Notes / Domino
HCL Nomad server 1.0.12 IF1 shipped with same file name than 1.0.12 
By Daniel Nashed | 7/22/24 6:13 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Nomad 1.0.12 has been replaced with a 1.0.2 IF1 version.
MHS has only the new version. The old version can't be downloaded any more.
But they left the file names the same. So you can't distinct the files by name once you downloaded them.
So you have to delete the old file and re-download it.
The same file name with a different content (resulting in a different hash and size), breaks automation.
For example it broke the Domino container build automation.
Mindoo - Domino JNA Virtual Views: The Next Step in Domino Data Retrieval
By Karsten Lehmann | 7/14/24 7:09 AM | Infrastructure - Notes / Domino | Added by Serdar Basegmez
In the previous two articles, "The pain of reading data as a Domino developer - and solutions" and "Overview of Domino Data Retrieval: Exploring NSF Search, DQL, Domino Views, and the QueryResultsProcessor", we explored the challenges and solutions for efficiently accessing and processing data in Domino.
Mindoo - Overview of Domino Data Retrieval: Exploring NSF search, DQL, Domino Views and the QueryResultsProcessor
By Karsten Lehmann | 7/14/24 7:08 AM | Infrastructure - Notes / Domino | Added by Serdar Basegmez
As you read in the previous article "The pain of reading data as a Domino developer - and solutions", looking up data on Domino is not as easy as it seems - especially compared to other platforms like SQL. Let's explore the available options.
Running Domino Windows container image on Windows 2022
By Daniel Nashed | 7/8/24 1:43 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Two years ago I have been looking into Domino in a Windows container already.
The main purpose was to understand the technology and if this makes sense to be used in general.
IMHO container technology is mainly helpful on Linux. Containers on Linux use core OS level functionality, which is part of the Linux kernel.
Only Linux makes sense for production use for me.
But a Windows container can be a great test environment for automation testing and other test use cases.
I revisited my container build on Windows this weekend and first updated it to Domino 14 and also updated all involved tooling like 7Zip.
In addition I looked into how I could leverage a Windows container image for testing.
New Nomad Server features -- ACME HTTP-01 challenge support & HTTP redirects via port 9080
By Daniel Nashed | 7/8/24 1:42 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
There are two new features in the latest Nomad Server versions, introduced to Nomad Server without big notice.
I just got the question from a partner why Nomad Server now binds port 9080 in addition to port 9443 and the internal communication port (only loop back).
The port might be used by other applications like the IBM Spectrum Protect (TDP) -- which was the problem in this customer case.
It turns out the TDP Java based restore GUI and does not work in combination without changing or disabling the port.
An Admin Present You Didn't Know You Needed
By Keith Brooks | 7/4/24 7:41 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
About 2 weeks ago, I gave an impromptu webinar for Openntf.org as a last-minute fill-in.
Openntf, for those that don't know, is the Notes/Domino+ community, where devs, admins, business people, HCL, and others share code and ideas, templates, and projects for the benefit of the greater worldwide community.
I wanted to inform people that monitoring Tasks in the Administrator client has some changes.
Why is this important? Because unless you are a 1 server company, you have a lot of information to remember, such as:
How do you know if DBMT ran?
How do you know which server Certmgr runs on?
Which web server do you run the Domino REST API on?
Which server handles your Backups and Restores, presuming you leverage the v14 options?
Is NOMAD running?
Is your DirSync working?
Are you sure the awesome OnTime Group calendar is running?
Have you enabled Aautoupdate yet? One look and you know.
Intriguing questions, right?
End of Life for CentOS 7 AND CentOS 8 Stream
By Martijn de Jong | 7/2/24 6:54 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
CentOS 7 was released on the 7th of July 2014. For many years, it has been the operating system for millions of servers. Last Sunday (30th of June) was the day when, after almost 10 years, CentOS 7 became end-of-life. This means that no (security) updates for CentOS 7 will be released any more, and that servers running CentOS 7 are at risk.
I personally know of quite a few servers that are still running on CentOS 7. Even though the EOL date of CentOS 7 has been known for a very long time, many companies waited till the very last moment to phase out these systems and then missed their target. This is a bad situation to be in. I expect that it won’t be long before vulnerabilities in these systems become public, which then can no longer be patched. Migrating these systems to a new operating system should be top priority for these companies!
