to three
separate files, most third-party log-analysis tools require
a single text file.
Time format
Field
Enter
Log file duration Choose one to determine how often a new log file is
created:
Note The prefixes used in the file names are chosen in
the Log File Names section of the Server document.
Daily (default) To create a new log file each day,
starting at midnight. Daily log files use the file
naming convention:
file name prefixDDMMYYYY.log
Maximum size of The maximum size allowed for the access log file. If this
access log
limit is reached no more entries are written to the file. A
value of zero (the default) indicates that the size is
unlimited.
Enter
Directory for log The directory to store the log files; if this field is blank,
files
Domino stores the log files in the data directory
Access log
The prefix to use when creating the Access log file. The
default is access. Do not enter a file extension.
continued
Monitoring
Example: The access log for the week of May 24, 2001
is access-log__212001.log.
Monthly To create a new log file each month,
starting at midnight on the first day of the month.
Monthly log files use the file naming convention:
Field
Enter
Agent log
The prefix to use when creating the Agent log file. The
default is agent.
Note If you chose the Extended Common format, you
will not have an agent log; this information will be
included in the access log.
Referer log
The prefix to use when creating the Referer log file. The
default is referer.
Note If you chose the Extended Common format, you
will not have a referer log; this information will be
included in the access log.
The prefix to use for the CGI error log. The default is
cgi-error.
Note The cgi-error log is created only if the CGI script
logs information to stderr. The format of cgi-error log
information is CGI script dependent. The Access log
format does not affect the cgi-error log in any way.
Action
URLs
Methods
MIME types
User agents
Return codes
Hosts and
domains
Chapter 57
Setting Up Activity Logging
This chapter describes how to set up and use the Lotus Domino 6 activity
logging feature.
Activity logging
Domino writes the activity logging information in the Domino log file
(LOG.NSF). To create activity logging reports, you write a Notes API
program to access the information in the log file. You can also view the
activity logging information by using Activity Analysis.
In a hosted environment, enable activity logging on all of your ASP
servers, that is, the servers used to house and maintain your hosted
organizations.
57-1
Monitoring
You use activity logging to collect information about the activity in your
enterprise. You can use this information to charge users for the amount
they use your system, monitor usage, conduct resource planning, and
determine if clustering would improve the efficiency of your system.
HTTP
IMAP
LDAP
Notes
Database
When Notes clients and Domino servers open, use, and close
Notes databases and the duration of use.
Notes
Passthru
Notes
Session
When Notes clients and Domino servers acting as clients start and
end sessions with a Domino server
POP3
Replica
SMTP
Monitoring
This table shows the types of LDAP requests and some of the information
that Domino logs for each type of request. Domino does not generate
Checkpoint records for LDAP requests.
Request type Information logged
Organization name, user name, server name, client IP address, the
message ID of the command to abandon, the LDAP result code,
and any error messages returned to the client
Add
Bind
Compare
Delete
Extended
Modify
ModifyDN Organization name, user name, server name, client IP address, the
directory entry that is modified, the new Relative Distinguished Name
(RDN), whether the old RDN was deleted, the new parent entry, the
names of the directories in which the entry was modified, the number
of entries modified, the number of bytes sent to the server, the LDAP
result code, and any error messages returned to the client
continued
Setting Up Activity Logging 57-5
Monitoring
Abandon
Unbind
You can customize the LDAP service configuration to limit the amount of
data collected in the Values fields in Add and Modify records.
Delivery
Delivery
failure
Transfer
Transfer
failure
For each mail message, at least two types of records are logged a
Deposit record and at least one of the other types of records, depending
on the disposition of the attempted delivery.
This table contains a few examples of the types of activities that generate
each type of session record.
Type of record Type of activity
Open
Checkpoint
Reading documents
Editing documents
Saving and updating documents
Viewing or changing an ACL
Rebuilding a database view
Performing any other activity while a session is open
Close
Closing a database
Ending replication
Logging off, either manually or automatically
Exiting Notes
Having a remote server close MAIL.BOX
Setting Up Activity Logging 57-7
Monitoring
There are three types of activity logging records for session activity:
MailDeposit records, which log when a mail message that does not
contain an attachment is deposited into MAIL.BOX. (Mail messages
that contain attachments generate Open records, Close records, and
possibly Checkpoint records.)
This table contains a few examples of the types of activities that generate
each type of database record.
Type of record Type of activity
Open
Checkpoint
Editing documents
Saving and updating documents
Viewing or changing an ACL
Performing any other database activity while a database is
open
continued
Closing a database
Ending replication
Logging off, either manually or automatically (one record for
each open database)
Exiting Notes (one record for each open database)
Having a remote server close MAIL.BOX
CloseEnd
MailDeposit
Monitoring
Server that
generates
records
Sending server
Sending server
Sending server
Sending server
Mail Transfer
Sending server
Receiving
server
continued
Monitoring
Activity
Activity
Records generated
Server that
generates
records
Mail Delivery
Receiving
server
Receiving
server
Description
Agent
For agent activity, shows the user, date, database, agent name,
and run time
All
HTTP
For HTTP activity, shows the target server, user name, date,
HTTP request, time of the request, and the length of the content
IMAP
Monitoring
View
Description
LDAP Add
LDAP All
LDAP Delete For LDAP Delete activity, shows the organization name, user
name, timestamp, name of the deleted object (entry), number of
entries deleted, and any error messages
LDAP
Modify
LDAP
ModifyDN
LDAP Search For LDAP Search activity, shows the organization name, user
name, timestamp, base object, filter, bytes sent, and the search
time
Mail
Deposited
For mail deposited into MAIL.BOX, shows the server name, who
the message was from and to, when the message was deposited,
the message ID, and the action taken upon the message
(depositing the mail into MAIL.BOX)
Mail
Processed
Notes
Database
Notes
Passthru
Notes Session For Notes session activity, shows the organization name, server
name, user name, timestamp, number of bytes sent and
received, number of documents read and written, and the total
number of transactions
continued
View
Description
POP3
Replica
SMTP
Session
Monitoring
Chapter 58
Maintaining Databases
This chapter describes how to maintain databases after you deploy them.
Database maintenance
To keep a specific database in good working order, perform these tasks
regularly.
Frequency
Daily
Monitoring
Task
Check for and consolidate replication or Daily, for large active databases;
save conflicts
weekly for other databases
Monitor database activity
Weekly
Weekly
Frequency
Run the Designer task to keep databases Daily. Occurs by default daily at 1
that inherit design from master templates AM.
in sync with the master templates
Run the Compact task
Occasionally
For information on running the Updall and Designer tasks, see the topic
Synchronizing databases with master templates, later in this chapter.
For information on running the Compact task and monitoring the database
cache, see the chapter Improving Database Performance.
58-1
Title
File name
Physical Path
File Format
Size
Max Size
Quota
Warning
Created
Last Fixup
Is Logged
Template
Monitoring
Description
Manage ACL
Create Replica
Compact
Compacts databases
Full-text index
Description
Quotas
Move
Sign
Replication
Fixup
Cluster
Analyze
Find Note
Create Db Event
Generator
Manage Views
Monitoring
Database tool
Description
Replication history
Replication Events
view of the log file
(LOG.NSF)
Replication monitor
Database Analysis
tool
Monitoring
Replication conflicts
A replication conflict occurs when two or more users edit the same
document and save the changes in different replicas between
replications. These rules determine how Domino saves the edit sessions:
The document edited and saved the most times becomes the main
document; other documents become Replication or Save Conflict
documents.
If all of the documents are edited and saved the same number of
times, the document saved most recently becomes the main
document, and the others become Replication or Save Conflict
documents
A save conflict occurs when two or more users open and edit the same
document at the same time on the same server, even if theyre editing
different fields. When this situation occurs, the first document saved
becomes the main document. Before the second document is saved, a
dialog box indicates that the user is about to save a conflict document
and if the user saves the document, it becomes a Replication or Save
Conflict document.
Note ACL and design changes never result in replication or save
conflicts; the most recent change always prevails.
Monitoring
Save conflicts
Move the database to a disk that is less heavily used, or if its a large
database, to its own disk.
Database
Activity Log
entry
User
Activity
dialog box
Yes
Yes
No
Yes
Monitoring
Monitoring
Keyboard shortcuts
Update
Update is loaded at server startup by default and runs continually,
checking its work queue for views and folders that require updating.
When a view or folder change is recorded in the queue, Update waits
approximately 15 minutes before updating all view indexes in the
database so that the update can include any other database changes
made during the 15-minute period. After updating view indexes in a
database, it then updates all databases that have full-text search indexes
set for immediate or hourly updates.
When Update encounters a corrupted view index or full-text index, it
rebuilds the view index or full-text index in an attempt to correct the
problem. This means it deletes the view index or full-text index and
rebuilds it.
To improve view-indexing performance, you can run multiple Update
tasks if your server has adequate CPU power.
Note The Update task spawns a directory indexer thread. The directory
indexer runs at one-minute intervals and is dedicated to keeping Domino
Directory view indexes up-to-date. The directory indexer runs against
any local or remote Domino Directory or Extended Directory Catalog
that a server uses for directory services.
Updall
Updall is similar to Update, but it doesnt run continually or work from a
queue; instead you run Updall as needed. You can specify options when
you run Updall, but without them Updall updates any view indexes or
full-text search indexes on the server that need updating. To save disk
space, Updall also purges deletion stubs from databases and discards
view indexes for views that have been unused for 45 days, unless the
database designer has specified different criteria for discarding view
indexes. Use the NOTES.INI setting Default_Index_Lifetime_Days to
change when Updall discards unused view indexes.
Update
Updall
When it runs
Runs on all
databases?
Yes
Refreshes views
indexes?
Yes
Yes
Updates full-text
indexes?
Yes
continued
Maintaining Databases 58-15
Monitoring
Like Update, Updall rebuilds all corrupted view indexes and full-text
search indexes that it encounters.
Characteristic
Update
Updall
Yes
Purges deletion
stubs?
No
Yes
Discards unused
view indexes?
No
Ignores Refresh
index view
property?
Yes
Yes
No
Yes
Updall options
You can use any of these methods to run Updall on a server:
When you use these methods, you can include options that control what
Updall updates. For example, you can update all views and not update
any full-text search indexes.
The following tables describe the options you can use with Updall. The
first column describes the option names as they appear in the Task - Start
tool. The second column lists the equivalent command-line options that
you use when you use a console command to run Updall and when you
schedule Updall to run in a Program document.
Use this syntax when you use the Load updall console command:
Load updall databasepath options
For example:
Load updall SALES.NSF -F
For information on Updall behavior when you dont specify options, see
the topic Indexer tasks: Update and Updall, earlier in this chapter.
Updall - Basic options
Description
Index all
databases
databasepath
For more
information on
databasepath, see
the topic Using
a console
command, later
in this chapter.
database -T
viewtitle
Command-line Description
option
-V
-F
-H
continued
Monitoring
Command-line Description
option
-M
-L
Command-line Description
option
Rebuild: Full-text
indexes only
-X
-R
Rebuild: Full-text
indexes and
additionally: All
unused views
database -C
Command-line Description
option
Update database
configurations:
Incremental
-A
Update database
configurations: Full
-B
The following table illustrates how you can use databasepath to specify
databases, folders, and subfolders.
To compact
Example command
Load updall
Specific databases in
the Domino data folder SALES.NSF,DEV.NSF
Files compacted
DATA\SALES.NSF
DATA\DEV.NSF
DATA\SALES\all
databases
continued
Monitoring
To compact
Example command
Files compacted
DATA\SALES\
USER1.NSF
Enter
Program name
Updall
Command line
Server to run on
Comments
Optional comments
Enter
Enabled/disabled
Enabled
Run at times
Repeat interval of
Days of week
When to use
F9
SHIFT+ F9
Monitoring
Shortcut
theres inadequate disk space. Make sure that the temporary folder you
specify has plenty of disk space available.
To change the temporary folder used for view rebuilds, add the setting
View_Rebuild_Dir to the servers NOTES.INI file and specify a new
location. For example, add:
View_Rebuild_Dir=D:\REBUILD
Disable_View_Rebuild_Opt=1
Monitoring
You can add the following setting to the NOTES.INI file to disable
optimized view rebuilding. However, do this only as a last resort if
youve specified a view rebuild folder and you still see the preceding
message for many views. If you see the message for just a few views,
dont disable view rebuilding.
The following table describes the command line options you can use with
the Designer task.
Command line option Description
-d directory name
-f filename
-i name
SALES
DEV
DEV\USER1.NSF
SALES is a directory
and
DEV is a directory
Monitoring
For information on using the log file, see the chapter Using Log Files.
Using Fixup
When you restart a server, the server quickly searches for any unlogged
databases that were modified but improperly closed because of a server
failure, power failure, hardware failure, and so on. A few minutes after
server startup is complete, the Fixup task then runs on these databases to
attempt to fix any inconsistencies that resulted from partially written
operations caused by a failure. When users attempt to access one of these
databases and Fixup hasnt yet run on the database, the users see the
message This database cannot be opened because a consistency check of
it is in progress. A similar Fixup process occurs when you restart a
Lotus Notes client.
Run Fixup using the Task - Start tool Use this method to run Fixup
on all databases; you can continue to use the Domino Administrator
while Fixup runs and you dont have to use command-line options.
Run Fixup using a console command Use this method if you want
to use command-line options or to run Fixup directly at the server
console when there isnt a Domino Administrator client available.
Run Fixup on a Win32 platform Use this method if you are unable
to run Fixup at the server console. This method requires that you use
the n prefix, for example, nfixup - F.
Monitoring
Fixup options
The following table describes the options you can use with Fixup. The
first column lists the options as they appear when you run Fixup using
the Fixup tool or the Task - Start tool in the Domino Administrator. The
second column lists the equivalent command-line options that you use
when you run Fixup using a console command or using a Program
document.
Fixup options in Fixup Command-line Description
tool and Task - Start tool equivalent
-L
-I
-F
-Q
-U
Fixup
transaction-logged
databases
-J
-O
-Z
Monitoring
-C
Fixup subdirectories
-Y
Dont fixup
subdirectories
-y
Load fixup
SALES.NSF,DEV.NSF
DATA\SALES.NSF
DATA\DEV.NSF
DATA\SALES\all databases
A specific database in a
folder relative to the
Domino data folder
Load fixup
SALES\USER1.NSF
DATA\SALES\USER1.NSF
Load fixup
All the files specified in
an IND file created in the WEEKLY.IND
Domino data folder
where WEEKLY.IND
contains:
SALES.NSF
DATA\SALES.NSF
DATA\DEV.NSF
DATA\SALES\USER1.NSF
DATA\SALES\NEW\all
databases
DEV.NSF
SALES\USER1.NSF
SALES\NEW
Monitoring
To fixup
Enter
Program name
Fixup
Command line
Optional comments
Enter
Enabled/disabled
Enabled
Run at times
Repeat interval of
Days of week
Moving databases
It may be necessary to move a database from one server to another for
example, to distribute databases evenly among servers. If there are
replicas of the database, the server to which you move the database
should have the appropriate Connection documents to replicate the
database to other servers that store replicas. If youre moving a database
to a server in a cluster, replication between the server and other servers
in the cluster that have replicas of the database occurs without
Connection documents.
Keep in mind that within a cluster, the Cluster Manager distributes
workloads and provides failover to database replicas if one cluster server
becomes disabled. Before moving a database in a cluster, you should
analyze the cluster workload to be sure it will remain balanced after you
move the database. Only the person who administers the cluster should
perform the move.
Manually move the database. Use this option when you do not have
access to the Domino Administrator and the Administration Process.
Monitoring
For information on moving mail files, see the chapter Setting Up and
Managing Notes Users.
1. Make sure that you have Create Replica access in the Server
document of the destination server.
2. Make sure you have Manager with Delete documents access in the
ACL of the original database.
3. Choose File - Replication - New Replica to create a replica of the
database on the destination server.
4. Make a note of the file name and path of the original database. Youll
include this information when you notify users of the move.
5. Choose File - Database - Delete to delete the original database.
6. If the database receives mail, change the Mail-In Database document
in the Domino Directory to reflect the new location.
7. In the ACLs of any replicas of the database, remove the name of the
server that you moved the database from and add the name of the
destination server.
8. Notify users that you have moved the database.
Monitoring
Deleting databases
To keep a server performing efficiently and to free disk space, delete
databases that are no longer active. To delete databases from a cluster
server, you use the Cluster database tool in the Domino Administrator.
To delete databases on non-cluster servers, select the databases and
delete them manually, or use the Delete database tool in the Domino
Administrator to have the Administration Process deletes replicas of the
database.
Within a cluster of servers, you create a number of replicas for each
database to ensure user access to an updated replica even if a particular
cluster server becomes unavailable. You can mark a cluster replica for
deletion while users are working with the replica. Domino then prevents
new users from accessing the marked replica and deletes the database
after all current users exit the database. Before deleting the database,
Domino replicates any changes to other replicas in the cluster.
For more information on clusters, see the book Administering Domino
Clusters.
Database analysis
You can perform a database analysis to collect information about one or
more databases from a variety of sources the replication history, the
User Activity dialog box, and the log file (LOG.NSF) and view it in a
single results database. You can perform a database analysis only if
you have access to the Domino Administrator.
Maintaining Databases 58-37
Monitoring
User reads and writes, as recorded in the User Activity dialog box
Analysis documents
Each analysis document in the results database contains fields that
describe a particular event.
Field
Describes
Date
Time
Time of event
Source of Event The analyzed database or its replicas or the log file (LOG.NSF)
Information
Source
Database
Source
Destination
Destination
machine
Description
Events
Analysis documents describe these types of events:
Event
Describes
Required database
analysis option
Activity
User reads
User writes
+Activity
Mail Router
User writes
Data Note
Design Note Changes to the database ACL and design Changes to design
Replication history
Replication history
+Replicator
Monitoring
Replicator
Reports
Changes in: Design documents Changes to the database ACL and design
User activity: User reads
Description
Fixup_Tasks
No_Force_Activity_Logging
ServerTasksAt[n]
Update_NO_BRP_Files
Updaters
View_Rebuild_Dir
Monitoring
Disable_View_Rebuild_Opt
Chapter 59
Maintaining Domino Servers
This chapter describes how to manage your existing Domino servers. It
includes information on recertifying a server, deleting a server name and
decommissioning servers as well as other server-related activities.
Managing servers
To manage servers, you can do any of the following tasks:
Change the server administrator
Decommission a server
Recertify a server ID
While managing servers, you may also need to recertify a certifier ID. To
do so, see Recertifying a Certifier or User ID.
59-1
Monitoring
Action
Choose address Select the address book and choose a name from the list.
Click one of the following:
book
Add to add the name to the Names list.
Details to view address details from the Person
document.
Find names
starting with
Enter a user name and then click Add to add the name to
the Names list without selecting it from an address book.
Names
(Optional) Do one:
Select a name and then click Remove to remove the
selected name from the Administrator field.
Dont select any names. Click Remove all to remove all
names from the Administrator field.
Select a name and click to copy a name from the open
address book to the local address book.
6. Click OK, and then click Save & Close in the Server document.
7. Use the Replicate server command at the console to force replication
of the Domino Directory and disseminate the change quickly.
For more information on the Replicate command, see the appendix
Server Commands.
Decommissioning a server
You use the Decommission Server Analysis tool when you are
consolidating existing servers and/or permanently removing a server from
service. Whether you are combining two servers into one server or
renaming a server, the result is the same the old server name is replaced
with the new server name. The analysis tool can help you avoid a loss of
service for your Domino server and can be used to help build a foundation
for a decommission to do checklist. The role of the Server Analysis Tool
is to compare the responsibility of the source server to that of the target
server and to report differences that could cause a possible loss of service.
When you run the Decommission Server Analysis tool, you create a
Results database containing detailed information comparing the source
server and the target server. The source server is the server being
removed from service, and the target server is the server taking the place
of the source server. The source and the target servers must be Domino
servers that have hierarchical names and that are in the same domain.
Check each database for formulas that contain specific server name
references.
If the old server had cross-certificates, make sure the new server has
the same cross-certificates.
Notify other domains that access the server about the change.
Inform users about the new location for databases, including their
mail database, if necessary.
Make sure the network protocols on the old and new servers match.
Replicate all the databases from the old server to the new server.
Update mail routing tables to ensure that mail gets delivered correctly.
Maintaining Domino Servers 59-3
Monitoring
Inconsistencies between the source and target servers are marked in the
Results database to alert you to the administrative tasks you may need to
do before you can decommission the server. Each comparison that the
Decommission Server Analysis tool makes is somewhat individual.
Relationships between analysis items are not determined by this tool;
therefore, you need to review each report and make your own
comparisons before taking any action. Perform comparisons between
only two servers at a time. You do not need to resolve all differences
before you decommission a server.
Enter
Source server
Target server
Results database
Server
Title
File Name
Folder
Append to this database (Default) Adds the new report to the end of the
existing information in the Results database
without deleting any existing data
Overwrite this database Adds the new Results database by overwriting
the existing database
5. Click OK.
When the analysis is complete, the Results database opens to the
Reports view. This can take up to several minutes depending on
network traffic and the number of databases on both the source and
target servers.
Note You can create multiple reports in the same database or in
different databases and then use these reports to verify that differences
between the two servers are remedied and cannot be seen by the system
when you run the Decommission Server Analysis tool. You can re-run
the reports as many times as you wish.
Viewing the report in the Results database
The Decommission Server Analysis tool generates a categorized list of
items that were analyzed. Each category represents a different aspect of a
servers configuration that needs attention. Within each category, items
are listed alphabetically. Each item lists any differences between the
59-4 Administering the Domino System, Volume 2
source and the target servers settings or values. In the Results database,
you can view the categorized list of the items that were analyzed.
Icon
Explanation
A difference was found when doing the comparisons and may
require the attention of an administrator.
An error was encountered when performing or trying to perform a
comparison.
No icon
Monitoring
Click a document to open it and view the actual report that was
generated. A sample report is shown here:
Report Field
Description
Report category
Report title
Report date
Server to be
decommissioned
(source server)
Server to accept
Name of the server that will assume the responsibilities
responsibility (target of the server being decommissioned.
server)
Errors
Report details
Report comparisons
The following types of field comparisons are done between the two
Server documents and the Configuration documents:
Explanation
Boolean
Numeric
Text list
Name list
Special cases
Explanation
Connection
documents
Program
documents
All Program documents that list the source server as the server
on which to run the program are included in the report. No
comparison between the source and target Program documents
is done because there is no way to ensure that the executables
exist or are the same on the source and target.
Domain
documents
Cross-Certificates Any cross-certificate that lists the source server in the Issued
By field is reported.
Monitoring
Field Comparison
Explanation
Mail-in databases, Rooms, Each document that lists the source server as the
Resources, Certifiers,
Mail server is reported.
Person documents
Replicas
Explanation
Enabled ports
5. Do one of these:
Click the check box Delete servers from Domino Directory
immediately to immediately remove the server name from the
Domino Directory, and post Administration Requests to remove
the server name from ACLs, Names fields, and other locations.
Leave the check box Delete servers from Domino Directory
immediately not selected, to create Administration Requests to
remove the server name from the Domino Directory, ACLs,
Names fields, and all other locations.
6. Click OK.
For information on removing a server from service and replacing it with
another server, see the topic Decommissioning a server in this chapter.
Recertifying a server ID
Monitoring
8. (Optional) Click the check box Inspect each entry before submitting
request if you want to view the server ID before finalizing the
recertification.
9. Click OK.
10. Select one of the following:
OK to submit the recertification.
Skip if you are recertifying more than one server ID and you
want to continue to the next server ID without submitting a
recertification for the current server ID.
Cancel Remaining Entries to cancel this server recertification
and recertifications for any other server names you selected and
have not yet submitted.
11. Review the processing statistics that appear and then click OK.
Note You can use the @Certificate function to create a custom view of
specific IDs for recertification based on the ID name, issuer of the
certificate, and expiration date. If you create a custom view, be sure to
include the Recertify Servers or an equivalent action in the Actions menu
of the view.
For more information on the @Certificate function, see the Domino
Designer Programming Guide.
Monitoring
3. If the partitioned server used port mapping, edit the NOTES.INI file
of the port-mapping partition so that it no longer refers to the
Domino partition you want to remove. If you are uninstalling the
port-mapping partition, set up another Domino partition to do the
port-mapping.
4. If you use Windows NT, edit the NT registry as follows:
a. In the folder HKEY_LOCAL_MACHINE - SOFTWARE - Lotus Domino check each numbered subkey (for example, 1,2,3) that
has a named value DATA whose value is the directory path of
the partition you want to remove. Remove the whole numbered
subkey and all of its values.
b. In the folder HKEY_LOCAL_MACHINE - SOFTWARE - Lotus Domino, remove the corresponding numbered key from the
value of the key named PARTITIONS. Ensure that the list ends in
a comma. For example, if you are removing partition 2 from a
3-partition install, you would change the PARTITIONS value
from 1,2,3 to 1,3.
Monitoring
Chapter 60
Improving Server Performance
This chapter describes ways you can improve the performance of your
Domino server.
Agent Manager
Directory catalog
For more information on improving directory catalog performance,
see the chapter Setting Up Directory Assistance.
LDAP searches
Web server
For more information on improving Web server performance, see the
chapter Setting up the Domino Web Server.
Windows NT server
UNIX server
60-1
Performance
Domino Server.Load
Using Domino Server.Load, you run a script (a simulated workload) in
your own environment to obtain server capacity and response metrics.
You can run a built-in script or create a custom script. Domino
Server.Load includes real-time control of the test environment and
variables, such as the number of simulated users. Using Domino
Server.Load, you can evaluate the capacity of your servers and evaluate
the requirements for additional CPU, memory, or disk storage upgrades.
Server.Load can also be used to determine the effect of changes to the
machine, such as upgrading a device drive, an OS service pack, or a
Domino maintenance release.
Domino Server.Load is included as part of the Administrator client. For
details about setting up and working with Server.Load, see the chapter
Using Server.Load.
NotesBench
NotesBench is a collection of benchmarks (workloads) that simulate the
behavior of workstation-to-server or server-to-server operations.
Vendors and other organizations use NotesBench to evaluate the
performance of various Domino and Notes platforms and configurations.
Using NotesBench, hardware vendors and business partners generate
benchmark information, which they can distribute to their customers. In
turn, customers can use the benchmark information to evaluate vendors,
select configurations, and plan resource budgets.
To use NotesBench for testing, you must be a member of the NotesBench
Consortium, which is an independent, nonprofit organization dedicated
to providing Domino and Notes performance information to customers.
The consortium requires that each member run the NotesBench tests in
the same manner and allows tests to be audited.
To view published data and test results, go to the NotesBench Web site at
www.notesbench.org.
Performance
Use stripping to balance the load across all drives in the array. Use
hardware RAID, such as RAID 0+1, to improve performance and
availability.
high-end Domino server loads. The size of your Level 2 cache should
match your expected user loads and the response time you want.
Vendors have moved from 256K to 512K, 1MB to 2MB Level 2 cache
systems, especially on their greater than two-CPU configurations.
5. Improve your network. NotesBench vendors have:
Moved from 10Mbps cards and networks to 100Mbps
configurations
Used multiple LAN segments (one for each partition) to isolate
network traffic, at the high-end user loads
6. Change your network protocol to IP. Vendors initially used NetBIOS
and SPX internally but have unanimously moved to IP for their
performance publishing efforts.
7. You can improve Web server performance by disabling HTTP server
logging. Logging options are stored in the Server document. In the
HTTP server Enable logging to section are two fields, Log files and
DOMLOG.NSF. Disabling both of these fields improves Web server
performance.
8. You can improve general server performance by disabling the
type-ahead mail addressing feature. (Type-ahead allows users to
enter the first few characters of a users name; the server then
completes the rest of the name automatically.) To disable type-ahead
on a server, open the servers Configuration Settings document in the
Domino Directory. On the Basics tab, choose Disabled in the
Type-ahead field. Then save and close the document.
Server_MaxUsers
This setting sets the maximum number of users that are allowed to access
a server. When this number is reached, the server state becomes
MaxUsers, and the server stops accepting new Database Open
requests. The default is 0 (unlimited access to server by user). By setting a
maximum number of users allowed on the server, you can prevent server
performance from degrading because of demand overload.
Server_Session_Timeout
This setting specifies the number of minutes of inactivity after which the
server automatically terminates network and mobile connections. The
minimum recommended setting is 15 minutes. If you specify a lower
time, the server must reopen database server sessions too frequently,
which slows server performance. For best performance, the
recommended time is 45 minutes.
For mobile connections, X.PC has its own internal time out. If the X.PC
time-out value is shorter than the Server_Session_Timeout value, the
X.PC time out takes precedence.
ServerTasks
This setting controls the tasks that the server runs. These tasks start
automatically at server startup and continue until the server is shut
down. Improve performance by removing tasks that arent appropriate
to the server. Do not remove the Update task from a server. If you do so,
the Domino Directory will not update.
Performance
Translog_Status
This setting enables transaction logging for all Release 5 and later
databases on the server. Default is 0 (transaction logging disabled). Set
this to 1 to enable transaction logging. Transaction logging improves the
availability and reliability of the server.
Note Setting this and other Agent Manager variables to zero does not
completely eliminate the delay; a built-in delay will always exist.
AMgr_DocUpdateEventDelay
This setting specifies the delay time, in minutes, the Agent Manager
schedules a document update-triggered agent after a document update
event. The default is 5 minutes. The delay time ensures the agent runs no
more often than the specified interval, regardless of how frequently
document update events occur. When the agent executes, it will also
process all additional events (if any) that occurred during the interval.
A longer interval results in the agent running less often, thus reducing
demand for server time. If document update events are infrequent,
however, you can reduce the delay to ensure the agent runs soon after
the event occurs.
AMgr_NewMailAgentMinInterval
This setting specifies the minimum elapsed time, in minutes, between
execution of the same new mail-triggered agent. The default is 0 (no interval
between executions). Similar to AMgr_DocUpdateAgentMinInterval,
entering an interval can result in the agent running less frequently.
DominoAsynchronizeAgents
This setting specifies whether Web agents triggered by browser clients
can run at the same time (asynchronously). The default is zero (only one
agent can run at a time). Set this to 1 to allow multiple agents to run
simultaneously. This can result in faster execution of agents. However, a
high number of agents executing at the same time can slow overall
system performance. Open the Server document you want to change,
and click the Internet Protocols - Domino Web Engine tab. In the Web
Agents section, enable or disable the Run Web agents concurrently?
option. For Web agent time-out (in seconds), the default is 0 (no
time-outs).
Performance
AMgr_NewMailEventDelay
This setting specifies the time (in minutes) that the Agent Manager delays
before scheduling a new mail-triggered agent after new mail is delivered.
The default is 1 minute. Similar to AMgr_DocUpdateEventDelay, the
delay time ensures the agent runs no more often than the specified
interval. When the agent executes, it will also process all additional events
(if any) that occurred during the interval. A longer interval results in the
agent running less often, thus reducing demand for server time. If
document update events are infrequent, however, you can reduce the
delay to ensure the agent runs soon after the event occurs.
AMgr_NewMailEventDelay
AMgr_DocUpdateEventDelay
AMgr_DocUpdateAgentMinInterval
AMgr_NewMailAgentMinInterval
If your server attempts to schedule agents at a rate faster than the Agent
Manager can run them, the message AMgr: Agent scheduling is
paused appears on the console. The Agent Manager will not schedule
any new agents until the server processes some agents that are already
scheduled. Therefore, the running of new agents may be slightly delayed.
Performance
NSF_DbCache_Maxentries
This NOTES.INI setting sets the maximum number of databases stored in
the database cache (if enabled). For short intervals, Domino stores up to
1.5 times the number entered for this setting. Increasing the maximum
number of databases improves performance but requires more memory.
Improving performance for users accessing the Web using the Web
Navigator
There are several ways to improve performance:
Refs The number of times the database has been opened (the
DBHANDLE count for the database).
Mod Whether the database has been modified, but not yet flushed
to disk.
FDs The number of file descriptors currently being used for the
database.
LockWaits The number of times a user has had to wait for a lock
on the database (read or write).
Performance
RAID sets. When setting up data disk RAID sets, set the stripe size to
be approximately equal to the average logical disk transfer per
second measured in Perfmon for the typical workload for the server.
Set the cache write policy to write back. Set the cache read policy
to read ahead.
Balance the I/O bandwidth for each PCI bus. Distribute the network
adapters and RAID controller across multiple buses if your server
has them. Do not put the RAID controller on a bus that has a network
adapter.
Performance
Use the NTFS file system (NT File System). The NTFS file system
has significant performance advantages over FAT or FAT32. For
best performance, format the disks with a cluster size of at least
4KB. Use a cluster size that is a little larger than the average file
size on the disk. NTFS supports these sizes: 512, 1024, 2048, 4096,
8192, 16KB, 32KB, and 64KB. For example, to use a 16KB
allocation size for formatting the NTFS volumes, at the command
prompt enter (format <drive>:/fs:ntfs/A:16K).
NSF_Buffer_Pool_Size_MB
Many machines that run UNIX have very large amounts of physical
RAM. Use the parameters NSF_Buffer_Pool_Size_MB or
PercentSysAvailable Resources to control how much memory Domino is
allowed to use. Each Domino instance on a UNIX machine can reference
a maximum of 4GB of RAM.
Solaris at www.lotus.com/dominosolaris
Hewlett-Packard at www.hp.com
Performance
Chapter 61
Improving Database Performance
To optimize database performance, you can set properties for individual
databases and configure the database cache to improve overall database
access time on a server. To keep database size to a minimum, you can set
database properties that save disk space, compact databases, set database
size quotas, and regularly delete inactive documents in databases.
Performance
Tip You can use the Compact task with specific options to enable or
disable the above three properties and then compact the database.
Property
Tab
To optimize
performance/
size
Improves
Reduces
database
database
performance? size?
Deselect option
Yes
Yes
Display images
after loading
Basics
Select option
Yes
No
Dont maintain
unread marks
Yes
Yes
Document table
bitmap
optimization
Yes
No
Dont overwrite
free space
Yes
No
Maintain
LastAccessed
property
Yes
No
Dont support
Advanced Select the option Yes
specialized
response hierarchy
Dont allow
headline
monitoring
Slightly
Limit entries in
Advanced Select the option Yes
and specify the
$UpdatedBy fields
number of
entries
$UpdatedBy
fields can
contain
Yes
Yes
Limit entries in
$Revisions fields
Performance
Tip Users also can specify Load images: On request in the Advanced
section of a Location document to display images only when users click
them. For more information, see Lotus Notes 6 Help.
Performance
on the server using the Huffman method. Note that recompressing has
performance implications. For best performance, use LZ1 in primarily
Domino 6 environments.
A suggested upper limit is 10 entries in the $Revisions field. If you set the
limit lower than 10, you run the risk of increased replication or save
conflicts.
Performance
Soft deletions
In some databases, deleting a document permanently removes it from the
database. In other databases, such as the Notes mail file database,
deleting a document moves it into a Trash folder and stores it in a state of
soft deletion. From this folder, users can restore deleted documents by
dragging them from the Trash folder into another folder or by selecting
Remove from Trash.
Deleted documents are not permanently removed until a specified
expiration time or until the user empties the Trash folder. By default, soft
deletions are enabled for mail databases created from the Domino 6 mail
template (MAIL6.NTF). The default expiration time is 48 hours. You can
turn soft deletions on or off for any database and specify how long to
retain soft deletions before removing them from the database.
To display soft-deleted documents in other types of databases, you must
create a view to list the documents and provide users with an action
programmed to un-delete documents and restore them to the database.
For information on creating views to display soft-deletions, see the book
Application Development with Domino Designer.
Because deleted documents are not removed immediately from a
database that has soft deletions enabled, space in the database is not
reclaimed as quickly as in a database that does not use soft deletions. If
space consideration is an issue, consider disabling soft deletions.
To enable or disable soft deletions for a database
1. From the Files tab of the Domino Administrator, select the database
and choose Edit - Properties.
2. On the Advanced tab of the Database properties box, check Allow
soft deletions.
3. Set a value for Soft delete expire time in hours. The default is 48
hours. After that amount of time, soft deletions are permanently
removed from the database.
25
The actual number of databases allowed in the cache is 1.5 times the
maximum allowed. This buffer increases the chance that when a user
opens a database from the cache, Domino can return the database to the
cache when the user closes it.
Performance
Description
Statistic
Description
NSF_DbCache_Maxentries=value
Performance
Compact databases
Database
size
View size
Quotas
Percent of
used space**
Domino Administrator
Files tab
Yes
No
Yes
No
Yes
Yes
No
Yes
No
Messages No
relating to
No
No
Yes
Yes
Compacting databases
When documents and attachments are deleted from a database, Domino
tries to reuse the unused space, rather than immediately reduce the file
size. Sometimes Domino wont be able to reuse the space or, because of
fragmentation, cant reuse the space effectively until you compact the
database.
Performance
2. Click the Info tab (i) to see the size of the database.
Styles of compacting
There are three styles of compacting:
Copy-style compacting
In place, space
recovery
In place, space
Copy-style
recovery with file
size reduction
Unlogged
databases with
no pending
structural
changes
Databases with
pending
structural
changes
Current release
Relative speed
Fastest
Medium
Slowest
Yes
Yes
No (unless -L
option used)
Yes
Yes
No
No
Yes
Yes
No
No
Yes
Performance
x Compact_Retry_Rename_Wait <=
Run Compact using the Compact tool in the Files tab of the Domino
Administrator Use this method to compact a few databases; you
can select the databases to compact, but you cant use the Domino
Administrator until compacting finishes.
Compact options
The following tables describe the options you can use with the Compact
server task. The first column lists the options as they appear when you
run Compact using the Task - Start tool or the Files tab in the Domino
Administrator. The second column lists the equivalent command-line
options that you use when you run Compact using a console command
or using a Program document.
Performance
Compact - Basics
Option
Command-line Description
equivalent
Compact only
this database
or folder
(To specify
databases to
compact using
the Files tab,
select the
databases in
the files pane.)
database path
Specify any
additional
options after
the database
path.
For more information on database path, see the topic Running Compact
using a console command later in this chapter.
Compact - Options
Option
Command-line Description
equivalent
Compact
-S percent
database only
if unused space
is greater than
x percent
Discard any
built view
indexes
-D
Keep or revert
database to
previous
format
-R
Compact - Style
Option
Command-line
equivalent
Description
Uses in-place compacting and recovers
unused space without reducing the file size,
unless theres a pending structural change to
a database, in which case copy-style
compacting occurs. This is the recommended
method of compacting.
In-place with
file size
reduction
-B
Copy-style
-c
Copy-style:
Allow access
while
compacting
-L
Copy-style:
Ignore errors
and proceed
-i
Compact - Advanced
The advanced compact options are not available through the Compact
tool in the Files tab of the Domino Administrator.
Option*
Command-line
equivalent
Description
Document table -f
bitmap
optimization: Off
Document table -F
bitmap
optimization: On
Dont support
specialized
response
hierarchy: Off
-h
continued
Improving Database Performance 61-19
Performance
In-place
-b
(recommended)
Option*
Command-line
equivalent
Description
Dont support
specialized
response
hierarchy: On
-H
Enable
transaction
logging: Off
-t
Enable
transaction
logging: On
-T
Dont maintain
unread marks:
Off
-u
Dont maintain
unread marks:
On
-U
* Select Set advanced properties before you enable or disable any of these
properties.
Compact - Archive
When you use the document archiving tool to archive and delete
documents in a database, you can use the following Compact options to
archive documents if the database is located on a server and youve
chosen the advanced archiving option Automatically on server.
Option*
Command-line
equivalent
Description
Archive only
-A
-j
*The Compact tool in the Files tab of the Domino Administrator provides only
the option Archive database; this option archives and then compacts.
Performance
Example command
Files compacted
Specific databases in
the Domino data
folder
Load compact
SALES.NSF,DEV.NSF
DATA\SALES.NSF
DATA\DEV.NSF
DATA\SALES\all
databases
DATA\SALES\USER1.NSF
Load compact
WEEKLY.IND
where WEEKLY.IND
contains:
SALES.NSF
DEV.NSF
SALES\USER1.NSF
SALES\NEW
DATA\SALES.NSF
DATA\DEV.NSF
DATA\SALES\USER1.NSF
DATA\SALES\NEW\all
databases
Enter
Program name
Compact
Command line
Server to run on
Comment
Optional comments
Enabled/disabled
Enabled
Run at times
Repeat interval of
Days of week
Performance
Field
Leaves
Multiple Archive
deletion capability? deletion
stubs*?
criteria?
Yes
Yes
Yes
Yes
Yes
Yes
No
No
No
Agents
Yes
Yes
Yes
* Deletion stubs are markers that remain from deleted documents so that the
documents are deleted in other replicas of the database.
In addition to these methods, you can also create an API program that
deletes documents.
For information on the Remove documents not modified in the last x
days setting, see the chapter Creating Replicas and Scheduling
Replication.
If you have disk space available and you want users to be able to access
deleted documents, archive the documents before deleting them. When
doing so, follow these guidelines:
1. Determine an archive frequency based on the type of database. For
example, you might archive an infrequently accessed database, such
as a company policy database, every three months. Archive a heavily
used tracking database, such as a customer call-tracking database,
once a month or once a week.
2. Notify users that you plan to archive the database.
3. In the About This Database document of the active database, post the
archiving schedule and the location of the archive database.
4. Archive the database when it is not in use and server traffic is low
for example, on Sunday night.
5. After archiving is complete and youve deleted documents from the
active database, compact the active database.
Performance
Use the -a option to archive documents and then compact the source
database.
Performance
On Schedule Monthly
On Schedule Weekly
Description
Compact_Retry_Rename_Wait
NSF_Buffer_Pool_Size
Performance
Description
NSF_Dbcache_Disable
NSF_Dbcache_Maxentries
Chapter 62
Using Server.Load
This chapter discusses Server.Load, a capacity-planning tool for the
Domino server.
Server.Load
Server.Load is a capacity-planning tool that you use to run tests, also
called scripts and workloads, against a targeted Domino server to
measure server capacity and response metrics.
Server.Load supports any platform that is supported by the Domino
Administrator client. The client runs the Server.Load tests and generates
the transactions that are presented to the server. A typical Server.Load
configuration has one or more client systems driving the server under
test (SUT). Each client running Server.Load generates a simulated user
load of Notes transactions against the SUT, which reports server statistics
back to the client. If you configure multiple clients, you set up and run
the test from each client system.
62-1
Performance
You can run built-in scripts, create custom scripts from a library of
commands, or submit commands manually. For example, run the built-in
R5 Simple Mail Routing script to simulate users on a Notes client reading
and sending mail. Or create a custom script to create and open a Notes
mail database and populate it with messages. To test or execute
individual commands, you can use the manual command line mode to
delete documents from a database or issue remote server commands.
Description
Idle Workload
R5 IMAP Workload
R5 Simple Mail
Routing
R5 Shared Database
Custom scripts
You can use the Server.Load command language to build a script from
scratch, copy a built-in script and modify it, or use a sample script. Then
by modifying only test parameters and script variables, you can further
customize the script without changing the actual script code. Script
variables are environmental values that are referenced through the
NOTES.INI file. Test parameters control the number and creation of
simulated users, or threads; the number of times the test runs for each
user; and the test duration. If you create a script from scratch, you can
test each line of code by entering it in the command line. In addition,
using the command line, you can issue remote server console commands.
NotesBench
A related performance tool, NotesBench is a collection of benchmarks, or
workloads, for evaluating the performance of Domino servers. To learn
more about NotesBench, go to http://www.notesbench.org.
3. Plan to enter values for the Starting Thread No. and Max No. of
Users parameters. The values you enter depend on how many client
systems and database users the test is simulating. For example, to
simulate 400 database users across 4 client systems, with 100 users
spread across the 4 clients specify these values when you run the test
on each client.
Client
100.00
1.00
2.00
100.00
101.00
3.00
100.00
201.00
4.00
100.00
301.00
Performance
5. Be aware of both ramp-up and steady state. Ramp-up state occurs after
all threads run at least one iteration of the script. Steady state represents
the servers true, sustainable performance with reproducible results.
Steady state occurs when the number of Notes users on the server is
equal to the total simulated users across all clients.
Server.Load agents
Server.Load includes a set of agents in the file NAMAGENT.NSF, which
is initially installed in the data directory on the Domino Administrator
client. The first agent in this list Create NotesBench Mail Person
Documents is used to set up Person documents for the workloads and
set the HTTP password. The rest of the agents are used to repair and
change the workload setup.
To use the agents, you must use Domino Designer to add them to the
Domino Directory on the SUT.
Default
1.00
1000.00
1.00
mail\
continued
Prompt
Default
Mail domain
2 (MIME)
Mail system
1 (NOTES)
Performance
Action
Script Loop Count Enter the number of times the script runs per simulated
user. Default is 1.
To calculate total iterations, multiply Script Loop Count by
Max. No. of Users.
Note For long-duration tests, enter a large value, and
specify No Time Limit in the Test Time Parameter field.
If a test uses the ScriptIterationLimit script variable, set both
the variable and the Script Loop Count to the same value.
Thread Creation
Interval (sec)
Starting Thread
No.
Enter the thread number that will start the test. Default is 1.
Test Time
Parameter
Choose one:
Server.Load metrics
As you run a test, you can view various script metrics and server statistic
metrics and optionally store the test output in a separate file. Server
statistic metrics are generated by the Domino server. Script metrics
correspond to Server.Load command names and display the
performance of particular commands. For example, if you select the Add
metric, the Metrics window displays the results of the Add command.
For more information on script commands, see the appendix
Server.Load Command Language.
Note If the server runs Windows, you can also use the Windows
Performance Monitor to measure performance.
Database statistics
Description
Database.BufferPool.Reads
Database.BufferPool.Used
Database.BufferPool.Writes
Database.DbCache.CurrentEntries
Database.DbCache.HighWaterMark
Database.DbCache.Hits
Database.DbCache.InitialDbOpens
Database.NIFPool.Used
Performance
Statistic
System statistics
Statistic
Description
Disc.c.Free (bytes)
Disc.c.Size (bytes)
Mail statistics
Statistic
Description
Mail.AverageDeliverTime
Mail.AverageServerHops
Mail.AverageSizeDelivered
Mail.Dead
Mail.Delivered
Mail.MaximumDeliverTime
Mail.MinimumServerHops
Mail.MaximumServerHops
Statistic
Description
Mail.TotalRouted
Mail.Waiting
Mail.WaitingRecipients
Network statistics
Statistic
Description
NET.TCPIP.BytesReceived
NET.TCPIP.BytesSent
NET.TCPIP.Sessions.Established.Incoming
Running Threads
Agg. Replications
Performance
Statistic
Performance
To set up a SUT
1. Make sure that:
The Domino server is installed and operational
The server has adequate RAM, approximately 512KB per
simulated user (thread) across all clients used in the test
2. Make sure that you have Administrator access, Create database
access, and access to run unrestricted LotusScript and Java agents.
3. Make sure that the Server, Replicator, Router, and Update tasks are
running on the Domino server. Run additional tasks as required for
individual tests.
4. Enable performance monitoring on the Domino server by issuing the
Show Perf command.
5. Use Domino Designer to copy the file NAMAGENT.NSF to the
Domino Directory. This file contains agents that you use to set up
and change workloads.
6. Disable all screen savers.
To set up a client
If you use multiple clients in a test, they all must have the identical
hardware setup, and you must complete the following procedure on each.
1. Make sure that:
The Domino Administration client and Server.Load are installed
and operational
The client has access to the templates to use in the test
The client has adequate RAM approximately 512KB per
simulated user (thread)
2. Do the following to edit the Location document:
a. Choose File - Mobile - Edit Current Location.
b. Click the Mail tab, and complete these fields:
Field
Action
Choose On server
Mailfile
c. Click the Servers tab, and in the home/mail server section, enter
the name of the SUT.
Performance
Note If you edit the MailServer script variable before you run a test,
you change the location of the mail server for only that run. The next
time you run Server.Load, the mail server listed in the Location
document is used.
e. If you cannot connect over TCP/IP, verify that TCP/IP has been
enabled on the Domino server and that the port is enabled in the
Server document.
f. Verify that the port has been enabled at the operating system level.
g. Verify that TCP/IP is properly installed and enabled on the client
and that you can use the ping utility to access the Domino server
by name for example, acme.iris.com and by IP address.
5. Disable all screen savers.
Action
MailServer
MaxSessions
5. Click the Test Parameters tab. If you are running the test on multiple
clients, increment the value of the Starting Thread No. parameter
when you run the test on each client.
6. (Optional) Click the Stop Conditions tab to set a stop condition.
For more information, see the topic Setting a Server.Load stop
condition earlier in this chapter.
7. Click Execute.
8. (Optional) Select metrics to monitor.
For more information, see the topic Monitoring Server.Load
metrics earlier in this chapter.
9. (Optional) In the Server to receive console commands field, enter
the name of the SUT.
10. Click Start Test.
Performance
The IMAP Workload test models an active IMAP mail user logging in
once, then receiving and sending mail. The script contains an average of
15 minutes of waiting, so an average user will execute this test no more
than four times an hour. For each iteration of the script, IMAP mail
messages are retrieved, one SMTP message is sent, and a number of
LDAP lookup requests are executed based on the value of the
NumMessageRecipients script variable. The SMTP messages sent by each
test user are delivered to the mail databases of other test users on the
SUT.
Hardware considerations
The following hard disk requirements apply to the SUT and, during
some tests, to the destination systems that receive mail from the SUT:
Initial Disk
Requirement
Subsequent Disk
Requirement
Description
Show Task
Setting
2 (MIME)
Mail system
6 (POP3/IMAP)
4. In the Test Type field, choose Built-In, and then choose R5 IMAP
Initialization Workload from the list.
5. Click the Script Variables tab, and enter these values:
Action
MailServer
MailTemplate
nb_dbdir
RecipientDomain
SMTPHost
ClientHost
NumMailNotes
PerUser
Performance
Variable
R5IMAPBreak
Enter one:
1 To prevent the script from quitting if errors
occur
0 To force the script to quit if errors occur
IMAPHost
NormalMessageSize
MessageLineSize
Performance
Variable
Variable
Action
SMTPHost
ClientHost
NthIteration
R5IMAP_Loop_N
ScriptIterationLimit
10. (Optional) Click the Stop Conditions tab to set a stop condition.
For more information, see the topic Setting a Server.Load stop
condition earlier in this chapter.
11. Click Execute.
12. (Optional) Select metrics to monitor.
For more information, see the topic Monitoring Server.Load
metrics earlier in this chapter.
13. (Optional) In the Server to receive console commands field, enter
the name of the SUT.
14. Click Start Test.
Because mail routing and delivery are performed on the SUT, locate the
destination addresses and the active users mail files on the SUT.
The measurements obtained by this test are:
Hardware considerations
The following hard disk requirements apply to the SUT and, during
some tests, to the destination systems that receive mail from the SUT:
Initial Disk
Requirement
Setting
0 (NOTES)
Mail system
1 (NOTES)
Performance
The R5 Simple Mail Routing test requires at least one client and the SUT.
If you use multiple client systems, identical hardware configurations are
recommended.
4. In the Test Type field, choose Built-In, and then choose R5 NRPC
Mail Initialization Workload from the list.
5. Click the Test Parameters tab, and do the following:
a. For Thread Creation Interval, enter the rate, in seconds, at
which simulated users are created. The recommended value is 3
to 5 seconds.
b. If you are running the test on multiple clients, increment the
value of the Starting Thread No. parameter when you run the
test on each client.
6. Click the Script Variables tab, and enter these values:
Variable
Action
MailServer
nb_dbdir
MailTemplate
7. In the Build Recipient List using Name and Address Book field,
enter the name of the SUT and its Domino Directory in the format
servername/org!!dominodirectory.NSF for example,
Server1/Acme!!NAMES.NSF.
8. Verify that no errors occur while creating mail files on the client and
SUT. If a mail file is not created, the test script creates the mail file
during the first test iteration, a process that adds overhead on the
server back end. As a rule, CPU on the client and SUT should not
exceed 75%, and the percentage of disk time on the servers data
directory should not be a factor.
