Recent
Notes client is spamming the Domino console 
By Oliver Busse | 4/18/24 1:53 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
This is something we experienced for quite a while with several versions of the Notes client on different systems: the Notes client randomly tries to access known servers in the environment (aka servers with a connection document in the names.nsf).
I never understood the strategy behind the client trying to access a "server A" when this isn't even the mail server of the used location after login, especially when the ID is not even allowed on "server A". Ok, I live with that for decades and sometimes it helps to nuke the $Saved... fields in the location document(s). But this is another story.
The story I want to tell with this post is the following: we randomly see Notes trying to access a "server X" where the currently used notes ID (defined in the location being used) is not cross-certified.
Building your Domino Container Image in 2024
By Martijn de Jong | 4/18/24 1:51 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
When you have a child which you see everyday, you don’t really notice how much he/she grew until you compare their current height with the line on the doorpost of the year before. It’s like that with the Domino container community project for me. My last major post on the Domino container project was in July 2022. Daniel Nashed, the main contributor to this project, has been steadily working on and there are many additions to the project. I use Domino containers on a daily basis, so I’ve seen the progress step by step. Only when reading my post from 2022, I realised how far the project has progressed in the past 21 months. Time for an update! The project also got a new status as since Domino 12.0.2, HCL’s official container images, which you can download from FlexNet, are now also based on the community container scripts!
There are 2 new additions which make creating a Domino container image much easier:
The use of the domdownload script
The build menu
Next to that there are a couple of very interesting new options. In this article, I’ll mainly focus on these two items. In another article, I’ll focus on the new options.
Maven build with multiple Java versions
By Stephan Wissel | 4/17/24 4:02 AM | Development - Notes / Domino | Added by Roberto Boccadoro
Imagine, you are tasked with maintaining a Java application that needs to run on more than one Java version. You want to ensure that it compiles, tests and builds on all of them. This is our story, buckle up, there are a few moving parts
How to remove a Groupchat in Sametime V12?
By Remco Angioni | 4/17/24 4:01 AM | Infrastructure - Sametime | Added by Roberto Boccadoro
When a user creates a groupchat using, let’s say “AllUsers”, this groupchat will consume a lot of resources when AllUsers contain many many users.
Beside asking the users to remove this chat, there is no way to remove this groupchat using a (Admin)gui.
We raised a call to HCL and they solved it by removing it from the backend. Smart one. They even created a KB item about it, using our information. Smart one.
You can terminate the group chat from the MongoDB
Here are the steps:
The iPhora Journey - Part 8 - Flow-based Programming
By Richard Moy | 4/17/24 3:58 AM | Development - Notes / Domino | Added by Roberto Boccadoro
As developers, most of us create applications through the conscious act of programming, either procedural, as many of us old-timers grew up with, or object-oriented, which we grudgingly had to admit was better. This is true whether we are using Java, LotusScript, C++ or Rust on Domino. (By the way, does anyone remember Pascal? When I was in school, I remember being told it was the language of the future, but for some reason it didn't seem to survive past the MTV era). But in the last decade, there are some new developments in the programming world that we need to take into account... and no, I'm not talking about AI.
Updating autoupdate.nsf with the new template (14.0 08.03.2024)
By Daniel Nashed | 4/17/24 3:56 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
The new fit & finish work and the new autcat.nsf integration requires template changes.
Please make sure you are getting the template version 14.0 from 08.03.2024 and not the earlier version from 03.11.2023 shipped with Domino 14.
When deploying the container image I noticed an issue with the folder permissions where the container image is getting template updates for Fixpacks.
The directory /opt/hcl/domino/notes/latest/linux/data1_bck/140FP1/localnotesdata contains updated templates.
But the directory can be only accessed by "root" and the container runs with the "notes" user.
This is not new to 14.0 FP1. Also 12.0.2 fixpacks had the same permissions, but nobody noticed the missing updates.
Domino AutoUpdate AUT Catalog integration in action
By Daniel Nashed | 4/17/24 3:54 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
When the new integration is enabled, client web-kits are just pushed to AUT Catalog.