How deep do you authenticate?
By Stephan Wissel | 6/24/24 8:26 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
How deep do you authenticate? - Accessing applications usually entails some kind of identity. Some part(s) of your application provide identity (called IdP), while other's consume it (paraphrased from Captain Obvious). Identity could be provided from a record or document in your or another database, an LDAP directory, an OICD or a 3d party like your eMail provider or social account, or with some hoops and loops Webauthn (a.k.a passkey).
The question is: how deep does it go ?
Issues Starting MongoDB Version 5 and Above
By Milan Matejic | 6/14/24 10:29 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
If you are using a Hypervisor on a Windows OS, you might encounter some issues with deploying MongoDB version 5 and above, as MongoDB 5.0+ requires a CPU with AVX support.
CPUs with AVX Support have been around for a long time and this shouldn’t be a problem. However, on my PC, I am running Windows 11 OS with VirtualBox as a Hypervisor, and I am also using WSL for Ubuntu on the same machine, which requires some features of Hyper-V to be activated. As it turns out, Hyper-V has some unusual (at least for me) effects on the VMs running on VirtualBox.
A good reference for Semaphore timeouts
By Cormac McCarthy | 6/10/24 1:33 PM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Recently while troubleshooting an issue on a customer site, I can across this Knowledge based article around what the HEX codes when Semaphore messages are thrown in the Domino console.
It’s been updated recently and contains information you may need to troubleshoot semaphore issues with a Domino server. I like this type of transparency that helps you review these types of issues independently. Bookmark for your own reference!
Building applications in a build container
By Daniel Nashed | 5/13/24 4:32 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Specially when developing for different target versions of an OS or an application a build container can be very helpful.
But build containers are also really helpful in larger teams when everyone should use the exact same build environment.
The Domino container project supports adding the Notes/Domino C-API SDK to the container image.
In case of Domino libnotes.so is required. Therefore compiling requires at least an installed Domino server with the same or newer version than the SDK version.
I built a Domino 14.0 FP1 image including C-API 14.0 and tagged it hclcom/domino:build.
For this blog post I am using the simple test program in the container projects automation test directory --> https://github.com/HCL-TECH-SOFTWARE/domino-container/tree/main/testing
The directory is defined as a volume inside the container /build.
Domino Container Project: software.txt link & new start script version
By Daniel Nashed | 5/9/24 3:22 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
The container project contains a software.txt file with all the web-kits used to build images.
For some technical reasons the file was located in two places.
1. The build.sh script uses software.txt for checking web-kits before the image build starts.
2. The actually image build process uses software.txt to verify the downloaded web-kits before installing them.
software.txt and current_version.txt can also be added to a custom software directory (SOFTWARE_DIR) or remote download location (DOWNLOAD_FROM).
HCL SafeLinx 1.4.2 available -- New best friend "Domino CertMgr"
By Daniel Nashed | 5/2/24 9:21 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
This was a quite high rated AHA idea. So the SafeLinx team and Domino team teamed up to implement it.
The flow is integrated into the SafeLinx UI and SafeLinx also allows ACME challenge "passthru".
There isn't any change in CertMgr needed. It is implemented in a way that you could implement your own integration flows.
If you have a specific integration idea, ping me. I can point you to the right direction.
The conf-file in the Domino Container build script
By Martijn de Jong | 5/2/24 9:19 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
In my previous post, I showed that the Domino-container build script now has a menu. When Daniel announced his plans to include a menu, I asked him to add the option to output the result of a menu build in the form build.sh domino 12.0.2 FP3 -verse -nomad etc. Why? So you could use this in a script to build the same container image with an updated Linux OS base layer unattended. Daniel listened, but implemented it in a different way.
Notes client is spamming the Domino console
By Oliver Busse | 4/18/24 1:53 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
This is something we experienced for quite a while with several versions of the Notes client on different systems: the Notes client randomly tries to access known servers in the environment (aka servers with a connection document in the names.nsf).
I never understood the strategy behind the client trying to access a "server A" when this isn't even the mail server of the used location after login, especially when the ID is not even allowed on "server A". Ok, I live with that for decades and sometimes it helps to nuke the $Saved... fields in the location document(s). But this is another story.