9. (Optional) Click the Stop Conditions tab to set a stop condition.
For more information, see the topic Setting a Server.Load stop
condition earlier in this chapter.
10. Click Execute.
11. (Optional) Select metrics to monitor.
For more information, see the topic Monitoring Server.Load
metrics earlier in this chapter.
MailServer
nb_dbdir
MailTemplate
NBTestReset
MaxDocToDelete
Performance
Variable
Variable
Action
ScriptIterationLimit
To read the code in the test script, see the appendix Server.Load
Scripts.
Hardware considerations
The following hard disk requirements apply to the SUT and, during
some tests, to the destination systems that receive mail from the SUT.
Initial disk requirement
MailServer
DiscussionDB
DiscTemplate
NBTestReset
MaxDocToDelete
Performance
Variable
Variable
Action
NumMailNotesPerUser
DiscDbAddDocRate
Hardware considerations
The following hard disk requirements apply to the SUT and, during
some tests, to the destination systems that receive mail from the SUT:
Initial disk
requirement
Subsequent disk Increase of 100KB per hour for the duration of the test. This
requirement
figure is not dependent on the number of users.
For information, see the topic Setting up clients and servers for
Server.Load earlier in this chapter.
2. Run the Create NotesBench Mail Person Documents agent to create
the desired number of Person documents in the Domino Directory.
When prompted, set these variables:
Variable
Setting
2 (MIME)
Mail system
6 (POP3/IMAP)
Performance
1. Make sure that you already set up clients and servers for
Server.Load.
Action
MailServer
nb_dbdir
MailTemplate
6. Click the Test Parameters tab. If you are running the test on multiple
clients, increment the value of the Starting Thread No. parameter
when you run the test on each client.
7. (Optional) Click the Stop Conditions tab to set a stop condition.
For more information, see the topic Setting a Server.Load stop
condition earlier in this chapter.
8. Click Execute.
9. (Optional) Select metrics to monitor.
For more information, see the topic Monitoring Server.Load
metrics earlier in this chapter.
10. (Optional) In the Server to receive console commands field, enter
the name of the SUT.
11. Click Start Test.
12. Verify that the correct number of test mail files were created in the
data directory. Each mail file is named MAILn.NSF, where n is a
number.
13. Complete the procedure Running the SMTP and POP3 Workload
test.
5. Click the Test Parameters tab. If you are running the test on multiple
clients, increment the value of the Starting Thread No. parameter
when you run the test on each client.
6. Click the Script Variables tab, and enter these values:
Variable
Action
NormalMessageSize
MessageLineSize
RecipientDomain
ClientHost
NthIteration
POP3Host
Performance
SMTPHost
The resulting capacity metric for a Web Idle server is the maximum
number of users that can be supported before the average user response
time becomes unacceptable.
To read the code in the test script, see the appendix Server.Load
Scripts.
The resulting capacity metric for a Web Mail server is the maximum
number of users that can be supported before the average user response
time becomes unacceptable.
To read the code in the test script, see the appendix Server.Load
Scripts.
Hardware considerations
Initial Disk
Requirement
Subsequent Disk Increase of 1MB an hour for the duration of the test. (This
figure is not dependent on the number of users.)
Requirement
Increase of 100KB an hour as impacted by the value of the
nthIteration setting in the NOTES.INI file
The growth rate of each database is a function of the ratio of
the number of users and recipients sending and receiving
mail.
Performance
The following hard disk requirements apply to the SUT and, during
some tests, to the destination systems that receive mail from the SUT:
Description
Show Tasks
Action
6. Make sure that the administrator has Manager access to the Domino
Directory.
7. Authentication
By default, WebMail assumes user authentication is required.
For authenticated users, Anonymous must have No Access and
-Default- must have Manager access. Use the
WebAuthenticationOff=0 setting in the clients NOTES.INI file.
To run WebMail without authentication, Anonymous must have
Manager access in the ACL of all mail databases and the Domino
Directory. Use the WebAuthenticationOff=0 setting in the clients
NOTES.INI file.
62-32 Administering the Domino System, Volume 2
Setting
2 (MIME)
Mail system
0 (SMTP/POP3)
NBTestReset
MailServer
HTTPHost
nb_dbdir
Performance
Variable
Variable
Action
MailTemplate
NormalMessageSize
6. Verify that the client and server experience no errors while creating
mail files. If a mail file has not been created, the test script creates the
mail file during the first test iteration, but this adds overhead on the
server back end. As a rule, CPU on the client and SUT should not
exceed 75%, and the percentage of Disk Time on the Domino Server
Data directory should not be a factor.
7. Click the Test Parameters tab. If you are running the test on multiple
clients, increment the value of the Starting Thread No. parameter
when you run the test on each client.
8. Set a Server.Load stop condition.
For more information, see the topic Setting a Server.Load stop
condition earlier in this chapter.
9. Click Execute.
10. (Optional) Select metrics to monitor.
For more information, see the topic Monitoring Server.Load
metrics earlier in this chapter.
11. (Optional) In the Server to receive console commands field, enter
the name of the SUT.
12. Click Start Test.
13. Verify that the correct number of test mail files were created in the
data directory. Each mail file is named MAILn.NSF, where n is a
number.
14. Complete the procedure Running the Web Mail test.
Action
HTTPHost
nb_dbdir
WebPreferencesOff
Make sure this is set to Off. If its On, the script sets
the mail database to be its own owner.
6. Click the Test Parameters tab. If you are running the test on multiple
clients, increment the value of the Starting Thread No. parameter
when you run the test on each client.
7. (Optional) Click the Stop Conditions tab to set a stop condition.
For more information, see the topic Setting a Server.Load stop
condition earlier in this chapter.
8. Click Execute.
9. (Optional) Select metrics to monitor.
Performance
Chapter 63
Troubleshooting
Even with careful server maintenance, you may occasionally encounter
unexpected system problems. This chapter provides a server
maintenance checklist, describes troubleshooting techniques, and offers
suggestions for solving common problems.
For information on performance-related issues, see the chapter
Improving Server Performance.
Database performance
Directories
Mail routing
Partitioned servers
Troubleshooting
63-1
Passthru connections
Platform statistics
Replication
Server access
Server crashes
Server.Load
Transaction logging
Troubleshooting tools
Domino provides several tools to help you troubleshoot problems. Most
of the tools are available through the Domino Administrator. The table
below summarizes the available tools and indicates how each is useful.
If you havent solved your problem after reading through the section that
applies to the problem, you may want to search the Lotus Support
Services Web site or call Lotus Support Services directly for help with
troubleshooting your problem.
Tool
All problems
Domino Web
Web server problems
server log file
(DOMLOG.NSF)
Servers
MAIL.BOX
Mail trace
ISpy
Mail reports
Tool
Mail tracking
Lost mail
Mail routing
topology maps
Network trace
Connection problems
Replication
topology maps
Replication problems
between servers
Monitoring
Configuration
Database analysis
Database problems
Administration
Requests database
Administration Process
errors
Server commands
Various
Troubleshooting
Replication
schedule
Your system
Domino version(s)
Operating system and version,
including any patches or fixpacks
Hardware, including the kind of
CPU(s) and modems installed, and the
amount of RAM and hard disk space
continued
63-4 Administering the Domino System, Volume 2
Required information
Your system
Your system
Troubleshooting
Troubleshooting 63-5
Databases are active and maintained (a task you share with the
manager of each database).
Frequency
Daily
Daily
Weekly
Weekly
Monitor replication
Daily
Daily
Monitor memory
Monthly
Monthly
Monthly
continued
Task
Frequency
Monthly
Daily
* If the database is in Domino 5 or later format and you are not using transaction
logging, you can use the Fixup task to repair the corrupted database.
If the database is in Domino 5 or later format and you are using transaction
logging, you cannot run the Fixup task on that database, because the Fixup task
interferes with the way transaction logging keeps track of databases. Instead,
you must restore the corrupted database from a backup. You can run the Fixup
task on databases that are in Domino 4.x and earlier format.
2. Copy the server ID file to a disk, and store the disk in a secure place.
3. Make a replica of the Domino Directory on a workstation and keep it
up-to-date by replicating the local replica with the server replica.
Then if the Domino Directory becomes corrupted, you can quickly
restore it by creating a new replica from the local workstation replica.
Even if you do this, continue to back up the Domino Directory to
tape. Never do this when transaction logging is used.
Troubleshooting 63-7
Troubleshooting
4. If your system uses a shared mail database, back up the shared mail
database(s) along with user mail files.
You can also search for solutions to common problems on the Lotus
Support Services Web site at www.lotus.com/support.
Troubleshooting 63-9
Troubleshooting
f. The Certifier documents must have the correct public key; the
public key must match the key in each CERT.ID.
For more information about correcting errors in the Administration
Requests database, or for any other information regarding the
administration process, see the chapter Setting Up the
Administration Process.
Troubleshooting 63-11
Troubleshooting
You can also search for solutions to common problems on the Lotus
Support Services Web site at www.lotus.com/support.
Troubleshooting 63-13
Troubleshooting
If the server runs Domino 4.6 or earlier, you can increase the Max %
busy before delay field in the Server document. Domino 5 and
higher does not support this field.
Troubleshooting
More than one Person document contains the phrase Escrow Agent
in the User name field.
Resolving conflicts when names are assigned to more than one access
level
Troubleshooting 63-17
Troubleshooting
A name is included in two or The name receives the access of the group with
more groups
the highest access.
A name appears in an ACL
and in access lists associated
with forms, views, or
sections
Troubleshooting
For more information on creating access lists that refine access to specific
design elements, see the book Application Development with Domino
Designer.
For more information on Groups and Roles, user access, and the Enforce
a consistent ACL option, see the chapter Controlling User Access to
Domino Databases.
6. Paste or enter the Note ID or UNID from Step 1 into the ID field.
7. Click Find.
8. View the document details and properties in the Fields and
Properties fields.
Directories Troubleshooting
These topics describe how to troubleshoot problems related to:
Directory assistance
Directory catalogs
LDAP service
Extended ACL
You can also search for solutions to common problems on the Lotus
Support Services Web site at www.lotus.com/support.
Troubleshooting 63-21
Troubleshooting
2. Set Trusted for credentials to Yes for at least one naming rule in
the Directory Assistance document. The rule or rules should
correspond to the names of the Internet users you want to
authenticate.
3. Enter the secondary directorys Domino domain in the Domain
Name field. Do not enter: the name of a condensed Directory
Catalog, the name of the servers primary domain, or a domain name
that is used in another Directory Assistance document. If you created
the secondary directory manually and its not associated with a
Domino domain, make up a unique domain name.
4. If you use name-and-password authentication, and you choose the
authentication option Fewer name variations with higher security,
make sure users provide either their hierarchical names or common
names for authentication rather than first names, last names, or short
names only.
For more information on this server authentication option, see the
chapter Setting Up Name-and-Password and Anonymous Access to
Domino Servers.
If you include groups of users in database ACLs on the server that
authenticates, store those groups in the servers primary Domino
Directory and/or in one directory enabled for Group authorization in
the directory assistance database.
Internet user authentication using an LDAP directory fails
To authenticate Internet users registered in a remote LDAP directory,
make sure you complete these steps:
1. Select LDAP as the Domain Type in the Directory Assistance
document.
2. Specify a Domain Name that is not the Domino domain of the
servers that use directory assistance and that is not used in another
Directory Assistance document.
3. (Recommended) Enter 1 as the search order.
4. Set Trusted for credentials to Yes for at least one naming rule in
the Directory Assistance document that corresponds to the names of
the users to authenticate.
5. If the remote LDAP server requires a base DN, enter it in the field,
Base DN for search.
6. Select Notes clients/Internet Authentication/Authorization in the
Make this domain available to field.
7. If you enabled Channel encryption, make sure youve configured
SSL properly.
63-22 Administering the Domino System, Volume 2
Troubleshooting
5. If the directory is a remote LDAP directory, when you add the name
of a hierarchical group from an LDAP directory to a Notes database
ACL, use the LDAP format for the name, but use forward slashes as
delimiters (/) rather than commas (,). If the name of the LDAP
directory group is not hierarchical, in a Notes database ACL enter
the value for the group name without the associated LDAP attribute.
Troubleshooting 63-25
Troubleshooting
4. Select the Directories field and look in the box on the right. Verify
that the Dircat task can access all the directories specified in the box.
Typically, this means making sure that the server that aggregates the
directory catalog also stores replicas of all the aggregated directories
locally.
5. Select the Since field and look in the box on the right to see the date
and time the Dircat task last ran on all of the directories specified in
the Directories field. If either of the following is true, run the Dircat
task again:
If there are fewer time/date stamps than directories for
example, if there are four directories in the Directories field but
only two time/date stamps when the Dircat task last ran, it
attempted to rebuild the source directory catalog but didnt
complete the task.
If the time/date stamps are older than expected, the Dircat task
may not have run to completion when it last did an incremental
update of the source directory catalog.
If the Remove duplicate users option is enabled, see if someone
has deleted a duplicate entry from one of the full Domino directories
If the Remove duplicate users option is enabled, the Dircat task doesnt
add into the directory catalog all entries associated with an identical
hierarchical name. Instead, the task adds an entry from the first directory
in which it encounters the name. Dircat searches directories in the order
that theyre specified in the Directories to include configuration field.
If someone removes a duplicate entry from the full Domino Directory
that has already been the entry used in the directory catalog, that name is
removed from the catalog. For example, if the Acme East and the Acme
West directories both contain an entry with the name, Phyllis
Spera/Acme, if Remove duplicate users is enabled, and if Acme East is
listed first in the Directories to include field, when Dircat runs, it
includes only the entry from Acme East. If someone then removes Phyllis
Spera/Acme from Acme East, the name is removed from the directory
catalog the next time Dircat runs.
To correct the problem, make a minor change to the remaining entry
in the above example, the entry in Acme West. This change causes Dircat
to add the entry to the directory catalog the next time it runs. You can
also correct the problem by clicking the Clear History button in the
directory catalog Configuration document, although this approach
rebuilds the entire directory catalog.
Verify that the User Name fields have values
If theres no value in the User Name (FullName) field in a Person
document, the Dircat task wont build the entry in the directory catalog.
Notes registration adds values to User Name fields automatically, but if
you created Person entries without using the Notes registration program,
check that the entries have values in this field.
Use Log_Dircat=1
If the above steps dont solve the problem, add the NOTES.INI setting
Log_Dircat=1, which logs information about the Dircat task in the log file
(LOG.NSF). Use the logged information to help troubleshoot the
problem.
For more information on the log file, see the chapter Using Log Files.
For more information on the NOTES.INI file, see the appendix
NOTES.INI File.
Users cant use type-ahead addressing to look up names in a
condensed Directory Catalog
Type-ahead addressing looks up a name in a condensed Directory
Catalog only if the order in which the user types the name corresponds to
the Sort by format configured for the directory catalog. For example, if
the configured Sort by format is Distinguished name, type-ahead
looks up the name in a directory catalog only when a user types the first
name before the last name. Or, if the Sort by format is set to Last
name, type-ahead looks up the name in a directory catalog only when a
user types the last name before the first name.
Domino isnt searching a directory catalog on a server
To search an Extended Directory Catalog that is not integrated into its
primary Domino Directory, a server must be set up to use a directory
assistance database that contains a Directory Assistance document for the
directory catalog.
To search a condensed Directory Catalog, a server must store a local
replica of the directory catalog. In addition, you must specify the file
name for this replica in either the Directory Profile or in the Basics
section of the Server document in the servers primary Domino
Directory.
For more information on directory catalogs, see the chapter Setting Up
Directory Catalogs.
Troubleshooting 63-27
Troubleshooting
Troubleshooting
The full-text index can become corrupted if there is not enough disk
space to build the index or if you shut down the Notes or Domino
Administrator client before the index is entirely built. To correct the
problem, delete and then recreate the full-text index.
User Setup Profile doesnt push Mobile Directory Catalogs to users
To use a User Setup Profile to set up mobile directory catalogs on Notes
clients, you must paste a database link of a replica of the directory
catalog in the Mobile directory catalogs field of the User Setup Profile.
The Notes clients dont receive a replica of the mobile directory catalog
until the User Setup Profile replicates to the users mail servers and the
users authenticate with the mail servers.
Router is finding the same name in multiple directories even though
the Exhaustive lookup setting is disabled
By default, the Router configuration option Exhaustive lookup
available on the Router/SMTP - Basics tab of a Configuration Settings
document is disabled. If you keep this default setting, once the Router
finds a name, it doesnt continue its search to other secondary Domino
directories. Disabling exhaustive lookups is a way to improve Router
performance .
By design, disabling Exhaustive lookup does not apply to a directory
catalog. The Router always searches the primary Domino Directory and
the entire server directory catalog, even if the exhaustive lookup setting
is disabled. This is intended behavior since the Router can use the
directory catalog to, in effect, quickly search multiple secondary
directories rather than having to take the performance hit of searching
these directories individually. These exhaustive lookups allow the Router
to ensure there are no duplicate recipient names that might prevent the
message from getting to the right person.
The Router returns a delivery failure when it finds a name associated
with more than one directory entry and the entries do not have the same
Mail server, Mail file, or Domains specified. To avoid such delivery
failures when duplicate entries actually represent the same person (for
example, when someones name and directory location within the
organization have changed but you want to allow people to address mail
using the original name), make the entries in the Mail server, Mail file,
and Domain fields identical for each entry.
Users cant do full-text searches of a condensed Directory Catalog
A condensed Directory Catalog doesnt support direct full-text searches
by users, only indirect full-text searches via LDAP, mail addressing, and
so on.
LDAP clients cant connect to the server over SSL when the server
uses a self-signed Domino server certificate
Troubleshooting
Troubleshooting 63-31
3. If the LDAP user has Author access in the ACL, verify that the LDAP
user has the proper Creator Role ([UserCreator], [GroupCreator],
[ServerCreator] for the type of entry being added.
4. Verify that Form Properties are correctly set to allow the LDAP user
to create documents with the form used to add the entry.
Troubleshooting 63-33
Troubleshooting
2. Verify that the LDAP user has the necessary access in the Domino
Directory database ACL and extended ACL, if an extended ACL is
used.
LDAP clients cant connect to the LDAP service over SSL when the
server uses a self-signed Domino server certificate
If the server that runs the LDAP service uses a self-signed Domino
certificate, non-Notes LDAP clients can only perform LDAP searches
over SSL if they first connect to the Domino server over SSL using a
different protocol (for example HTTPS or IMAP). The client software
then presents a warning dialog stating that the servers self-signed
certificate is not issued by a trusted Certificate Authority and gives the
users the option to accept the certificate. The users must accept the
certificate before they can perform LDAP searches over SSL.
LDAP Schema: Failed exporting error
If you use the tell ldap exportschema command when the Domino
LDAP Schema database (SCHEMA50.NSF) is open, schema exporting
fails and the LDAP service returns this error. Close the database before
using this command.
The access specified for subject is different than the subjects actual
access.
Notes and Web users are getting unexpected results when accessing
the directory
Troubleshooting
You can also search for solutions to common problems on the Lotus
Support Services Web site at www.lotus.com/support.
3. The user attaches the new mail database to a mail message and sends
it to you.
4. You open the mail database attached to the mail message and select a
Delivery Failure Report.
The Delivery Failure Report identifies the reason the delivery failed
and the routing path over which the message was sent. Use this
information to further investigate the problem.
Mail trace
To troubleshoot mail routing or test mail connections, trace a mail
delivery to test whether a message can be successfully delivered without
actually sending a test message.
1. From the Domino Administrator, click the Messaging - Mail tab.
2. If necessary, click Tools to display the tool bar.
3. From the tool bar, click Messaging - Send Mail Trace.
4. Complete these fields, and then click Send:
Field
Enter
To
Subject
Troubleshooting 63-37
Troubleshooting
User cant receive any mail, including mail sent by users whose mail
files are on the same server
User cant receive any mail, including mail sent by users whose mail
files are on the same server
If a user cant receive any mail, including mail sent by other users whose
mail files are on the same mail server, check the Mail Routing Events
view of the workstations log file for deliveries. Also, check the
MAIL.BOX file on the users workstation to see if mail is being trapped
there. Modify the Log_MailRouting setting in the NOTES.INI file to log
more detailed mail routing information on the console and in the log file.
File is in use by another process
If the recipients mail file or the MAIL.BOX file on the sending or
receiving server is being backed up, Domino generates the message File
is in use by another process. Wait for the backup to complete, and then
resend the message.
NAMES.NSF does not contain a required view appears when
sending mail to users on the same mail server
If all users on the same mail server cant send or receive mail and they
receive the message NAMES.NSF does not contain a required view,
you need to update the design of the Domino Directory. Choose File 63-38 Administering the Domino System, Volume 2
Troubleshooting 63-39
Troubleshooting
User not listed in the Public Address Book appears with returned
mail
If the recipients name is misspelled, mail is returned to the sender, along
with the message User not listed in the Public Address Book. If the
domain name is misspelled, mail is returned with the message No route
found to domain name from server name. Check the Domino Directory for
the correct spelling of the names, and resend the document.
Users unexpectedly required to include @domainname after each
address
If users report that they cant send mail to another domain unless they
include @domainname after each address, configure directory assistance
and directory catalogs to include the directories from the other domains.
2. Look for and correct any of these problems with Person documents:
Theres no Person document for the recipient in the Domino
Directory. If necessary, register the recipient to create one.
The mail recipients name, mail server, or mail file is incorrect or is
spelled incorrectly. Correct the entries, if necessary.
There are multiple occurrences of the recipients name in the
Domino Directory. There may be more than one Person document,
or a user and a group may have the same name. You can add a
middle initial to one of the user names if two users share the same
name. You can modify a group name if its duplicate of another.
The recipient receives mail through a gateway. Make sure the
recipients Person document contains a forwarding address.
3. Check the Server documents of the senders and recipients mail
servers. Make sure that the names of the server, domain, and Notes
named network are spelled correctly.
4. Check Connection documents for mail routing. If two servers are in
different Notes named networks (or domains) or dont have a third
server that has a Notes named network in common with both
servers, then you must create pairs of Connection documents to
enable mail routing back and forth. For servers in the same Notes
named network, mail routing is automatic so you dont need
Connection documents.
To check mail routing connections, from the Domino Administrator,
click the Messaging - Mail tab. You can see mail routing topology by
connections or by named networks. Look for servers that cant reach
a server in another Notes named network or domain. Then check the
Domino Directory for these problems, and edit or create the
documents as necessary:
Missing Connection documents. Make sure that each domains
Domino Directory has a Connection document from one of its
servers to a server in the other domain.
Troubleshooting
Troubleshooting
Then verify that the domain name is correctly spelled. To add the
Domain setting or correct the spelling of the domain name, enter this
command at the console:
Run the Fixup task with the -J option. Use this task if the database
is in Domino 5 or higher format and you are using transaction
logging. If you use a backup utility certified for Domino 5 and you
run Fixup -J, perform a full backup of the database as soon as
Fixup finishes.
If the corruption still persists, shut down the server and rename
MAIL.BOX for example, rename it to BADMAIL.BOX. Then
restart the server to generate a new MAIL.BOX file, and copy any
uncorrupted documents from BADMAIL.BOX to MAIL.BOX.
6. Check for problems with modem connections.
For more information on errors that affect mail, see the topic User cant
receive mail, including mail sent by other users whose mail files are on
the same mail server earlier in this chapter.
Checking the shared mail setup
Check for these conditions and correct them, if necessary.
1. Verify that shared mail is enabled. To determine if a mail file or
individual mail files in a directory use shared mail, enter this
command at the console:
Load Object Info USERMAIL.NSF
You can also search for solutions to common problems on the Lotus
Support Services Web site at www.lotus.com/support.
3. Make sure that the mail server is running. Free-time lookups fail if
Domino cannot access the free time database on the invitees mail
server because the server is unavailable. If the server isnt running,
the user can still complete invitation processing, including sending
and receiving meeting-related messages. Also, lookups for other
invitees with free time databases on other servers still work.
4. Check that the Schedule Manager task is running on the mail server.
Troubleshooting 63-45
Troubleshooting
5. Check that the invitee saved his or her Calendar Profile after
upgrading the design to the Domino 4.5 or higher mail template.
6. Check that the user is included in the list of users who can read the
invitees Free time Schedule in the Calendar Profile.
7. Check that the free-time lookup finds schedule information for users
whose mail servers are in a foreign or adjacent domain. If the
free-time lookup fails, make sure a valid Domain document exists. In
addition, check the Calendar Server field in the Domain document to
make sure a valid calendar server has been defined for the domain.
8. Check that the mail servers are running the same protocol. The mail
servers must run the same protocol so that the servers can connect to
each other to perform a free-time lookup.
Cant Find User in Name and Address Book
If this message appears, the entry used in the $BusyName field in a
calendar entry for the Note ID reported in the log doesnt exist in the
Domino Directory. This situation typically arises when a user leaves the
company and the Domino Directory no longer contains a Person
document for the user. To resolve this error, find the document
associated with the NoteID, and delete the document.
To find the note ID and the document associated with it, see the topic
Troubleshooting Schedule Manager errors reported in the log later in
this chapter.
Cannot perform this action locally
This message appears when you try to create a Site Profile in the
Resource Reservation database locally on the server. To avoid this
message, when you open the Resource Reservation database, specify the
actual server, instead of Local.
No resource/room found for time and/or capacity requirements
The message No resource/room found for time and/or capacity
requirements may appear when a user creates a reservation in the
Resource Reservation database. This message indicates that the Site
Profile name for that particular resource includes a comma for
example, Acme, East. Re-create the Site Profile name without the comma
for example, Acme East.
Troubleshooting
15. Click the check mark in the formula pane to accept the new formula.
22. Scroll through the fields in the left box and search for a $BusyName
field.
23. Compare the information in the $BusyName field to the entries in the
BUSYTIME.NSF file and the Domino Directory. Make any
corrections.
You can also search for solutions to common problems on the Lotus
Support Services Web site at www.lotus.com/support.
Troubleshooting
should be the same for modems that are trying to connect. To check
these settings, choose File - Preferences - User Preferences, select
Ports, select the COM port you want to check, and click COM
options.
9. Check the modem command file. Make sure that its the correct one
for your modem. Make sure it uses the correct syntax and is free of
any spelling errors, missing command parameters, and incorrect
settings or responses. Check the operating system time stamp and
last revision date of the file to make sure youre using the correct
version of the file. To do this, use a file manager such as Windows
Explorer. Make sure you specified the correct directory for the file
for example, the Notes\Data\Modems directory.
10. Check the Connection document in the Domino Directory. Make sure
the fields in the Connection document contain the correct
information for a dialup modem connection.
11. Check the Miscellaneous Events view in the log (LOG.NSF).
Sometimes modems that use the same modem standards cant
connect to each other because of the way the manufacturer
implemented the standard. Contact the modem manufacturer to
resolve the problem.
12. Check the Phone Calls view in the log. Numerous CRC or
retransmission errors indicate that one or both modems detect
transmission errors. A damaged RJ-11 cord and/or poor phone line
quality may cause these errors. Try another cord and ask the phone
company to check the phone line.
The dialup server cycles through port speeds without initializing the
modem
2. Make sure that commands in a long setup string do not exceed the
character limit for the modem. Use the Setup=AT command at the
beginning of each line to split the setup strings into smaller sections.
Troubleshooting 63-51
Troubleshooting
Wait a few minutes and then issue the Show Stat Platform command
again.
Description
diskperf -y
diskperf
Description
diskperf -y
diskperf /?
diskperf
The probable cause for this message is that platform statistics detected
that the Network Interface Object was not enabled. Enable the SNMP
service.
Logical disk counters are not enabled
Platform Stats Informational: Please execute diskperf.exe -y
to enable Logical Disk performance counters.
The probable cause is that platform statistics detected that the logical
disk counters were not enabled. Enable logical disk counters.
Platform statistics do not appear to be enabled
Platform not in Statistics Table
n Transactions/Minute, n Users
Troubleshooting 63-53
Troubleshooting
When the statistics are ready to be displayed, the system displays the
following message, where n is the number of current transactions or
users.
Upon Domino startup, the path to the nnotes.dll is not set or is set
incorrectly. Multiple installations of Domino may exist on the system and
an earlier installation of Domino is being invoked. Make sure that
nnotes.dll is set to this path:
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\not
estat\\Performance\\Library
When the error occurs, the value for the variable Disable Performance
Counters is set to 1, which disables performance counters for statistics
such as CPU utilization (Platform.System.PctCombinedCpuUtil) or
Memory (Platform.Memory.PagesPerSec). These counters are found
under the services PerfOS, PerfDisk, PerfProc and PerfNet.
If these statistic counters cannot be located, you may get the following
error message, printed to both the event log and the console:
Platform Stats: _PSHandleDefaultCmd() Unable to set up
default counters error =..."
Although the system may have set the Disable Performance Counters
variable under a period of extreme stress on the system, once it has been
set, this variable continues to disable all performance counters relating to
its.dll, until it is manually set back to zero or deleted.
To reset the default counters, search the registry for the phrase Disable
Performance Counters. If it occurs under PerfOS, PerfDisk, PerfProc or
PerfNet, manually set it back to zero or delete the entire variable.
Troubleshooting 63-55
Troubleshooting
If you cant solve your problem, record all of the following information
(gathered as you performed the steps in the preceding topics) before
contacting Lotus Support Services (www.lotus.com/support):
1. Exact quoted error messages
2. TCP stack name and version number (or operating system and
version if the TCP/IP stack is included in the operating system)
3. IP configuration information
4. IP address and host name of Domino server
5. Server document
6. Host file
7. Tracert information (with number of hops)
8. Ping packet size
Note It is recommended that customers prepare a network diagram for
escalation.
63-56 Administering the Domino System, Volume 2
Troubleshooting 63-57
Troubleshooting
random a number from a range above 1024 called the ephemeral port
range. The Internet authority uses the low-end range above 1024 to
assign port numbers to registered applications such as Lotus
Notes/Dominos NRPC services, which use 1352. Microsoft uses the
ephemeral port range of 1024 - 5000. Therefore, when a server on a
Windows system makes an outbound connection, the ephemeral port
number chosen might be 1352. When this happens and Domino is
started, the NRPC port fails to bind. Often, on startup, servers on
Windows systems make outbound connections to the NetBIOS
session service well-known port and keep these connections active
until the system is restarted. This is the cause of the problem.
Note Most UNIX systems use an ephemeral port range that is at the
top-end of the range of ports, such as 45000 - 65000, so that there is
not likely to be a conflict between the ephemeral port number chosen
and registered port numbers.
To determine if this is the cause of the problem, run Netstat -n -a. If
what you see is similar to one of the following examples, the system
is using port number 1352 and the Domino server cannot start. To
solve this problem, restart the system.
Example 1: Netstat -n -a output of the Domino server active on the
local system using port 1352 as a server
Proto
State
Local Address
TCP
10.20.4.137:1352
LISTENING
Foreign Address
0.0.0.0:0
Local Address
TCP
10.20.4.137:1352
ESTABLISHED
Foreign Address
10.30.10.1:139
Tip To protect additional ports, you can enter a range (such as 1025
- 1050) or multiple ranges separated by spaces.
Note In Windows 2000 and XP, Netstat might report an additional
line showing the local and remote ports and addresses in the
established state, or a second line showing the client-side port in the
listening state. Thus when you run Netstat on Windows 2000 and XP
systems and compare the results with those on NT systems, the
output can look different. This is only a different method of reporting
listening ports not a network bug.
Insufficient TCP sockets are available. Consult your vendors TCP/IP
documentation to increase the maximum number of sockets.
You have reached a TCP/IP socket limitation. To see how many active
TCP/IP sessions the server system has open, use Netatat with the -n
switch (to disable reverse DNS lookups) and output the listing to a file.
Import the listing to a spreadsheet and count the total number of
connections. Then break the connections down by their state
(Established, Time_Wait, Close_Wait, Fin_Waitn). You should be able to
support more than 2,000 concurrent connections. If not, review your
operating system and TCP/IP stack settings with the operating system
and TCP/IP stack vendor. If you have a large number of Close_Wait
sessions, you may have network-level problems. If you have a buildup of
Time_Wait sessions with HTTP services, review your TCP/IP stacks
settings to see if the stack offers a setting to time out Time_Wait sessions
sooner.
As a temporary solution or if you cant make any alterations to the
system or TCP/IP stack, you can limit the number of NRPC sessions the
server will support concurrently, but there will be a performance cost for
doing so. To limit the number of concurrent NRPC sessions, do one of the
following:
Edit the portname_MaxSessions setting in the NOTES.INI file to limit
the number of sessions that can run on this port.
Troubleshooting 63-59
Troubleshooting
The remote TCP/IP host is not running the Domino server, or the
server is busy.
The server is currently not running, or the server cant accept another
TCP/IP connection or Domain session. Start the server, or verify that it is
running. Check the server to determine if its workload is unacceptably
heavy.
The TCP/IP protocol stack reported that it ran out of memory. Consult
your network documentation to increase configured memory, or
reduce Notes connections by limiting clients (see
SERVER_MAXSESSIONS parameter in Notes Admin Guide).
This error can occur when your server systems resources are not
correctly sized for the number of inbound and outbound connections or
when events push the server into resource starvation.
If you are using Windows NT, you may be encountering a page file
limit. Both Domino and the TCP/IP stack use shared memory. If the
page file is not large enough or the number of pages exceeds what
the operating system can provide, this error appears. Upgrade the
operating system to Windows 2000 with Service Pack 2.
Unable to locate the Domain servers TCP/IP host. The TCP/IP domain
name server may be down.
Use the ping command to verify that DNS is running.
Unexpected TCP error. See the Notes log file on this system for error
code.
Look in the log file to see the reported error code or codes.
KnowledgeBase lists many of the error codes. If you find an error code
that isnt in KnowledgeBase, report it to Lotus Support Services.
TCP/IP error messages Client or server
These sections describe common error messages on a Notes client or
Domino server using NRPC services over TCP/IP.
Network operation did not complete in the specified amount of time.
The connection pathway between the client or server system and the
target server was unable to sustain the session. This happens when a
system is accessing a remote server over a slow or very congested WAN.
Possible solutions to this problem are:
If this error occurs over a LAN, you may be experiencing frame and/or
packet sizing problems because you have a mixed-topology network or
because your network routers routing tables are converging. In these
cases, the network pathway to or from the target Domino server cannot
forward the TCP/IP packet stream.
Troubleshooting
If you are using a remote VPN connection across the Internet, with some
VPN client software you can encounter packet sizing issues on the Notes
client or Domino server and/or with the firewall systems VPN services.
10 seconds, as the client or server wont retry the connection until the
timer has expired.
To access the Port Setup dialog on a Notes client, use File - Preferences User Preferences and click Ports. To access this dialog box for a Domino
server, use the Domino Administrators Configuration tab and select
Server - Setup Ports from the Tools pane.
Once in the Port Setup dialog box, select the TCP/IP port and click the
port name Options button.
The server is not responding. Possible explanation.
Variations of this error can occur when name-to-address resolution has
completed on the local system, but the server would not respond to that
address. The causes of this error include:
The contents of the Net Address field returned by the Notes Name
Service is not the active address, either because of a typographical
error, or because there is more than one enabled Notes network port
for TCP/IP and the port listed first in the Server document is offering
a different FQDN than the second. In this case, if you are trying to
connect through the port listed second, the connection fails.
The address returned by DNS or hosts files is not the correct address
or is not correct for this location.
To resolve problems associated with this error, follow all the steps in the
topic How to troubleshoot TCP/IP problems in NRPC later in this
chapter. To resolve problems involving advanced TCP/IP configurations
(more than one enabled port), see the chapter Setting Up the Domino
Network.
Note Verify that the ordering of the name lookup services is Host
first and DNS second; otherwise, the hosts file entries may not be
used when you expect them to be (excluding the NetBIOS Name
Service).
3. If you use the Network Information Service (NIS) for name
resolution, ask the UNIX system administrator responsible for the
NIS domain to register the servers IP address and host name. If the
server name does not match the TCP/IP host name, request that the
server name be registered as an alias for the host name.
For more information on DNS resolves, see the topic Checking TCP/IP
name resolution in NRPC later in this chapter, as well as the chapter
Setting Up the Domino Network.
Troubleshooting 63-63
Troubleshooting
4. Ping the server from the server itself by its DNS fully qualified
domain name (FQDN) to verify that it was added to the network
correctly; then ping the server from the workstation by FQDN.
For example, type:
PING iodine.lotus.com
5. Ping the server by DNS alias name from the server itself to verify it
was added to the network correctly. Then ping the server from the
workstation. Ideally the server host alias names all should be the
same as the Domino server names. Sometimes the servers FQDN
may differ from the Domino servers. That is when the alias name is
used, being the same as the Domino servers name.
For example, type:
PING Iodine
Troubleshooting 63-65
Troubleshooting
UNIX/Linux
ipconfig <interface
name> or
ifconfig <interface
name>
Different switches or
commands may be required for
each UNIX platform; consult a
UNIX expert if necessary.
Windows
NT/2000/XP
Note any recent changes made to the hosts file. Confirm that the
information in the hosts file is correct. The target machines that a
computer may contact must be defined in the local hosts file.
Operating System Location
Explanation
Macintosh
Not applicable
UNIX/Linux
/etc/
Not applicable
Windows 2000
system32 directory
Windows XP
windows\system32\drivers
\etc\
The OS directory
might be renamed
Windows NT
wnnt40\system32\drivers
\etc\
The OS directory
might be renamed
The OS directory
might be renamed
2. Look at the Server document and determine if the first part of the
servers fully qualified domain name (FQDN) in the TCP/IP ports
Net Address field is the same as the servers common name. For
example:
FQDN = mailhub1.lotus.com
Server common name = Mailhub1
If this is not the case, a name resolution alias is required in the hosts
file or DNS table.
Note If the first part of the FQDN is the same as the server common
name, the problem may be within DNS. For more information, see
the vendors documentation for the DNS server.
3. If the Server document has changed recently, restart the server in
order for the changes to take effect.
After you finish checking name resolution, see the topic Checking a
TCP/IP network pathway later in this section.
Troubleshooting 63-67
Troubleshooting
10 ms
elves.north.com
10 ms
<10 ms
rdeer.north.com
3
<10 ms
10 ms
[118.111.90.204]
10 ms
santa.north.com
2
<10 ms
[118.111.29.2]
Trace complete.
In this example, there are two IP routers between the workstation and the
server (three, minus the first one which reported itself, leaving two).
Checking the Maximum Transmission Unit (MTU)
Each end-node system and router port on the network has the ability to
control the size of the TCP/IP packet. Each NIC (port) can have its MTU
set to a different value, and each topology has a different default value.
The network administrator can increase or decrease this setting to meet
the requirements of the network. MTU traffic issues are handled at the
TCP/IP level and not within Notes workstations or Domino servers.
If any of the following situations exist, suspect an MTU problem, and
contact your network administrator:
There are routers between the source and destination of traffic that
could be set up with an incorrect MTU size.
the SNAP frame support if you have a routed network with Token-Ring
or FDDI topologies where the router will translate the frame types (free
up non-needed resources).
With Windows-based TCP/IP protocol services, the default frame type
for 802.3 (Ethernet) network topology is v2 DIX and for Token-Ring and
FDDI it is SNAP over LLC.
With Novell ODI-based TCP/IP protocol services, all systems using the
TCP/IP protocol on 802.3 Ethernet should be using the same frame type.
The table below lists the frame types compatible across the different LAN
topologies.
LAN topology and
frame services
Novell compatible
frame types *
Comments
Ethernet v2 (DIX)
Ethernet_II
Not applicable
Recommended for
TCP/IP
Not applicable
Not applicable
SNAP
Ethernet_SNAP
Token-Ring_SN
AP and
FDDI_SNAP
Not applicable
IEEE 802.5
(Token-Ring) and
FDDI
Not applicable
Not applicable
Not applicable
SNAP
Token-Ring_SNA Ethernet_SNAP
P & FDDI_SNAP
Required for
TCP/IP for
Token-Ring and
FDDI networks
Note If using a NetWare server as a TCP/IP router, make sure that the
NetWare and Domino server systems are using the same common frame
type for TCP/IP and that only one frame type is being used to support
the TCP/IP protocol in a flat or bridged network.
Troubleshooting
Troubleshooting 63-69
For common error messages in IPX/SPX, see the topic IPX/SPX error
messages later in this chapter.
Frame types in the IPX/SPX network
All Domino server and Notes client systems using the IPX protocol need
to use the same IPX frame type across all network segments and
topologies.
Note Make sure that the NetWare and Domino server systems are
manually locked to the same frame type and that only one frame type is
used to support the IPX protocol in the network. Otherwise, you may
have connectivity problems or IPX wrapper errors because of the
different IPX packet sizes the frame types impose.
Note On Notes client systems running Windows, it is best to use the
Control Panel to select a specific frame type for the IPX/SPX network
rather than to detect which type is being used with Auto Detect (the
default).
The following table lists the possible frame types across different LAN
topologies:
LAN topology and
frame services
Novell compatible
frame types*
Comments
Ethernet V2
(DIX)
Ethernet_II
Not applicable
Recommended for
TCP/IP(Used in
very old IPX
networks, not
recommended)
IEEE 802.3
(Ethernet)
RAW
Ethernet_802.3
Not applicable
Not applicable
LLC
Ethernet_802.2
Token-Ring and
FDDI
Recommended for
the IPX protocol
suite
(Recommended
by Novell)
SNAP
Ethernet_SNAP
LLC
Token-Ring
SNAP
Token-Ring_SNAP Ethernet_SNAP
andFDDI_SNAP
IEEE 802.5
(Token-Ring)
Note You must assign the Token-Ring bridge a unique number. If the
bridge connecting two token rings does not have a unique number, the
IPX/SPX connection fails. The NetWare servers, Domino servers, and
other switches or bridges on the given Token-Ring network all share a
common IPX network number within the bridged domain.
Troubleshooting 63-71
Troubleshooting
1. Make sure that the IPX/SPX network frame types are correctly
configured.
2. Make sure that you have the latest versions of the IPX/SPX protocol
services installed on the all of the Notes clients, Domino servers, and
NetWare servers.
3. Make sure that the Domino server located on the Token-Ring
network that is using source routing can access a local NetWare
server that has source routing enabled, so that either the Bindery or
NDS name resolver service can be established. You must implement
Novells source-routing NetWare Loadable Module (NLM) in an
IPX/SPX network.
4. Check that the switch or bridge configuration can support the frame
sizes that the IPX/SPX protocol is using. Many units limit the buffers
to 4096 or 4500 octets (bytes). The IPX/SPX protocol stack settings on
Notes clients or Domino servers may also need to be altered so that
they dont exceed the switchs or bridges frame size limit.
IPX name resolution services (Bindery and NDS)
Domino servers can use either Bindery, NDS, or both for IPX system
name-to-IPX net/node address resolution (IPXs NCP protocol services).
Bindery services are dynamic in nature. As such, any loss of
communication between the Domino server and the NetWare server or
other NetWare server can cause loss of access. NDS objects once
initialized are static in nature, so as long as the system can access the
NDS tree, it can locate the Domino server.
Note An IPX node address is often the same as the MAC address of the
network adapter card. When crossing bridges between Token-Ring and
Ethernet or between Token-Ring and FDDI there may be issues where
the MAC address and the IPX node numbers are not consistent with the
NDS tree objects of the Domino servers. When Notes clients or Domino
servers are accessing a Domino server on the other side of the bridge via
NDS, they must have consistent MAC and node addresses from their
network segment ({Least/Most Significant Bit order} LSB/LSB or
MSB/MSB, not MSB/LSB or LSB/MSB).
The following table offers some basic guidelines in using Bindery and
NDS services:
Novell server network
NetWare 3.12
(Bindery only)
NetWare 3.12
(Bindery only)
*Domino servers can support only one Bindery context entry that the Notes
client and/or Domino server systems can access.
** Recommend filtering Bindery service advertising protocol (SAP) services over
WAN links if there are any Bindery-only devices present on the network.
If an attempt to log into a Novell server from the Domino server fails or
an SLIST shows no Novell servers are available, the network
administrator must analyze the network to find out why the Domino
server cant access a Novell file server so that either the Bindery or NDS
name resolve service can be invoked.
Troubleshooting 63-73
Troubleshooting
3. Make sure that the user has the necessary privilege to use a network
dialup connection to dial into the server. If necessary, modify the
users privileges. Also, make sure that the user is using the correct
user ID password.
4. Trace the connection to the server. Check the resulting information
for indications that the Connection document isnt properly
configured. For example, common mistakes in the Connection
document include not listing the current location or failing to enable
the specified port(s).
Note Information from a trace is recorded in the Miscellaneous
Events view of the log. In the Trace Connections Log Options field,
you can set the level of detail to record. For maximum information,
choose Full Trace Information.
5. Use the dialing method provided by the network dialup client to
make the network dialup connection. If the connection fails, check
for the correct configuration and check the modem for problems.
6. If the connection is successful, while the connection is still active,
switch to the Notes workstation or Domino server and attempt to
connect to the destination server. At this point, the workstation or
server should be connected to the LAN. You can temporarily set the
Usage priority field of the network dialup Connection document to
Low to force the connection over the LAN before using the
Connection document.
7. If the previous step succeeds, drop the connection, switch to the
Notes workstation, and choose File - Mobile - Call Server to call the
remote access server. If you previously set the Usage priority field of
the network dialup Connection document to Low, reset the priority
to Normal.
8. Make sure youre using the correct Connection document. Then,
make sure the information in the Connection document is correct.
Troubleshooting 63-75
Troubleshooting
Error messages
This section lists common error messages displayed on the server console
or at the Notes client, and provides information on what caused the error
and how to recover from it.
Modem command files contains illegal character
You selected the wrong modem.
Select the correct modem file from the COM options - Modem type drop
down box.
The selected modem command file only allows speeds as high as
XXX
The configured modem speed exceeds the supported speed.
Check the maximum modem speed for your modem and configure it in
the COM options - Maximum Port Speed.
Excessive Port or CRC errors on the last connection. Try enabling
hardware flow control on the port or reducing the maximum speed
settings
The configured modem speed exceeds the supported speed.
Enable flow control on the Notes client and Domino Server.
Reduce modem speed on the machine with Port and/or CRC errors.
Communications port unit number is not within valid range.
You have too many ports configured.
Set the valid number of ports on your system. Notes and Domino accept
up to 64 ports.
No dialtone
The modem is not receiving a dial tone.
Check the phone line. Make sure that line is active and plugged into the
modem properly.
If you are in Europe, make sure that you have disabled wait for dial
tone before dialing in the COM options box.
Troubleshooting
For more information about the Trace command, see the appendix
Server Commands.
You can also search for solutions to common problems on the Lotus
Support Services Web site at www.lotus.com/support.
Server exiting: partition number xx is already in use
This message appears when you try to start more than one server in a
partition. To correct this, stop all processes associated with the partition.
If that fails, restart the system.
Server not responding connecting to a partitioned server
This message may appear if a partitioned server uses TCP/IP port
mapping.
1. If the destination server is sharing a network interface card with a
port-mapping server, check that the port-mapping server is running.
Domino cant establish a connection to a server sharing the
port-mapping servers IP address unless the port-mapping server
can redirect the traffic to the port the destination server is listening
on.
2. Make sure that the port-mapping information in the NOTES.INI file
is in the correct order. In the port-mapping servers NOTES.INI file,
there are entries that reference the other partitioned servers on the
computer. If the lines containing the port-mapping information are
out-of-order, Domino displays the message Server not responding
or Servers name changed. Edit the port-mapping servers
NOTES.INI file, and make sure that the partitioned servers are listed
in numerical order, as in this example:
TCPIP_PortMapping00=
TCPIP_PortMapping01=
TCPIP_PortMapping02=
TCPIP_PortMapping03=
After modifying the NOTES.INI, stop and restart the server so that
the changes take effect.
3. Make sure that the port number appended to the destination servers
IP address matches the port number in the NOTES.INI file on the
destination server. Also, verify that the server name and
organization are correct.
For example, this setting in the port-mapping servers NOTES.INI
file assigns the destination servers IP address and port number:
TCPIP_PortMapping00=CN=Server1/O=Org1,198.114.89.123:135
20
2. Check the Server document to ensure that the server is enabled for
passthru. The Route through field on the Security tab in the Server
document restricts who may use a server as a passthru server. By
default, this field is blank, which prevents use of the server as a
passthru server. You can also create a new passthru Connection
document that names a different server that allows passthru to the
destination server.
Troubleshooting 63-79
Troubleshooting
1. Verify that the passthru server is running Domino 4.x or higher. The
destination server can run Notes 3 or Domino 4.x or higher.
You can also use the Access this server field in the Server
document to restrict who can use passthru to access a server. If this
field is blank on the destination server, the server does not allow
passthru access. Only the users, groups, and servers explicitly named
in this field have passthru access. Note that this field does not restrict
general access to the server, which is controlled by fields on the
Security tab of the Server document.
3. Make sure that the Connection document is properly configured.
Check the log for the message Unable to find any path to
ServerName, which indicates that there may not be enough
information in the Domino Directory to determine how to reach the
destination server or that the information in the Domino Directory is
incorrect for example, server names might be misspelled.
For more information on setting up and tracing connections, see the topic
Tracing a network connection earlier in this chapter, as well as the
chapter Setting Up Server-to-Server Connections.
Replication Troubleshooting
These topics describe how to troubleshoot replication.
Tools for troubleshooting replication describes tools you can use for
troubleshooting replication problems.
You can also search for solutions to common problems on the Lotus
Support Services Web site at www.lotus.com/support.
Log file
To access the log, from the Domino Administrator, click the Servers Analysis tab and select the log file for the server you want to check. Then
check for replication problems in these views:
Miscellaneous events
Phone calls
Replication events
Tip You can also check replication events from the Replication tab in
the Domino Administrator.
Edit the NOTES.INI file to include the Log_Replication setting, which
allows you to display detailed replication information in the log.
Monitoring Configuration
The Monitoring Results database (STATREP.NSF) is a repository for
pre-configured and custom statistics. It is created when you load the
Collect task, if it doesnt already exist. You can set alarms for some of
these statistics. For example, you might set an alarm to generate a Failure
report when more than three attempted replications generate an error.
You can also report statistics to any database designed for this purpose,
although typically the database is the Monitoring Results database
(STATREP.NSF).
Note that you can edit the NOTES.INI file to include the
Repl_Error_Tolerance setting, which increases the number of identical
replication errors between two databases that a server tolerates before it
terminates replication. The default tolerance is 2 errors. The higher the
value, the more often messages such as Out of disk space appear.
If you run the Event task on a server, you can set up an Event Monitor
document to report replication problems. You can also create a
Replication Monitor document that notifies you if a specific database fails
to replicate within a certain time. To view events from the Domino
Administrator, click the Server - Analysis tab, click Statistics - Events,
and then view the desired report.
Troubleshooting 63-81
Troubleshooting
Replication history
The replication history for a database describes each successful
replication of a database. To view the replication history of a database,
select a database icon and choose File - Database - Properties (or File Database - Replication - History).
Replication schedules
You can see a graphical representation of the replication schedules of the
servers in your Domino system. To view replication schedules, from the
Domino Administrator, click the Replication tab.
For more information on viewing replication schedules, see the chapter
Creating Replicas and Scheduling Replication.
Replication topology maps
Create a replication topology map to display the replication topology and
identify connections between servers. To view replication topology
maps, from the Domino Administrator, click the Replication tab. You
must load the Topology maps task before you can view a replication
topology map.
For more information on viewing replication topology maps, see the
chapter Creating Replicas and Scheduling Replication.
The new replica contains the ACL of the source server but you did
not copy the ACL
Unable to replicate with server x: You are not authorized to use the
server or remote server
Troubleshooting 63-83
Troubleshooting
3. Make sure the server is available. Check the log for the message
Unable to replicate with server x : Server not responding, which
indicates that one server cant connect to another server for
replication or that server x is unavailable.
For more information on the log file, see the chapter Using Log Files.