The push will also happen for existing web-kits once the document is updated with data containing the Metadata XML.
No manual steps needed. The documents and the new view have a button to directly jump into AUT Catalog.
The button on top only shows up for software pushed to AUT Catalog.
AUT Catalog sometimes has multiple documents for the same web-kit.
DBMT is good - but like most hybrids, it is a compromise
By Adam Osborne | 4/17/24 3:53 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Sometimes I think of DBMT as the love child of Compact and Updall. It combines some of their functionality, but sometimes you notice bits are missing, don’t work, or don’t work the way you think they should.
The big issue that we keep encountering lately is that DBMT only enforces a time limit for it's compacting tasks; the index update threads will happily continue for hours. This is not ideal, especially for some view indexing operations on large databases.
Adding TOTP to your own application
By Daniel Nashed | 4/16/24 5:10 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
The oathtool is the standard tool on Linux. It comes as a command-line tool or a dynamic and static link lib to be used in your own applications.
You can statically link the code into your application and generate TOTP codes and also validate them.
The homepage contains information about the command line tool "oathtool" and also the lib "liboath".
https://www.nongnu.org/oath-toolkit/
Example how to use it on command-line.
The example used the base32 encoded secret for "test".
oathtool --totp -b ORSXG5AK
Simplifying the Maven Build of the NSF File Server Project
By Jesse Gallagher | 4/11/24 5:13 AM | Development - Notes / Domino | Added by Roberto Boccadoro
When working on NSF File Server project that I talked about the other day, I took a slightly-different tack as far as building it than I did in the past, and I think it's worth going over some of that in case it's useful for others.
Domino Containers – The Next Step
By Martijn de Jong | 4/11/24 5:12 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
With the Engage conference less than two weeks away, I’m working hard on my presentation. My topic will be “Domino Containers – The Next Step”. It’s a sequel to the presentation that I gave at Engage 2022 (and that same year at CollabSphere and OpenNTF) about the Domino container community project. Two years ago, I showed that Domino containers were ready to be used in production. On HCL’s FlexNet you had been able to download Domino docker images for quite a while already, but HCL never formally announced that those were for production use as well. During my session, I showed that the community images had quite a few benefits over HCL’s image and that Domino containers, based on these images, were a sensible replacement for your native Domino installations.
So this time, we go a step further. Daniel Nashed has been working hard on the build-scripts for the community image and it has become easier than ever to build your own Domino image. I will show this live during my session.
Linux - Using Cron to schedule periodic jobs like certificate updates
By Daniel Nashed | 4/11/24 5:10 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
In all the years I have never looked into cron.
But it is really a very straightforward functionality, which is used by Linux itself.
You can either schedule user specific jobs or use /etc/cron.d files or /etc/crontab.
There is a certificate update script --> https://github.com/HCL-TECH-SOFTWARE/domino-cert-manager/blob/main/examples/nginx/cert_upd_nginx.sh
Howto convert cert formats from and to PEM
By Daniel Nashed | 4/11/24 5:09 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
CertMgr uses PEM internally for all operations. The PEM format is the most important format.
But you might get your files from your admin or a CA in different formats.
CertStore can import and export PEM and PKCS12 (PFX, p12).
But this might not always work in the way you expect it because of legacy encryption.
I just wrote a new howto document providing some background and providing OpenSSL command line options.
Engage 2024
By Paul Withers | 4/10/24 1:00 PM | Business - Events / People | Added by Oliver Busse
Later this month I will be attending Engage 2024. It will be a bittersweet experience. Engage was the first conference at which I spoke, a session that was way ahead of its time, highlighting the power of repeat controls in XPages and advocating against using View Panels. Ironically, at Engage this year, one of the sessions I’ll be delivering has some similarities. But I’ll cover the sessions I’m involved in chronologically.
