Installing Domino REST API in an existing Domino container server – Martijn's Blog  

By Martijn de Jong | 10/3/24 1:18 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

The Domino REST API, a.k.a. DRAPI, is a requirement for running HCL Volt MX Go. On a native Domino server, it’s an add-on that you can install. The installation will install files in both a special install directory, the Domino program directory and the Domino data directory. On a Domino server using Domino container images, you need a Domino image with the REST API included. After all, the Domino program directory is not persistent, which means that any addition to this directory that was added in the container and not in the image, is lost when the Domino container is stopped and restarted. Something that happens whenever you reboot the host machine. Luckily, the Domino container community image build tool includes the Domino REST API in the build menu, so it’s easy to add.

Linux LSOF is causing 100% CPU load inside a container in some configurations  

By Daniel Nashed | 10/2/24 4:34 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Linux LSOF is causing 100% CPU load inside a container in some configurations https://blog.nashcom.de/nashcomblog.nsf/dx/ https://blog.nashcom.de/nashcomblog.nsf/feed.rss RSS - Daniel Nashed's Blog Daniel Nashed's Blog Daniel Nashed Linux LSOF is causing 100% CPU load inside a container in some configurations Linux Domino Container width=device-width, initial-scale=1.0, minimum-scale=1.0 Daniel Nashed's Blog ../nashcom.css ../dx/imprint.htm Imprint Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ... Search Search Search Search alt Daniel Nashed # Tags Tag: 64Bit ../archive?openview&title=64Bit&type=cat&cat=64Bit 64Bit Tag: ACME ../archive?openview&title=ACME&type=cat&cat=ACME ACME Tag: ACME HTTP-01 ../archive?openview&title=ACME%20HTTP-01&type=cat&cat=ACME%20HTTP-01 ACME HTTP-01 Tag: ADFS ../archive?openview&title=ADFS&type=cat&cat=ADFS ADFS Tag: AdminCentral ../archive?openview&title=AdminCentral&type=cat&cat=AdminCentral AdminCentral Tag: AIX ../archive?openvie

Disabling XPages if not needed reduces open files and HTTP start/stop time  

By Daniel Nashed | 9/30/24 4:30 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

While working on setup automation I often ran into HTTP startup challenges. It can take up to 40-50 seconds until the HTTP task is started. If you look at open files, you notice that each thread has more than 70 files open. This sums up to up quite some files and the HTTP server start/stop time is much slower. In case you don't use XPages there is a simple switch to disable the XPages run-time and only load the standard Java components. notes.ini INotesDisableXPageCMD=1 I first had the impression Java in general would cause overhead on start. But my tests drilled down to XPages/OSGI.

Domino 14.0 FP2 IF1 installer might fail on new machines -- VCRUNTIME140 32bit is missing  

By Daniel Nashed | 9/24/24 1:06 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

I ran into this today when testing and got a customer reporting this one hour later. So it was easy to reply with a root cause and solution. Domino is a 64bit application. Therefore the Windows run-time installed with the Domino release installer is 64bit only. The Fixpack installer has no VC runtime requirements. But it turns out the hotfix installer, which is also used for interim fixes is also a 32bit installer and has VC dependencies.

Domino does not shutdown cleanly when Windows is rebooted or shutdown  

By Daniel Nashed | 9/11/24 6:23 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

When stopping the Domino service manually, the Windows service control manager (SCM) waits sufficient time to shutdown Domino cleanly. But it turns out a Windows shutdown or reboot does not wait sufficient time for service termination. This is critical because it would kill running Domino processes without notice. Even with transaction log enabled, this isn't a desirable situation.

How to find out what is eating my disk space on Linux?  

By Daniel Nashed | 9/11/24 6:22 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

If you don't know the Linux tool ncdu, this will make your day. The tool by default scans from where you are or any directory you specify. Specially when running on WSL you might want to use excludes. On top there is a delete option, which can be quite helpful when you find large files you don't need. I am using it for years and it did safe my IT life more than once. And it is very fast...

You don't have to overwrite your Command when pasting into the Domino Console  

By Cormac McCarthy | 8/31/24 3:35 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

While having a look at the HCL Domino Portal ideas portal the other week I came across something I was going to vote for, namely Paste (using CTRL+V) in the Server Console “Domino Command” input field should not remove existing content in that input field. Just as I was about to hit the vote button, I read the comments. Someone had helpfully put in the solution

Silent HCL Notes 32 bit to 64 bit upgrade changes - Domino People  

By Cormac McCarthy | 8/27/24 9:59 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

HCL have recently published one of the “gotchas” around upgrading from 32 bit to 64 bit Notes. I came across this again and thought it worth sharing. When upgrading Notes 32 bit to 64 bit via command line/scripting/third party install tool (basically anywhere you’re running silently) the syntax for PROGDIR and DATADIR changes to PROGDIRW64 and DATADIRW64.