Troubleshooting 63-85
Troubleshooting
On the Send panel, the Do not send deletions made in this replica to
other replicas option is selected.
Unused space
One replica has been compacted while another has not been compacted.
Troubleshooting 63-87
Troubleshooting
The new replica contains the ACL of the source server but you did
not copy the ACL
A replica stub is an empty replica that has not yet been populated with
documents. When you select File - Replication - New Replica, Notes
creates a replica stub and populates it with documents, either
immediately or at the next scheduled replication, depending on the
option you select.
For more information on server access, see the chapter Creating
Replicas and Scheduling Replication.
Somebody modified the access control list on the source server
before initial replication occurred
If you create a replica stub and somebody modifies the ACL on the
source server before initial replication occurs, the ACL on the source
server becomes the most recent one and replicates to the replica stub.
Simply opening the Access Control List dialog box on the source server
replica and then closing it can cause this problem.
The server times are not synchronized
If you create a complete replica immediately (rather than creating a
replica stub) and the time on the source server is later than the time on
the destination server, the new replica contains the ACL from the source
server.
Troubleshooting 63-89
Troubleshooting
On the Send panel, the option Do not send deletions made in this
replica to other replicas. A source server doesnt send deletions to
another replica if this setting is selected.
Unexpected deletions may also occur for any of the following reasons:
There is a new replication formula in place
A new replication formula overrides previous formulas and removes
documents that dont match the formula.
A replication setting is automatically removing older, unmodified
documents
The replication setting Remove documents not modified in the last [ ]
days removes older, unmodified documents. If the specified number of
days is low, consider increasing the value. This option is on the Space
Saver panel of the File - Replication - Settings dialog box in the Notes
client.
reappear after the next replication. This option is on the Space Saver
panel of the File - Replication - Settings dialog box in the Notes client.
A document edit writes over a document deletion
When the same document is modified on different servers between
replication sessions, the document that was modified most
frequently takes precedence, or if both documents are modified only
once, the one modified most recently takes precedence.
You can also search for solutions to common problems on the Lotus
Support Services Web site at www.lotus.com/support.
Use the Set Secure command at the console or use the Domino
Administrator to clear the password.
For information on using the Set Secure command, see the appendix
Server Commands.
Troubleshooting 63-91
Troubleshooting
Also, filters might prevent broadcast traffic from Notes from crossing
a bridge or router. Bridges and routers are often configured to
suppress broadcast traffic by default, and NetBIOS uses broadcasts
to communicate on networks.
You are not authorized to access the server or similar problems
When users or servers get a not authorized to access the server
message, try these tips to identify and then fix the problem.
1. Check the Domino Directory.
2. Check the server ID.
3. Check that the user has the proper certification to access the server.
4. Check for network or hardware problems.
Checking the Domino Directory for errors that affect server access
Many conditions that prevent proper access to servers can be traced to
the Domino Directory.
1. Verify that these fields in the Server document contain the correct
information and spelling. For each change you make, be sure to save
the Server document before attempting to access the server again.
Check this
Server name
Domain name
Port
Notes Network
Field on the
Restrictions tab
Check this
Access server
Troubleshooting 63-93
Troubleshooting
Field on the
Network
Configuration tab
7. Replace the design of the Domino Directory. Select File - Database Replace Design. This ensures that the Domino Directory is using the
correct template file (PUBNAMES.NTF).
8. Check Server document form in the Domino Directory for
customizations that are not supported.
For information about supported customizations, see the appendix
Customizing the Domino Directory.
9. Make sure that passthru is properly enabled on the Server document.
For information about enabling passthru, see the topic Passthru
Troubleshooting earlier in this chapter.
Troubleshooting 63-95
Troubleshooting
3. Check for a Public Key... message that appears when the server
starts. Verify that the public key stored in the Server document
matches the public key stored in the server ID. To do this, copy the
IDs public key to the clipboard, and then paste it to another
application for example, into Windows Notepad so that you
can compare it with the public key in the Server document. Be sure
to perform a full backup of the Domino Directory before altering the
key.
You can also search for solutions to common problems on the Lotus
Support Services Web site at www.lotus.com/support.
Software problems
Network problems
Use these steps to troubleshoot a server crash. If, after completing these
steps, you havent resolved the problem, consult your technical support
representative.
1. Collect system information:
Domino server version
Operating system version (SYSLEVEL information if the operating
system is OS/2, by typing SYSLEVEL at an OS/2 prompt).
Network type and version; network protocol(s) and version(s)
(including file dates)
System level patches
Server hardware
Names of API programs and tasks, gateways, backup programs,
executable scripts, third-party programs, and so on.
2. Note any changes to these elements of the Domino environment. If
possible, revert to the previous configuration to determine if the
problem still occurs.
Operating system changes for example, did you upgrade the
operating system or apply a new patch?
Network changes for example, did you add a new router or
upgrade the network software or firmware?
Network interface card (NIC) changes for example, is the NIC
new, or is the NIC software driver old and the operating system
new?
Troubleshooting
Run the Fixup task. Use this task if the database is in Domino 5 or
higher format and if youre not using transaction logging, or if the
database is in Domino 4 format.
Run the Fixup task with the -J option. Use this task if the database is
in Domino 5 or higher format and you are using transaction logging.
If you use a backup utility certified for Domino 5 and you run Fixup
-J, perform a full backup of the database as soon as Fixup finishes.
Note The Fixup task can take a significant amount of time to run on a
large database or on the entire server.
For more information on using Fixup to repair corrupted databases, see
the chapter Maintaining Databases.
Corrupt view causes a server to crash
If a server crash seems related to a corrupt database view, run the Updall
task on the database with the -r option:
Load updall databasename -r
Note The Updall task can take a significant amount of time to run on a
large database. It will also take a significant amount of time if you run
Updall without specifying the database name, which forces the task to
run on all databases on the server.
Server crashes while updating a database index
If a server crashes while updating a database index, do the following:
1. Run the Updall task on the database with the -r option to fix a
damaged database index:
Load updall databasename -r
Troubleshooting
Note The Updall task can take a significant amount of time to run
on a large database. It will also take a significant amount of time if
you run Updall without specifying the database name, which forces
the task to run on all databases on the server.
Cause
Divide error
3.00 Breakpoint
4.00 Overflow
Code Meaning
Cause
9.00 Coprocessor
segment overrun
The mail file location on the Mail tab of the administrators location
document must point to the server on which the CA process is
running.
Troubleshooting 63-101
Troubleshooting
The CA process may be running on a server other than the one that
hosts the master Domino Directory, adding replication delays to the
process.
Then
tell ca refresh
Then
tell ca stat
to see if the changes have been processed. You may need to repeat the
process more than once.
For more information about configuring and using a server-based CA,
see the chapter Setting Up a Domino Server-Based Certification
Authority.
3. If the log path is correct and the device is good, restart the server. The
problem should be fixed and you do not need to continue to step 4.
4. If log path is correct but the device is bad, replace the device on the
log path, or edit the TRANSLOG_Path setting in NOTES.INI to point
to a different log path.
Note If you edit the TRANSLOG_Path setting when you restart the
server, be sure to make the same edit to the Log path field in the
Server document. Otherwise, Domino reverts to the old path upon
the next server restart.
5. Restart the server. Domino creates new log files and a control file,
and assigns new DBIIDs to all Domino 5 or higher databases.
6. If Automatic fixup of corrupt databases is set to Yes in the Server
document, the Fixup task runs on the databases that require media
recovery or Fixup. Otherwise, you must run the Fixup task manually.
7. Perform full database backups.
Troubleshooting
6. Restart the server. Domino creates new log files and a control file and
assigns new DBIIDs to all Domino 5 or higher databases.
9. Restart the server to correct the problem, and then stop the server so
it shuts down cleanly.
10. While the server is down, use the third-party backup utility to
perform media recovery. If the archived log still cannot be used,
allow database backups to be restored without the transactions in the
corrupted log.
11. Perform full database backups.
12. Restart the server.
You can also search for solutions to common problems on the Lotus
Support Services Web site at www.lotus.com/support.
Users are prompted multiple times for their name and password
Users are prompted multiple times for their name and password
You can configure Domino Web sites so that Domino authenticates and
asks Web users for their credentials only once when they access different
locations. Like other Web servers, Domino adheres to the HTTP
authentication model. When a user accesses a page on a Domino Web
site, the browser keeps track of user credentials, based on the realm that
Troubleshooting 63-105
Troubleshooting
IP Host
name
Comment
Salt/Sales/Acme
salt
salt.usa.com
123.3.12.24.5
#Salt server
pepper.usa.com
123.3.12.678
#Pepper
server
Pepper/Support/Acme pepper
Troubleshooting
Troubleshooting 63-107
If the host name is the Domino servers common name, then the hosts file
or DNS will require an alias link as shown here:
Domino server
name
IP Host IP Fully
name Qualified
Domain Name
IP Alias name
entry
IP Address
Comment
Red/Marketing/ ruby
Acme
ruby.usa.com
Purple/IS/Acme violet
The Web task stopped running or hasnt been started on that server.
To resolve this problem, start the Web task on the server the runs the
Web Navigator.
2. Delete WEBADMIN.NSF.
3. Enter this command at the console:
load http
Note Do not try to refresh the database from the File menu using File Database - Replace Design or Refresh Design.
Troubleshooting 63-109
Troubleshooting
Server.Load Troubleshooting
The dynamic link library NNOTES.DLL could not be found in the
specified path
Check to see if SLOAD.EXE was copied to the Notes program directory.
Copying SLOAD.EXE to the Notes program directory should resolve the
issue.
Error detected on changeto: No such port known (0x0A25)
This message appears when you use a custom script. Enable the port by
choosing File - Preferences - User Preferences and selecting Ports.
Error in NIFFindView messages
Adding documents to a folder that does not exist returns the following:
Error in NIFFindView
add 10 -f $ABC
Error in NIFFindView: 0x0404--Entry not found in index
'add' summary: Added 10 notes
Reference
Appendix A
Server Commands
You can use server commands to perform all administration tasks. This
appendix describes how to enter server commands and provides
complete information on using each server command.
A-1
where filename.ext is the name of the file to which you want to save
output. Enter a space after the server command but not after the
redirection symbol (>). For example, this command writes the output of
the Show Tasks command to the file TASKS.OUT in the Notes directory:
Show Tasks > TASKS.OUT
To store output in a file outside the data directory, specify the complete
path to the file.
Tip To save time and space at the command line, enter the
abbreviation for the server command. You can also press the Up
arrow to display a command that you previously entered.
4. (Optional) Use these key combinations, as necessary:
Press CTRL+Q or PAUSE to stop the screen display and suspend
access to the server and events in process.
Press CTRL+R to resume display and access to the server.
A-2 Administering the Domino System, Volume 2
If you are sending several shell or Controller commands, you can change
to Shell or Controller command mode in a remote console by entering the
appropriate prefix in the Command box and pressing enter. Then you do
not have to specify the prefix each time you send a command. To exit the
specified command mode, enter the prefix again.
For example, to enter the Controller command mode, enter # in the
Command box. When you are done sending Controller commands, enter
# again to exit Controller command mode.
The following table describes the available Controller commands.
Controller command
Description
Broadcast message
Disable username(s)
continued
Server Commands A-3
Reference
Controller command
Description
Enable username(s)
Kill Domino
Quit
Refresh Admins
Restart Domino
Set ControllerLog
Expiration=days
Show Processes
Start Domino
Reference
d. Click Add.
e. Repeat Steps b - d for each server to which you want to send the
command.
f. (Optional) Select or deselect Quiet Commands to optionally
change the option specified in Step 6.
g. (Optional) Click Create Group, enter a name for the group, and
click OK to save the group of selected servers.
h. Click Send.
Tip You can also select a group youve added to the Send menu.
8. If you entered a Controller command or shell command, enter the
following in the Login dialog box that opens:
In the Servers Internet Address box, specify the TCP/IP host
name of the server.
In the User ID box, specify a name in your Person document in the
Domino Directory on the server to which you are connecting.
In the Password box, specify the password in the Internet
password field of your Person document.
Click OK.
9. (Optional) Do any of the following, as necessary:
Click Live to display events as they happen on the remote server.
Click Pause to pause output from the remote server.
Click Stop to stop events as they happen on the screen.
Adding commands to the Commands menu
If you frequently use the Domino Administrator console to send a
specific command, add it to the Commands menu so its easy to select.
For example, if you frequently send a command with a particular
argument, add it to the Commands menu so you dont have to type the
argument each time you send the command.
1. From the Domino Administrator, click Server - Status.
2. Click Server Console.
3. Click the Commands menu and select Custom Commands.
4. Add the command and any arguments.
5. Click Add.
6. Click Save. The Commands menu lists the command.
Reference
4. Enter the path and file name of your Notes user ID.
5. Enter the password for your Notes user ID.
6. To exit cconsole, type:
done
Remote cconsole
The cconsole program doesnt start if the Domino server isnt running on
the same machine as the cconsole program. If the server fails while
cconsole is running, cconsole may not automatically shut down. In this
case, enter the done command to exit the cconsole program.
To run cconsole from a remote machine, first telnet to the machine
running the Domino server.
Result
done
live on
live off
Disables the live console so that you see only the commands
entered and the responses to these commands
Lets you enter the path and file name for the Notes user ID when you
start cconsole so that you arent required to respond to the prompts
-i
-l
Lets you automatically start that console live when you start cconsole
For example, if you dont want to wait for the prompt to enter the path
and file name for the Notes user ID, enter this command:
/opt/lotus/bin/cconsole -f notes/data/rrutherford.id
Reference
Note There is a security risk when running the cconsole program from a
remote machine or from a remote X display. The cconsole program
warns you of this security risk before proceeding. Deploy a secure
remote protocol such as encrypted telnet. To address this security risk,
if you dont deploy a secure remote protocol, run the cconsole program
only from the local Domino server machine.
Description
Broadcast
Dbcache Flush Closes all databases that are currently open in the database
cache.
Drop
Exit
Help
Load
Platform
Pull
Push
Quit
Replicate
Restart Port
Restart Server
Stops the server and then restarts the server after a brief delay.
Restart Task
Route
Set
Configuration
Set Rules
Set SCOS
Set Secure
Set Statistics
Show Agents
Show Allports
Description
Show Cluster
Show
Configuration
Reference
Command
Show Directory Lists all database files in the data directory and identifies
multiple replicas of a database.
Show
Diskspace
Show
Heartbeat
Show Port
Show Schedule Shows the next time that a server task will run.
Show SCOS
Show Server
Show Stat
Show Stat
Platform
Show Tasks
Show
Transactions
Show Users
Show Xdir
Start
Consolelog
Command
Description
Start Port
Stop
Consolelog
Stop Port
Tell
Trace
Broadcast
Syntax: Broadcast message [usernames or database]
Broadcast (!) message [usernames or database]
Description: Sends a message to specified users, users of the specified
database or to all users of this server. Use this command to warn users
when a server is brought down for maintenance. By default, the message
you enter appears in the users status bar. To display the message in the
middle of the users screen, precede the message with (!).
Examples:
Broadcast Server ACME will be down in 10 minutes Sends a
warning message about impending maintenance on server ACME to all
users on this server.
Broadcast (!) Server ACME will be down in 10 minutes Sends the
same warning message as shown in the example above, but this message
displays in the center of the users screen. Note that parentheses () are
entered as part of the command string.
Action
Broadcast a
message to
Choose one:
Selected user to send the message to the users you
selected in the middle pane of the Server - Status tab.
All connected users to send the message to all
users with active sessions on the Domino server.
All users of a database to send the message to all
users of a particular database. Enter the directory
string for the database in the field.
Broadcast this
Message
Show as dialog
box on users
workstation
Dbcache Flush
Syntax: Dbcache flush
Description: Closes all databases that are currently open in the database
cache. Use this command before maintaining databases to flush
databases from the cache.
For more information on the database cache, see the chapter Improving
Database Performance.
Drop
Syntax: Drop username
Description: Closes one or more server sessions. To visually confirm
which sessions are dropped, you must enter the Log_Sessions=1 setting
in the servers NOTES.INI file.
For information on Log_Sessions, see the appendix NOTES.INI File.
Reference
Field
Examples:
Drop Sandy Closes the current session running under the user name
Sandy.
Drop Lee Fran Closes the sessions running under the user names
Lee and Fran.
Drop All Closes all server sessions.
Exit
Syntax: Exit
Description: Stops the server. This command is identical to Server Shutdown.
Before you use Exit to stop the server, use the Broadcast server command
to warn users so they can finish their current tasks before you stop the
server.
If you stop a server while its replicating databases or routing mail, these
tasks resume at the next scheduled interval after you restart the server.
Replication or mail routing continues until the databases are fully
replicated and until the complete mail message is transferred or returned
to sender.
Tip You can also stop the server from the Domino Administrator. From
the Domino Administrator, click the Server - Status tab, and then click
Server - Shutdown.
Reference
Help
Syntax: Help
Description: Displays a list of server commands with a brief description,
arguments (if any), and the proper syntax for each.
Load
Syntax: Load programname
Description: Loads and starts a specified server task or program on the
server. You can start a server add-in program or one that takes a
command line for additional data, such as a backup program. The
program you run must be on the servers search path.
Use the Load command to run a program until it completes or, if the
program runs continually, until you stop the server. Where applicable,
you can include arguments that determine how the program runs.
Note Most server commands support the arguments -? and /? to
display online help. For example, you could enter one of these to obtain
help for the server command Load Compact:
Load Compact -?
Load Compact /?
Examples:
Load Fixup Loads and runs the Fixup server task.
Load Object Info OBJECT.NSF Loads and runs the Shared Mail
Manager and passes along arguments that execute the Info task.
For more information, see the appendix Server Tasks.
Platform
Syntax: Platform <main argument> [<optional arguments>]
Description: Controls the platform statistic feature at the console.
Platform statistics that are affected by the reset command are:
Arguments:
Arguments
Description
Pause
Resume
platform time 5
Use the Platform Reset command so that prior existing values are not
used in calculating minimum, average, or maximum values. You may
want to use this command when platform statistics have been
accumulating overnight and you want to clear out the accumulation. For
example:
platform reset
Use the Platform Reset Interval Enable command to reset all values each
time you begin a new sampling period. For example:
Platform Reset Interval Enable
Pull
Syntax: Pull servername [databasename]
Description: Forces a one-way replication from the specified server to
your server. You can also replicate a single database from the specified
server to your server by including the database name on the command
line. The initiating server receives data from the named server, but
doesnt request that the other server pull data from it. This forces a server
to replicate immediately with the initiating server, overriding any
replication scheduled in the Domino Directory. Enter the servers full
hierarchical name, if applicable.
You can pull changes immediately if an important database, such as the
Domino Directory, has changed or if a database on your server is
corrupted or has been deleted.
For replication to succeed, make sure that:
Reference
Examples:
Use Platform Time <n> to start a new performance data monitoring
session with a sampling period of n minutes. This means that the statistic
value can change every n minutes. For example:
Database ACLs allow replication, and the source server has sufficient
access in the ACLs to replicate changes. If youre using server access
lists, servers must have proper access in the Server document.
If the server isnt replicating, the word Idle appears next to the
Replicator task.
Examples:
Pull Marketing\Acme Forces one-way replication with the server
Marketing.
Pull Marketing\Acme NAMES.NSF Forces one-way replication of the
NAMES.NSF file from the server Marketing.
Reference
Push
Syntax: Push servername [databasename]
Description: Forces a one-way replication from your server to the
specified server. You can also replicate a single database from your
server to the specified server by including the database name on the
command line. The initiating server sends data to the named server, but
doesnt request data in return. This forces a server to replicate
immediately with the initiating server, overriding any replication
scheduled in the Domino Directory. Specify the servers full hierarchical
name, if applicable.
In effect, the Push server command is the functional opposite of the Pull
server command.
Examples:
Push Marketing\Acme Forces one-way replication with the server
Marketing.
Push Marketing\Acme NAMES.NSF Forces one-way replication of
the NAMES.NSF file to the server Marketing.
Quit
Syntax: Quit
Description: Stops the server. This command is identical to the Server Shutdown command. However, the Quit server command differs from
the Tell server command, which you use to stop a particular server task
without stopping the server.
If you stop a server while its replicating databases or routing mail, these
tasks resume at the next scheduled interval after you restart the server.
Replication or mail routing continues until the databases are fully
replicated and until the complete mail message is transferred or returned
to the sender.
Before you use the Quit server command to stop the server, use the
Broadcast server command to warn users to finish their current tasks
before you stop the server.
Tip You can also stop the server from the Domino Administrator. From
the Domino Administrator, click the Server - Status tab. From the tool
bar, click Servers - Shutdown.
Replicate
Syntax: Replicate servername [databasename]
Description: Forces replication between two servers (the server where
you enter this command and the server you specify). Use the servers full
hierarchical name. If the server name is more than one word, enclose the
entire name in quotes. To force replication of a particular database that
the servers have in common, specify the database name after the server
name. The initiating server (where youre currently working) first pulls
changes from the other server, and then gives the other server the
opportunity to pull changes from it. You can use this command to
distribute changes quickly or to troubleshoot a replication or
communication problem.
Note The existing replication schedule between the servers determines
how the second server responds to this command. If this replication falls
within the timeframe that the second server replicates with the initiating
server (based on calling schedules and the repeat interval), the second
server pulls changes. Otherwise, it waits for the next scheduled
replication time.
Show Tasks
If the server isnt replicating, the word Idle appears next to the
Replicator program.
Reference
If the server is already replicating when you issue the command, Domino
queues the command until the current replication ends. To check the
status of the Replicator, enter this command at the console:
5. Choose one:
Selected database to select a specific database to replicate. Click
the database button and select a database from the list.
All databases in common to replicate all databases that both
servers have in common. This is the default setting.
6. Click Replicate.
Restart Port
Syntax: Restart Port portname
Description: Disables transactions (or messages) on the specified port
and then re-enables the port after a brief delay. The command lets you
stop and start a port without stopping the Domino server.
When you are supporting Internet servers that rely on TCP/IP, you can
restart the TCP/IP port and the Internet ports enter a waiting state. The
Internet ports suspend and keep checking for the TCP/IP port. You will
see the following when using restart port TCPIP:
>restart port tcpip
06/28/2002 12:34:08 PM LDAP Server: Listener failure:
Request failed because the requested port is inactive
06/28/2002 12:34:08 PM LDAP Server: Suspended, waiting 20
seconds for Notes Port Driver [TCPIP] to be restarted
06/28/2002 12:34:11 PM POP3 Server: Listener failure:
Request failed because the requested port is inactive
06/28/2002 12:34:11 PM POP3 Server: Suspended, waiting 20
seconds for Notes Port Driver [TCPIP] to be restarted
06/28/2002 12:34:11 PM SMTP Server: Listener failure:
Request failed because the requested port is inactive
06/28/2002 12:34:11 PM IMAP Server: Listener failure:
Request failed because the requested port is inactive
06/28/2002 12:34:11 PM SMTP Server: Suspended, waiting 20
seconds for Notes Port Driver [TCPIP] to be restarted
06/28/2002 12:34:11 PM IMAP Server: Suspended, waiting 20
seconds for Notes Port Driver [TCPIP] to be restarted
06/28/2002 12:34:28 PM LDAP Server: Suspended, waiting 20
seconds for Notes Port Driver [TCPIP] to be restarted
06/28/2002 12:34:29 PM
To see a list of ports you can restart, issue the console command Show
Configuration.
Example:
Restart Port TCP Disables and re-enables the port named TCP.
Restart Server
Syntax: Restart Server
Description: Stops the server and then restarts the server after a brief
delay.
If you stop a server while its replicating databases or routing mail, these
tasks resume at the next scheduled interval after you restart the server.
Replication or mail routing continues until the databases are fully
replicated and until the complete mail message is transferred or returned
to the sender.
Before you use Restart Server to stop the server, use the Broadcast server
command to warn users to finish their current tasks before you stop the
server.
Tip You can also use the Domino Administrator to restart the server.
From the Domino Administrator, click the Server - Status tab and use the
tool Server - Restart.
Restart Task
Syntax: Restart Task taskname
Description: Shuts down and restarts a specified server task.
Example: The following command shuts down and restarts the LDAP task:
Restart Task LDAP
Tip You can also use the Domino Administrator to restart a task. From
the Domino Administrator, click the Server - Status tab and use the tool
Task - Restart.
Server Commands A-23
Reference
Route
Syntax: Route servername
Description: Initiates mail routing with a specific server. The Route
command overrides any mail routing schedules that you create in the
Connection documents in the Domino Directory. Use the Route
command for servers that are configured for Pull, Pull Push, Push, or
Push Wait routing in the Connection document. Use the servers full
hierarchical name, if applicable. If the server name is more than one
word, enclose the entire name in quotes. To route to all pending
destinations, use Route *.
Use the Route command to troubleshoot mail problems and to send mail
to or request mail from a server immediately.
If no mail is queued for routing, Domino ignores the Route command.
Use the Tell Router Show command to check for messages pending for
local delivery or to check for messages held because a mail file is over
quota. To check which servers have mail queued, use this command at
the console:
Tell Router show
Examples:
Route Marketing\Acme Sends mail to the Marketing server in the
Acme domain. The server console displays messages indicating when
routing begins.
Route * Sends mail to all pending destinations.
Route [$LocalDelivery] Overrides the next scheduled retry time and
attempts local delivery immediately.
Reference
Set Configuration
Syntax: Set Configuration setting
Description: Adds or changes a setting in the NOTES.INI file.
Tip You can also use the Domino Administrator to add or change many
settings in the NOTES.INI file using the Configuration Settings
document.
Example:
Set Configuration Names = Names,Westnames Sets the NOTES.INI
Names setting to specify that Domino search both the Names and the
Westnames Domino Directories.
For more information about using the Configuration Settings document
to set NOTES.INI settings, see the appendix NOTES.INI File.
Set Rules
Syntax: Set Rules
Description: Reloads the servers mail rules, enabling new rules to take
effect immediately.
Server mail rules enable administrators to filter messages based on
content in the message headers or body. At startup, the server retrieves
these rules from the Configuration document and registers them as
monitors on each MAIL.BOX database in use. The Server task checks to
see if the servers mail rules need to be reloaded every 5 minutes. New
rules take effect only after the server reloads the mail rules.
Set SCOS
Syntax: Set SCOS Databasename [Active | Inactive]
where Databasename is the full pathname to a shared mail database.
Description: Activates or deactivates a shared mail database. The Shared
Mail tab of the Server document lets you specify the delivery status and
availability for all shared mail databases in the directory. Using the Set
SCOS command, you can change the availability of an individual shared
mail database.
Example:
Set SCOS C:\LOTUS\DOMINO\DATA\SCOS1\SM000004.NSF
INACTIVE
Prevents new messages from being deposited in the shared mail
database SM000004.NSF. Users still have access to previously-delivered
messages in the database.
Set Secure
Syntax: Set Secure currentpassword
Description: Password-protects the console.
After you password-protect the console, you cant use the Load, Tell,
Exit, Quit, and Set Configuration server commands or other programs
that arent run automatically through Program documents in the Domino
Directory or through the NOTES.INI file until you enter the password.
Console security remains in effect until you clear the password by
entering a second Set Secure command with the same password.
Even if the console is password-protected, keep the server physically
secure to prevent breaches of security at the operating system level.
Examples:
Set Secure abracadabra Password-protects the console if no password
is currently in effect. In this case, the new password is abracadabra.
Set Secure abracadabra sesame Changes the existing password
abracadabra to sesame.
Set Secure abracadabra If the console is already protected by a
password in this case abracadabra entering a second Set Secure
command with the same password clears the password.
Enter
Console Password
Verify
Enter
Password
Verify
Set Statistics
Syntax: Set Statistics statisticname
Description: Resets a statistic that is cumulative. Statisticname is a
required parameter that names the statistic to be reset. You cant use
wildcards (*) with this argument.
For more information on monitoring statistics, see the chapter
Monitoring the Domino Server.
Example:
Set Stat Server.Trans.Total Resets the Server.Trans.Total statistic to 0
Show Agents
Syntax: Show Agents database name [-v]
Description: The Show Agents server command shows all agents
available in the database. The verbose mode ([-v]) shows all agents and
script libraries in the database as well as detail information on both.
Examples:
Show Agents DatabaseName.nsf
Show Agents -v DatabaseName.nsf
Reference
Show Allports
Syntax: Show Allports
Description: Displays the configuration for all enabled and disabled
ports on the server.
Example:
The following example shows the output that appears on the server
console when you issue the Show Allports command.
Show Allports
Enabled Ports:
TCPIP=TCP,0,15,0,,12320,
SPX=NWSPX,0,15,0,,12320,
LAN0tcpip=NETBIOS,0,15,0,,12322,
LAN1nb=NETBIOS,3,15,0,,12322,
LAN2ipx=NETBIOS,7,15,0,,12322,
Disabled Ports:
LAN6=NETBIOS,6,15,0,,12320,
LAN8=NETBIOS,8,15,0,,12320,
COM1=XPC,1,15,0,,12326,38400,,hyaccv34.mdm,60,15
LAN1=NETBIOS, 1, 15, 0
LAN2=NETBIOS, 2, 15, 0
LAN4=NETBIOS, 4, 15, 0
LAN5=NETBIOS, 5, 15, 0
COM2=XPC,2,15,0,
COM3=XPC,3,15,0,
COM4=XPC,4,15,0,
COM5=XPC,5,15,0,
Reference
Show Cluster
Syntax: Show Cluster
Description: Displays the local servers cluster name cache, which
includes a list of all cluster members and their status, based on
information received during the servers cluster probes.
For more information on server clusters, see Administering Domino
Clusters.
Example:
This example displays the cluster name cache of the Mars server, which
is in the Planets cluster, which is in the Solarsys domain.
Show Cluster
Cluster Information
Cluster name: planets/solarsys, Server name: mars/solarsys
Server cluster probe timeout: 1 minute(s)
Server cluster probe count: 2604
Server cluster probe port: NetBEUI
Server availability threshold: 10
Server availability index: 98 (state: AVAILABLE)
Show Configuration
Syntax: Show Configuration setting
Description: Displays the current value for a NOTES.INI setting. Use the
Show Configuration and Set Configuration server commands together to
ensure that you correctly set the NOTES.INI settings.
Wildcards are allowed.
Examples:
Show Configuration Domain Displays the servers domain
Show Configuration * Displays all the configuration information for
the server
Show Configuration ???? Displays any variable that is exactly 4
characters long
Show Directory
Syntax: Show Directory
Description: Lists all database files (for example, NSF and NTF) in the
data directory and specifies whether the data directory contains multiple
replicas of a database. This command works only for the data directory;
you cant specify another directory.
Tip From the Domino Administrator, click the Files tab to view a list of
all database files in the data directory.
You can also use the Show Directory command to check which databases
have transactional logging enabled.
To see only logged databases, enter this command at the console:
show dir *log
Show Diskspace
Syntax: Show Diskspace location
Description: Displays the amount of space, in bytes, available on the disk
drive (Windows NT), or file system (UNIX). If you do not specify a
location, Domino displays the space available on the disk or file system
containing the Domino program directory. If available disk space is low
for example, under 10MB free up disk space by deleting
documents, databases, and other files that you dont need.
Note The Domino server starts before drives are mapped. Therefore,
when you use the command, the drives arent visible. To see the mapped
drivers, stop and restart the Domino server or put the Domino server in
the Startup group.
Domino makes calls to the network redirector on the system its on. In
this environment, NT will provide this service (there is no Netware
redirector). In a NetWare environment, a Domino server can see the disk
space on a network mounted drive if it is logged onto a NetWare file
server.
Tip You can also display the amount of available space by using the
Domino Administrator. From the Domino Administrator, click the Files
tab. If necessary, click Tools, and then from the tool bar, click Disk
Information.
Examples:
How you enter the Show Diskspace command depends on the servers
operating system.
On a Windows 2000 or Windows NT server, enter this command to
display available space on Drive C:
Show Diskspace C
Reference
Show Heartbeat
Syntax: Show Heartbeat
Description:
The Show Heartbeat server command indicates whether the server is
responding.
Example:
Show Heartbeat
The server responds with a message such as:
elapsed time: #### seconds
Show Memory
Syntax: Show Memory
Description: The Show Memory server command displays the amount of
RAM available on a server, plus the amount of swap memory available
on the boot drive of the Domino server. If the number shown here and
the number shown when you enter a Show Diskspace command are
almost equal, the server may need more RAM.
Examples:
Show Memory The server responds with a message such as:
Memory Available (including virtual): 5776K bytes
Show Opendatabases
Syntax: Show Opendatabases
Description: The Show Opendatabases server command displays a list of
the open databases on the server as well as the statistics shown in the
example below.
Example: Show Opendatabases
Returns a list of databases in the format shown below:
Database Name
Wait|Wait-| Max
Opens|Modi-| File
| Sem |Avg
|fied |Handles|Waits|
(ms)
| ers |Waiters
C:\Lotus\Domino\Data\events4.nsf
0
0
1
10
Reference
C:\Lotus\Domino\Data\statrep.nsf
0
0
0
C:\Lotus\Domino\Data\mail.box
0
0
0
C:\Lotus\Domino\Data\busytime.nsf
0
0
0
C:\Lotus\Domino\Data\log.nsf
0
0
0
C:\Lotus\Domino\Data\names.nsf
0
0
8
91
N
Y
1
1
16
0
0
0
Show Performance
Syntax: Show Performance
Description: Displays the per minute user/transaction values when the
Domino Server is running. To stop showing performance, enter Show
Performance a second time.
Show Port
Syntax: Show Port portname
Description: Displays traffic and error statistics and the resources used
on the network adapter card or communications port. portname can be
any configured port for example, LAN0tcpip, SPX, LAN1nb,
LAN2ipx, TCPIP, COM1, or COM2..
Tip To check port status from the Notes workstation program, choose
File - Preferences - Notes Preferences - Ports. Highlight the port and
select Show Status. To check the port status from the Domino
Administrator, click the Server - Status tab, and then click Servers - Port
Information. Highlight the port, and select Show Status.
Example:
Show Port LAN0tcpip Displays the status of LAN0tcpip. As
information appears, press PAUSE to stop the scrolling, and press ENTER
to resume scrolling. Note that using PAUSE at the console stops server
operation. Users cant access the server until you resume the display.
Show Schedule
Syntax:
Show Schedule servername/taskname/destination
Show Schedule -argument
Description: Shows the next time that a server task runs. Output
includes the type of task and the time it next runs. If you enter a location
as an argument, the workstation replication schedule for that destination
appears.
Arguments:
-Agents Show which agents are scheduled to run next
-Replication Shows the next scheduled replication time and the
replication type
-Mailrouting Shows the next scheduled mail routing time
-Programs Show which programs are scheduled to run
Examples:
Show Schedule Displays a list of all scheduled tasks
Show Schedule Fixup Shows when the Fixup task is scheduled to run
next
Show Schedule -Mailrouting
> sh sched -mail
Scheduled
schedule
Type
Mail Routing
Next
Reference
Show SCOS
Syntax: Show SCOS [All]
Description: Shows single copy object store (shared mail) information
and reloads the shared mail configuration.
Examples:
SHOW SCOS displays summary information about the configured
shared mail directories.
Sample output:
Shared mail:
Directory
Requested
Actual
Max Size
c:\lotus\domino\data\scos1
open for delivery
2048
9000
11
11048
c:\lotus\domino\data\shared
open for delivery
Totals
Availability
State
Size
sm000001.nsf
Active
Enabled
14.68 MB
sm000002.nsf
Active
Enabled
0.37 MB
sm000003.nsf
Active
Enabled
0.37 MB
sm000004.nsf
Active
Enabled
0.37 MB
sm000005.nsf
Active
Enabled
14.68 MB
Show Server
Syntax: Show Server
Description: Shows server status information including the server name,
data directory on the server, time elapsed since server startup,
transaction statistics, and the status of shared, pending, and dead mail.
Tip To view server information from the Domino Administrator, open
the Domain bookmark in the bookmark bar on the left, right click on a
server, and then choose Server Properties.
Output
Description
Server name
Server directory
Elapsed time
Transactions
Pending mail
Dead mail
Description
Database server
Replicator
Router
Indexer
Show Stat
Syntax: Show Stat statisticname
Description: Used without the optional statisticname argument, displays
a list of server statistics for disk space, memory, mail, replication, and
network activity. To display a single statistic, enter the name of the
statistic as the optional argument. To display only a subset of statistics,
add a group of statistics as an optional argument by using an asterisk (*)
as a wildcard.
You can enter this command at the server console to display statistics for
the local server or at the remote server console to display statistics for a
remote server.
For more information on statistics, see the chapter Monitoring the
Domino Server.
Tip To view server statistics from the Domino Administrator, click the
Server - Statistics tab.
Examples:
Show Stat Displays a complete list of statistics
Show Stat Database Displays statistics for all statistics of the type
Database.x.x
Show Stat Disk.C.* Displays all disk statistics for drive C
For a list of statistics, see the Advanced - Names & Messages - Statistic
Names view of the Monitoring Configuration database (EVENTS4.NSF).
Server Commands A-37
Reference
Output
Group Qualifier
Network
network
Logical disk
logicaldisk
Memory
memory
Paging file
pagingfile
Platform
platform
Process
process
System
system
Reference
Show Tasks
Syntax: Show Tasks
Description: Displays the tasks on the server, and describes the activity
of the task. Idle tasks are indicated.
Example: Show Tasks displays the task activity or idle, such as the
following sample output.
Agent Manager
HTTP Server
SMTP Server
Control task
Schedule Manager
Idle
LDAP Server
Control task
Tip You can also use the Domino Administrator to view a list of active
tasks. From the Domino Administrator, click the Server - Status tab.
Show Transactions
Syntax: Show Transactions
Description: When the Domino Server is running, displays the following
for each type of transaction: the total number of NRPC transactions
(Count), the minimal duration of the transaction (Min), the maximum
duration of the transaction (Max), the total time to perform all
transactions (Total), and the average time to perform the transaction
(Avg). All times are reported in milliseconds. This command identifies
transactions that require excessive amounts of time.
Note For Internet Protocol Servers for example, SMTP, POP3, IMAP,
HTTP use the Show Stat command to monitor statistics. For example,
enter these commands at the server console:
SH STAT SMTP
SH STAT POP3
SH STAT IMAP
SH STAT LDAP
SH STAT Domino (for HTTP Server stats)
SH STAT DIIOP
Count
Min
Max
Total
ILLEGAL
600
313
2029
OPEN_DB
997
1410
212142
212
CREATE_DB
200
15
516
15266
76
GET_SPECIAL_NOTE_ID
600
562
3684
OPEN_NOTE
604
781
2710
59818
9280
8501055
200
15
328
5825
DB_INFO_GET
16
32
DB_MODIFIED_TIME
DB_REPLINFO_SET
207
188
3391
16
DB_REPLINFO_GET
58352
1270
62246
ALLOC_OBJECT
200
391
7172
35
REALLOC_OBJECT
200
672
7158
35
READ_OBJECT
600
453
1436
WRITE_OBJECT
9946
1500
274834
27
ALLOC_UPDATE_OBJECT
9359
1750
529877
56
FREE_UPDATE_OBJECT
184
16
95
3211
500
4000
1620479
31
31
10
CLOSE_COLLECTION
604
500
8744
14
OPEN_COLLECTION
605
17410
2258889
READ_ENTRIES
188
1110
1892
NAME_LOOKUP
32
47
79
39
NAME_GET_AB
GET_NAMED_OBJECT_ID
31
46
15
POLL_DEL_SEQNUM
SERVER_AVAILABLE_LITE
16
16
16
16
982
15
2500
82666
84
UPDATE_NOTE
SET_SPECIAL_NOTE_ID
REMOTE_CONSOLE
CLOSE_DB
START_SERVER
Average
3
142
29
0
504
3733
630
1250
143566
238
SET_DBOPTIONS
400
609
3448
FINDDESIGN_NOTES
600
531
1424
Show Users
Syntax: Show Users
Description: Displays a list of all users who have established sessions
with the server, whether the users are actively working in databases or
not, the names of databases that each user has open, and the elapsed
time, in minutes, since the databases were last used.
Tip You can also use the Domino Administrator to view the status of
active users. From the Domino Administrator, click Server - Status. Then
select Database Users. A list of users displays in the middle panel.
Example:
Show Users Displays user information for example:
User name
Databases open
Susan Salani
MAIL\SSALANI.NSF
Alan Jones
NAMES.NSF
Derek Malone
MAIL\DMALONE.NSF
11
Show Xdir
Syntax: Show Xdir
Description: Provides information about each directory a server last
used for name resolution. The output displays the following columns of
information.
DomainName The DomainName columns displays the name of the
domain in which a directory resides. If a directory is configured in the
directory assistance database, the Domain Name field in the Directory
Assistance document for the directory determines the directorys domain
name.
Reference
GET_UNREAD_NOTE_TABLE 601
DirectoryType
The DirectoryType column shows the type of directory. A directory can
be one of these types:
Server path and file name of a Domino Directory accessed over the
network
The host name of a remote LDAP directory server and the port used
Example 2
This example shows output on a server that uses a Configuration
Directory, a remote primary Domino Directory, and an Extended
Directory Catalog accessed over the network.
Start Consolelog
Syntax: Start Consolelog
Description: Enables output to the console log file.
Example:
Start Consolelog
The Start Consolelog and the Stop Consolelog server commands enable
and disable console logging just as the NOTES.INI variable
CONSOLE_LOG_ENABLED does. The difference between the server
console commands and the NOTES.INI settings is that the console
commands are in effect for the current server session only, whereas the
NOTES.INI settings are permanent and take effect each time the server
is started.
For more information on CONSOLE_LOG_ENABLED, see the appendix
NOTES.INI File.
Reference
Example 1
This example shows output on a server that uses a local primary Domino
Directory, two secondary Domino Directories (one of which is a local
Extended Directory Catalog), and one remote LDAP directory.
Start Port
Syntax: Start Port portname
Description: Enables transactions (or messages) on the specified port.
Use this command after you disable the port with the Stop Port
command.
Example:
Start Port TCP Enables the port named TCP.
Stop Consolelog
Syntax: Stop Consolelog
Description: Disables output to the console log file.
Example:
Stop Consolelog
The Start Consolelog and the Stop Consolelog server commands enable
and disable console logging just as the NOTES.INI variable
CONSOLE_LOG_ENABLED does. The difference between the server
console commands and the NOTES.INI settings is that the console
commands are in effect for the current server session only, whereas the
NOTES.INI settings are permanent and take effect each time the server
is started.
For more information on CONSOLE_LOG_ENABLED, see the appendix
NOTES.INI File.
Stop Port
Syntax: Stop Port portname
Description: Disables transactions (or messages) on the specified port.
This command allows you to make changes to the port that take effect
immediately without stopping the Domino server. When youre finished
making changes to the port, use the Start Port command to re-enable it.
To see a list of ports you can disable, issue the console command Show
Configuration.
Example:
Stop Port TCP Disables the port named TCP.
Reference
Tell
Syntax: Tell serverprogram
Description: Issues a command to a server program or task. The
command is especially useful for stopping a server task without stopping
the server.
Note Most server commands support the arguments -? and /? to
display online help. For example, you could enter one of these to obtain
help for the server command Tell Amgr:
Tell Amgr -?
Tell Amgr /?
Example:
Tell Router Quit Stops only the Router task. All other tasks on the
server continue to run.
Administration Process
Agent Manager
Change Manager
Cluster Replicator
DIIOP
Directory Cataloger
LDAP
Router
Schedule Manager
SMTP Server
Statistic Collector
Web Navigator
Web Server
Result
Result
Tell Adminp Process Time Processes all new and modified requests to delete
unlinked mail files.
Displays (and records in the servers log file) this
information:
Result
Reference
Command
Command
Result
Shows the schedule for all agents scheduled to run for the
current day. In addition, the command shows the agent
trigger type, the time the agent is scheduled to run, the
name of the agent, and the name of the database on which
the database runs. Checking the Agent Manager schedule
lets you see if an agent is waiting in one of the Agent
Manager queues.
Agent Manager queues:
E - Agents eligible to run
S - Agents scheduled to run
V - Event-triggered agents waiting for their events to occur
Trigger types:
S - Agent is scheduled to run
M - Agent is a new mail-triggered agent
U - Agent is a new/updated document-triggered agent
Result
tell ca quit
Stops CA process.
tell ca stat
Result
tell ca show
queue certifier
number
tell ca CRL issue Issue a non-regular CRL for a specific certifier, where
certifier number certifier number is the number of the certifier specified in the
results of the tell ca status command.
tell ca CRL push Push a certifiers latest regularly scheduled CRL to the
certifier number Domino Directory, where certifier number is the number of
the certifier specified in the results of the tell ca status
command.
tell ca CRL info Display CRL information for a specified certifier, where
certifier number certifier number is the number of the certifier specified by the
[s/S/n/N]
tell ca status command. Use s or S for regularly scheduled
CRLs, and n or N for non-regularly scheduled CRLs.
tell ca refresh
tell ca help
Reference
Command
Action
quit
stop
exit
help
restart
Stops and then restarts the Change Manager and all plug-in
subsystems.
start plug-in
stop plug-in
restart plug-in
control process
This table describes additional Tell commands you can use with the
Cluster Replicator.
Command
Result
Tell Clrepl Quit Stops all instances of the Cluster Replicator on a server.
To prevent the Clrepl task from running in future sessions,
remove all instances of the Clrepl task from the ServerTasks
setting in the NOTES.INI file. Disabling the Clrepl task on
one server only prevents replication from that server to other
servers; it doesnt prevent replication to the server from other
cluster servers.
Result
Reference
Command
Result
0:00
ClientHost
SessionId
9.95.74.178
SN00048DE22
perf/user1.nsf
Objects in use: Databases: 1
Documents:0 Items: 0 Others: 0
Users: 1, Network Connections: 1
Views: 0
This table describes additional Tell commands you can use with the
Directory Cataloger (Dircat task).
Command
Result
Result
Tell LDAP
ReloadSchema
Shows:
LDAP service settings from the LDAP tab of the
Configuration Settings document.
LDAP service port settings
Status of LDAP Activity Logging (enabled or
disabled.)
Reference
Command
Result
Result
Tell Router Show Queues Shows mail held in transfer queues to specific
servers and mail held in the local delivery queue.
Tell Router Exit
Result
Result
Reference
Command
Command
Result
Result
This table describes additional Tell commands you can use with the
Statistic Collector.
Command
Result
Result
Result
Tell HTTP Refresh Refreshes the Web Server before the normal refresh. You
can specify the refresh cycle interval in the Server
document.
During a Web Server refresh cycle, all of the configuration
information contained in the Web Site documents, and
documents attached to Web Site documents (file protection,
authentication realms, and rules) is updated on the server.
continued
Reference
Command
Result
Tell HTTP Restart Refreshes the Web server with changes made to settings in
the:
Server document for the Web Server
File Protection, Virtual Server, and URL Mapping
documents in the Domino Directory.
NOTES.INI file that affects the HTTP server task
HTTPD.CNF and BROWSER.CNF files
Changes to Java servlets or the servlets.properties file
This command produces the same results as stopping and
restarting the Web Server. However, this Tell command is
faster than stopping and restarting because when you use
the Tell command, the HTTP server task remains in
memory. All outstanding HTTP requests are processed
before the HTTP task restarts, however no HTTP requests
are processed during restart.
This command deletes the in-memory page and
user-authentication caches.
Tell HTTP Show
File Access
Displays information about SSL and the server key ring file,
including information about whether the server started SSL
on the machine. Displays information about SSL for virtual
servers if you set up virtual servers on the machine.
Reference
Trace
Syntax: Trace servername
Description: Use the Trace command to test a connection to a server.
This command shows detailed information about each server hop and is
useful in troubleshooting network connection problems. This command
works the same way as Trace connections, when you choose File Preferences - Notes Preferences in the Notes client.
To trace a path to a server, enter:
Trace servername
Reference
Appendix B
Server Tasks
This chapter explains how to run server tasks that perform complex
administration procedures.
where taskname is the name of the server task that you want to run.
B-1
In a Program document
To run a task on a server at a regularly scheduled time or at server
startup, create a Program document in the Domino Directory. You can
also use a Program document to run a UNIX shell script or program, or
an API program.
If you create a UNIX shell script or API program, you can use any of these
characters for the name: A - Z, 0 - 9, & - . _ / (ampersand, dash, period,
space, underscore, apostrophe, forward slash). Do not use \ (backslash) or
any other characters because this can cause unexpected results.
1. From the Domino Administrator, open the Domino Directory. Go to
the Servers view, and open the Server document.
2. Choose Create - Server - Program.
3. On the Basics tab, complete these fields:
Field
Enter
Program name
Command line
Server to run on The full hierarchical name of the server on which to run
the task.
Comments
Reference
Enter
Repeat interval of The number of minutes before the task should run
again.
Days of week
Command to Description
run task
Default in
NOTES.INI file
None
Administration AdminP
Process
Automates a variety of
administrative tasks.
ServerTasks
ServerTasks
Billing
Billing
ServerTasks
Calendar
Connector
Calconn
CA process
ca
Automates a variety of
server-based certificate
authority tasks.
ServerTasks
Cataloger
Catalog
ServerTasksAt1
continued
Server Tasks B-3
Task
Command to Description
run task
Default in
NOTES.INI file
Change
Manager
runjava
Runs the Change Manager
ChangeMan addin task which manages
large-scale changes within the
domain.
None
Chronos
Chronos
None
Cluster
Cladmin
Administration
Process (R4/R5
only)
None
Cluster
Database
Directory
Manager
Cldbdir
None
Cluster
Replicator
Clrepl
None
Database
compactor
Compact
None
None
Designer
Design
DIIOP
DIIOP
ServerTasks
Directory
Cataloger
Dircat
None
Domain
Indexer
Domidx
Event Monitor
Event
HTTP Server
HTTP
None
continued
B-4 Administering the Domino System, Volume 2
Command to Description
run task
Default in
NOTES.INI file
IMAP Server
IMAP
Indexer
Updall
ServerTasksAt2
ISpy
RunJava
ISpy
ServerTasks
LDAP Server
LDAP
ServerTasks on
administration
server for the
Domino
Directory; None
on other servers
MTC
MTC
Object store
manager
Object
POP3 Server
POP3
Replicator
Replica
Reporter
Report
None
Router
Router
ServerTasks
Runjava
Runjava
None; used
only with the
name of another
add-in task,
never appears
by itself
Schedule
manager
Sched
ServerTasks
continued
Server Tasks B-5
Reference
Task
Task
Command to Description
run task
Default in
NOTES.INI file
SMTP listener
SMTP
None
QuerySet
QurySet
Interceptor
Intrcpt
Statistic
Collector
Collect
Statistics
Statlog
Stats
Stats
Web Retriever
Web
SNMP
None
Reference
Appendix C
NOTES.INI File
This appendix contains NOTES.INI settings that you can modify. The
settings are listed in alphabetical order. For information on using
NOTES.INI settings to improve server performance, see the chapter
Improving Server Performance.
Open the NOTES.INI file and edit it. The procedure for doing this
depends on your clients or servers operating system and the text
editor you use.
Because directly editing the NOTES.INI file is unsafe, its best to use a
Configuration Settings document to modify server settings.
C-1
Admin
Syntax: Admin=username
Description: Specifies the user name of the server administrator. Enter
each part of the name in canonical format, separated by a slash (/),
where:
CN is the common name
OU is the organization unit
O is the organization
C is the country code
For example:
Admin=CN=John Smith/OU=Marketing/O=Acme
Applies to: Servers
Default: None
UI equivalent: The Administrators field in the Server document in the
Domino Directory
Reference
Allow_Access
Syntax: Allow_Access=names
Description: Specifies servers, users, and groups that can access a server.
You must specify a hierarchical name in hierarchical format, for example,
Alice Jones/Acme. An asterisk represents everyone listed in the Domino
Directory. An asterisk followed by a view name represents everyone
listed in that view of the Domino Directory. An asterisk followed by a
slash (/) and a hierarchical certifiers name represents everyone certified
by that certifier. The Deny_Access setting overrides the Allow_Access
setting.