HCL Notes Crash While Importing PKCS12 Database to the HCL Domino Certificate Manager
By Milan Matejic | 4/9/24 10:44 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
While I was working with HCL Domino Certificate Manager (CertMgr), which btw is awesome, I encountered an issue, that caused the HCL Notes to crash. Namely, the import of a seemingly valid PFX file (PKCS12 database, downloaded directly from the customer's TLS provider's site) caused the HCL Notes to crash, after which the certificates and the private key contained in the file, were not imported. I could reproduce the issue with the same PFX file in multiple environments running HCL Domino 12.0.2 FPx, HCL Notes 12.0.2 as well as HCL Notes 14.0.
NSF File Server 2.0
By Jesse Gallagher | 4/8/24 12:49 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
A few years ago, I made a little project that hosts an SFTP server that stores documents in an NSF. I've used it here and there since then - as in the original post, I stashed some company docs in it to have them nicely synced among our Domino servers, and I've also had cases where clients use it to, for example, provide a way for their vendors to upload files in a standard way.
The other week, I decided to dive back into it to add some capabilities I'd wanted for a while, and the result is version 2.0.0. This version is a significant revamp that adds quite a bit.
Green is beautiful! - Traveler Status
By Anett Hammerschmidt | 4/8/24 12:46 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
“tell traveler status”
Green: No Issues
Yellow: Possible issues that should be addressed
Red: Critical issues that should be adressed
When the status is Yellow or Red, the system displays all the conditions causing noncompliance. The returned messages include both the reason for the noncompliance and the probable cause for the failure (when available).
Domino meets Grafana & Loki
By Daniel Nashed | 4/8/24 12:45 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
The latest Sametime version offers a graphical statistics dashboard based on Grafana and Prometheus.
Domino statistics out of the box don't play well with Grafana.
Prometheus needs a pull model and the Domino Stats Package added in Version 10 only supports the push model.
Sametime uses the push gateway, but because the Domino statistic names need to be transformed anyway, I wrote a small servertask to provide the stats to be included into the node_exporter, which already is used to provide Linux system statistics.
Beside statistics I also looked into Grafana Loki to collect logs and make them available over the Grafana interface. The data is collected by promtail.
Sametime 12.0.2 statistics & settings are gone after restart server
By Remco Angioni | 4/8/24 12:42 AM | Infrastructure - Sametime | Added by Roberto Boccadoro
Because of the strange default settings in the Sametime V12.0.2 Docker configuration, all changes in Grafana and Prometheus are gone after you bring the docker containers down and/or when you restart the server. By default, HCL decided that Grafana stores information inside the container.By default, HCL decided that Prometheus data is stored on the host.
When you bring down the Docker containers, Grafana information is gone.
When you restart the entire server, /tmp is cleared and therefor all statistics
Prometheus issue is easy to solve, just change the local path to another location outside /tmp
Grafana also need a local, or Docker storage, outside it’s own container.
SNMP with Domino on Docker
By Daniel Nashed | 4/1/24 1:59 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Simple Network Management Protocol (SNMP) is a rarely used functionality in Domino, which has been implemented in Domino in the last century.
But I got a request from a customer to get SNMP working with Domino in a container to monitor the server.
On Kubernetes there are other ways to monitor servers. But for a stand-alone Docker host, SNMP could still make sense and can be implemented.
Important: Domino ID Vault -- Don’t remove old servers if still referenced in user documents
By Daniel Nashed | 3/28/24 4:22 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
When you migrate to new servers, you have to be aware of the following limitation, which is documented in 12.0.2/14.0 but also affects older servers.
To ensure you can recover all user.IDs make sure the server document is still present and the server is still in the ID vault configuration. See the following warning in help and Kbase document.
This is a recent update in documentation and I just sent it to a customer during a server upgrade/move workshop.
Eclipse Java Debugging
By Paul Withers | 3/22/24 4:24 AM | Development - Notes / Domino | Added by Roberto Boccadoro
When XPages came to Domino it introduced many Domino developers to Java. Because the IDE was based on Eclipse, it also introduced Domino developers to standard elements of Java development on Eclipse.