The story I want to tell with this post is the following: we randomly see Notes trying to access a "server X" where the currently used notes ID (defined in the location being used) is not cross-certified.
Building your Domino Container Image in 2024
By Martijn de Jong | 4/18/24 1:51 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
When you have a child which you see everyday, you don’t really notice how much he/she grew until you compare their current height with the line on the doorpost of the year before. It’s like that with the Domino container community project for me. My last major post on the Domino container project was in July 2022. Daniel Nashed, the main contributor to this project, has been steadily working on and there are many additions to the project. I use Domino containers on a daily basis, so I’ve seen the progress step by step. Only when reading my post from 2022, I realised how far the project has progressed in the past 21 months. Time for an update! The project also got a new status as since Domino 12.0.2, HCL’s official container images, which you can download from FlexNet, are now also based on the community container scripts!
There are 2 new additions which make creating a Domino container image much easier:
The use of the domdownload script
The build menu
Next to that there are a couple of very interesting new options. In this article, I’ll mainly focus on these two items. In another article, I’ll focus on the new options.
Updating autoupdate.nsf with the new template (14.0 08.03.2024)
By Daniel Nashed | 4/17/24 3:56 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
The new fit & finish work and the new autcat.nsf integration requires template changes.
Please make sure you are getting the template version 14.0 from 08.03.2024 and not the earlier version from 03.11.2023 shipped with Domino 14.
When deploying the container image I noticed an issue with the folder permissions where the container image is getting template updates for Fixpacks.
The directory /opt/hcl/domino/notes/latest/linux/data1_bck/140FP1/localnotesdata contains updated templates.
But the directory can be only accessed by "root" and the container runs with the "notes" user.
This is not new to 14.0 FP1. Also 12.0.2 fixpacks had the same permissions, but nobody noticed the missing updates.
Domino AutoUpdate AUT Catalog integration in action
By Daniel Nashed | 4/17/24 3:54 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
When the new integration is enabled, client web-kits are just pushed to AUT Catalog.
The push will also happen for existing web-kits once the document is updated with data containing the Metadata XML.
No manual steps needed. The documents and the new view have a button to directly jump into AUT Catalog.
The button on top only shows up for software pushed to AUT Catalog.
AUT Catalog sometimes has multiple documents for the same web-kit.
DBMT is good - but like most hybrids, it is a compromise
By Adam Osborne | 4/17/24 3:53 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Sometimes I think of DBMT as the love child of Compact and Updall. It combines some of their functionality, but sometimes you notice bits are missing, don’t work, or don’t work the way you think they should.
The big issue that we keep encountering lately is that DBMT only enforces a time limit for it's compacting tasks; the index update threads will happily continue for hours. This is not ideal, especially for some view indexing operations on large databases.
Adding TOTP to your own application
By Daniel Nashed | 4/16/24 5:10 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
The oathtool is the standard tool on Linux. It comes as a command-line tool or a dynamic and static link lib to be used in your own applications.
You can statically link the code into your application and generate TOTP codes and also validate them.
The homepage contains information about the command line tool "oathtool" and also the lib "liboath".
https://www.nongnu.org/oath-toolkit/
Example how to use it on command-line.
The example used the base32 encoded secret for "test".
oathtool --totp -b ORSXG5AK
Domino Containers – The Next Step
By Martijn de Jong | 4/11/24 5:12 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
With the Engage conference less than two weeks away, I’m working hard on my presentation. My topic will be “Domino Containers – The Next Step”. It’s a sequel to the presentation that I gave at Engage 2022 (and that same year at CollabSphere and OpenNTF) about the Domino container community project. Two years ago, I showed that Domino containers were ready to be used in production. On HCL’s FlexNet you had been able to download Domino docker images for quite a while already, but HCL never formally announced that those were for production use as well. During my session, I showed that the community images had quite a few benefits over HCL’s image and that Domino containers, based on these images, were a sensible replacement for your native Domino installations.
So this time, we go a step further. Daniel Nashed has been working hard on the build-scripts for the community image and it has become easier than ever to build your own Domino image. I will show this live during my session.