For more information on the Deny_Access setting, see the topic
Deny_Access later in this chapter.
Applies to: Servers
Default: None
UI equivalent: The Access Server field in the Security tab of the Server
document in the Domino Directory. The Server document takes
precedence over the NOTES.INI setting. Domino uses the Allow_Access
setting only if the Access Server field is empty.
Allow_Access_portname
Syntax: Allow_Access_portname=names
Description: Specifies servers, users, and groups that can access a server
port. The portname parameter indicates the name of the port you enabled
in the Port Setup dialog box and in the Server document. An asterisk
represents everyone listed in the Domino Directory. An asterisk followed
by a view name represents everyone listed in that view of the Domino
Directory. An asterisk followed by a slash (/) and a hierarchical
certifiers name represents everyone certified by that certifier. For
example:
Allow_Access_lan3=*
All users listed in the Domino Directory can use the LAN3 port on
this server.
Applies to: Servers
Default: None
UI equivalent: None
Allow_Passthru_Access
Syntax: Allow_Passthru_Access=names
Description: Specifies servers, users, and groups that can access this
server using passthru. If you do not specify a name, no one can access
this server using passthru. An asterisk represents everyone listed in the
Domino Directory. An asterisk followed by a view name represents
everyone listed in that view of the Domino Directory. An asterisk
followed by a slash (/) and a hierarchical certifiers name represents
everyone certified by that certifier. For example:
Allow_Passthru_Access=*
All users listed in the Domino Directory can access this server using
passthru.
Applies to: Servers
Default: None
UI equivalent: The Access this server field in the Passthru Use section of
the Security tab of the Server document in the Domino Directory. If a
conflict exists between the NOTES.INI setting and the server document,
the Server document takes precedence.
Allow_Passthru_Callers
Syntax: Allow_Passthru_Callers=names
Description: Specifies servers, users, and groups that can instruct this
server to establish a connection to call a destination server. If you do not
enter a name, no calling is allowed. An asterisk represents everyone
listed in the Domino Directory. An asterisk followed by a view name
represents everyone listed in that view of the Domino Directory. An
asterisk followed by a slash (/) and a hierarchical certifiers name
represents everyone certified by that certifier.
Applies to: Servers
Default: None
UI equivalent: The Cause calling field in the Passthru Use section of the
Security tab of the Server document. If a conflict exists between the
NOTES.INI setting and the Server document, the Server document takes
precedence.
Reference
Allow_Passthru_Clients
Syntax: Allow_Passthru_Clients=names
Description: Specifies servers, users, and groups that can use a passthru
server to connect to this server. If you do not specify a name, passthru is
not allowed. An asterisk represents everyone listed in the Domino
Directory. An asterisk followed by a view name represents everyone
listed in that view of the Domino Directory. An asterisk followed by a
slash and a hierarchical certifiers name represents everyone certified by
that certifier.
Applies to: Servers
Default: None
UI equivalent: The Route through field in the Passthru Use section of the
Security tab of the Server document. If a conflict exists between the
NOTES.INI setting and the Server document, the Server document takes
precedence.
Allow_Passthru_Targets
Syntax: Allow_Passthru_Targets=names
Description: Specifies the destination servers that this server can connect
to using passthru. If you do not specify a name, this server can route to
all servers.
Applies to: Servers
Default: None
UI equivalent: The Destinations allowed field in the Passthru Use section
of the Security tab of the Server document. If a conflict exists between the
NOTES.INI setting and the Server document, the Server document takes
precedence.
AMgr_DisableMailLookup
Syntax: AMgr_DisableMailLookup=value
Description: By default, a mail-triggered agent performs a mail lookup
of the user who last modified it. It only runs if the server running the
agent is also the users mail server. When users create or modify a
mail-triggered agent on a server other than their own mail server, you
can use this setting on the server to disable mail lookup so that the agent
NOTES.INI File C-5
can run. Notes displays the message for the user Unable to determine
the execution access privileges if the mail server cannot be reached.
0 - Perform mail lookups when running mail-triggered agents
1 - Do not perform mail lookups when running mail-triggered agents
Applies to: Servers and workstations
Default: None. Without this setting, mail-triggered agents perform mail
lookups.
UI equivalent: None
AMgr_DocUpdateAgentMinInterval
Syntax: AMgr_DocUpdateAgentMinInterval=number of minutes
Description: Specifies the minimum elapsed time, in minutes, between
the execution of the same document update-triggered agent.
Applies to: Servers and workstations
Default: 30
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
AMgr_DocUpdateEventDelay
Syntax: AMgr_DocUpdateEventDelay=number of minutes
Description: Specifies the delay time, in minutes, that the agent manager
schedules a document update-triggered agent after a document update
event.
Applies to: Servers and workstations
Default: 5
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
AMgr_NewMailEventDelay
Syntax: AMgr_NewMailEventDelay=number of minutes
Description: Specifies the time (in minutes) that the Agent Manager
delays before scheduling a new mail-triggered agent after new mail is
delivered.
Applies to: Servers and workstations
Default: 1
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
AMgr_SchedulingInterval
Syntax: AMgr_SchedulingInterval=number of minutes
Description: Specifies a delay (in minutes) between running of the Agent
Managers scheduler. Valid values are 1 minute to 60 minutes.
Applies to: Servers and workstations
Default: 1
UI equivalent: None
Reference
AMgr_NewMailAgentMinInterval
AMgr_UntriggeredMailInterval
Syntax: AMgr_UntriggeredMailInterval=number of minutes
Description: Specifies a delay (in minutes) between running of the Agent
Managers check for untriggered mail. Valid values are 1 minute to 1440
minutes (the number of minutes in a day).
Applies to: Servers and workstations
Default: 60
UI equivalent: None
AMgr_WeekendDays
Syntax: AMgr_WeekendDays=day1, day2, ...
Description: When agents use the On Schedule trigger, the Run on
Schedule options box is available and includes the Dont run on weekends
check box option. When you select this option, the agent does not run on
weekend days. The default value for weekend days is Saturday (7) and
Sunday (1). You can specify any number of days, up to 7. For example:
AMgr_WeekendDays= 1,6,7
Causes agents that have the Dont run on weekends option checked
not to run on Sundays, Fridays, and Saturdays.
Applies to: Servers and workstations
Default: 7 (Saturday) and 1 (Sunday)
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
AppleTalkNameServer
Syntax: AppleTalkNameServer=servername
Description: Applies to AppleTalk users only. Identifies the name of the
users secondary AppleTalk server. For more information, see your
AppleTalk network documentation.
Applies to: Servers and workstations
Default: None
UI equivalent: File - Preferences - User Preferences - Ports. Select the
AppleTalk port, and click Options to select or modify the server.
C-8 Administering the Domino System, Volume 2
Reference
AutoLogoffMinutes
Syntax: AutoLogoffMinutes=minutes
Description: Specifies the number of inactive minutes before a user is
automatically logged off.
Applies to: Workstations
Default: None
UI equivalent: File - Preferences - User Preferences - Basics - Lock ID
after x minutes of inactivity.
BatchRegFile
Syntax: BatchRegFile =filename
Description: Specifies the name of a batch registration file. If you add
this variable, Domino does not prompt you for the filename when you
import users from a text file.
Applies to: Servers
Default: None
UI equivalent: None
BillingAddinOutput
Syntax: BillingAddinOutput=value
Description: Specifies where Domino logs billing events. Use the
following values to set this variable:
1 - Billing database (BILLING.NSF)
8 - Binary file (BILLING.NBF)
9 - Both the billing database and binary file
Domino creates the BILLING.NSF database and/or the BILLING.NBF
file the first time the billing add-in task is started with this option set.
Applies to: Servers
Default: 1
UI equivalent: None
BillingAddinRuntime
Syntax: BillingAddinRuntime=number of seconds
Description: Specifies how long the billing add-in task runs. For
example, BillingAddinRuntime=30 specifies that the billing add-in will
process billing records for 30 seconds. After 30 seconds the billing add-in
stops processing records, even if there are additional records to be
processed. The BillingAddinRuntime value must be less than the value
you specify for the BillingAddinWakeup variable.
Applies to: Servers
Default: 10
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
BillingAddinWakeup
Syntax: BillingAddinWakeup=number of seconds
Description: Specifies how often the billing add-in task runs. For
example, BillingAddinWakeup=300 specifies that the billing add-in task
wakes up every five minutes (300 seconds) to process the billing records
in the billing message queue. The BillingAddinWakeup value must be
greater than the value you specify for BillingAddinRuntime.
Applies to: Servers
Default: 60
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
BillingClass
Syntax: BillingClass=class(es)
Description: Specifies one or more of six classes of billing activity:
Agent
Database
Document
HttpRequest
Replication
Session
Reference
The billing process tracks only the activities that you specify in the
BillingClass variable.
Applies to: Servers
Default: None
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
BillingSuppressTime
Syntax: BillingSuppressTime=number of minutes
Description: Specifies the frequency of record stamping during session
and database activities if session and database activities are specified for
the BillingClass variable. If you want billing data collected more
frequently, decrease the default value (15 minutes). To minimize the
billing workload on your system, increase the value.
Applies to: Servers
Default: 15
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
CDP_Command
Syntax: CDP_Command=value
Description: The set of CDP settings control the opening, handling, and
closing of applications using OLE. All OLE applications use these
variables:
CDP_NEW
CDP_OPEN
CDP_EDIT
CDP_SAVE
CDP_CLOSE
CDP_SHOWITEM
CDP_SHOWACTIVEITEM
CDP_EXIT
All other applications use DIP and need to be hard-coded with separate
lines. For normal usage, you should never need to modify CDP settings.
Applies to: Servers and workstations
Default: None
UI equivalent: None
CertificateExpChecked
Syntax: CertificateExpChecked=path and date
Description: Specifies the path to the local ID file and the last time the ID
was checked for certificates that have expired or are about to expire.
Applies to: Servers and workstations
Default: The ID file and last date checked for expiration.
UI equivalent: None
CertifierIDFile
Syntax: CertifierIDFile=path
Description: Specifies the path to the certifier ID. The path must contain
the drive letter or network drive, directories, and file name. For example:
CertifierIDFile=C:\LOTUS\DOMINO\IDS\CERT.ID
CertifierIDFile=M:\LOTUS\NOTES\IDS\ACME.ID
Reference
ClockType
Syntax: ClockType=value
Description: (UNIX only) Specifies whether the Domino server clock
displays time in 12-hour format (AM and PM) or 24-hour format
(sometimes called military time). A value of 12_HOUR sets the clock type
as 12-hour. A value of 24_HOUR sets the clock type as 24-hour. This
setting overrides the system clock setting defined in the servers
operating system.
Applies to: Servers
Default: None, although without this setting the Domino server displays
12-hour time.
UI equivalent: None
Clrepl_Obeys_Quotas
Syntax: Clrepl_Obeys_Quotas=value
Description: Specifies whether the Cluster Replicator obeys quotas.
0 - Disables the Cluster Replicator from obeying quotas.
1 - Enables the Cluster Replicator to obey quotas.
Applies to: Servers
Default: The Cluster Replicator does not obey quotas.
UI equivalent: None
Cluster_Replicators
Syntax: Cluster_Replicators=value
Description: Use this setting to start multiple cluster replicators, where
value is the number of cluster replicators required.
Applies to: Servers
Default: None, but Domino starts one cluster replicator by default.
UI equivalent: You can also specify this setting in the NOTES.INI
Settings tab of the Configuration Settings document in the Domino
Directory.
COMnumber
Syntax: COMnumber=parameter1, parameter2, ...
Description: Specifies information for modems connected to the ports
you set in the Ports dialog box. You can define up to five ports (COM1
through COM5). These parameters are valid:
Parameter
Specifies
Required?
driver
Driver name
Yes
unit_ID
Unit ID
Yes
max_sessions
Yes
buffer_size
Yes
flags
No
modem_speed
Modem speed
No
modem_volume
No
No
dial_ timer
No
No
Unless you are experienced with modems and ports, use the
user-interface to configure ports.
Applies to: Servers and workstations
Default: Depends on the modem type selected
UI equivalent: File - Preferences - User Preferences - Ports dialog box.
Compact_Retry_Rename_Wait
Syntax: Compact_Retry_Rename_Wait=number of seconds
Description: If you have specified a value for the
Num_Compact_Rename_Retries setting, Domino waits 30 seconds before
trying to rename a database that was copy-style compacted. You can
request a different amount of time to wait by specifying the value of the
Compact_Retry_Rename_Wait setting in the NOTES.INI file. For
example, to request that Domino wait 2 minutes before trying rename a
database that was copy-style compacted, specify
Compact_Retry_Rename_Wait=120.
Console_Log_Enabled
Syntax: Console_Log_Enabled=value
Description: Specifies whether to enable logging to the Console Log file
(CONSOLE.LOG, by default).
0 - Disable Console Log file logging
1 - Enable Console Log file logging
Tip To toggle logging to the Console Log file from the server console,
use the start consolelog and stop consolelog commands.
Applies to: Servers
Default: 0
UI equivalent: None
Console_Loglevel
Syntax: Console_Loglevel=value
Description: Controls the level of information displayed on the status
bar when you trace a connection. The following values are possible:
0 - No information displayed
1 - Only errors are displayed
2 - Summary progress information is displayed
3 - Detailed progress information is displayed
4 - Full trace information is displayed
NOTES.INI File C-15
Reference
Console_Log_Max_Kbytes
Syntax: Console_Log_Max_Kbytes=value
Description: Specifies the maximum size for the Console Log file
(CONSOLE.LOG, by default). If the Console_Log_Max_Kbytes setting is
not present or is set to 0, then the file size is unlimited. When the
maximum file size is reached, new logging output starts to overwrite
existing logging output at the beginning of the file.
This setting can be changed at any time during a server session and when
a new maximum file size is specified, it takes effect upon the next write.
If the new maximum file size is less than or equal to the current
maximum file size, then the maximum size will be set to the current size
to prevent growth and the new size will take effect upon the next server
session.
Applies to: Servers
Default: None
UI equivalent: None
Country_Language
Syntax: Country_Language=value
Description: Specifies the language used for the Domino/Notes
interface.
Applies to: Servers and workstations
Default: en-US (US English)
UI equivalent: File - Preferences - User Preferences - International Content Language dialog box. You can also specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
Reference
Create_File_Access
Syntax: Create_File_Access=names
Description: Specifies users, servers, and groups that can create new
databases on the server. You must specify a hierarchical name in
hierarchical format, for example, Alice Jones/Acme. If you dont specify
a name, all certified users can create files. An asterisk (*) represents
everyone listed in the Domino Directory. An asterisk followed by a view
name represents everyone listed in that view of the Domino Directory.
An asterisk followed by a slash ( / ) and a hierarchical certifiers name
represents everyone certified by that certifier.
Default: None
Applies to: Servers
UI equivalent: The Create New Databases field in the Security tab of the
Server document. The Server document takes precedence over the
NOTES.INI setting. Domino uses the Create_File_Access setting only if
the Create New Databases field is empty.
Create_Replica_Access
Syntax: Create_Replica_Access=names
Description: Specifies the groups that can create replicas on the server.
You must specify a hierarchical name in hierarchical format, for example,
Alice Jones/Acme. If you dont specify a group, all certified users can
create replicas. An asterisk (*) represents everyone listed in the Domino
Directory. An asterisk followed by a view name represents everyone
listed in that view of the Domino Directory. An asterisk followed by a
slash (/) and a hierarchical certifiers name represents everyone certified
by that certifier.
Default: None
Applies to: Servers
UI equivalent: The Create Replica Databases field in the Security tab of
the Server document. Note that the Server document takes precedence
over the NOTES.INI setting. Domino uses the Create_Replica_Access
setting only if the Create Replica Databases field is empty.
CTF
Syntax: CTF=filename
Description: Specifies the international import/export character set
Applies to: Workstations
Default: L_CPWIN.CLS
UI equivalent: File - Preferences - User Preferences - International Import/Export Character Set dialog box.
DDE_Timeout
Syntax: DDE_Timeout=seconds
Description: The amount of time (in seconds) Notes waits for another
DDE application to respond to a DDE message
Applies to: Workstations
Default: 10 seconds
UI equivalent: None
Debug_Outfile
Syntax: Debug_Outfile=filename
Description: Specifies the file name for the Console Log file. If both this
setting and the LogFile_Dir setting exist and Debug_Outfile contains a
fully qualified path name, then LogFile_Dir is not used.
If only the Debug_Outfile setting exists and it contains only a file name,
then the default path
\DATADIRECTORY\IBM_TECHNICAL_SUPPORT is used. If neither
Debug_Outfile or LogFile_Dir exist, then the default path is
\DATADIRECTORY\IBM_TECHNICAL_SUPPORT and the default
path is CONSOLE.LOG.
Applies to: Servers
Default: None
UI equivalent: None
Reference
Debug_SSL_Cert
Syntax: Debug_SSL_Cert=value
Description: Enables viewing of certificate information at the server
console. To enable viewing, set Debug_SSL_Cert to a value of 2.
Applies to: Servers
Default: None
UI equivalent: None
Default_Index_Lifetime_Days
Syntax: Default_Index_Lifetime_Days=number of days
Description: Specifies a default lifetime for view indexes if none was
selected by the database designer in the view properties box. If the index
is inactive for the specified number of days, the Indexer task purges the
index. For example:
Default_Index_Lifetime_Days=60
sets the lifetime of indexes to 60 days.
Default: 45 days
Applies to: Servers
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
Deny_Access
Syntax: Deny_Access=names
Description: Specifies servers, users, and groups that are denied access
to the server. You must specify a hierarchical name in hierarchical
format, for example, Alice Jones/Acme. An asterisk (*) represents
everyone listed in the Domino Directory. An asterisk followed by a view
name represents everyone listed in that view of the Domino Directory.
An asterisk followed by a slash (/) and a hierarchical certifiers name
represents everyone certified by that certifier. The Deny_Access setting
overrides the Allow_Access setting.
Deny_Access_portname
Syntax: Deny_Access_portname=names
Description: Specifies servers, users, and groups that are denied access
to a specific server port. The portname parameter indicates the name of
the port you enabled in the Port Setup dialog box and in the Server
document. An asterisk (*) represents everyone listed in the Domino
Directory. An asterisk followed by a view name represents everyone
listed in that view of the Domino Directory. An asterisk followed by a
slash and a hierarchical certifiers name represents everyone certified by
that certifier. For example:
Deny_Access_SPX=Terminations
The users in the Terminations group cannot access the SPX port.
Applies to: Servers
Default: None
UI equivalent: None
Desktop
Syntax: Desktop=path
Description: Use this setting to specify the location of the
DESKTOP5.DSK file used to customize the Notes workspace.
For example, on the Macintosh:
Desktop=Notes:Desktop
For example, in Windows:
DESKTOP=C:LOTUS\NOTES\DESKTOP5.DSK
Default: None, although if this setting is omitted, Notes looks for the file
DESKTOP5.DSK in the Notes Data directory.
UI equivalent: None
DIIOPConfigUpdateInterval
Syntax: DIIOPConfigUpdateInterval=number of minutes
Description: Specifies the time interval, in minutes, at which DIIOP
should refresh its configuration data from the Domino Directory.
Applies to: Servers
Default: The default value is 3 minutes.
UI equivalent: None
DIIOPCookieCheckAddress
Syntax: DIIOPCookieCheckAddress=value
Description: Modifies the behavior of server-based cookies used with
applets that are downloaded by the domino HTTP server. Set the value
to 1 to enable the checking of client IP addresses for these cookies.
Applies to: Servers
Default: The default value is 0 (disabled), which means that DIIOP will
not require the clients IP address using one of these cookies to match the
IP address of the client to whom the cookie was issued.
Client IP addresses will not match in most cases because the cookie is
issued to the browser using the HTTP protocol, which is typically routed
through proxy servers and therefore the client appears to be the proxy
server. While the user of the cookie is the applet running in the browser,
its network traffic does not go through a proxy server.
UI equivalent: None
Reference
DIIOPCookieTimeout
Syntax: DIIOPCookieTimeout=number of minutes
Description: Modifies the behavior of server-based cookies used with
applets that are downloaded by the domino HTTP server. It specifies the
time period (number of minutes) for which each cookie is valid. When a
cookie expires it cannot be used to obtain a session with the DIIOP task.
The minimum setting is 1 minute.
Applies to: Servers
Default: The default value is 10 minutes.
UI equivalent: None
DIIOP_Debug_Invoke
Syntax: DIIOP_Debug_Invoke=value
Description: Use for debugging only. It provides a level of logging
beyond that of DIIOPLogLevel. Each transaction that the DIIOP task
receives is logged along with the object ID that was the target, as well as
the session ID. Valid values are:
1 - Show transaction details when a transaction finishes
2 - Show transaction details when a transaction starts
Applies to: Servers
Default: None.
UI equivalent: None
DIIOPDNSLookup
Syntax: DIIOPDNSLookup=value
Description: Specifies that DIIOP should do a DNS name lookup for
every client that connects and uses DIIOP services. This information is
visible when using the server console command show tasks. Set the
value to 1 to enable DNS lookups for clients.
Applies to: Servers
Default: The default value is 0 (disabled).
UI equivalent: None
C-22 Administering the Domino System, Volume 2
Reference
DIIOPIgnorePortLimits
Syntax: DIIOPIgnorePortLimits=value
Description: This parameter is only valid on a Linux platform. It
indicates that DIIOP may use the default ports of 63148 and 63149. On
some Linux installations, the default ports are not available for use and
DIIOP will automatically select ports 60148 and 60149. Set this value to 1
to use the higher numbered ports.
Applies to: Servers
Default: The default value is 0 (use default ports).
UI equivalent: None
Note Prior to Domino 6, this variable was known as
DIIOP_IGNORE_PORT_LIMITS. It is still valid for backwards
compatibility.
DIIOPIORHost
Syntax: DIIOPIORHost=hostname
Description: To have DIIOP advertise its existence using an alternate
hostname or IP address, you can set DIIOPIORHost to an alternate host
name or address other than the server default. The server default is
based on the value specified in the Server document setting Fully
qualified Internet host name.
Applies to: Servers
Default: The default value is to use the setting in the Server document.
UI equivalent: The preferred method of setting this value is through the
Server document, on the DIIOP section of the Internet Protocols tab.
Note Prior to Domino 6, this variable was known as DIIOP_IOR_HOST.
It is still valid for backwards compatibility.
DIIOPLogLevel
Syntax: DIIOPLogLevel=value
Description: This parameter increases the level of information that
DIIOP reports to the server console and to the log. This value can be set
manually by modifying the NOTES.INI directly or it can be set using the
tell diiop log=n command. Possible values are:
0 - Show Errors & Warnings only
1 - Also show informational messages
2 - Also show session init/term messages
3 - Also show session statistics
4 - Also show transaction messages
Applies to: Servers
Default: None.
UI equivalent: None
Dircat_Include_Readerslist_Notes
Syntax: Dircat_Include_Readerslist_Notes=value
Description: When set to 1 the Dircat task aggregates documents that
contain Readers lists. Users that are not in the Readers lists can
nevertheless read these documents in the directory catalog.
Applies to: Servers
Default: None. Without this setting the Dircat task does not aggregate
documents that contain Readers lists. Note that even users who are
included in the Readers list cannot access the documents through the
directory catalog.
UI equivalent: None
Reference
Directory
Syntax: Directory=path
Description: Specifies the location of the Data directory for Domino or
Notes. This path is originally set during the Install program.
Applies to: Servers and workstations
Default: C:\LOTUS\NOTES\DATA, or the directory specified during
the Install program.
UI equivalent: File - Preferences - User Preferences - Basics - Local
database folder.
Disable_Cluster_Replicator
Syntax: Disable_Cluster_Replicator=value
Description: Use this setting to disable/enable cluster replication.
0 - Cluster replication enabled
1 - Cluster replication disabled
Applies to: Servers
Default: None, but cluster replication is on by default.
UI equivalent: None
Disable_View_Rebuild_Opt
Syntax: Disable_View_Rebuild_Opt=value
Description: Use this setting to enable/disable the view rebuild
optimization feature, which presorts the view entries in temporary files
before inserting them into the view index.
Use the following values for this setting:
0 - Enables
1 - Disables
Applies to: Servers
Default: None, although the view rebuild optimization feature is enabled
in Domino by default.
UI equivalent: None
NOTES.INI File C-25
DisabledPorts
Syntax: DisabledPorts=portname(s)
Description: This setting indicates which ports are disabled for the
server or workstation. Ports are enabled/disabled in Server documents
(servers) and in the User Preferences dialog box (workstations).
Applies to: Servers and workstations
Default: None
UI equivalent: On a workstation, see the Ports tab in the User
Preferences dialog box (choose File - Preferences - User Preferences). On
a server, see the Port tab in the Server document.
DisableLDAPOnAdmin
Syntax: DisableLDAPOnAdmin=value
Description: If set to DisableLDAPOnAdmin=1 prevents the LDAP task
from running on the administration server of the Domino Directory for a
domain. Since this administration server manages the schema and
verifies the directory tree for all servers in the domain that run the LDAP
service, use this setting only if you do not run the LDAP task on any
server in a domain. To disable the LDAP service on the Domino
Directory administration server, you must also remove the LDAP task
from the servers ServerTasks NOTES.INI setting.
To prevent the LDAP task on the Domino Directory administration
server from processing LDAP requests but still allow it to manage the
schema and verify the directory tree for other servers in the domain that
run the LDAP service, disable the ports for the LDAP service on the
administration server.
Applies to: Servers
Default: None
UI equivalent: None
Reference
Domain
Syntax: Domain=name
Description: On a server, specifies the servers domain. On a
workstation, specifies the domain of the users mail server. This setting
must contain at least one default name.
Applies to: Servers and workstations
Default: The domain specified during the Setup program.
UI equivalent: On a server, the Domain Name field in the Basics tab of
the Server document; on a workstation, the Domain field in the Mail tab
in the users Person document.
DominoNoBanner
Syntax: DominoNoBanner=value
Description: Web pages created with Domino display a Domino banner
in source headers, as follows:
<HTML>
<! Lotus-Domino Release [release number] - [date of release] on
[platform] >
<HEAD>
Use the DominoNoBanner setting to hide/display the banner.
0 - Displays the banner
1 - Hides the banner
Applies to: Servers
Default: 1. Hiding the banner provides greater default security.
UI equivalent: None
DominoNoDirLinks
Syntax: DominoNoDirLinks=value
Description: On a Web server, specifies whether browser users can use
directory links. Options are:
0 - Allow browser users to access directory links.
1 - Prevent browser users from accessing directory links
Applies to: Servers
Default: 0
UI equivalent: None
DominoR5IntlURLDecoding
Syntax: DominoR5IntlURLDecoding=value
Description: Use DominoR5IntlURLDecoding to enable decoding of
international URL strings using a proprietary encoding scheme.
0 - Disables Domino 5 international URL decoding
1 - Enables Domino 5 international URL decoding
Applies to: Servers
Default: 0. By default, Domino 6 encodes URLs according to the IRI
(International Resource Identifiers) standard and does not decode URL
strings encoded by Domino 5.
UI equivalent: None
DominoXURLProcess
Syntax: DominoXURLProcess=value
Description: Use DominoXURLProcess to enable a Domino Web servers
URL command parser to accept ! as an alternative query component
separator.
0 - Disables ! as an alternative query component separator
1 - Enables ! as an alternative query component separator
Applies to: Servers
Default: 0. By default, Domino does not recognize ! as an alternative
query component separator.
UI equivalent: None
C-28 Administering the Domino System, Volume 2
Reference
DST
Syntax: DST=value
Description: Specifies that a server or workstation observe daylight
saving time:
0 - Do not observe daylight saving time
1 - Observe daylight saving time
When you select this option, the created/modified time for documents
created or modified from the first Sunday in April through the last
Sunday in October are time-stamped one hour later than the servers
system time. This option lets you adjust for daylight saving time without
changing the actual system time.
Applies to: Servers and workstations
Default: 1 (observe daylight saving time)
UI equivalent: On a workstation, Daylight saving time field in the Basics
tab in the Advanced tab in the Location document; on a server, Daylight
saving time field in the Server document.
For information on additional ways to adjust the time stamp for daylight
saving, see the topics DST_Begin_Date, DST_End_Date, and
DSTlaw in this chapter.
DSTlaw
Syntax: DSTlaw=begin_month, begin_week, begin_day, end_month,
end_week, end_day
Description: Specifies when daylight saving time (DST) is observed. By
default, the DST period is defined as the first Sunday in April to the last
Sunday in October. (This is the period during which DST is observed in
the United States.) The variables begin_month, begin_week, and begin_day
define the month, week, and day, respectively, when DST begins. The
variables end_month, end_week, and end_day define when DST ends.
Months are 1 (January) through 12 (December); weeks are 1 through 4;
days are 1 (Sunday) through 7 (Saturday). You can use negative numbers
to specify the weeks, where -1 is the last week of the month, -2 is the
second to last week, and so on. For example:
DSTlaw=4 1 1 10 -1 1
Defines DST as beginning in April (4), on the first week (1), on
Sunday (1); and ending in October (10), on the last week (-1), on
Sunday (1).
NOTES.INI File C-29
DST_Begin_Date
Syntax: DST_Begin_Date=date
Description: date is the date when daylight saving time will begin,
specified in dd/mm/year format.
In most cases, this parameter is not necessary. Some regions of the world
do not recognize the beginning of daylight saving time on the first
Sunday in April. If your server is in a region where this is true, use this
parameter to specify the exact date when DST begins. Use this setting
along with DST_End_Date, which specifies when daylight saving time
ends.
Applies to: Servers
Default: None, although if this setting is omitted, daylight saving time
begins the first Sunday in April.
UI equivalent: None
For information on additional ways to adjust the time stamp for daylight
saving, see the topics DST, DST_End_Date, and DSTlaw in this
chapter.
DST_End_Date
Syntax: DST_End_Date=date
Description: date is the date when daylight saving time will end,
specified in dd/mm/year format.
In most cases, this parameter is not necessary. Some regions of the world
do not recognize the ending of daylight saving time as the last Sunday in
October. If your server is in a region where this is true, use this
parameter to specify the exact date when DST will end. Use this setting
EditExpnumber
Syntax: EditExpnumber=value1, value2, value3, value4, value5...
Description: Settings used for file exports done at the document level.
These are valid values:
Parameter
Enter
value1
value2
value3
value4
value5 - x
Reference
EditImpnumber
Syntax: EditImpnumber=value1, value2, value3, value4, value5
Description: Settings used for file imports done at the document level.
The following are valid values:
Parameter
Enter
value1
value2
value3
value4
value5 - x
EmptyTrash
Syntax: EmptyTrash=value
Description: Specifies when and how the Trash folder will be purged of
documents marked for deletion. Options are:
0 - Prompt the user before closing the database
1 - Always empty the Trash folder before closing the database
2 - Empty the Trash folder manually
Applies to: Workstations
Default: 0
UI equivalent: File - Preferences - User Preferences - Basics - Empty
Trash folder.
Reference
Enable_ACL_Files
Syntax: Enable_ACL_Files=value
Description: Specifies whether to enable ACL file checking on a server.
ACL files are an option for protecting server directories, and contain the
names of users authorized to access those directories. Servers in xSP
configurations enable this feature by default. In an xSP configuration, an
individual ACL file is automatically created for each individual hosted
organization, to prevent users in one hosted organization from traversing
a directory that belongs to another hosted organization.
0 - Disable ACL file checking
1 - Enable ACL file checking
Applies to: Servers
Default: For non-xSP configurations, this variable is set to 0 (disabled).
For xSP configurations, it is set to 1 (enabled).
UI equivalent: None
EnableBiDiNotes
Syntax: EnableBiDiNotes=value
Description: Turns On/Off the support for BiDirectional Languages
(Arabic, Hebrew).
0 - Turns BiDirectional support off
1 - Turns BiDirectional support on
Applies to: Workstations
Default: 0 (off)
UI equivalent: None
ExtMgr_AddIns
Syntax: ExtMgr_AddIns=value1, value2, value3...
Description: Defines the list of add-in files for the Extension Manager.
Domino or Notes reads this variable on initialization and then attempts
to load the specified library or libraries. For example:
ExtMgr_AddIns=logdll,amgrdll
In addition, you can use ExtMgr_AddIns to add one or more custom
Extension Manager applications. The name of the add-in file may begin
with the platform specifier character N under Windows. This character
may be omitted when using the ExtMgr_AddIns setting.
Applies to: Servers and workstations
Default: None
UI equivalent: None
FileDlgDirectory
Syntax: FileDlgDirectory=path
Description: Specifies the default directory for all file searches. If you
specify this setting, Domino looks only in the specified location.
Applies to: Servers
Default: None, although if this setting is omitted, Domino searches the
Domino Data directory.
UI equivalent: None
Fixup_Tasks
Syntax: Fixup_Tasks=number of tasks
Description: Specifies the maximum number of Fixup tasks that are
created at server startup. A Fixup task performs a consistency check on
any database that requires it. Server initialization continues while Fixup
tasks run.
Applies to: Servers
Default: Twice the number of CPUs on the system.
UI equivalent: None
C-34 Administering the Domino System, Volume 2
Syntax: FT_DOMAIN_DIRECTORY_NAME=directory
Description: Allows users and administrators to select the location and
name of the domain index. By default, the domain index is located in the
Domino data directory and is named FTDOMAIN.DI. If an alternate
location is specified using this setting, Domino will support directory
links and index relocation.
Applies to: Servers
Default: None. If this setting is omitted, the domain index is located in
the Domino data directory.
UI equivalent: None
FT_Domain_Idxthds
Syntax: FT_DOMAIN_IDXTHDS=number of threads
Description: Specifies the number of indexing threads to use for Domain
Search. Using more threads lets the Domain Catalog server index more
files simultaneously, but requires more CPU utilization, and response to
search queries may be slow. With fewer indexing threads, search speeds
up because of greater CPU availability, but changes are not reflected in
the index as quickly.
Applies to: Servers
Default: None, although if this setting is omitted, the default number of
threads used is two per CPU. For example, a server with two CPUs uses
four indexing threads by default when indexing. Do not exceed eight
threads per server or you may degrade the performance of the server,
even on servers with more than four CPUs.
UI equivalent: None
Reference
FT_Domain_Directory_Name
FT_Index_Attachments
Syntax: FT_Index_Attachments=value
Description: Specifies whether to exclude types of document
attachments in the Domain Index that are not already excluded by
default. A value of 1 includes these document attachments in the index,
and a value of 2 excludes them. The following types of attachments are
excluded from the Domain Index by default: .au, .cca, .dbd, .dll, .exe, .gif,
.img, .jpg, .mp3, .mpg, .mov, .nsf, .ntf, .p7m, .p7s, .pag, .sys, .tar, .tif,
.wav, .wpl, .zip.
Applies to: Servers
Default: 1
UI equivalent: None
FT_Intl_Setting
Syntax: FT_Intl_Setting=language
Description: Imposes several limitations on full text functionality to let
Notes work properly with the Japanese language. When enabled (set to
1), this setting turns off stemming, makes all full text indexes
case-sensitive, and ignores the setting for the stop word file.
Applies to: Workstations
Default: None
UI equivalent: None
FT_Max_Search_Results
Syntax: FT_Max_Search_Results=number of entries
Description: Specifies the maximum number of results (up to
2147483647) that can be retrieved at one time on a database without any
index. For example:
FT_Max_Search_Results=10000
allows a single NotesDatabase or NotesDocumentCollection
FTSearch to return up to 10000 entries.
Applies to: Servers and workstations
Default: 5000
UI equivalent: None
C-36 Administering the Domino System, Volume 2
Reference
FT_No_Compwintitle
Syntax: FT_No_Compwintitle=value
Description: Specifies whether the Domain Catalog server computes the
window titles for documents that are returned by a search.
XXX - Computes document window titles
1 - Omits the computation of document window titles, thus
conserving CPU.
Applies to: Servers
Default: XXX
UI equivalent: None
FTG_No_Summary
Syntax: FTG_No_Summary=value
Description: Specifies whether document summaries can be displayed in
search results. If you use server access lists within a domain to limit
access to information, you might need to check the ACLs of databases on
those servers to ensure that results are filtered. Otherwise, a search might
return a result to a user who cannot access the result document. If the
Domain Catalog server is on a Windows system, search results can
include document summaries whereby users might be able to discern
confidential information. If you are running Domino on Windows and
are not sure that you can properly maintain database ACLs to prevent
this, you might want to disable document summaries by using this
setting in the Domain Catalog servers NOTES.INI file.
XXX - Allows the display of document summaries in search results.
1 - Prevents the display of document summaries in search results.
Applies to: Servers
Default: XXX
UI equivalent: None
For information on Domain Search security, see the chapter Setting Up
Domain Search.
FT_Summ_Default_Language
Syntax: FT_Summ_Default_Language=value
Description: Specifies the language for a document summary in search
results whenever the language in the document is not supported. Valid
values (supported languages) are as follows. If a locales native language
is not supported, use a value of NULL or english.
bokmal
danish
default (You can use this value for the locales native language, if
supported.)
dutch
english
finnish
french
german
italian
nynorsk
spanish
swedish
Applies to: Workstations
Default: None
UI equivalent: None
Health_Report_Purge_After_N_Days
Syntax: Health_Report_Purge_After_N_Days=N
Description: Used for server health monitoring. N is the number of days
that historical documents remain in the database. By default, historical
reports are purged from the database after seven days. To override the
default, add this variable to the NOTES.INI file, and specify the number
of days for which historical documents remain in the database.
Applies to: Servers
Default: 7 (days)
UI equivalent: None
C-38 Administering the Domino System, Volume 2
Reference
HTTPEnableConnectorHeaders
Syntax: HTTPEnableConnectorHeaders=value
Description: Enables the Domino HTTP task to process special headers
that are added to requests by a WebSphere 4.0.3 plug-in installed on a
foreign Web server. When the plug-in relays an HTTP request to the
Domino back-end server, the plug-in adds headers that include
information about the front-end servers configuration and user
authentication status. As a security measure, the HTTP task ignores these
headers if the setting is not enabled. This prevents an attack via plug-in
mimicking.
0 - The Domino HTTP task does not process the special headers.
1 - The Domino HTTP task does process the special headers.
Applies to: Servers
Default: 0
UI equivalent: None
HTTPLogUnauthorized
Syntax: HTTPLogUnauthorized=value
Description: When set to 1, the Web Server logs Error 401 instances to
the server console. These instances are generated in two cases:
ICMNotesPort
Syntax: ICMNotesPort=port name
Description: Specifies the name of the Notes network port for TCP/IP
that you are linking the Internet Cluster Manager (ICM) service with.
This setting is required for a partitioned server hosting the ICM service,
and for a single server hosting that service if the server has more than
one Notes port for TCP/IP.
Applies to: Servers
Default: None
UI equivalent: None
IMAILExactSize
Syntax: IMAILExactSize=value
Description: Specifies that the IMAP service report the exact size of a
MIME message when requested by a client.
0 - The IMAP service estimates the message size
1 - The IMAP service reports the exact message size
By default, the IMAP service estimates the message size. This helps
improve server performance. Set this to 1 only if clients require the exact
size.
Applies to: Servers
Default: 0
UI equivalent: None
IMAP_Config_Update_Interval
Syntax: IMAP_Config_Update_Interval=number of minutes
Description: Specifies in minutes how frequently the IMAP server checks
for configuration changes made to the Domino Directory.
Applies to: Servers
Default: None, although the update interval is 2 minutes if this setting is
not included in NOTES.INI file.
UI equivalent: None
C-40 Administering the Domino System, Volume 2
IMAP_Convert_Nodisable_Folder_Refs
Syntax: IMAP_Convert_Nodisable_Folder_Refs=value
Description: Specifies whether the mail conversion utility (CONVERT)
preserves folder references when updating mail files for use with the
Domino 6 IMAP service.
0 (or variable not set) - The conversion process disables folder
references.
1 - The conversion process preserves folder references
Applies to: Servers
Default: None, although without this setting, Domino removes folder
references during conversion.
UI equivalent: None.
In earlier releases of Domino, the IMAP service used folder references in
the mail template to retrieve IMAP folder and message data. Because the
Domino 6 IMAP service does not use folder references, and preserving
folder references retards IMAP performance, by default, when you run
the mail conversion utility (CONVERT) to prepare mail files for IMAP
use, it removes folder references from the converted mail files.
Set this variable only in environments where Domino applications other
than the IMAP service use folder references in mail files to track
information. When this variable is set, folder references are preserved
during all mail file conversions, whether performed manually from the
server console, or automatically as the result of an IMAP user logging in
to the IMAP service for the first time. Following conversion, the IMAP
folder and message data maintained by folder references is initially
synchronized with the Domino 6 IMAP information. However, as the
Router delivers new messages to the mail file, folder references are not
updated.
Reference
IMAPDisableFTIImmedUpdate
Syntax: IMAPDisableFTIImmedUpdate=value
Description: Specifies whether or how the IMAP server will do an
immediate FTI update after a new message is appended. This is required
for searching for new messages immediately.
1 - Suppress the update request (by default, the update suppression
time is 15 minutes)
2 - Disable FTI update
Applies to: Servers
Default: The IMAP server does an immediate FTI update after a new
message is appended.
UI equivalent: None
IMAPDisableMsgCache
Syntax: IMAPDisableMsgCache=value
Description: Specifies whether the IMAP server will cache the last
fetched message.
1 - Disable the cache
Applies to: Servers
Default: The IMAP server caches the last fetched message.
UI equivalent: None
IMAPGreeting
Syntax: IMAPGreeting=greeting
Description: Customizes the greeting the IMAP server sends to clients
connecting over TCP/IP.
Applies to: Servers
Default: None, although without the setting the following greeting is
used:
* OK Domino IMAP4 Server V5.0 ready Mon, 10 May 1999
17:57:13 -0500
UI equivalent: None
C-42 Administering the Domino System, Volume 2
Reference
IMAPNotesPort
Syntax: IMAPNotesPort=port name
Description: Specifies the name of the Notes network port for TCP/IP that
you are linking the IMAP service with. This setting is required for a
partitioned server hosting IMAP, and for a single server hosting it if the
server more than one Notes port for TCP/IP.
Applies to: Servers
Default: None
UI equivalent: None
For information on binding an Internet service to an IP address, see the
chapter Setting Up the Domino Network.
IMAPRedirectSSLGreeting
Syntax: IMAPRedirectSSLGreeting=greeting
Description: Customizes the message the IMAP server sends to clients
attempting to connect over TCP/IP when the TCP/IP port is configured
to Redirect to SSL.
Applies to: Servers
Default: None, although without the setting the following greeting is
used:
IMAP Server configured for SSL Connections only. Please
reconnect using the SSL Port portnumber.
UI equivalent: None
IMAP_Session_Timeout
Syntax: IMAP_Session_Timeout=number of minutes
Description: Specifies when the IMAP server drops idle IMAP client
sessions. We recommend specifying a setting greater than ten minutes;
many IMAP clients poll for new mail every ten minutes and the
overhead of supporting idle session is less than the overhead required to
support clients logging on and opening mailboxes.
IMAPShowIdleStatus
Syntax: IMAPShowIdleStatus=value
Description: If enabled, the command sh task at the server console will
show idle IMAP threads.
1 - Enable the display of idle IMAP threads
Applies to: Servers
Default: Off
UI equivalent: None
IMAPSSLGreeting
Syntax: IMAPSSLGreeting=greeting
Description: Customizes the greeting the IMAP server sends to clients
connecting over SSL.
Applies to: Servers
Default: None, although without the setting the following greeting is
used:
* OK Domino IMAP4 Server V4.6 ready Mon, 12 May 1997
17:57:13 -0500
UI equivalent: None
Default: None
UI equivalent: The Play a Sound field on the Mail tab in the User
Preferences dialog box (choose File - Preferences - User Preferences.)
INET_Authenticate_with_Secondary
Syntax: INET_Authenticate_with_Secondary=value
Description: Allows a Domino POP3 server to use passwords stored in
directories other than the primary for services other than HTTP, such as
LDAP, IMAP, and POP3.
0 - Disables this setting.
1 - Enables this setting
Applies to: Servers
Default: 1
UI equivalent: None
InstallType
Syntax: InstallType=value
Description: Identifies the type of Notes client installed, as follows:
0 - Designer License Type
1 - Administration License Type
2 - Designer and Administration License Type
This line is updated when you perform an incremental setup after
installing Notes 5.
Applies to: Workstations
Default: None
UI equivalent: None
Reference
JavaEnableJIT
Syntax: JavaEnableJIT=value
Description: Enables the default JIT if one is provided. Specify 1 as the
JavaEnableJIT value to allow normal loading of the default JIT.
Caution JITs can be unstable and lead to unexpected crashes.
Applies to: Servers
Default: 0
UI equivalent: None
JavaJITName
Syntax: JavaJITName=name
Description: Enables the specified JIT. You must provide the named JIT
or an error is reported by the Java Virtual Machine (JVM), although
execution continues without the named JIT. Use the JavaJITName setting
to load a JIT other than the default JIT (if one is provided).
Caution JITs can be unstable and lead to unexpected crashes.
Applies to: Servers
Default: None
UI equivalent: None
JavaMaxHeapSize
Syntax: JavaMaxHeapSize=number of bytes
Description: Specifies the maximumnot initialsize the Java heap can
reach. The Java Virtual Machine (JVM) starts out at 16MB of heap space
and most of it is uncommitted. If the JVM needs more heap than it
currently has, it will expand the heap in increments but will not exceed
the maximum. Exceptions such as java.lang.OutOfMemoryError
indicate that a heap has reached its maximum size. You can specify the
number of bytes directly or use the suffix MB to indicate megabytes,
for example, specifying 64MB is the same as specifying 67108864.
Applies to: Servers
Default: 64MB
UI equivalent: None
C-46 Administering the Domino System, Volume 2
Reference
JavaMinHeapSize
Syntax: JavaMinHeapSize=number of bytes
Description: Specifies the initial size of the Java heap at Java Virtual
Machine (JVM) startup. If the JVM needs more heap than it currently has,
it will expand the heap in increments but will not exceed the maximum.
You can specify the number of bytes directly or use the suffix MB to
indicate megabytes, for example, specifying 16MB is the same as
specifying 16777216.
Applies to: Servers
Default: 16MB
UI equivalent: None
JavaNoAsyncGC
Syntax: JavaNoAsyncGC=value
Description: Prevents the Java Virtual Machine (JVM) from running the
garbage collection (GC) mechanism in a separate background thread.
Specify 1 as the JavaNoAsyncGC value to debug internal JVM problems.
Applies to: Servers
Default: 0
UI equivalent: None
JavaNoClassGC
Syntax: JavaNoClassGC=value
Description: Prevents the garbage collection (GC) mechanism of classes,
which protects static fields. Specify 1 as the value to enable the
JavaNoClassGC setting.
Applies to: Servers
Default: 0
UI equivalent: None
JavaStackSize
Syntax: JavaStackSize=number of bytes
Description: Specifies the size of each Java threads execution stack. You
may need to increase the default number of bytes if you need
deeply-nested call stacks, but otherwise you should not need to change
the default.
Applies to: Servers
Default: 409600
UI equivalent: None
JavaUserClasses
Syntax: JavaUserClasses=list
Description: Allows code-sharing across agents and applets. The value
list is a list of directories, JAR files, or ZIP files that are added to the Java
Virtual Machines internal classpath so that classes can be found via the
system loader (rather than via attachment to the agent or applet). Note
that this doesnt replicate and requires access to the file system on the
server.
Use a semicolon (;) to separate list items for Win32 and OS/2 systems
and use a colon (:) to separate list items for UNIX systems; for example, a
valid list for Win32 is:
c:\classes;d:\appxyz\stuff.jar
JavaVerbose
Syntax: JavaVerbose=value
Description: Enables the verbose setting of the Java Virtual Machine
(JVM), which causes the JVM to issue many messages while it runs.
Specify 1 as the JavaVerbose value to troubleshoot runtime problems.
Applies to: Servers
Default: 0
UI equivalent: None
C-48 Administering the Domino System, Volume 2
Reference
JavaVerboseGC
Syntax: JavaVerboseGC=value
Description: Enables the verbose setting of the garbage collection (GC)
mechanism in Java Virtual Machine (JVM), which causes the JVM to
issue many messages about memory usage as GC runs. Specify 1 as the
JavaVerboseGC value to enable this setting.
Applies to: Servers
Default: 0
UI equivalent: None
KeyFileName
Syntax: KeyFileName=path
Description: Specifies the location of the server ID or the user ID file.
This setting lets an administrator use one ID to run the server. For
example:
On Macintosh, KeyFileName=Notes:JForgo.ID
On UNIX, KeyFileName=/home/server1/notes/kbowker.id
On Windows, KeyFileName=C:\Lotus\Notes\DMccarrick.ID
For information on specifying a server ID file for a machine that runs
both the Notes workstation and Domino server programs, see the topic
ServerKeyFileName later in this chapter.
Applies to: Servers and workstations
Default: The ID for the administrator that you specify when you set up
the server.
UI equivalent: None
KitType
Syntax: KitType=value
Description: Specifies which program you are running:
1 - Workstation
2 - Server
Applies to: Servers and workstations
Default: Specified during the Install program. You can install the
workstation, the server, or both the workstation and server. The value
when you install the server and workstation on the same machine is 2.
UI equivalent: None
LANnumber
Syntax: LANnumber=port_driver, unit_ID, not_used, buffer_size
Description: Specifies information about network ports on servers and
workstations. For example:
LAN0=spx, 1, , 2000
LAN1=netbios, 0, 15, 2000, , 12288
The LAN0 port is configured for an SPX network connection. The LAN1
port is configured for a NetBIOS connection and contains additional port
setup information. Exclude the _ or i prefix and the .DLL extension from
the port driver name.
Applies to: Servers and workstations
Default: Specified during the Install program.
UI equivalent: On a workstation, File - Preferences - User Preferences Ports; on a server, the Ports tab in the Server document.
Reference
LDAPBatchAdds
Syntax: LDAPBatchAdds=value
Description: Specifies which views in the Domino Directory the LDAP
service updates after processing an LDAP write operation:
0 - After a write operation the LDAP service updates all the Domino
Directory views it uses
1 - After a write operation the LDAP service updates only the
($LDAPRDNHier) view and waits for the Update task to update the
other views it uses
Use LDAPBatchAdds=1 before doing batch LDAP adds of 100 entries or
more so that so that the additions are processed more quickly. When the
LDAP adds are complete, immediately remove the setting or change it
back to LDAPBatchAdds=0. Failure to immediately remove or change
this setting back to 0 after completing the batch processing will cause
subsequent LDAP operations to be unreliable.
Applies to: Servers
Default: None, although without this setting, after processing an LDAP
write operation the LDAP service updates all the views it uses.
UI equivalent: None
LDAPConfigUpdateInterval
Syntax: LDAPConfigUpdateInterval=number of minutes
Description: Specifies the interval at which the LDAP service detects and
puts into effect changes to these configuration settings:
NOTES.INI settings related to the LDAP service set through the Set
Configuration command
You must always restart the LDAP task to put into effect changes to these
settings:
Port and port security settings on the Ports - Internet Ports Directory tab.
LDAPGroupMembership
Syntax: LDAPGroupMembership=value
Description: The LDAP service always searches Domino groups
specified as Multi-purpose, Access Control List only, Servers only,
or Deny List only groups because it can do so quickly. However
because searches of Domino groups specified as Mail only groups or of
groups that do not have a value for the GroupType attribute can be slow,
by default the LDAP service does not always search these types of
groups. The LDAP service does not search these types of groups if a
search query meets all of the following criteria, indicating a query that is
typically used for authentication:
The two filters above are concatenated using the AND operator.