Problem when uploading ID file to Vault with Admin Client 14.x to Domino 12.0.1.x   

By Rainer Brandl | 8/27/24 9:57 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Today I had the problem that a customer complained about the problem of uploading the ID of a new registered user to an existing vault. I could see the following entries in the local log.nsf:27.08.2024 11:03:00 ID 'C:\HCL\Notes\Data\user\testuser1.id' failed to upload to vault 'O=customer_vault' on server 'CN=SERVER01/O=SRV'. 'Test User1' made request. Error: Remote system no longer responding After opening a case I received the link to a TechNote where a problem with Admin Client V14.x and HCL Domino 12.0.1.x is documented. I afterwards modified the setting in the NOTES.INI of the client and now the upload of the ID for the newly registered user is working fine !!! Be aware to put the setting “TCPIP=TCP,0,15,16000” only in the NOTES.INI of a V14 client !!! If you set this value in a NOTES.INI of V12, the client will not startup and will cause serious troubles !!!

Does TOTP Work for users in a Secondary Directory via DA  

By Keith Brooks | 8/21/24 6:43 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Like many of our customers, a customer has a large external user community relying on their applications. We have about 7,000 external customers. Some are undoubtedly old customers, but 7,000 is a lot of people. Previously, I wrote about how to bulk add these people into your ID Vault, and that was all fine and good where we have only one names.nsf for everyone and everything. We may have had 2-3 servers in that org. Now, the 7,000 are in a secondary external names.nsf via DA (Directory Assistance). The Problem 1) How do you register and maintain the people in a secondary Directory? 2) Does the DA even work with TOTP?

HCL Domino TOTP & Passkey authentication   

By Rainer Brandl | 8/19/24 7:45 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

In a customer environment I have enabled the great working TOTP authentication. After migration the environment to Domino V14 I also enabled the Passkey authentication in the same Internet Site document.Afterwards neither TOTP authentication nor Passkey Authentication worked. A clarification of the HCL Support delivered the following information: You cannot enable both authentication types for the same internet site document !!

Route HCL Traveler mail to your internal scanner  

By Remco Angioni | 8/8/24 7:28 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Companies normally scan mail only on the first Domino SMTP server, not on all servers. For HCL Traveler server, this could be a problem because your external and mobile device can be infected with ransom-ware or a virus. This way it can harm you organization. How to check all mails coming from HCL Traveler servers using your already running and active scanner?

Domino One Touch Setup (OTS) advanced examples and helpers  

By Daniel Nashed | 7/29/24 3:22 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

OTS is a very powerful and flexible feature of Domino 12+ which has been extended in each dot release since then. I am OTS a lot in the container world. But it also works on Windows. It perfectly fits into the container world. And we added a couple of integration points into the container image. Because I got a couple of questions I wrote up some examples, related information and also an Lotus Script agent to extend the functionality. The agent is intended to be an example how to wrote own integrations and also to leverage and extend the existing agent for own needs.

Pretty-Printing JSON in the (Desktop) Notes Client and Domino  

By Jesse Gallagher | 7/29/24 3:21 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

In the OpenNTF Discord (join if you haven't!), Daniel Nashed brought up a task he was facing: in the Notes client, writing pretty-printed JSON. LotusScript has its NotesJSON* classes that can process JSON in their stark way, but the stringify output is meant for machine reading and doesn't include whitespace and line breaks, making it ill-suited for things like configuration files or other things a human might read or edit. Since the goal is to get it working in the full Notes client and not Nomad, Java is on the table, but Java - for dumb historical reasons - has no proper built-in JSON library. However, as of 12.something HCL shunted IBM Commons down to the global classpath in order to support the "share Java design elements between XPages and agents" feature. Among many other things, IBM Commons includes a JSON library that can suit. I wrote a post almost a decade ago talking about this library and its limited nature, but it's nonetheless less limited than the LotusScript classes, and it's up to the task. There are a couple ways to go about this, depending on your needs, but for now I'll just cover the basic case here of "I have a string of JSON and want to format it".