Linux - Using Cron to schedule periodic jobs like certificate updates
By Daniel Nashed | 4/11/24 5:10 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
In all the years I have never looked into cron.
But it is really a very straightforward functionality, which is used by Linux itself.
You can either schedule user specific jobs or use /etc/cron.d files or /etc/crontab.
There is a certificate update script --> https://github.com/HCL-TECH-SOFTWARE/domino-cert-manager/blob/main/examples/nginx/cert_upd_nginx.sh
Howto convert cert formats from and to PEM
By Daniel Nashed | 4/11/24 5:09 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
CertMgr uses PEM internally for all operations. The PEM format is the most important format.
But you might get your files from your admin or a CA in different formats.
CertStore can import and export PEM and PKCS12 (PFX, p12).
But this might not always work in the way you expect it because of legacy encryption.
I just wrote a new howto document providing some background and providing OpenSSL command line options.
HCL Notes Crash While Importing PKCS12 Database to the HCL Domino Certificate Manager
By Milan Matejic | 4/9/24 10:44 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
While I was working with HCL Domino Certificate Manager (CertMgr), which btw is awesome, I encountered an issue, that caused the HCL Notes to crash. Namely, the import of a seemingly valid PFX file (PKCS12 database, downloaded directly from the customer's TLS provider's site) caused the HCL Notes to crash, after which the certificates and the private key contained in the file, were not imported. I could reproduce the issue with the same PFX file in multiple environments running HCL Domino 12.0.2 FPx, HCL Notes 12.0.2 as well as HCL Notes 14.0.
NSF File Server 2.0
By Jesse Gallagher | 4/8/24 12:49 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
A few years ago, I made a little project that hosts an SFTP server that stores documents in an NSF. I've used it here and there since then - as in the original post, I stashed some company docs in it to have them nicely synced among our Domino servers, and I've also had cases where clients use it to, for example, provide a way for their vendors to upload files in a standard way.
The other week, I decided to dive back into it to add some capabilities I'd wanted for a while, and the result is version 2.0.0. This version is a significant revamp that adds quite a bit.
Green is beautiful! - Traveler Status
By Anett Hammerschmidt | 4/8/24 12:46 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
“tell traveler status”
Green: No Issues
Yellow: Possible issues that should be addressed
Red: Critical issues that should be adressed
When the status is Yellow or Red, the system displays all the conditions causing noncompliance. The returned messages include both the reason for the noncompliance and the probable cause for the failure (when available).
Domino meets Grafana & Loki
By Daniel Nashed | 4/8/24 12:45 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
The latest Sametime version offers a graphical statistics dashboard based on Grafana and Prometheus.
Domino statistics out of the box don't play well with Grafana.
Prometheus needs a pull model and the Domino Stats Package added in Version 10 only supports the push model.
Sametime uses the push gateway, but because the Domino statistic names need to be transformed anyway, I wrote a small servertask to provide the stats to be included into the node_exporter, which already is used to provide Linux system statistics.
Beside statistics I also looked into Grafana Loki to collect logs and make them available over the Grafana interface. The data is collected by promtail.
SNMP with Domino on Docker
By Daniel Nashed | 4/1/24 1:59 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Simple Network Management Protocol (SNMP) is a rarely used functionality in Domino, which has been implemented in Domino in the last century.
But I got a request from a customer to get SNMP working with Domino in a container to monitor the server.
On Kubernetes there are other ways to monitor servers. But for a stand-alone Docker host, SNMP could still make sense and can be implemented.
Important: Domino ID Vault -- Don’t remove old servers if still referenced in user documents
By Daniel Nashed | 3/28/24 4:22 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
When you migrate to new servers, you have to be aware of the following limitation, which is documented in 12.0.2/14.0 but also affects older servers.
To ensure you can recover all user.IDs make sure the server document is still present and the server is still in the ID vault configuration. See the following warning in help and Kbase document.
This is a recent update in documentation and I just sent it to a customer during a server upgrade/move workshop.
How to get HCL Notes/Designer to run on your Apple Silicon. – NotesIn9
By David Leedy | 3/19/24 2:36 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Here’s my first attempt at making a “Short” on YouTube. I have some topics that are just really quick and a full normal NotesIn9 is overkill. So that’s what “shorts” are far. So I figured I’d give it a try