For example, by default the LDAP service does not search Domino Mail
only groups and groups that do not have values for the GroupType
attribute if search queries such as these are specified:
(&(objectclass=dominoGroup)(member=cn=jack
brown,o=acme))
(|(&(objectclass=groupOfUniqueNames)(uniqueMember=cn=
jackbrown,o=acme))(&(objectclass=groupOfNames)(member=
cn=jack brown,o=acme)))
(&(objectclass=dominoGroup)(member=*br*))
(member=cn=jack brown,o=acme)
(|(&(objectclass=dominoGroup)(member=cn=jack
brown,o=acme))(cn=*groupname*))
To change the LDAP service default behavior for group searches, specify
one of these values for this setting:
1 - Always search all groups that meet specified search criteria. If
you choose this setting, full-text indexing the directory is
recommended to improve the speed of searches of Domino Mail
only groups and groups that do not use the GroupType attribute.
2 - Never search Domino Mail only groups or groups that do not
use the GroupType attribute.
Note In Domino 5 the name of this setting is
LDAP_MailOnlyGroupOption. The name has been changed
in Domino 6 for clarity. However, you can use either setting name.
Applies to: Servers
Default: None
UI equivalent: None
LDAPNotesPort
Syntax: LDAPNotesPort=port name
Description: Specifies the name of the Notes network port for TCP/IP that
you are linking the LDAP service with. This setting is required for a
partitioned server hosting LDAP, and for a single server hosting it if the
server more than one Notes port for TCP/IP.
Applies to: Servers
Default: None
UI equivalent: None
For information on binding an Internet service to an IP address, see the
chapter Setting Up the Domino Network.
Reference
However, by default the LDAP service does search these groups if search
queries such as these are specified:
LDAPPre55Outlook
Syntax: LDAPPre55Outlook=value
Description: If set to LDAPPre55Outlook=1, if the LDAP service receives
a search query that specifies country (c=xx) as a search base, it converts
the search base to root (). This setting is designed for use with pre-5.5
Microsoft Outlook Express clients which, when users dont specify a
search, automatically use the country associated with the software
version as a search base. Since its likely that pre-5.5 users who dont
specify a search base intend a root search rather than one using the
client-supplied country search base, use this setting if the clients that use
the LDAP service are primarily pre-5.5 Microsoft Outlook Express
clients.
Applies to: Servers
Default: None
UI equivalent: None
Location
Syntax: Location=location_name
Description: Identifies the users current location.
Applies to: Workstations
Default: None
UI equivalent: File - Mobile - Choose Current Location.
Value
logfilename
log_option
Log options:
1 - Log to the console
2 - Force database fixup when opening the log file
4 - Full document scan
not_used
days
size
For example:
Log=LOG.NSF,1,0,7,20000
The log file (LOG.NSF) is deleted in seven days and can contain up
to 20,000 bytes. All log information is also sent to the console.
Applies to: Servers
Default: Log=LOG.NSF,1,0,7,40000
UI equivalent: None
Log_AgentManager
Syntax: Log_AgentManager=value
Description: Specifies whether or not the start of agent execution is
recorded in the log file and shown on the server console:
0 - Do not log agent execution events
1 - Log agent execution events (partially and completely successful)
2 - Log agent execution events (completely successful only)
Applies to: Servers
Default: None
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
NOTES.INI File C-55
Reference
Log
Log_Authentication
Syntax: Log_Authentication=value
Description: Specifies whether or not authentication logging is enabled
on the server. To enable authentication logging, set Log_Authentication
to a value of 1.
For example, if you specify the following NOTES.INI settings:
Log_Authentication=1 (to enable logging)
Debug_Console=1 (to write output to the console window)
Debug_Outfile=c:\debug\debug.txt (to write output to the specified
text file)
this is sample output from client NOTES.INI:
Authenticate: CN=CLEVES01/OU=Cleveland/OU=A/O=Acme
T:64 E:1: S:64:22 A:4:1 L:N:N:N
Authenticate: CN=ACCOUNT/OU=Memphis/OU=A/O=Acme
T:64 E:1: S:64:22 A:4:1 L:N:I:N
Authenticate: CN=CLEVES02/OU=Cleveland/OU=A/O=Acme
T:128 E:1: S:128:22 A:4:1 L:N:N:N
and this is sample output from server NOTES.INI:
Authenticate: CN=Jane Ochoa/O=Acme
T:128 E:1: S:128:22 A:4:1 L:N:N:N
You can use the following table to interpret the output.
Field
Description
Ticket Width
Examples of values are 64 and 128.
Encryption Bit
Examples of values are 1 (Encrypted), 0 (Not encrypted), and 1:e
(Escrow for International).
Encryption Strength
The first value is the key length; for example, 128, 64, and 40.
The second value is the algorithm; for example, 22 (RC4) and 2F (RC2).
continued
Reference
Field
Description
Algorithm
Examples of values are 4:1 (RC4) and 2:0 (RC2).
License Info
The first value applies to the local ID (that is, local client or server); the
second value applies to the remote ID (that is, the server); and the third
value applies to the version of local software. Examples of values are N
(North American/Global) and I (International).
Log_Connections
Syntax: Log_Connections=value
Description: Specifies whether or not connection logging is enabled on
the server. When connection logging is enabled, the server console
displays the Notes network port, the network address of the requesting
system, and the network address of the destination server.
0 - Do not log connections
1 - Log connections
Applies to: Servers
Default: None
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
Log_Console
Syntax: Log_Console=value
Description: Security administrators can use this setting to enforce the
logging of server console command output, which can otherwise be
prevented if the command is prefixed with an exclamation point (!).
0 - Console command logging turned off
1 - Console command output logged, unless its prefixed with an
exclamation point
NOTES.INI File C-57
Log_DirCat
Syntax: Log_DirCat=value
Description: Controls which information related to the Directory
Cataloger task is logged to the console and to the Miscellaneous Events
view of the log file (LOG.NSF):
1 - Logs when the Directory Cataloger starts and finishes, the name
and domain of each source Domino Directory as it is aggregated, the
number of entries processed.
3 - Logs same information as 1, except in addition, logs the names of
all entries processed. Using 3 is not recommended because it slows
performance and fills the log file. If you do use 3, use it only
temporarily.
Applies to: Servers
Default: None, although without this setting the log file only shows
when the Directory Cataloger starts.
UI equivalent: None
LogFile_Dir
Syntax: LogFile_Dir=directoryname
Description: Specifies the directory for the Console Log file
(CONSOLE.LOG, by default). If both this setting and the
Debug_Outfile setting exist and Debug_Outfile contains a fully
qualified path name, then LogFile_Dir is not used. If neither
Debug_Outfile or LogFile_Dir exist, then the default path
\DATADIRECTORY\IBM_TECHNICAL_SUPPORT is used.
Reference
Log_Replication
Syntax: Log_Replication=value
Description: Specifies the level of logging of replication events
performed by the current server:
0 - Do not log replication events
1 - Log that a database is replicating
2 - Log summary information about each database
3 - Log information about each replicated document (both design
and data documents)
4 - Log information about each replicated field
Applies to: Servers
Default: None
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
Log_Sessions
Syntax: Log_Sessions=value
Description: Specifies whether individual sessions are recorded in the
log file and displayed on the console:
0 - Do not log individual sessions
1 - Log individual sessions
Applies to: Servers
Default: None
UI equivalent: The Log All Client Events setting that is an Advanced
server Setup option. You can also specify this setting in the NOTES.INI
Settings tab of the Configuration Settings document in the Domino
Directory.
Log_Tasks
Syntax: Log_Tasks=value
Description: Specifies whether the current status of server tasks is
recorded in the log file and displayed on the console:
0 - Do not send status information
1 - Send the status of server tasks to the log file and to the console
Applies to: Servers
Default: None
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
Log_Update
Syntax: Log_Update=value
Description: Specifies the level of detail of Indexer events displayed at
the server console and in the log file:
0 - Records when the Indexer starts and shuts down.
1 - Records when the Indexer starts and shuts down and when the
Indexer updates views and full text indexes for specific databases.
2 - Records when the Indexer starts and shuts down and when the
Indexer updates views and full text indexes for specific databases.
Also records the names of views the Indexer is updating.
Applies to: Servers
Default: None
UI equivalent: None
Reference
Log_View_Events
Syntax: Log_View_Events=value
Description: Specifies whether messages generated when views are
rebuilt are recorded in the log file:
0 - Do not log messages when views are rebuilt
1 - Log messages when views are rebuilt
Removing this setting from the NOTES.INI file also disables logging of
these messages.
Applies to: Servers
Default: None
UI equivalent: None
MailCharSet
Syntax: MailCharSet=value
Description: Specifies the character set a POP3 server uses when
downloading mail messages to a POP3 client. value corresponds to a
character set as follows:
Character set group
Language: Encoding
character set
MIME name
MailCharSet
value
Western
Codepage 1252
usascii
82
Western
Codepage 1252
us-ascii
82
Western
iso-8859-1
32
Western
x-mac-roman 96
Central European
Codepage 1250
cp1250 *
80
Central European
iso-8859-2
33
Turkish
iso-8859-3
34
Turkish
iso-8859-9
40
Turkish
Codepage 1254
cp1254 *
84
Taiwanese
big5
26
Taiwanese
EUC-TW
x-euc-tw
3,302
Thai
Codepage 874
cp874 *
144
Simplified Chinese
gb2312
27
continued
Language: Encoding
character set
MIME name
MailCharSet
value
Korean
EUC-KR
euc-kr
24
Japanese
EUC-J
x-euc-jp
3,301
Japanese
ISO-2022-JP
iso-2022-jp
3,277
Japanese
ShiftJIS
x-sjis
18
Greek
ISO 8859-7
iso-8859-7
38
Greek
Codepage 1253
cp1253 *
83
Cyrillic
Codepage 1251
cp1251 *
81
Cyrillic
ISO 8859-5
iso-8859-5
36
Cyrillic
KOI8
koi8-r
3,308
Baltic Rim
iso-8859-4
35
Baltic Rim
Codepage 1257
cp1257 *
87
Arabic
ISO 8859-6
iso-8859-6
37
Arabic
Codepage 1256
cp1256 *
86
Hebrew
ISO 8859-8
iso-8859-8
39
Hebrew
Codepage 1255
cp1255 *
85
If you do not use this setting, the POP3 server looks for a
WWWDSP_Codepage value, if this setting is added.
(WWWDSP_Codepage controls the character set used by the Web
Navigator and accepts the same values as MailCharSet.)
Applies to: Servers
Default: None, although if this setting is omitted and there is no
WWWDSP_Codepage setting, the POP3 server uses the us-ascii
character set.
UI equivalent: None
Reference
MailCompactDisabled
Syntax: MailCompactDisabled=value
Description: Enables or disables the routine compacting of the servers
MAIL.BOX. Without this setting in the NOTES.INI file, MAIL.BOX is
compacted routinely when the Compact server task runs:
0 - Enables compacting of MAIL.BOX
1 - Disables compacting of MAIL.BOX
Applies to: Servers
Default: None
UI equivalent: None
MailCompactHour
Syntax: MailCompactHour=value
Description: Use this setting to specify the time at which the router
should perform mailbox compaction.
Value is based on a 24-hour clock. For example, MailCompactHour=22
will cause compaction to initiate around 10pm.
Applies to: Servers
Default: In the absence of the setting, the router will perform mailbox
compaction at 4 AM.
UI equivalent: None
MailConvertMIMEonTransfer
Syntax: MailConvertMIMEonTransfer=value
Description: Enables or disables MIME message conversion on the
router. This can help minimize conversion overhead on the server
running the SMTP listener task.
0 - Router does not perform conversions for MIME messages
1 - Router performs conversions for MIME messages
Applies to: Servers
Default: 0
UI equivalent: None
Mail_Disable_Implicit_Sender_Key
Syntax: Mail_Disable_Implicit_Sender_Key=value
Description: Determines whether to encrypt an encrypted message with
the senders public key:
0 - Does not encrypt the encrypted message with the senders public
key
1 - Encrypt the encrypted message with the senders public key
Applies to: Workstations
Default: 0
UI equivalent: None
Mail_Log_To_MiscEvents
Syntax: Mail_Log_To_MiscEvents=value
Description: Determines whether all mail event messages are displayed
in the Miscellaneous Events view of the log file:
0 - Does not display mail events in the Miscellaneous Events view
1 - Displays mail events in the Miscellaneous Events view
Applies to: Servers and workstations
Default: None, although if this setting is omitted, mail events are not
displayed in the Miscellaneous Events view.
UI equivalent: None
MailServer
Syntax: MailServer=server
Description: Specifies the server where the users mail file resides.
Applies to: Servers and workstations
Default: None
UI equivalent: The Mail Server field in the Mail tab of the Person
document in the Domino Directory.
C-64 Administering the Domino System, Volume 2
Reference
Mail_Skip_NoKey_Dialog
Syntax: Mail_Skip_NoKey_Dialog=value
Description: Specifies whether to display the Encryption Failure dialog
when Notes cannot locate the public key to sign or encrypt a message:
0 - The Dont show signature or encryption failures again and
continue sending dialog appears when Notes cannot find the public
key.
1 - The Dont show signature or encryption failures again and
continue sending dialog does not appear when Notes cannot find
the public key. Notes then sends the message unsigned and/or
unencrypted.
Applies to: Workstations
Default: None
UI equivalent: The Dont show signature or encryption failures again
and continue sending checkbox in the Encryption Failure dialog box.
MailSystem
Syntax: MailSystem=value
Description: Specifies the mail system that the user selected during the
workstation setup procedure:
0 - Notes mail
1 - cc:Mail or a non-Lotus mail system
Applies to: Servers and workstations
Default: None
UI equivalent: The mail system selection made during workstation
setup.
MailTimeout
Syntax: MailTimeout=number of days
Description: Specifies the number of days after which the server returns
undelivered mail to the sender. Increase this setting when you have a lot
of mail returned in one day or when you are sending mail to foreign
domains.
Note To specify a period of less than one day, use the NOTES.INI
setting MailTimeoutMinutes.
Applies to: Servers
Default: None, although if this setting is omitted, undelivered mail is
returned after one day.
UI equivalent: None, but you can specify this setting in the NOTES.INI
Settings tab of the Configuration Settings document in the Domino
Directory.
MailTimeoutMinutes
Syntax: MailTimeoutMinutes=number of minutes
Description: Specifies the number of minutes after which the server
returns undelivered mail to the sender. The maximum number of
minutes is 1440 (24 hours).
Note To specify a time greater than one day, use the NOTES.INI setting
MailTimeout.
Applies to: Servers
Default: None
UI equivalent: None
Map_Retry_Delay
Syntax: Map_Retry_Delay=number of minutes
Description: Specifies the number of minutes that a server waits after an
unsuccessful attempt to call another server before it tries again.
Applies to: Servers
Default: None
UI equivalent: None
C-66 Administering the Domino System, Volume 2
Reference
Memory_Quota
Syntax: Memory_Quota=number of megabytes
Description: This setting is for OS/2 only. Specifies the maximum
number of megabytes of virtual memory that the server can allocate. This
gives administrators more control over the growth of the swap file. The
minimum value is 4MB. Without this setting in the NOTES.INI file, the
server uses all available memory.
Applies to: Servers
Default: None
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
MinNewMailPoll
Syntax: MinNewMailPoll=number of minutes
Description: Determines how often workstations can contact the server
to see if new mail has arrived for the user. This setting overrides the
users selection in the Mail Setup dialog box. You can increase the mail
polling interval if there are a large number of mail users on your server,
and you want to prevent frequent polling from affecting server
performance.
Applies to: Servers
Default: None
UI equivalent: None
Move_Mail_File_Expiration_Days
Syntax: Move_Mail_File_Expiration_Days=number of days
Description: Specifies the number of days that the Notes client updates
mail file related Change Requests. After this time period, these become
obsolete Change Requests. For example:
Move_Mail_File_Expiration_Days=30
Applies to: Servers
Default: None
UI equivalent: None
NOTES.INI File C-67
MTCDailyTasksHour
Syntax: MTCDailyTasksHour=time
Description: Specifies the time, in 24-hour format, when the Mail
Tracking Collector (MTC) task performs the daily compaction of the
Domino MailTracker Store database (MTSTORE.NSF). For example:
MTCDailyTasksHour=25:00
Applies to: Servers
Default: None, although in the absence of this setting, compaction occurs
nightly at 2 AM.
UI equivalent: None
MTMaxResponses
Syntax: MTMaxResponses=number of responses
Description: Specifies the maximum number of message tracking
responses returned from a query. The number of responses returned will
be less than or equal to the MTMaxResponses value. Whenever a query
returns more than the MTMaxResponses limit, a message indicating this
appears on the Admininstration panel status line.
Applies to: Servers
Default: None, although if this setting is omitted, the maximum number
of message tracking responses returned from a query is 100.
UI equivalent: None
Names
Syntax: Names=name(s)
Description: Specifies the names of the secondary Domino Directories
that Domino searches to verify recipient names in mail messages. By
default, Domino searches only the primary Domino Directory, which is
typically named NAMES.NSF.
Note It is strongly recommended that you use directory assistance
rather than this setting to do lookups in secondary Domino Directories.
This NOTES.INI setting allows additional directories to be searched in
the order in which they appear and stops searching when it finds a
C-68 Administering the Domino System, Volume 2
The server does not use this feature to look up additional Connection,
Domain, or Server documents specified in additional directories. Ensure
you create all of the necessary Connection, Domain, and Server
documents in the primary Domino Directory.
Local secondary Domino Directories
To specify secondary Domino Directories that are replicated locally on
the server, type the names of the directories without the NSF extension
following the name of the primary Domino Directory; for example
NAMES=NAMES, EASTNAME, WESTNAME
Remote secondary Domino Directories
If secondary Domino Directories are not replicated locally, access them
over the network by specifying server names in canonical format and
their Domino Directories as follows:
CN=servername/OU=organizational unit/O=organization/!!filename
Specify as many organizational units as necessary.
For example, specify:
NAMES=NAMES, CN=serverwest/OU=west/O=acme!!NAMES,
CN=servereast/OU=east/O=acme!!NAMES
If the name of the remote server is flat, omit the canonical format, for
example
NAMES=NAMES, serverwest!!NAMES
If a remote server contains multiple Domino Directories, for example a
hub server, you can point to each directory on the server. To do this, you
must repeat the server name for each directory, for example:
NAMES=NAMES, CN=serverhub/O=acme!!NAMES1,
CN=serverhub/O=acme!!NAMES2
Note Do not add the name of a condensed Directory Catalog as a value
for this setting. Use the Basics tab of the Server document in the Domino
Directory to set up a server to use a condensed Directory Catalog.
Applies to: Servers
Default: NAMES
UI equivalent: None
Reference
match in one of the databases. The file names can be up to 256 characters.
Separate the list of directories with commas. Do not specify the NSF file
extension.
NetWareSocket
Syntax: NetWareSocket=socketnumber
Description: Specifies the IPX socket number used by the Domino server.
Applies to: Servers
Default: None. Domino lets the IPX/SPX protocol stack assign a socket
number dynamically.
UI equivalent: None
For information on assigning the IPX socket number for a Domino server,
see the chapter Setting Up the Domino Network.
NetWareSpxSettings
Syntax: NetWareSpxSettings=value
Description: Specifies the decimal value of the Domino servers IPX
socket.
Applies to: Servers
Default: None
UI equivalent: None
NewMailInterval
Syntax: NewMailInterval=number of minutes
Description: Defines how often (in minutes) Notes checks the users
Inbox for new mail.
Applies to: Workstations
Default: 1
UI equivalent: File - Preferences - User Preferences - Mail - Check for
new mail every x minutes.
Reference
NewUserServer
Syntax: NewUserServer=server
Description: Specifies the registration server for a Domino domain, if
this has not been specified in Administration Preferences.
Applies to: Servers
Default: None
UI equivalent: None
NoDesignMenu
Syntax: NoDesignMenu=value
Description: Hides the Design menu on workstations.
0 - Shows the Design menu
1 - Hides the Design menu
Applies to: Workstations
Default: None, although if this setting is omitted, the Design menu
appears
UI equivalent: None
NoExternalApps
Syntax: NoExternalApps=value
Description: Protects against mail bomb viruses by disabling the
following workstation features:
@MailSend, @DDExxx
No_Force_Activity_Logging
Syntax: No_Force_Activity_Logging=value
Description: Controls whether the Statlog task automatically enables
activity logging on all databases:
0 - Allows automatic activity logging on all databases
1 - Prevents automatic activity logging on all databases
Even when activity is not being recorded for the database, the
information is still recorded in the Activity entry of the Database Usage
view in the servers log file.
Applies to: Servers
Default: None, although if this setting is omitted, the Statlog server task
enables the Record Activity option for every database on the server and
adds 64Kb to each database.
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
NoMailMenu
Syntax: NoMailMenu=value
Description: Hides the Mail menu. When set to 1, the Mail menu doesnt
appear on workstations. This setting also sets the users mail system to
None.
Applies to: Workstations
Default: None, although if this setting is omitted, the Notes Mail menu
appears.
UI equivalent: None
Reference
NoMsgCache
Syntax: NoMsgCache=value
Description: Disables per-user message caching by the IMAP task. This
can improve capacity (number of users) on a server by reducing memory
consumption.
Applies to: Servers
Default: None, although if this setting is omitted, IMAP per-user
message caching will be enabled.
UI equivalent: None
NSF_Buffer_Pool_Size
Syntax: NSF_Buffer_Pool_Size=number of bytes
Description: Specifies the maximum size (in bytes) of the NSF buffer
pool, a section of memory dedicated to buffering I/O transfers between
Domino and disk storage. The maximum size depends on any limitations
of the operating system, and the amount of system memory available.
The minimum size is 4MB.
Note You can also use NSF_Buffer_Pool_Size_MB to set the maximum
size of the NSF buffer pool. This is the same as NSF_Buffer_Pool_Size,
except it specifies the size in megabytes instead of bytes. Use
NSF_Buffer_Pool_Size_MB to avoid the 2GB limitation that exists for
NSF_Buffer_Pool_Size due to NOTES.INI variable limits. (NOTES.INI
variables are signed variables, and cannot be larger than 2GB.)
Applies to: Servers and workstations
Default: Determined automatically by the server or workstation. (This is
strongly recommended, except on partitioned servers.) The more
memory is available, the larger the server sets the default
NSF_Buffer_Pool_Size. On workstations, the maximum setting of the
NSF_Buffer_Pool_Size is 8MB (4MB for MAC). On the server, the default
maximum is determined to be between 1/8 and 3/8 of available physical
memory, depending on the overall size of physical memory. The defaults
are not automatically adjusted on partitioned servers, so it will usually be
necessary to adjust the maximum values in each partition to a fraction of
memory such that the memory used by all partitions adds up to
approximately 1/4 to 3/8 of memory.
UI equivalent: None
NSF_DbCache_Disable
Syntax: NSF_DbCache_Disable=value
Description: Controls whether the database cache is enabled on a server.
The database cache is enabled by default.
0 - Enables the database cache
1 - Disables the database cache
Applies to: Servers
Default: None
UI equivalent: None
NSF_DbCache_Maxentries
Syntax: NSF_DbCache_Maxentries=number of databases
Description: Determines the number of databases that a server can hold
in its database cache at one time, where n is the number of databases.
Increasing the database cache size can improve system performance but
requires additional memory. The minimum number of databases allowed
in the cache at one time is 25; the maximum is approximately 2000,
depending on the server platform.
Applies to: Servers
Default: None, although if this setting is omitted, the number of
databases that the server can hold in its cache at one time is either 25, or
the NSF_Buffer_Pool_Size value divided by 300K (whichever is greater).
UI equivalent: None
Num_Compact_Rename_Retries
Syntax: Num_Compact_Rename_Retries=number of times to retry
Description: Domino attempts only once to rename a database that was
copy-style compacted. You can request additional attempts by specifying
a value in the Num_Compact_Rename_Retries setting in the NOTES.INI
file. Domino tries to rename until it succeeds or the number of retries is
exhausted. For example, to request that Domino try once again to rename,
specify Num_Compact_Rename_Retries=1; to request that Domino try 5
more times to rename, specify Num_Compact_Rename_Retries=5.
C-74 Administering the Domino System, Volume 2
NWNDSPassword
Syntax: NWNDSPassword=NDS password
Description: Specifies the password for Domino to log in to the Novell
Directory Service (NDS) tree on system start-up. Until this setting is
added to the NOTES.INI file, an administrator must log in to the NDS
tree before starting the Domino server.
Applies to: Servers
Default: None
UI equivalent: None
For information on setting up NDS for a Domino server, see the
appendix Novell Directory Service for the IPX/SPX Network.
NWNDSUserID
Syntax: NWNDSUserID=NDS user ID
Description: Specifies the user ID for Domino to log into the Novell
Directory Service (NDS) tree on system start-up. Until this setting is
added to the NOTES.INI file, an administrator must log into the NDS
tree before starting the Domino server.
Applies to: Servers
Default: None
UI equivalent: None
For information on setting up NDS for a Domino server, see the
appendix Novell Directory Service for the IPX/SPX Network.
Reference
Passthru_Hangup_Delay
Syntax: Passthru_Hangup_Delay=number of seconds
Description: Specifies how long in seconds a passthru server maintains a
dialup connection after its last dialup session ends.
Applies to: Servers
Default: 120
UI equivalent: None
Passthru_LogLevel
Syntax: Passthru_LogLevel=value
Description: Specifies the level of trace information recorded for all
network connections (including passthru) in the Miscellaneous Events
view of the log file.
0 - No information is recorded
1 - Only errors are recorded
2 - Summary progress information is recorded
3 - Detailed progress information is recorded
4 - Full trace information is recorded
5 - Full trace information plus driver messages are recorded
Applies to: Servers and workstations
Default: 0
UI equivalent: File - Preferences - User Preferences - Ports - Trace Notes Log options
PhoneLog
Syntax: PhoneLog=value
Description: Specifies whether phone calls are recorded in the log file:
0 - Does not record phone calls to the log file
1 - Records all calls, except those that fail because of a busy signal
2 - Records all phone calls
Default: 2
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
PKCS11_Library
Syntax: PKCS11_Library=path
Description: Specifies the location of the servers locally installed
PKCS#11 file for enabling Smartcards. For example:
PKCS11_Library=C:\Program Files\Schlumberger\Smart Cards and
Terminals\Common Files\slbck.dll
Applies to: Servers
Default: None
UI equivalent: The Smartcard installation wizard will prompt the user to
install the appropriate DLL for the Smartcard.
Platform_Statistics_Disabled
Syntax: Platform_Statistics_Disabled=value
Description: By default, Domino tracks performance metrics of the
operating system and captures the results in the Domino server. Use the
following setting to disable statistic reporting:
Platform_Statistics_Disabled=1
Note You must remove the setting from the NOTES.INI file altogether
to re-enable platform statistic reporting.
Applies to: Servers
Default: None
UI equivalent: None
Reference
POP3ConfigUpdateInterval
Syntax: POP3ConfigUpdateInterval=number of minutes
Description: Determines how often (per minute) the POP3 server will
update its configuration information.
Applies to: Servers
Default: 2 minutes
UI equivalent: None
POP3_Disable_Cache
Syntax: POP3_Disable_Cache=value
Description: Enables/disables message caching for users.
0 - Enables message caching
1 - Disables message caching
Applies to: Servers
Default: 0
UI equivalent: None
POP3DNSLookup
Syntax: POP3DNSLookup=value
Description: Enables/disables reverse DNS lookups of client host names.
0 - Disables reverse DNS lookups of client host names
1 - Enables reverse DNS lookups of client host names
Applies to: Servers
Default: 0
UI equivalent: None
Reference
POP3Domain
Syntax: POP3Domain=domain name
Description: Specifies the name of the Internet domain to use as the
gateway to send mail to the Internet for local addresses. (All local
addresses are converted to Internet addresses.) If this setting is included
in the NOTES.INI file, it overrides the DNS value.
Applies to: Servers
Default: None
UI equivalent: None
POP3_Enable_Cache_Stats
Syntax: POP3_Enable_Cache_Stats=value
Description: Enables/disables message caching statistics.
0 - Disables message caching statistics
1 - Enables message caching statistics
Applies to: Servers
Default: 0
UI equivalent: None
POP3MarkRead
Syntax: POP3MarkRead=value
Description: Specifies whether POP3 messages should be marked as
read after downloading. A value of 1 instructs the server to mark the
messages as read. Default is 0 (messages are marked as unread).
0 - Do not mark POP3 messages as read
1 - Mark POP3 messages as read
Applies to: Servers
Default: 0
UI equivalent: None
POP3_Message_Stat_Cache_NumPerUser
Syntax: POP3_Message_Stat_Cache_NumPerUser=number of message
statistics
Description: Limits the number of message statistics that can be cached
for a single user. Message statistics caches contain UNIDs and saved
message sizes. Each cache entry consumes CPU time and server memory.
Reducing this number can improve server performance.
Applies to: Servers
Default: 50
UI equivalent: None
POP3NotesPort
Syntax: POP3NotesPort=port name
Description: Specifies the name of the Notes network port for TCP/IP that
you are linking the POP3 service with. This setting is required for a
partitioned server hosting POP3, and for a single server hosting it if the
server has more than one Notes port for TCP/IP.
Applies to: Servers
Default: None
UI equivalent: None
For information on binding an Internet service to an IP address, see the
chapter Setting Up the Domino Network.
portname_MaxSessions
Syntax: portname_MaxSessions=number of sessions
Description: Restricts the number of sessions on a specified port.
Applies to: Servers
Default: None
UI equivalent: None
Reference
Ports
Syntax: Ports=portname(s)
Description: This setting indicates which ports are enabled for the server
or workstation. Ports are enabled/disabled by a two step process s using
the Setup Ports dialog box and then using Server documents (for servers)
or the User Preferences dialog box (for workstations). The order in which
ports are listed in this setting can affect how Notes workstations and
Domino servers connect to a system.
Applies to: Servers and workstations
Default: None
UI equivalent: On a workstation, see the Ports tab in the User
Preferences dialog box (choose File - Preferences - User Preferences). On
a server, the Configuration tabs Tools pane, Server - Setup Ports option,
and then see the Ports - Notes Network Ports tab in the Server document.
For information on reordering network ports on a server, see the chapter
Setting Up the Domino Network.
ProgramMode
Syntax: ProgramMode=value
Description: If the user sets up Notes with a Notes Mail ID or switches to
a Notes Mail ID (not a Lotus Notes Desktop ID), a value is written to the
NOTES.INI ProgramMode setting:
0 - Full Notes
1 - Notes Mail
8 - Desktop
Applies to: Workstations
Default: 1 (Full Notes)
UI equivalent: None
Repl_Error_Tolerance
Syntax: Repl_Error_Tolerance=number of replication errors
Description: Specifies the number of replication errors of the same type
that can occur between two databases before the server terminates
replication.
Applies to: Servers
Default: 2
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
ReplicationTimeLimit
Syntax: ReplicationTimeLimit=number of minutes
Description: Specifies a time limit (in minutes) for replication between
one server and another. If this setting is not included in the NOTES.INI
file, there is no time limit.
Applies to: Servers
Default: None
UI equivalent: The Replication Time Limit field in the
Routing/Replication tab in the Connection document in the Domino
Directory.
Replicators
Syntax: Replicators=number of tasks
Description: Specifies the number of Replicator tasks that can run
concurrently on the server.
Note You must shut down and restart the server for this setting to take
effect.
Applies to: Servers
Default: 1
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
C-82 Administering the Domino System, Volume 2
Reference
Repl_Obeys_Quotas
Syntax: Repl_Obeys_Quotas=value
Description: Specifies whether the Replicator obeys quotas.
0 - Disables the Replicator from obeying quotas
1 - Enables the Replicator to obey quotas
Applies to: Servers
Default: The Replicator does not obey quotas.
UI equivalent: None.
Report_DB
Syntax: Report_DB=path
Description: When the Monitoring Configuration database
(EVENTS4.NSF) is created, it is placed in the Domino Data directory. Use
this setting to specify the location of the database if it is located
somewhere other than in the Domino Data directory.
Applies to: Servers
Default: None, but in the absence of any Report_DB setting in the
NOTES.INI file, the default path is Lotus\Domino\Data\events4.nsf.
UI equivalent: None
ReportUseMail
Syntax: ReportUseMail=value
Description: Allows the Reporter task to use the Router to send statistics
to another server in the same domain:
1 - Use the Router
0 - Use the network
Using the Router can be useful for reporting statistics over dial-up
connections to a central collection server.
Applies to: Servers
Default: None, although without the setting, the Reporter task uses the
network to report statistics.
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
RouterAllowConcurrentXferToAll
Syntax: RouterAllowConcurrentXFERToALL=value
Description: Use this setting to enable/disable multiple concurrent
transfer threads for inter-domain Notes routing.
1 - Enables
0 - Disables
Applies to: Servers
Default: None, but if the setting does not appear in the NOTES.INI file,
Dominos default behavior is to disable multiple concurrent transfer
threads for inter-domain Notes routing.
UI equivalent: None
For information on enabling multiple concurrent transfer threads
between Domino domains, see the chapter Customizing the Domino
Mail System.
RouterDisableMailToGroups
Syntax: RouterDisableMailToGroups=value
Description: Specifies whether the router should allow or deny mail
addressed to a group.
0 - Allow the Router to expand groups and forward a message to the
group members.
1 - Router will not expand any groups. It will return the message as a
failure report to the sender - rejected for policy reasons.
Applies to: Servers
Default: 0
UI equivalent: None
Reference
RouterDSNForNullReversePath
Syntax: RouterDSNForNullReversePath=value
Description: Specifies whether the router should return delivery status
notifications (DSNs) for messages received over SMTP with null RFC 821
reverse paths.
0 - Dont return a failed DSN. Create the non delivery report, but
mark it as DEAD. The Administrator can then delete these messages
or release them.
1 - Create and send the delivery status notification.
2 - Do not create a delivery status notification.
Applies to: Servers
Default: 0
UI equivalent: None
RouterEnableMailByDest
Syntax: RouterEnableMailByDest=value
Description: Use this setting to generate verbose mail routing statistics
per destination. These statistics may be useful when attempting to
troubleshoot routing related problems.
0 - No destination based statistics are generated by the router.
1 - Router maintains statistics for each mail routing destination,
which include the last successful/unsuccessful transfer time, total
number of messages routed, and the total number of failures.
Applies to: Servers
Default: None
UI equivalent: None
RTR_Logging
Syntax: RTR_Logging=value
Description: Enables or disables monitoring of Cluster Replicator
activity.
0 - Disables monitoring of the Cluster Replicator
1 - Enables monitoring of the Cluster Replicator
Applies to: Servers
Default: None
UI equivalent: None
Sched_Dialing_Enabled
Syntax: Sched_Dialing_Enabled=value
Description: Enables or disables dialing out to check Busy Time.
Use the following values:
0 - Disables dialing out to check Busy Time
1 - Enables dialing out to check Busy Time
Applies to: Workstations
Default: Dialing out to check Busy Time is disabled.
UI equivalent: None
Sched_Purge_Interval
Syntax: Sched_Purge_Interval=number of days
Description: Specifies how many days prior to the current day to keep
busytime data. A value of 0 means data is never purged.
Applies to: Servers
Default: 7
UI equivalent: None
Syntax: Schedule_Check_Entries_When_Validating=value
Description: Enables or disables whether SchedMgr validates its
busytime database entry on a user by user basis, as follows:
0 - Disables validation
1 - Enables validation
Validation should not be required under normal conditions.
Applies to: Servers
Default: 0
UI equivalent: None
Schedule_No_CalcStats
Syntax: Schedule_No_CalcStats=value
Description: Enables or disables whether SchedMgr updates/calculates
statistics on an hourly daily basis, as follows:
0 - Enables update/calculation
1 - Disables update/calculation
Applies to: Servers
Default: 0
UI equivalent: None
Schedule_No_Validate
Syntax: Schedule_No_Validate=value
Description: Enables or disables whether SchedMgr validates its
busytime database entry on a daily basis, as follows:
0 - Enables validation
1 - Disables validation
Validation should be enabled under normal conditions.
Applies to: Servers
Default: 0
UI equivalent: None
NOTES.INI File C-87
Reference
Schedule_Check_Entries_When_Validating
Schema_Daemon_Breaktime
Syntax: Schema_Daemon_Breaktime=number of seconds
Description: Specifies how often (in seconds) the schema daemon
spawned by the LDAP service checks if it should shut down because its
parent LDAP task is shutting down. In most situations there is no need to
change the breaktime interval. In rare situations, you might increase this
value as a way to free up CPU resources on a heavily used server.
Increasing the breaktime value also increases the time it takes the LDAP
service to shut down.
Applies to: Servers
Default: None, although without this setting, the schema daemon checks
the status of its parent LDAP task every 15 seconds.
UI equivalent: None
Schema_Daemon_Idletime
Syntax: Schema_Daemon_Idletime=number of minutes
Description: Specifies how long (in minutes) the schema daemon
spawned by the LDAP service remains idle after it has completed its
tasks. After the schema daemon has been idle for the specified interval, it
begins its tasks again.
Applies to: Servers
Default: None, although without this setting, the schema daemon
remains idle for 15 minutes.
UI equivalent: None
Schema_Daemon_Reloadtime
Syntax: Schema_Daemon_Reloadtime=number of hours
Description: Specifies how often (in hours) the schema daemon spawned
by the LDAP service adds schema elements for new or changed Domino
Directory forms and fields to its in-memory schema. This operation
occurs only on the administration server for the Domino Directory and
not on other servers in the domain that run the LDAP service.
Schema_Daemon_Resynctime
Syntax: Schema_Daemon_Resynctime=number of hours
Description: Specifies how often (in hours) the schema daemon spawned
by the LDAP service updates the schema published in the Domino LDAP
Schema database with a newer in-memory schema. This operation occurs
only on the Domino Directory administration server, and not other
servers in the domain that run the LDAP service.
Synchronizing the Schema database with in-memory schema is a
CPU-intensive operation. You might set different intervals for
Schema_Daemon_Reloadtime and Schema_Daemon_Resynctime so the
two operations occur at different times. Or you might increase the
interval during periods when there are no schema changes.
Applies to: Servers
Default: None, although without this setting the schema daemon resync
interval is 24 hours.
UI equivalent: None
Reference
Secure_Disable_FullAdmin
Syntax: Secure_Disable_FullAdmin=value
Description: Entering 1 disables the Full Access Administrators field in
the Server document, causing the server to ignore any entries in that
field.
1 - Disables the Full Access Administrators field in the Server
document
0 - Does not disable Full Access Administrators field in the Server
document
Applies to: Servers
Default: 0
UI equivalent: None
SecureMail
Syntax: SecureMail=value
Description: Entering 1 as the value forces the mail program to sign and
encrypt all mail sent from the workstation:
1 - Removes the Sign and Encrypt options from all dialog boxes
0 - Restores the Sign and Encrypt options
Applies to: Workstations
Default: None, although if this setting is omitted, the Sign and Encrypt
options appear
UI equivalent: File - Preferences - User Preferences - Mail - Encrypt sent
mail
Reference
Server_Availability_Threshold
Syntax: Server_Availability_Threshold=value
Description: Specifies the acceptable level of system resources available
to a server. By setting this value for each server in a cluster, you
determine how the workload is distributed among cluster members.
Valid values are 0 to 100. Domino compares this value against a servers
availability index; when the availability index falls below the
Server_Availability_Threshold value, the server becomes BUSY.
A Server_Availability_Threshold value of zero (0) indicates a fully
available state and workload balancing is disabled; a value of 100
indicates the server is BUSY (since the availability index can never be
greater than 100) and the Cluster Manager then tries to redirect user
requests to more available cluster members.
Applies to: Servers
Default: 0
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
Server_Cluster_Default_Port
Syntax: Server_Cluster_Default_Port=portname
Description: Specifies the port used for intracluster network traffic. The
value should be a port name for example, TCP as specified in the
Ports tab of the Server document.
Applies to: Servers
Default: None
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
Server_Console_Password
Syntax: Server_Console_Password=encrypted_password
Description: For the encrypted_password to be written to this setting in the
NOTES.INI file, you must use the Set Configuration server command to
specify the password.
The password can be a combination of letters and numbers. When this
setting is added to the NOTES.INI file, Domino activates the Set Secure
command to secure the server console. The password provided should
be different from the administrators user password. If you forget the
console password, delete this setting from the NOTES.INI file, and then
re-specify a password.
Applies to: Servers
Default: None
UI equivalent: None
ServerKeyFileName
Syntax: ServerKeyFileName=ID_file
Description: Specifies the server ID file to use on a machine that runs
both the Notes workstation program and the Domino server program.
Then, you edit the NOTES.INI KeyFileName setting to specify your user
ID as the ID to use when you run the Notes workstation or API programs
on the server machine.
For more information, see the topic KeyFileName earlier in this
chapter.
Applies to: Servers
Default: None
UI equivalent: None
Server_MaxSessions
Syntax: Server_MaxSessions=number of sessions
Description: Specifies the maximum number of sessions that can run
concurrently on the server. To prevent server overload, decrease this
number if you set up multiple Replicators or Routers.
Applies to: Servers
Default: None
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
Server_MaxUsers
Syntax: Server_MaxUsers=number
Description: Sets the maximum number of users that are allowed to
access a server. When this number is reached, the server state becomes
MAXUSERS, and the server stops accepting new Database Open requests.
Use the following values to set this variable:
0 - Unlimited access to server by users
number - Restricts number of active users to the number you specify
Reference
Server_Max_Concurrent_Trans
ServerName
Syntax: ServerName=name
Description: Specifies the full hierarchical name of the server
Applies to: Servers
Default: None
UI equivalent: The Server Name field in the Server document.
ServerNoReplRequests
Syntax: ServerNoReplRequests=value
Description: Forces the server to refuse all replication requests from
other servers. When this feature is enabled, to replicate with this server,
the requesting server must perform pull-push replication:
0 - Accepts replication requests from other servers
1 - Refuses replication requests from other servers
Applies to: Servers
Default: None, although omitting this setting allows the server to accept
replication requests.
UI equivalent: None
Reference
ServerPullReplication
Syntax: ServerPullReplication=value
Description: Specifies that all scheduled replication initiated from this
server must be pull-push replication. This server will not replicate back
to the other server:
0 - Scheduled replication occurs normally (push-pull replication is
not forced)
1 - This server pulls changes from other servers, but other servers
cannot pull changes from this server
This setting affects only scheduled replication.
For example, to reduce the workload on a hub server, specify 1 for the
ServerPullReplication setting on all spoke servers in a hub-and-spoke
system.
Applies to: Servers
Default: None, although omitting this setting allows for normally
scheduled replication.
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
ServerPushReplication
Syntax: ServerPushReplication=value
Description: Specifies that all scheduled replication initiated from this
server must be push-pull replication. This server does not request that
the other server replicate back.
0 - Scheduled replication occurs normally (push-pull replication is
not forced)
1- Other servers pull changes from this server, but this server cannot
pull changes from other servers
Applies to: Servers
Default: None, although omitting this setting allows for normally
scheduled replication.
UI equivalent: None
Server_Restart_Delay
Syntax: Server_Restart_Delay=number of seconds
Description: Specifies the amount of time (in seconds) the server waits
before restarting with the restart server console command.
Applies to: Servers
Default: None, although by default, Domino waits 10 seconds.
UI equivalent: None
Server_Restricted
Syntax: Server_Restricted=value
Description: Enables or disables server access to a server. If access is
disabled, the server does not accept new Open Database requests.
Use the following values to set this variable:
0 - Server access is unrestricted
1 - Server access is restricted for the current server session. Restarting
the server clears the setting.
2 - Server access is restricted persistently, even after server restarts
Applies to: Servers
Default: None
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
Server_Session_Timeout
Syntax: Server_Session_Timeout=number of minutes
Description: Specifies the number of minutes of inactivity after which
the server automatically terminates network and mobile connections. The
minimum recommended setting is 30-45 minutes. A lower setting may
negatively impact server performance. The ideal setting depends on
factors such as server load and the number of concurrent users on the
server.
Server_Show_Performance
Syntax: Server_Show_Performance=value
Description: Specifies whether or not server performance events are
displayed on the console.
1 - Displays server performance events on console
Applies to: Servers
Default: None
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
ServerTasks
Syntax: ServerTasks=name(s)
Description: Specifies the tasks that begin automatically at server startup
and continue until the server is shut down. For example:
ServerTasks=Replica, Router, Update, Stats, AMgr, Adminp, Sched,
CalConn, Event, Collect, MTC, RunJava ISpy
The server runs the Replicator, Router, Indexer, Stats, Agent Manager,
Administration Process, Schedule Manager, Calendar Connector, Event,
Collector, Mail Tracker Collector, and Mail Probe server tasks. Each task
increases the servers load and may adversely affect server performance.
Note that RunJava ISpy is case sensitive and must be specified exactly as
shown.
Reference
For mobile connections, XPC has its own internal time-out. If the XPC
time-out value is shorter than the Server_Session_Timeout value, the
XPC time-out takes precedence.
ServerTasksAthour
Syntax: ServerTasksAthour=name(s)
Description: Schedules automatic server and database maintenance
functions. Enter the time in 24-hour format, where 0 is 12 AM (midnight)
and 23 is 11 PM. For example:
ServerTasksAt3=Catalog
ServerTasksAt7=Updall
ServerTasksAt16=Catalog, Updall, Statlog
At 3 AM, the server runs the Catalog task. At 7 AM, the server runs the
Updall task. At 4 PM, the server runs the Catalog, Updall, and Statistics
tasks.
Applies to: Servers
Default:
ServerTasksAt1=Catalog, Design
ServerTasksAt2=Updall, Object Collect mailobj.nsf
ServerTasksAt3=Object Info -Full
ServerTasksAt5=Statlog
UI equivalent: None
Setup
Syntax: Setup=revision number
Description: Identifies the version number of the software. The setting is
used by the Install program to determine whether or not to run the Setup
program. This variable also provides an upgrade audit.
Applies to: Servers and workstations
Default: None
UI equivalent: None
C-98 Administering the Domino System, Volume 2
Reference
SetupDB
Syntax: SetupDB=setupweb.nsf
Description: Identifies the setup database for HTTP server setup mode.
This must always be setupweb.nsf. When this is included in NOTES.INI,
the administrator can start the server in HTTP server setup mode by
including the argument HTTPSetup when starting the server. If this
variable is missing, the server will not enter HTTP server setup mode.
Applies to: Servers
Default: None
UI equivalent: None
SetupServerAddress
Syntax: SetupServerAddress=address
Description: Identifies the address of the setup server. This can be either
a DNS name, or a telephone number (XPC or DUN) to connect to the
server. SetupServerAddress, together with SetupServerName, instruct
the Notes setup program to obtain setup information from the specified
server. If either variable is missing from NOTES.INI, the setup program
prompts the user for setup information.
Applies to: Workstations
Default: None
UI equivalent: None
SetupServerName
Syntax: SetupServerName=name
Description: Identifies the name of the setup server. SetupServerName,
together with SetupServerAddress, instructs the Notes setup program to
obtain setup information from the specified server. If either variable is
missing from NOTES.INI, the setup program prompts the user for setup
information.
Applies to: Workstations
Default: None
UI equivalent: None
NOTES.INI File C-99
Shared_Mail
Syntax: Shared_Mail=value
Description: Specifies whether the shared mail feature is used for new
mail delivered to this server:
0 - The shared mail feature is not used for new mail
1 - The shared mail feature is used for new mail delivered to this
server
2 - The shared mail feature is used for new mail delivered to this
server and for new mail transferred through this server
Applies to: Servers
Default: 0 (shared mail not used)
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
SMIME_Strong_Algorithm
Syntax: SMIME_Strong_Algorithm=value
Description: Specifies the encryption method for encrypting MIME
messages to recipients whose public keys are longer than 512 bits, but do
not have the special strong encryption flag in their certificates. Possible
values are:
RC2_40
RC2_56
RC2_64
RC2_80
RC2_128
RC5_5
RC5_7
RC5_10
RC5_16
DES
3DES
Reference
SMIME_Weak_Algorithm
Syntax: SMIME_Weak_Algorithm=value
Description: Specifies the encryption method for encrypting MIME
messages to recipients whose public keys are shorter than 512 bits.
Possible values are:
RC2_40
RC2_56
RC2_64
RC2_80
RC2_128
RC5_5
RC5_7
RC5_10
RC5_16
DES
3DES
Applies to: Workstations
Default: None
UI equivalent: None
SMTPAllHostsExternal
Syntax: SMTPAllHostsExternal=value
Description: Use this setting to determine whether all hosts should be
subject to the anti-spam controls specified for the server.
0 - Exempts internal hosts from anti-spam controls.
1 - Internal hosts included for anti-spam controls.
SMTP_Config_Update_Interval
Syntax: SMTP_Config_Update_Interval=number of minutes
Description: Determines how often (in minutes) Domino checks to
determine whether the user has updated SMTP configuration
information. You can change Configuration documents while servers are
running. For the change to take effect, the server must periodically check
the Configuration document for changes. If the server discovers a
change, it rereads all settings. This setting lets you change the servers
checking interval. A shorter time results in slightly higher overhead for
checking, but changes are noticed more quickly.
Applies to: Servers
Default: 2
UI equivalent: None
SMTPDebug
Syntax: SMTPDebug=value
Description: Controls the level of console logging performed by the
SMTP task.
0 - No logging
1 - Log errors
2 - Log Protocol commands
Applies to: Servers
Default: 0
UI equivalent: None
Reference
SMTPDebugIO
Syntax: SMTPDebugIO=value
Description: Enables the logging of all data received by the SMTP task:
0 - No logging
3 - Logs all data received by the SMTP task
Caution Use SMTPDebugIO only when necessary and disable it again
as soon as possible. It can cause the log file to grow very large, and logs
the contents of received messages.
Applies to: Servers
Default: 0
UI equivalent: None
SMTPExpandDNSBLStats
Syntax: SMTPExpandDNSBLStats=value
Description: Use this setting to generate DNS blacklist filter statistics for
each connecting host found in a DNS blacklist site.
0 - Host specific DNS blacklist filter statistics are not generated by
the SMTP server.
1 - SMTP server generates host specific DNS blacklist filter statistics
which indicate the total number of hits per DNSBL site, per
connecting hosts IP address.
Applies to: Servers
Default: In the absence of this setting, the SMTP task maintains statistics
that track the total number of connecting hosts that were found on the
combined DNSBL of all sites combined, as well as how many were found
on the DNSBL of each configured site.
UI equivalent: None
SMTPGreeting
Syntax: SMTPGreeting=string
Description: Specifies a text message sent to SMTP clients when they
connect to the SMTP server. The message must contain the string %s
which is replaced by the current date/time when the connection is made.
Applies to: Servers
Default: host-name ESMTP Service (Lotus Domino build-name) ready
at %s
UI equivalent: None
SMTPNotesPort
Syntax: SMTPNotesPort=port name
Description: Specifies the port for the SMTP service, where port name is the
name of the Domino port for TCP/IP. This is required for partitioned
servers, and single servers that have more than one TCP/IP port.
Applies to: Servers
Default: None
UI equivalent: None
For information on binding an Internet service to an IP address, see the
chapter Setting Up the Domino Network.
SMTPNoVersionInRcvdHdr
Syntax: SMTPNoVersionInRcvdHdr=port name
Description: Use this setting to prevent Domino server product
information from being disclosed in SMTP Received headers.
0 - Domino-generated SMTP Received header will contain Domino
server product information, which includes the server version.
1 - Domino-generated SMTP Received header will not contain
Domino server product information.
Applies to: Servers
Default: In the absence of this setting, Received headers added by the
Domino server will include product information such as the server version.
UI equivalent: None
C-104 Administering the Domino System, Volume 2
SMTPMTA_Space_Repl_Char
Syntax: SMTPMTA_Space_Repl_Char=character
Description: Specifies the character the SMTP MTA uses to replace
spaces in names. Choices are underline (_) or period (.). The following
restrictions apply to using periods as replacement characters:
Reference
SMTPMaxForRecipients
SMTPRelayAllowHostsandDomains
Syntax: SMTPRelayAllowHostsandDomains=value
Description: Forces servers to abide by Domino 5 rules to resolve
conflicts between Allow and Deny list entries in the SMTP inbound relay
controls.