Pretty-Printing JSON in Notes Client and Domino  

By Daniel Nashed | 7/29/24 3:20 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

The Lotus Script class for reading and writing JSON is that easy. There are not many examples and some functionality is missing. JSON can be either condensed without any new lines and indentation. That's great when you use it for back-end processing or REST services. Why is pretty printing important But in some cases you need pretty formatted JSON. Specially when you want to maintain it manually and extend it. For example for Domino OTS JSON files :-) When you use JSON based configuration pretty printed JSON is very helpful. Condensed JSON is also difficult to check into Git. Everything looks modified when it is a single line.

HCL Nomad server 1.0.12 IF1 shipped with same file name than 1.0.12  

By Daniel Nashed | 7/22/24 6:13 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Nomad 1.0.12 has been replaced with a 1.0.2 IF1 version. MHS has only the new version. The old version can't be downloaded any more. But they left the file names the same. So you can't distinct the files by name once you downloaded them. So you have to delete the old file and re-download it. The same file name with a different content (resulting in a different hash and size), breaks automation. For example it broke the Domino container build automation.

Mindoo - Domino JNA Virtual Views: The Next Step in Domino Data Retrieval  

By Karsten Lehmann | 7/14/24 7:09 AM | Infrastructure - Notes / Domino | Added by Serdar Basegmez

In the previous two articles, "The pain of reading data as a Domino developer - and solutions" and "Overview of Domino Data Retrieval: Exploring NSF Search, DQL, Domino Views, and the QueryResultsProcessor", we explored the challenges and solutions for efficiently accessing and processing data in Domino.

Mindoo - Overview of Domino Data Retrieval: Exploring NSF search, DQL, Domino Views and the QueryResultsProcessor  

By Karsten Lehmann | 7/14/24 7:08 AM | Infrastructure - Notes / Domino | Added by Serdar Basegmez

As you read in the previous article "The pain of reading data as a Domino developer - and solutions", looking up data on Domino is not as easy as it seems - especially compared to other platforms like SQL. Let's explore the available options.

Running Domino Windows container image on Windows 2022  

By Daniel Nashed | 7/8/24 1:43 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Two years ago I have been looking into Domino in a Windows container already. The main purpose was to understand the technology and if this makes sense to be used in general. IMHO container technology is mainly helpful on Linux. Containers on Linux use core OS level functionality, which is part of the Linux kernel. Only Linux makes sense for production use for me. But a Windows container can be a great test environment for automation testing and other test use cases. I revisited my container build on Windows this weekend and first updated it to Domino 14 and also updated all involved tooling like 7Zip. In addition I looked into how I could leverage a Windows container image for testing.

New Nomad Server features -- ACME HTTP-01 challenge support & HTTP redirects via port 9080  

By Daniel Nashed | 7/8/24 1:42 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

There are two new features in the latest Nomad Server versions, introduced to Nomad Server without big notice. I just got the question from a partner why Nomad Server now binds port 9080 in addition to port 9443 and the internal communication port (only loop back). The port might be used by other applications like the IBM Spectrum Protect (TDP) -- which was the problem in this customer case. It turns out the TDP Java based restore GUI and does not work in combination without changing or disabling the port.

An Admin Present You Didn't Know You Needed  

By Keith Brooks | 7/4/24 7:41 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

About 2 weeks ago, I gave an impromptu webinar for Openntf.org as a last-minute fill-in. Openntf, for those that don't know, is the Notes/Domino+ community, where devs, admins, business people, HCL, and others share code and ideas, templates, and projects for the benefit of the greater worldwide community. I wanted to inform people that monitoring Tasks in the Administrator client has some changes. Why is this important? Because unless you are a 1 server company, you have a lot of information to remember, such as: How do you know if DBMT ran? How do you know which server Certmgr runs on? Which web server do you run the Domino REST API on? Which server handles your Backups and Restores, presuming you leverage the v14 options? Is NOMAD running? Is your DirSync working? Are you sure the awesome OnTime Group calendar is running? Have you enabled Aautoupdate yet? One look and you know. Intriguing questions, right?

End of Life for CentOS 7 AND CentOS 8 Stream  

By Martijn de Jong | 7/2/24 6:54 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

CentOS 7 was released on the 7th of July 2014. For many years, it has been the operating system for millions of servers. Last Sunday (30th of June) was the day when, after almost 10 years, CentOS 7 became end-of-life. This means that no (security) updates for CentOS 7 will be released any more, and that servers running CentOS 7 are at risk. I personally know of quite a few servers that are still running on CentOS 7. Even though the EOL date of CentOS 7 has been known for a very long time, many companies waited till the very last moment to phase out these systems and then missed their target. This is a bad situation to be in. I expect that it won’t be long before vulnerabilities in these systems become public, which then can no longer be patched. Migrating these systems to a new operating system should be top priority for these companies!