How to get HCL Notes/Designer to run on your Apple Silicon. – NotesIn9
By David Leedy | 3/19/24 2:36 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Here’s my first attempt at making a “Short” on YouTube. I have some topics that are just really quick and a full normal NotesIn9 is overkill. So that’s what “shorts” are far. So I figured I’d give it a try
Introducing Domino Borg Backup Integration V2
By Daniel Nashed | 3/19/24 2:34 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Borg Backup is an interesting backup option for Linux (https://www.borgbackup.org/) and also works inside a Domino container with a local or remote repository.
The first integration with Domino Backup used bash scripts and Borg commands. But this had limitations due to the way Borg handles backups.
Each database was stored in a separate repository. I have been looking for direct integration to avoid this overhead and store all backup data into a single backup.
There is a newer option to import tar data directly into Borg as a stream -> https://borgbackup.readthedocs.io/en/stable/usage/tar.html.
High Domino Backup performance with native ZFS storage on Proxmox
By Daniel Nashed | 3/19/24 2:32 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Domino 12+ default native backup is a very easy to use option, which also works on Docker containers.
The resulting backup to a file target is always consistent, because delta information is always applied to the backup file.
But a file target raises the challenge that the whole NSF data will be copied to the target file-share or disk. Therefore a de-duplicating target is highly recommended.
I took a look into ZFS in detail in my new local setup to test out performance.
Looking into S3 performance numbers for MinIO -- Is this the right target for backup?
By Daniel Nashed | 3/19/24 2:31 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
I know MinIO for a while and I have been using it for DAOS T2 testing early on. Years later they are now grow up and play in the cloud native storage league.
Still the devil is in the detail and for using it in production environment customers hopefully use the enterprise subscription to get tuning support.
Paying for support this doesn't make it a cheap storage any more if you look at their price tag.
First look at openSUSE Leap 15.6 Beta with Domino 14
By Daniel Nashed | 3/19/24 2:26 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
As some of you know from earlier discussions, the latest currently available SUSE Enterprise and openSUSE Leap 15.5 ships with a too old glibc to work out of the box with Domino 14.
You could still run it on a Docker(or Podman) host, because the container image brings the glibc run-time with it and only uses the kernel from the Docker host.
openSUSE Leap and SUSE Enterprise (SLES) share the repositories and are technically more or less the same.
SUSE Linux 15.6 is scheduled for mid 2024
I have been looking into openSUSE Leap earlier with their Alpha version.
Now the official beta is available for download
As expected Domino 14 works natively with the updated glibc. The requirement is glibc 2.34+. This Linux version will introduce glibc 2.38.
But SUSE also switched again to a new major kernel version with a Service Pack.
This means HCL will have to re-rest SUSE Linux once the final version is released.
It will take some time to have fully tested and support SUSE supported for Domino 14.0.
Important: For Domino SMTP with ECDSA keys for STARTTLS inbound
By Daniel Nashed | 3/19/24 2:23 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
The short version of you don't want to know all the technical details:
If you choose a ECDSA key for your web server, make sure you have also a RSA key for SMTP inbound connections
In case you are interested in the technical details, read on ...
Introducing the Domino native Linux installer and Domino Linux Menu
By Daniel Nashed | 3/19/24 2:21 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
When I ask a question like "why admins are not moving to Domino on Linux" I might have a plan in my head already.
I cannot solve all the challenges for you at once. But I am helping over years with my Domino Start Script to get Domino on Linux easier to run.
The start script already helps to perform standard operations.
Istallation is and some other operations might be still more complicated at first glance on Linux.
I introduced a build menu into the HCL Domino Community image process recently.
And I took that logic and I am making it available for native installations as well.
This new option also offers automated downloads via the recently released Domino Download script
Full instructions for implementing Nomad Server behind an Apache Reverse Proxy - Domino People
By Cormac McCarthy | 3/19/24 2:19 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
HCL have recently published a technote on how to implement Nomad Server behind Apache reverse proxy
This is really useful and noteworthy as previously as far as I know, the only third party instructions for reverse proxy were NGINX.
I hope you find this useful.