0 - Entries in the Allow field of the SMTP inbound relay controls take
precedence over entries in the Deny fields when there is a conflict
between them. For example, given the following entries:
Field
Entry
xyz.com
relay.abc.com
SMTPSaveImportErrors
Syntax: SMTPSaveImportErrors=value
Description: Specifies whether mail message import errors are recorded,
as follows:
0 - No messages are recorded.
1 - When an arriving message fails to be written as a note in
MAIL.BOX, Domino writes the data stream to a temporary directory,
and logs the name of the file.
2 - All arriving messages have their data streams written to the
temporary directory.
SMTPStrict821AddressSyntax
Syntax: SMTPStrict821AddressSyntax=value
Description: Specifies whether the SMTP task requires addresses that
appear in MAIL FROM commands or RCPT TO commands be properly
formed according to the 821 standard (must contain <>):
0 - Does not enforce 821 standard
1 - Enforces 821 standard
Applies to: Servers
Default: 0
UI equivalent: None
SMTPStrict821LineSyntax
Syntax: SMTPStrict821LineSyntax=value
Description: Specifies whether the SMTP task requires all protocol text
be terminated by CRLF:
0 - 821 standard is not enforced (LF is accepted as a line terminator)
1 - 821 standard is enforced
Applies to: Servers
Default: 0
UI equivalent: None
Reference
Note This feature can use a great deal of disk space because the saved
messages continue to accumulate until you delete them. Also, the content
of the messages is accessible to anyone with the privileges to read files in
the temporary directory.
SMTPTimeoutMultiplier
Syntax: SMTPTimeoutMultiplier=value
Description: Multiplies the SMTP time-out wait value by the specified
number. Each SMTP protocol exchange has a time-out wait value. If the
client does not respond within the time-out period, the connection is
broken. You can increase the time-out period by specifying a multiplier
value. For example, a value of 2 doubles all time-out periods.
Applies to: Servers
Default: 1
UI equivalent: None
SSLCipherSpec
Syntax: SSLCipherSpec=value1value2value3...
Description: (SSL users only) Determines which SSL-compliant cipher to
use to encrypt files on the server. Specification numbers correspond to
the following ciphers:
Cipher specification value
Cipher
01
SSL_RSA_WITH_NULL_MD5
02
SSL_RSA_WITH_NULL_SHA
03
SSL_RSA_EXPORT_WITH_RC4_40_MD5
04
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
06
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
09
SSL_RSA_WITH_DES_CBC_SHA
0A
SSL_RSA_WITH_3DES_EDE_CBC_SHA
0B
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
0C
SSL_DH_anon_WITH_RC4_128_MD5
0D
SSL_DH_anon_WITH_DES_CBC_SHA
Default: None
UI equivalent: SSL ciphers field for each Internet protocol in the Ports Internet Ports of the Server document. The settings in this field are
overridden by the SSLCipherSpec NOTES.INI setting.
SSL_Resumable_Sessions
Syntax: SSL_Resumable_Sessions=number of sessions cached
Description: Specifies the number of resumable SSL sessions that will be
cached on the server. Setting this variable to 1 disables SSL session
resumption on the server.
Applies to: Servers
Default: 50
UI equivalent: None
SSL_Trace_KeyFileRead
Syntax: SSL_Trace_KeyFileRead=value
Description: Enables viewing of information on the current keyring in
use on a Domino server. To enable viewing, set SSL_Trace_KeyFileRead
to a value of 1. This enables viewing of protocols other than HTTP to see
if there is a valid keyring file present in the servers Server document or
Internet site documents from the server console.
Applies to: Servers
Default: None
UI equivalent: None
SwapPath
Syntax: SwapPath=location
Description: Specifies the location of the servers swap file. If this setting
exists in the NOTES.INI file, the Reporter or Collector server task uses
this location for the Server.Path.Swap statistic.
Applies to: Servers
NOTES.INI File C-109
Reference
Default: None
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
TCP_EnableIPV6
Syntax: TCP_EnableIPV6=value
Description: Use this setting to enable Domino for IPv6.
0 - disables the feature
1 - enables the feature
Applies to: Servers
Default: None, but in the absence of the setting, IPV6 is disabled.
UI equivalent: None
TCP/IPportname_PortMappingNN
Syntax: TCP/IPportname_PortMappingNN=CN=servername/
O=organization,IPaddress:TCP/IP portnumber
Description: Specifies the TCP/IP port number of each partitioned
server sharing the IP address of the port mapping server. TCP/IPportname
is the name of the TCP/IP port which is specified in the NOTES.INI file
by the settings Ports=TCPIP. This entry is only valid in the NOTES.INI
file of the port mapper server. NN is any number from 00, 01, 02, and so
on to 99; only 00 to 04 are currently supported. Numbers must be
assigned in ascending order as an invalid break in the number sequence
causes subsequent entries in the NOTES.INI file to be ignored.
For example:
TCP/IPportname
_PortMapping00=CN=Server1/O=ACME,192.94.222.169:13520
TCP/IPportname
_PortMapping01=CN=Server2/O=ACME,192.94.222.169:13521
TCP/IPportname
_PortMapping02=CN=Server3/O=ACME,192.94.222.169:13522
The last number is the port number assigned to each partitioned server.
This number must be an available number as specified in Assigned
Numbers RFC 1340.
C-110 Administering the Domino System, Volume 2
Reference
UI equivalent: None
TCP/IPportname_TCPIPAddress
Syntax: TCP/IPportname_TCPIPAddress=0,IPaddress:TCP/IP portnumber
Description: Defines the IP address and port number for a Domino
server. TCP/IPportname is the name of the TCP/IP port which is specified
in the NOTES.INI file by the setting Ports=TCPIP. For example:
TCP/IPportname_TCPIPAddress=0,192.94.222.169:1352
Applies to: Servers
Default: None
UI equivalent: None
Temp_Index_Max_Doc
Syntax: Temp_Index_Max_Doc=number of entries
Description: Specifies the maximum number of results (up to
2147483647) that can be retrieved at one timeby an agent running on a
serveron a database without any index. For example, specifying
Temp_Index_Max_Doc=10000
allows a single NotesDatabase or NotesDocumentCollection FTSearch
running on a server to return up to 10000 entries.
To use the Temp_Index_Max_Doc setting for an agent running on a
server, you must also use the FT_Max_Search_Results setting and specify
the same value, for example
FT_Max_Search_Results=10000
For information on the FT_Max_Search_Results setting, see the topic
FT_Max_Search_Results earlier in this chapter.
Applies to: Servers
Default: 5000
UI equivalent: None
TimeZone
Syntax: TimeZone=value
Description: Specifies the time zone for a server or workstation. Time
zones begin at Greenwich, England (0 = Greenwich Mean Time) and
move westward around the world. The time zones can be 15, 30, 45, or 60
minutes apart (not all zones are an hour apart). For example:
TimeZone=8
TimeZone=0
Specifies Pacific Standard Time (8) and Greenwich Mean Time (0).
Applies to: Servers and workstations
Default: Defined during the workstation or server Setup procedure.
UI equivalent: On a workstation, the Local time zone field in the
Location document; on a server, the Local time zone field in the Server
document.
Topology_WorkInterval
Syntax: Topology_WorkInterval=number of hours
Description: Use this setting to specify how often the Maps server add-in
task updates the topology map data in the Domino Directory. Once set, it
will refresh n hours after the maps add-in program is started, and every
n hours after that.
Note You should not use the setting to refresh too frequently, because
the map data is stored in your Domino Directory and updates are
replicated throughout the domain.
Applies to: Servers
Default: None, however the Topology maps task normally refreshes
topology information once a day, every night at 2 AM.
UI equivalent: None
Reference
TransLog_MaxSize
Syntax: TransLog_MaxSize=number of megabytes
Description: The maximum size, in MB, for the transaction log. A value
of at least 192 MB is recommended. If you dont specify a value, the
system determines a log size approximately three times the size of the
servers RAM.
Applies to: Servers
Default: None
UI equivalent: Maximum log space field in the Transactional Logging
tab of the Server document.
TransLog_Path
Syntax: TransLog_Path=path
Description: Specifies the path to the transaction log. The default
location is \logdir in the servers data directory. However, it is strongly
recommended to store the transaction log on a separate mirrored device,
such as a RAID level 0 or 1 device with a dedicated controller. If you
change this field and have an existing transaction log, you must use the
operating system to move all the log files to the new log path.
Applies to: Servers
Default: logdir in the servers data directory, for example c:\data\logdir
UI equivalent: Log path field in the Transactional Logging tab of the
Server document.
TransLog_Performance
Syntax: TransLog_Performance=value
Description: Specifies the trade-off between transactional log runtime
and restart recovery time, as follows:
1 - Favor runtime. The system stores more database changes in
memory writes fewer changes to the transaction log. Fewer writes to
disk improves server runtime.
2 - Standard (default)
TransLog_Status
Syntax: TransLog_Status=value
Description: Enables transaction logging for all Domino 5 databases on
the server, as follows:
0 - Transactional logging disabled
1 - Transactional logging enabled
You must upgrade databases to Domino 5 format before they can use
transaction logging.
Applies to: Servers
Default: 0
UI equivalent: Transactional logging field in the Transactional
Logging tab of the Server document.
TransLog_Style
Syntax: TransLog_Style=value
Description: Specifies the type of transaction logging. Options are as
follows:
0 - Circular (default). The system continuously reuses the extent log
files, overwriting old transactions.
1 - Archive. The system does not reuse extent log files and allows
you to use a backup utility to archive log files. This is recommended.
Applies to: Servers
Default: 0
UI equivalent: Logging style field in the Transactional Logging tab of
the Server document.
C-114 Administering the Domino System, Volume 2
Reference
TransLog_UseAll
Syntax: TransLog_UseAll=value
Description: Specifies whether or not to use all available disk space on
the log device, as follows:
0 - The system uses the default or specified value in
TransLog_MaxSize
1 - Use all available space on the disk for the transaction log extent.
This is recommended if you use a separate device dedicated to
storing the extent.
Applies to: Servers
Default: 0
UI equivalent: Use all available space on log device field in the
Transactional Logging tab of the Server document.
Update_No_BRP_Files
Syntax: Update_No_BRP_Files=value
Description: Determines whether or not the Fixup task creates BRP files.
When set to 1, the Fixup task will not create a BRP file when it encounters
an error in a view index.
Applies to: Servers
Default: None
UI equivalent: None
Update_No_Fulltext
Syntax: Update_No_Fulltext=value
Description: Turns off full-text indexing on a server.
0 - Turns full-text indexing on
1 - Turns full-text indexing off
Applies to: Servers
Default: None, although if this setting is omitted, full-text indexing is on.
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
NOTES.INI File C-115
Updaters
Syntax: Updaters=number of tasks
Description: Specifies the number of Update server tasks that can run
concurrently on the server. You must shut down and restart the server
for this setting to take effect.
Applies to: Servers
Default: None, although if this setting is omitted, only a single Update
task can run at a time.
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
Update_Suppression_Limit
Syntax: Update_Suppression_Limit=value
Description: Overrides the NOTES.INI Update_Suppression_Time
setting if a certain number of duplicate requests to update indexes and
views are received.
Applies to: Servers
Default: None
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
Update_Suppression_Time
Syntax: Update_Suppression_Time=number of minutes
Description: Specifies the delay time between full-text index and view
updates, even if immediate indexing is scheduled as a server task.
Applies to: Servers
Default: 5
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
UseFontMapper
Syntax: UseFontMapper=value
Description: Determines whether the font mapper is used to guess the
closest mappings between the font face name in a CGM metafile and the
currently installed fonts on a Notes workstation.
1 - Enables the font mapper
0 - Disables the font mapper
Applies to: Servers and workstations
Default: 1
UI equivalent: None
Reference
UpgradeApps
ViewExpnumber
Syntax: ViewExpnumber=value1, value2...
Description: Specifies parameters to be used by file exports done at the
view level.
Parameter
Enter
value1
value2
value3
value4
value5 - x
ViewImpnumber
Syntax: ViewImpnumber=value1, value2...
Description: Specifies parameters to be used by file imports done at the
view level.
Parameter Enter
value1
value2
value3
value4
value5 - x
Reference
View_Rebuild_Dir
Syntax: View_Rebuild_Dir=path
Description: Specifies the directory where temporary files will be created
for optimized view rebuilds.
For example, to set the directory to my_view_rebuild_directory, enter the
following line in the NOTES.INI file:
View_Rebuild_Dir=c:\my_view_rebuild_directory
WebAuth_Verbose_Trace
Syntax: WebAuth_Verbose_Trace=value
Description: Use this setting to troubleshoot problems with Web server
user authentication and Web server group searches for database access
verification. With the setting enabled, a Domino Web server records
detailed information about specific Web user authentication sessions at
the server console. Information includes authentication success or failure,
group cache information used to verify Web users membership in
groups for database access control, and the search filters used to find
user and group entries in an LDAP directory.
0 - Disabled
1 - Enabled
Note After you correct the problem, be sure to disable this feature (or
remove the setting altogether), because it slows Web server performance.
Applies to: Servers
Default: None
UI equivalent: None
WebSess_Verbose_Trace
Syntax: WebSess_Verbose_Trace=value
Description: This setting should be used to troubleshoot both single
server and multi-server (as in single sign-on) session-based
authentication problems. When enabled, the setting allows a Domino
Web server to record, at the server console, detailed information about
specific Web session-based authentication sessions, such as
unauthorized, unauthenticated, or session expiration information.
0 - Disabled
1 - Enabled
Note After you correct the problem, be sure to disable this feature (or
remove the setting altogether), because it slows Web server performance.
Applies to: Servers
Default: None
UI equivalent: None
Window_Title
Syntax: Window_Title=text
Description: Uses the specified text on the title bar.
Applies to: Servers and workstations
Default: None
UI equivalent: None
WinInfoboxPos
Syntax: WinInfoboxPos=value1, value2
Description: Determines the position of the InfoBox.
Applies to: Workstations
Default: 85, 193
UI equivalent: None
Reference
WinSysFontnumber
Syntax: WinSysFontnumber=value1, value2, value3
Description: All CGM metafiles contain numeric font identifiers 1
through x, where x is the maximum number of fonts in an optional CGM
font face name table. When the font mapper is disabled, these lines list
the installed Windows system fonts to which the CGM font numbers are
mapped.
Applies to: Workstations
Default: None
UI equivalent: None
XPC_Console
Syntax: XPC_Console=value
Description: Displays the XPC console, which shows modem
input/output (if logged).
1 - Displays the console
0 - Hides the console
Applies to: Servers and workstations
Default: 0
UI equivalent: None
Reference
Appendix D
System and Application Templates
This appendix describes all system and application templates.
Template name
Purpose
Administration
Requests (6)
ADMIN4.NTF
StdR4Admin
Requests
Agent Log
ALOG4.NTF
StdR4AgentLog
Billing
BILLING.NTF
StdR4Billing
Bookmarks (6)
BOOKMARK.NTF
Bookmarks
Template name
Purpose
Catalog (6)
CATALOG6.NTF
StdNotesCatalog
Certificate
Requests (6)
CERTREQ.NTF
StdCertificate
Requests
Certification Log
CERTLOG.NTF
StdNotes
CertificationLog
StdR4Cluster
Analysis
STDR4Cluster
Directory
Database Analysis
DBA4.NTF
StdR4DBAnalysis
Database Library
DBLIB4.NTF
DECS Administrator
Template
DECSADM.NTF
DECS
Administrator
Template
Design Synopsis
DSGNSYN.NTF
DesignSynopsis
Directory
Assistance (6)
DA50.NTF
Template name
Purpose
Directory Catalog
DIRCAT5.NTF
Lightweight
Directory
StdR50Disc
DOLS Resource
Template
DOLRES.NTF
DOLS Resource
Template 1.0
Domino
Administrator (6)
DOMADMIN.NTF
Domino Certificate
Authority (6)
CCA50.NTF
StdNotes50SSL
Auth
Domino Certificate
Publication
Requests (6)
CERTPUB.NTF
StdCertPub
Requests
Domino Change
Control (6)
DOMCHANGE.NTF
DominoChange
Control
Reference
Template name
Purpose
Domino Directory
PUBNAMES.NTF
StdR4Public
AddressBook
Domino Directory
Cache (6)
DBDIRMAN.NTF
StdDbDirMan
Domino LDAP
Schema (6)
SCHEMA.NTF
StdDominoLDAP
Schema
Domino Web
Administrator (6)
WEBADMIN.NTF
StdWebAdmin
Database
StdR5Domino
WebServer
Configuration
Domino Web
Server Log
Template
ExtR6Mail
Template name
Purpose
Health Monitoring
DOMMON.NTF
Issued Certificates
List (6)
ICL.NTF
Local Document
Cache
CACHE.NTF
NotesDocCache
BusyTime
Lotus SmartSuite
Library (6)
DOCLBS6.NTF
StdSmartSuiteR6
DocLib
Mail Router
Mailbox (6)
MAILBOX.NTF
StdNotesMailbox
Mail (IMAP)
IMAPCL5.NTF
StdR50IMail
Mail (R6)
MAIL6.NTF
StdR56Mail
Reference
Template name
Purpose
Message Tracking
Reports (6)
REPORTS.NTF
StdReports
Database
Microsoft Office
Library (6)
DOCLBM6.NTF
StdR46DocLibMS
Monitoring
Configuration (6)
EVENTS4.NTF
StdR5Events
StdR60NNTP
Client
NNTP Cross-Post
NNTPPOST.NTF
StdR46NNTP
PostBox
StdNotesLog
Notes Log
Analysis (6)
LOGA4.NTF
Template name
Purpose
Personal Address
Book
PERNAMES.NTF
StdR4Personal
AddressBook
Personal Web
Navigator (6)
PERWEB50.NTF
StdR50Personal
WebNavigator
Phonebook (6)
PHONEBOOK.NTF
StdPhonebook
Resource
Reservations (6)
RESRC60.NTF
StdR60Resource
Reservation
Server Certificate
Admin
CSRV50.NTF
StdNotes50SSL
Admin
Server.Planner:
Analyst
DSPA.NTF
Server.Planner:
Analyst
continued
System and Application Templates D-7
Reference
Template name
Purpose
Server.Planner:
Decision Maker
DSPD.NTF
Server.Planner:
Decision Maker
Server.Planner:
Vendor
DSPV.NTF
Server.Planner:
Vendor
Smart Upgrade
Kits (6)
smupgrade.ntf
StdNotesKits
Subscriptions (6)
HEADLINE.NTF
TeamRoom (6)
TEAMRM6.NTF
StdR6TeamRoom
User Registration
Queue (6)
USERREG.NTF
Reference
Appendix E
Customizing the Domino Directory
This appendix describes how to customize the Domino Directory
template, which controls the appearance and functionality of the Domino
Directory. Because the Domino Directory controls the operation of the
Domino system, follow the instructions in this appendix exactly to ensure
that the system continues to operate successfully.
E-1
Reference
If a default form to which you want to add fields does not have a
corresponding $xxxExtensibleSchema subform, insert the subform you
create directly into the form. In this case, you must insert the subform
into the form again after you upgrade to a new version of the default
Domino Directory template. When you insert a new subform directly
into a default form, choose the Design property Prohibit design refresh
or replace to modify.
5. Click Template Server and select a server that stores the default
Domino Directory template (PUBNAMES.NTF).
6. Click Show advanced templates.
7. Choose Domino Directory (PUBNAMES.NTF) from the list of
templates.
8. Ensure that the Inherit future design changes field is checked.
Then when a new version of the default Domino Directory template
becomes available, ACMENAMES.NTF will inherit the design
changes.
9. Click OK. Acmes Domino Directory template is now open.
10. Choose File - Database - Properties, and then click the Design tab
(fourth tab from the left).
11. Choose Database file is a master template, and then in the
Template name field, enter the template name:
StdAcmeDominoDirectory
Reference
To add schema elements to the Domino LDAP schema, you can create
forms and subforms in the Domino Directory, or you can use the Domino
LDAP Schema database (SCHEMA.NSF). Using the Schema database is
the preferred method for extending the schema. Use the Domino
Directory to extend the schema only if Notes or Web users require access
to the entries created from the new schema elements through documents
in the directory. If only LDAP access to entries defined by the new
schema elements is required, instead use the Domino LDAP Schema
database to extend the schema.
Note You must use a Lotus Domino Designer 6 client when using the
Domino Directory to extend the schema.
For more information on the LDAP schema as well as guidelines and
methods for extending the schema, see the chapter Managing the LDAP
Schema.
You can use the Domino Directory to:
Create an auxiliary object class to define the new attributes, and then
add the auxiliary object class to the default object class
Create a new structural object class with the new attributes, and then
configure the new object class to inherit from the default object class
Reference
schema. For example, to create a form to hold values for entries defined
by the residentialPerson object class, follow the steps described in the
procedure Using the Domino Directory to create a new LDAP structural
object class. In this case you are not using the form to define an object
class the object class is already defined in the LSCHEMA.LDIF file.
Instead youre using the form so that entries defined by the object class
are visible in documents. If you do this, make sure to define the schema
elements exactly as the Domino LDAP Schema database (SCHEMA.NSF)
shows them to be defined. Defining them differently can cause you to
define new schema elements, rather than simply allowing the default
schema elements to be visible in documents.
Form:
acmePrinter
Subform:
$acmePrinterInheritableSchema
(Attributes a, b, c)
Subform:
$acmePrinterExtensibleSchema
The first step in using the Domino Directory to create a new LDAP
structural object class is creating a form as follows:
1. Make sure that you are working in a copy of the Domino Directory
template (ACMENAMES.NTF) and that you have at least Designer
or Manager access in the ACL.
2. From the Domino Designer, open ACMENAMES.NTF.
3. Do the following to copy the contents of the (LDAP country) form
into a new form:
Note Do not select the (LDAP country) form and use copy and paste
to copy it.
a. In the left pane, select Forms.
b. Open the (LDAP country) form, choose Edit - Select All, then
Edit - Copy.
c. Close the (LDAP country) form.
d. Click New Form, and choose choose Edit - Paste.
Customizing the Domino Directory E-9
Reference
4. With the new form open, delete the words LDAP Country at the top
of the new form, and replace them with a label describing the new
type of entry for example, Acme Printer:
Reference
Reference
d. Leave the other properties the same, and close the Subform
Properties box.
e. Save and close the new ExtensibleSchema subform.
6. Do the following to insert the new ExtensibleSchema subform into
the InheritableSchema subform:
a. With Subforms still selected, open the InheritableSchema
subform you created previously, for example
$acmePrinterInheritableSchema.
b. On the Extensible tab choose Create - Resource - Insert Subform.
c. Select the ExtensibleSchema subform you created for example
$acmePrinterExtensibleSchema
d. Click OK.
7. Save and close the InheritableSchema subform.
8. Complete the procedure Using the Domino Directory to create an
LDAP auxiliary object class.
Reference
Subform:
$acmePrinterInheritableSchema
(Attributes d, e, f)
You can also configure a new structural object class to inherit from a
default object class in the schema that is defined by a form.
1. Make sure that you are working in a copy of the Domino Directory
template (ACMENAMES.NTF) and that you have Designer or
Manager access in the ACL.
2. From the Domino Designer, open ACMENAMES.NTF.
3. In the left pane, select Shared Code and then Subforms.
4. Open the $xxxInheritableSchema subform for the subordinate object
class. For example, if you want the acmeLaserPrinter object class to
inherit from the acmePrinter object class, open the
$acmeLaserPrinterInheritableSchema subform.
5. Click the Inheritable tab, and do the following:
a. Choose Create - Resource - Insert Subform.
b. Select the InheritableSchema subform for the superior object
class. For example, select the $acmePrinterInheritableSchema
subform if you want the acmeLaserPrinter object class to inherit
from the acmePrinter object class.
c. Click OK.
6. Save and close the InheritableSchema subform for the subordinate
object class.
The preferred method for extending the LDAP schema is to use the
Domino LDAP Schema database. Use the Domino Directory to extend
the schema only if Notes or Web users require access to the new schema
elements through documents in the directory.
Creating a subform to define an auxiliary object class
1. Make sure that you are working in a copy of the Domino Directory
template (ACMENAMES.NTF) and that you have Designer or
Manager access in the ACL.
2. From the Domino Designer, open ACMENAMES.NTF.
3. In the left pane, select Shared Code and then Subforms.
4. Click New Subform.
5. Do the following to specify the properties for the new subform:
a. With the new subform open, choose Design - Subform Properties.
b. Next to the Name property, enter a name for the auxiliary object
class for example, building.
c. Keep the Options property Include in Insert Subform... dialog
selected.
d. Deselect the Options property Render pass through HTML in
Notes.
Reference
e. Leave the other properties the same, and close the Subform
Properties box.
f. Save and close the new subform.
6. Do the following to add a field to define the auxiliary object class:
a. Choose Create - Field.
b. Next to Name on the Basics tab of the Field dialog box, specify
any name, but precede the name with a dollar sign ($) to indicate
that the field is an operational field for example: $building.
c. Next to Text on the Basics tab of the Field dialog box, select
Computed when composed.
d. Specify the formula for the field in the pane below as follows:
FIELD $objectclass := $objectclass : subform;1
Where subform is the name of the subform you specified in step 5
for example:
FIELD $objectclass := $objectclass : building;1
dominoPerson
$PersonExtensibleSchema
dominoGroup
$GroupExtensibleSchema
dominoOrganization,
dominoOrganizationalUnit, and
dominoInternetCertifier
$CertifierExtensibleSchema
dominoServerResource
$ResourceExtensibleSchema
locality
$LocalityExtensibleSchema
organization
$organizationExtensibleSchema
organizationalUnit
$organizationUnitExtensibleSchema
a structural object class defined in the The form used to define the object
default schema that doesnt have a
class
corresponding $xxxExtensibleSchema
subform
a structural object class you defined
in the Domino Directory
$xxxExtensibleSchema
Where xxx is the name of the new
structural object class
Reference
Text
Directory string
Date/Time
Generalized time
Number
Integer
Names
Distinguished name
Reference
Repeat Step 1 for each form that came with the Domino Directory
and in which you hid sections.
2. Open ACMENAMES.NTF, choose File - Database - Refresh design,
select a server that has a new version of the default Domino
Directory template (PUBNAMES.NTF), and click OK.
3. If you created subforms to customize forms, re-insert the subforms
into the appropriate forms in ACMENAMES.NTF. If you customized
built-in subforms for Person, Group, or Server\Certifier forms, you
do not need to complete this step.
4. To hide a section of one of the forms that comes with the Domino
Directory, do the following in ACMENAMES.NTF:
a. Select the section in the form, choose Text - Text Properties, click
the Hide tab (the fifth tab from the left), select hide options, and
then save the form. LDAP ignores any hide selections.
b. Choose File - Document Properties, click the Design tab, and then
select Prohibit design refresh or replace to modify.
5. For each view in ACMENAMES.NTF that came with the Domino
Directory and that you customized, choose File - Document
Properties, click the Design tab, and then select Prohibit design
refresh or replace to modify.
6. If you previously customized a visible view that came with the
Domino Directory, in ACMENAMES.NTF do one of the following to
restore the customizations:
If you made changes directly to the view, re-create the changes.
If you made changes to a copy of the view, open the original view,
choose Design - View Properties, click the i tab, deselect Show in
View menu, then save the original view. Then, select the original
view, choose File - Document Properties, click the Design tab, and
choose Prohibit design refresh or replace to modify.
Reference
receive all design changes from the new version of the Domino
Directory template.
Reference
Appendix F
Administration Process Requests
This appendix contains administration requests with the detailed
processes that occur for each request, flowcharts for several
administration requests, as well as timing and scheduling information for
administration requests.
Create replica
Create a Roaming User
Delegate mail file
Delegate mail file on administration server
Delegate Web mail file
Delete database
Delete group in Domino Directory
Delete hosted organization
Delete person in Domino Directory
Delete Policy in Domino Directory
Delete resource
Delete roaming user
Delete server name in Domino Directory
Downgrade user from Roaming to Non-Roaming user
Find name in domain
Maintain Trends database record
Modify CA Configuration in the Domino Directory
Modify ID recovery information in Domino Directory
Modify resource
Modify user information stored in the Domino Directory
Move database from a cluster server
Move database from a non-cluster server
Move a mail file from one server to another
Move roaming user to another server
Place servers Notes build number into Server record
Recertify Certificate Authority in Domino Directory
Recertify servers
Recertify users
Register hosted organization
Remove servers from cluster
F-2 Administering the Domino System, Volume 2
Reference
Rename group
Rename person
Rename person - name change refused
Request to create ISpy database
Retract database
Set Directory Assistance field
Set directory filename
Set password fields
Set user name and enable schedule agent
Set Web admin fields
Set Web user name and enable scheduled agent
Sign database with servers ID file
Store CA Policy Information in the Domino Directory
Store certificate in Domino or LDAP Directory
Store Certificate Revocation List in Domino or LDAP Directory
Store directory type in Server record
Store servers CPU count
Store servers DNS host name
Update client information in Person Record
Update external domain information
Update domain catalog configuration
Update license tracking information in Domino Directory
Update roaming user information in Person record
Update non-roaming user to roaming user
Update server protocol information
Upgrade server to hierarchical
Web set Soft Deletion Expire Time
Reference
Add Resource
Reference
Create replica
You can create a database replica using the Administration Process by
selecting a database and then choosing Database - Create Replica from
the tools pane in the Domino Administrator.
Check access
Triggered by: Initiating the command from the Domino
Administrator.
Carried out on: The server that contains the database being
replicated.
Carried out: Immediately
Result: The Administration Process on the source server checks that
the user submitting the request and the destination server have at
least Reader access in the ACL of the database. If the user and
destination server have the necessary access and if a Connection
document between the source and destination server exists, the
Administration Process generates a Create replica request in the
Administration Requests database of the source server.
Create replica
To populate the replica, the user submitting the request and the source
server must have Create Replica access to the destination server.
Triggered by: Successful completion of the Check Access
administration request.
Carried out on: The destination server for the database.
Carried out: Immediately
Result: A new replica of the database is placed on the destination
server. The database is populated during the next replication.
You create a roaming user during the user registration process. During
the user registration process for a roaming user, the administration
process generates the administration request Create a Roaming Users
Roaming Files three times in order to create the following three files:
journal.nsf
bookmark.nsf
names.nsf
Reference
Result: Modifies the ACL for the mail file on the server for that
database. New mail preferences are set by the user on the users mail
file.
Delete Database
You can delete (retract) a database and, optionally, delete all replicas of
the database. From the Domino Administrator, choose Files and select
the database you are deleting, and then choose Files - Delete. You are
prompted to verify that you do want to delete the selected file(s) and
presented with a check box in which to indicate whether you want to
delete all replicas. Click the check box to delete all replicas of those
databases.
Delete Replica
Triggered by: Completion of the Request Replica Deletion request.
Carried out on: Server on which the database exists.
Carried out: According to the Interval setting in the
Administration Process section of the Server document.
Result: The replica is deleted.
Reference
Yes
Delete
from Domino Directory
immediately?
Delete in
Address Book
Delete in
Access Control List
1 Hour
1 Hour
Delete in
Reader/Author
Fields
Weekly
No
Delete in
Access Control
List
1 Hour
Delete in
Person
Documents
Daily
Delete in
Reader/Author
Fields
Weekly
Timing
Interval
Interval
Start executing on
Start executing at
Reference
Reference
Delete
from Domino Directory
immediately?
Yes
No
Delete in
Address Book
Delete in
Access Control List
1 Hour
1 Hour
No
Delete in
Reader/Author
Fields
Delete
mail file?
Weekly
Yes
Delete in
Person
Documents
Delete in
Access Control
List
1 Hour
Daily
End
Delete
mail file?
Yes
Get Information
for Replica
Deletion?
Yes
Delete
replicas
Delete
mailfile, person
record, and all
replicas?
No
Yes
End
Delete in
Reader/Author
Fields
Get Information for
Deletion
Immediately
No
End
Weekly, Daily,
or Combination
Approve Deletion
of Private Design
Elements
Approve File
Deletion
Upon Administrator Approval
Request to Delete
Private Design
Elements
Request File
Deletion
Immediately
Delete Mail File
Delete Private
Design Elements
1 Hour
Yes
Does mail
file use
shared mail?
No
Delete Unlinked
Mail File
2 Weeks
No
Delete
replicas of
mail file?
Yes
End
Reference
Reference
doesnt use shared mail, the Administration Process deletes the file.
If the file does use shared mail, then the Administration Process
purges the links to the shared mail database, disables replication,
and creates a Delete unlinked mail file request.
Note If the person requesting the delete action chose to delete all
replicas of a mail file, then a Get File Information for Deletion request
is created and processed by all servers in the domain. This request is
posted after completion of the Delete mail file request or the Delete
unlinked mail file request. For each replica of the mail file found on
servers in the domain, the Approve file deletion, Request file
deletion, and Delete mail file request sequence occurs again.
Timing for deleting user names
Request
Timing
Interval
Interval
Start executing on
Start executing at
Immediate
Interval
Interval
Result: Removes all references to the explicit policy form all users
Person documents.
Delete resource
Approve resource delete
Triggered by: Performing a Delete Resource action in the Resource
Reservations database.
Carried out on: Any server.
Carried out: According to administrators approval.
Result: If you approve the request, the administration process
creates a Remove Resource administration request.
Delete resource
Triggered by: Approval of the Approve resource delete request.
Carried out on: The administration server of the Domino Directory.
Carried out: Immediately
Result: Removes the mail-in database resource for the Resource from
the Domino Directory.
Reference
Reference
Reference
Delete Replica
This request is generated three times, once for each of these files:
names.nsf, journal.nsf, and bookmark.nsf.
Yes
Delete
from Domino Directory
immediately?
Delete in
Address Book
Delete in
Access Control List
1 Hour
1 Hour
Delete in
Reader/Author
Fields
Weekly
No
Delete in
Access Control
List
1 Hour
Delete in
Person
Documents
Daily
Delete in
Reader/Author
Fields
Weekly
Reference
Timing
Interval
Interval
Start executing on
Start executing at
Reference
For more information on the Tivoli Analyzer, see the chapter Using IBM
Tivolio Analyzer for Lotus Domino.
Reference
Modify resource
Result: Checks for a Connection document between the old and new
mail file servers, and sets up the ACLs so that the old and new
servers have Manager access. If it is the administration server of the
mail file, posts the Create new mail replica request. If it is not the
administration server for the mail file, posts a Promote new mail
servers access administration request.
Verify hosted organization storage
Triggered by: Successful completion of the Check mail servers
access request or the Promote new mail servers access request.
Carried out on: Destination server.
Carried out: Immediately
Result: Verifies whether the destination server hosts the hosted
organization to which the user belongs. Generated the Create new
mail replica request.
Promote new mail servers access
Triggered by: Execution of a Check mail servers access
administration request. The home server is not the administration
server of the mail file.
Carried out on: The administration server of the mail file.
Carried out: Immediately
Result: Set up the ACLs so that the old and new mail servers are
listed as having Manager access. Posts a Create new mail file
replica administration request.
Create new mail file replica
Triggered by: Successful processing of the Check mail servers
access administration request.
Carried out on: Home server for the mail file as designated in the
Person document.
Carried out: Immediately
Result: Creates a replica copy of the old mail file on the new mail
server. If Tivoli Analyzer is not running on the source server, posts
the Add new mail file fields request. If Tivoli Analyzer is running
on the source servers, posts the Maintain Trends database record
request on the source server.
Reference
Carried out on: The administration server for the Domino Directory.
Carried out: According to the Interval setting in the
Administration Process section of the Server document.
Result: Posts the Delete mail file administration request.
Delete mail file
Triggered by: Completion of the Request file deletion
administration request.
Carried out on: The original home mail server.
Carried out: According to the Interval setting in the
Administration Process section of the Server document.
Result: The old mail file is deleted from the original home mail
server.
Delete unlinked mail file
Triggered by: Completion of the Delete mail file request for a mail
file that uses shared mail.
Carried out on: The home mail server.
Carried out: According to the Interval between purging mail file
and deleting when using object store setting for the Administration
Process in the Server document.
Result: The Administration Process deletes the mail file after waiting
a period of time. This delay provides time for the Object Collect task
to purge any obsolete messages.
Delete obsolete change request
Triggered by: Expiration of the period in which the clients personal
Domino Directory will be modified with the new mail servers
information. You can use the Mail file Names expired after field in
the Administration Process section of the home servers Server
document to change the expiration period.
Carried out on: The administration server for the Domino Directory.
Carried out: According to the Execute once a day requests at
setting for the Administration Process in the Server document.
Result: New mail client update flag field is removed from the Person
document.
Reference
Timing
Immediate
Immediate
Immediate
Immediate
Immediate
Interval
Administrators discretion
Interval
Interval
Interval
Daily
Reference
Timing
Immediate
Move replica
Immediate
Interval
Interval
Non-Cluster
Move Replica
Immediately
Approve Deletion
of Moved Replica
Request to Delete
Non-Cluster
Move Replica
Delete Non-Cluster
Move Replica
Reference
Timing
Immediate
Immediate
Interval
Interval
Reference
Reference
Reference
Recertify servers
Triggered by: Initiating the Recertify Server command from the
Actions menu.
Carried out on: The administration server for the Domino Directory.
Carried out: According to the Interval setting in the
Administration Process section of the Server document.
Result: The servers public key is updated, and the Server document
is updated with the new public key.
Administration Process Requests F-47
Reference
Recertifying users
Triggered by: Initiating a Recertify Person action from the tools pane
in the Domino Administrator.
Carried out on: The administration server for the Domino Directory.
Carried out: According to the Interval setting in the
Administration Process section of the Server document.
Result: Updates the users certified public key, and updates the
users ID file during the authentication process.
Reference
Rename group
You can rename a group using the Administration Process by performing
a Rename Group action from the Domino Administrator or by choosing
Groups - Edit from the tools pane. The following flowchart shows the
sequence of Administration Process requests that occur when you do
this. (Boxes indicate requests). The timing shown for each request is the
default, which you can customize through the Server Tasks Administration Process tab on the Server document.
Choose "Actions: Rename
Group"
Rename Group in
Address Book
1 Hour
Rename Group
in Access
Control List
1 Hour
Rename Group
in Person
Documents
Daily
Rename Group
in Reader/
Author Fields
Weekly
Timing
Interval
Interval
Start executing on
Start executing at
Rename person
You can rename a user with the Administration Process by choosing
People - Rename from the tools pane of the Domino Administrator. The
following flowchart shows the sequence of Administration Process
requests that occur when you rename a person in the Domino Directory.
(Boxes represent requests.) The timing shown for each request is the
default, which you can customize through the Server Tasks Administration Process section of the Server document.
Reference
Initiate Rename in
Address Book
1 Hour
Change Request
Expires
No
Person accepts
new name before
change request
expires?
End
Yes
Delete Obsolete
Change
Requests
Daily
Rename Person
in Address Book
1 Hour
Rename in Access
Control List
Rename in Person
Documents
1 Hour
Daily
Rename in
Reader/Author
Fields
Weekly
Rename Person in
Free Time
Database
Immediately
Rename Person in
Calendar Entries and
Profiles in Mail File
Immediately
For information on renaming a Web user, see the topic Rename Web
user in this appendix.
For information on the administration requests that are generated when a
user refuses a proposed name change, see the topic Rename person Name change refused.
Carried out on: The server from which you choose Actions Complete Move.
Carried out: When you choose Actions - Complete Move, in the
Name Move Requests view of the Administration Requests database,
to move a persons name to another hierarchy.
Result: Approves the move and triggers the Initiate rename in
Domino Directory request.
Initiate rename in Domino Directory
Triggered by: Choosing a rename action.
Carried out on: The administration server for the Domino Directory.
Carried out: According to the Interval setting for the
Administration Process in the Server document.
Result: Adds the new name, certificate, and change request to the
Person document. Prompts the person to accept the new name upon
next server authentication.
Rename person in Domino Directory
Triggered by: Person accessing a server and accepting the new name.
Carried out on: The administration server for the Domino Directory.
Carried out: According to the Interval setting for the
Administration Process in the Server document.
Result: Updates the persons name in the Domino Directory
except for Person documents. Posts the Rename in Person
documents and the Rename person in Unread Lists
administration requests.
Rename in Person documents
Triggered by: Completion of the Rename person in Domino
Directory request.
Carried out on: The administration server for the Domino Directory.
Carried out: According to the Execute once a day requests at
setting for the Administration Process in the Server document.
Result: Updates the name in Domino Directory Person documents.
Reference
Timing
Interval
Interval
Interval
Immediate
Immediate
continued
Reference
Request
Timing
Start Executing On
Start Executing At
Carried out on: The administration server for the Domino Directory.
Carried out: Immediately
Result: Removes the new information from the Person document
and recovers the users information and updates the Person
document.
Reinitiate rename in Domino Directory
Triggered by: The administrator rejecting the name change refusal.
Carried out on: The administration server for the Domino Directory.
Carried out: Immediately
Result: Posts an Initiate rename in Domino Directory request. The
user is again notified of the proposed name change.
Reference
Reference
Result: The Web users name is changed in their mail files Calendar
Profile and appointment documents. If the Web users common
name was changed and the common name is in the title of the mail
file, the mail file title changes to reflect the new name. If the Web
user is the chair person of any future meetings, the name is
changed in those appointment documents.
The Set user name and enable schedule agent request is generated
when a user with Editor access to their mail file sets the Out of Office
agent.
Triggered by: From Notes client mail file, choose Tools - Out of Office.
Carried out on: The server that the mail client is running on when
the user performs the action to enable the agent.
Carried out: Immediately
Result: Activates the Out of Office agent for the user whose mail file
was active when the agent was set.
Reference
Reference
Reference
Carried out on: The administration server for the Domino Directory.
Carried out: Immediately
Result: Updates the Personal Address Book field, Bookmarks
filename, and Journal filename fields on the users Person document
in the Domino Directory. Generates the Monitor roaming users
replica stubs request.
Monitor roaming users replica stubs
Triggered by: Successful completion of the Update roaming user
information in Person record request.
Carried out on: The users roaming server.
Carried out: Immediately
Result: Recognizes when replication occurs, and then generates the
Update roaming user state in Person document request.
Update roaming user state in Person document
Triggered by: Successful completion of the Monitor roaming users
replica stub request. Successful replication of the roaming files to
the roaming server.
Carried out on: On the administration server of the Domino
Directory.
Carried out: Immediately
Result: The User can roam field on the Roaming tab of the users
Person document is updated from In Progress to Yes.
Reference
Initiate Rename in
Address Book
1 Hour
Change Request
Expires
Server updates
its ID before
change request
expires?
No
Delete Obsolete
Change Requests
Yes
End
Daily
Rename Server in
Address Book
1 Hour
Rename in Access
Control List
1 Hour
Rename in Person
Documents
Daily
Rename in
Reader/Author
Fields
Weekly
Reference
Timing
Interval
Interval
Interval
Start executing on
Start executing at
Reference
Get file information for delete (only if deleting the mail file)
Triggered by: Completion of the Delete in Access Control List
request on the administration server for the Domino Directory (if you
chose to immediately delete all occurrences of the name) or
completion of the Delete in Domino Directory request (if you chose
to delay deleting the name from the Domino Directory). You must
also have specified to delete the mail file in which you chose to delete
the person.
Carried out on: The deleted persons home server.
Carried out: Immediately
Result: The persons home server creates an Approve file deletion
request which provides information about the mail file. This appears
in the Pending Administrator Approval view of the Administration
Requests database.
Approve file deletion (only if deleting the mail file)
Triggered by: Completion of the Get file information for delete
request.
Carried out on: The server on which you approve the request.
Carried out: When you manually approve or reject the request.
Result: If you approve the request, the Administration Process
creates a Request file deletion request.
Request file deletion (only if deleting the mail file)
Triggered by: Approving the Approve file deletion request.
Carried out on: The administration server for the Domino Directory.
Carried out: Immediately
Result: Posts a Delete mail file request.
Delete in Reader / Author fields
Triggered by: Completion of a Delete in Access Control List
request on the administration server for the Domino Directory (if you
chose to immediately delete occurrences of the name from the
Domino Directory) or completion of a Delete in Person documents
request (if you chose to delay deletion of the name from the Domino
Directory).
Carried out on: Each server in the domain.
Carried out: According to the Delayed Request settings for the
Administration Process in the Server document.
Result: Each server in the domain deletes the name from
Reader/Author fields of databases for which it is an administration
server and that have the advanced ACL option Modify all
F-72 Administering the Domino System, Volume 2
Reference
Carried out on: Any server on which you approve the request.
Carried out: According to the administrators discretion.
Result: Post a Delete person in Domino Directory administration
request.
Delete person in Domino Directory (only if a matching flat user
name is found)
Triggered by: Administrator approving the Approve delete person
in Domino Directory administration request.
Carried out on: The administration server for the Domino Directory.
Carried out: According to the Interval setting in the
Administration Process section of the Server document.
Result: The Administration Process removes the name from the
Domino Directory, except from other peoples Person documents,
and posts the Delete in Person documents request. If you have
created a termination group and set up the administration process
to add deleted users to that group, the name is added to the
Terminations group.
Delete person in Person documents
Triggered by: Completion of a Delete person in Domino Directory
request.
Carried out on: The administration server for the Domino Directory.
Carried out: According to the Execute once a day requests at
setting for the Administration Process in the Server document.
Result: The Administration Process removes the name from other
peoples Person documents in the Domino Directory.
Delete in Access Control Lists
Triggered by: Completion of the Delete person in Domino
Directory request.
Carried out on: Each server in the domain.
Carried out: According to the Interval setting for the
Administration Process in the Server document.
Result: Each server in the domain deletes the name from the ACLs of
databases for which it is an administration server.
Reference
Source domain
No
End
Check
access for
new replica
creation
Yes
request is
mailed
Create
Replica
Reference
Reference
For details on the above processes, see the processes documented above.
Reference
Reference
Reference
Reference
Reference
For more information on the Check access for new replica creation
request, see Create Replica - Cross domain administration request in
this appendix.
Reference
Reference
Appendix G
Novell Directory Service for the IPX/SPX Network
Domino servers and Notes workstations support Novell Directory
Service (NDS) with IPX/SPX.
G-1
Description
Server Name
Network Address IPX address: network address: node address: socket number
for example, IPX: 030000508: 00805F685BDA: 506f
Status
Version
Description
The following table describes the commands to use with Lotus NDS
Manager.
Task
Command
-c
-r
-a
For example, this command adds the Domino
server Burke to the tree:
-a cn=Burke.o=Acme
-s
Reference
Action
Delete Domino server NDS object class Choose Tools - Define Notes Class.
Add a Domino server NDS object class Choose Object - Create.
Select Domino server object.
Enter the Domino server name.
Delete a Domino server NDS object
To set up NDS for a Notes workstation, you must configure NDS within
the NetWare client and then configure the Notes workstation to use NDS.
Configuring NDS for a Notes workstation
1. Install a NetWare-compatible client that supports NDS and IPX/SPX.
2. Make sure the user log-in object has at least browse access to the
NDS tree.
3. Specify a Preferred Tree and Default Context. If you are using
Windows, specify these settings in the Control Panel.
4. Log into the NDS tree.
Configuring a Notes workstation to use NDS
1. Start the Notes workstation.
2. If you have not enabled the SPX port, do the following:
a. Choose File - Preferences - User Preferences - Ports.
b. Select SPX and select Port Enabled. The Notes workstation
automatically enables NDS and Bindery Services.
3. If you use only NDS on all Domino servers in your organization, do
the following:
a. Click SPX Options, select Advanced configuration, and then
select NetWare Directory Services to disable Bindery Services
lookup within Domino.
b. Create a Connection document for the home server in each users
Personal Address Book. In the Destination server field, enter the
NDS distinguished name for the home server. For example, if a
Domino server name is Chicago/Midwest/Acme, its NDS
distinguished name is CN=Chicago.OU=Marketing.O=Acme.
4. If you use only NDS and want to specify a backup Domino Directory
to use if the users home server is unavailable, edit the Location
document in each users Personal Address Book and specify a
For more information on naming Domino servers on an NDS network,
see the chapter Setting Up the Domino Network.
Reference
5. To add each Domino server NDS object to the NDS tree, do the
following:
If you are using NetWare Administrator, choose Object - Create Notes Server Object and enter the Domino server name. You can
add information to the description if necessary.
If you are using NDSMgr, enter this command:
ndsmgr -a cn=server_name.o=preferred_tree,
Description
NWNDSUserID
NWNDSPassword
Reference
3. If you have not enabled the SPX port, start the Notes workstation
and choose File - Preferences - User Preferences - Ports. Select SPX
and select Port Enable. Domino automatically enables NDS and
Bindery Services.
Reference
Appendix H
Accessibility and Keyboard Shortcuts in Domino
Administrator
This appendix contains an extensive list of keyboard shortcuts that are
available in the Domino Administrator as well as other
accessibility-related information and instructions on where to find
additional information.
H-1
Keyboard shortcuts
The keyboard shortcuts in this section are based on U.S. standard
keyboards. If you are using a screen reader, you may want to maximize
your window so the tables of shortcuts are completely expanded and
accessible.
You can use the following keyboard shortcuts to navigate through the
Domino Administrator user interface.
Press
To do this
ALT+F5
ALT+F10
CTRL+BREAK
Go to a Web page
CTRL+Q or ALT+F4
CTRL+TAB
ESC or CTRL+W
F1
F5
Lock User ID
F6
F10 or ALT
SHIFT+ALT+S
SHIFT+CTRL+TAB
Reference
Press
To do this
SHIFT+F6
SHIFT+F10
SHIFT+UP ARROW
To do this
ARROW keys
CTRL+N
CTRL+O
Open database
ENTER
ESC
ESC or CTRL+W
F9
PAGE DOWN
PAGE UP
SHIFT+CTRL+F9
SHIFT+F9
SPACEBAR
Standard dialog boxes appear when you perform many tasks in the
Domino Administrator. For example, when you choose File - Database Open, the Open Database dialog box appears.
Press
To do this
ESC
F1
SHIFT+TAB
SPACEBAR
TAB
To do this
ALT+DOWN ARROW
ALT+UP ARROW
ALT+ENTER
CTRL+ALT+ENTER
CTRL+END
CTRL+HOME
CTRL+PAGE DOWN
CTRL+PAGE UP
Reference
Press
To do this
ENTER
ENTER
ESC
F1
SHIFT+CTRL+END
SHIFT+CTRL+HOME
SHIFT+CTRL+PAGE DOWN
SHIFT+CTRL+PAGE UP
SHIFT+TAB
TAB
To do this
CTRL+DOWN ARROW
CTRL+E
Edit document
CTRL+END
CTRL+F
CTRL+G
CTRL+HOME
CTRL+P
CTRL+PAGE DOWN
CTRL+PAGE UP
CTRL+UP ARROW
To do this
ESC
F4 or TAB
LEFT ARROW
RIGHT ARROW
SPACEBAR
SPACEBAR
SPACEBAR
To do this
CTRL+A
CTRL+C
CTRL+DOWN ARROW
CTRL+UP ARROW
CTRL+V
CTRL+X
DELETE
DELETE
SHIFT+CTRL+DOWN ARROW
SHIFT+CTRL+LEFT ARROW
SHIFT+CTRL+RIGHT ARROW
SHIFT+CTRL+UP ARROW
SHIFT+DOWN ARROW
SHIFT+END
SHIFT+HOME
SHIFT+LEFT ARROW
SHIFT+RIGHT ARROW
SHIFT+UP ARROW
Reference
Press
To move to
CTRL+LEFT ARROW
CTRL+RIGHT ARROW
END
End of line
HOME
Beginning of line
SHIFT+TAB
SHIFT+TAB
TAB
TAB
To do this
CTRL+B
CTRL+E
CTRL+F
CTRL+G
Find next
CTRL+I
CTRL+J
CTRL+K
CTRL+R
Show/Hide ruler
CTRL+T
CTRL+U
CTRL+Z
F2
To do this
F7
F8
F9
F11
SHIFT+CTRL+L
SHIFT+F2
SHIFT+F7
SHIFT+F8
To do this
CTRL+A
CTRL+C
CTRL+F
CTRL+P
CTRL+V
CTRL+X
DELETE
ENTER
F3
F4 or TAB
F9
SHIFT+CTRL+F9
SHIFT+DELETE
SHIFT+F3
SHIFT+F9
SPACEBAR
Reference
Press
Reference
Appendix I
Server.Load Command Language
This appendix describes the commands that you use to create a custom
Server.Load script.