How deep do you authenticate?   

By Stephan Wissel | 6/24/24 8:26 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

How deep do you authenticate? - Accessing applications usually entails some kind of identity. Some part(s) of your application provide identity (called IdP), while other's consume it (paraphrased from Captain Obvious). Identity could be provided from a record or document in your or another database, an LDAP directory, an OICD or a 3d party like your eMail provider or social account, or with some hoops and loops Webauthn (a.k.a passkey). The question is: how deep does it go ?

Issues Starting MongoDB Version 5 and Above  

By Milan Matejic | 6/14/24 10:29 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

If you are using a Hypervisor on a Windows OS, you might encounter some issues with deploying MongoDB version 5 and above, as MongoDB 5.0+ requires a CPU with AVX support. CPUs with AVX Support have been around for a long time and this shouldn’t be a problem. However, on my PC, I am running Windows 11 OS with VirtualBox as a Hypervisor, and I am also using WSL for Ubuntu on the same machine, which requires some features of Hyper-V to be activated. As it turns out, Hyper-V has some unusual (at least for me) effects on the VMs running on VirtualBox.

A good reference for Semaphore timeouts  

By Cormac McCarthy | 6/10/24 1:33 PM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Recently while troubleshooting an issue on a customer site, I can across this Knowledge based article around what the HEX codes when Semaphore messages are thrown in the Domino console. It’s been updated recently and contains information you may need to troubleshoot semaphore issues with a Domino server. I like this type of transparency that helps you review these types of issues independently. Bookmark for your own reference!

Building applications in a build container  

By Daniel Nashed | 5/13/24 4:32 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Specially when developing for different target versions of an OS or an application a build container can be very helpful. But build containers are also really helpful in larger teams when everyone should use the exact same build environment. The Domino container project supports adding the Notes/Domino C-API SDK to the container image. In case of Domino libnotes.so is required. Therefore compiling requires at least an installed Domino server with the same or newer version than the SDK version. I built a Domino 14.0 FP1 image including C-API 14.0 and tagged it hclcom/domino:build. For this blog post I am using the simple test program in the container projects automation test directory --> https://github.com/HCL-TECH-SOFTWARE/domino-container/tree/main/testing The directory is defined as a volume inside the container /build.

Domino Container Project: software.txt link & new start script version  

By Daniel Nashed | 5/9/24 3:22 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

The container project contains a software.txt file with all the web-kits used to build images. For some technical reasons the file was located in two places. 1. The build.sh script uses software.txt for checking web-kits before the image build starts. 2. The actually image build process uses software.txt to verify the downloaded web-kits before installing them. software.txt and current_version.txt can also be added to a custom software directory (SOFTWARE_DIR) or remote download location (DOWNLOAD_FROM).

HCL SafeLinx 1.4.2 available -- New best friend "Domino CertMgr"  

By Daniel Nashed | 5/2/24 9:21 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

This was a quite high rated AHA idea. So the SafeLinx team and Domino team teamed up to implement it. The flow is integrated into the SafeLinx UI and SafeLinx also allows ACME challenge "passthru". There isn't any change in CertMgr needed. It is implemented in a way that you could implement your own integration flows. If you have a specific integration idea, ping me. I can point you to the right direction.

The conf-file in the Domino Container build script  

By Martijn de Jong | 5/2/24 9:19 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

In my previous post, I showed that the Domino-container build script now has a menu. When Daniel announced his plans to include a menu, I asked him to add the option to output the result of a menu build in the form build.sh domino 12.0.2 FP3 -verse -nomad etc. Why? So you could use this in a script to build the same container image with an updated Linux OS base layer unattended. Daniel listened, but implemented it in a different way.

Notes client is spamming the Domino console  

By Oliver Busse | 4/18/24 1:53 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

This is something we experienced for quite a while with several versions of the Notes client on different systems: the Notes client randomly tries to access known servers in the environment (aka servers with a connection document in the names.nsf). I never understood the strategy behind the client trying to access a "server A" when this isn't even the mail server of the used location after login, especially when the ID is not even allowed on "server A". Ok, I live with that for decades and sometimes it helps to nuke the $Saved... fields in the location document(s). But this is another story. The story I want to tell with this post is the following: we randomly see Notes trying to access a "server X" where the currently used notes ID (defined in the location being used) is not cross-certified.