Server.Load commands
Server.Load scripts consist of statements in a simple command language,
the Server.Load specification language. Each command simulates an
aspect of the Notes client functionality. You can build a script containing
a series of these commands to perform a complex task, such as reading
and deleting mail.
I-1
@Else command
Use with the @If command in a Server.Load script.
Example
@If[DeleteEntry]
delete 1
@Else
add 1
@EndIf
@EndIf command
Use with the @If command in a Server.Load script.
Example
@If[DeleteEntry]
delete 1
@Else
add 1
@EndIf
@If command
Used in a Server.Load script to execute [Commands] if [Value] is
non-zero. @If is used to execute multiple commands or to use an @Else
condition.
Syntax
@If [Value] [Commands] [@Else [Commands]] @EndIf
Where:
[Value] Typically a NOTES.INI setting
I-2 Administering the Domino System, Volume 2
@If [DeleteDoc]
Delete 1
@Else
Add 1
@EndIf
Add command
Use in a Server.Load script to create new documents in a database
according to the value of a. Each new document consists of: an author
field with the current users name; a recipients field with the current
users name; the ordinal number of the document as a summary item; the
subject (summary) text item; the optional attachment item; and the body
(non-summary) text item.
If no number is specified, one note is created. If b is not specified, the
length of the summary data is a uniform random number between 1 and
100 bytes. If c is not specified, the length of the non-summary data is a
uniform random number between 100 and 300 bytes.
Syntax
Add(a, b, c)
Where:
a Number of documents to be added
b Length of summary item\Subject\ (optional; default is \)
c Length of non-summary item \Subject\ (optional; default
value is \)
Note The body (non-summary) value cannot exceed 65000 bytes.
Example 1
This example adds documents to the default view All Document $all.
changeto [mailserver]!!mail\mail[#].nsf mail60.ntf
-keepopen
add [a]
drop
Server.Load Command Language I-3
Reference
Example
This example executes the Delete command, only if [DeleteDoc] is
defined in the NOTES.INI file and is non-zero; otherwise, the Add
command is executed:
Note You need to add a value for the environment variable a in the
NOTES.INI file, or you can code it into the script, as below:
changeto [mailserver]!!mail\mail[#].nsf mail60.ntf -keepopen
Example 2
This example adds documents to the Inbox folder using -f (foldername).
changeto [mailserver]!!mail\mail[#].nsf mail46.ntf -keepopen
add [a] -f $Inbox
drop
Example 3
This example adds 1 document to the Inbox view with the subject
(Length of summary item) set to 30 bytes and the Body (Length of
non-summary item) is set to 10000 bytes.
changeto [mailserver]!!mail\mail[#].nsf mail46.ntf -keepopen
add 1 30 10000 -f $inbox
drop
BeginCrit command
Use in a Server.Load script to mark the beginning of a scripts critical
region. A critical region is a series of lines in a script that can only be
executed by one Server.Load simulated user (thread). The critical region
is marked by the BeginCrit and EndCrit pair. There can be a maximum of
6 critical regions per script.
BeginLoop command
Use in a Server.Load script to mark the start of the loop and the point to
which the Rewind statement returns control. A script can have one loop.
Use in a Server.Load script to mark the start of the loop and the point to
which the Rewind2 statement returns control.
Break command
Use in a Server.Load script to allow the user to set program control after
an error.
Syntax
Break [x]
Where x is:
1 To terminate program upon error
0 To move on to next line upon error
The default is Break 1.
Cal command
Use in a Server.Load script to schedule an appointment or invitation.
Syntax
Appointment:
cal -a <db> <msgsz> <dur> <startrng> <endrng> <nthiter>
Invitation:
cal -i <db> <msgsz> <dur> <startrng> <endrng> <numrecip>
<nthiter>
Where:
<dur> Duration, in minutes
<startrng> Lower bound for the number of days ahead to
schedule
<endrng> Upper bound for the number of days ahead to
schedule
<numrecip> Number of recipients
<nthiter> Nth iteration of the script
Reference
BeginLoop2 command
ChangeTo command
Use in a Server.Load script to set the current database for the test.
Provide the full file name of the database (use server!!file if a remote
database), or specify the keyword MAIL to open the mail database.
The following statements operate on the specified database. If the
database doesnt exist, a new database is created using template
[database template name]. If the keepopen option is specified (which is
the string -keepopen), the database is not closed and reopened if it is
already open.
Syntax
ChangeTo [database name] [database template name]
[-keepopen]
Where:
[database name] Full file name of the database
[database template name] File name of the template database
[-keepopen] Keeps the database open
Example 1
Using changeto to create a local database.
* Create local file using the journal template (journal.ntf)
* NOTES.INI contains setting templateversion=4
changeto journal.nsf journal[templateversion].ntf -KeepOpen
pause 5000
Example 3
Create and initialize mail file(s)
Note Uses Script Variable [NumMailNotesPerUser]
* Script to create and initialize mail file(s)
changeto [MailServer]!!mail\mail[#].nsf mail60.ntf
Reference
Example 2
Using changeto to create multiple databases on a server. In this example
the thread number is substituted in for the [#] symbol.
Close command
Use in a Server.Load script to close the current view. The view is opened
with the Open command.
Console command
Use in a Server.Load script to allow you to issue remote server console
commands, similar to the Domino server console in the Domino
Administrator console. You must have administration rights on the sever
you are attempting to issue commands to.
Syntax
Console [server] [command]
Where:
[server] The server at which to execute the console command
[command] The command executed to the server
Example
This example uses the console command to issue a Show Stat command.
DbDelete command
Use in a Server.Load script to delete a database (locally or on a server). If
the database is on a server, you must have delete database access.
Syntax
DbDelete [dbname]
Where:
[dbname] Full database name. (Use server!!file if remote
database.)
Syntax
Delete [#]
Where:
[#] Number of documents to delete
Drop command
Use in a Server.Load script to drop all network connections on the
specified port.
Syntax
Drop [hangup] [port]
Where:
[hangup] Causes the connection to be disconnected.
[port] The port to be disconnected.
Example 1
Disconnects the connection on the port specified.
changeto [MailServer]!!mail\mail[#].nsf mail46.ntf
pause 1min
drop hangup tcpip
Example 2
Disconnects all user sessions on specified port
changeto [MailServer]!!mail\mail[#].nsf
pause 1min
Reference
Delete command
EndCrit command
Use in a Server.Load script to indicate a critical region that can be
executed by only one simulated user (thread). The critical region is
marked by the BeginCrit and EndCrit pair. There can be a maximum of
six critical regions per script.
Entries command
Used in a Server.Load script to simulate a user pressing PgUp and PgDn
or pressing Up and Down arrows to traverse a view.
Syntax
Entries [start] [end] <navigation option>
Where:
[start] Starting index ordinal position (optional; default is 1)
[end] Number of index entries to be read (optional; default is
All)
<navigation option> One of the navigation options, described
in the Navigate command.
ErrorDelay command
Used in a Server.Load script to set a time delay after a nonfatal error
occurs.
Syntax
ErrorDelay [delay]
Where:
[delay] Time to delay, in milliseconds. (Default is 150000 20000ms, or 15 to 20 seconds)
Syntax
FindByKey "[KeyField]#searchstring"
Where:
key list List of keys separated by semicolons. Each key is in the
<item>#<value> format, where <item> is the item, name, and
<value> is the value. The FindByKey key list argument is the
Field Name of the column searched, and the value of the data as it
appears in the column.
option list One or more of the following, each separated with a
space:
NO_ACCENT Accent insensitive
NO_CASE Case insensitive
PARTIAL Partial compare
FIRST_EQUAL First equal entry
LAST_EQUAL Last equal entry
GREATER_THAN All entries greater than
LESS_THAN All entries less than
UPDATE_IF_NOT_FOUND Update if not found
Example
Search a view containing a column referencing the field Status and
search for those complete.
FindByKey "[Keyfield]#complete"
Reference
FindByKey command
FindByName command
Used in a Server.Load script to enable you to search index entries by name.
Syntax
FindByName [searchstring] <optionlist>
Where:
[searchstring] The search collection whose primary sort key
matches the given null-terminated string
<optionlist> See the FindByKey command for <optionlist>
choices.
GetAll command
Used in a Server.Load script to fetch the ID table of all Note IDs from the
database. This command must be used before other commands for
example, Stamp that operate on random documents in the database
because those commands pick random notes out of this table. If this
command is not used, the master ID table will start from scratch.
Help command
Used in a Server.Load script to display help text. If [command] is
specified, help text for the command is displayed.
Syntax
Help [command]
@If command
Used in a Server.Load script to execute [Commands] if [Value] is
non-zero. @If is used to execute multiple commands or to use an @Else
condition.
Syntax
@If [Value] [Commands] [@Else [Commands]] @EndIf
Where:
[Value] Typically a NOTES.INI setting
I-12 Administering the Domino System, Volume 2
@If [DeleteDoc]
Delete 1
@Else
add 1
@EndIf
ImailCheckForNewMail command
Used in a Server.Load script to purge deleted IMAP messages and check
for new messages.
ImailCloseMailbox command
Used in a Server.Load script to close the currently selected IMAP
mailbox.
ImailFetchEntry command
Used in a Server.Load script to get (UID Fetch) body for specified entry.
Syntax
ImailFetchEntry [navigator]
Where:
[navigator] CURRENT, NEXT, NEXT_UNSEEN, or FIRST. If
not specified, default is CURRENT.
Reference
Example
This example executes the Delete command, only if [DeleteDoc] is
defined in the NOTES.INI file and is non-zero; otherwise, the Add
command is executed:
ImailFetchOld command
Used in a Server.Load script to get (UID Fetch) Body for specified entry.
Syntax
ImailFetchOld [navigator]
Where:
[navigator] CURRENT, NEXT, NEXT_UNSEEN, or FIRST. If
not specified, default is CURRENT.
ImailGetLastEntries command
Used in a Server.Load script to get (Fetch) last page of entries (UID, flags,
envelope) for use with ImailFetchEntry.
ImailGetNewMail command
Used in a Server.Load script to check for new IMAP messages.
ImailHelp command
Used in a Server.Load script to displays all available IMAP (IMail*)
commands with Help text.
ImailListMailboxes command
Used in a Server.Load script to list IMAP mailboxes.
Syntax
ImailListMailboxes [refmbox] [mailbox] [sub]
Where:
[refmbox] Root mailbox to list from. If not specified, default is
.
[mailbox] Root mailbox to list from. If not specified, default is
.
[sub] If TRUE, lists subscribed mailboxes; if FALSE, lists
non-subscribed mailboxes.
I-14 Administering the Domino System, Volume 2
Syntax
ImailLogin [host] [user] [password]
Where:
[host] The Internet host name of the IMAP server for
example, company.com
[user] The IMAP user name to log in as
[password] The password of the user
ImailLogout command
Used in a Server.Load script to log out of a server running IMAP.
ImailOpenMailbox command
Used in a Server.Load script to open (select) an IMAP mailbox (the Inbox
folder of the mail file).
Syntax
ImailOpenMailbox [mailbox]
Where:
[mailbox] The name of the mailbox to open
ImailPostMessage command
Used in a Server.Load script to add a message to the specified mailbox.
Syntax
ImailPostMessage [bodysize] [linesize] [mailbox]
Where:
[bodysize] Total size of the message
[linesize] Length of each line in the message, typically 80
Reference
ImailLogin command
ImailSetSeen command
Used in a Server.Load script to set current message as seen.
Index command
Used in a Server.Load script to update the currently open collection.
Syntax
Index
Example
Updating a view collection with the Index command. In this example, the
thread number is substituted for the pound symbol [#].
* Create one or more databases on mail server using (journal.ntf)
* NOTES.INI file contains setting templateversion=4
* Creation of multiple databases, based on the number of threads
* All test databases will be placed in the journal directory.
changeto [MailServer]!!journals\journal[#].nsf
journal[templateversion].ntf -KeepOpen
pause 5000
Reference
LDAPLookup command
Used in a Server.Load script to perform LDAP lookup for specified user
name.
Syntax
LDAPLookup <username>
Where:
<username> Performs cn=username search on host LDAPHost.
Note The NOTES.INI file must contain the setting
LDAPHost=system.domainname for example, LDAPHost =
Server.acme.com
Lookup command
Used in a Server.Load script to search the Domino Directory
(NAMES.NSF) for names you specify.
Syntax
Lookup (a, b, c)
Where:
a Mail server name
b Namespace, specified as $users, $servers, $groups,$domain,
$people, $People, $ServerAccess, $CrossCertByRoot,
$CrossCertByName,$Users,$Servers, $Certifiers,
$CrossCertByRoot,$Certifiers, $Connections, $Profiles
c Names list; each entry separated by ASCII \0
Example
Lookup performed
Lookup fssaixw/ess $Users John Doe/WAS/Acme
Server.Load Command Language I-17
NABRetrievePOP3Mail command
Used in a Server.Load script to retrieve POP3 mail messages for a fixed
user in the Domino Directory (NAMES.NSF).
Syntax
NABRetrievePOP3Mail <msg_num> <hostname> <options>
Where:
<mst_num> Message to retrieve. Use the value -1 to retrieve all.
<hostname> Host name of the server running SMTP MTA.
<options> POP3 retrieval options: USE_SSL uses SSL protocol,
LEAVE_ON_SERVER leaves messages on the server.
NABUpdate command
Used in a Server.Load script to update a number of random documents
of a particular type in the Domino Directory (NAMES.NSF) database.
Syntax
NABUpdate(a,b)
Where:
a Type of document to update (Person, Group, or Connection)
b Number of documents to update. If b is not specified, one
document is updated.
Navigate command
Used in a Server.Load script to read number of documents as listed in
index.
Syntax
Navigate [<a>[<option>[ASYNC]]]
Where:
<a> Number of documents to be read (optional; default is 1)
<option> One or more of the following navigation options. You
can string multiple options together as OR options, separated by
the split vertical bar () character.
I-18 Administering the Domino System, Volume 2
NewMail command
Used in a Server.Load script to poll for new mail.
Syntax
NewMail(a,b,c)
Where:
a Name of mail file (default is your mail file)
b Number of times to poll (default is 1)
c Millisecond delay between polls (default is 1000 ms)
NewReplicateDB command
Used in a Server.Load script to create empty database <target> as replica
of <source>.
Syntax
NewReplicateDB <source> <target>
Reference
Where:
<source> Full file name of source database. Use the format
server!!file for a remote database.
<target> Full file name of new target database; if a database
with the same name exists with a different replica ID, it will be
overwritten.
NoteAdd command
Used in a Server.Load script to add a document with the specified
[Subject], [Body], [Attachment], [MsgCount], [NamedField], and
[FolderID].
Syntax
NoteAdd [-sSubject] [-bBody] [-aFileAttachment] [-cMsgCount]
[-nNamedField] [-fFolderID]
Where:
Subject Summary item Subject
Body Non-summary item Body
Attachment File name of attachment
MsgCount Number of messages to add
NamedField Named field
FolderID Add document to folder with this ID
Open command
Used in a Server.Load script to open a view collection.
Syntax
Open (a) <option>
Where:
a View document ID (optional; default is the default view) or
DESIGN to open the design collection. To open a view other than
the default view, enter the decimal value of last 3 digits in the
View Note ID converted from hex to decimal. To view this
property, open the list of views and select a view, then bring up
the Properties for the item.)
I-20 Administering the Domino System, Volume 2
Pause command
Used in a Server.Load script to wait for a specified number of
milliseconds before performing the next command in the script.
Syntax
Pause (a)
Where:
a Number of milliseconds to wait, or any of the forms: (Xsec,
X-Ysec, Xmin, X-Ymin, Xhours, X-Yhours)
Populate command
Used in a Server.Load script to ensure that there are
(NumMailNotesPerUser) documents in the current database. This
command locks the database to prevent other users from simultaneously
performing another Populate command, gets the number of documents
currently in the database, and adds documents as necessary.
Syntax
Populate (NumMailNotesPerUser) [folder]
Where:
NumMailNotesPerUser Total number of documents you want
the database to have
folder Folder or view to which documents will be added
Example
This example creates and initializes a mail file(s); documents are added
to folder $Inbox.
changeto [MailServer]!!mail\mail[#].nsf mail46.ntf
Reference
Quit command
Used in a Server.Load script to terminate the open program.
Syntax
Quit
Read command
Used in a Server.Load script to open and close a specified number of
documents.
Syntax
Read (a)
Where:
a Number of notes to be opened and closed
Replicate command
Used in a Server.Load script to replicate with server.
Syntax
Replicate <server> <direction> <files> <options>
Where:
<server> Server with which to replicate
<direction> One of the following: PUSH, PULL, or BOTH
(optional; default is BOTH)
I-22 Administering the Domino System, Volume 2
RetrievePOP3Mail command
Used in a Server.Load script to retrieve POP3 mail messages for a user.
Syntax
RetrievePOP3Mail <user> <password> <msg_num> <hostname>
<options>
Where:
<user> Users POP3 account name
<password> Users POP3 password
<msg_num> Message to retrieve; -1 to retrieve all
<hostname> Host name of the server running SMTP MTA
<options> POP3 retrieval options (USE_SSL for SSL protocol,
LEAVE_ON_SERVER to leave messages on the server)
Rewind command
Used in a Server.Load script to restart the script file, if one is given, up to
a maximum of n iterations, if n is specified. If the script contains a
BeginLoop statement, the next command executed is the one
immediately following the BeginLoop. Otherwise, the next command
executed is the first command in the script. If n is not specified, the
Rewind command is executed indefinitely.
Reference
Syntax
Rewind <n>
Where:
<n> Number of times to restart the script
Rewind2 command
Used in a Server.Load script to restart the loop, up to a maximum of n
iterations, if n is specified. If the script contains a BeginLoop2 statement,
the next command executed is the one immediately following the
BeginLoop2 statement. If n is not specified, the Rewind2 command
executes indefinitely.
Syntax
Rewind2 <n>
Where:
<n> Number of times to restart the script
RSVPInvitation command
Used in a Server.Load script to send a response (acceptance) to an
invitation (if one exists). RSVP is subject to nthIteration.
SendMessage command
Used in a Server.Load script to create and send a mail message. The
random body text in the message is created by the same method as in
CREATEFILE. Message recipients are selected with a uniform
distribution from the people in the Domino Directory (NAMES.NSF) on
the source driver system. All replicas of the Domino Directory on the
source driver systems and SUT have the same content.
Syntax
SendMessage <message_size> <num_recipients> <nth_iteration>
<attachment>
SendSMTPMessage command
Used in a Server.Load script to create and send an SMTP mail message.
Syntax
SendSMTPMessage <message_size> <line_size>
<num_recipients/recipient> <hostname> <domain> <client_host>
<nth_iteration>
Where:
<message_size> Size of body text in bytes
<line_size> Size in bytes of each line in a multi-line message
<num_recipients> Number of random users in the Domino
Directory to receive the message
<recipient> A recipients e-mail address
<hostname> Host name of server running SMTP Listener
<domain> Domain of user for recipient addresses
<client_host> Client host name
<nth_iteration> Send a message every n script iterations
SessionsClose command
Used in a Server.Load script to close all open sessions. This statement
only closes sessions opened with SessionsOpen.
Syntax
SessionsClose
Reference
Where:
SessionsOpen command
Used in a Server.Load script to create sessions on the specified server,
monitor the time it takes to open num_sessions, and return that value. To
close all of the sessions that you open, include the SessionsClose
command in the script.
Syntax
SessionsOpen <server> <num_sessions>
Where:
<server> Server where the sessions will be created
<num_sessions> Number of sessions to create
SetContextStatus command
Used in a Server.Load script to set the context iteration status.
SetCalProfilecommand
Used in a Server.Load script to set the Owner and BusyName fields for
the current database.
Stamp command
Used in a Server.Load script to select a random documents from the list
of Note IDs returned from GetAll. Stamp modifies a summary data field
of length b in each document with the same random value.
Syntax
Stamp (a, b)
Where:
a Number of documents to be stamped
b New size of the summary item Subject (optional; default
is )
Used in a Server.Load script to set the database unread list for the
current collection to contain (a) random documents. This command may
be used before a Navigate with one of the unread navigation options to
simulate reading a specific number of new documents.
Syntax
Unread (a)
Where:
Update command
Used in a Server.Load script to update random documents in a database,
based on the value of a.
Syntax
Update (a, b, c)
Where:
a Number of documents to be updated. If a is not specified,
one document is updated.
b New size of the summary item Subject (optional; default is
). If b is not specified, the length of the summary data is a
uniform random number between 1 and 100 bytes.
c Length of non-summary item Body (optional; defaults to
). If c is not specified, the length of the non-summary data is a
uniform random number between 100 and 300 bytes.
Reference
Unread command
WebGet command
Used in a Server.Load script to retrieve information from a specified URL.
Syntax
WebGet -[sumonly | alldata] [{-url <urlname> [-walk <depth>
<span>] [-proxy <urlname>] } | { [-file <filename>] | <#
entries to fetch> [-concurrent | -sequential ] } ]
-[holdtime <ct> <st>]
Example 1
The command [-url www.lotus.com -walk 2 1] is interpreted from a Web
browsers point of view as, starting at web page www.lotus.com, select
two links on the page to click (if the page has at least two links). Click the
first selected link, return back to the initial page, then click the second
link, and return back to the initial page.
Example 2
The command [-url www.lotus.com -walk 1 2] is interpreted from a Web
browsers point of view as, starting at web page www.lotus.com, select
one link on the page to click. Click the link, then apply the same rule
recursively to each new page. Assuming that the first link clicked is
www.lotus.com/notes.htm, the rule then requires WebGet to find one
link on that page and traverse it. The span parameter indicates a
stopping point for the recursive process.
Additionally, -walk 0 0 indicates that WebGet should only request the
page indicated by <urlname> and no more. Equivalent to leaving out the
-walk switch.
Or, something like -walk 10000 10000 (or another large number) indicates
that you want WebGet to traverse every conceivable link on that page,
much like a Web robot.
Reference
Reference
Appendix J
Server.Load Scripts
This appendix presents annotated code of Server.Load scripts, as well as
a set of sample scripts that you can modify for use in your own custom
scripts.
Server.Load scripts
You can use any of these scripts with Server.Load:
Sample scripts
Idle Workload
R5 IMAP Workload
R5 Shared Database
J-1
Reference
Reference
**Set Owner**
Setcalprofile
**Ensure there are enough documents in mail database (one time only)**
beginloop
sendssmtpmessage [NormalMessageSize] [MessageLineSize]
mail[#]@[RecipientDomain]
[SMTPHost] [RecipientDomain] [ClientHost]
rewind [NumMailNotesPerUser]
pause 60000
**Open views**
open $FolderInfo
close
open $FolderRefInfo
close
open $Inbox
close
drop
Server.Load Scripts J-5
Reference
**Pause 10 to 20 seconds**
Pause 10000-20000
ImailFetchOld NEXT
** Pause 10 to 20 seconds**
Pause 10000-20000
ImailFetchOld NEXT
**Pause 10 to 20 seconds**
Pause 10000-20000
**Pause 10 to 20 seconds**
Pause 10000-20000
ImailFetchOld NEXT
**Pause 10 to 20 seconds**
Pause 10000-20000
ImailFetchOld NEXT_UNSEEN
ImailSetSeen
**Pause 10 to 20 seconds**
Pause 10000-20000
**Pause 10 to 20 seconds**
Pause 10000-20000
Reference
**Make sure there are enough notes in mail database (one time only)**
**Make sure there are enough documents in mail database (one time
only)**
populate [NumMailNotesPerUser] $Inbox
close
**Open 5 documents in the mail file and read each for 10 to 20 seconds**
navigate 5
pause 50000 - 100000
Reference
**Pause 1 to 2 minutes**
Pause 60000 - 120000
**Schedule an appointment**
cal -appt "[MailServer]!![nb_dbdir]mail[#].nsf" 1000 30
7 14 [NthIteration]
pause 30000 - 50000
**Schedule an invitation**
cal -i "[MailServer]!![nb_dbdir]mail[#].nsf" 1000 60 2 3
[NumMessageRecipients] [NthIteration]
pause 30000 - 50000
**Delete 2 documents**
delete 2
**Make sure there are enough documents in mail database (one time
only)**
populate [NumMailNotesPerUser]
close
**Page down the view 2 times, spending 3-10 seconds to read each
window**
entries 21 20
pause 3000 - 10000
entries 41 20
pause 3000 - 10000
**Open next 3 unread documents and read each for 10-30 seconds**
navigate 1 next_unread
pause 10000 - 30000
navigate 1 next
pause 10000 - 30000
navigate 1 next
pause 10000 - 30000
add [DiscDbAddDocRate] 100
Reference
**Open views**
open $Inbox
close
Reference
@ENDIF
pause 0-60000
changeto "[MailServer]!![nb_dbdir]mail[#].nsf"
[MailTemplate] -KeepOpen
pause 0-5000
beginloop
**Populate the mail database by having the thread send Web mail to
itself**
webget -url [httphost]/[nb_dbdir]mail[#].nsf -h 10 10
1000-2000 -mis
[NormalMessageSize] mail[#]/[Domain] 1
rewind [NumMailNotesPerUser]
setcalprofile
**Make sure the user preferences are set to have the mail owner =
mail[#]**
@If NOT [WebPreferencesOff]
webget -url [httphost]/[nb_dbdir]mail[#].nsf -mp
@EndIf
**Wait 1 - 3 minutes**
pause 60000-180000
**Wait 4 - 6 minutes**
pause 240000-360000
Reference
**Open the Web Mail database, to get Domino Directory info to be used
by all threads**
Index
Symbols
$AdminP View
creating, 15-30
$Revisions fields
size, 61-7
$UpdatedBy fields
size, 61-7
$Users view
in Domino Directory, 27-47
@Certificate
recertification and, 5-80
@Else command
described, I-2
@EndIf command
described, I-2
@If command
described, I-2, I-12
<ECLOwner>
Administration Execution
Control List, 41-14
8-bit MIME
default character set for, 28-131
ESMTP extension, 28-96,
28-103 to 28-104
A
Abstract object classes
described, 21-2
Accelerator keys. See Shortcut keys
Access
anonymous, 38-13, 40-8,
42-25 to 42-26
denying, 28-90, 38-7, 40-6
Access control list. See ACL
Access level privileges
ACL, 40-16
database, 7-7
Access levels
ACL, 40-1, 40-15
assigning, 40-11
database, 7-5
servers, 7-6
troubleshooting, 63-19 to 63-20
Access protocols
mail, 26-5
Accessed (in this file) property
performance and, 61-5
Accessibility
Domino Off-Line Services
and, 11-23
information about, H-1
shortcut keys, H-1
Accounts
LDAP, 18-5
ACL, 40-1
access for Web users, 40-30
access level privileges, 40-1, 40-16
access levels, 40-13, 40-15
adding names to, 40-23
aliases in, 40-7
brackets in, 40-20
concurrent changes to, 40-25, 58-9
configuring, 40-11
creating, 49-4
database libraries, 51-1
database security, 40-23
default entries, 40-2
deletions, 7-7
directory, 18-7, 19-10
Domino Change Control
database, 54-51 to 54-52
enforcing on replicas, 40-28
extended, 25-1
for mail database moves, 54-53
format for entries, 40-4
group names, 40-5
in a hosted
environment, 13-5, 14-4
in mail files, 26-13
LDAP users and, 40-7
managing, 40-22
modifying for Administration
Process, 15-13
modifying multiple
ACLs, 40-11, 40-25
monitoring, 40-27
order of evaluation for
entries, 40-10
precedence of, 38-4
Index-1
Index-2
extended, 15-33
for databases, 15-6
options, 15-4
Administrator approval
administration requests, 15-21
Administrator ID-recovery
information
changing, 39-21
Administrators
allowing access to Web
Administrator, 16-20
full access, 38-8
restricted system, 38-8
restricting access, 38-8
server access, 59-1, 38-8
system, 38-8
Administrators field
Domino Directory, 19-12
AdminP Mail Notification
Agent, 5-57
ADSync
options, 17-29
Advanced controls
setting, 28-46
Advanced user registration, 5-13
Agent log
troubleshooting with, 63-13
Agent Manager
capacity, 60-8
performance, 60-6
Tell commands, A-47
troubleshooting, 63-12 to 63-13
viewing status of, 60-9
Agents
activity logging, 57-3
Averaging, 36-19
controlling on servers, 28-9
creating, 40-17
for deleting and archiving
documents, 61-27
Purge, 36-15
Refresh, 36-18
restricting, 40-18
scheduling, 60-8
Server.Load, 62-4
setting time-out for mail, 28-9
SNMP, 53-1
troubleshooting, 63-12
Web Navigator database, 36-11
Agents, uses for
in Domino Off-Line
Services, 11-19
offline applications and, 11-19
AIX
configuring partitioned
servers, 2-50
configuring SNMP Agent
for, 53-12
Alarms
for Server Health Monitor, 54-10
Alias dereferencing
Directory Assistance documents
and, 23-48
Aliases
in ACL, 40-7
in DNS, 2-18
Allow_Access setting
described, C-3
Allow_Access_portname setting
described, C-3
Allow_Passthru_Access setting
described, C-4
Allow_Passthru_Callers setting
described, C-4
Allow_Passthru_Clients setting
described, C-5
Allow_Passthru_Targets setting
described, C-5
Alternate Language Information
document
creating, 20-31
viewing, 20-31
Alternate languages
described, 5-38
LDAP service, 20-29
Alternate names
adding to a user ID, 5-40
certifier IDs and, 5-39
changing, 5-62, 5-57
deleting, 5-57
in ACL, 40-7
AMgr_DisableMailLookup setting
described, C-5
AMgr_DocUpdateAgentMinInterval
setting
described, C-6
AMgr_DocUpdateEventDelay
setting
described, C-6
AMgr_NewMailAgentMinInterval
setting
described, C-7
AMgr_NewMailEventDelay setting
described, C-7
AMgr_SchedulingInterval setting
described, C-7
AMgr_UntriggeredMailInterval
setting
described, C-8
AMgr_WeekendDays setting
described, C-8
Analysis report
for decommissioning a
server, 59-3
Anonymous access
in a hosted environment, 14-4
Internet/intranet users, 42-25
LDAP service and, 20-16 to 20-17,
20-20
setting up, 38-13, 38-16
SSL, 46-15
virtual servers, 3-42
Web users and, 40-8
Anti-relay controls
effect on message transfer, 28-85
setting, 28-81
Anti-spam controls
settings for, C-101
API
creating event notification, 52-16
AppleTalkNameServer setting
described, C-8
Application design element
security, 37-15
Application security, 37-14
Application templates
table of, D-1
Applications
for hosted environments, 12-15
Approve persons name change
request, F-5
Archive criteria
for policies, 9-28
Archive policy settings
creating, 9-25
Archives, database
accessing, 61-26
Archiving
agents for, 61-27 to 61-28
databases, 58-37
deleted documents, 61-25
documents, 61-20
policies for, 9-22
policy settings example, 9-24
transaction log files, 55-5
viewing document Archiving
Log, 61-27
Assign Policy tool
using, 9-40
Attachments
compressing, 61-6
Domain Index and, 10-12
format for sending from
Macintosh clients, 28-133
Attributes
adding to LDAP schema, E-20
adding to schema, 21-13
described, 21-1, 21-4
Authentication
described, 38-1
examples, 42-21
IMAP port, 31-5
Internet/intranet
clients, 42-3, 42-27
of hosted organizations, 14-4
overview, 38-1
password checking with, 39-4
POP3 port, 30-2 to 30-3
session-based, 42-6
SMTP AUTH
command, 28-62, 28-69
SMTP port, 28-59
SSL, 46-15
SSL client, 46-25, 47-18
SSL server, 47-3
troubleshooting, 63-104
user names, 40-7
Web Administrator, 63-109
Web clients and, 42-19, 42-23
IMAP service
and, 28-60, 31-2, 31-6,
Author access
actions, 40-14
privileges, 40-16
Authors
displaying for Server Web
Navigator, 36-12
Authors field
updating, 40-29
AutoDialer task
Network dialup connections
and, 4-40
Notes Direct Dialup and, 4-44
setting up, 4-42
AutoLogoffMinutes setting
described, C-9
Automated client installation, 5-45
Autoscale
scaling statistics, 52-37
Auxiliary object classes
adding to schema, E-17
described, 21-2
Index-3
Availability threshold
setting, C-91
Averaging agent
enabling, 36-19
B
Backing up
databases, 55-2
servers, 63-7
Basic password authentication
setting up, 42-3
SSL, 46-15
Basic user registration, 5-11
Batch file installation
clients, 5-46
BatchRegFile setting
described, C-9
BeginCrit command
described, I-4
BeginLoop command
described, I-4
BeginLoop2 command
described, I-5
Benchmarks
server performance, 60-2
Billing
in a hosted environment, 12-14
BillingAddinOutput setting
described, C-9
BillingAddinRuntime setting
described, C-10
BillingAddinWakeup setting
described, C-10
BillingClass setting
described, C-10
BillingSuppressTime setting
described, C-11
Binary tree topology
replication and, 4-9
Bindery Service
Domino and, 2-30
server names and, 2-31
Binding
port-to-IP address, 2-46 to 2-47
Bookmarks
search forms and, 10-18, 10-20
Break command
described, I-5
Broadcast command
described, A-12
using before restarting the
server, A-23
Index-4
C
CA key ring
displaying, 45-7
exporting, 45-7
CA policy information
storing in Domino Directory, F-62
CA process
adding certifiers, 44-7
creating certifiers, 44-8
described, 44-1
Tell commands, A-48
viewing certifiers list, 44-24
Cache
setting for Server Web
Navigator, 36-18
Cal command
described, I-5
Calendar and scheduling
collecting detailed user
information, 8-20
collecting user calendar
information, 8-20
described, 8-1
example, 8-2
Holiday documents, 8-17
profile command, I-26
Server.Load script command, I-5
Call waiting
disabling, 63-49
Capacity planning
tools, 60-2
Catalog task
Domain Catalog
database, 10-2, 10-6
Catalog, Domain. See Domain
Catalog
Catalogs, database
for servers, 51-4 to 51-5
cconsole, A-8
deleting, 47-12
described, 39-3
displaying, 39-3
in a hosted environment, 13-5
Internet, 45-2, 47-10, F-4
managing server, 46-20
merging server, 46-12
renewing, 46-21
revoking, 44-2, 44-23
self-certified, 46-22
signing and adding to Domino
Directory, 47-7
SSL and S/MIME, 47-5
SSL server
authentication, 47-3
troubleshooting and, 63-83
trusted root, 46-9, 47-3
Certificates, SSL
adding for Server Web
Navigator, 36-8
creating a Certificate
Authority, 45-2
expired, 46-21
self-certified, 46-22
setting up, 47-3
viewing information, 46-20
viewing requests for server, 46-21
Certification
described, 39-2
Certification Log
Administration Process
requirements, 15-3
described, 3-28
Certifier documents
modifying, 44-22
Certifier IDs
migrating to CA process, 44-5
modifying, 44-21
organization, 3-34
organizational unit, 3-35
overview, 1-7
recovering, 44-25
CertifierIDFile setting
described, C-12
Change Control database
location, 54-34
Change HTTP password in Domino
Directory request, F-6
ChangeTo command
described, I-6
Channel encryption option
directory assistance, 23-43
Character encoding
LDAP service, 20-32
Character sets
aliases for, 28-131
enabling auto-detection of, 28-126
language codes and encoding
for, 28-120
specifying for MIME
messages, 28-118, 28-126
Web, 34-31, 34-33
Checkpoint records
activity logging and, 57-2
Client authentication
directory assistance
and, 23-3, 23-14
directory catalogs and, 24-9, 24-11
directory search order, 18-15
SSL, 46-1
Client information
updating in Person record, F-64
Client installation, 5-41
setting up for users, 5-41
single user, 5-43
Clients
setting up for S/MIME, 47-13
setting up for SSL client
authentication, 47-18
Clients, mail
POP3, 30-11
routing protocols and, 27-3
types of, 26-15
ClockType setting
described, C-13
Close command
described, I-8
Clrepl_Obeys_Quotas setting
described, C-13
Cluster failover
configuring for mail
routing, 28-40
directory assistance and, 23-21
Cluster Replicator
monitoring, C-86
quotas and, C-13
Tell commands, A-51
Cluster_Replicators setting
described, C-13
Clusters
Domino Off-Line Services
on, 3-12
Free Time database, 8-2
port setting, C-91
removing servers, F-49
replication topology and, 4-8
workload balancing and, 60-4
Collector task
overview, 52-1
Command line installation, 5-47
Commands
capturing output to file, A-2
Controller, A-3
custom, A-6
entering from the UNIX
command line, A-8
help for, I-12
modem command file, 63-48
shell, A-3
table of, A-10
Common Gateway Interface, 34-2
time-out setting, 34-53
Common names
Internet, 45-2
renaming, 5-57
server IP name and, 2-16, 2-22
Communication ports
options, 4-47
setting up, 4-34, 4-46
COMnumber setting
described, C-14
Compact task
archiving documents with, 61-20
IND file, 61-22
options, 61-17
renaming databases, C-74
running, 61-16
scheduling, 61-23
specifying database path, 61-22
upgrading database format, 31-28
with file reduction, 55-2
Compact_Retry_Rename_Wait
setting
described, C-14
Compacting
databases, 61-13, 61-16,
61-21 to 61-23
Companies, external
communicating with, 39-27
Compound document format. See
Notes rich text format
Compressing
attachments, 61-6
network data, 2-42
performance and, 61-6
Concurrent retrievers
Server Web Navigator, 36-6
Concurrent transfer threads
maximum, 60-11
Condensed Directory Catalogs
client authentication and, 24-10
Index-5
described, 24-2
full-text indexes, 24-25
multiple, 24-33
performance settings for, 24-30
planning, 24-29
replicating, 24-32
servers using, 24-5
setting up, 24-34 to 24-35
sorting, 24-29
Soundex and, 24-30
Configuration Directories
changing to primary, 19-6
configuring remote primary
directory, 19-7
described, 19-2
directory assistance and, 23-26
Extended Directory Catalogs
and, 19-4
managing, 19-5
planning, 18-2, 19-4
showing remote primaries
for, 19-9
Configuration document
Cross-domain, 15-9 to 15-10
Configuration Settings document
creating, 27-18
editing NOTES.INI file with, C-1
host names, 27-49
LDAP settings, 20-9, 20-17
for SMTP mail routing, 27-38
Configuring
activity logging, 57-12
mail routing, 27-37
offline applications, 11-11
Connect scripts. See Login scripts
Connection documents
described, 4-1
Internet servers, 4-22
LAN, 4-15
mail routing
and, 26-20, 28-36, 28-50
Network Dialup, 4-36, 4-46
Notes Direct Dialup, 4-35
passthru server, 4-29
port order and, 2-40
for replication, 7-20
scheduling mail routing, 28-50
troubleshooting, 63-39
Connections
mail routing, 27-2
restricting SMTP inbound, 28-71
routing cost and, 28-39, 28-53
SSL, 46-18
tracing, 63-37, 63-77, A-59
Index-6
Create_Replica_Access setting
described, C-17
CRL. See Certificate revocation lists
Cross-certificates, 39-29, 39-38
accessing servers with, 39-27
adding, 39-29, 39-33 to 39-34,
39-36, 47-15
creating, 39-29, 39-37 to 39-38
described, 39-27
displaying, 39-38
examples, 39-27, 39-31
in a hosted environment, 13-5
Internet, 39-28, 47-4
Person documents and, 39-37
S/MIME messages and, 39-27
Cross-domain administration
requests
described, F-70
Cross-domain Configuration
document
creating, 15-9 to 15-10
replicas and, 7-9
Cross-domain processing
administration requests, 15-8
benefits of, 15-10
setting up, 15-9
CSRV50.NTF
setting up, 46-3
CTF setting
described, C-18
Custom Welcome Page
creating, 5-87
Customer support
contacting, 63-4
Customized client installation, 5-47
D
Data
overwriting, 61-5
storing for a hosted
organization, 13-7
Data directory
certifier IDs and, 1-9
for a hosted organization, 13-5
restricting access, 49-4
Database access
for SSL clients, 46-19
troubleshooting, 63-17,
63-19 to 63-20
Database activity
monitoring, 58-11
reporting, 58-13
statistics, 58-12
Index-7
Default_Index_Lifetime_Days setting
described, C-19
Delay notifications
generating for low-priority
mail, 28-30
Delegate mail file on administration
server
administration request, F-10
Delete command
described, I-9
Delete database
administration requests, F-10
Delete hosted organization
administration requests, F-14
Delete Person administration
requests
described, F-78
Delete resource
administration request, F-21
Delete Server administration
requests
described, F-25, F-78
hierarchical server names, F-81
Deletion stubs
described, 63-90
purging, 7-12
Deletions
replication and, 7-7
Deletions, soft
defined, 61-8
effect on quotas, 28-11
performance and, 61-8
Delivery
configuring for mail, 28-8
Delivery controls
setting, 28-9
Delivery Failure Reports
troubleshooting, 63-36
Delivery failures
customizing message for, 28-46
quotas and, 28-16
Delivery status notification
enabling, 28-96, 28-103 to 28-104
Delivery threads
setting maximum
number, 28-9, 60-11
Demand sets
and database moves, 54-55
Deny_Access setting
described, C-19
Deny_Access_portname setting
described, C-20
Deployment
certifier IDs, 1-7
Index-8
Index-9
Index-10
Domains
communication between, 39-27
directory assistance, 23-18
DNS, 2-11
finding user names in, 5-85
mail routing
and, 26-19, 26-21, 27-20
multiple DNS, 2-16, 2-19, 2-22
planning, 1-5
restricting mail in, 28-36, 28-55
verifying in DNS, 28-90
Domains, external
connecting to, 4-18
DOMCFG.NSF, 34-48
creating, 34-49
Domino 5 certificate authority
setting up, 45-1
setting up SSL on the CA
server, 45-5
signing server certificates, 45-7
Domino 5 IMAP Initialization
Workload script
sample, J-5
Domino 5 IMAP Workload script
sample, J-6
Domino Administrator
Broadcast command, A-12
Configuration tab, 16-15
configuring mail routing, 27-18
creating groups with, 6-2
creating replicas, 7-9
disk space information, 58-5
displaying directory
contents, 58-3
displaying files, 58-2
Domino Console, Domino
Controller and, 16-28
Drop command, A-14
entering server commands, A-1
file information, 58-3
Files tab, 16-13, 58-2
installing, 16-1
Load command, A-15
managing databases with, 58-4
managing files with, 58-2
managing folders with, 58-5
Messaging tabs, 16-15
monitoring events with, 52-22
monitoring statistics with, 52-31
overview, 16-1
password protecting the
console, A-26
People and Groups tab, 16-13
quitting a task from, A-46
Index-11
Index-12
E
ECL
administration, 41-6, 41-11
creating a workstation, 41-12
described, 41-1
guidelines for creating, 41-6
Java applets and, 41-4
JavaScript and, 41-4
security access options, 41-3
updating a workstation, 41-13
workstation security and, 41-3
EditExpnumber setting
described, C-31
EditImpnumber setting
described, C-32
Editing
concurrent, 58-8, 63-91
shortcut keys, H-6 to H-8
Editor access
actions, 40-14
privileges, 40-16
EDNI document
creating, 4-18
updating, F-65
Effective access
extended ACLs and, 25-30
Effective policies
described, 9-3
determining, 9-36
viewing, 9-37 to 9-38
EmptyTrash setting
described, C-32
Enable_ACL_Files setting
described, C-33
EnableBiDiNotes setting
described, C-33
Encrypted fields
indexing, 50-2
Encryption, 43-1
certificates, 2-41
defined, 43-4
dual Internet certificates
and, 47-17
Internet transactions and, 40-31
mail, 43-4, 43-7
mail journaling and, 28-111
network data, 46-1
outbound mail routing, 24-14,
C-90, C-100 to C-101
performance and, 43-4
SSL settings, C-108
EndCrit command
described, I-10
End-to-end topology
replication and, 4-8
End-user installations
with Transform files, 5-50
Entries command
described, I-10
Error messages
Administration
Process, 15-36, 63-8
Agent Manager and agents, 63-13
Domino Off-Line Services, 11-24
IPX/SPX network, 63-73
mail, 28-46
mail routing, 63-38
meetings and resources, 63-45
modems and remote
connections, 63-50
network dialup
connections, 63-74
OS/2, 63-100
partitioned servers, 63-78
replication, 63-82
server access, 63-91 to 63-93, 63-95
server crashes, 63-98
TCP/IP, 63-57, 63-61
Web Administrator, 63-108
Web Navigator, 63-107
Web server, 63-104
ErrorDelay command
described, I-10
Escrow agent
troubleshooting, 63-16
ESMTP
supporting inbound
extensions, 28-96
supporting outbound
extensions, 28-103
ETRN extension
enabling for inbound SMTP
connections, 27-61, 28-96
Event filters
creating, 52-19
viewing, 52-20
Event generators
creating, 52-13
database, 52-5
defined, 52-3
disabling, 52-12
Domino server, 52-6
mail routing, 33-3, 52-7
statistic, 52-9
task status, 52-10
TCP server, 52-11
viewing, 52-14
Event handlers
creating, 52-13, 52-17, 52-23
defined, 52-3, 52-14
disabling, 52-18
notification
methods, 52-15 to 52-16
viewing, 52-20
Event messages
viewing, 52-20
Event Monitor server task
overview, 52-1, 52-3
Event task
monitoring replication, 63-80
Events
filtering, 52-19
from SNMP traps, 53-4
logging, 52-21
monitoring, 52-2, 52-22
notification methods, 52-15
severity levels, 52-4
types of, 52-16
viewing, 52-20
Examples
directory assistance, 23-51 to
23-53, 23-55
extended ACL, 25-19
Extended Directory
Catalogs, 23-53, 23-55
LDAP service write
operations, 20-26
ldapsearch utility, 22-6
registering a hosted
organization, 13-8
replication, 7-19
xSP server in a hosted
environment, 12-16
Execution Control List. See ECL
Execution Security Alert dialog
box, 41-2
trusting signatures, 41-2, 41-13
Exit command
described, A-14
Expired certificates
renewing, 46-21
Explicit policies
adding, 9-40
assigning, 9-40
changing, 9-40
described, 9-2
removing, 9-40
Extended accelerator keys. See
Shortcut keys
Extended access
disabling, 25-31
enabling, 25-23
Extended ACLs
activity log for, 25-31
changing, 25-28
described, 25-1, 25-3
directory, 18-7
disabling, 25-31
effective access and, 25-30
enabling, 25-23
examples of, 25-19
Extended Directory Catalogs
and, 24-7
in a hosted environment, 13-6
LDAP and, 20-20, 25-6
other database security and, 25-2
planning, 25-22
privileges for, 25-2 to 25-3, 25-5
restoring, 14-11
schema database and, 25-7
setting up, 25-22, 25-24
subjects in, 25-9, 25-17
target scope, 25-14, 25-17
targets in, 25-12 to 25-13
troubleshooting, 25-30, 63-34
Extended administration servers
removing, 15-34
setting up, 15-33
Extended Directory Catalogs
benefits of, 24-5
central directory architecture
and, 19-4
client authentication
and, 23-3, 24-10
directory assistance and, 23-6,
23-8, 23-22, 23-33, 24-26
examples, 23-53, 23-55
full-text indexes, 24-26
groups for database
authorization, 24-27
integrated into primary
directory, 24-28
LDAP service, 23-10
multiple, 24-33
native documents, 24-7
planning, 24-26
replicating, 24-45
setting up, 24-41 to 24-42
size of, 24-26
Extended key usage
public keys, 44-13
Extension manager
Administration Process
and, 15-30
in a hosted
environment, 12-5
External companies
communicating with, 39-27
External Domain Network
Information document. See
EDNI document
External Internet mail
preventing relaying, 28-75
External servers
access levels for, 7-7
ExtMgr_AddIns setting
described, C-34
F
Failover
directory assistance, 23-20, 23-22
for mail routing, 28-40
Fault recovery, 55-10
cleanup script, 55-11
enabling, 55-11
operating systems and, 55-10
Fields
customizing in Domino
Directory, E-2
directory catalogs and, 24-22
LDAP attributes and, 21-4
Fields, database
increasing number of, 61-29
performance and, 61-6
File format
database, 61-17
mail, 31-28
File names
key ring, 45-2
File protection, 34-42
File Protection documents, 34-41
described, 34-44
example, 34-42
File systems
searching, 10-9
FileDlgDirectory setting
described, C-34
Files
compressing when uploading to
Web, 34-29
displaying, 58-2
displaying information
about, 58-3
downloading from Web
server, 34-56
managing, 58-2
preferences, 16-7
Index-13
Index-14
customizing in Domino
Directory, E-2
HTML, 36-5
performance and, 61-3
Forwarding address
in Person document, 27-42
Forwarding rules
enabling and disabling support
for, 28-9
FQDN
as servers common name, 2-19
specifying in Connection
document, 2-17
specifying in Server
document, 2-16, 2-22
Frame types
IPX, 63-70
TCP/IP, 63-68
Free Time database
described, 8-1
troubleshooting, 63-45
Free-time lookups, 8-5
in non-adjacent domains, 8-6
FT_DOMAIN_DIRECTORY_NAME
setting
described, C-35
FT_DOMAIN_IDXTHDS setting
described, C-35
FT_Index_Attachments setting
described, C-36
FT_Intl_Setting setting
described, C-36
FT_Max_Search_Results setting
described, C-36
FT_No_Compwintitle setting
described, C-37
FT_Summ_Default_Language setting
described, C-38
FTG_No_Summary setting
described, C-37
Full-text indexes
creating, 50-2
deleting, 50-7
described, 50-1
directory catalogs and, 24-7, 24-25
disabling, C-115
Domain Search and, 10-2
LDAP service and, 20-15
security and, 50-2
size, 50-3
updating, 50-3, 50-5 to 50-6
G
Gateways
routing mail to, 27-30
GetAll command
described, I-12
GIF files
Web server and, 34-24
Global Domain documents
default, 27-55
in a hosted organization, 13-5
LDAP service and, 20-5
Global domains
configuring, 27-44
defining multiple, 27-55
Global Web settings document, 34-40
creating, 13-21, 34-40
described, 13-19, 34-34
editing, 13-22
Gopher Internet service
controlling access to, 36-7
Graphics
Web server format, 34-24
Group documents
editing, 6-10
object classes for, 21-5
Group members
registering in Notes, 17-18
Group names
finding, 6-15, F-29
in Internet message
headers, 28-131
Groups
adding and deleting
members, 6-6
adding to Notes, 17-20
Administrator, 13-7
assigning a policy to, 6-9
creating and modifying, 6-2
creating with Domino
Administrator, 6-2
creating with Web
Administrator, 6-4
database authorization, 18-16,
23-6, 24-27
deleting, 6-14, 17-42
Deny List Only, 6-8
described, 6-1
directory catalogs and, 24-19 to
24-20, 24-35, 24-42
editing, 6-10
finding members, 6-18
mail, 28-32
managing, 6-8, 6-16
registering, 17-39
renaming, 6-10, 17-41, F-50
renaming immediately
throughout domain, 6-13
troubleshooting, 63-20
Windows NT, 17-16
H
Headers
resent, 28-131
Headline monitoring
controlling, 38-16
performance and, 61-6
Health reports
for servers, 54-11 to 54-12,
54-14 to 54-15
for servers, purging, 54-12
Health_Report_Purge_After_N_Days
setting
described, C-38
Help
customer support, 63-4
Help command
described, A-15, I-12
Hierarchical IDs
cross-certification by phone, 39-33
cross-certification through Notes
mail, 39-36
cross-certification through postal
service, 39-34
Hierarchical names
converting flat names
to, 59-10, F-84
creating scheme for, 1-3
deleting servers with, F-81
Domino Directory and, 18-8
server registration and, 3-29
Hierarchical organizations
certification and, 39-27
communication between, 39-27
Holding undeliverable mail
in MAIL.BOX, 28-40
Holiday documents
creating, 8-17
modifying, 8-20
Home pages
for virtual servers, 3-42
Web server, 63-106
Host names
DNS and, 26-25
mail routing and, 26-12, 27-49
restricting inbound connections
by, 28-71
specifying in Server
document, 2-16, 2-22
Hosted environments
Domino features in, 12-4
example, 12-16
server options, 12-2
Hosted organizations
access to Web sites, 14-12
anonymous access to
databases, 14-4
deleting, 14-3, F-14
disabling services, 14-4
distribution of data, 12-9
Internet Site documents
for, 13-18, 13-20
loopback addresses, 13-17
mail addressing to, 14-16
maintaining, 14-1
managing users, 14-14
managing users and
groups, 14-16
moving to other servers, 14-5
on multiple servers, 14-2
policies for, 9-7, 13-4
registering, 13-5, 13-8, 13-11
registration, F-48
removing from an additional
server, 14-10
security and, 12-3
server crash recovery in, 14-11
server environments for, 12-1
setting up Domino Certificate
Authority for, 13-3
setup checklist, 13-3
using the Resource Reservations
database, 14-12
using the Web
Administrator, 14-15
viewing, 14-14
viewing Web Site and Internet
Site documents, 13-20
Web Site documents for, 13-18,
13-20 to 13-21
HostedOrganizationAdmin
group, 13-7
Hosting
Java applets, 34-10
Hosts files
system settings for, 2-13
HP OpenView
and SNMP traps, 53-21
HTML
displaying source for Server Web
Navigator, 36-13
passthru, 34-2
HTML login form
customizing, 42-10
HTML preferences
in Server Web Navigator, 36-12
HTTP
activity logging, 57-4
HTTP proxy
connecting Server Web Navigator
through, 36-3
HTTP server task
running, 34-5
HTTP servers
Domino working with the IBM
HTTP Server, 35-2
setup mode setting, C-99
HTTP service
binding to an IP address, 2-49
controlling access to, 36-7
in a hosted environment, 12-13
HTTP sessions
tracking, 34-13
HTTPEnableConnectorHeaders
setting
described, C-39
HTTPLogUnauthorized setting
described, C-39
HTTPS
controlling access to, 36-7
SSL and, 46-18
Hub-and-spoke topology
example of, 4-10
limitations of, 4-8
replication and, 4-6
Hunt group connection document
creating, 4-31
Hunt groups
described, 4-23, 4-31
I
IBM HTTP Server
setting Domino to work with,
35-2
IBM Office Vision
scheduling and, 8-6
IBM Tivoli Analyzer
Activity Trends, 54-17
installing, 54-6
overview, 54-1
ICL. See Issued Certificate Lists
ICMNotesPort setting
described, C-40
Index-15
Icons
Administration Requests
database, 15-23
ID recovery
administration request, F-30
ID table
Note IDs, I-12
Idle Workload script
described, 62-14
running, 62-14
sample, J-4
IDs
defined, 39-1
displaying certificates, 39-3
IMAP users and, 31-23
multiple-password, 39-6
password protection, 39-4
passwords for, 39-13
recovering, 39-14,
39-17 to 39-18, 39-20
security and, 37-16
server, recertifying, 59-9
IDs, certifier, 1-7, 3-34 to 3-35
Ignore message priority
setting for mail routing, 28-39
IIOP
in a hosted environment, 12-13
setting up, 34-10
Image display
performance and, 61-3
Web server and, 34-24
ImailCheckForNewMail command
described, I-13
ImailCloseMailbox command
described, I-13
IMAILExactSize setting
described, C-40
ImailFetchEntry command
described, I-13
ImailFetchOld command
described, I-14
ImailGetLastEntries command
described, I-14
ImailGetNewMail command
described, I-14
ImailHelp command
described, I-14
ImailListMailboxes command
described, I-14
ImailLogin command
described, I-15
ImailLogout command
described, I-15
Index-16
ImailOpenMailbox command
described, I-15
ImailPostMessage command
described, I-15
ImailSetSeen command
described, I-16
IMAP
activity logging, 57-4
IMAP attributes
adding to IMAP-enabled mail
files, 31-3
IMAP delegation
administration request, F-7
IMAP Initialization Workload script
sample, J-5
IMAP protocol
Domino mail server
and, 26-5, 31-1
in a hosted environment, 12-13
IMAP public folders
designating, 31-15
IMAP service
and shared mail files, 31-12
authenticating options, 31-5
binding to an IP address, 2-47
changing default port
information for, 31-6
configuring internal thread
use, 31-19
customizing, 31-5
greetings, 31-21
limiting sessions, 31-9
logging in to server, I-15
logging out of server, I-15
mail commands, I-13 to I-16
NAMESPACE
command, 31-12 to 31-13
setting up, 31-4
starting, 31-5
time-out setting, 60-12
IMAP users
allowing SMTP relays from, 28-82
creating mail files for, 31-26
enabling mail files for, 31-2, 31-10,
31-27, 31-30
setting acceptable login names
for, 31-24
setting up, 31-22
setting up Person documents
for, 31-23
IMAP_Config_Update_Interval
setting
described, C-40
IMAP_Convert_Nodisable_Folder_
Refs setting
described, C-41
IMAP_Session_Timeout setting
described, C-43
IMAPDisableFTIImmedUpdate
setting
described, C-42
IMAPDisableMsgCache setting
described, C-42
IMAPGreeting setting
described, C-42
IMAPNotesPort setting
described, C-43
IMAPRedirectSSLGreeting setting
described, C-43
IMAPShowIdleStatus setting
described, C-44
IMAPSSLGreeting setting
described, C-44
Inactive documents
deleting, 61-25
Inbound connections
restricting for SMTP, 28-71, 28-86
Inbound mail routing
restricting, 28-70, 28-75, 28-90
Inbound relay controls
enforcement of, 28-81
and message transfer, 28-85
Inbox folder
adding documents to, J-2
Incoming Mail Sound setting
described, C-44
Index command
described, I-16
Index entries
searching, I-11 to I-12
Index, Domain. See Domain Index
Indexes
creating, 50-2
deleting, 50-7, 58-23
described, 50-1
Domain Search and, 10-2, 48-7
encrypted fields, 50-2
replicating, 50-1
security and, 50-2
size, 50-3
troubleshooting and, 63-99
updating, 50-3, 50-5 to 50-6, 58-14
Indic languages
support for, 3-17
INET_Authenticate_with_Secondary
setting
described, C-45
cross-certification, 39-37
enforcing encrypted
transactions, 40-31
name-and-password
authentication, 42-1, 42-6
security, 38-2, 38-4
Internet address
changing, 5-73
Internet addresses
adding senders in outbound
mail, 27-50
formats for, 28-134
LDAP service and, 20-5
outbound mail, 27-54
as reply addresses, 27-52
Internet addresses, inbound
looking up in the Domino
Directory, 27-47
Internet certificates
adding, F-4
adding to Domino Directory, 47-7
creating, 47-14
creating with Domino
Directory, 47-10
deleting, 47-12
dual, 47-17
in a hosted environment, 12-4
signing, 47-7
SSL and S/MIME, 47-5
Internet clients
name variations accepted for
login, 31-24
Internet cross-certificates
creating, 47-4
described, 39-28
Internet domains
primary vs. aliases, 27-55
Internet mail, 27-38
restricting inbound, 28-90
restricting
outbound, 28-98 to 28-99
restricting relays, 28-75
restricting who can receive, 28-92
routing, 26-23, 27-6, 27-34,
27-37 to 27-38, 36-9
troubleshooting, 63-107
Internet passwords, 42-24
security and, 42-24
user registration and, 42-3
Web Administrator, 16-19
Internet protocols
setting up passwords for, 42-3
Internet services
accessing, 36-7
Index-17
J
Java agents
restricting, 40-18
Java applets
hosting, 34-10
on Web server, 34-2
Java servlets
managing, 34-13
JavaEnableJIT setting
described, C-46
JavaJITName setting
described, C-46
JavaMaxHeapSize setting
described, C-46
JavaMinHeapSize setting
described, C-47
JavaNoAsyncGC setting
described, C-47
JavaNoClassGC setting
described, C-47
JavaScript
on Web server, 34-2
JavaStackSize setting
described, C-48
JavaUserClasses setting
described, C-48
JavaVerbose setting
described, C-48
JavaVerboseGC setting
described, C-49
Journaling
mail, 28-105
methods, 28-109
Index-18
retrieving journaled
messages, 28-113
setting up, 28-106
JPEG files
Web server and, 34-24
K
Keep alive headers
sending to Web server, 34-53
Key ring files
changing the password for, 46-22
creating a test version, 46-22
creating for internal CA, 45-2
displaying, 45-7
entering for server, 46-15
exporting, 45-7
merging a certificate from an
external CA, 46-9
merging server certificates
into, 46-12
naming, 45-2
viewing certificates, 46-20
Key usage extensions
public keys, 44-12
Keyboard shortcuts. See Shortcut
keys
KeyFileName setting
described, C-49
Keys
private, 43-1
public, 43-1
KitType setting
described, C-50
L
LAN Connection document
creating, 4-15
LANA numbers
NetBIOS ports and, 2-58
Language codes
specifying for a character set
group, 28-120
Language groups
configuring font options
for, 28-126
Languages
choosing default for Web, 34-31
Domain Search and, 10-1
LDAP service tags, 20-29
LANnumber setting
described, C-50
LANs
connecting servers on, 4-15
integrating Domino with, 2-2
network compression and, 2-42
setting up servers on, 2-32
troubleshooting, 63-55
LDAP accounts
compared to directory
assistance, 23-9
planning, 18-5
LDAP activity logging
information logged, 57-4
limiting information
logged, 57-13
LDAP directories
alias dereferencing and, 23-48
authenticating SSL clients, 46-25
authenticating Web clients
with, 42-23
authenticating Web users
with, 40-7
connecting using SSL, 47-23
described, 23-1
directory assistance, 23-3, 23-6,
23-9, 23-11, 23-37, 23-43
failover, 23-22
LDAP service referrals to, 20-33
lookup command, I-17
Notes distinguished names
in, 23-49
search filters and, 23-46
server passwords for
connecting, 23-44
LDAP features
overview, 18-3
LDAP migration tool, 20-2
LDAP operations
extended ACLs and, 25-6
LDAP schema
checking, 21-18 to 21-19
described, 21-1
Domino, 21-2
Domino LDAP Schema
database, 63-34
extending, 18-19, 21-10, 21-16 to
21-17, E-3, E-7 to E-9,
E-16 to E-17, E-20
retrieving, 21-20
root DSE searches, 21-20
viewing, 21-9
LDAP service
anonymous search
access, 20-16 to 20-17, 20-20
binding to an IP address, 2-47
LDAPBatchAdds setting
described, C-51
LDAPConfigUpdateInterval setting
described, C-51
LDAPGroupMembership setting
described, C-52
LDAPLookup command
described, I-17
LDAPNotesPort setting
described, C-53
LDAPPre55Outlook setting
described, C-54
ldapsearch utility
described, 22-1
examples, 22-6
operational attributes and, 22-5
parameters, 22-2
planning, 18-6
search filter operators, 22-5
search filters, 22-4
ldapsearch.exe
retrieving schema with, 21-20
Leased-line connections
connecting to the Internet by, 4-21
Librarians
assigning, 51-3
database libraries, 51-2
Libraries. See Database libraries
License tracking
described, 5-85
License tracking information
updating in Domino
Directory, F-65
Linux
configuring partitioned
servers, 2-50
configuring SNMP Agent
for, 53-13
Listener task
Server document, 27-41
SMTP, 27-41
Live console
Web Administrator and, 16-26
LNSNMP service
removing, 53-11
LNSNMP.INI file
configuring, 53-9
Load command
described, A-15
Load server command
running server tasks, B-1
troubleshooting, 63-91
LocalDomainAdmins group
described, 6-2
LocalDomainServers group
access level, 7-6, 40-3
described, 6-1
directory catalogs and, 24-20
Location documents
Internet addresses in, 27-53
Location setting
described, C-54
Log file
accessing, 56-5
activity logging
information, 57-1, 57-13
Agent Manager and agents, 63-12
analyzing, 56-5
compacting, 56-1
Domino server, 56-1
Domino Web server, 56-12
extended ACL, 25-31
logging modem I/O in, 63-48
NOTES.INI settings, 56-2
NSD, 63-96, 63-101
passthru connections and, 63-79
replication events, 58-8
replication views, 63-80
Results database, 56-5
Schedule Manager errors in, 63-47
searching, 56-5
selecting level of
logging, 28-7, 56-3
troubleshooting with, 63-2
using commands to record
information, 56-3
viewing the Domino server, 56-3
Log filters
for events, 52-15
Log setting
described, C-55
for log file size, 56-1
LOG.NSF, 28-7
introduced, 56-1
monitoring servers and, 52-3
Log_AgentManager setting
described, C-55
Log_Authentication setting
described, C-56
Log_Connections setting
described, C-57
Log_Console setting
described, C-57
Log_DirCat setting
described, C-58
Log_Replication setting
described, C-59
troubleshooting and, 63-80
Index-19
Log_Sessions setting
described, C-59
Log_Tasks setting
described, C-60
Log_Update setting
described, C-60
Log_View_Events setting
described, C-61
LogFile_Dir setting
described, C-58
Logging
configuring for Domino Web
server, 56-12
to the console, 52-21
informational, 28-7
internal server errors, 56-10
phone calls, C-76
replication, 63-80
Web server requests, 56-8
Logging level
selecting, 28-7
Login names
authentication for Internet
clients, 31-24
Login scripts
editing, 4-51
making a call with, 4-50
Lookup command
described, I-17
Loopback addresses
creating, 13-17
Lotus NDS Manager
administering Windows clients
with, G-3
for IPX/SPX setup, G-1
Lotus Organizer
scheduling and, 8-6
Lotus Support Services
contacting, 63-4
Web site, 63-4
LotusScript agents
restricting, 40-18
Low-priority mail
generating delay notifications
for, 28-30
LSCHEMA.LDIF
described, 21-2, 21-5
M
Mail
blocking, 28-20
encrypting, 28-9, 43-4, 43-7, 47-13,
47-15, C-90
error messages, 28-46
Index-20
held, 28-16
limiting the size of
messages, 28-28
pending, 28-16
polling, I-19
restricting, 28-70, 28-90
routing from Web page, 36-9
security, 29-4
shortcut keys, H-7 to H-8
signing, 43-9, 43-11, C-90
tracing connections, 63-37
virus protection, C-71
Mail activity logging
information logged, 57-6
Mail addresses
formats for Internet, 28-134
Mail addressing
directory assistance and, 23-8
directory catalogs and, 24-4, 24-29
domain names and, 63-40
format for sending to another
Domino domain, 26-21
and groups, 28-32
for hosted environments, 14-16
Mobile Directory Catalogs
and, 24-3
type-ahead, 28-6
Mail agents
controlling, 28-9
Mail clients
POP3, 30-11
supported, 26-15
Mail connections
routing and, 27-2
Mail conversion utility
enabling mail files for IMAP, 31-2
Mail databases
archive criteria, 9-28
archive log, 9-24
archiving, 9-22, 9-25
IMAP service and, 31-2
moving, 54-53
overview, 26-12
sharing IMAP, 31-13
Mail delivery
configuring, 28-8
shared mail and, 29-8
Mail encryption administration
request, F-31
Mail file quotas
enforcing, 28-14, 28-28
shared mail and, 29-4
soft deletions and, 28-14
MAIL6EX.NTF
using, 32-11
Mailboxes
setting number of, 60-12
setting up multiple, 28-3 to 28-4
MailCharSet setting
described, C-61
MailCompactDisabled setting
described, C-63
MailCompactHour setting
described, C-63
MailConvertMIMEonTransfer setting
described, C-63
Mail-in Database document
creating, 48-5
statistics, 52-35
Mail-in statistics
using, 52-35
MailServer setting
described, C-64
MailSystem setting
described, C-65
MailTimeout setting, 28-37
described, C-66
MailTimeoutMinutes setting
described, C-66
Mailto
setting up, 36-9
Maintain Trends database record
request, F-30
Manage Groups tool
using, 6-16
Manager access
actions, 40-14
privileges, 40-16
Map_Retry_Delay setting
described, C-66
Maps
replication topology, 7-34
Master Address Book. See Directory
assistance
Maximum concurrent transfer
threads
setting, 28-33
Maximum delivery threads, 28-9
Maximum hops
setting, 28-33
Maximum message size
setting, 28-28
Maximum transfer threads
setting, 28-33, 60-11
Maximum Transmission Unit.
See MTU setting
Index-21
Meetings
troubleshooting, 63-45
Memory
displaying, A-32
Memory requirements
for servers, 60-3
Memory_Quota setting
described, C-67
Message caching
disabling, C-73
Message conversion
mail routing and, 27-1
Message delivery
configuring, 28-8, 60-11
Message filtering
using mail rules for, 28-20
Message headers
MIME, 28-131, 28-134
Message journaling. See Mail
journaling
Message priority level, 28-27
disregarding during
routing, 28-39
Message size
restricting, 28-28
Message tracking
configuring servers for, 33-8
controlling, 33-5
from the Domino
Administrator, 33-10
overview, 33-1
in Web Administrator, 16-27
Message transfer
controlling, 28-26, 28-33
Message validation
SSL, 46-1
Messages
disabling, A-22, A-44
encrypting for delivery, 28-9
MIB
overview, 53-7
using with SNMP, 53-21
Microsoft Active Directory
deleting users and groups, 17-42
directory assistance search
filters, 23-46
mapping containers to Notes
certifiers and policies, 17-32
mapping fields with Domino
Directory, 17-31
registering existing users, 17-35
registering new groups, 17-39
registering new users, 17-33
renaming users and groups, 17-41
Index-22
N
NABRetrievalPOP3Mail command
described, I-18
NABUpdate command
described, I-18
NAMAGENT.NSF
Server.Load agents, 62-4
Name and Address Book. See
Domino Directory
Name change
refusing, F-56
Name lookups
restricting, 27-47
restricting to primary
directory, 28-40
Name resolution in IPX
troubleshooting, 63-72
Name resolution in NRPC
described, 2-4
ensuring DNS resolves, 2-16 to
2-17, 2-19, 2-22
over IPX/SPX, 2-30
over NetBIOS, 2-28
over TCP/IP, 2-11, 2-15, 2-44
troubleshooting, 63-66
Name services
Microsoft, 2-13
NetWare, 2-30 to 2-32,
2-61 to 2-62
Notes, 2-4
Name-and-password
authentication, 42-8, 46-15
customizing, 42-3
directory assistance and, 23-3
Internet/intranet clients
and, 28-60, 31-2, 42-1
LDAP service and, 20-12, 20-31
level, 42-19
session-based, 42-6, 42-8, 42-10
setting up users, 42-3
virtual servers, 3-42
Names
changing, 5-56 to 5-57
for Policy documents, 9-32
for servers, 2-15, 2-17, 2-19,
2-22, 59-10,
Internet authentication and, 31-24
NDS, 2-62
NetWareSocket setting
described, C-70
NetWareSpxSettings setting
described, C-70
Network Address Translation.
See NAT
Network connections
dropping, I-9
testing, 63-77
tracing, 63-77, A-59, C-76
Network Dialup
encrypting Connection
documents, 4-46
setting up servers to use, 4-36
troubleshooting, 63-74
Network ports
adding, 2-36, 2-60
binding to IP
addresses, 2-46 to 2-47
compressing data on, 2-42
configuring, 2-35, 2-58
deleting, 2-40
disabling, 2-34
encrypting, 2-41
fine-tuning, 2-34
renaming, 2-38
reordering, 2-39, 2-45
Server Setup program and, 2-2
TCP/IP, 2-12, 2-22
Network protocols
compatible with Domino, 2-2
defined, 2-1
specifying, 4-16
Networks
integrating Domino
with, 2-1, 2-10, 2-26, 2-29
name resolution, 2-4, 2-11
NOTES.INI settings, 2-64
security, 2-6 to 2-7
NewMail command
described, I-19
NewMailInterval setting
described, C-70
NewMailTune setting
Incoming Mail Sound
setting, C-44
NewReplicateDB command
described, I-19
NewUserServer setting
described, C-71
NIS
preventing problems with, 2-56
NNN. See Notes named networks
Index-23
No access
assigning, 40-14
privileges, 40-16
No_Force_Activity_Logging setting
described, C-72
NoDesignMenu setting
described, C-71
NoExternalApps setting
described, C-71
NoMailMenu setting
described, C-72
NoMsgCache setting
described, C-73
Nonroaming users
change to roaming, 5-70
Normal logging, 28-7
Note ID
finding documents by, 63-20
table of, I-12
NoteAdd command
described, I-20
Notes
registering Windows NT users,
17-1, 17-8, 17-12, 17-14
synchronizing with
Windows NT, 17-2 to 17-3
Notes client
authentication with directory
assistance, 23-6
authentication with directory
catalogs, 24-11
connecting to servers, 4-55
directory servers, 19-15
directory services, 18-10
installation in a shared
directory, 5-43
LDAP service and, 20-34
Notes Direct Dialup
Connection documents, 4-35
described, 4-34
setting up, 4-44
Notes domains. See Domino domains
Notes IDs
about, 39-1 to 39-2
Notes items
sending in Internet message
headers, 28-134
Notes mail
condensed Directory Catalogs
and, 24-29
directory assistance and, 23-8
directory catalogs and, 24-1,
24-3 to 24-4, 24-14
Index-24
NRPC service
binding to an IP address, 2-46
default TCP port, 2-55
described, 2-2
encrypting, 2-41
name resolution in, 2-4, 2-11, 2-15
to 2-17, 2-19, 2-22, 2-28, 2-30
NSD log file
troubleshooting
and, 63-96, 63-101
NSF_Buffer_Pool_Size setting
described, C-73
NSF_DbCache_Disable setting
described, C-74
NSF_DbCache_Maxentries setting
described, C-74
Null modems
troubleshooting, 63-51
Num_Compact_Rename_Retries
setting
described, C-74
NWNDSPassword setting
described, C-75
NWNDSUserID setting
described, C-75
O
Object class hierarchy
described, 21-1
Object classes
adding to schema, 21-14
described, 21-1, 21-3
extending, 21-11
for Group documents, 21-5
for Person documents, 21-4
Object collect task
use in generating shared mail
statistics, 29-13
use in resynchronizing mail
files, 29-22
Object Link command
use in managing shared mail, 29-15
Object Request Broker. See Domino
ORB
Object store
defined, 29-1
managing growth
of, 29-10 to 29-11
Offline Security Policy document
creating, 11-7
Offline Subscription Configuration
profile document
creating, 11-11
editing, 11-11
Offline subscriptions
overview, 11-1
Offline users
security, 11-7
tracking, 11-22
OID for LDAP
described, 21-12
On-demand cross-certificates, 39-32
Online Meeting Place
in the Resource Reservations
database, 8-9
Open command
described, I-20
Open relays
defined, 28-76
preventing, 28-76
OpenView for Windows
and SNMP traps, 53-21
ORB. See Domino ORB
Organization certifier IDs, 1-8
creating, 3-34
Organization hierarchy
moving user names in, 5-61
Organizational policies
described, 9-2
Organizational unit
certifier IDs, 1-8
creating, 3-35
Organizational units
Internet, 45-2
restricting mail based
on, 28-55
Organizations
restricting mail based
on, 28-55
OS/2
error codes, 63-100
troubleshooting, 63-100
OS/390. See zOS
OtherDomainServers group
access level, 7-6, 40-3
described, 6-1
directory catalogs and, 24-20
Over quota enforcement
configuring, 28-17
P
Packing density
condensed Directory
Catalogs, 24-31
Partitioned servers
described, 1-6
in a hosted environment, 12-2
PC-Pine client
configuring, 31-39
PEER Agent
and SNMP Agent, 53-14
Peer-to-peer topology
example of, 4-11
replication and, 4-8
People
registering Internet/intranet, 42-3
Performance
database cache and, 61-9
directory catalogs, 24-18, 24-20,
24-27, 24-30
Domino Directory, 19-1
Domino Performance Zone Web
site, 60-1
encryption and, 43-4
improving, 60-1, 60-3, 61-12
LDAP service, 20-28
mail, 26-17 28-3, 28-6
mail routing, 28-2
monitoring, 52-36
networks, 2-42
optimizing, 61-1, 61-3
Server Health Monitor, 54-12
sources for improving, 60-15
tools, 60-2
troubleshooting, 63-16
tuning disk I/O, 60-15
UNIX server, 60-14
view indexes and, 58-23
Web server, 34-52
Windows server, 60-13
Person documents
changing during
synchronization, 17-5
IMAP users and, 31-23
Internet Address
field, 27-50, 27-53
mail routing and, 26-10
object classes for, 21-4
password checking, F-60
POP3 users and, 30-7
SSL clients, 47-20
Personal Address Book
missing views and, 63-42
PhoneLog setting
described, C-76
PHP
configuring a Web site for, 34-40
Pin lists
creating, 54-32
Ping, 27-38
troubleshooting and, 63-77
Index-25
Pipelining commands
supporting via ESMTP, 28-96,
28-103 to 28-104
PKCS11_Library setting
described, C-77
Platform command
described, A-16
using, 52-28
Platform statistics
disabling, 52-30, C-77
displaying, 52-27
evaluating, 52-28
overview, 52-26
troubleshooting, 63-52
viewing, 52-30
Platform_Statistics_Disabled setting
described, C-77
Policies
assigning, 9-6, 9-40
child policy, 9-4, 9-34
creating, 9-7
examples, 9-4
exceptions, 9-3
for hosted organizations, 9-7, 12-4
with Notes synchronization, 17-6
overview, 9-1
planning, 9-6
troubleshooting, 63-109
types of, 9-2
viewing, 9-37 to 9-38
Policy documents
child policy, 9-34
creating, 9-32
deleting, 9-35
in a hosted environment, 13-4
names in, 9-32
Policy hierarchy
effective policy, 9-36
examples, 9-4
Policy settings
deleting, 9-35
described, 9-1
desktop, 9-14
editing, 9-35
groups, 6-9
inheritance, 9-4
registration, 9-7
security, 9-19
setup, 9-12
viewing, 9-38
in Web Administrator, 16-25
Policy Synopsis tool
using, 9-36
Index-26
Policy viewer
described, 9-37
using, 9-38
Policy-based registration
with Notes synchronization, 17-6
POP3 Initialization Workload script
running, 62-27
sample, J-14
POP3 protocol
Domino mail server and, 26-5
in a hosted environment, 12-13
POP3 service
authentication and, 30-2
binding to an IP address, 2-47
changing default port
information for, 30-3
clients, 30-11
described, 30-1
DNS lookups, C-78
Internet domain names, C-79
mail commands, I-18, I-23
marking messages as read, C-79
message caching, C-78 to C-80
Notes port for TCP/IP, C-80
setting up, 30-2
starting, 30-3
updating configuration, C-78
POP3 users
activity logging, 57-10
allowing SMTP relays from, 28-82
creating mail files for, 30-10
enabling to send mail, 30-1
setting up, 30-7
POP3 Workload script
described, 62-26
running, 62-28
sample, J-14
POP3_Disable_Cache setting
described, C-78
POP3_Enable_Cache_Stats setting
described, C-79
POP3_Message_Stat_Cache_NumPer
User setting
described, C-80
POP3ConfigUpdateInterval setting
described, C-78
POP3DNSLookup setting
described, C-78
POP3Domain setting
described, C-79
POP3MarkRead setting
described, C-79
POP3NotesPort setting
described, C-80
Populate command
described, I-21
Port mapping
on partitioned servers, 2-53
Portals
creating for iNotes Web
Access, 32-3
portname_MaxSessions setting
described, C-80
troubleshooting
and, 63-59 to 63-60
Ports
adding, 2-36, 2-60
binding to IP
addresses, 2-46 to 2-47
cluster servers and, C-91
compressing data on, 2-42
configuring, 2-35, 28-66, 30-3, 31-5
controlling access to, 38-14
deleting, 2-40
disabling, 2-34
dropping connections, I-9
enabling, C-81
encrypting, 2-41
for LDAP service, 20-12
maximum sessions, C-80
names, 2-38
renaming, 2-38
reordering, 2-39, 2-45
Server Setup program
and, 2-2
SMTP, C-104
specifying, 4-16
SSL, 46-15, 2-55
starting and stopping, A-22
TCP, 2-55, C-110 to C-111
Ports setting
described, C-81
Ports, communication
options, 4-47
setting up, 4-34
POST command
restricting, 34-29
Pre-delivery agents
controlling, 28-9
Preferences
Domino Administrator, 16-5, 16-7
to 16-9, 16-11
Web Administrator, 16-24
Primary Domino Directory
changing to Configuration
Directory, 19-5
directory assistance
for, 23-26, 23-33
Q
Quick console
Web Administrator and, 16-26
Quit command
described, A-20, I-22
Quotas
database, 61-23 to 61-24
enforcing, 28-16
mail, 28-10 to 28-11, 28-15
memory, C-67
replication and, C-13, C-83
setting Router controls for, 28-17
soft deletions and, 28-14
Quotas, mail
shared mail and, 29-4
R
R5 IMAP Initialization Workload
running, 62-17
R5 IMAP Workload script
described, 62-15
running, 62-18
sample, J-6
R5 NRPC Mail Initialization script
running, 62-21
R5 Shared Database script
described, 62-24
running, 62-25
sample, J-12
R5 Simple Mail Routing script
described, 62-20
running, 62-23
sample, J-9
RA. See Registration Authority
Ratings
Server Health Monitor, 54-5
Read command
described, I-22
Reader access
actions, 40-14
privileges, 40-16
Readers field
updating, 40-29
Realms
authentication and, 63-104
Receipts
configuring Internet, 28-116
Recertify Certificate Authority in
Domino Directory
administration request, F-47
Recommendation documents
Web Navigator
database, 36-11
Recovery. See IDs, recovering
Redirect URL command
finding links with, 34-27
Referrals
LDAP service and, 20-33, 23-11
Refresh agent
enabling, 36-18
using, 36-18
Register hosted organization
administration requests, F-48
Registration
customizing options, 17-8
existing Active Directory
users, 17-35
group member in Notes, 17-18
Index-27
Index-28
Replica stubs
described, 63-88
troubleshooting, 63-89
Replicas
access levels, 7-6
concurrent changes to, 58-8
controlling changes, 40-5
controlling creation of, 38-14
copying to servers, 48-2
creating, 7-9, F-8, I-19
creating for multiple
domains, F-77
deleting, 58-36
deleting documents from, 7-12
deletions, 63-89, 63-90
described, 7-1
limiting content, 7-12, 7-16
size of, 63-87
Replicas, directory
directory assistance
and, 23-20, 23-36
Replicate command
described, A-20, I-22
Replicate server command, 7-31
Replication
access levels, 7-6
activity logging, 57-10
CD-ROM updates, 7-17
customizing, 7-11, 7-22
database design and, 63-86
deleted documents, 7-7
described, 7-1, 7-3
direction, 7-23
directory catalogs, 24-32
disabling, 7-16, 7-32, 63-89
document size and, 7-14
from Domino
Administrator, A-19
Domino Directory, 19-17
editing conflicts, 63-91
enabling, 7-32
end-to-end topology, 4-8
enforcing consistent ACL, 40-28
error tolerance setting, C-82
examples, 7-19
forcing, 7-33
full-text indexes, 50-1
graphical display of
topology, 7-34
history, 58-6, 58-7
limiting time for, 7-29
log file, 58-8
manual, 7-31
monitoring, 58-6
Report_DB setting
described, C-83
Reporter task
sending statistics, C-83
Reports
directory catalog, 24-49
mail usage, 33-2
REPORTS.NSF (Reports database)
creating, 33-4
ReportUseMail setting
described, C-83
Requests
managing certificate, 46-20
Web server, 34-55
Resent headers
using, 28-131
Reservations
deleting, 8-17
editing, 8-17
Resource balancing
in Activity Trends, 54-26
in Activity Trends,
setting up, 54-27
additional statistics, 54-46
analyzing distributions, 54-37
approval profile for, 54-59
charting options, 54-28
comparing, 54-39
creating plan constraints, 54-62
customizing, 54-36
database and server
locations, 54-27
database
moves, 54-32, 54-53, 54-55
and decommissioning a
server, 54-43
and Domino Change
Manager, 54-48 to 54-49
editing server properties, 54-43
evaluating server activity, 54-39
filtering servers, 54-45
goals, 54-30, 54-31
interpreting profile charts, 54-41
overview, 54-34
plan constraints explained, 54-61
plan documents for, 54-53, 54-57,
54-60 to 54-64
plan variables, 54-63
proposals for, 54-38, 54-47
viewing, 54-47
Resource document
creating, 8-9
editing and deleting, 8-13
plan notification messages, 54-64
Index-29
recalculating, 27-22
Routing task
described, 27-1
Routing. See Mail routing
RSA
trusted root, 46-11
RSVP
command for, I-24
RSVPInvitation command
described, I-24
RTR_Logging setting
described, C-86
Rules
mail, 28-113
S
S/MIME
encrypted, 47-13 to 47-15
setting up clients for, 47-1, 47-13
Sametime
setting up for iNotes Web
Access, 3-14
Save conflicts
consolidating, 58-10
described, 58-8
Sched_Dialing_Enabled setting
described, C-86
Sched_Purge_Interval setting
described, C-86
Schedule Manager
statistics, C-87
Tell commands, A-55
troubleshooting, 63-47
validation settings, C-87
Schedule_Check_Entries_When_
Validating setting
described, C-87
Schedule_No_CalcStats setting
described, C-87
Schedule_No_Validate setting
described, C-87
Scheduled replication
troubleshooting, 63-80, 63-84
Scheduled reports
mail, 33-15
Schedules
replication, 7-24
viewing for replication, 7-34
Scheduling
example, 8-2
server programs, B-2
setting up, 8-5
troubleshooting, 63-45
Index-30
Search results
access to, 10-12
filtering, 10-13
titles in, 10-19
Web server, 34-26
Searching
domains, 10-1
encrypted fields, 50-2
file systems, 10-9
SearchMax
number of documents to
display, 34-26
Secondary directories
directory services for, 18-12
LDAP service, 18-4
Secondary Domino Directory
Administration Process
support, 15-7
described, 23-1
directory assistance
and, 23-3, 23-8, 23-33
LDAP service, 23-10
name lookups, C-68
Secondary name servers
adding in Notes, 2-44
Secure_Disable_FullAdmin setting
described, C-90
SecureMail setting
described, C-90
Security
adding cross-certificates on
demand, 39-32
anonymous access, 42-25
application, 37-14
application design element, 37-15
authenticating
clients, 31-24, 46-25
certificates, 39-2
certifier IDs and, 1-9
database, 10-12, 40-19
database access for SSL
clients, 46-19
databases, 38-14
directory links, 49-1
Domino Directory and, 18-7, 19-9,
20-16, 20-22 to 20-23
Domino Off-Line Services, 11-7
encryption, 2-6, 43-1
encryption defined, 43-4
full-text indexes and, 50-2
ID recovery, 39-14, 39-17
IDs and, 37-16, 39-1
for Internet/intranet clients, 31-24
in a hosted environment, 12-3
workstation, 41-1
Security policy settings
creating, 9-19
Selection formulas
directory catalogs and, 24-20
Selective replication
setting up, 11-22
Selective replication formulas
preventing replication of
ADMIN4.NSF, 15-27
Self subject
extended ACL, 25-11
Self-certified certificate, 46-22
Send copy to mail rule
disabling, 28-9
SendMessage command
described, I-24
SendSMTPMessage command
described, I-25
Server access
anonymous, 38-13
customizing, 38-7
data directory, 49-4
denying, 38-4, 38-7
passthru, 38-17
troubleshooting, 63-91
Server administrators
changing name of, 59-1
Server certificates
changing expiration date, 3-32
merging into key ring file, 46-12
Server Certificate Administration
requesting certificate, 46-5
setting up, 46-3
Server commands
Agent Manager and agents, 63-12
entering from the UNIX
command line, A-8
redirecting command
output to, A-2
table of, A-10
troubleshooting with, 63-2
Server comparisons
when decommissioning a
server, 59-5
Server console
commands, I-8
described, A-1
using at server, A-2
Server Console Configuration
document
settings in, 52-21
Server crashes
database indexes and, 63-99
Index-31
Index-32
Index-33
Index-34
Extended Directory
Catalog, 24-26
increasing database, 61-23
index, 50-3
Java heap, C-46 to C-47
Java stack, C-48
mail file, 28-11
MIME message, C-40
NSF buffer pool, C-73
replica, 7-12, 63-87
Server Web Navigator
database, 36-16
transaction log, C-113
SIZE extension
enabling, 28-96, 28-103 to 28-104
Size quotas
database, 61-23 to 61-24
mail, 29-4, 28-10, 28-15 to 28-16,
28-28, 28-55
Smart hosts
for mail routing, 27-5, 27-43
SMIME_Strong_Algorithm setting
described, C-100
SMIME_Weak_Algorithm setting
described, C-101
SMTP
activity logging, 57-10
binding to an IP address, 2-47
changing default port
information
for, 28-58, 28-60, 28-66
IMAP clients and, 31-1
in local Internet domain, 27-39
mail commands, I-25
requirements for routing, 28-2
restricting inbound connections,
28-71, 28-75
setting up SSL server
authentication, 47-22
setting up SSL server
authentication for Notes and
Domino using, 28-68
using inside the local Internet
domain, 26-23
using outside the local Internet
domain, 26-24, 27-38
SMTP addresses
inbound lookup, 27-47
SMTP configuration
updating, 27-65
SMTP connection documents
creating, 27-34
SMTP Initialization Workload script
running, 62-27
sample, J-14
SMTP Listener task
enabling or disabling, 27-41
starting and stopping, 28-57
SMTP protocol
DNS and, 26-25
Domino mail server and, 26-3
mail routing and, 26-21, 27-37
SMTP routing
configuring multiple relay
hosts, 27-58
customizing, 28-57
relay hosts and, 27-33
SMTP Workload script
described, 62-26
running, 62-28
sample, J-14
SMTP_Config_Update_Interval
setting
described, C-102
SMTPAllHostsExternal setting
described, C-101
SMTPDebug setting
described, C-102
SMTPDebugIO setting
described, C-103
SMTPExpandDNSBLStats setting
described, C-103
SMTPGreeting setting
described, C-104
SMTPMaxForRecipients setting
described, C-105
SMTPMTA_Space_Repl_Char setting
described, C-105
SMTPNotesPort setting
described, C-104
SMTPNoVersionInRcvdHdr setting
described, C-104
SMTPRelayAllowHostsandDomains
setting
described, C-106
SMTPSaveImportErrors setting
described, C-106
SMTPStrict821AddressSyntax setting
described, C-107
SMTPStrict821LineSyntax setting
described, C-107
SMTPTimeoutMultiplier setting
described, C-108
SMUX protocol
and SNMP Agent, 53-14
Snap-in registry values
configuring, G-3
SNMP
Domino events, 53-4
floating-point support, 53-7
INI file configuratrion, 53-9
MIB, 53-5
on partitioned servers, 53-9
overview, 53-1
security, 53-5
traps, 53-21 to 53-23
troubleshooting, 53-10
using Domino MIB with, 53-21
SNMP Agent
alerts, 53-2
Sockets
IPX/SPX addresses and, 2-62
SOCKS proxy
connecting Server Web Navigator
through, 36-3
Soft deletions
defined, 61-8
effect on quotas, 28-14
expiration time, 61-8, F-70
Solaris
configuring partitioned
servers, 2-51
configuring SNMP Agent
for, 53-14
Soundex
directory catalogs and, 24-30
Space Saver settings
in Administration Requests
database, 15-27
Spamming
preventing, 28-20, 28-70, 28-75,
28-90, C-101
Spoofing
preventing, 28-71
SPX. See IPX/SPX
SSL
authenticating clients, 9-37, 28-60,
31-2, 31-6, 46-25,
Certificate Authority server
and, 45-5
client authentication, 47-18
creating a self-certified key
ring, 46-22
database access for clients, 46-19
default Domino trusted
roots, 46-11
features, 46-1
forcing connections, 46-18
in a hosted
environment, 12-4 to 12-13
Internet security and, 40-31
Stamp command
described, I-26
Start Consolelog command
described, A-43
Start Port command
described, A-44
STARTTLS extension
enabling for SMTP, 28-68
enabling for SMTP
inbound, 28-96
Stash files
setting up for SSL, 46-5
Statistic alarms
reporting, 52-9
for Server Health Monitor, 54-10
Statistic Collector
Tell commands, A-57
Statistic Collector task
described, 52-24
Statistic documents
creating, 52-32
Statistic event generator
creating, 52-9
Statistic profiles
charting, 52-37
creating, 52-31, 52-36
modifying, 52-39
Statistic thresholds
viewing, 52-32
Statistics
Activity Trends, 54-22
Administration Process, 15-35
charting, 54-16, 54-25, 52-36
creating documents for, 52-32
database activity, 58-12
database archives and, 61-26
database cache, 61-10
default thresholds, 52-32
directory assistance, 23-60
exporting to spreadsheet, 52-34
LDAP service ports, 20-38
mail-in, 52-35
modifying, 52-32
monitoring, 52-24, 52-31
platform, 52-26, 52-28, 52-30
for resource balancing, 54-46
Server Health
Monitor, 54-3, 54-13
Server.Load, 62-7
Set Statistics command, A-27
setting preferences
for, 16-11, 52-25
shared mail, 29-13
viewing, 52-28, 52-30, 52-32
Index-35
Windows NT Performance
Monitor, 17-23
Statistics Collector
overview, 52-1
Statistics reports
viewing, 52-31
Statlog task
database activity
reporting, 58-11, C-72
statistics, 58-12
user activity reporting, 58-13
STH files
setting up for SSL, 46-5
Stop Consolelog command
described, A-44
Stop Port command
described, A-44
Stop triggers
setting, 52-22
Storage format, mail file
setting for IMAP
users, 31-3, 31-23, 31-35
setting for POP3 users, 30-7
Store CA policy information in
Domino Directory
request, F-62
Store certificate in Domino or LDAP
directory request, F-62
Store Certificate Revocation List in
Domino or LDAP directory
request, F-63
Store directory type in server record
request, F-63
Store servers DNS host name in
Server record request, F-64
Structural object classes
described, 21-2
Subjects
extended ACL, 25-9, 25-17
Subscriptions, offline
overview, 11-1
SwapPath setting
described, C-109
Synchronization
enabling, 17-27
Notes and Windows 2000
users, 17-25, 17-38
Notes and Windows NT
users, 17-1 to 17-3, 17-5
Syntaxes
adding to schema, 21-15
LDAP, 21-2, 21-4
System administrators, 38-8
Index-36
T
Tables
forms and, 61-4
Targets
extended ACL, 25-12 to 25-14,
25-17, 25-30
Task status event generator
creating, 52-10
TCP server event generator
creating, 52-11
TCP/IP
Domino Internet services
and, 2-47
frame types, 63-68
importance of Notes port
order, 2-45
IPv6 standard, 2-25, 2-45
multiple IP addresses for
servers, 2-12, 2-19, 2-22
name resolution in, 2-15
name resolution in NRPC, 2-11,
2-16 to 2-17, 2-19, 2-22
Notes port for, 2-34 to 2-36, 2-38,
2-39 to 2-42, 2-46
NOTES.INI settings, 2-64
partitioned servers and, 2-21
passwords, 42-3, 42-24
planning server
configurations, 2-10
port mapping, 2-53, 63-78
port numbers, 2-55
redirect to SSL, 31-7, 46-18
Secondary name servers, 2-44
security, 2-9
setting up servers
on, 2-19, 2-32, 2-43
testing, 2-56
time-out setting, 2-45
troubleshooting, 63-56, 63-107
TCP/IPportname_PortMappingNN
setting
described, C-110
TCP/IPportname_TCPIPAddress
setting
described, C-111
TCP_EnableIPV6 setting
described, C-110
Tell commands
Administrator Process, A-46
Agent Manager, 63-12, A-47
CA process, A-48
Change Manager, A-50
Cluster Replicator, A-51
described, A-45
Directory Cataloger, A-53
LDAP service, A-53
Router, 27-5, 27-22, A-54
Schedule Manager, A-55
SMTP, 27-65, A-56
Statistic Collector, A-57
troubleshooting, 63-91
Web Navigator, A-57
Web Server, A-57
Telnet
and UNIX installation, 3-5
Temp_Index_Max_Doc setting
described, C-111
Templates
Domino Off-Line Services, 3-11
signing, 48-7
system and application, D-1
updating databases with, 58-24
Temporary directory
changing for view
rebuilding, 58-22
Terminated users
deleting from system, 40-23
Terminations group
adding names to, 40-6
creating, 6-8
Text
in Server Web Navigator, 36-12
Text files
for Domino Web server log, 56-10
redirecting command output
to, A-2
setting up for registration, 5-23
Third-party relays
defined, 28-76
Threads
DIIOP and, 34-11
IMAP service, 31-19
transfer, 28-33, 28-36
Web server, 34-55
Threads, Administration Process
changing number of, 15-29
Time zones
and replication, 7-24
Time-out settings
IMAP service, 31-9
LDAP service, 20-28
message, 28-37
server, C-96
SMTP, C-108
specifying for Web, 34-53
TCP/IP, 2-45
TimeZone setting
described, C-112
Titles
replication and, 63-87
window, C-120
TLS (Transport Layer Security)
for SSL, 28-68
Tools
Active Directory Domino
Upgrade Service, 17-25
administration, 16-16 to 16-17
Agent log, 63-13
for troubleshooting, 63-2
monitoring servers and, 52-1
server performance, 60-2
Topology
creating a passthru, 4-25
replication and, 4-8
Topology maps task
starting, 7-34
update frequency, C-112
Topology_WorkInterval setting
described, C-112
Trace command
described, A-59
TRACERT command
using for TCP/IP, 63-67
Tracing
mail, 63-2
network connections, 63-77
passthru connections, 63-79
Tracking messages
configuring the server for, 33-8
from the Domino
Administrator, 33-10
Mail Tracking Collector task, 33-5
overview, 33-1
Transaction logging
database changes, 58-25
disabling, 55-8
disk space and, C-115, 55-8
enabling, C-114
log location, C-113
log size, C-113
logging style, C-114
overview, 55-1
performance, C-113
planning for, 55-4
recovery, 14-11, 55-9
U
Undeliverable mail
generating non-delivery reports
for, 28-37
holding in
MAIL.BOX, 28-40 to 28-41
Unicode
LDAP service and, 20-3
Unit numbers
NetBIOS ports and, 2-58
Index-37
UNIX
accessing the server console, A-8
directory for entering
commands, 3-2
installation on, 3-4
server performance, 60-14
Unread command
described, I-27
Unread marks
allowing IMAP users to change
other users, 31-17
performance and, 61-3, 63-18
setting, I-27
Unwanted commercial e-mail
preventing, 28-20, 28-70,
28-75, 28-90
Updall task
commands, 58-16
indexes, 58-15
options, 58-16
running, 58-19
scheduling, 50-4 to 50-5
Update client information in Person
record, F-64
Update command
described, I-27
Update Config command, 27-65
described, 27-22
Update task
directory indexer, 58-15
indexes, 58-14
running, 58-21
Update user from non-roaming to
roaming user
administration requests, F-66
Update_No_BRP_Files setting
described, C-115
Update_No_Fulltext setting
described, C-115
Update_Suppression_Limit setting
described, C-116
Update_Suppression_Time setting
described, C-116
Updaters setting
described, C-116
UpgradeApps setting
described, C-117
URLs, 34-3
categorizing for Domain
Search, 10-21
in Server Web Navigator, 36-12
mailed to SSL server
administrators, 45-4
redirecting, 34-27
Index-38
explained, 5-2
from a text file, 5-22
Internet-only users, 5-37
non-Notes users, 5-37
roaming, 5-13
types of, 5-7
Web, 5-8, 5-27, 5-31
User rules mail forwarding
disabling, 28-9
User types
assigning to ACL, 40-19
Users
access levels, 40-1, 40-11
anonymous, 40-8
configuring for TCP/IP, 2-44
managing, 5-54
migrating from external mail
system or directory, 5-8
recertifying, F-48
registering, 5-2, 16-25,
17-33, 17-35
renaming, 17-41, F-51, F-84
restricting in clusters, 60-6
terminated, 40-6
UTF-8
LDAP service and, 20-32
UTF-8 locale
in a hosted environment, 13-8
V
Validation, 38-1
Internet/intranet
clients, 42-27
Verbose logging
mail, 28-7
Web servers, C-119 to C-120
VeriSign
trusted root, 46-11
Version numbers
identifying, C-98
View indexes
updating, 58-14
View_Rebuild_Dir setting
described, C-119
ViewExpnumber setting
described, C-118
ViewImpnumber setting
described, C-118
Views
adding documents, J-1
Administration Requests
database, 15-19
Close command, I-8
creating, 40-17
customizing in Domino
Directory, E-2, E-5
in Server Web Navigator
database, 36-12
keyboard shortcuts for, 58-21
logging, 55-9
navigating, I-10
opening, I-20
performance and, 63-18
purging database, 58-23
rebuilding, 58-22, C-119
searching in, I-11
shortcut keys, H-10
troubleshooting, 63-42, 63-99
updating, J-3, I-16
Virtual servers
Web site hosting, 34-17
Virtual Web servers
partitioned servers and, 2-49
security, 3-42
Viruses
protection against, C-71
W
WANs
integrating Domino with, 2-2
network compression
and, 2-42
Web
access levels, 40-13
anonymous users, 40-8
restricting amount of data
sent, 34-29
Web access
improving, 60-10
Web Administrator
access, 16-18, 16-20
configuring, 16-17
creating groups with, 6-4
Domino Console, Domino
Controller and, 16-28
entering server commands, A-1
in a hosted
environment, 14-15 to 14-16
managing policies, 16-25
managing the ACL with, 40-24
message tracking, 16-27
re-creating database, 63-109
registering users, 16-25, 5-27, 5-31
remote console, 16-26, A-7
resizing and, 63-109
roles, 16-20 to 16-21
Index-39
Web tours
Web Navigator
database, 36-11
Web user
registering, 5-8
Web user preferences, 34-30
cookies, 34-30
regional settings, 34-30
Web users
authenticating, 40-7
controlling access, 40-30
renaming, 5-66
WEB.NSF
renaming, 36-14
WEBADMIN.NSF
configuring, 16-17
securing, 16-18
WebAuth_Verbose_Trace setting
described, C-119
WebDAV, 34-15, 34-22
setting up, 34-15, 34-17
WebGet command
described, I-28
WebSess_Verbose_Trace setting
described, C-120
troubleshooting with, 63-106
WebSphere plug-ins
installing on IIS servers, 35-4
Welcome Page
creating, 5-87
Wide-area networks. See WANs
Wildcard searches
LDAP service, 20-28
Window_Title setting
described, C-120
Windows
configuring SNMP Agent
for, 53-11
directory for entering
commands, 3-2
installation on, 3-3
running Server Setup program
on, 3-18
system fonts, C-121
Windows 2000
configuring partitioned
servers, 2-52
ensuring name resolves on, 2-29
improving server
performance, 60-13
name resolution, 2-15, 2-22
registering existing users, 17-35
registering new users, 17-33
Index-40
X
X.PC network
compression and, 2-42
XACLs. See Extended ACLs
x-headers
adding to outbound Internet
mail, 28-134
XPC_Console setting
described, C-121
xSP servers
Activity Logging
for, 13-23 to 13-24
applications on, 12-15
binding IP addresses to, 13-16
configuring, 12-5, 12-9
Domino features for, 12-4
example, 12-16
for hosted environments, 12-1
installation options, 12-2
installing, 13-2
mail protocols on, 12-13
opening databases on, 13-8
securing, 12-3
setting up environment for, 13-1
Z
zOS
configuring SNMP Agent
for, 53-17